Chuck I need help I am running slow

[davew3232]

Needing help again sir

[flashh4]

Howdy Dave and welcome back to BestTechie !!!  

My name is flashh4 (Chuck) and i will be assisting you with the cleaning of your computer.

Run these 1 at a time & post each log as you get it ! Work them as your time permits you to !!

If you don't understand something, please don't hesitate to ask for clarification before proceeding !!! You can PM me if you need to !!
Do Not Remove anything or run any tools/programs until advised to do so !

Perform all actions in the order given.

Please stay with us until we give you the "All Clean Speech"! Just because the problem has stopped it may still need some clean-up !  

Please note that all instructions given are customized for this computer only, the tools used may cause damage if used on a computer with different infections.  

If you think you have similar problems, please post a log in the Malware Removal forum and wait for help.  


===================================


ZOEK Auto Clean

   o First please Disable any Antivirus you have active, as shown in This topic.  >>>  http://api.viglink.com/api/click?format=go&jsonp=vglnk_jsonp_14105807394277&key=9b4efad421c8b103b2c94b796db973b0&libId=3183394b-40a0-496d-bc1f-1800775bc8b5&loc=http%3A%2F%2Fwww.malwareremoval.com%2Fforum%2Fviewtopic.php%3Ff%3D11%26t%3D63074%26p%3D636571%26hilit%3Dzoek%23p636571&subId=ada8cd58e448a82cf9bb2f2782266d43&v=1&out=http%3A%2F%2Fwww.bleepingcomputer.com%2Fforums%2Ftopic114351.html&ref=http%3A%2F%2Fwww.malwareremoval.com%2Fforum%2Fsearch.php%3Fkeywords%3Dzoek%26terms%3Dall%26author%3D%26fid%255B%255D%3D11%26sc%3D1%26sf%3Dall%26sr%3Dposts%26sk%3Dt%26sd%3Dd%26st%3D0%26ch%3D300%26t%3D0%26submit%3DSearch&title=Help.%20Please%20and%20Thank%20you.%20%7C%20Free%20Malware%20Removal%20Forum&txt=This%20topic
        Note: Don't forget to re-enable it after the scan.

   o Next please download zoek.exe and save it to your desktop. >>>  http://api.viglink.com/api/click?format=go&jsonp=vglnk_jsonp_14105790019587&key=9b4efad421c8b103b2c94b796db973b0&libId=cce26778-f03c-4d9c-b6af-86299ddd14eb&loc=http%3A%2F%2Fwww.malwareremoval.com%2Fforum%2Fviewtopic.php%3Ff%3D11%26t%3D63064&subId=ada8cd58e448a82cf9bb2f2782266d43&v=1&out=http%3A%2F%2Fhijackthis.nl%2Fsmeenk%2F&ref=http%3A%2F%2Fwww.malwareremoval.com%2Fforum%2Fviewforum.php%3Ff%3D11%26sid%3D5abce749c678068138d77c20a9386243&title=Possible%20rootkit%20after%20installing%20CutePDF%20Writer%20%7C%20Free%20Malware%20Removal%20Forum&txt=%20zoek.exe     
   
   o Close any open browsers.
   o Right click on zoek.exe and select "Run as administrator..." to run it.
   o Please wait while the tool starts. It will appear to be doing nothing and may take a few seconds to come up.
   o Click the More Options button below the large panel and check the box:
               o Auto Clean
   o Click on Run script button
   o Please wait patiently (it may take a few minutes) until a log report will open (this may be after reboot, if required)
   o Copy (Ctrl +C) and paste (Ctrl +V) the contents of the opened entire report back here.

    Note: It will also create a log in the C:\ directory named "zoek-results.log"





===================================


AdwCleaner
       
Please download adwcleaner by Xplode onto your desktop.
Double click on AdwCleaner.exe to run the tool again.
       Windows XP : Double click on the icon to run it.

       Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

    *Click on the Scan button.
    *AdwCleaner will begin to scan your computer like it did before.
    *After the scan has finished .......
    
    This time, click on the Clean button.
    
    *Press OK when asked to close all programs and follow the onscreen prompts.
    *Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    *After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
    *Copy and paste the contents of that logfile in your next reply.
    *A copy of that logfile will also be saved in the C:\AdwCleaner folder.



NEXT


    Please download Junkware Removal Tool and save to your desk top.

    Shut down your protection software now to avoid potential conflicts.

    * Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    * The tool will open and start scanning your system.
    * Please be patient as this can take a while to complete depending on your system's specifications.
    * On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    * Post the contents of JRT.txt into your next reply !

Re-Boot your computer now !!



NEXT



    Download Malwarebytes' Anti-Malware (save it to your desktop).  >>>   http://api.viglink.com/api/click?format=go&jsonp=vglnk_jsonp_14079554978349&key=bf4adfcbb328b51c165afd7f95bfc060&libId=42688bc4-849b-499e-80b4-6ff4c3b395d8&loc=http%3A%2F%2Fforums.whatthetech.com%2Findex.php%3Fshowtopic%3D128466&v=1&out=http%3A%2F%2Fwww.malwarebytes.org%2Fmbam-download.php&ref=http%3A%2F%2Fforums.whatthetech.com%2Findex.php%3Fs%3De77133f793c31b8c04786ca55ed0fbe6%26showforum%3D27&title=Windows%208%20very%20slow%20and%20drops%20wi-fi%20%5BSolved%5D%20-%20Virus%2C%20Spyware%20%26%20Malware%20Removal&txt=%3Cspan%20style%3D%22color%3A%230000FF%3B%22%3E%3Cstrong%3EMalwarebytes%27%20Anti-Malware%3C%2Fstrong%3E%3C%2Fspan%3E

      * Windows XP : Double click on the icon to run it.
      *  Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
      *  Select Scan tab.



* Select type of scan to perform:


   
  * Threat Scan < --- Select this type of scan
  * Custom Scan
  * Hyper Scan

Next click the Scan button.

When the scan is complete, if no malicious items are found you can close the program.

If malicious items are found be sure that everything is checked, and click Quarantine .

When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
 
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
 

 

Post these logs as you get then, then go to the next !

 

Thanks

Chuck

[davew3232]

 

Zoek.exe v5.0.0.0 Updated 09-November-2014

Tool run by Dave on Sun 11/09/2014 at 16:58:58.24.

Microsoft Windows 8.1 6.3.9600  x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\Dave\Downloads\zoek\zoek.exe [scan all users]   [Quick Scan] [Auto Clean]

 

==== System Restore Info ======================

 

11/9/2014 5:03:55 PM Zoek.exe System Restore Point Created Succesfully.

 

==== Empty Folders Check ======================

 

C:\PROGRA~2\predm deleted successfully

C:\PROGRA~2\VNT deleted successfully

C:\PROGRA~2\COMMON~1\supportdotcom deleted successfully

C:\PROGRA~2\COMMON~1\SWF Studio deleted successfully

C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully

C:\PROGRA~3\cosstminn deleted successfully

C:\PROGRA~3\Oracle deleted successfully

C:\Users\Dave\AppData\Roaming\Activeris deleted successfully

C:\Users\Dave\AppData\Local\CrashDumps deleted successfully

C:\Users\Dave\AppData\Local\VisualBeeExe deleted successfully

C:\Users\Dave\AppData\Local\WordOv deleted successfully

 

==== Deleting CLSID Registry Keys ======================

 

HKEY_USERS\S-1-5-21-2989837996-1790684633-2971567215-1002\Software\Microsoft\Internet Explorer\SearchScopes\{CC865B26-C31D-4D23-B17B-96548EEF03F6} deleted successfully

 

==== Deleting CLSID Registry Values ======================

 

 

==== Deleting Services ======================

 

 

==== Deleting Files \ Folders ======================

 

C:\Users\Dave\AppData\LocalLow\{84A16F3D-D897-5769-5232-703FC5F4369F} deleted

C:\PROGRA~2\cosstminn deleted

C:\PROGRA~2\Mozilla Firefox\browser\nsprotector.js deleted

C:\PROGRA~2\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml deleted

C:\PROGRA~2\Mozilla Firefox\browser\searchplugins\sweettunes_search.xml deleted

C:\PROGRA~2\The Weather Channel deleted

C:\PROGRA~2\Yahoo! deleted

C:\PROGRA~2\Optimizer Pro deleted

C:\PROGRA~2\MyPC Backup deleted

C:\PROGRA~2\AskPartnerNetwork deleted

C:\Users\Dave\AppData\Roaming\WB.CFG deleted

C:\Users\Dave\AppData\Roaming\Yahoo! deleted

C:\PROGRA~3\AskPartnerNetwork deleted

C:\PROGRA~3\APN deleted

C:\PROGRA~3\VisualBee deleted

C:\PROGRA~3\AVG SafeGuard toolbar deleted

C:\Users\Dave\AppData\Local\BrowserSafeguard deleted

C:\Users\Dave\AppData\Local\Systweak deleted

C:\Users\Dave\AppData\Local\AVG SafeGuard toolbar deleted

C:\Users\Dave\AppData\Local\emaze deleted

C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx deleted

C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data-journal deleted

C:\Users\TEMP\AppData\Local\AVG SafeGuard toolbar deleted

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services deleted

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2 deleted

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted

C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Create Amazing Presentations.lnk deleted

C:\WINDOWS\SysNative\roboot64.exe deleted

C:\Users\Dave\AppData\LocalLow\AVG SafeGuard toolbar deleted

C:\Users\TEMP\AppData\LocalLow\AVG SafeGuard toolbar deleted

C:\WINDOWS\tasks\Groovorio Updater.job deleted

C:\windows\SysNative\tasks\USTSPCO-USTSPCOOneClickCare deleted

C:\WINDOWS\tasks\USTSPCO-USTSPCOOneClickCare.job deleted

C:\components deleted

C:\WINDOWS\SysNative\config\systemprofile\Searches deleted

C:\windows\SysNative\GroupPolicy\Machine deleted

C:\windows\SysNative\GroupPolicy\User deleted

C:\windows\SysNative\GroupPolicy\GPT.INI deleted

C:\WINDOWS\Syswow64\GroupPolicy\gpt.ini deleted

C:\WINDOWS\SysWow64\searchplugins deleted

C:\WINDOWS\SysWow64\Extensions deleted

C:\Users\Dave\Documents\Optimizer Pro deleted

"C:\PROGRA~3\ab34c546d7769ac4\{CE681A67-9477-CBE6-EB9D-FE534875F98D}.20140808113335" deleted

"C:\PROGRA~3\ab34c546d7769ac4" deleted

"C:\Users\Dave\AppData\Roaming\Temp" deleted

 

==== Files Recently Created / Modified ======================

 

====== C:\WINDOWS ====

====== C:\Users\Dave\AppData\Local\Temp ====

====== Java Cache =====

====== C:\WINDOWS\SysWOW64 =====

2014-11-02 15:53:26 B9F9FD6188CC732F19DB69CAE5CC597C 272808 ----a-w- C:\WINDOWS\SysWOW64\javaws.exe

2014-11-02 15:52:27 8FA677D5F2AFE2A3F111C50D68A93542 98216 ----a-w- C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll

2014-11-02 15:52:27 3594C0ABBFFE10B3CF95714B8B3C89A4 175528 ----a-w- C:\WINDOWS\SysWOW64\javaw.exe

2014-11-02 15:52:27 095826BCBBFA5C09C72463A82612B23C 175528 ----a-w- C:\WINDOWS\SysWOW64\java.exe

====== C:\WINDOWS\SysWOW64\drivers =====

====== C:\WINDOWS\Sysnative =====

====== C:\WINDOWS\Sysnative\drivers =====

2014-10-15 02:34:50 87F3713E620F62D243A82B3CB66CBDDE 2498880 ----a-w- C:\WINDOWS\Sysnative\drivers\tcpip.sys

2014-10-15 02:34:37 329FEB41BBE82FBBD9BD69547BA1CB82 428864 ----a-w- C:\WINDOWS\Sysnative\drivers\FWPKCLNT.SYS

====== C:\WINDOWS\Tasks ======

====== C:\WINDOWS\Temp ======

======= C:\Program Files =====

======= C:\PROGRA~2 =====

2014-11-02 15:51:48 -------- d-----w- C:\PROGRA~2\Java

======= C: =====

====== C:\Users\Dave\AppData\Roaming ======

====== C:\Users\Dave ======

2014-11-02 18:25:11 -------- d-----w- C:\WINDOWS\serviceprofiles\Localservice\winhttp

2014-11-02 15:52:28 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2014-10-25 01:28:36 -------- d-----w- C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7

 

====== C: exe-files ==

=== C: other files ==

 

==== Startup Registry Enabled ======================

 

[HKEY_USERS\S-1-5-21-2989837996-1790684633-2971567215-1002\Software\Microsoft\Windows\CurrentVersion\Run]

"TWC.Win7"="C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun"

"CLVirtualDrive"="C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe /R"

"RemoteControl10"="C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"

"HP Quick Launch"="C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe"

"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

"HP Software Update"="C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe"

"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe -osboot"

"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime"

"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe"

"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"TWC.Win7"="C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe"

 

==== Startup Registry Enabled x64 ======================

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe "

"SysTrayApp"="C:\Program Files\IDT\WDM\sttray64.exe"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"NCPluginUpdater"="C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe Update"

 

==== Startup Folders ======================

 

2014-05-04 18:29:12 1096 ----a-w- C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

2013-01-07 19:21:07 1239 ----a-w- C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk

2013-03-17 22:43:48 2099 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

2012-12-28 01:12:20 2015 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk

2014-04-05 21:43:33 1236 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk

 

==== Task Scheduler Jobs ======================

 

C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a-------- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [09/09/2014 01:14 PM]

C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe []

C:\WINDOWS\tasks\HP Photo Creations Communicator.job --a-------- C:\ProgramData\HP Photo Creations\Communicator.exe [03/26/2013 08:02 PM]

C:\WINDOWS\tasks\HPCeeScheduleForDave.job --a-------- C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [07/15/2011 04:43 AM]

C:\WINDOWS\tasks\PrintProjects Communicator.job --a-------- C:\ProgramData\PrintProjects\Communicator.exe [12/21/2013 03:42 PM]

C:\WINDOWS\tasks\Synaptics TouchPad Enhancements.job --a-------- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [08/24/2012 02:38 AM]

 

==== Other Scheduled Tasks ======================

 

"C:\WINDOWS\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]

"C:\WINDOWS\SysNative\tasks\CLMLSvc_P2G8" [C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe]

"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]

"C:\WINDOWS\SysNative\tasks\HP Photo Creations Communicator" [C:\ProgramData\HP Photo Creations\Communicator.exe]

"C:\WINDOWS\SysNative\tasks\HPCeeScheduleForDave" [C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe]

"C:\WINDOWS\SysNative\tasks\LAUNCH CDPCO" [C:\Program Files (x86)\USTechSupport\PC Optimizer\USTSPCO.exe]

"C:\WINDOWS\SysNative\tasks\MirageAgent" [C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe]

"C:\WINDOWS\SysNative\tasks\PrintProjects Communicator" [C:\ProgramData\PrintProjects\Communicator.exe]

"C:\WINDOWS\SysNative\tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2989837996-1790684633-2971567215-1002" [C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe]

"C:\WINDOWS\SysNative\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2989837996-1790684633-2971567215-1002" [C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe]

"C:\WINDOWS\SysNative\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2989837996-1790684633-2971567215-1002" [C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe]

"C:\WINDOWS\SysNative\tasks\Synaptics TouchPad Enhancements" [\Program Files\Synaptics\SynTP\SynTPEnh.exe]

"C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{46B47638-2502-497D-8CC1-2C969B303C86}" [C:\Windows\system32\msfeedssync.exe]

"C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{49D05411-CAF0-410C-AA14-1BED537C90A2}" [C:\Windows\system32\msfeedssync.exe]

"C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{6734F1F0-3039-47CD-A28F-2E62C34206E1}" [C:\Windows\system32\msfeedssync.exe]

"C:\WINDOWS\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]

"C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]

"C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe]

"C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]

"C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]

"C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\Update Check" [C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe]

"C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe]

"C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe]

 

==== Firefox Extensions Registry ======================

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]

"{0FAA5C82-A094-4541-8811-D3361F972A81}"="C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext" [04/05/2014 02:46 PM]

 

==== Firefox Extensions ======================

 

ProfilePath: C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\ij70wgnu.default

- Undetermined - %ProfilePath%\extensions\{5fec7248-515c-47be-ab0a-6bc547472dea}

 

==== Firefox Plugins ======================

 

Profilepath: C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\rt286xcf.default

3D3CAF586124C4E8102764C8B3063BB6 - C:\windows\SysWOW64\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director

1B05342DC6A8896A90952AF2084620F5 - C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll - RocketLife Secure Plug-In Layer

 

 

==== Fake Chromium Profiles Check ======================

 

Fake profile C:\Users\Administrator\AppData\Local\Torch deleted

Fake profile C:\Users\Administrator\AppData\Local\Google\Chrome deleted

Fake profile C:\Users\Administrator\AppData\Local\Google\Chrome SxS deleted

Fake profile C:\Users\Administrator\AppData\Local\Comodo\Dragon deleted

Fake profile C:\Users\Administrator\AppData\Local\Chromatic Browser deleted

Fake profile C:\Users\Dave\AppData\Local\Torch deleted

Fake profile C:\Users\Dave\AppData\Local\Google\Chrome SxS deleted

Fake profile C:\Users\Dave\AppData\Local\Comodo\Dragon deleted

Fake profile C:\Users\Dave\AppData\Local\Chromatic Browser deleted

Fake profile C:\Users\Guest\AppData\Local\Torch deleted

Fake profile C:\Users\Guest\AppData\Local\Google\Chrome deleted

Fake profile C:\Users\Guest\AppData\Local\Google\Chrome SxS deleted

Fake profile C:\Users\Guest\AppData\Local\Comodo\Dragon deleted

Fake profile C:\Users\Guest\AppData\Local\Chromatic Browser deleted

Fake profile C:\Users\HomeGroupUser$\AppData\Local\Torch deleted

Fake profile C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome deleted

Fake profile C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS deleted

Fake profile C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon deleted

Fake profile C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser deleted

 

==== Chromium Look ======================

 

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

blklojfklgnogjaijkibhfjepakiocng - C:\Users\Dave\AppData\Local\CRE\blklojfklgnogjaijkibhfjepakiocng.crx[]

blmchfpimpbbdmgpcieclabeafkljbhm - No path found[]

idhngdhcfkoamngbedgpaokgjbnpdiji - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx[03/15/2014 02:22 AM]

mmlkabjddkpgkgfhdhpimhcbonapngoh - C:\Users\Dave\AppData\Local\CRE\mmlkabjddkpgkgfhdhpimhcbonapngoh.crx[]

pelmeidfhdlhlbjimpabfcbnnojbboma - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx[]

pnjnnnhampgflieglcelomcofocioegp - C:\Users\Dave\AppData\Local\CRE\pnjnnnhampgflieglcelomcofocioegp.crx[]

 

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions

blklojfklgnogjaijkibhfjepakiocng - C:\Users\Dave\AppData\Local\CRE\blklojfklgnogjaijkibhfjepakiocng.crx[]

blmchfpimpbbdmgpcieclabeafkljbhm - No path found[]

pnjnnnhampgflieglcelomcofocioegp - C:\Users\Dave\AppData\Local\CRE\pnjnnnhampgflieglcelomcofocioegp.crx[]

 

Google Drive - Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf

YouTube - Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo

cosstminn - Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfnaiikenilbilljeemeemhdhfecipfg

Google Search - Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf

Google Wallet - Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

Gmail - Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

Google Docs - TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake

Google Drive - TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf

YouTube - TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo

Google Search - TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf

Chrome In-App Payments service - TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

Gmail - TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

InternetHelper3 - TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnjnnnhampgflieglcelomcofocioegp

 

==== Chromium Startpages ======================

 

C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Preferences

"homepage": "http://groovorio.com/?f=1&a=grv_tuto2_14_30&cd=2XzuyEtN2Y1L1Qzu0Czz0C0B0Bzz0BtDyC0CyEyEtAyEyD0FtN0D0Tzu0SzyyDyBtN1L2XzutBtFtBtCtFtCzztFtAtN1L1Czu1N1C2X1V2Z2Y2Z1FtB1VtCyE1VtAtDtN1L1G1B1V1N2Y1L1Qzu2SyC0B0F0DyEyDtCyCtGtAtDzy0CtG0ByD0AtCtG0F0F0C0BtGyBtAyB0EyBtB0A0C0E0CtD0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0A0D0C0EtA0AzztGtDtC0FyBtG0Bzy0A0BtG0C0DyE0AtGyD0D0DzzyE0B0EyC0EyBtBzz2Q&cr=157610599&ir=",

"startup_urls": [ "http://groovorio.com/?f=7&a=grv_tuto2_14_30&cd=2XzuyEtN2Y1L1Qzu0Czz0C0B0Bzz0BtDyC0CyEyEtAyEyD0FtN0D0Tzu0SzyyDyBtN1L2XzutBtFtBtCtFtCzztFtAtN1L1Czu1N1C2X1V2Z2Y2Z1FtB1VtCyE1VtAtDtN1L1G1B1V1N2Y1L1Qzu2SyC0B0F0DyEyDtCyCtGtAtDzy0CtG0ByD0AtCtG0F0F0C0BtGyBtAyB0EyBtB0A0C0E0CtD0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0A0D0C0EtA0AzztGtDtC0FyBtG0Bzy0A0BtG0C0DyE0AtGyD0D0DzzyE0B0EyC0EyBtBzz2Q&cr=157610599&ir=", "http://www.istart123.com/?type=hp&ts=1407519110&from=tugs&uid=HitachiXHTS543232A7A384_E2P342BL0L92XP0L92XPX" ],

 

 

==== Chromium Fix ======================

 

C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage deleted successfully

C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal deleted successfully

C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.scrabblefinder.com_0.localstorage deleted successfully

C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.scrabblefinder.com_0.localstorage-journal deleted successfully

C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnjnnnhampgflieglcelomcofocioegp deleted successfully

C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pnjnnnhampgflieglcelomcofocioegp deleted successfully

C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfnaiikenilbilljeemeemhdhfecipfg deleted successfully

 

==== Set IE to Default ======================

 

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://groovorio.com/?f=1&a=grv_tuto2_14_30&cd=2XzuyEtN2Y1L1Qzu0Czz0C0B0Bzz0BtDyC0CyEyEtAyEyD0FtN0D0Tzu0SzyyDyBtN1L2XzutBtFtBtCtFtCzztFtAtN1L1Czu1N1C2X1V2Z2Y2Z1FtB1VtCyE1VtAtDtN1L1G1B1V1N2Y1L1Qzu2SyC0B0F0DyEyDtCyCtGtAtDzy0CtG0ByD0AtCtG0F0F0C0BtGyBtAyB0EyBtB0A0C0E0CtD0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0A0D0C0EtA0AzztGtDtC0FyBtG0Bzy0A0BtG0C0DyE0AtGyD0D0DzzyE0B0EyC0EyBtBzz2Q&cr=157610599&ir="

"Default_Page_URL"="http://www.istart123.com/?type=hp&ts=1407519110&from=tugs&uid=HitachiXHTS543232A7A384_E2P342BL0L92XP0L92XPX"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Default_Search_URL"="http://www.istart123.com/web/?type=ds&ts=1407519110&from=tugs&uid=HitachiXHTS543232A7A384_E2P342BL0L92XP0L92XPX&q={searchTerms}"

"Default_Page_URL"="http://www.istart123.com/?type=hp&ts=1407519110&from=tugs&uid=HitachiXHTS543232A7A384_E2P342BL0L92XP0L92XPX"

"Start Page"="http://www.istart123.com/?type=hp&ts=1407519110&from=tugs&uid=HitachiXHTS543232A7A384_E2P342BL0L92XP0L92XPX"

"Search Page"="http://www.istart123.com/web/?type=ds&ts=1407519110&from=tugs&uid=HitachiXHTS543232A7A384_E2P342BL0L92XP0L92XPX&q={searchTerms}"

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]

"Default_Search_URL"="http://www.istart123.com/web/?type=ds&ts=1407519110&from=tugs&uid=HitachiXHTS543232A7A384_E2P342BL0L92XP0L92XPX&q={searchTerms}"

"Default_Page_URL"="http://www.istart123.com/?type=hp&ts=1407519110&from=tugs&uid=HitachiXHTS543232A7A384_E2P342BL0L92XP0L92XPX"

"Start Page"="http://www.istart123.com/?type=hp&ts=1407519110&from=tugs&uid=HitachiXHTS543232A7A384_E2P342BL0L92XP0L92XPX"

"Search Page"="http://www.istart123.com/web/?type=ds&ts=1407519110&from=tugs&uid=HitachiXHTS543232A7A384_E2P342BL0L92XP0L92XPX&q={searchTerms}"

 

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"

"Start Page"="http://www.google.com"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"

"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]

"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"

"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

 

==== All HKCU SearchScopes ======================

 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"

 

==== Deleting CLSID Registry Keys ======================

 

HKEY_USERS\S-1-5-21-2989837996-1790684633-2971567215-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{84A16F3D-D897-5769-5232-703FC5F4369F} deleted successfully

HKEY_USERS\S-1-5-21-2989837996-1790684633-2971567215-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{84A16F3D-D897-5769-5232-703FC5F4369F} deleted successfully

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{84A16F3D-D897-5769-5232-703FC5F4369F} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84A16F3D-D897-5769-5232-703FC5F4369F} deleted successfully

 

==== Deleting CLSID Registry Values ======================

 

 

==== Reset IE Proxy ======================

 

Value(s) before fix:

"ProxyServer"="http=127.0.0.1:13918;https=127.0.0.1:13918"

"ProxyOverride"="<-loopback>"

"ProxyEnable"=dword:00000001

 

Value(s) after fix:

"ProxyEnable"=dword:00000000

 

==== Deleting Registry Keys ======================

 

HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\blklojfklgnogjaijkibhfjepakiocng deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\blmchfpimpbbdmgpcieclabeafkljbhm deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\blmchfpimpbbdmgpcieclabeafkljbhm deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\mmlkabjddkpgkgfhdhpimhcbonapngoh deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\pnjnnnhampgflieglcelomcofocioegp deleted successfully

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\blklojfklgnogjaijkibhfjepakiocng deleted successfully

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\blmchfpimpbbdmgpcieclabeafkljbhm deleted successfully

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\pnjnnnhampgflieglcelomcofocioegp deleted successfully

 

==== Empty IE Cache ======================

 

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Dave\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

C:\Users\Dave\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully

C:\Users\Default\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

C:\Users\Dave\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

C:\Users\Dave\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully

C:\Users\Default\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

C:\Users\Default User\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

 

==== Empty FireFox Cache ======================

 

No FireFox Cache found

 

==== Empty Chrome Cache ======================

 

C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

 

==== Empty All Flash Cache ======================

 

Flash Cache Emptied Successfully

 

==== Empty All Java Cache ======================

 

Java Cache cleared successfully

 

==== C:\zoek_backup content ======================

 

C:\zoek_backup (files=1070 folders=347 52396145 bytes)

 

==== Empty Temp Folders ======================

 

C:\Users\Dave\AppData\Local\Temp will be emptied at reboot

C:\Users\Default\AppData\Local\Temp emptied successfully

C:\Users\Default User\AppData\Local\Temp emptied successfully

C:\Users\TEMP\AppData\Local\Temp emptied successfully

C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully

C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully

C:\WINDOWS\Temp will be emptied at reboot

 

==== After Reboot ======================

 

==== Empty Temp Folders ======================

 

C:\WINDOWS\Temp successfully emptied

C:\Users\Dave\AppData\Local\Temp successfully emptied

 

==== Empty Recycle Bin ======================

 

C:\$RECYCLE.BIN successfully emptied

 

==== EOF on Sun 11/09/2014 at 18:53:48.72 ======================

[davew3232]

 

Zoek.exe v5.0.0.0 Updated 09-November-2014

Tool run by Dave on Sun 11/09/2014 at 16:58:58.24.

Microsoft Windows 8.1 6.3.9600  x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\Dave\Downloads\zoek\zoek.exe [scan all users]   [Quick Scan] [Auto Clean]

 

==== System Restore Info ======================

 

11/9/2014 5:03:55 PM Zoek.exe System Restore Point Created Succesfully.

 

==== Empty Folders Check ======================

 

C:\PROGRA~2\predm deleted successfully

C:\PROGRA~2\VNT deleted successfully

C:\PROGRA~2\COMMON~1\supportdotcom deleted successfully

C:\PROGRA~2\COMMON~1\SWF Studio deleted successfully

C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully

C:\PROGRA~3\cosstminn deleted successfully

C:\PROGRA~3\Oracle deleted successfully

C:\Users\Dave\AppData\Roaming\Activeris deleted successfully

C:\Users\Dave\AppData\Local\CrashDumps deleted successfully

C:\Users\Dave\AppData\Local\VisualBeeExe deleted successfully

C:\Users\Dave\AppData\Local\WordOv deleted successfully

 

==== Deleting CLSID Registry Keys ======================

 

HKEY_USERS\S-1-5-21-2989837996-1790684633-2971567215-1002\Software\Microsoft\Internet Explorer\SearchScopes\{CC865B26-C31D-4D23-B17B-96548EEF03F6} deleted successfully

 

==== Deleting CLSID Registry Values ======================

 

 

==== Deleting Services ======================

 

 

==== Deleting Files \ Folders ======================

 

C:\Users\Dave\AppData\LocalLow\{84A16F3D-D897-5769-5232-703FC5F4369F} deleted

C:\PROGRA~2\cosstminn deleted

C:\PROGRA~2\Mozilla Firefox\browser\nsprotector.js deleted

C:\PROGRA~2\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml deleted

C:\PROGRA~2\Mozilla Firefox\browser\searchplugins\sweettunes_search.xml deleted

C:\PROGRA~2\The Weather Channel deleted

C:\PROGRA~2\Yahoo! deleted

C:\PROGRA~2\Optimizer Pro deleted

C:\PROGRA~2\MyPC Backup deleted

C:\PROGRA~2\AskPartnerNetwork deleted

C:\Users\Dave\AppData\Roaming\WB.CFG deleted

C:\Users\Dave\AppData\Roaming\Yahoo! deleted

C:\PROGRA~3\AskPartnerNetwork deleted

C:\PROGRA~3\APN deleted

C:\PROGRA~3\VisualBee deleted

C:\PROGRA~3\AVG SafeGuard toolbar deleted

C:\Users\Dave\AppData\Local\BrowserSafeguard deleted

C:\Users\Dave\AppData\Local\Systweak deleted

C:\Users\Dave\AppData\Local\AVG SafeGuard toolbar deleted

C:\Users\Dave\AppData\Local\emaze deleted

C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx deleted

C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data-journal deleted

C:\Users\TEMP\AppData\Local\AVG SafeGuard toolbar deleted

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services deleted

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2 deleted

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted

C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Create Amazing Presentations.lnk deleted

C:\WINDOWS\SysNative\roboot64.exe deleted

C:\Users\Dave\AppData\LocalLow\AVG SafeGuard toolbar deleted

C:\Users\TEMP\AppData\LocalLow\AVG SafeGuard toolbar deleted

C:\WINDOWS\tasks\Groovorio Updater.job deleted

C:\windows\SysNative\tasks\USTSPCO-USTSPCOOneClickCare deleted

C:\WINDOWS\tasks\USTSPCO-USTSPCOOneClickCare.job deleted

C:\components deleted

C:\WINDOWS\SysNative\config\systemprofile\Searches deleted

C:\windows\SysNative\GroupPolicy\Machine deleted

C:\windows\SysNative\GroupPolicy\User deleted

C:\windows\SysNative\GroupPolicy\GPT.INI deleted

C:\WINDOWS\Syswow64\GroupPolicy\gpt.ini deleted

C:\WINDOWS\SysWow64\searchplugins deleted

C:\WINDOWS\SysWow64\Extensions deleted

C:\Users\Dave\Documents\Optimizer Pro deleted

"C:\PROGRA~3\ab34c546d7769ac4\{CE681A67-9477-CBE6-EB9D-FE534875F98D}.20140808113335" deleted

"C:\PROGRA~3\ab34c546d7769ac4" deleted

"C:\Users\Dave\AppData\Roaming\Temp" deleted

 

==== Files Recently Created / Modified ======================

 

====== C:\WINDOWS ====

====== C:\Users\Dave\AppData\Local\Temp ====

====== Java Cache =====

====== C:\WINDOWS\SysWOW64 =====

2014-11-02 15:53:26 B9F9FD6188CC732F19DB69CAE5CC597C 272808 ----a-w- C:\WINDOWS\SysWOW64\javaws.exe

2014-11-02 15:52:27 8FA677D5F2AFE2A3F111C50D68A93542 98216 ----a-w- C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll

2014-11-02 15:52:27 3594C0ABBFFE10B3CF95714B8B3C89A4 175528 ----a-w- C:\WINDOWS\SysWOW64\javaw.exe

2014-11-02 15:52:27 095826BCBBFA5C09C72463A82612B23C 175528 ----a-w- C:\WINDOWS\SysWOW64\java.exe

====== C:\WINDOWS\SysWOW64\drivers =====

====== C:\WINDOWS\Sysnative =====

====== C:\WINDOWS\Sysnative\drivers =====

2014-10-15 02:34:50 87F3713E620F62D243A82B3CB66CBDDE 2498880 ----a-w- C:\WINDOWS\Sysnative\drivers\tcpip.sys

2014-10-15 02:34:37 329FEB41BBE82FBBD9BD69547BA1CB82 428864 ----a-w- C:\WINDOWS\Sysnative\drivers\FWPKCLNT.SYS

====== C:\WINDOWS\Tasks ======

====== C:\WINDOWS\Temp ======

======= C:\Program Files =====

======= C:\PROGRA~2 =====

2014-11-02 15:51:48 -------- d-----w- C:\PROGRA~2\Java

======= C: =====

====== C:\Users\Dave\AppData\Roaming ======

====== C:\Users\Dave ======

2014-11-02 18:25:11 -------- d-----w- C:\WINDOWS\serviceprofiles\Localservice\winhttp

2014-11-02 15:52:28 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2014-10-25 01:28:36 -------- d-----w- C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7

 

====== C: exe-files ==

=== C: other files ==

 

==== Startup Registry Enabled ======================

 

[HKEY_USERS\S-1-5-21-2989837996-1790684633-2971567215-1002\Software\Microsoft\Windows\CurrentVersion\Run]

"TWC.Win7"="C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun"

"CLVirtualDrive"="C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe /R"

"RemoteControl10"="C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"

"HP Quick Launch"="C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe"

"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

"HP Software Update"="C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe"

"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe -osboot"

"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime"

"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe"

"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"TWC.Win7"="C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe"

 

==== Startup Registry Enabled x64 ======================

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe "

"SysTrayApp"="C:\Program Files\IDT\WDM\sttray64.exe"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"NCPluginUpdater"="C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe Update"

 

==== Startup Folders ======================

 

2014-05-04 18:29:12 1096 ----a-w- C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

2013-01-07 19:21:07 1239 ----a-w- C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk

2013-03-17 22:43:48 2099 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

2012-12-28 01:12:20 2015 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk

2014-04-05 21:43:33 1236 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk

 

==== Task Scheduler Jobs ======================

 

C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a-------- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [09/09/2014 01:14 PM]

C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe []

C:\WINDOWS\tasks\HP Photo Creations Communicator.job --a-------- C:\ProgramData\HP Photo Creations\Communicator.exe [03/26/2013 08:02 PM]

C:\WINDOWS\tasks\HPCeeScheduleForDave.job --a-------- C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [07/15/2011 04:43 AM]

C:\WINDOWS\tasks\PrintProjects Communicator.job --a-------- C:\ProgramData\PrintProjects\Communicator.exe [12/21/2013 03:42 PM]

C:\WINDOWS\tasks\Synaptics TouchPad Enhancements.job --a-------- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [08/24/2012 02:38 AM]

 

==== Other Scheduled Tasks ======================

 

"C:\WINDOWS\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]

"C:\WINDOWS\SysNative\tasks\CLMLSvc_P2G8" [C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe]

"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]

"C:\WINDOWS\SysNative\tasks\HP Photo Creations Communicator" [C:\ProgramData\HP Photo Creations\Communicator.exe]

"C:\WINDOWS\SysNative\tasks\HPCeeScheduleForDave" [C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe]

"C:\WINDOWS\SysNative\tasks\LAUNCH CDPCO" [C:\Program Files (x86)\USTechSupport\PC Optimizer\USTSPCO.exe]

"C:\WINDOWS\SysNative\tasks\MirageAgent" [C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe]

"C:\WINDOWS\SysNative\tasks\PrintProjects Communicator" [C:\ProgramData\PrintProjects\Communicator.exe]

"C:\WINDOWS\SysNative\tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2989837996-1790684633-2971567215-1002" [C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe]

"C:\WINDOWS\SysNative\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2989837996-1790684633-2971567215-1002" [C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe]

"C:\WINDOWS\SysNative\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2989837996-1790684633-2971567215-1002" [C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe]

"C:\WINDOWS\SysNative\tasks\Synaptics TouchPad Enhancements" [\Program Files\Synaptics\SynTP\SynTPEnh.exe]

"C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{46B47638-2502-497D-8CC1-2C969B303C86}" [C:\Windows\system32\msfeedssync.exe]

"C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{49D05411-CAF0-410C-AA14-1BED537C90A2}" [C:\Windows\system32\msfeedssync.exe]

"C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{6734F1F0-3039-47CD-A28F-2E62C34206E1}" [C:\Windows\system32\msfeedssync.exe]

"C:\WINDOWS\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]

"C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]

"C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe]

"C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]

"C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]

"C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\Update Check" [C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe]

"C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe]

"C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe]

 

==== Firefox Extensions Registry ======================

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]

"{0FAA5C82-A094-4541-8811-D3361F972A81}"="C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext" [04/05/2014 02:46 PM]

 

==== Firefox Extensions ======================

 

ProfilePath: C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\ij70wgnu.default

- Undetermined - %ProfilePath%\extensions\{5fec7248-515c-47be-ab0a-6bc547472dea}

 

==== Firefox Plugins ======================

 

Profilepath: C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\rt286xcf.default

3D3CAF586124C4E8102764C8B3063BB6 - C:\windows\SysWOW64\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director

1B05342DC6A8896A90952AF2084620F5 - C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll - RocketLife Secure Plug-In Layer

 

 

==== Fake Chromium Profiles Check ======================

 

Fake profile C:\Users\Administrator\AppData\Local\Torch deleted

Fake profile C:\Users\Administrator\AppData\Local\Google\Chrome deleted

Fake profile C:\Users\Administrator\AppData\Local\Google\Chrome SxS deleted

Fake profile C:\Users\Administrator\AppData\Local\Comodo\Dragon deleted

Fake profile C:\Users\Administrator\AppData\Local\Chromatic Browser deleted

Fake profile C:\Users\Dave\AppData\Local\Torch deleted

Fake profile C:\Users\Dave\AppData\Local\Google\Chrome SxS deleted

Fake profile C:\Users\Dave\AppData\Local\Comodo\Dragon deleted

Fake profile C:\Users\Dave\AppData\Local\Chromatic Browser deleted

Fake profile C:\Users\Guest\AppData\Local\Torch deleted

Fake profile C:\Users\Guest\AppData\Local\Google\Chrome deleted

Fake profile C:\Users\Guest\AppData\Local\Google\Chrome SxS deleted

Fake profile C:\Users\Guest\AppData\Local\Comodo\Dragon deleted

Fake profile C:\Users\Guest\AppData\Local\Chromatic Browser deleted

Fake profile C:\Users\HomeGroupUser$\AppData\Local\Torch deleted

Fake profile C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome deleted

Fake profile C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS deleted

Fake profile C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon deleted

Fake profile C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser deleted

 

==== Chromium Look ======================

 

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

blklojfklgnogjaijkibhfjepakiocng - C:\Users\Dave\AppData\Local\CRE\blklojfklgnogjaijkibhfjepakiocng.crx[]

blmchfpimpbbdmgpcieclabeafkljbhm - No path found[]

idhngdhcfkoamngbedgpaokgjbnpdiji - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx[03/15/2014 02:22 AM]

mmlkabjddkpgkgfhdhpimhcbonapngoh - C:\Users\Dave\AppData\Local\CRE\mmlkabjddkpgkgfhdhpimhcbonapngoh.crx[]

pelmeidfhdlhlbjimpabfcbnnojbboma - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx[]

pnjnnnhampgflieglcelomcofocioegp - C:\Users\Dave\AppData\Local\CRE\pnjnnnhampgflieglcelomcofocioegp.crx[]

 

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions

blklojfklgnogjaijkibhfjepakiocng - C:\Users\Dave\AppData\Local\CRE\blklojfklgnogjaijkibhfjepakiocng.crx[]

blmchfpimpbbdmgpcieclabeafkljbhm - No path found[]

pnjnnnhampgflieglcelomcofocioegp - C:\Users\Dave\AppData\Local\CRE\pnjnnnhampgflieglcelomcofocioegp.crx[]

 

Google Drive - Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf

YouTube - Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo

cosstminn - Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfnaiikenilbilljeemeemhdhfecipfg

Google Search - Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf

Google Wallet - Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

Gmail - Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

Google Docs - TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake

Google Drive - TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf

YouTube - TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo

Google Search - TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf

Chrome In-App Payments service - TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

Gmail - TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

InternetHelper3 - TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnjnnnhampgflieglcelomcofocioegp

 

==== Chromium Startpages ======================

 

C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Preferences

"homepage": "http://groovorio.com/?f=1&a=grv_tuto2_14_30&cd=2XzuyEtN2Y1L1Qzu0Czz0C0B0Bzz0BtDyC0CyEyEtAyEyD0FtN0D0Tzu0SzyyDyBtN1L2XzutBtFtBtCtFtCzztFtAtN1L1Czu1N1C2X1V2Z2Y2Z1FtB1VtCyE1VtAtDtN1L1G1B1V1N2Y1L1Qzu2SyC0B0F0DyEyDtCyCtGtAtDzy0CtG0ByD0AtCtG0F0F0C0BtGyBtAyB0EyBtB0A0C0E0CtD0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0A0D0C0EtA0AzztGtDtC0FyBtG0Bzy0A0BtG0C0DyE0AtGyD0D0DzzyE0B0EyC0EyBtBzz2Q&cr=157610599&ir=",

"startup_urls": [ "http://groovorio.com/?f=7&a=grv_tuto2_14_30&cd=2XzuyEtN2Y1L1Qzu0Czz0C0B0Bzz0BtDyC0CyEyEtAyEyD0FtN0D0Tzu0SzyyDyBtN1L2XzutBtFtBtCtFtCzztFtAtN1L1Czu1N1C2X1V2Z2Y2Z1FtB1VtCyE1VtAtDtN1L1G1B1V1N2Y1L1Qzu2SyC0B0F0DyEyDtCyCtGtAtDzy0CtG0ByD0AtCtG0F0F0C0BtGyBtAyB0EyBtB0A0C0E0CtD0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0A0D0C0EtA0AzztGtDtC0FyBtG0Bzy0A0BtG0C0DyE0AtGyD0D0DzzyE0B0EyC0EyBtBzz2Q&cr=157610599&ir=", "http://www.istart123.com/?type=hp&ts=1407519110&from=tugs&uid=HitachiXHTS543232A7A384_E2P342BL0L92XP0L92XPX" ],

 

 

==== Chromium Fix ======================

 

C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage deleted successfully

C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal deleted successfully

C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.scrabblefinder.com_0.localstorage deleted successfully

C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.scrabblefinder.com_0.localstorage-journal deleted successfully

C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnjnnnhampgflieglcelomcofocioegp deleted successfully

C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pnjnnnhampgflieglcelomcofocioegp deleted successfully

C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfnaiikenilbilljeemeemhdhfecipfg deleted successfully

 

==== Set IE to Default ======================

 

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://groovorio.com/?f=1&a=grv_tuto2_14_30&cd=2XzuyEtN2Y1L1Qzu0Czz0C0B0Bzz0BtDyC0CyEyEtAyEyD0FtN0D0Tzu0SzyyDyBtN1L2XzutBtFtBtCtFtCzztFtAtN1L1Czu1N1C2X1V2Z2Y2Z1FtB1VtCyE1VtAtDtN1L1G1B1V1N2Y1L1Qzu2SyC0B0F0DyEyDtCyCtGtAtDzy0CtG0ByD0AtCtG0F0F0C0BtGyBtAyB0EyBtB0A0C0E0CtD0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0A0D0C0EtA0AzztGtDtC0FyBtG0Bzy0A0BtG0C0DyE0AtGyD0D0DzzyE0B0EyC0EyBtBzz2Q&cr=157610599&ir="

"Default_Page_URL"="http://www.istart123.com/?type=hp&ts=1407519110&from=tugs&uid=HitachiXHTS543232A7A384_E2P342BL0L92XP0L92XPX"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Default_Search_URL"="http://www.istart123.com/web/?type=ds&ts=1407519110&from=tugs&uid=HitachiXHTS543232A7A384_E2P342BL0L92XP0L92XPX&q={searchTerms}"

"Default_Page_URL"="http://www.istart123.com/?type=hp&ts=1407519110&from=tugs&uid=HitachiXHTS543232A7A384_E2P342BL0L92XP0L92XPX"

"Start Page"="http://www.istart123.com/?type=hp&ts=1407519110&from=tugs&uid=HitachiXHTS543232A7A384_E2P342BL0L92XP0L92XPX"

"Search Page"="http://www.istart123.com/web/?type=ds&ts=1407519110&from=tugs&uid=HitachiXHTS543232A7A384_E2P342BL0L92XP0L92XPX&q={searchTerms}"

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]

"Default_Search_URL"="http://www.istart123.com/web/?type=ds&ts=1407519110&from=tugs&uid=HitachiXHTS543232A7A384_E2P342BL0L92XP0L92XPX&q={searchTerms}"

"Default_Page_URL"="http://www.istart123.com/?type=hp&ts=1407519110&from=tugs&uid=HitachiXHTS543232A7A384_E2P342BL0L92XP0L92XPX"

"Start Page"="http://www.istart123.com/?type=hp&ts=1407519110&from=tugs&uid=HitachiXHTS543232A7A384_E2P342BL0L92XP0L92XPX"

"Search Page"="http://www.istart123.com/web/?type=ds&ts=1407519110&from=tugs&uid=HitachiXHTS543232A7A384_E2P342BL0L92XP0L92XPX&q={searchTerms}"

 

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"

"Start Page"="http://www.google.com"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"

"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]

"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"

"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

 

==== All HKCU SearchScopes ======================

 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"

 

==== Deleting CLSID Registry Keys ======================

 

HKEY_USERS\S-1-5-21-2989837996-1790684633-2971567215-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{84A16F3D-D897-5769-5232-703FC5F4369F} deleted successfully

HKEY_USERS\S-1-5-21-2989837996-1790684633-2971567215-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{84A16F3D-D897-5769-5232-703FC5F4369F} deleted successfully

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{84A16F3D-D897-5769-5232-703FC5F4369F} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84A16F3D-D897-5769-5232-703FC5F4369F} deleted successfully

 

==== Deleting CLSID Registry Values ======================

 

 

==== Reset IE Proxy ======================

 

Value(s) before fix:

"ProxyServer"="http=127.0.0.1:13918;https=127.0.0.1:13918"

"ProxyOverride"="<-loopback>"

"ProxyEnable"=dword:00000001

 

Value(s) after fix:

"ProxyEnable"=dword:00000000

 

==== Deleting Registry Keys ======================

 

HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\blklojfklgnogjaijkibhfjepakiocng deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\blmchfpimpbbdmgpcieclabeafkljbhm deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\blmchfpimpbbdmgpcieclabeafkljbhm deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\mmlkabjddkpgkgfhdhpimhcbonapngoh deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\pnjnnnhampgflieglcelomcofocioegp deleted successfully

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\blklojfklgnogjaijkibhfjepakiocng deleted successfully

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\blmchfpimpbbdmgpcieclabeafkljbhm deleted successfully

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\pnjnnnhampgflieglcelomcofocioegp deleted successfully

 

==== Empty IE Cache ======================

 

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Dave\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

C:\Users\Dave\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully

C:\Users\Default\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

C:\Users\Dave\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

C:\Users\Dave\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully

C:\Users\Default\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

C:\Users\Default User\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

 

==== Empty FireFox Cache ======================

 

No FireFox Cache found

 

==== Empty Chrome Cache ======================

 

C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

 

==== Empty All Flash Cache ======================

 

Flash Cache Emptied Successfully

 

==== Empty All Java Cache ======================

 

Java Cache cleared successfully

 

==== C:\zoek_backup content ======================

 

C:\zoek_backup (files=1070 folders=347 52396145 bytes)

 

==== Empty Temp Folders ======================

 

C:\Users\Dave\AppData\Local\Temp will be emptied at reboot

C:\Users\Default\AppData\Local\Temp emptied successfully

C:\Users\Default User\AppData\Local\Temp emptied successfully

C:\Users\TEMP\AppData\Local\Temp emptied successfully

C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully

C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully

C:\WINDOWS\Temp will be emptied at reboot

 

==== After Reboot ======================

 

==== Empty Temp Folders ======================

 

C:\WINDOWS\Temp successfully emptied

C:\Users\Dave\AppData\Local\Temp successfully emptied

 

==== Empty Recycle Bin ======================

 

C:\$RECYCLE.BIN successfully emptied

 

==== EOF on Sun 11/09/2014 at 18:53:48.72 ======================

[flashh4]

Dave, no wonder it was giving you a fit !!

 

We have a lot to do so stay with me until i give you the all clean !!

 

Post the other logs when you can !

 

Thanks

Chuck

[davew3232]

# AdwCleaner v4.101 - Report created 09/11/2014 at 19:44:32

# Updated 09/11/2014 by Xplode

# Database : 2014-11-07.1 [Live]

# Operating System : Windows 8.1  (64 bits)

# Username : Dave - LAPTOP

# Running from : C:\Users\Dave\Downloads\adwcleaner_4.101 (1).exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

 

***** [ Scheduled Tasks ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v11.0.9600.17344

 

Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]

Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [search Page]

Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]

Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [start Page]

 

-\\ Mozilla Firefox v

 

 

-\\ Google Chrome v36.0.1985.125

 

[C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : blmchfpimpbbdmgpcieclabeafkljbhm

[C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : kdidombaedgpfiiedeimiebkmbilgmlc

[C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : licjnkifamhpbaefhdpacpmihicfbomb

[C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : niapdbllcanepiiimjjndipklodoedlc

[C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : pelmeidfhdlhlbjimpabfcbnnojbboma

[C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : dhdepfaagokllfmhfbcfmocaeigmoebo

[C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : fbmimoidopbghbcmdmpkjaffffmcbmbg

[C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : hphibigbodkkohoglgfkddblldpfohjl

[C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : kdcnnmifdmlmjffdgeieikcokcogpbej

[C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : kincjchfokkeneeofpeefomkikfkiedl

[C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : kkkeikdkpjenmoiicggnnodbkebafgpc

[C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : pgmfkblbflahhponhjmkcnpjinenhlnc

 

*************************

 

AdwCleaner[R3].txt - [293 octets] - [09/11/2014 19:04:29]

AdwCleaner[R4].txt - [286 octets] - [09/11/2014 19:10:11]

AdwCleaner[R5].txt - [7011 octets] - [09/11/2014 19:19:05]

AdwCleaner[R6].txt - [7849 octets] - [09/11/2014 19:37:16]

AdwCleaner[s2].txt - [2165 octets] - [09/11/2014 19:35:24]

AdwCleaner[s3].txt - [7336 octets] - [09/11/2014 19:44:32]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s3].txt - [7396 octets] ##########

[davew3232]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.3.7 (11.08.2014:1)

OS: Windows 8.1 x64

Ran by Dave on Sun 11/09/2014 at 19:56:14.64

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

Successfully stopped: [service] ustspcodiskoptimizer 

Successfully deleted: [service] ustspcodiskoptimizer 

Successfully stopped: [service] ustsscheduler 

Successfully deleted: [service] ustsscheduler 

 

 

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211181102}

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

Successfully deleted: [Folder] "C:\ProgramData\pchealthboost"

Successfully deleted: [Folder] "C:\ProgramData\ustechsupport"

Successfully deleted: [Folder] "C:\Users\Dave\AppData\Roaming\ustechsupport"

Successfully deleted: [Folder] "C:\Program Files (x86)\pc healthboost"

Successfully deleted: [Folder] "C:\Program Files (x86)\ustechsupport"

Successfully deleted: [Folder] "C:\Program Files (x86)\Common Files\ustechsupport"

Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mycleanpc"

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Sun 11/09/2014 at 20:10:15.20

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[davew3232]

Chuck no natepad log came up but I quarantined 14

[flashh4]

That's ok Dave, i have 2 more programs i need you to run !!

 

Download DDS and save it to your Desktop.  >>> DDS


    Double click dds.scr to run the tool.
    If using Vista or Windows 7 you will be prompted by UAC, please allow the prompt.
    DDS will now scan your computer.
    When the scan is complete, DDS will open two (2) logs:
        DDS.txt
        Attach.txt
    If not saved these logs will be automatically deleted when closed, so save both to your Desktop.
    Please note it is important that you post BOTH logs in your topic.


Please note: DDS will ask you to attach the second log (Attach.txt), please ignore this notice and post the log instead.


Any problems downloading or running DDS.scr, try THIS alternate (DDS.com) version of DDS http://download.bleepingcomputer.com/sUBs/dds.com
 

 

 

NEXT


Download OldTimer to your desk top !
Links: http://oldtimer.geekstogo.com/OTL.com http://oldtimer.geekstogo.com/OTL.scr  
 
If you already have a copy of OTL delete it and use this version.  (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).

* Double click OTL.exe to launch the program.
* Check the following.

o Scan all users.
o Standard Output. o Lop check.
o Purity check. oExtra Registry > Use SafeList  

* Under Extra Registry section, select Use SafeList
* Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
* When finished it will produce two logs.

o OTL.txt (open on your desktop).
o Extras.txt (minimised in your taskbar) The Extras.txt file will only appear the very first time you run OTL.

* Please post me both logs. This may have to be broken into more than one post !   

 

 

 

 

 

NEXT

 

 

 

 

Security Check

Please download and save SecurityCheck.exe to your Desktop from one of the links below.

Link 1 >>> http://screen317.spywareinfoforum.org/SecurityCheck.exe.

Link 2 >>> http://screen317.changelog.fr/SecurityCheck.exe

    * Double click SecurityCheck.exe and follow the onscreen instructions inside the black box.
    * A Notepad document should open automatically called checkup.txt
    * Please post the contents of that document in your next reply.


 

Post those logs next !

 

You can work on these as time permits !

 

 

They will be long ! I will look threw all of them & write up a fix today !

 

Thanks

Chuck

[davew3232]

It will not let me run either DDS programs anything else I can do

[flashh4]

Hi Dave, ok run & Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool x64 and save it to your Desktop. http://api.viglink.com/api/click?format=go&jsonp=vglnk_141389619375211&key=bf4adfcbb328b51c165afd7f95bfc060&libId=ecbcff70-8bf8-471f-8eb3-3764f377b06e&loc=http%3A%2F%2Fwww.geekstogo.com%2Fforum%2Ftopic%2F344271-cleaning-junk-from-my-computer%2F&v=1&out=http%3A%2F%2Fwww.bleepingcomputer.com%2Fdownload%2Ffarbar-recovery-scan-tool%2Fdl%2F82%2F&ref=http%3A%2F%2Fwww.geekstogo.com%2Fforum%2Fforum%2F37-virus-spyware-malware-removal%2F&title=Cleaning%20Junk%20from%20my%20Computer%20-%20Virus%2C%20Spyware%2C%20Malware%20Removal&txt=%3Cstrong%3EFarbar%20Recovery%20Scan%20Tool%20x64%3C%2Fstrong%3E

    Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    > Windows 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
    When the tool opens click Yes to disclaimer.
    Make sure that Addition option is checked.
    Press Scan button and wait.
    The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content in your next reply.

 

 

 

NEXT


Download OldTimer to your desk top !
Links: http://oldtimer.geekstogo.com/OTL.com http://oldtimer.geekstogo.com/OTL.scr  
 
If you already have a copy of OTL delete it and use this version.  (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).

* Double click OTL.exe to launch the program.
* Check the following.

o Scan all users.
o Standard Output. o Lop check.
o Purity check. oExtra Registry > Use SafeList  

* Under Extra Registry section, select Use SafeList
* Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
* When finished it will produce two logs.

o OTL.txt (open on your desktop).
o Extras.txt (minimised in your taskbar) The Extras.txt file will only appear the very first time you run OTL.

* Please post me both logs. This may have to be broken into more than one post !   

 

 

 

 

 

NEXT

 

 

 

 

Security Check

Please download and save SecurityCheck.exe to your Desktop from one of the links below.

Link 1 >>> http://screen317.spy...curityCheck.exe.

Link 2 >>> http://screen317.cha...curityCheck.exe

    * Double click SecurityCheck.exe and follow the onscreen instructions inside the black box.
    * A Notepad document should open automatically called checkup.txt
    * Please post the contents of that document in your next reply.

 

Post these logs !

 

Thanks

Chuck

[davew3232]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-11-2014

Ran by Dave at 2014-11-11 20:03:30

Running from C:\Users\Dave\Downloads

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)

Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)

Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)

aiofw (x32 Version: 4.2.6.8 - Eastman Kodak Company) Hidden

aioprnt (Version: 4.2.7.4 - Eastman Kodak Company) Hidden

aioscnnr (x32 Version: 4.2.6.0 - Your Company Name) Hidden

AMD Catalyst Install Manager (HKLM\...\{63ADEC24-A374-80A8-E89B-BE401C787F75}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)

Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

AVG 2013 (HKLM\...\AVG) (Version: 2013.0.3392 - AVG Technologies)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden

C309a (x32 Version: 140.0.846.000 - Hewlett-Packard) Hidden

center (x32 Version: 4.2.6.8 - Eastman Kodak Company) Hidden

Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

CorelDRAW 10 (HKLM-x32\...\CorelDRAW 10) (Version:  - )

CorelDRAW 10 (x32 Version: 10 - Corel) Hidden

CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1.5407 - CyberLink Corp.)

CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.)

CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.1.1926 - CyberLink Corp.)

CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.4319 - CyberLink Corp.)

CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.5.5811 - CyberLink Corp.)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden

DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden

DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden

Dropbox (HKU\S-1-5-21-2989837996-1790684633-2971567215-1002\...\Dropbox) (Version: 2.10.28 - Dropbox, Inc.)

Dropbox (HKU\S-1-5-21-2989837996-1790684633-2971567215-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Dropbox) (Version: 2.10.28 - Dropbox, Inc.)

Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)

Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)

Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)

Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden

GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden

H&R Block Deluxe + Efile 2012 (HKLM-x32\...\{89D20029-0578-4D8D-979A-695C8D868868}) (Version: 12.04.7803 - HRB Technology, LLC.)

H&R Block Deluxe + Efile 2013 (HKLM-x32\...\{AD9F55C5-93F8-4CAB-A311-77C195912CA4}) (Version: 13.04.5801 - HRB Technology, LLC.)

Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden

HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)

HP Documentation (HKLM-x32\...\{D23CA718-0356-41F2-8E6A-B5C6CD383EF7}) (Version: 1.1.0.0 - Hewlett-Packard)

HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)

HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)

HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)

HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.11502 - HP)

HP Photosmart C309a All-In-One Driver Software 14.0 Rel. 6 (HKLM\...\{F089B734-1356-484F-A7B8-1B78F1616A15}) (Version: 14.0 - HP)

HP Quick Launch (HKLM-x32\...\{4ED7050C-9332-4FB2-AB07-E94F25A53D39}) (Version: 3.0.3 - Hewlett-Packard Company)

HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)

HP Software Framework (HKLM-x32\...\{675D093B-815D-47FD-AB2C-192EC751E8E2}) (Version: 4.6.10.1 - Hewlett-Packard Company)

HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)

HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)

HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)

HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard)

HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.5.1 - Hewlett-Packard Company)

HPDetect (HKLM-x32\...\{CCCDD476-98F9-4B06-91DB-23F27CEC3BE1}) (Version: 1.0.0.0 - HP)

HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden

HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden

HRBlockDirect version 1.1.2.0 (HKLM-x32\...\{631EFC00-5A7A-4A90-9578-039EDA92DE0F}_is1) (Version: 1.1.2.0 - HRBlock)

iCloud (HKLM\...\{6096C0CC-7E19-4355-87F0-627EC5AA146D}) (Version: 4.0.3.56 - Apple Inc.)

IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6423.0 - IDT)

iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)

Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)

KODAK AiO Home Center (HKLM-x32\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 4.2.7.7 - Eastman Kodak Company)

ksDIP (x32 Version: 3.20.0000.0000 - Eastman Kodak Company) Hidden

Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)

MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden

Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)

Microsoft Office XP Media Content (HKLM-x32\...\{90300409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2619.0 - Microsoft Corporation)

Microsoft Office XP Professional (HKLM-x32\...\{91110409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)

Microsoft OneDrive (HKU\S-1-5-21-2989837996-1790684633-2971567215-1002\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)

Microsoft OneDrive (HKU\S-1-5-21-2989837996-1790684633-2971567215-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)

MyCleanPC PC Optimizer (HKLM-x32\...\{6AAEB4CB-0573-41ec-89B0-0FE0D5134A8B}_is1) (Version: 2.0.648.15539 - USTechSupport)

Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden

OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)

OpenOffice.org 3.4.1 (HKLM-x32\...\{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}) (Version: 3.41.9593 - Apache Software Foundation)

Pdf995 (installed by H&R Block) (HKLM-x32\...\Pdf995) (Version:  - )

PdfEdit995 (installed by H&R Block) (HKLM-x32\...\PdfEdit995) (Version:  - )

PreReq (x32 Version: 3.20.0000.0000 - Eastman Kodak Company) Hidden

PrintProjects (HKLM-x32\...\PrintProjects) (Version: 1.0.0.12842 - RocketLife Inc.)

PS_AIO_05_C309_Software_Min (x32 Version: 140.0.855.000 - Hewlett-Packard) Hidden

QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)

Ralink RT5390R 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.2.0 - Ralink)

Rapport (x32 Version: 3.5.1404.21 - Trusteer) Hidden

RealDownloader (x32 Version: 17.0.8 - RealNetworks, Inc.) Hidden

RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden

RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden

RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden

RealPlayer Cloud (HKLM-x32\...\RealPlayer 17.0) (Version: 17.0.8 - RealNetworks)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)

Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.28123 - Realtek Semiconductor Corp.)

RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden

SanDiskSecureAccess_Manager.exe (HKU\S-1-5-21-2989837996-1790684633-2971567215-1002\...\@@__UNKNOWN__@@SanDiskSecureAccess_Manager.exe) (Version: 1.1.19755 - Gemalto N.V.)

SanDiskSecureAccess_Manager.exe (HKU\S-1-5-21-2989837996-1790684633-2971567215-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\@@__UNKNOWN__@@SanDiskSecureAccess_Manager.exe) (Version: 1.1.19755 - Gemalto N.V.)

Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden

Skypeâ„¢ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)

SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden

Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden

swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.12 - Synaptics Incorporated)

The Weather Channel App (HKLM-x32\...\{167158CE-1637-4167-8A1C-C2549EEA966A}) (Version: 1.00.0000 - The Weather Channel)

Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden

TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden

Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1404.21 - Trusteer)

UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden

US Tech Support Framework (HKLM-x32\...\{4734A746-A503-4B8E-A4FA-7B7C84A18D79}) (Version: 2.1.0.4741 - US Tech Support LLC)

WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)

 

==================== Custom CLSID (selected items): ==========================

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

 

==================== Restore Points  =========================

 

02-11-2014 06:28:59 MyCleanPCPCOptimizer_BeforeFixingIssues

02-11-2014 15:49:06 Installed Java 7 Update 71

04-11-2014 03:19:30 Activeris AntiMalware

09-11-2014 07:29:56 MyCleanPCPCOptimizer_BeforeFixingIssues

10-11-2014 00:02:47 zoek.exe restore point

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2012-07-25 22:26 - 2013-11-02 08:48 - 00000098 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

::1       localhost

 

==================== Scheduled Tasks (whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

 

Task: {0CE77290-6C90-4736-8A58-ADA98B3D4E12} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-24] (Synaptics Incorporated)

Task: {16A4324C-A396-460A-BB02-5C5463E8CF52} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2989837996-1790684633-2971567215-1002 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe

Task: {2F479EB9-097F-4D4E-AAEE-3BB23DACCCF2} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2013-03-26] ()

Task: {31039BA7-AB5C-4759-AD4D-DFEBBD5223C0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)

Task: {372FF955-5904-477D-B8E2-D6ACC04F4DD5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-09-22] (Hewlett-Packard)

Task: {384730F8-58C1-4DF6-97C0-F1F4079B17A2} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-10-14] (Microsoft Corporation)

Task: {3C28E809-DD74-4E2D-8800-2A1359D2FF2E} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)

Task: {45677C94-4A54-493B-A37F-06620638B55C} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)

Task: {4ADA22F5-E7E9-4EE7-9FAB-29776C108B45} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2989837996-1790684633-2971567215-1002 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-03-15] (RealNetworks, Inc.)

Task: {729E0FE4-EA3F-4B2E-9E54-665A6EB6729D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)

Task: {8D94B28D-7FF3-4333-AF99-E815A96CBAB7} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2989837996-1790684633-2971567215-1002 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-03-20] (RealNetworks, Inc.)

Task: {91760CEA-8DCD-4D98-A587-809BC244CD34} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-09-22] (Hewlett-Packard)

Task: {95FD93E0-88E4-4373-BE4C-61CC5001D987} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [2013-11-04] (Hewlett-Packard Company)

Task: {9B4764CB-0DB0-47A2-9B8A-E23FF553C9ED} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)

Task: {A41E952D-CE82-42D6-A8C1-8A70C4D97971} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {B78FBC55-3ACA-4BAE-B1D5-364936955538} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-09] (Adobe Systems Incorporated)

Task: {C2389E22-D793-4EB6-BC58-7BF1B3B5AEBF} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-10-12] (CyberLink)

Task: {C258507F-A465-4E0C-A6F4-7EB34EC86A59} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)

Task: {C3C594CE-E07F-4415-B1F3-4B556B528F08} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)

Task: {C5BEE337-92EC-48E5-9C6B-E99BCF5B859F} - System32\Tasks\PrintProjects Communicator => C:\ProgramData\PrintProjects\Communicator.exe [2013-12-21] ()

Task: {C7DF08C9-42F4-424C-800D-1EE5F9C9CE92} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)

Task: {CC909D9E-E254-4E3C-9807-BF59C9AD6C3D} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2989837996-1790684633-2971567215-1002 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-03-20] (RealNetworks, Inc.)

Task: {CFBAE89D-2978-4694-B039-D1C96BB5AC41} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup

Task: {E06C2A65-1770-463B-9155-9683771261F1} - System32\Tasks\LAUNCH CDPCO => C:\Program Files (x86)\USTechSupport\PC Optimizer\USTSPCO.exe

Task: {F41AFF04-916A-4ACF-B121-8B926E2467A1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)

Task: {F6306C56-C5E2-402B-AAEB-5402514EC1C6} - System32\Tasks\HPCeeScheduleForDave => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)

Task: {FABDB386-48DE-4D30-B843-40CB0CE82A31} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: {FAE1F865-9DFE-4285-A82D-5721E836B5F8} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-07] (CyberLink)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe

Task: C:\WINDOWS\Tasks\HPCeeScheduleForDave.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

Task: C:\WINDOWS\Tasks\PrintProjects Communicator.job => C:\ProgramData\PrintProjects\Communicator.exe

Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

 

==================== Loaded Modules (whitelisted) =============

 

2014-02-05 13:14 - 2012-04-26 15:51 - 00040448 _____ () C:\WINDOWS\System32\pdf995mon64.dll

2012-08-06 12:09 - 2012-08-06 12:09 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll

2014-03-15 02:18 - 2014-03-15 02:18 - 00039568 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe

2014-03-20 20:13 - 2014-03-20 20:13 - 00023552 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe

2014-04-27 18:04 - 2014-04-27 18:04 - 00043520 _____ () C:\Users\Dave\AppData\Local\Packages\53987rbl3.financehelper_z2nrd37h46pd8\AC\Microsoft\CLR_v4.0\NativeImages\Tasks\9e3e7a9b672757fec0f0b3de7245f539\Tasks.ni.dll

2014-10-16 23:24 - 2014-10-16 23:24 - 01782784 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.App640a3541#\3f4dc590466037f015f65bc07d1ea923\Windows.ApplicationModel.ni.dll

2014-04-27 18:04 - 2014-04-27 18:04 - 00348672 _____ () C:\Users\Dave\AppData\Local\Packages\53987rbl3.financehelper_z2nrd37h46pd8\AC\Microsoft\CLR_v4.0\NativeImages\Notificatioc5a47191#\39274f50b85b30f3b823e5dd99be667c\NotificationsExtensions.ni.dll

2014-10-16 23:24 - 2014-10-16 23:24 - 00521216 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Data\fae2b750f87849ca11806d20b2504bf2\Windows.Data.ni.dll

2014-10-16 23:24 - 2014-10-16 23:24 - 01459712 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.UI\4bd80968bf666252841ca7792faaff11\Windows.UI.ni.dll

2014-09-14 10:01 - 2014-09-14 10:01 - 00088576 _____ () C:\Users\Dave\AppData\Local\Packages\53987rbl3.financehelper_z2nrd37h46pd8\AC\Microsoft\CLR_v4.0\NativeImages\SharedDataLink\846b13847670d6d4ee629471089a53d7\SharedDataLink.ni.dll

2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2014-03-23 16:04 - 2014-03-23 16:04 - 00557056 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll

2012-09-15 07:31 - 2012-06-07 20:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll

2012-06-08 11:34 - 2012-06-08 11:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll

2014-07-19 09:26 - 2014-07-15 02:24 - 00718664 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libglesv2.dll

2014-07-19 09:26 - 2014-07-15 02:24 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libegl.dll

2014-07-19 09:26 - 2014-07-15 02:24 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll

2014-07-19 09:26 - 2014-07-15 02:24 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll

2014-07-19 09:26 - 2014-07-15 02:24 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll

2014-07-19 09:26 - 2014-07-15 02:24 - 14664008 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

AlternateDataStreams: C:\ProgramData\Temp:373E1720

AlternateDataStreams: C:\Users\Dave\OneDrive:ms-properties

AlternateDataStreams: C:\Users\Dave\SkyDrive:ms-properties

 

==================== Safe Mode (whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

 

==================== EXE Association (whitelisted) =============

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

 

==================== MSCONFIG/TASK MANAGER disabled items =========

 

(Currently there is no automatic fix for this section.)

 

HKLM\...\StartupApproved\StartupFolder: => "Microsoft Office.lnk"

HKLM\...\StartupApproved\StartupFolder: => "AtHomeConnect.lnk"

HKLM\...\StartupApproved\StartupFolder: => "HP Digital Imaging Monitor.lnk"

HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"

HKLM\...\StartupApproved\StartupFolder: => "HRBlockDirect.lnk"

HKLM\...\StartupApproved\StartupFolder: => "RealPlayer Cloud Service UI.lnk"

HKLM\...\StartupApproved\Run32: => "APSDaemon"

HKLM\...\StartupApproved\Run32: => "Conime"

HKLM\...\StartupApproved\Run32: => "QuickTime Task"

HKLM\...\StartupApproved\Run32: => "Corel Reminder"

HKLM\...\StartupApproved\Run32: => "AVG_UI"

HKLM\...\StartupApproved\Run32: => "HP Software Update"

HKLM\...\StartupApproved\Run32: => "iTunesHelper"

HKLM\...\StartupApproved\Run32: => "TkBellExe"

HKLM\...\StartupApproved\Run32: => "ApnTBMon"

HKLM\...\StartupApproved\Run32: => "BrowserSafeguard"

HKLM\...\StartupApproved\Run32: => "VNT"

HKCU\...\StartupApproved\StartupFolder: => "OpenOffice.org 3.4.1.lnk"

HKCU\...\StartupApproved\StartupFolder: => "Dropbox.lnk"

HKCU\...\StartupApproved\StartupFolder: => "PalTalk.lnk"

HKCU\...\StartupApproved\Run: => "Skype"

HKCU\...\StartupApproved\Run: => "DW7"

 

========================= Accounts: ==========================

 

Administrator (S-1-5-21-2989837996-1790684633-2971567215-500 - Administrator - Disabled)

Dave (S-1-5-21-2989837996-1790684633-2971567215-1002 - Administrator - Enabled) => C:\Users\Dave

Guest (S-1-5-21-2989837996-1790684633-2971567215-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-2989837996-1790684633-2971567215-1010 - Limited - Enabled)

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (11/11/2014 07:48:39 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program LiveComm.exe version 17.5.9600.20605 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

 

Process ID: 300

 

Start Time: 01cffe21b9838d0e

 

Termination Time: 4294967295

 

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\LiveComm.exe

 

Report Id: 60fea05d-6a16-11e4-bf3d-c8cbb8b06c44

 

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe

 

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

 

Error: (11/10/2014 08:28:20 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program wwahost.exe version 6.3.9600.17031 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

 

Process ID: 14f8

 

Start Time: 01cffd5e0d10df01

 

Termination Time: 4294967295

 

Application Path: C:\WINDOWS\system32\wwahost.exe

 

Report Id: 00cf954a-6952-11e4-bf3d-c8cbb8b06c44

 

Faulting package full name: AD2F1837.HPConnectedPhotopoweredbySnapfish_2.5.6.4614_neutral__v10z8vjag6ke6

 

Faulting package-relative application ID: App

 

Error: (11/10/2014 08:23:22 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program backgroundTaskHost.exe version 6.3.9600.16384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

 

Process ID: c4

 

Start Time: 01cffd5e0d1808f7

 

Termination Time: 4294967295

 

Application Path: C:\WINDOWS\system32\backgroundTaskHost.exe

 

Report Id: 00d45714-6952-11e4-bf3d-c8cbb8b06c44

 

Faulting package full name: 53987RBL3.FinanceHelper_1.1.0.73_neutral__z2nrd37h46pd8

 

Faulting package-relative application ID: App

 

 

System errors:

=============

Error: (11/09/2014 09:19:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Google Update Service (gupdate) service failed to start due to the following error: 

%%2

 

Error: (11/09/2014 09:17:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Kodak AiO Network Discovery Service service failed to start due to the following error: 

%%1053

 

Error: (11/09/2014 09:17:24 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the Kodak AiO Network Discovery Service service to connect.

 

 

Microsoft Office Sessions:

=========================

Error: (11/11/2014 07:48:39 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: LiveComm.exe17.5.9600.2060530001cffe21b9838d0e4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\LiveComm.exe60fea05d-6a16-11e4-bf3d-c8cbb8b06c44microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

 

Error: (11/10/2014 08:28:20 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: wwahost.exe6.3.9600.1703114f801cffd5e0d10df014294967295C:\WINDOWS\system32\wwahost.exe00cf954a-6952-11e4-bf3d-c8cbb8b06c44AD2F1837.HPConnectedPhotopoweredbySnapfish_2.5.6.4614_neutral__v10z8vjag6ke6App

 

Error: (11/10/2014 08:23:22 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: backgroundTaskHost.exe6.3.9600.16384c401cffd5e0d1808f74294967295C:\WINDOWS\system32\backgroundTaskHost.exe00d45714-6952-11e4-bf3d-c8cbb8b06c4453987RBL3.FinanceHelper_1.1.0.73_neutral__z2nrd37h46pd8App

 

 

CodeIntegrity Errors:

===================================

  Date: 2014-11-10 20:40:36.675

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2014-11-10 20:40:35.762

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2014-10-26 19:35:40.640

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2014-10-26 19:35:39.996

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2014-10-26 19:35:39.375

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2014-10-26 19:35:38.166

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2014-10-26 19:35:37.503

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2014-10-26 19:35:36.848

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2014-10-26 19:35:31.260

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2014-10-26 19:35:30.495

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

 

==================== Memory info =========================== 

 

Processor: AMD E-300 APU with Radeon HD Graphics

Percentage of memory in use: 52%

Total physical RAM: 3682.26 MB

Available physical RAM: 1736.68 MB

Total Pagefile: 4578.26 MB

Available Pagefile: 1816.53 MB

Total Virtual: 131072 MB

Available Virtual: 131071.75 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:275.65 GB) (Free:217.97 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Drive d: (RECOVERY) (Fixed) (Total:21.33 GB) (Free:2.57 GB) NTFS ==>[system with boot components (obtained from reading drive)]

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (Size: 298.1 GB) (Disk ID: C2C9F703)

 

Partition: GPT Partition Type.

 

==================== End Of Log ============================

[davew3232]

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-11-2014

Ran by Dave (administrator) on LAPTOP on 11-11-2014 19:42:57

Running from C:\Users\Dave\Downloads

Loaded Profiles: Dave &  (Available profiles: Dave)

Platform: Windows 7 Ultimate (X64) OS Language: English (United States)

Internet Explorer Version 11

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe

(AMD) C:\Windows\System32\atiesrxx.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe

(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe

(Microsoft Corporation) C:\Windows\System32\dasHost.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe

(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe

() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe

(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

(Microsoft Corporation) C:\Windows\System32\LogonUI.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe

(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe

(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe

(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe

(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe

(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe

(Microsoft Corporation) C:\Windows\System32\backgroundTaskHost.exe

(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\livecomm.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Microsoft Corporation) C:\Windows\System32\wsqmcons.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Microsoft Corporation) C:\Users\Dave\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe

(Microsoft Corporation) C:\Windows\System32\msfeedssync.exe

(Microsoft Corporation) C:\Windows\System32\BackgroundTransferHost.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-24] (Synaptics Incorporated)

HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2013-05-29] (IDT, Inc.)

HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-06] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491320 2012-07-26] (CyberLink Corp.)

HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)

HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [580512 2012-07-09] (Hewlett-Packard Development Company, L.P.)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)

HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [TkBellExe] => c:\program files (x86)\real\realplayer\Update\realsched.exe [296520 2014-04-05] (RealNetworks, Inc.)

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)

HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)

HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-08-19] (Hewlett-Packard)

HKU\S-1-5-21-2989837996-1790684633-2971567215-1002\...\Run: [TWC.Win7] => C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe

HKU\S-1-5-21-2989837996-1790684633-2971567215-1002\...\MountPoints2: {bb7712fa-a231-11e3-beeb-c8cbb8b06c44} - "C:\WINDOWS\system32\RunDLL32.EXE" Shell32.DLL,ShellExec_RunDLL F:\TL-Bootstrap.exe

HKU\S-1-5-21-2989837996-1790684633-2971567215-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [TWC.Win7] => C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe

HKU\S-1-5-21-2989837996-1790684633-2971567215-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {bb7712fa-a231-11e3-beeb-c8cbb8b06c44} - "C:\WINDOWS\system32\RunDLL32.EXE" Shell32.DLL,ShellExec_RunDLL F:\TL-Bootstrap.exe

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk

ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk

ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (RealNetworks, Inc.)

Startup: C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\Dave\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

Startup: C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk

ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File

ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File

ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File

ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File

ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

ProxyServer: http=127.0.0.1:14081;https=127.0.0.1:14081

StartMenuInternet: IEXPLORE.EXE - iexplore.exe

SearchScopes: HKCU - {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}

BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader)

BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)

BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 72.21.70.3 67.215.21.202

 

FireFox:

========

FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()

FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @real.com/nppl3260;version=17.0.8.22 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=17.0.8 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)

FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.8 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)

FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=17.0.8 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)

FF Plugin-x32: @real.com/nprpplugin;version=17.0.8.22 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)

FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKU\S-1-5-21-2989837996-1790684633-2971567215-1002: hp.com/HPDetect -> C:\Users\Dave\AppData\Roaming\HewlettPackard\HPDetect\1.0.0.0\npHPDetect.dll (HP)

FF Plugin HKU\S-1-5-21-2989837996-1790684633-2971567215-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: hp.com/HPDetect -> C:\Users\Dave\AppData\Roaming\HewlettPackard\HPDetect\1.0.0.0\npHPDetect.dll (HP)

FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-04-05]

FF HKLM-x32\...\Firefox\Extensions: [{0FAA5C82-A094-4541-8811-D3361F972A81}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

 

Chrome: 

=======

CHR dev: Chrome dev build detected! <======= ATTENTION

CHR Profile: C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Drive) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-25]

CHR Extension: (YouTube) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-25]

CHR Extension: (Google Search) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-25]

CHR Extension: (Google Wallet) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-03]

CHR Extension: (Gmail) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-25]

CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2014-03-15]

CHR StartMenuInternet: Google Chrome - chrome.exe

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-06] (Advanced Micro Devices, Inc.) [File not signed]

R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]

R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]

R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]

R3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-21] (Microsoft Corporation)

S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-13] (Microsoft Corporation)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)

S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]

S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-05] (Microsoft Corporation)

S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]

R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1919256 2014-10-13] (IBM Corp.)

R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-03-15] ()

R2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-04-05] (RealNetworks, Inc.)

R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-03-20] () [File not signed]

S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-21] (Microsoft Corporation)

S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-21] (Microsoft Corporation)

S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-01-22] (Microsoft Corporation)

R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)

R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)

S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]

S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)

R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-11] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)

R1 RapportCerberus_80055; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_80055.sys [761720 2014-10-10] ()

R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [445880 2014-10-13] (IBM Corp.)

S3 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [289656 2014-10-13] (IBM Corp.)

S3 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [534104 2014-10-13] (IBM Corp.)

S3 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [557656 2014-10-13] (IBM Corp.)

S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)

S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)

S3 ssmirrdr; C:\Windows\system32\DRIVERS\ssmirrdr.sys [10112 2014-01-08] (support.com, Inc)

R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)

R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20288 2012-08-03] (Hewlett-Packard Development Company, L.P.)

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-11-11 19:42 - 2014-11-11 19:49 - 00020868 _____ () C:\Users\Dave\Downloads\FRST.txt

2014-11-11 19:42 - 2014-11-11 19:43 - 00000000 ____D () C:\FRST

2014-11-11 19:41 - 2014-11-11 19:41 - 02116096 _____ (Farbar) C:\Users\Dave\Downloads\FRST64.exe

2014-11-11 19:39 - 2014-11-11 19:39 - 00025371 _____ () C:\WINDOWS\SysWOW64\rsslogs.20141111193818

2014-11-10 20:38 - 2014-11-10 20:38 - 00854448 _____ () C:\Users\Dave\Desktop\SecurityCheck.exe

2014-11-10 20:36 - 2014-11-10 20:36 - 00602112 _____ (OldTimer Tools) C:\Users\Dave\Desktop\OTL.com

2014-11-10 20:33 - 2014-11-10 20:34 - 00688992 _____ (Swearware) C:\Users\Dave\Downloads\dds (1).com

2014-11-10 20:32 - 2014-11-10 20:32 - 00688992 _____ (Swearware) C:\Users\Dave\Downloads\dds.scr

2014-11-10 20:30 - 2014-11-10 20:30 - 00688992 _____ (Swearware) C:\Users\Dave\Downloads\dds.com

2014-11-10 20:21 - 2014-11-10 20:21 - 00003282 _____ () C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2989837996-1790684633-2971567215-1002

2014-11-10 20:20 - 2014-11-10 20:20 - 00003334 _____ () C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2989837996-1790684633-2971567215-1002

2014-11-10 20:16 - 2014-11-11 19:39 - 00124421 _____ () C:\WINDOWS\SysWOW64\rsslogs.20141110201537

2014-11-09 21:32 - 2014-11-09 21:32 - 00000000 ____D () C:\Users\Dave\Downloads\Scan

2014-11-09 21:18 - 2014-11-10 20:16 - 00033834 _____ () C:\WINDOWS\SysWOW64\rsslogs.20141109211734

2014-11-09 20:16 - 2014-11-11 19:39 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2014-11-09 20:15 - 2014-11-09 20:15 - 00001078 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-11-09 20:15 - 2014-11-09 20:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-11-09 20:14 - 2014-11-09 20:15 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-11-09 20:14 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys

2014-11-09 20:14 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys

2014-11-09 20:14 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys

2014-11-09 20:12 - 2014-11-09 20:13 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Dave\Downloads\mbam-setup-2.0.3.1025.exe

2014-11-09 20:10 - 2014-11-09 20:10 - 00001515 _____ () C:\Users\Dave\Desktop\JRT.txt

2014-11-09 19:55 - 2014-11-09 19:55 - 01706808 _____ (Thisisu) C:\Users\Dave\Downloads\JRT (1).exe

2014-11-09 19:47 - 2014-11-09 19:47 - 00108693 _____ () C:\WINDOWS\SysWOW64\rsslogs.20141109194611

2014-11-09 19:13 - 2014-11-09 19:13 - 00038679 _____ () C:\WINDOWS\SysWOW64\rsslogs.20141109191234

2014-11-09 19:05 - 2014-11-09 19:06 - 01706808 _____ (Thisisu) C:\Users\Dave\Downloads\JRT.exe

2014-11-09 19:04 - 2014-11-09 19:44 - 00000000 ____D () C:\AdwCleaner

2014-11-09 19:03 - 2014-11-09 19:03 - 02140160 _____ () C:\Users\Dave\Downloads\adwcleaner_4.101 (1).exe

2014-11-09 18:51 - 2014-11-09 18:51 - 00025377 _____ () C:\WINDOWS\SysWOW64\rsslogs.20141109185022

2014-11-09 18:46 - 2014-11-09 16:58 - 00024064 _____ () C:\WINDOWS\zoek-delete.exe

2014-11-09 18:09 - 2014-11-09 18:53 - 00000000 ____D () C:\zoek

2014-11-09 17:02 - 2014-11-09 18:53 - 00027017 _____ () C:\zoek-results.log

2014-11-09 16:58 - 2014-11-09 18:33 - 00000000 ____D () C:\zoek_backup

2014-11-09 16:41 - 2014-11-09 16:59 - 00000000 ____D () C:\Users\Dave\Downloads\zoek

2014-11-09 16:40 - 2014-11-09 16:41 - 04124640 _____ () C:\Users\Dave\Downloads\zoek.zip

2014-11-09 04:41 - 2014-11-09 04:41 - 01023708 _____ () C:\WINDOWS\SysWOW64\rsslogs.20141109044052

2014-11-08 04:41 - 2014-11-09 04:41 - 01738235 _____ () C:\WINDOWS\SysWOW64\rsslogs.20141108044053

2014-11-07 14:57 - 2014-11-08 04:41 - 00994658 _____ () C:\WINDOWS\SysWOW64\rsslogs.20141107145630

2014-11-06 19:57 - 2014-11-07 14:57 - 00102692 _____ () C:\WINDOWS\SysWOW64\rsslogs.20141106195626

2014-11-05 21:42 - 2014-11-06 19:57 - 00003634 _____ () C:\WINDOWS\SysWOW64\rsslogs.20141105214132

2014-11-05 19:15 - 2014-11-05 19:15 - 00176385 _____ () C:\WINDOWS\SysWOW64\rsslogs.20141105191432

2014-11-04 03:14 - 2014-11-05 19:15 - 01378478 _____ () C:\WINDOWS\SysWOW64\rsslogs.20141104031446

2014-11-03 03:14 - 2014-11-04 03:14 - 01738366 _____ () C:\WINDOWS\SysWOW64\rsslogs.20141103031446

2014-11-02 20:16 - 2014-11-03 03:14 - 00504737 _____ () C:\WINDOWS\SysWOW64\rsslogs.20141102201553

2014-11-02 08:53 - 2014-11-02 08:51 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe

2014-11-02 08:52 - 2014-11-02 08:52 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll

2014-11-02 08:52 - 2014-11-02 08:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2014-11-02 08:52 - 2014-11-02 08:51 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe

2014-11-02 08:52 - 2014-11-02 08:51 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe

2014-11-02 08:51 - 2014-11-02 08:51 - 00000000 ____D () C:\Program Files (x86)\Java

2014-11-02 07:48 - 2014-11-02 07:48 - 00901277 _____ () C:\WINDOWS\SysWOW64\rsslogs.20141102074757

2014-11-02 00:49 - 2014-11-02 07:48 - 00505736 _____ () C:\WINDOWS\SysWOW64\rsslogs.20141102014845

2014-10-25 21:14 - 2014-10-25 21:14 - 00641609 _____ () C:\Users\Dave\Downloads\201410259516330395001.3gp

2014-10-24 18:32 - 2014-10-24 18:32 - 00001755 _____ () C:\Users\Public\Desktop\iTunes.lnk

2014-10-24 18:28 - 2014-10-24 18:32 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7

2014-10-24 17:34 - 2014-10-24 17:34 - 00001817 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk

2014-10-19 07:40 - 2014-10-19 07:40 - 13781330 _____ () C:\Users\Dave\Downloads\20141018_194348.mp4

2014-10-15 20:12 - 2014-09-29 15:45 - 00706016 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe

2014-10-15 20:12 - 2014-09-29 15:45 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

2014-10-14 19:40 - 2014-09-27 15:25 - 04183040 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys

2014-10-14 19:39 - 2014-09-18 19:25 - 23631360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll

2014-10-14 19:39 - 2014-09-18 18:44 - 17484800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll

2014-10-14 19:38 - 2014-09-25 15:50 - 13619200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll

2014-10-14 19:38 - 2014-09-25 15:46 - 00243200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll

2014-10-14 19:38 - 2014-09-25 15:46 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll

2014-10-14 19:38 - 2014-09-25 15:43 - 11807232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll

2014-10-14 19:38 - 2014-09-25 15:32 - 02017280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl

2014-10-14 19:38 - 2014-09-25 15:31 - 02108416 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl

2014-10-14 19:38 - 2014-09-18 18:41 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll

2014-10-14 19:38 - 2014-09-18 18:40 - 00547328 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll

2014-10-14 19:38 - 2014-09-18 18:38 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll

2014-10-14 19:38 - 2014-09-18 18:36 - 05829632 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll

2014-10-14 19:38 - 2014-09-18 18:25 - 04201472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll

2014-10-14 19:38 - 2014-09-18 18:25 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll

2014-10-14 19:38 - 2014-09-18 18:02 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll

2014-10-14 19:38 - 2014-09-18 18:00 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll

2014-10-14 19:38 - 2014-09-18 17:59 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll

2014-10-14 19:38 - 2014-09-18 17:58 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll

2014-10-14 19:38 - 2014-09-18 17:55 - 02187264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll

2014-10-14 19:38 - 2014-09-18 17:42 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll

2014-10-14 19:38 - 2014-09-18 17:42 - 00710656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe

2014-10-14 19:38 - 2014-09-18 17:42 - 00363008 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll

2014-10-14 19:38 - 2014-09-18 17:33 - 02309632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll

2014-10-14 19:38 - 2014-09-18 17:20 - 00607744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll

2014-10-14 19:38 - 2014-09-18 17:20 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll

2014-10-14 19:38 - 2014-09-18 17:14 - 01447936 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll

2014-10-14 19:38 - 2014-09-18 16:59 - 01810944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll

2014-10-14 19:38 - 2014-09-18 16:59 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll

2014-10-14 19:38 - 2014-09-18 16:53 - 01190400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll

2014-10-14 19:38 - 2014-09-18 16:52 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll

2014-10-14 19:36 - 2014-09-07 20:15 - 00054752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe

2014-10-14 19:36 - 2014-09-07 18:46 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll

2014-10-14 19:36 - 2014-09-07 18:46 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll

2014-10-14 19:36 - 2014-09-07 17:08 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe

2014-10-14 19:36 - 2014-09-07 17:07 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll

2014-10-14 19:36 - 2014-09-07 17:05 - 03448320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll

2014-10-14 19:36 - 2014-09-07 17:04 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll

2014-10-14 19:36 - 2014-09-07 17:04 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll

2014-10-14 19:36 - 2014-09-07 17:03 - 01702400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll

2014-10-14 19:36 - 2014-09-07 17:03 - 00839680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll

2014-10-14 19:36 - 2014-09-07 16:59 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll

2014-10-14 19:36 - 2014-09-07 16:59 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe

2014-10-14 19:36 - 2014-09-07 16:56 - 00672256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll

2014-10-14 19:36 - 2014-09-07 16:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll

2014-10-14 19:36 - 2014-09-03 17:10 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll

2014-10-14 19:36 - 2014-09-03 16:57 - 00921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll

2014-10-14 19:36 - 2014-09-03 16:49 - 00626688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll

2014-10-14 19:34 - 2014-10-09 15:16 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll

2014-10-14 19:34 - 2014-10-08 15:09 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll

2014-10-14 19:34 - 2014-09-18 18:24 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll

2014-10-14 19:34 - 2014-09-12 23:29 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\packager.dll

2014-10-14 19:34 - 2014-09-12 22:49 - 00068608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\packager.dll

2014-10-14 19:34 - 2014-08-15 21:08 - 21195616 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll

2014-10-14 19:34 - 2014-08-15 21:08 - 01507648 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll

2014-10-14 19:34 - 2014-08-15 21:01 - 01710184 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll

2014-10-14 19:34 - 2014-08-15 20:58 - 01112512 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll

2014-10-14 19:34 - 2014-08-15 20:57 - 02498880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys

2014-10-14 19:34 - 2014-08-15 20:57 - 00428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS

2014-10-14 19:34 - 2014-08-15 20:16 - 18722600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll

2014-10-14 19:34 - 2014-08-15 20:16 - 01205976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll

2014-10-14 19:34 - 2014-08-15 20:03 - 01467384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll

2014-10-14 19:34 - 2014-08-15 18:31 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll

2014-10-14 19:34 - 2014-08-15 18:04 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll

2014-10-14 19:34 - 2014-08-15 17:58 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll

2014-10-14 19:34 - 2014-08-15 17:53 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll

2014-10-14 19:34 - 2014-08-15 17:46 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityService.dll

2014-10-14 19:34 - 2014-08-15 17:45 - 00267776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll

2014-10-14 19:34 - 2014-08-15 17:43 - 00321024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll

2014-10-14 19:34 - 2014-08-15 17:43 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll

2014-10-14 19:34 - 2014-08-15 17:31 - 00914432 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll

2014-10-14 19:34 - 2014-08-15 17:31 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcsvDevice.dll

2014-10-14 19:34 - 2014-08-15 17:29 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll

2014-10-14 19:34 - 2014-08-15 17:23 - 01106432 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll

2014-10-14 19:34 - 2014-08-15 17:22 - 00717824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll

2014-10-14 19:34 - 2014-08-15 17:22 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll

2014-10-14 19:34 - 2014-08-15 17:19 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll

2014-10-14 19:34 - 2014-08-15 17:18 - 04758528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll

2014-10-14 19:34 - 2014-08-15 17:17 - 08757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll

2014-10-14 19:34 - 2014-08-15 17:14 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SkyDriveShell.dll

2014-10-14 19:34 - 2014-08-15 17:13 - 06649344 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll

2014-10-14 19:34 - 2014-08-15 17:13 - 05902848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll

2014-10-14 19:34 - 2014-08-15 17:13 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll

2014-10-14 19:34 - 2014-08-15 17:11 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll

2014-10-14 19:34 - 2014-08-15 17:10 - 01120768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe

2014-10-14 19:34 - 2014-08-15 17:08 - 05777408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll

2014-10-14 19:34 - 2014-08-15 17:07 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll

2014-10-14 19:34 - 2014-07-31 16:22 - 00388729 _____ () C:\WINDOWS\system32\ApnDatabase.xml

2014-10-14 19:33 - 2014-09-03 17:12 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll

2014-10-14 19:33 - 2014-09-03 17:01 - 00514048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll

2014-10-14 19:23 - 2014-09-12 23:02 - 02779648 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll

2014-10-14 19:23 - 2014-09-12 22:30 - 03117568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll

2014-10-14 19:23 - 2014-08-28 16:56 - 02646016 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll

2014-10-14 19:23 - 2014-08-28 16:47 - 02321920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll

2014-10-14 19:22 - 2014-08-28 18:58 - 00109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-11-11 19:52 - 2013-03-26 19:20 - 00000350 _____ () C:\WINDOWS\Tasks\HP Photo Creations Communicator.job

2014-11-11 19:45 - 2012-12-25 18:55 - 00003914 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{6734F1F0-3039-47CD-A28F-2E62C34206E1}

2014-11-11 19:39 - 2014-01-22 01:30 - 01172533 _____ () C:\WINDOWS\WindowsUpdate.log

2014-11-11 19:38 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\sru

2014-11-10 21:31 - 2013-01-04 16:51 - 00000330 _____ () C:\WINDOWS\Tasks\PrintProjects Communicator.job

2014-11-10 21:14 - 2012-12-25 12:14 - 00000908 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2014-11-10 21:13 - 2013-01-20 12:35 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

2014-11-10 20:21 - 2012-12-25 19:01 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2989837996-1790684633-2971567215-1002

2014-11-10 20:17 - 2014-01-22 06:14 - 00000000 __RDO () C:\Users\Dave\SkyDrive

2014-11-09 21:17 - 2013-11-14 00:20 - 00030068 _____ () C:\WINDOWS\PFRO.log

2014-11-09 21:17 - 2013-08-22 07:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT

2014-11-09 20:14 - 2013-10-26 22:07 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-11-09 19:11 - 2013-08-22 06:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI

2014-11-09 18:57 - 2013-11-14 00:28 - 00956540 _____ () C:\WINDOWS\system32\PerfStringBackup.INI

2014-11-09 18:50 - 2014-08-08 10:32 - 00000008 __RSH () C:\ProgramData\ntuser.pol

2014-11-09 18:28 - 2014-08-08 10:32 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google

2014-11-09 18:28 - 2014-08-08 10:32 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo

2014-11-09 18:28 - 2014-08-08 10:32 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google

2014-11-09 18:28 - 2014-08-08 10:32 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo

2014-11-09 18:28 - 2014-08-08 10:32 - 00000000 ____D () C:\Users\Dave\AppData\Local\Comodo

2014-11-09 18:28 - 2014-08-08 10:32 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google

2014-11-09 18:28 - 2014-08-08 10:32 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo

2014-11-09 18:28 - 2012-12-25 12:13 - 00000000 ____D () C:\Users\Dave\AppData\Local\Google

2014-11-09 18:12 - 2013-08-22 08:36 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy

2014-11-09 18:12 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\GroupPolicy

2014-11-09 16:31 - 2014-03-01 19:54 - 00002980 _____ () C:\WINDOWS\System32\Tasks\LAUNCH CDPCO

2014-11-07 16:59 - 2013-01-17 21:51 - 00003154 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleForDave

2014-11-07 16:59 - 2013-01-17 21:51 - 00000342 _____ () C:\WINDOWS\Tasks\HPCeeScheduleForDave.job

2014-11-06 20:03 - 2014-09-24 19:17 - 00003356 _____ () C:\WINDOWS\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2989837996-1790684633-2971567215-1002

2014-11-05 20:16 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\AppReadiness

2014-11-05 19:23 - 2013-01-16 18:08 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log

2014-11-05 19:22 - 2013-01-16 18:08 - 00000000 _____ () C:\WINDOWS\system32\HP_ActiveX_Patch_NOT_DETECTED.txt

2014-11-04 20:42 - 2014-02-18 20:35 - 00387072 ___SH () C:\Users\Dave\Downloads\Thumbs.db

2014-11-02 00:47 - 2014-03-02 14:28 - 00000532 _____ () C:\WINDOWS\system32\ASOROSet.bin

2014-11-02 00:47 - 2013-08-22 06:25 - 83886080 _____ () C:\WINDOWS\system32\config\SOFTWARE.bak

2014-11-02 00:47 - 2013-08-22 06:25 - 00024576 _____ () C:\WINDOWS\system32\config\SECURITY.bak

2014-11-02 00:46 - 2013-08-22 06:25 - 00061440 _____ () C:\WINDOWS\system32\config\SAM.bak

2014-10-30 04:25 - 2014-01-24 10:53 - 00275080 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe

2014-10-28 18:55 - 2013-08-21 10:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection

2014-10-24 18:32 - 2014-05-19 19:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

2014-10-24 18:32 - 2014-02-28 19:07 - 00000000 ____D () C:\Program Files\iTunes

2014-10-24 18:32 - 2014-02-28 19:07 - 00000000 ____D () C:\Program Files (x86)\iTunes

2014-10-24 18:28 - 2014-02-28 19:07 - 00000000 ____D () C:\Program Files\iPod

2014-10-24 18:28 - 2013-06-21 20:50 - 00000000 ____D () C:\Program Files\Common Files\Apple

2014-10-24 17:35 - 2014-02-28 18:43 - 00000000 ____D () C:\Program Files (x86)\QuickTime

2014-10-24 17:34 - 2014-02-28 18:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

2014-10-18 10:44 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\NDF

2014-10-16 23:28 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\rescache

2014-10-15 20:10 - 2013-08-22 07:44 - 01797088 _____ () C:\WINDOWS\system32\FNTCACHE.DAT

2014-10-15 20:03 - 2013-08-22 08:36 - 00000000 ___RD () C:\WINDOWS\ToastData

2014-10-15 20:03 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\WinStore

2014-10-15 20:03 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\MediaViewer

2014-10-15 20:03 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\FileManager

2014-10-15 20:03 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\Camera

2014-10-15 20:02 - 2012-07-26 00:59 - 00000000 ____D () C:\WINDOWS\CbsTemp

2014-10-15 19:49 - 2014-07-13 20:34 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel

2014-10-14 20:15 - 2013-08-17 00:14 - 00000000 ____D () C:\WINDOWS\system32\MRT

2014-10-14 20:05 - 2012-12-26 21:49 - 103265616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2014-10-13 17:02 - 2012-12-26 19:31 - 00289656 _____ (IBM Corp.) C:\WINDOWS\system32\Drivers\RapportHades64.sys

2014-10-13 17:02 - 2012-12-26 19:30 - 00534104 _____ (IBM Corp.) C:\WINDOWS\system32\Drivers\RapportKE64.sys

 

Some content of TEMP:

====================

C:\Users\Dave\AppData\Local\Temp\Quarantine.exe

C:\Users\Dave\AppData\Local\Temp\sqlite3.dll

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe IS MISSING <==== ATTENTION!.

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2014-11-09 19:44

 

==================== End Of Log ============================

[davew3232]

OTL logfile created on: 11/11/2014 9:08:19 PM - Run 2

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Dave\Desktop

64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation

Internet Explorer (Version = 9.11.9600.17351)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

3.60 Gb Total Physical Memory | 2.28 Gb Available Physical Memory | 63.30% Memory free

4.47 Gb Paging File | 3.10 Gb Available in Paging File | 69.22% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 275.65 Gb Total Space | 217.72 Gb Free Space | 78.98% Space Free | Partition Type: NTFS

Drive D: | 21.33 Gb Total Space | 2.57 Gb Free Space | 12.07% Space Free | Partition Type: NTFS

 

Computer Name: LAPTOP | User Name: Dave | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2014/11/10 20:36:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dave\Desktop\OTL.com

PRC - [2014/10/13 17:02:32 | 002,607,384 | ---- | M] (IBM Corp.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe

PRC - [2014/10/13 17:02:32 | 001,919,256 | ---- | M] (IBM Corp.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe

PRC - [2014/10/01 11:09:30 | 000,968,504 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

PRC - [2014/10/01 11:09:28 | 001,871,160 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

PRC - [2014/10/01 11:09:20 | 007,229,752 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

PRC - [2014/09/12 02:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2014/04/05 14:43:08 | 001,141,848 | ---- | M] (RealNetworks, Inc.) -- c:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe

PRC - [2014/03/20 20:13:30 | 000,023,552 | ---- | M] () -- C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe

PRC - [2014/03/15 02:18:20 | 000,039,568 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe

PRC - [2012/10/12 14:16:50 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

PRC - [2012/07/09 13:40:02 | 000,035,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

PRC - [2012/06/07 20:34:06 | 000,111,120 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2014/03/23 16:04:20 | 000,557,056 | ---- | M] () -- C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll

MOD - [2012/06/08 11:34:06 | 000,016,400 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll

MOD - [2012/06/07 20:34:06 | 000,627,216 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll

 

 

========== Services (SafeList) ==========

 

SRV:64bit: - [2014/09/10 05:41:00 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)

SRV:64bit: - [2014/08/15 20:29:38 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)

SRV:64bit: - [2014/08/15 17:58:35 | 000,287,744 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)

SRV:64bit: - [2014/08/15 17:45:51 | 000,267,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)

SRV:64bit: - [2014/07/24 00:28:58 | 001,600,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)

SRV:64bit: - [2014/04/06 04:20:36 | 000,201,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)

SRV:64bit: - [2014/03/23 19:31:14 | 000,347,880 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)

SRV:64bit: - [2014/03/23 19:31:14 | 000,023,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)

SRV:64bit: - [2014/03/13 23:26:25 | 000,491,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GeofenceMonitorService.dll -- (lfsvc)

SRV:64bit: - [2014/03/07 22:41:25 | 001,306,624 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)

SRV:64bit: - [2014/03/06 00:02:13 | 000,834,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)

SRV:64bit: - [2014/02/22 08:53:10 | 003,394,384 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\WSService.dll -- (WSService)

SRV:64bit: - [2014/02/22 02:57:16 | 000,710,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)

SRV:64bit: - [2014/02/22 02:26:58 | 000,366,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)

SRV:64bit: - [2014/02/22 02:25:39 | 000,399,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)

SRV:64bit: - [2014/02/22 02:23:58 | 001,576,960 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)

SRV:64bit: - [2014/01/22 01:27:09 | 000,076,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\inetsrv\w3logsvc.dll -- (w3logsvc)

SRV:64bit: - [2013/12/13 10:23:32 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2013/12/10 00:35:18 | 000,530,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)

SRV:64bit: - [2013/08/22 04:32:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)

SRV:64bit: - [2013/08/22 04:31:43 | 000,040,448 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)

SRV:64bit: - [2013/08/22 04:22:45 | 000,066,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)

SRV:64bit: - [2013/08/22 04:21:15 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)

SRV:64bit: - [2013/08/22 04:16:57 | 000,118,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)

SRV:64bit: - [2013/08/22 03:25:28 | 000,164,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)

SRV:64bit: - [2013/08/22 03:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)

SRV:64bit: - [2013/08/22 03:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)

SRV:64bit: - [2013/08/22 03:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)

SRV:64bit: - [2013/08/22 03:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)

SRV:64bit: - [2013/08/22 03:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)

SRV:64bit: - [2013/08/22 03:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)

SRV:64bit: - [2013/08/22 03:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)

SRV:64bit: - [2013/08/22 03:02:47 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)

SRV:64bit: - [2013/08/22 02:57:25 | 000,130,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)

SRV:64bit: - [2013/08/22 02:54:59 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)

SRV:64bit: - [2013/08/22 02:50:59 | 000,245,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)

SRV:64bit: - [2013/08/22 02:50:00 | 000,525,312 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)

SRV:64bit: - [2013/08/22 02:45:59 | 000,151,040 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)

SRV:64bit: - [2013/08/22 02:40:49 | 000,248,832 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)

SRV:64bit: - [2013/08/22 02:31:03 | 000,201,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)

SRV:64bit: - [2013/08/22 02:15:54 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)

SRV:64bit: - [2013/05/29 19:47:42 | 000,322,048 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)

SRV:64bit: - [2012/08/06 12:08:48 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)

SRV - [2014/11/11 20:15:36 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2014/10/13 17:02:32 | 001,919,256 | ---- | M] (IBM Corp.) [Auto | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)

SRV - [2014/10/01 11:09:30 | 000,968,504 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2014/10/01 11:09:28 | 001,871,160 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2014/09/12 02:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2014/08/15 20:29:38 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)

SRV - [2014/04/05 14:43:08 | 001,141,848 | ---- | M] (RealNetworks, Inc.) [Auto | Running] -- c:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe -- (RealPlayer Cloud Service)

SRV - [2014/03/20 20:13:30 | 000,023,552 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe -- (RealPlayerUpdateSvc)

SRV - [2014/03/15 02:18:20 | 000,039,568 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)

SRV - [2014/03/13 23:10:16 | 000,357,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc)

SRV - [2014/01/22 01:27:11 | 000,475,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)

SRV - [2014/01/22 01:27:08 | 000,066,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\w3logsvc.dll -- (w3logsvc)

SRV - [2014/01/22 01:27:07 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)

SRV - [2013/11/04 18:31:56 | 000,092,160 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)

SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2013/08/21 20:55:35 | 000,018,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)

SRV - [2013/08/21 19:53:34 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)

SRV - [2012/07/13 18:02:16 | 002,451,456 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)

SRV - [2012/07/09 13:40:02 | 000,035,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)

SRV - [2011/08/18 00:29:52 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)

SRV - [2009/08/05 12:49:44 | 000,284,016 | ---- | M] (Eastman Kodak Company) [Auto | Stopped] -- C:\Program Files (x86)\Kodak\AiO\Center\ekdiscovery.exe -- (Kodak AiO Network Discovery Service)

 

 

========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2014/11/11 21:05:35 | 000,129,752 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)

DRV:64bit: - [2014/10/13 17:02:42 | 000,534,104 | ---- | M] (IBM Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RapportKE64.sys -- (RapportKE64)

DRV:64bit: - [2014/10/13 17:02:42 | 000,289,656 | ---- | M] (IBM Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RapportHades64.sys -- (RapportHades64)

DRV:64bit: - [2014/10/01 11:11:26 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)

DRV:64bit: - [2014/10/01 11:11:12 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2014/08/14 17:36:55 | 000,146,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)

DRV:64bit: - [2014/07/24 08:28:38 | 000,468,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)

DRV:64bit: - [2014/07/24 08:28:38 | 000,412,992 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)

DRV:64bit: - [2014/07/24 04:42:22 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)

DRV:64bit: - [2014/05/01 06:31:39 | 000,055,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)

DRV:64bit: - [2014/03/23 19:30:57 | 000,257,880 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)

DRV:64bit: - [2014/03/23 19:30:57 | 000,123,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)

DRV:64bit: - [2014/03/23 19:27:03 | 000,035,856 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)

DRV:64bit: - [2014/03/19 20:41:20 | 000,376,152 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)

DRV:64bit: - [2014/03/19 14:23:14 | 000,050,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)

DRV:64bit: - [2014/03/13 05:35:24 | 000,157,016 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\SysNative\drivers\wof.sys -- (Wof)

DRV:64bit: - [2014/03/08 13:40:16 | 000,136,024 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)

DRV:64bit: - [2014/02/22 09:00:25 | 000,236,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)

DRV:64bit: - [2014/02/22 08:49:51 | 000,325,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)

DRV:64bit: - [2014/02/22 08:49:49 | 000,189,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UCX01000.SYS -- (UCX01000)

DRV:64bit: - [2014/02/22 08:49:49 | 000,079,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)

DRV:64bit: - [2014/02/22 08:44:13 | 000,924,504 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\refs.sys -- (ReFS)

DRV:64bit: - [2014/02/22 05:14:02 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)

DRV:64bit: - [2014/01/22 01:34:53 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)

DRV:64bit: - [2014/01/22 01:34:52 | 000,086,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)

DRV:64bit: - [2014/01/22 01:34:52 | 000,039,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)

DRV:64bit: - [2014/01/08 23:48:02 | 000,010,112 | ---- | M] (support.com, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssmirrdr.sys -- (ssmirrdr)

DRV:64bit: - [2014/01/07 08:02:04 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)

DRV:64bit: - [2014/01/07 07:42:08 | 000,076,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)

DRV:64bit: - [2013/12/13 10:23:36 | 013,207,552 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2013/12/13 10:23:36 | 000,626,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2013/12/02 17:32:18 | 002,483,376 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)

DRV:64bit: - [2013/11/14 00:28:58 | 000,057,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)

DRV:64bit: - [2013/11/14 00:25:25 | 000,175,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)

DRV:64bit: - [2013/11/14 00:16:57 | 000,027,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV:64bit: - [2013/11/14 00:16:54 | 000,037,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)

DRV:64bit: - [2013/08/22 06:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)

DRV:64bit: - [2013/08/22 06:25:40 | 000,030,048 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2013/08/22 05:50:19 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)

DRV:64bit: - [2013/08/22 05:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)

DRV:64bit: - [2013/08/22 05:49:33 | 000,159,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)

DRV:64bit: - [2013/08/22 05:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)

DRV:64bit: - [2013/08/22 05:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)

DRV:64bit: - [2013/08/22 05:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2013/08/22 05:43:45 | 000,093,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2013/08/22 05:43:45 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)

DRV:64bit: - [2013/08/22 05:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2013/08/22 05:43:44 | 000,081,760 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3.sys -- (LSI_SAS3)

DRV:64bit: - [2013/08/22 05:43:41 | 000,782,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)

DRV:64bit: - [2013/08/22 05:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2013/08/22 05:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2013/08/22 05:43:41 | 000,108,896 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)

DRV:64bit: - [2013/08/22 05:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2013/08/22 05:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)

DRV:64bit: - [2013/08/22 05:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)

DRV:64bit: - [2013/08/22 05:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2013/08/22 05:43:34 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)

DRV:64bit: - [2013/08/22 05:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)

DRV:64bit: - [2013/08/22 05:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2013/08/22 05:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)

DRV:64bit: - [2013/08/22 05:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)

DRV:64bit: - [2013/08/22 05:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)

DRV:64bit: - [2013/08/22 05:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)

DRV:64bit: - [2013/08/22 05:37:27 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)

DRV:64bit: - [2013/08/22 05:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)

DRV:64bit: - [2013/08/22 04:39:58 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)

DRV:64bit: - [2013/08/22 04:39:54 | 000,076,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)

DRV:64bit: - [2013/08/22 04:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)

DRV:64bit: - [2013/08/22 04:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)

DRV:64bit: - [2013/08/22 04:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)

DRV:64bit: - [2013/08/22 04:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)

DRV:64bit: - [2013/08/22 04:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)

DRV:64bit: - [2013/08/22 04:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)

DRV:64bit: - [2013/08/22 04:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)

DRV:64bit: - [2013/08/22 04:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)

DRV:64bit: - [2013/08/22 04:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)

DRV:64bit: - [2013/08/22 04:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)

DRV:64bit: - [2013/08/22 04:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)

DRV:64bit: - [2013/08/22 04:37:46 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2013/08/22 04:37:42 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)

DRV:64bit: - [2013/08/22 04:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2013/08/22 04:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)

DRV:64bit: - [2013/08/22 04:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)

DRV:64bit: - [2013/08/22 04:36:43 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc63.sys -- (netvsc)

DRV:64bit: - [2013/08/22 04:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)

DRV:64bit: - [2013/08/22 04:36:07 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)

DRV:64bit: - [2013/08/22 04:35:42 | 000,103,424 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)

DRV:64bit: - [2013/08/22 03:27:46 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)

DRV:64bit: - [2013/08/22 01:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxppm.sys -- (FxPPM)

DRV:64bit: - [2013/08/12 16:25:46 | 000,017,624 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)

DRV:64bit: - [2013/08/09 17:39:30 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)

DRV:64bit: - [2013/07/30 11:47:35 | 000,024,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)

DRV:64bit: - [2013/07/25 12:05:39 | 000,099,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)

DRV:64bit: - [2013/05/29 19:47:43 | 000,542,208 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)

DRV:64bit: - [2012/08/24 02:38:28 | 000,448,312 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2012/08/24 02:38:28 | 000,043,832 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvI)

DRV:64bit: - [2012/08/24 02:38:26 | 000,041,272 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Smb_driver_AMDASF.sys -- (SmbDrv)

DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2012/08/03 14:07:30 | 000,020,288 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WirelessButtonDriver64.sys -- (WirelessButtonDriver)

DRV:64bit: - [2012/07/23 14:35:12 | 000,079,528 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)

DRV:64bit: - [2012/07/23 14:35:12 | 000,026,280 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)

DRV:64bit: - [2012/07/04 11:41:58 | 000,339,600 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)

DRV:64bit: - [2012/06/25 10:24:50 | 000,092,536 | ---- | M] (CyberLink) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\CLVirtualDrive.sys -- (CLVirtualDrive)

DRV:64bit: - [2012/06/18 19:07:50 | 000,057,000 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)

DRV:64bit: - [2012/06/12 22:41:22 | 000,683,664 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt630x64.sys -- (RTL8168)

DRV - [2014/10/13 17:02:42 | 000,557,656 | ---- | M] (IBM Corp.) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -- (RapportPG64)

DRV - [2014/10/13 17:02:42 | 000,445,880 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64)

DRV - [2014/10/10 15:57:39 | 000,761,720 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_80055.sys -- (RapportCerberus_80055)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

 

 

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:14297;https=127.0.0.1:14297

 

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:14297;https=127.0.0.1:14297

 

 

 

IE - HKU\S-1-5-21-2989837996-1790684633-2971567215-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKU\S-1-5-21-2989837996-1790684633-2971567215-1002\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-2989837996-1790684633-2971567215-1002\..\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66}: "URL" = http://www.google.com/search?q={searchTerms}

IE - HKU\S-1-5-21-2989837996-1790684633-2971567215-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02

IE - HKU\S-1-5-21-2989837996-1790684633-2971567215-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2989837996-1790684633-2971567215-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>

IE - HKU\S-1-5-21-2989837996-1790684633-2971567215-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:14081;https=127.0.0.1:14081

 

 

========== FireFox ==========

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.71.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.71.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=17.0.8.22: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=17.0.8: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=17.0.8: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=17.0.8: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=17.0.8.22: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)

FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll File not found

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\hp.com/HPDetect: C:\Users\Dave\AppData\Roaming\HewlettPackard\HPDetect\1.0.0.0\npHPDetect.dll (HP)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014/04/05 14:46:48 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0FAA5C82-A094-4541-8811-D3361F972A81}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2014/04/05 14:46:48 | 000,000,000 | ---D | M]

 

[2013/10/08 20:54:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dave\AppData\Roaming\mozilla\Firefox\Profiles\ij70wgnu.default\extensions

[2014/11/09 18:21:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dave\AppData\Roaming\mozilla\Firefox\Profiles\ij70wgnu.default\extensions\{5fec7248-515c-47be-ab0a-6bc547472dea}

 

========== Chrome  ==========

 

CHR - default_search_provider:  (Enabled)

CHR - default_search_provider: search_url = 

CHR - default_search_provider: suggest_url = 

CHR - homepage: 

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll

CHR - plugin: Norton Confidential (Enabled) = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.0.0.72_0\npcoplgn.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll

CHR - plugin: Windows Live™ Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\windows\SysWOW64\Adobe\Director\np32dsw.dll

CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit)  (Disabled) = c:\program files (x86)\real\realplayer\netscape6\nppl3260.dll

CHR - plugin: RealPlayer Video Downloader for PepperFlash  (32-bit)  (Disabled) = c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlpepperflashvideoshim.dll

CHR - plugin: RealPlayer Download Plugin (Disabled) = c:\program files (x86)\real\realplayer\netscape6\nprpplugin.dll

CHR - plugin: RocketLife Secure Plug-In Layer (Disabled) = c:\programdata\visan\plugins\nprlsecurepluginlayer.dll

CHR - Extension: Google Drive = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\

CHR - Extension: YouTube = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\

CHR - Extension: Google Search = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\

CHR - Extension: Google Wallet = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\

CHR - Extension: Gmail = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

 

O1 HOSTS File: ([2013/11/02 08:48:46 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1       localhost

O2:64bit: - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader)

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [CLVirtualDrive] C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe (CyberLink Corp.)

O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)

O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)

O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)

O4 - HKU\S-1-5-21-2989837996-1790684633-2971567215-1002..\Run: [TWC.Win7] C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe File not found

O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)

O4 - Startup: C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Dave\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O4 - Startup: C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)

O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)

O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)

O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 72.21.70.3 67.215.21.202

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DC630F40-72F6-4549-BBE1-447BF8209C06}: DhcpNameServer = 72.21.70.3 67.215.21.202

O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found

O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{bb7712fa-a231-11e3-beeb-c8cbb8b06c44}\Shell - "" = AutoRun

O33 - MountPoints2\{bb7712fa-a231-11e3-beeb-c8cbb8b06c44}\Shell\AutoRun\command - "" = "C:\WINDOWS\system32\RunDLL32.EXE" Shell32.DLL,ShellExec_RunDLL F:\TL-Bootstrap.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (MACHINE BootExecut)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2014/11/11 20:14:02 | 017,926,832 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerInstaller.exe

[2014/11/11 19:42:34 | 000,000,000 | ---D | C] -- C:\FRST

[2014/11/10 20:36:22 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Dave\Desktop\OTL.com

[2014/11/09 20:16:53 | 000,129,752 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\MBAMSwissArmy.sys

[2014/11/09 20:15:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

[2014/11/09 20:14:53 | 000,093,400 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mbamchameleon.sys

[2014/11/09 20:14:52 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mwac.sys

[2014/11/09 20:14:52 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mbam.sys

[2014/11/09 20:14:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware

[2014/11/09 19:04:25 | 000,000,000 | ---D | C] -- C:\AdwCleaner

[2014/11/09 18:54:02 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2014/11/09 18:46:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp

[2014/11/09 18:46:50 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Local\Temp

[2014/11/09 18:09:12 | 000,000,000 | ---D | C] -- C:\zoek

[2014/11/09 16:58:26 | 000,000,000 | ---D | C] -- C:\zoek_backup

[2014/11/02 08:53:26 | 000,272,808 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javaws.exe

[2014/11/02 08:52:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

[2014/11/02 08:52:27 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javaw.exe

[2014/11/02 08:52:27 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysWow64\java.exe

[2014/11/02 08:52:27 | 000,098,216 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysWow64\WindowsAccessBridge-32.dll

[2014/11/02 08:51:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java

[2014/10/24 18:28:36 | 000,000,000 | ---D | C] -- C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7

[2014/10/15 20:12:22 | 000,105,440 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl

[2014/10/15 20:12:21 | 000,706,016 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerApp.exe

[2014/10/14 19:38:41 | 005,829,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9.dll

[2014/10/14 19:38:23 | 002,108,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\inetcpl.cpl

[2014/10/14 19:38:23 | 000,731,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msfeeds.dll

[2014/10/14 19:38:22 | 002,017,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\inetcpl.cpl

[2014/10/14 19:38:21 | 000,710,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ie4uinit.exe

[2014/10/14 19:38:19 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MshtmlDac.dll

[2014/10/14 19:38:17 | 000,289,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dxtrans.dll

[2014/10/14 19:38:16 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mshtmled.dll

[2014/10/14 19:38:16 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mshtmled.dll

[2014/10/14 19:38:16 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MshtmlDac.dll

[2014/10/14 19:38:15 | 000,758,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9diag.dll

[2014/10/14 19:38:15 | 000,547,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\vbscript.dll

[2014/10/14 19:38:14 | 000,775,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieapfltr.dll

[2014/10/14 19:38:13 | 000,678,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieapfltr.dll

[2014/10/14 19:36:43 | 000,921,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MrmCoreR.dll

[2014/10/14 19:36:42 | 000,626,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MrmCoreR.dll

[2014/10/14 19:36:38 | 000,118,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winbici.dll

[2014/10/14 19:36:10 | 001,702,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wucltux.dll

[2014/10/14 19:36:10 | 000,839,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuapi.dll

[2014/10/14 19:36:10 | 000,672,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wuapi.dll

[2014/10/14 19:36:10 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wups.dll

[2014/10/14 19:36:10 | 000,054,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuauclt.exe

[2014/10/14 19:36:09 | 000,388,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WUSettingsProvider.dll

[2014/10/14 19:36:09 | 000,137,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuwebv.dll

[2014/10/14 19:36:09 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wuwebv.dll

[2014/10/14 19:36:09 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wudriver.dll

[2014/10/14 19:36:09 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wups2.dll

[2014/10/14 19:36:08 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wudriver.dll

[2014/10/14 19:36:08 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuapp.exe

[2014/10/14 19:36:08 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wuapp.exe

[2014/10/14 19:34:57 | 008,757,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.Search.dll

[2014/10/14 19:34:54 | 005,902,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.Search.dll

[2014/10/14 19:34:53 | 006,649,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mstscax.dll

[2014/10/14 19:34:52 | 005,777,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mstscax.dll

[2014/10/14 19:34:51 | 004,758,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SyncEngine.dll

[2014/10/14 19:34:49 | 001,106,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SearchFolder.dll

[2014/10/14 19:34:48 | 001,710,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntdll.dll

[2014/10/14 19:34:48 | 001,112,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\KernelBase.dll

[2014/10/14 19:34:45 | 001,507,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\propsys.dll

[2014/10/14 19:34:45 | 000,920,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WSShared.dll

[2014/10/14 19:34:44 | 000,756,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WSShared.dll

[2014/10/14 19:34:43 | 000,359,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Wldap32.dll

[2014/10/14 19:34:40 | 000,287,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SystemEventsBrokerServer.dll

[2014/10/14 19:34:38 | 001,120,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SkyDrive.exe

[2014/10/14 19:34:38 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SkyDriveTelemetry.dll

[2014/10/14 19:34:38 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\bisrv.dll

[2014/10/14 19:34:37 | 000,428,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\FWPKCLNT.SYS

[2014/10/14 19:34:37 | 000,286,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\pcsvDevice.dll

[2014/10/14 19:34:37 | 000,118,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\httpprxm.dll

[2014/10/14 19:34:36 | 000,290,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ProximityService.dll

[2014/10/14 19:34:36 | 000,286,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SkyDriveShell.dll

[2014/10/14 19:34:36 | 000,265,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SkyDriveShell.dll

[2014/10/14 19:34:36 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\adhsvc.dll

[2014/10/14 19:34:34 | 000,249,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.ApplicationModel.Store.TestingFramework.dll

[2014/10/14 19:34:34 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll

[2014/10/14 19:34:08 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\packager.dll

[2014/10/14 19:34:08 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\packager.dll

[2014/10/14 19:34:04 | 000,678,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\aepdu.dll

[2014/10/14 19:34:04 | 000,275,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\generaltel.dll

[2014/10/14 19:34:01 | 000,527,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\aeinv.dll

[2014/10/14 19:33:55 | 000,590,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rastls.dll

[2014/10/14 19:33:55 | 000,514,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\rastls.dll

[2014/10/14 19:23:02 | 002,779,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msi.dll

[2014/10/14 19:23:01 | 002,646,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\authui.dll

[2014/10/14 19:23:00 | 002,321,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\authui.dll

[1 C:\Users\Dave\Documents\*.tmp files -> C:\Users\Dave\Documents\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2014/11/11 21:14:07 | 000,000,908 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2014/11/11 21:13:51 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2014/11/11 21:05:35 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\MBAMSwissArmy.sys

[2014/11/11 21:05:34 | 000,022,961 | ---- | M] () -- C:\WINDOWS\SysWow64\rsslogs.20141111210435

[2014/11/11 21:04:03 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2014/11/11 21:03:57 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys

[2014/11/11 21:03:53 | 3088,904,192 | -HS- | M] () -- C:\hiberfil.sys

[2014/11/11 20:52:20 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\HP Photo Creations Communicator.job

[2014/11/11 20:31:13 | 000,000,330 | ---- | M] () -- C:\WINDOWS\tasks\PrintProjects Communicator.job

[2014/11/11 20:14:38 | 017,926,832 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerInstaller.exe

[2014/11/11 19:39:17 | 000,124,421 | ---- | M] () -- C:\WINDOWS\SysWow64\rsslogs.20141110201537

[2014/11/11 19:39:17 | 000,102,664 | ---- | M] () -- C:\WINDOWS\SysWow64\rsslogs.20141111193818

[2014/11/10 20:38:54 | 000,854,448 | ---- | M] () -- C:\Users\Dave\Desktop\SecurityCheck.exe

[2014/11/10 20:36:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dave\Desktop\OTL.com

[2014/11/10 20:16:35 | 000,033,834 | ---- | M] () -- C:\WINDOWS\SysWow64\rsslogs.20141109211734

[2014/11/09 20:15:39 | 000,001,078 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2014/11/09 19:47:12 | 000,108,693 | ---- | M] () -- C:\WINDOWS\SysWow64\rsslogs.20141109194611

[2014/11/09 19:13:35 | 000,038,679 | ---- | M] () -- C:\WINDOWS\SysWow64\rsslogs.20141109191234

[2014/11/09 18:57:59 | 000,956,540 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI

[2014/11/09 18:57:59 | 000,796,126 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat

[2014/11/09 18:57:59 | 000,161,346 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat

[2014/11/09 18:51:22 | 000,025,377 | ---- | M] () -- C:\WINDOWS\SysWow64\rsslogs.20141109185022

[2014/11/09 18:50:29 | 000,000,008 | RHS- | M] () -- C:\ProgramData\ntuser.pol

[2014/11/09 16:58:23 | 000,024,064 | ---- | M] () -- C:\WINDOWS\zoek-delete.exe

[2014/11/09 04:41:33 | 001,738,235 | ---- | M] () -- C:\WINDOWS\SysWow64\rsslogs.20141108044053

[2014/11/09 04:41:33 | 001,023,708 | ---- | M] () -- C:\WINDOWS\SysWow64\rsslogs.20141109044052

[2014/11/08 04:41:30 | 000,994,658 | ---- | M] () -- C:\WINDOWS\SysWow64\rsslogs.20141107145630

[2014/11/07 16:59:10 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\HPCeeScheduleForDave.job

[2014/11/07 14:57:28 | 000,102,692 | ---- | M] () -- C:\WINDOWS\SysWow64\rsslogs.20141106195626

[2014/11/06 19:57:24 | 000,003,634 | ---- | M] () -- C:\WINDOWS\SysWow64\rsslogs.20141105214132

[2014/11/05 19:15:28 | 001,378,478 | ---- | M] () -- C:\WINDOWS\SysWow64\rsslogs.20141104031446

[2014/11/05 19:15:28 | 000,176,385 | ---- | M] () -- C:\WINDOWS\SysWow64\rsslogs.20141105191432

[2014/11/04 03:14:56 | 001,738,366 | ---- | M] () -- C:\WINDOWS\SysWow64\rsslogs.20141103031446

[2014/11/03 03:14:54 | 000,504,737 | ---- | M] () -- C:\WINDOWS\SysWow64\rsslogs.20141102201553

[2014/11/02 08:52:02 | 000,098,216 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\WindowsAccessBridge-32.dll

[2014/11/02 08:51:56 | 000,272,808 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javaws.exe

[2014/11/02 08:51:56 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javaw.exe

[2014/11/02 08:51:55 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\java.exe

[2014/11/02 07:48:50 | 000,901,277 | ---- | M] () -- C:\WINDOWS\SysWow64\rsslogs.20141102074757

[2014/11/02 07:48:50 | 000,505,736 | ---- | M] () -- C:\WINDOWS\SysWow64\rsslogs.20141102014845

[2014/11/02 00:47:39 | 000,000,532 | ---- | M] () -- C:\WINDOWS\SysNative\ASOROSet.bin

[2014/10/24 18:32:33 | 000,001,755 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

[2014/10/24 17:34:49 | 000,001,817 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk

[2014/10/15 20:10:05 | 001,797,088 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT

[2014/10/13 17:02:42 | 000,534,104 | ---- | M] (IBM Corp.) -- C:\WINDOWS\SysNative\drivers\RapportKE64.sys

[2014/10/13 17:02:42 | 000,289,656 | ---- | M] (IBM Corp.) -- C:\WINDOWS\SysNative\drivers\RapportHades64.sys

[1 C:\Users\Dave\Documents\*.tmp files -> C:\Users\Dave\Documents\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2014/11/11 21:05:34 | 000,015,715 | ---- | C] () -- C:\WINDOWS\SysWow64\rsslogs.20141111210435

[2014/11/11 19:39:17 | 000,102,664 | ---- | C] () -- C:\WINDOWS\SysWow64\rsslogs.20141111193818

[2014/11/10 20:38:40 | 000,854,448 | ---- | C] () -- C:\Users\Dave\Desktop\SecurityCheck.exe

[2014/11/10 20:16:35 | 000,124,421 | ---- | C] () -- C:\WINDOWS\SysWow64\rsslogs.20141110201537

[2014/11/09 21:18:34 | 000,033,834 | ---- | C] () -- C:\WINDOWS\SysWow64\rsslogs.20141109211734

[2014/11/09 20:15:39 | 000,001,078 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2014/11/09 19:47:12 | 000,108,693 | ---- | C] () -- C:\WINDOWS\SysWow64\rsslogs.20141109194611

[2014/11/09 19:13:35 | 000,038,679 | ---- | C] () -- C:\WINDOWS\SysWow64\rsslogs.20141109191234

[2014/11/09 18:51:22 | 000,025,377 | ---- | C] () -- C:\WINDOWS\SysWow64\rsslogs.20141109185022

[2014/11/09 18:46:53 | 000,024,064 | ---- | C] () -- C:\WINDOWS\zoek-delete.exe

[2014/11/09 04:41:33 | 001,023,708 | ---- | C] () -- C:\WINDOWS\SysWow64\rsslogs.20141109044052

[2014/11/08 04:41:30 | 001,738,235 | ---- | C] () -- C:\WINDOWS\SysWow64\rsslogs.20141108044053

[2014/11/07 14:57:28 | 000,994,658 | ---- | C] () -- C:\WINDOWS\SysWow64\rsslogs.20141107145630

[2014/11/06 19:57:24 | 000,102,692 | ---- | C] () -- C:\WINDOWS\SysWow64\rsslogs.20141106195626

[2014/11/05 21:42:31 | 000,003,634 | ---- | C] () -- C:\WINDOWS\SysWow64\rsslogs.20141105214132

[2014/11/05 19:15:28 | 000,176,385 | ---- | C] () -- C:\WINDOWS\SysWow64\rsslogs.20141105191432

[2014/11/04 03:14:56 | 001,378,478 | ---- | C] () -- C:\WINDOWS\SysWow64\rsslogs.20141104031446

[2014/11/03 03:14:54 | 001,738,366 | ---- | C] () -- C:\WINDOWS\SysWow64\rsslogs.20141103031446

[2014/11/02 20:16:52 | 000,504,737 | ---- | C] () -- C:\WINDOWS\SysWow64\rsslogs.20141102201553

[2014/11/02 07:48:50 | 000,901,277 | ---- | C] () -- C:\WINDOWS\SysWow64\rsslogs.20141102074757

[2014/11/02 00:49:45 | 000,505,736 | ---- | C] () -- C:\WINDOWS\SysWow64\rsslogs.20141102014845

[2014/10/24 18:32:33 | 000,001,755 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk

[2014/10/24 17:34:48 | 000,001,817 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk

[2014/10/14 19:34:34 | 000,388,729 | ---- | C] () -- C:\WINDOWS\SysNative\ApnDatabase.xml

[2014/08/29 14:58:45 | 000,005,120 | ---- | C] () -- C:\Users\Dave\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2014/08/08 10:32:43 | 000,000,008 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2014/04/25 19:35:00 | 000,002,255 | ---- | C] () -- C:\WINDOWS\SysWow64\WimBootCompress.ini

[2014/02/22 15:20:28 | 000,103,936 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll

[2014/02/05 13:14:58 | 000,000,142 | ---- | C] () -- C:\WINDOWS\wpd99.drv

[2014/02/05 13:14:41 | 000,040,448 | ---- | C] () -- C:\WINDOWS\SysWow64\pdf995mon64.dll

[2014/01/22 00:48:02 | 000,930,400 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI

[2014/01/22 00:44:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin

[2013/12/13 10:23:56 | 000,204,952 | ---- | C] () -- C:\WINDOWS\SysWow64\ativvsvl.dat

[2013/12/13 10:23:54 | 000,157,144 | ---- | C] () -- C:\WINDOWS\SysWow64\ativvsva.dat

[2013/12/13 10:23:46 | 000,003,917 | ---- | C] () -- C:\WINDOWS\SysWow64\atipblag.dat

[2013/12/13 10:23:24 | 000,995,342 | ---- | C] () -- C:\WINDOWS\SysWow64\amdocl_as32.exe

[2013/12/13 10:23:24 | 000,798,734 | ---- | C] () -- C:\WINDOWS\SysWow64\amdocl_ld32.exe

[2013/12/13 10:23:14 | 000,123,392 | ---- | C] () -- C:\WINDOWS\SysWow64\amdhdl32.dll

[2013/09/27 21:05:34 | 000,003,734 | ---- | C] () -- C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml

[2013/08/22 08:36:43 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat

[2013/08/22 08:36:42 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT

[2013/08/22 07:46:23 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2013/08/22 00:01:23 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin

[2013/08/21 20:32:36 | 000,046,080 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll

[2013/08/21 16:55:20 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll

[2013/08/21 16:52:39 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat

[2013/07/12 18:51:22 | 000,000,017 | ---- | C] () -- C:\Users\Dave\AppData\Local\resmon.resmoncfg

[2013/03/17 15:59:51 | 000,001,067 | ---- | C] () -- C:\WINDOWS\hpomdl35.dat.temp

[2013/03/17 15:33:22 | 000,225,825 | ---- | C] () -- C:\WINDOWS\hpoins35.dat

[2013/03/17 15:33:22 | 000,001,067 | ---- | C] () -- C:\WINDOWS\hpomdl35.dat

[2012/12/27 18:13:50 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

 

========== ZeroAccess Check ==========

 

[2014/01/22 17:08:29 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2014/08/15 21:08:41 | 021,195,616 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2014/08/15 20:16:40 | 018,722,600 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013/08/22 02:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2013/08/21 19:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013/08/22 02:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

 

========== LOP Check ==========

 

[2013/12/27 21:35:06 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\AVAST Software

[2013/02/26 21:50:50 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\AVG

[2013/09/20 21:09:17 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\AVG2013

[2013/11/08 12:15:04 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\com.zoosk.Desktop

[2013/11/08 12:15:05 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1

[2014/08/28 18:21:28 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Dropbox

[2014/02/22 14:33:36 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\HewlettPackard

[2013/01/07 12:20:50 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\OpenOffice.org

[2014/04/25 18:58:49 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Oracle

[2014/06/22 15:51:31 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Paltalk

[2014/02/05 13:17:18 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\pdf995

[2013/07/28 09:52:27 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\SanDisk

[2013/07/26 18:08:23 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\SanDisk SecureAccess

[2014/04/25 19:13:21 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\SmartDraw

[2014/03/02 11:47:28 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\supportdotcom

[2012/12/25 18:52:39 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Synaptics

[2014/02/05 13:17:35 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\TaxCut

[2013/02/26 21:39:11 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\TuneUp Software

[2013/01/04 16:52:26 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Visan

[2014/03/02 18:41:13 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\WildTangent

[2014/06/28 09:26:00 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Windows

[2014/01/22 01:12:44 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software

[2014/01/22 01:12:44 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software

[2013/09/20 18:34:22 | 000,000,000 | ---D | M] -- C:\Users\TEMP\AppData\Roaming\AVG2014

[2013/03/07 11:22:48 | 000,000,000 | ---D | M] -- C:\Users\TEMP\AppData\Roaming\TuneUp Software

 

========== Purity Check ==========

 

 

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 36 bytes -> C:\Users\Dave\OneDrive:ms-properties

@Alternate Data Stream - 220 bytes -> C:\Users\Dave\SkyDrive:ms-properties

@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:373E1720

 

< End of report >

[davew3232]

OTL Extras logfile created on: 11/11/2014 9:08:19 PM - Run 2

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Dave\Desktop

64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation

Internet Explorer (Version = 9.11.9600.17351)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

3.60 Gb Total Physical Memory | 2.28 Gb Available Physical Memory | 63.30% Memory free

4.47 Gb Paging File | 3.10 Gb Available in Paging File | 69.22% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 275.65 Gb Total Space | 217.72 Gb Free Space | 78.98% Space Free | Partition Type: NTFS

Drive D: | 21.33 Gb Total Space | 2.57 Gb Free Space | 12.07% Space Free | Partition Type: NTFS

 

Computer Name: LAPTOP | User Name: Dave | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

.url[@ = InternetShortcut] -- C:\WINDOWS\SysNative\rundll32.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\WINDOWS\SysWow64\control.exe (Microsoft Corporation)

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

 

========== Shell Spawning ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- "C:\Program Files (x86)\File Scout\filescout.exe" /open "%1"

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- "C:\Program Files (x86)\File Scout\filescout.exe" /open "%1"

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

 

========== Security Center Settings ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = AC 1C AE C5 46 9F CE 01  [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]

"UpgradeTime" = Reg Error: Unknown registry data type -- File not found

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

========== Authorized Applications List ==========

 

 

========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

 

========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{1E8FACDA-593C-4192-8D9D-F9C62B219530}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 

"{A0029681-0493-44F1-8AFF-5CA50BA15905}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpdevicedetection3.exe | 

"{C2BBED50-011B-40BD-820B-37F8BA448099}" = dir=out | name=ebay | 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector

"{0645A454-AD44-4F0D-99CF-6B762735AD1F}" = aioprnt

"{0FA995CC-C849-4755-B14B-5404CC75DC24}" = Energy Star

"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219

"{21E47F47-C9A7-4454-BA48-388327B0EA00}" = RealNetworks - Microsoft Visual C++ 2010 Runtime

"{23D2AFC7-C01E-4413-9D9A-0BABF52569BF}" = Microsoft Mouse and Keyboard Center

"{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}" = iTunes

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{6096C0CC-7E19-4355-87F0-627EC5AA146D}" = iCloud

"{63ADEC24-A374-80A8-E89B-BE401C787F75}" = AMD Catalyst Install Manager

"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64

"{6E14E6D6-3175-4E1A-B934-CAB5A86367CD}" = HP Postscript Converter

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{9495AEB4-AB97-39DE-8C42-806EEF75ECA7}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{A79A9231-0A5A-9384-21D0-DB753C2BE59B}" = AMD Fuel

"{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}" = Apple Mobile Device Support

"{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}" = HP Registration Service

"{E82EC5DF-28FD-C8F4-ED08-B88728158260}" = ccc-utility64

"{F089B734-1356-484F-A7B8-1B78F1616A15}" = HP Photosmart C309a All-In-One Driver Software 14.0 Rel. 6

"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer

"AVG" = AVG 2013

"HP Imaging Device Functions" = HP Imaging Device Functions 14.0

"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0

"HPExtendedCapabilities" = HP Customer Participation Program 14.0

"HPOCR" = OCR Software by I.R.I.S. 14.0

"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center

"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)

"SynTPDeinstKey" = Synaptics TouchPad Driver

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0123AB93-E7A4-7F40-83B6-41EC2CF84B3F}" = CCC Help Dutch

"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan

"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0C3B99D2-35D0-6993-3C4B-A759419A8678}" = CCC Help Korean

"{0C57987A-A03A-4B95-A309-D23F78F406CA}" = HP Utility Center

"{0DCCD5F4-29E7-4AA0-8C1D-F8E1503B91F4}" = Catalyst Control Center - Branding

"{10934A28-0CC6-4B98-A14F-76B3546003AF}" = ksDIP

"{1225C0F8-AB1A-BE3A-CD0C-DB8CA1613940}" = CCC Help Greek

"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery

"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant

"{167158CE-1637-4167-8A1C-C2549EEA966A}" = The Weather Channel App

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 10

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{26A24AE4-039D-4CA4-87B4-2F03217071FF}" = Java 7 Update 71

"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1

"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox

"{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{3C41A693-28E1-4335-A738-528B09DB600C}" = CCC Help Thai

"{3C458872-A5BB-89F3-933C-2406F6D9E6F8}" = CCC Help Finnish

"{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}" = QuickTime 7

"{4734A746-A503-4B8E-A4FA-7B7C84A18D79}" = US Tech Support Framework

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skypeâ„¢ 6.11

"{4ED7050C-9332-4FB2-AB07-E94F25A53D39}" = HP Quick Launch

"{528AB81B-D65A-4AB0-A2B6-82B51A087D01}" = HP Recovery Manager

"{52A3FC19-6F84-F293-08C6-80A1D2F7477F}" = CCC Help Swedish

"{56BA241F-580C-43D2-8403-947241AAE633}" = center

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status

"{5CD2FE1D-A3DB-F273-2798-EFAACF8492A5}" = CCC Help Portuguese

"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM

"{631EFC00-5A7A-4A90-9578-039EDA92DE0F}_is1" = HRBlockDirect version 1.1.2.0

"{675D093B-815D-47FD-AB2C-192EC751E8E2}" = HP Software Framework

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6A66D912-541C-54C6-43E6-17AF24700B91}" = CCC Help German

"{6AAEB4CB-0573-41ec-89B0-0FE0D5134A8B}_is1" = MyCleanPC PC Optimizer

"{6C8FF546-B0C0-0935-2F5E-7DC2DA727CFD}" = CCC Help Czech

"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.2.3

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{734846E6-3E7A-04AC-0612-638A1D8A63F8}" = CCC Help Russian

"{747F3993-036E-5F4F-1B82-7DA844B73966}" = Catalyst Control Center Localization All

"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{793ED091-3F14-4968-3864-5C8A7727A5DA}" = CCC Help Chinese Standard

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}" = Apple Application Support

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver

"{89D20029-0578-4D8D-979A-695C8D868868}" = H&R Block Deluxe + Efile 2012

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg

"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink RT5390R 802.11bgn Wi-Fi Adapter

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content

"{91110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional

"{9285EABA-D88C-4A8A-6E9D-5F55BF03E46F}" = Catalyst Control Center InstallProxy

"{9294F169-72EE-4D74-AE92-CA25F64B4FF8}" = Fax

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{93EB60BA-458D-FBE6-E466-CD170080E719}" = CCC Help Polish

"{941DE69D-6CEE-4171-8F1F-3D7E352AA498}" = HP Wireless Button Driver

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9C0F4CBD-8543-96CC-46F1-75E57B1B22A6}" = Catalyst Control Center Graphics Previews Common

"{9C35EDE5-4B0F-45E7-A438-314BA889948E}" = HP MyRoom

"{9E50DEC9-081B-441F-B647-98DBEA8B01DD}" = CorelDRAW 10

"{9EF69B68-6DFE-F916-2D6E-E486D21A26C2}" = CCC Help Spanish

"{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}" = OpenOffice.org 3.4.1

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.09)

"{AD9F55C5-93F8-4CAB-A311-77C195912CA4}" = H&R Block Deluxe + Efile 2013

"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update

"{B1E7FE70-3B18-5BA2-8032-2547FC636A50}" = CCC Help Japanese

"{B424890D-64FC-E0D1-4A17-4B512CA45CD9}" = CCC Help Italian

"{B92C2C6C-F70E-497B-88A7-1FEF9888272B}" = Adobe AIR

"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2

"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter

"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations

"{BE64A239-E22E-9D77-AA57-36AE0443EC2F}" = CCC Help Chinese Traditional

"{C045ED98-5FDB-45A0-AB48-C4B7560E7816}" = C309a

"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader

"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint

"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget

"{CCCDD476-98F9-4B06-91DB-23F27CEC3BE1}" = HPDetect

"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{CF8C33C1-C978-527D-E0AF-530882DEB146}" = AMD VISION Engine Control Center

"{D23CA718-0356-41F2-8E6A-B5C6CD383EF7}" = HP Documentation

"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D5DC9541-12F0-59CF-9430-1136D5A58BD0}" = CCC Help Hungarian

"{D7FBE7DC-A18F-4DFF-80BB-A478E4E09CF7}" = CCC Help Danish

"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq

"{DC3C5C4A-1869-A99C-3AE4-55E0191105F0}" = CCC Help Norwegian

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{DE431304-8040-43D4-8419-A58E210A3894}" = RealDownloader

"{DE6B7599-D3EF-4436-8836-BAA0B0D7768D}" = aiofw

"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK AiO Home Center

"{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}" = HP Support Assistant

"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio

"{E3AE96D6-E196-45B4-AF62-2B41998B9E37}" = UpdateService

"{EB2CDF95-92D4-AC57-63B1-4E7F0BD8F9B8}" = CCC Help French

"{ECA42F46-D80E-AD40-18FB-4BF64491CEE3}" = CCC Help English

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

"{FA0E7183-6B11-4899-B25F-2C490543967E}" = PS_AIO_05_C309_Software_Min

"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"{FE24086F-3B0C-4C47-A874-97A7B8E2FBBE}" = aioscnnr

"{FF282A38-D10B-E302-FBAD-5903C9DD9A5B}" = CCC Help Turkish

"Adobe AIR" = Adobe AIR

"Adobe Flash Player Plugin" = Adobe Flash Player 15 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.6

"CorelDRAW 10" = CorelDRAW 10

"Google Chrome" = Google Chrome

"HP Photo Creations" = HP Photo Creations

"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 10

"InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8

"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint

"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD

"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.3.1025

"Paltalk Messenger" = 

"Pdf995" = Pdf995 (installed by H&R Block)

"PdfEdit995" = PdfEdit995 (installed by H&R Block)

"PrintProjects" = PrintProjects

"Rapport_msi" = Trusteer Endpoint Protection

"RealPlayer 17.0" = RealPlayer Cloud

"WildTangent hp Master Uninstall" = HP Games

"WinLiveSuite" = Windows Live Essentials

 

========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-2989837996-1790684633-2971567215-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"@@__UNKNOWN__@@SanDiskSecureAccess_Manager.exe" = SanDiskSecureAccess_Manager.exe

"Dropbox" = Dropbox

"OneDriveSetup.exe" = Microsoft OneDrive

 

========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 11/10/2014 11:23:22 PM | Computer Name = Laptop | Source = Application Hang | ID = 1002

Description = The program backgroundTaskHost.exe version 6.3.9600.16384 stopped 

interacting with Windows and was closed. To see if more information about the problem

 is available, check the problem history in the Action Center control panel.    Process

 ID: c4    Start Time: 01cffd5e0d1808f7    Termination Time: 4294967295    Application Path:

 C:\WINDOWS\system32\backgroundTaskHost.exe    Report Id: 00d45714-6952-11e4-bf3d-c8cbb8b06c44

 

Faulting

 package full name: 53987RBL3.FinanceHelper_1.1.0.73_neutral__z2nrd37h46pd8    Faulting

 package-relative application ID: App  

 

Error - 11/10/2014 11:28:20 PM | Computer Name = Laptop | Source = Application Hang | ID = 1002

Description = The program wwahost.exe version 6.3.9600.17031 stopped interacting

 with Windows and was closed. To see if more information about the problem is available,

 check the problem history in the Action Center control panel.    Process ID: 14f8    Start

 Time: 01cffd5e0d10df01    Termination Time: 4294967295    Application Path: C:\WINDOWS\system32\wwahost.exe

 

Report

 Id: 00cf954a-6952-11e4-bf3d-c8cbb8b06c44    Faulting package full name: AD2F1837.HPConnectedPhotopoweredbySnapfish_2.5.6.4614_neutral__v10z8vjag6ke6

 

Faulting

 package-relative application ID: App  

 

Error - 11/11/2014 10:48:39 PM | Computer Name = Laptop | Source = Application Hang | ID = 1002

Description = The program LiveComm.exe version 17.5.9600.20605 stopped interacting

 with Windows and was closed. To see if more information about the problem is available,

 check the problem history in the Action Center control panel.    Process ID: 300    Start

 Time: 01cffe21b9838d0e    Termination Time: 4294967295    Application Path: C:\Program 

Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\LiveComm.exe

 

Report

 Id: 60fea05d-6a16-11e4-bf3d-c8cbb8b06c44    Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe

 

Faulting

 package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1  

 

Error - 11/11/2014 11:33:03 PM | Computer Name = Laptop | Source = Application Hang | ID = 1002

Description = The program LiveComm.exe version 17.5.9600.20605 stopped interacting

 with Windows and was closed. To see if more information about the problem is available,

 check the problem history in the Action Center control panel.    Process ID: 1b04    Start

 Time: 01cffe28a53756a5    Termination Time: 4294967295    Application Path: C:\Program 

Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\LiveComm.exe

 

Report

 Id: 99e99d85-6a1c-11e4-bf3d-c8cbb8b06c44    Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe

 

Faulting

 package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1  

 

[ System Events ]

Error - 11/10/2014 12:17:24 AM | Computer Name = Laptop | Source = Service Control Manager | ID = 7009

Description = A timeout was reached (30000 milliseconds) while waiting for the Kodak

 AiO Network Discovery Service service to connect.

 

Error - 11/10/2014 12:17:24 AM | Computer Name = Laptop | Source = Service Control Manager | ID = 7000

Description = The Kodak AiO Network Discovery Service service failed to start due

 to the following error:   %%1053

 

Error - 11/10/2014 12:19:34 AM | Computer Name = Laptop | Source = Service Control Manager | ID = 7000

Description = The Google Update Service (gupdate) service failed to start due to

 the following error:   %%2

 

Error - 11/12/2014 12:04:15 AM | Computer Name = Laptop | Source = Service Control Manager | ID = 7009

Description = A timeout was reached (30000 milliseconds) while waiting for the Kodak

 AiO Network Discovery Service service to connect.

 

Error - 11/12/2014 12:04:15 AM | Computer Name = Laptop | Source = Service Control Manager | ID = 7000

Description = The Kodak AiO Network Discovery Service service failed to start due

 to the following error:   %%1053

 

Error - 11/12/2014 12:06:48 AM | Computer Name = Laptop | Source = Service Control Manager | ID = 7000

Description = The Google Update Service (gupdate) service failed to start due to

 the following error:   %%2

 

 

< End of report >

[davew3232]

 Results of screen317's Security Check version 0.99.89  

   x64 (UAC is enabled)  

 Internet Explorer 11  

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Firewall Enabled!  

Windows Defender   

 WMI entry may not exist for antivirus; attempting automatic update. 

`````````Anti-malware/Other Utilities Check:````````` 

 Java 7 Update 71  

 Java version out of Date! 

 Adobe Flash Player 15.0.0.223  

 Adobe Reader XI  

 Google Chrome 35.0.1916.153  

 Google Chrome 36.0.1985.125  

````````Process Check: objlist.exe by Laurent````````  

 Windows Defender MSMpEng.exe 

 Malwarebytes Anti-Malware mbamservice.exe  

 Malwarebytes Anti-Malware mbam.exe  

 Malwarebytes Anti-Malware mbamscheduler.exe   

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C:  % 

````````````````````End of Log`````````````````````` 

[flashh4]

Dave, we are about done ! I need you to look in your Control Panel in add/remove/uninstall programs and uninstall these 2 programs if they are present:

MyCleanPC
PCOptimizer
 

 

NEXT

 

 

We need to Run an OTL fix !!
Warning This fix is only relevant for this system and no other, using on another computer may cause problems.

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

    * Double-click OTL.exe to start the program.
    * Copy and Paste the following code into the .  text box of the OTL tool/program ! Start with and include the colon plus  :OTL

:OTLIE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRCIE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRCIE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-21-2989837996-1790684633-2971567215-1002\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE - HKU\S-1-5-21-2989837996-1790684633-2971567215-1002\..\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66}: "URL" = http://www.google.com/search?q={searchTerms}IE - HKU\S-1-5-21-2989837996-1790684633-2971567215-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll File not foundFF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not foundFF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll File not foundFF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll File not found[2013/10/08 20:54:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dave\AppData\Roaming\mozilla\Firefox\Profiles\ij70wgnu.default\extensions[2014/11/09 18:21:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dave\AppData\Roaming\mozilla\Firefox\Profiles\ij70wgnu.default\extensions\{5fec7248-515c-47be-ab0a-6bc547472dea}O4 - HKU\S-1-5-21-2989837996-1790684633-2971567215-1002..\Run: [TWC.Win7] C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe File not foundO13 - gopher Prefix: missingO18:64bit: - Protocol\Handler\msdaipp - No CLSID value foundO18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value foundO18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value foundO18:64bit: - Protocol\Handler\mso-offdap - No CLSID value foundO18:64bit: - Protocol\Handler\skype4com - No CLSID value foundO21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.:Commands[emptyjava][emptyflash][EMPTYTEMP][RESETHOSTS][CREATERESTOREPOINT][Reboot]

# Then click the Run Fix button at the top.
# Click
# Please post the contents of the fix log file back here if you are prompted to open the file. It can also be found at C:\_OTL\Moved Files as MMDDYYY_HHMMSS.log where MMDDYYY is date format and HHMMSS is time format.
Remember to enable your real time protection.
 

Post that log for me !!

 

 

=========================

 

Java version out of Date! >>> Please go here to install Java >>> http://www.java.com/en/
 

 

Let me know how it's running ??

 

Thanks

Chuck

 

[davew3232]

All processes killed

========== OTL ==========

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

HKEY_USERS\S-1-5-21-2989837996-1790684633-2971567215-1002\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_USERS\S-1-5-21-2989837996-1790684633-2971567215-1002\Software\Microsoft\Internet Explorer\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{012E1000-F331-11DB-8314-0800200C9A66}\ not found.

Registry key HKEY_USERS\S-1-5-21-2989837996-1790684633-2971567215-1002\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.

C:\Users\Dave\AppData\Roaming\mozilla\Firefox\Profiles\ij70wgnu.default\extensions\{5fec7248-515c-47be-ab0a-6bc547472dea}\chrome\CT3311875\content\tb\al\wa\SEARCH\view folder moved successfully.

C:\Users\Dave\AppData\Roaming\mozilla\Firefox\Profiles\ij70wgnu.default\extensions\{5fec7248-515c-47be-ab0a-6bc547472dea}\chrome\CT3311875\content\tb\al\wa\SEARCH folder moved successfully.

C:\Users\Dave\AppData\Roaming\mozilla\Firefox\Profiles\ij70wgnu.default\extensions\{5fec7248-515c-47be-ab0a-6bc547472dea}\chrome\CT3311875\content\tb\al\wa\PRICE_GONG folder moved successfully.

C:\Users\Dave\AppData\Roaming\mozilla\Firefox\Profiles\ij70wgnu.default\extensions\{5fec7248-515c-47be-ab0a-6bc547472dea}\chrome\CT3311875\content\tb\al\wa\NOTIFICATION\images folder moved successfully.

C:\Users\Dave\AppData\Roaming\mozilla\Firefox\Profiles\ij70wgnu.default\extensions\{5fec7248-515c-47be-ab0a-6bc547472dea}\chrome\CT3311875\content\tb\al\wa\NOTIFICATION folder moved successfully.

C:\Users\Dave\AppData\Roaming\mozilla\Firefox\Profiles\ij70wgnu.default\extensions\{5fec7248-515c-47be-ab0a-6bc547472dea}\chrome\CT3311875\content\tb\al\wa folder moved successfully.

C:\Users\Dave\AppData\Roaming\mozilla\Firefox\Profiles\ij70wgnu.default\extensions\{5fec7248-515c-47be-ab0a-6bc547472dea}\chrome\CT3311875\content\tb\al\options\js folder moved successfully.

C:\Users\Dave\AppData\Roaming\mozilla\Firefox\Profiles\ij70wgnu.default\extensions\{5fec7248-515c-47be-ab0a-6bc547472dea}\chrome\CT3311875\content\tb\al\options folder moved successfully.

C:\Users\Dave\AppData\Roaming\mozilla\Firefox\Profiles\ij70wgnu.default\extensions\{5fec7248-515c-47be-ab0a-6bc547472dea}\chrome\CT3311875\content\tb\al folder moved successfully.

C:\Users\Dave\AppData\Roaming\mozilla\Firefox\Profiles\ij70wgnu.default\extensions\{5fec7248-515c-47be-ab0a-6bc547472dea}\chrome\CT3311875\content\tb folder moved successfully.

C:\Users\Dave\AppData\Roaming\mozilla\Firefox\Profiles\ij70wgnu.default\extensions\{5fec7248-515c-47be-ab0a-6bc547472dea}\chrome\CT3311875\content folder moved successfully.

C:\Users\Dave\AppData\Roaming\mozilla\Firefox\Profiles\ij70wgnu.default\extensions\{5fec7248-515c-47be-ab0a-6bc547472dea}\chrome\CT3311875 folder moved successfully.

C:\Users\Dave\AppData\Roaming\mozilla\Firefox\Profiles\ij70wgnu.default\extensions\{5fec7248-515c-47be-ab0a-6bc547472dea}\chrome folder moved successfully.

C:\Users\Dave\AppData\Roaming\mozilla\Firefox\Profiles\ij70wgnu.default\extensions\{5fec7248-515c-47be-ab0a-6bc547472dea} folder moved successfully.

C:\Users\Dave\AppData\Roaming\mozilla\Firefox\Profiles\ij70wgnu.default\extensions folder moved successfully.

Folder C:\Users\Dave\AppData\Roaming\mozilla\Firefox\Profiles\ij70wgnu.default\extensions\{5fec7248-515c-47be-ab0a-6bc547472dea}\ not found.

Registry value HKEY_USERS\S-1-5-21-2989837996-1790684633-2971567215-1002\Software\Microsoft\Windows\CurrentVersion\Run\\TWC.Win7 deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\ deleted successfully.

File Protocol\Handler\msdaipp - No CLSID value found not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\0x00000001\ not found.

File Protocol\Handler\msdaipp\0x00000001 - No CLSID value found not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\oledb\ not found.

File Protocol\Handler\msdaipp\oledb - No CLSID value found not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\mso-offdap\ deleted successfully.

File Protocol\Handler\mso-offdap - No CLSID value found not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.

File Protocol\Handler\skype4com - No CLSID value found not found.

64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.

========== COMMANDS ==========

 

[EMPTYJAVA]

 

User: Administrator

 

User: All Users

 

User: Dave

->Java cache emptied: 8196 bytes

 

User: Default

 

User: Default User

 

User: Default.migrated

 

User: Guest

 

User: HomeGroupUser$

 

User: Public

 

User: TEMP

 

User: TEMP.Laptop

 

Total Java Files Cleaned = 0.00 mb

 

 

[EMPTYFLASH]

 

User: Administrator

 

User: All Users

 

User: Dave

->Flash cache emptied: 57768 bytes

 

User: Default

->Flash cache emptied: 57472 bytes

 

User: Default User

->Flash cache emptied: 0 bytes

 

User: Default.migrated

 

User: Guest

 

User: HomeGroupUser$

 

User: Public

 

User: TEMP

 

User: TEMP.Laptop

 

Total Flash Files Cleaned = 0.00 mb

 

 

[EMPTYTEMP]

 

User: Administrator

 

User: All Users

 

User: Dave

->Temp folder emptied: 7309879 bytes

->Temporary Internet Files folder emptied: 19222113 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 0 bytes

->Google Chrome cache emptied: 205966422 bytes

->Flash cache emptied: 0 bytes

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Default.migrated

 

User: Guest

 

User: HomeGroupUser$

 

User: Public

 

User: TEMP

->Temp folder emptied: 0 bytes

->FireFox cache emptied: 0 bytes

->Google Chrome cache emptied: 0 bytes

 

User: TEMP.Laptop

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 54550 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 23406152 bytes

 

Total Files Cleaned = 244.00 mb

 

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

Restore point Set: OTL Restore Point

 

OTL by OldTimer - Version 3.2.69.0 log created on 11122014_185847

 

Files\Folders moved on Reboot...

C:\Users\Dave\AppData\Local\Temp\HP Support Framework\HPSF_Config1.dll moved successfully.

C:\Users\Dave\AppData\Local\Microsoft\Windows\INetCache\counters.dat moved successfully.

 

PendingFileRenameOperations files...

 

Registry entries deleted on Reboot...

[flashh4]

Dave, Clean up of Malware Removal Tools

Now that we are through using these tools, let's clean them off your system so that should you ever need to have malware removed again (we hope not) fresh, updated copies will be downloaded.

    Download Delfix to your desktop and double click it to start the program here             
    Ensure Remove disinfection tools is ticked
    Also tick:
    o Create registry backup
    o Purge system restore
    o Reset system settings


    o Click Run
    The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.

You can delete any log files left on your desktop as these are no longer needed.

 

 

==================

 

If you still have OTL or it's log on your desktop do the following:

Clean up with OTL


    Right-click OTL.exe and select " Run as administrator " to run it.
    This will remove all the tools we used to clean your pc.
    Close all other programs apart from OTL as this step will require a reboot
    On the OTL main screen, press the CleanUp! button
    Say Yes to the prompt and then allow the program to reboot your computer.

You can now delete any tools we used if they remain on your Desktop.

 

 

Thanks

Dave

 

How's it running ?????
 

[flashh4]

 
Congratulation you are clean !!!

Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop.

This is my standard "All Clean Speech." You may have some already installed, these are just recommendations !

Here are some tips to reduce the potential for spyware infection in the future:

Here are some tips to reduce the potential for spyware/malware infection in the future:
 
1. Make your Internet Explorer more secure - This can be done by following these simple instructions:

    From within Internet Explorer click on the Tools menu and then click onOptions.
    Click once on theSecurity tab
    Click once on the Internet icon so it becomes highlighted.
    Click once on the Custom Level button.
    Change the Download signed ActiveX controls to Prompt
    Change the Download unsigned ActiveX controls to Disable
    Change the Initialize and script ActiveX controls not marked as safe to Disable
    Change the Installation of desktop items to Prompt
    Change the Launching programs and files in an IFRAME to Prompt
    Change the Navigate sub-frames across different domains to Prompt
    When all these settings have been made, click on the OK button.
    If it prompts you as to whether or not you want to save the settings, press the Yes button.
    Next press the Apply button and then the OK to exit the Internet Properties page.

2. FireFox  If you use Firefox, I recommend installing the following add-ons to help make your Firefox browser more secure.
NoScript

adblock plus

 
3. Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis.  With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.
 
4. Firewall Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly.   **There are firewalls that could be downloaded and used but I would personally only recommend using one of the following below:
Online Armor Free
Agnitum Outpost Firewall Free
Comodo Firewall Free
 
5. Make sure you keep your Windows OS current. And regularly to download and install any critical updates and service packs. Windows Vista/7 users can open the Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems.  Without these you are leaving the back door open.
 
6.WOT(Web of Trust) As "Googling" is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites.  WOT has an add-on available for Firefox, Internet Explorer as well as Google Chrome.
 
7. Finally, I strongly recommend that you read Miekiemoes' great advice How to prevent malware .

 
Let me know how it's running ?
Any problems ?
It may run a tad slow until a few normal re-boots, but according to all logs you are clean !!

Thanks
Chuck

 

 

Let me know how it's running & if you have any other problems !!

[davew3232]

Chuck it is taking forever to open pages but once I get on it runs fine I dont have the pop up but getting the web sites to open is way slow

[flashh4]

Dave i see nothing in the logs to make it slow opening web sites ! It always takes a while to load MS garbage ! As far as an infection there is none & we removed the re-directs. Wait a few days and see if it will improve is about all the advise i have for that problem. I only specialize in virus/infections not a hardware ! So wait & see if it improves i guess, sorry wish i could help improve that !

 

Chuck

[davew3232]

Thats fine I was just wondering if there was something that could be running in the back ground sucking up my memory I will see what happens Thanks

[flashh4]

Dave if you suspect something is slowing it down like that look in the Task Manager & see if something is eating up all the use age !! This will help you to understand !

 

http://askleo.com/how_do_i_find_out_what_program_is_using_all_my_cpu/

[flashh4]

The problems have been solved so i am locking this topic. If you need it reopened please PM me or any mod !

 

Thanks

Chuck