Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Lost Fingerprint Reader - Laptop So Slow Unusable


  • This topic is locked This topic is locked
54 replies to this topic

#1 ddeveaux

ddeveaux

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:09:45 PM

Posted 23 October 2013 - 03:43 PM

My AVG 2013 did expire for 1 day this week. So guess what now? Yesterday my screen cursor seemed to be moving on its own and/or in very jerked fashion. Replaced mouse battery even though behavior was different. Rebooted computer (probably unfortunately) and system will not recognize built in fingerprint reader anymore.
 
Logged into Guest account. Behavior same. Ran AVG 2013 virus scan. Stalled after about 10 hrs of running. Ran again this morning, said ran 100% with no errors.
Problems persist. Cant use laptop it's so slow. Times out for many Internet pages (when it connects) and times out when trying to download Ccleaner or other.
 
Not a good time for me to lose laptop.
 
HP HDX Premium
Win 7 - 32Bit

Edit: Moved topic from Am I infected? What do I do? to the more appropriate forum, since the addition of the DDS Malware Log. ~ Animal

BC AdBot (Login to Remove)

 


#2 ddeveaux

ddeveaux
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:09:45 PM

Posted 24 October 2013 - 09:01 PM

Forgot DDS and Attach files.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16720  BrowserJavaVersion: 10.5.1
Run by Darrell at 21:41:22 on 2013-10-24
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4063.1626 [GMT -4:00]
.
AV: AVG Internet Security 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Internet Security 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2013 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\PROGRA~2\INFORM~1\INFAAG~1.EXE
C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
C:\Windows\SysWOW64\cmd.exe
C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
C:\Program Files\Common Files\Motive\pcCMService.exe
C:\Program Files (x86)\SMINST\BLService.exe
C:\PROGRA~2\INFORM~1\jre\bin\java.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\vfsFPService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Box Sync\BoxSyncHelper.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Darrell\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Box Sync\BoxSync.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe
C:\Users\Darrell\AppData\Local\Google\Update\1.3.21.165\GoogleCrashHandler.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files (x86)\r2 Studios\Startup Delayer\Startup Launcher.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Users\Darrell\AppData\Local\Google\Update\1.3.21.165\GoogleCrashHandler64.exe
C:\Program Files (x86)\Evernote\Evernote\Evernote.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Users\Darrell\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Darrell\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\SysWOW64\cmd.exe
C:\PROGRA~2\INFORM~1\jre\bin\java.exe
C:\Users\Darrell\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Darrell\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Darrell\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Darrell\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Darrell\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Darrell\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Darrell\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Darrell\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Darrell\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Darrell\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Darrell\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Users\Darrell\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
mWinlogon: Userinit = userinit.exe
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll
BHO: DigitalPersona Personal Extension: {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
BHO: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.0.1.12\AVG SafeGuard toolbar_toolbar.dll
BHO: LastPass Browser Helper Object: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll
BHO: Adobe Acrobat Create PDF Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll
TB: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.0.1.12\AVG SafeGuard toolbar_toolbar.dll
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [ccleaner] "C:\Program Files (x86)\CCleaner\ccleaner.exe" /AUTO
uRun: [Google Update] "C:\Users\Darrell\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [UpdatePDIRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
mRun: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun: [StartupDelayer] "C:\Program Files (x86)\r2 Studios\Startup Delayer\Startup Launcher.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
StartupFolder: C:\Users\Darrell\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
StartupFolder: C:\Users\Darrell\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~2.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AUDIBL~1.LNK - C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BOXSYN~1.LNK - C:\Program Files\Box Sync\BoxSync.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Clip Image - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4
IE: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
IE: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: LastPass - C:\Program Files (x86)\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - C:\Program Files (x86)\LastPass\context.html?cmd=fillforms
IE: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: $talisma_url$
DPF: {36299202-09EF-4ABF-ADB9-47C599DBE778} - hxxps://www.hpwindows7upgrade.arvato.com/north_america/Endcustomer/HPProdDetect.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://qb.webex.com/client/v_mywebex-qb20/ra/ieatgpc1.cab
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{5E08C29D-DF07-47BC-BED5-67F6B3F73B63} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{5E08C29D-DF07-47BC-BED5-67F6B3F73B63}\348627F6D6563616374753138383 : DHCPNameServer = 192.168.255.249
TCP: Interfaces\{5E08C29D-DF07-47BC-BED5-67F6B3F73B63}\34F6E66696765627F6F58415F55374A7 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{5E08C29D-DF07-47BC-BED5-67F6B3F73B63}\3556276796365602C4F657E67656 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{5E08C29D-DF07-47BC-BED5-67F6B3F73B63}\445636164757276427565675966496 : DHCPNameServer = 208.67.222.222 208.67.220.220
TCP: Interfaces\{5E08C29D-DF07-47BC-BED5-67F6B3F73B63}\C696E6B6379737 : DHCPNameServer = 192.168.16.1
TCP: Interfaces\{99A38EE9-40F6-4F54-A3A4-80944AABE7F0} : DHCPNameServer = 172.16.0.1
TCP: Interfaces\{D3271693-4128-4FE6-B432-066D55D2AEB5} : DHCPNameServer = 75.94.255.12 64.13.115.12
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.0.12\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
LSA: Notification Packages =  scecli DPPWDFLT c:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll
x64-BHO: DigitalPersona Personal Extension: {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: LastPass Browser Helper Object: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar64.dll
x64-BHO: Adobe Acrobat Create PDF Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\GROOVEEX.DLL
x64-BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll
x64-TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar64.dll
x64-TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
x64-Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
x64-Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [BoxSyncHelper] "C:\Program Files\Box Sync\BoxSyncHelper.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll
x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar64.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Darrell\AppData\Roaming\Mozilla\Firefox\Profiles\lzup6xbg.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://mysearch.avg.com/search?cid={FE958A27-9450-4B02-AF99-04AC232B766E}&mid=8d27e5094dfdc58e2f3d10610c192752-095021076d75d485235d4ed6c74f3d1edc3f6ffd&lang=en&ds=AVG&pr=fr&d=2013-01-30 21:32:54&pid=safeguard&sg=0&v=15.2.0.5&sap=ku&q=
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff4.dll
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff5.dll
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff6.dll
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff7.dll
FF - component: C:\Users\Darrell\AppData\Roaming\Mozilla\Firefox\Profiles\lzup6xbg.default\extensions\salesforcecti@salesforce.com\components\SFDCFirefoxConnector.dll
FF - component: C:\Users\Darrell\AppData\Roaming\Mozilla\Firefox\Profiles\lzup6xbg.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.0.12\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMSS.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL
FF - plugin: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: C:\Users\Darrell\AppData\Local\Citrix\Plugins\104\npappdetector.dll
FF - plugin: C:\Users\Darrell\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Users\Darrell\AppData\Roaming\Mozilla\plugins\npatgpc.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-08-30 09:36; web2pdfextension@web2pdf.adobedotcom; C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF - ExtSQL: !HIDDEN! 2009-12-02 21:54; otis@digitalpersona.com; C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-7-20 71480]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-7-20 311608]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-7-1 116536]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-9-5 45880]
R1 Avgfwfd;AVG network filter service;C:\Windows\System32\drivers\avgfwd6a.sys [2010-7-12 50296]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-7-20 246072]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-7-20 206648]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-3-21 240952]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-1-30 46368]
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2009-9-8 87600]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/07/20 02:48:55];C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2008-11-28 146928]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-3-2 89600]
R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [2013-9-4 1432080]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-7-4 4939312]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-7-23 283136]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-13 30520]
R2 InformaticaCloudSecureAgent;Informatica Cloud Secure Agent;C:\PROGRA~2\INFORM~1\INFAAG~1.EXE [2012-2-5 77824]
R2 OfficeSvc;Microsoft Office Service;C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-8-30 1907896]
R2 pcCMService;pcCMService;C:\Program Files (x86)\Common Files\Motive\pcCMService.exe [2012-9-29 369152]
R2 pcCMService64;pcCMService64;C:\Program Files\Common Files\Motive\pcCMService.exe [2012-9-29 460288]
R2 Recovery Service for Windows;Recovery Service for Windows;C:\Program Files (x86)\SMINST\BLService.exe [2009-2-6 365952]
R2 vfsFPService;Validity Fingerprint Service;C:\Windows\System32\vfsFPService.exe [2008-11-18 721712]
R3 btwampfl;btwampfl Bluetooth filter driver;C:\Windows\System32\drivers\btwampfl.sys [2013-5-18 620072]
R3 BTWDPAN;Bluetooth Personal Area Network;C:\Windows\System32\drivers\btwdpan.sys [2013-5-18 89640]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2013-5-18 39976]
R3 enecir;ENE CIR Receiver;C:\Windows\System32\drivers\enecir.sys [2008-9-4 64000]
R3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2008-10-23 128352]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-3-2 187392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 bcm;WiMAX Network Adapter;C:\Windows\System32\drivers\drxvi314_64.sys [2010-7-8 357248]
S3 bcmbusctr;WiMAX Bus Driver;C:\Windows\System32\drivers\BcmBusCtr_64.sys [2010-7-8 62976]
S3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2010-4-14 54824]
S3 CACLEARWIRE;Clearwire Con App Svc;"C:\Program Files (x86)\Clearwire\Connection Manager\ConAppsSvc.exe" /n "CACLEARWIRE" --> C:\Program Files (x86)\Clearwire\Connection Manager\ConAppsSvc.exe [?]
S3 CLEARWIRERcAppSvc;Clearwire RcAppSvc;"C:\Program Files (x86)\Clearwire\Connection Manager\RcAppSvc.exe" /n "CLEARWIRERcAppSvc" --> C:\Program Files (x86)\Clearwire\Connection Manager\RcAppSvc.exe [?]
S3 DrvAgent64;DrvAgent64;C:\Windows\SysWOW64\drivers\DrvAgent64.SYS [2010-9-18 21712]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-1-13 7675392]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2013-7-17 178760]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-5-23 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-3-9 1255736]
S4 Jitterbit Data Loader Apache Server;Jitterbit Data Loader Apache Server;C:\Program Files (x86)\Jitterbit Data Loader for Salesforce\apache\bin\JitterbitApache.exe [2012-4-16 20550]
S4 Jitterbit Data Loader Cleanup;Jitterbit Data Loader Cleanup;C:\Program Files (x86)\Jitterbit Data Loader for Salesforce\bin\JitterbitCleanupService.exe [2012-11-16 603648]
S4 Jitterbit Data Loader Process Engine;Jitterbit Data Loader Process Engine;C:\Program Files (x86)\Jitterbit Data Loader for Salesforce\bin\JitterbitProcessEngineService.exe [2012-11-16 603648]
S4 Jitterbit Data Loader Scheduler;Jitterbit Data Loader Scheduler;C:\Program Files (x86)\Jitterbit Data Loader for Salesforce\bin\JitterbitSchedulerService.exe [2012-11-16 603648]
S4 Jitterbit Data Loader Tomcat Server;Jitterbit Data Loader Tomcat Server;C:\Program Files (x86)\Jitterbit Data Loader for Salesforce\tomcat\bin\JitterbitTomcat6.exe [2012-4-16 74752]
S4 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-2-5 235216]
S4 vToolbarUpdater17.0.12;vToolbarUpdater17.0.12;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe [2013-10-1 1734680]
.
=============== Created Last 30 ================
.
2013-10-19 19:06:57 -------- d-----w- C:\Users\Darrell\.jitterbit_dataloader
2013-10-16 03:31:11 -------- d-----w- C:\Program Files (x86)\Jitterbit Data Loader for Salesforce
2013-10-09 08:47:57 878080 ----a-w- C:\Windows\System32\advapi32.dll
2013-10-08 02:59:53 -------- d-----w- C:\Program Files\iPod
2013-10-08 02:59:52 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-10-08 02:59:52 -------- d-----w- C:\Program Files\iTunes
2013-10-08 02:59:52 -------- d-----w- C:\Program Files (x86)\iTunes
2013-10-04 03:12:23 -------- d-----w- C:\Program Files (x86)\Evernote
2013-09-29 01:08:24 -------- d-----w- C:\Users\Darrell\AppData\Local\Programs
2013-09-26 18:01:03 208760 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2013-09-26 01:15:48 -------- d-----r- C:\Users\Darrell\Google Drive
.
==================== Find3M  ====================
.
2013-10-09 04:23:05 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-09 04:23:05 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-10-02 01:58:37 46368 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2013-09-22 23:28:06 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-09-22 23:27:49 2876928 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-09-22 23:27:48 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-09-22 23:27:48 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-09-22 22:55:10 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-09-22 22:54:51 3959296 ----a-w- C:\Windows\System32\jscript9.dll
2013-09-22 22:54:50 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-09-22 22:54:50 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-09-21 03:38:39 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-09-21 03:30:24 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-09-21 02:48:36 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-09-21 02:39:47 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-09-14 01:10:19 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-09-08 02:30:37 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-09-08 02:27:14 327168 ----a-w- C:\Windows\System32\mswsock.dll
2013-09-08 02:03:58 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
2013-09-05 05:43:42 45880 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
2013-08-29 02:17:48 5549504 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-08-29 02:16:35 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-08-29 02:16:28 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-08-29 02:16:14 859648 ----a-w- C:\Windows\System32\tdh.dll
2013-08-29 01:51:45 3969472 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51:45 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50:31 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-08-29 01:50:30 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-08-29 01:50:16 619520 ----a-w- C:\Windows\SysWow64\tdh.dll
2013-08-29 01:48:17 640512 ----a-w- C:\Windows\SysWow64\advapi32.dll
2013-08-29 01:48:15 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-08-29 00:49:53 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-08-29 00:49:52 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-08-29 00:49:52 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-08-29 00:49:49 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-08-28 01:21:06 3155968 ----a-w- C:\Windows\System32\win32k.sys
2013-08-28 01:12:33 461312 ----a-w- C:\Windows\System32\scavengeui.dll
2013-08-05 02:25:45 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys
2013-08-02 02:14:57 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-08-02 02:13:34 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2013-08-02 01:50:42 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2013-08-02 01:09:17 338432 ----a-w- C:\Windows\System32\conhost.exe
2013-08-02 00:59:09 112640 ----a-w- C:\Windows\System32\smss.exe
2013-08-02 00:43:05 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43:05 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43:05 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43:05 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2013-08-01 12:09:36 983488 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
.
============= FINISH: 21:43:36.33 ===============


#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,427 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:45 PM

Posted 27 October 2013 - 08:42 PM

Greetings ddeveaux and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please run these programs for me.

===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, select OK, then Run
  • Click on Delete
  • Confirm each time with OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
  • You can find the logfile at C:\AdwCleaner[S1].txt
===================================================

Junkware Removal Tool by thisisu

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • AdwCleaner log
  • Junkware log
  • FRST results
  • Addition log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 ddeveaux

ddeveaux
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:09:45 PM

Posted 29 October 2013 - 09:04 AM

# AdwCleaner v3.010 - Report created 29/10/2013 at 09:48:59
# Updated 20/10/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Darrell - HEALTHDETAIL-DD
# Running from : C:\Users\Darrell\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
[#] Service Deleted : vToolbarUpdater17.0.12
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\Common Files\Software Update Utility
Folder Deleted : C:\Users\Darrell\AppData\Local\eSupport.com
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.xpt
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.xpt
File Deleted : C:\Users\Darrell\AppData\Roaming\Mozilla\Firefox\Profiles\lzup6xbg.default\user.js
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16720
 
 
-\\ Mozilla Firefox v24.0 (en-US)
 
[ File : C:\Users\Darrell\AppData\Roaming\Mozilla\Firefox\Profiles\lzup6xbg.default\prefs.js ]
 
Line Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Line Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");
 
-\\ Google Chrome v
 
[ File : C:\Users\Darrell\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [7790 octets] - [29/10/2013 09:47:11]
AdwCleaner[S0].txt - [7576 octets] - [29/10/2013 09:48:59]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7636 octets] ##########
 


#5 ddeveaux

ddeveaux
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:09:45 PM

Posted 29 October 2013 - 10:44 AM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.7 (10.15.2013:3)
OS: Windows 7 Home Premium x64
Ran by Darrell on Tue 10/29/2013 at 10:08:40.10
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\msntask_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\msntask_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\msntask_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\msntask_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0A0478A1-EF33-4719-B76E-56BB9FBAFAB6}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{009D5628-DC05-4438-BD93-F659F8A06B98}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{02235C9D-5B8C-4418-A305-29359332D9A6}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{02BC801F-0705-4791-B3E4-4C9E1C51363E}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{02FEA20C-3D7B-43C4-82E5-FFFCEBB3143B}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{0502F214-507D-41DB-9B0A-1AC01376BD5B}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{05FCBA8B-9463-4D14-9552-D19DF7C9E5D0}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{06AF6FCE-D20C-49BB-9A48-EA626F41A87D}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{082A8CDA-8816-4CF7-8C51-5B487D08B007}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{09760219-450C-4F2A-AA8E-0CA31C9C2B41}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{09D7959B-968B-4927-8580-6BFF75745976}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{0A4B1AAC-3508-442B-8732-F5D31E703260}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{0AF39C3A-27EC-427D-BCB6-51FE7AB4A187}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{0BE98661-9A9A-4FE7-BC58-1E0273C91CB5}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{0DAAABD3-7530-4BFC-A264-EA30D6D533D8}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{0DED08A0-0BDE-4D8E-94C3-4F19049AA766}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{0E7FEFFE-020D-437E-B461-42C197DF3D89}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{0E95B0D3-5620-47CB-B799-4F845703BCDE}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{0FA8C23F-1A9A-4D37-9908-3ED88350E06E}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{1062BC60-78DC-4BE6-898A-C3D4E0531E31}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{10843D0C-BD8E-4115-8BD8-3291FC5D52AD}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{12958BBD-BD93-40EF-95E6-1E2C1EDFDD1B}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{1536110E-89E9-4534-B5E8-697EF028EF0C}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{168341FD-5716-402A-B792-830DD5643F8B}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{1780242C-879E-4528-B530-EC8B96754081}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{190F7A6A-3AFF-4DDF-9C9C-24F7F07DC207}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{1AD1A1A1-213E-498D-A9E4-0DFDF9C21393}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{1C1D621E-46B7-4C14-8E29-8242B2BC034A}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{1C6E8E62-728A-4247-8EDD-39E6235DC4F0}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{1CBBCF15-F700-4718-9A05-13BC1B317536}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{1D9A29CB-35AA-412D-B3CD-043B1D0C8AF1}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{1E200F30-6011-47DE-B29F-0CA5340C83F9}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{1EC30C78-C0F8-4F1D-82A7-20CA6A2A0848}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{1F69ABCE-9A99-4EA1-9269-D1823FCF352E}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{1F6CA085-3D46-4546-BC4F-176EAC429F99}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{22419133-6554-451E-8452-5C459CCADCFE}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{2281343B-AAAD-4B41-AE6F-019748EE4F6A}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{2290C0B4-4F1D-4343-AC62-E3642074A641}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{23463D88-C19D-4169-920F-DFFE438CF199}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{23B3C1E2-C8CF-491D-8219-EAAD7222EE0E}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{23BB0CFD-C83B-46D4-BF27-8433055AEB5A}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{24DC98BA-ABBD-4FA4-A106-AF33990E8182}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{255D9077-09B7-48D8-8B51-E60C54A43BF0}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{26BFA2F5-C1CD-418D-900F-0CD1C636829C}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{28894A0D-C477-4CEC-AA9B-57251655115A}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{292DA382-6951-45F2-BAEA-8E4A98E5523E}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{293D4569-FA00-4143-AEFB-5E912E273012}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{2B7A546D-866A-4288-BB24-1903797D4793}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{2C482F63-07E4-4182-BDD1-705BDAFDD9D9}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{2D5A4434-F213-416F-98A7-0315509DFC9F}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{2EA84479-89D8-4E37-ADB9-E7E5725943B1}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{2F764B00-021D-4652-A519-CE8AADEDB5F3}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{2FC2AA4F-1760-4ADD-81D2-64F77F07D0B1}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{2FDB6848-AFA8-41FC-A99F-4BBFA406E7F3}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{34DD1130-9DDD-4423-812D-A8DE6A51F67F}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{35051D9D-5698-4E56-AF27-BE2D688D669E}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{37099A53-EAC4-4648-B12B-24AA47AE02FF}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{3745D7BA-7576-41DC-A58C-807185F0B73F}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{37CB2A3B-9039-4E9F-886B-1C82765CCFB2}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{38069714-664A-4672-88B7-E65674F76E8E}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{382BB00F-2E3B-453B-89F1-B60C11C489AC}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{3861123D-7CE2-49ED-A258-3A10E4E07837}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{39DB2699-EA35-4FB8-89F6-36D95952E86F}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{3A12B45A-3761-4017-93EE-CC05CD8774B7}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{3A52D0D5-8CEC-4B59-9369-07AB50AB76CD}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{3DBEAE3E-47EF-45AA-AB6D-AF3E2F8A130A}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{3F559C31-0D97-4C71-B9DA-4F6160EDEB0C}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{3F8E61D2-42D8-4F8D-B46F-0F88F007D006}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{3FBAE44C-8DF7-497E-AB1E-014A58E41092}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{410B2154-3964-46CE-A47E-E7FB46990C8E}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{433A17C0-8AB7-459A-ACBC-E9E5B4094BA5}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{438F259C-4EE8-4368-8945-645CC6633952}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{43A1CFA1-3C5D-4C0C-B3D3-B453F0F183B1}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{43F3F2F7-7257-4F7C-8E01-72B5333F303B}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{4A19096C-88D2-47C9-AE82-A0D9C0A00C9A}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{4B255A98-EE27-4B57-81CF-5E0A9CE8A300}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{4B51B2C6-E2FA-4E90-B953-A29FC2146BA7}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{4C264CA4-F93F-4F81-BF03-55484AFF14CB}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{4C684D61-14EF-4080-BA5E-4AD3D0A895F7}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{50AEF340-B639-4884-8BF5-093656735B05}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{52E241E2-DD03-48B8-AB97-AFFCEBE2AFE4}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{53290A1C-0023-4D1A-82FB-50F2BC5E32EF}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{53A17EB1-0E1C-42DE-9A93-C6ADBF7A05A7}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{53BFAF85-9DFE-46D3-A080-FC50A86D5118}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{546F8BA9-59E9-4882-B482-153D72984A67}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{5580C1F2-6E81-441F-98AF-5C5109DBD128}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{5662B155-C413-48B9-9655-B00B4A43B81A}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{586E841D-5212-4394-B460-B8765E088BDC}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{58BC41B9-D667-46FF-A075-09B7BEA8D2EF}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{58EB1966-5437-4B63-BD17-CC8D7EE483EA}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{5B64437E-B9E9-4FAA-B97E-78CD0CE7E96D}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{5F3FE4A0-0890-4FE0-ADC2-A70F7C6A20F8}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{634724D9-3369-4980-90C0-0B7BF08EAA87}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{663089A5-EBB2-4855-A024-C371C8D8DFD1}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{66D9D544-2D6A-46BE-BE6F-718D18B7A97D}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{68B6C866-E685-4BEB-98BF-A3A05FCE28A2}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{68E52716-3A3A-4161-830F-0271C260F0C8}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{690F3D07-FF7E-45D6-AB09-B42C2861359C}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{6929FEC9-105D-4373-9450-BBB6C28304AC}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{69C6FC62-82DE-4D02-BF01-1CC5F6D7EC8D}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{6A929793-6FFA-4258-BC6A-D821518FA196}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{6AA58FDD-4509-429A-BF06-BA5F05B00CDD}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{6D65E7A2-0497-4F99-8AA4-C0BB4E657673}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{6E355476-33A5-430C-8CAE-CBF9554C755F}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{6ED3CBE4-75B7-4257-B35B-0325D06A3D8B}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{6F088CC4-0FFE-48D3-AB87-8E5CCE995AB7}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{6F6A78A3-1B50-48D8-A918-3AE1B8ADA22D}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{70753852-DB18-45B1-B16F-20D207073916}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{71DE6217-FFD6-436B-872B-6DF1FBF9A07B}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{72A64E14-2BE3-42FA-BC9A-9AEE7B320AAE}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{739FE5BE-1D5B-48EE-A6B6-09C9E2E7C7E3}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{74503CC7-4565-4519-A2DB-9DDAE5E3376A}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{74A3499D-C518-418D-84F7-2E1F7F5448F0}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{754F0B97-CF18-4E01-9AF9-821DD6C6C111}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{75C8E666-593E-4780-A0A6-B55F9A98C371}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{76699ADE-DB40-4C9A-9A9C-5D084F7BD65F}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{773074BD-F4D3-4F34-88A8-88621D833B1F}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{7901E75C-609E-4C10-9C2D-9669A71BE537}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{7A383C81-B9AB-4B95-BC9D-DE8F0BE47D25}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{7ABE6707-3088-49CA-A03D-ACBFB7F9B127}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{7AFD3D75-B99E-4069-8815-53A8109D77C4}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{7BC58B8A-E866-4B2A-90D2-B3411560A2CC}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{7CC4EFF9-33F9-4F8F-8959-5F32839D21B2}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{7ED74644-CDE1-4BCF-9852-1AECE0CFBD60}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{80AAFEA8-E690-4E7F-B4C5-472DA8C7DE4A}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{81961A7B-7231-4F11-B426-051494A5F84B}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{81A4B205-644E-40F9-9B91-5D0EDC2EDCBD}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{82E7B1F0-C692-4A16-A3B0-BC53F2221EA3}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{8399B067-E3DE-4C15-97FC-E1D467165674}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{8400AA7F-0C7B-47C1-B5D6-6088DE3F29F9}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{863E8EF8-A1BD-4093-AAD8-0C52C1379A2D}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{86CCEEF5-7A47-4FAA-B811-C019A1745942}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{8710EB69-B07F-45F8-9053-7BBEDE09AA3B}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{87338C32-0C39-461F-9FF6-43FA34F4378F}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{8831C4A3-0E6A-488C-ABBF-BF860FA41D3C}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{8C34EEA8-D7DB-4E80-8013-22AABB292F63}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{8CA4DB64-729B-4DF1-AE98-ECC5EB58C10A}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{8EB35C82-B672-46D3-A7A7-9B77FFE13807}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{8EE11697-B60B-402C-95AA-942CE13E4C45}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{8FFCD483-36F3-458D-BD34-11550B05DD3C}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{90176FD7-F08E-42BD-AA7B-5CFAA95D109C}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{90D1244C-63AC-4AE4-B3FE-19D9A45D31D2}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{90DFD4B5-D744-4EBA-B38A-BB36C05EACC0}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{91194A5B-6A8E-4908-B76F-22281687F17D}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{9231F3F8-137B-4B55-9AAA-0923273CAC36}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{927CDC43-B1F7-402C-A8CF-E041AEA5344D}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{92D5B53E-BA4A-414E-822C-933BD90C9073}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{933E2195-3964-4731-BE31-29346C592F21}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{9383709F-9B35-4311-8E20-6719EA04523D}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{93886B4F-6C88-487D-A8B1-76D041476F60}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{9401C5D1-9194-448A-AE7E-2E0E900B602E}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{953D451D-3C60-48A4-9453-BF0381B26250}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{967BC135-B92A-4382-9E36-6A33B44C6F1A}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{9A13DC67-ED4F-4C24-877F-7FBE09BA4095}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{9A3AF6C6-5D3F-4CD4-B578-AB0B57D4CCF2}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{9AAD6CB6-7567-4252-80AA-78DA488E33C2}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{9B3290A8-A9D3-44CA-9B12-D3B2E0DE2E92}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{9C2CBBD2-DD56-440B-BC24-CA1628B9A358}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{9CD11C69-1176-49FE-B0AD-8500E0D66C74}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{9F5B8D02-7B51-410B-B915-E0BCB6A8F6E8}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{A008DD05-B3C9-4186-B437-3363A71494AA}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{A0B245C2-4A71-4DE1-BDD2-075F76D95C0A}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{A2E643DF-C371-44F8-8F6A-8E21F4FA0F13}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{A2EBBE9F-D795-48C6-BD9B-BE83BDAD0B72}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{A59E4179-4814-4128-A58E-2C4190409DBF}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{A5C2C8DD-6FA9-4C1E-85F9-5E7BE10E8A64}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{A82AFE44-B2AA-42C6-BD33-8800B7747B53}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{A935D6F5-FFFF-47D3-BE22-90A91C3D5315}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{AA7FC043-4271-4877-B78D-326C4FB6B0AF}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{AD3D59D2-2E73-4ED6-97E6-86A8D510CB83}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{AD534F6A-6DBE-47B2-B542-05F424DE4681}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{AD919247-7342-4FAC-B30E-8A98449450EF}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{AE698162-3F41-4DCD-96FC-50FB96D5476C}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{AED3E7F2-09DD-4E25-B89A-53F8661AF32A}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{B0BB0710-4979-4801-9AA7-D00CF363B336}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{B112913D-FC84-4F72-B420-2E60B1310A79}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{B2E09003-D0D7-433B-B927-ED0FF332CF94}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{B4771E20-6063-43B4-950D-7985DC1C0619}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{B4C935FB-A3DC-4333-BA35-4D8C0B4A988A}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{B6FF5D46-628A-4320-ABF2-2BA43306BBBD}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{B7BECEA7-C042-47DA-98C2-0C359630EB06}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{B821C77D-2B5E-4ABF-89AC-4D5003BC3EBD}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{BB1FDD77-7FE5-4F67-ACD4-751722C3D58E}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{BBD08D2B-343A-46EE-A9DF-5A494892FA8D}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{BC3363EF-2867-4818-BC3C-49263031F33A}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{BC57C0E1-5835-4F3B-8689-CAA54D8D92DF}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{BE91F70A-2FEE-4E35-9C2C-1692B032DFE3}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{BF2414FB-B04A-4ED3-A6A8-017F0317669B}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{C19812B7-C840-4A5A-8292-0B2D51C8B6E8}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{C3A93C48-405B-4C70-B9DF-F8FBDD657576}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{C5473A6B-5E6F-4CF9-90E9-A0AB5B3EE425}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{C9A9AF13-958B-4D02-B0F6-15586259B530}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{CA6C0A56-6C68-4A77-ACB8-2ABAFBC934DA}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{CAB79202-D7F1-4F8F-9299-84A15B7FC589}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{CD043E69-AA37-423F-96E5-EFEC08559D94}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{D09DB4E4-0587-43BC-9896-14EC7D0C40F3}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{D19C7B69-F2A9-4654-A230-0430CE4EA048}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{D1AD57AF-55FC-4870-9DFB-99F3CFBF2561}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{D5D4C7E6-0675-49D5-A568-2AE6F38BACDA}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{D641ED28-D9CE-4A58-B506-EE019D092D4B}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{D69D9D8F-2153-4AC3-A4F6-04B4B5766ADD}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{D6A54704-8800-42C2-B724-B71827E13654}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{D7EAD0B9-61BB-49A6-B0C7-81B7C3D85E19}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{D86CBC0D-6AF2-444E-9AF6-F054BF5CB35F}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{D97F47CC-E12E-48A9-9008-FDD1E692E921}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{DA3D6827-6240-4A23-BE4B-8C351B60F00B}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{DA92DCF7-E2EA-4F4B-9185-9660DB87E099}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{DAC61AB1-9524-492F-8C97-BA5AFFF8C4EA}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{DBC2C7F2-3D69-4FB2-A85B-8F481B6C80E5}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{DC19D2DF-D6A9-4B7F-9AA3-52CC6D70FA07}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{DC3206E4-8608-4C87-A378-D53A6E77D12B}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{DCBA5D65-0FBF-4B43-8FD2-BF070E2070E3}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{DD8C3BF7-C9BF-476E-957D-84E4D0FEDF30}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{DE915C5C-4B53-440C-AD75-742446724AB0}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{DEDE78F6-D222-4BF2-A9FE-C704A38FDEEB}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{DEE4F069-3BEE-4585-A9F3-00F717DC62FC}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{DF12C10D-DD3B-41A7-AF25-FB5189CF75C5}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{DFDEA134-7A64-468B-8BEF-DDCB6B0B80D2}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{E0F65142-195E-4E6C-9562-8DDD68026369}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{E1D59F53-513E-4CFB-9339-015C67673359}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{E1E0E604-6E2B-4DE0-96D5-7F4D48BFD67D}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{E470D38B-4F4D-418F-9AF2-8C73D8341201}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{E4A54E41-7AD2-4F72-B5C5-CDC7AA784827}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{E54F9B50-92A5-44F9-8B64-339CE3007632}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{E71A9773-1AE2-479F-A7DC-82E97EBFCA82}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{E7435059-4156-41DF-92D3-F6E23ED4CC34}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{E7C46095-F069-4918-BF92-BB438C6EA2A5}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{E8A99F38-57E5-41E9-8372-7494FEBF5FD2}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{E9288614-E459-4008-92E4-4FFE2E5A12BD}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{EA141DEE-0736-422A-8CA9-8213951A79E2}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{ECF595DD-F7D7-410D-A45D-02F6D50A3803}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{EDFC442F-00A7-4028-9158-FFAEA41F64BA}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{EE6D2098-945A-4E07-9608-94493BA8E328}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{EE723859-4206-4EFA-8732-BEDDCC394FA4}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{EEE84760-CD1D-4A76-AEAE-728F2343D913}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{EF8DDD5E-EA92-4C79-8275-5924B1257BA7}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{F0B46853-C74E-49A1-B807-EADAC549F07F}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{F107D56D-329D-415E-85F5-ECE738C281BC}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{F14BD21B-CA5F-4B43-AB4F-62C93FB13C0B}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{F20F7C66-6949-425F-9F07-35CBF4A85D9D}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{F31D0E9A-A9B0-449E-A611-EB12A0FA58C7}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{F4EAC580-D0E0-4CD5-9145-57A8250E1DE1}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{F527A2C6-4DE5-45EB-B88A-1D6083A9FF43}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{F5E40D7A-317A-475D-939F-38CE56743DA1}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{F636304D-D084-4F58-8377-7284C3F1B317}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{F75E2515-8381-4E9E-A7D9-17EF1611A14C}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{F79C5B0E-2D95-4C64-9C16-4046EDBE8D8D}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{FB8855EB-A6A3-4455-BE27-54C40BF4D69F}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{FBF46F85-2557-4E97-BF5A-5FB9AA0BD2D0}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{FC4AC4C0-336B-43A2-A5F7-077AD865E2A0}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{FC62FAAD-D1FC-47FB-A9BD-73C7789E100C}
Successfully deleted: [Empty Folder] C:\Users\Darrell\appdata\local\{FCDEDC38-25C4-4DFD-AF56-7DEC388D8E08}
 
 
 
~~~ FireFox
 
Failed to delete: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg_igeared.xml"
Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg_igeared.xml"
Successfully deleted the following from C:\Users\Darrell\AppData\Roaming\mozilla\firefox\profiles\lzup6xbg.default\prefs.js
 
user_pref("keyword.URL", "hxxp://mysearch.avg.com/search?cid={FE958A27-9450-4B02-AF99-04AC232B766E}&mid=8d27e5094dfdc58e2f3d10610c192752-095021076d75d485235d4ed6c74f3d1edc3f6f
Emptied folder: C:\Users\Darrell\AppData\Roaming\mozilla\firefox\profiles\lzup6xbg.default\minidumps [21 files]
 
 
 
~~~ Chrome
 
Successfully deleted: [Folder] C:\Users\Darrell\appdata\local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 10/29/2013 at 11:35:38.11
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


#6 ddeveaux

ddeveaux
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:09:45 PM

Posted 29 October 2013 - 02:48 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-10-2013
Ran by Darrell (administrator) on HEALTHDETAIL-DD on 29-10-2013 11:48:19
Running from C:\Users\Darrell\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe
(Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
() C:\PROGRA~2\INFORM~1\INFAAG~1.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe
(Sun Microsystems, Inc.) C:\PROGRA~2\INFORM~1\jre\bin\java.exe
() C:\Program Files (x86)\SMINST\BLService.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Validity Sensors, Inc.) C:\Windows\system32\vfsFPService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Sun Microsystems, Inc.) C:\PROGRA~2\INFORM~1\jre\bin\java.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Box, Inc.) C:\Program Files\Box Sync\BoxSyncHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Google Inc.) C:\Users\Darrell\AppData\Local\Google\Update\1.3.21.165\GoogleCrashHandler.exe
(Google Inc.) C:\Users\Darrell\AppData\Local\Google\Update\1.3.21.165\GoogleCrashHandler64.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe
(Google Inc.) C:\Users\Darrell\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Darrell\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Darrell\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Darrell\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Darrell\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Darrell\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Darrell\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Darrell\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Darrell\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Darrell\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Darrell\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Darrell\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Darrell\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Darrell\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2096424 2010-05-27] (Synaptics Incorporated)
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-03-23] (IDT, Inc.)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-06-23] (Logitech, Inc.)
HKLM\...\Run: [IntelliPoint] - C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [itype] - C:\Program Files\Microsoft IntelliType Pro\itype.exe [1873256 2011-08-10] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [BoxSyncHelper] - C:\Program Files\Box Sync\BoxSyncHelper.exe [393216 2013-06-07] (Box, Inc.)
Winlogon\Notify\LBTWlgn: C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [163328 2010-11-20] (Microsoft Corporation)
HKCU\...\Run: [ccleaner] - C:\Program Files (x86)\CCleaner\CCleaner.exe [1861944 2010-10-27] (Piriform Ltd)
HKCU\...\Run: [Google Update] - C:\Users\Darrell\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2010-05-09] (Google Inc.)
HKCU\...\Run: [GoogleDriveSync] - C:\Program Files (x86)\Google\Drive\googledrivesync.exe [20133824 2013-09-25] (Google)
HKCU\...\Policies\Explorer: [NoChangeStartMenu] 0
HKCU\...\Policies\Explorer: [NoLogOff] 0
HKLM-x32\...\Run: [ConnectionCenter] - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [103768 2009-09-12] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [UpdateLBPShortCut] - C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] - C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [210216 2008-10-30] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePDIRShortCut] - C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePSTShortCut] - C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2008-11-26] (CyberLink Corp.)
HKLM-x32\...\Run: [StartupDelayer] - C:\Program Files (x86)\r2 Studios\Startup Delayer\Startup Launcher.exe [73728 2009-03-08] (r2 studios)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2013-09-23] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe [3478392 2013-09-05] (Adobe Systems Inc.)
HKU\Default\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1668664 2009-10-25] (Hewlett-Packard)
HKU\Default User\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1668664 2009-10-25] (Hewlett-Packard)
HKU\Guest\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1668664 2009-10-25] (Hewlett-Packard)
HKU\Guest\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-11-20] (Hewlett-Packard Company)
HKU\Guest\...\Run: [Facebook Update] - C:\Users\Guest\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-11-19] (Facebook Inc.)
Lsa: [Notification Packages] scecli DPPWDFLT c:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\Users\Darrell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\Darrell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteTray.lnk
ShortcutTarget: EvernoteTray.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe (No File)
 
==================== Internet (Whitelisted) ====================
 
SearchScopes: HKLM - DefaultScope {0A0478A1-EF33-4719-B76E-56BB9FBAFAB6} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF
SearchScopes: HKLM - {0A0478A1-EF33-4719-B76E-56BB9FBAFAB6} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF
SearchScopes: HKLM - {9C37F2A3-6850-40B3-A381-2A0AF373F32F} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM-x32 - {9C37F2A3-6850-40B3-A381-2A0AF373F32F} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKCU - {9C37F2A3-6850-40B3-A381-2A0AF373F32F} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)
BHO: DigitalPersona Personal Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: LastPass Browser Helper Object - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: DigitalPersona Personal Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: LastPass Browser Helper Object - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
BHO-x32: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: Adobe Acrobat Create PDF from Selection - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar: HKCU - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://qb.webex.com/client/v_mywebex-qb20/ra/ieatgpc1.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
FireFox:
========
FF ProfilePath: C:\Users\Darrell\AppData\Roaming\Mozilla\Firefox\Profiles\lzup6xbg.default
FF Homepage: hxxp://www.google.com
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.5.1 - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.4 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @skyhookwireless.com/LokiPlugin,version=3.1.0.05 - C:\Program Files (x86)\Skyhook Wireless\Loki ActiveX Component\versions\3.1.0.05\loki.dll (Skyhook Wireless)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Darrell\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Darrell\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Darrell\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\safeguard-secure-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
FF Extension: Pocket - C:\Users\Darrell\AppData\Roaming\Mozilla\Firefox\Profiles\lzup6xbg.default\Extensions\isreaditlater@ideashower.com
FF Extension: Pencil - C:\Users\Darrell\AppData\Roaming\Mozilla\Firefox\Profiles\lzup6xbg.default\Extensions\pencil@evolus.vn
FF Extension: LastPass - C:\Users\Darrell\AppData\Roaming\Mozilla\Firefox\Profiles\lzup6xbg.default\Extensions\support@lastpass.com
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\
FF Extension: DigitalPersona Extension - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF HKCU\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\DigitalPersona\Bin\firefoxext
FF Extension: DigitalPersona Extension - C:\Program Files (x86)\DigitalPersona\Bin\firefoxext
 
Chrome: 
=======
CHR Extension: (HP Product Detection Plugin) - C:\Users\Darrell\AppData\Local\Google\Chrome\User Data\Default\Extensions\aelbknmfcacjffmgnoaaonhgoghlmlkp\1.0.28.1_0
CHR Extension: (MeasureIt!) - C:\Users\Darrell\AppData\Local\Google\Chrome\User Data\Default\Extensions\aonjhmdcgbgikgjapjckfkefpphjpgma\1.1.3_0
CHR Extension: (Google Drive) - C:\Users\Darrell\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1
CHR Extension: (HootSuite Hootlet) - C:\Users\Darrell\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjgfdlplhmndoonmofmflcbiohgbkifn\4.0.10_0
CHR Extension: (YouTube) - C:\Users\Darrell\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Cast) - C:\Users\Darrell\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd\13.1008.0.1_0
CHR Extension: (Google Search) - C:\Users\Darrell\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Screen Capture (by Google)) - C:\Users\Darrell\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpngackimfmofbokmjmljamhdncknpmg\5.0.6_0
CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\Darrell\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\11.0.3.37_0
CHR Extension: (Logitech Device Detection) - C:\Users\Darrell\AppData\Local\Google\Chrome\User Data\Default\Extensions\elncikmfipkphghakkmemnlnahadedno\1.24.0.9_0
CHR Extension: (Cirrus Insight) - C:\Users\Darrell\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmdomiplhgolgpibfdjjhgbcbkdcfkmk\3.0.2_0
CHR Extension: (Yesware) - C:\Users\Darrell\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkjnkapjmjfpipfcccnjbjcbgdnahpjp\2.0.61_0
CHR Extension: (LastPass) - C:\Users\Darrell\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.5.4_0
CHR Extension: (Send to Kindle (by Klip.me)) - C:\Users\Darrell\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipkfnchcgalnafehpglfbommidgmalan\3.2.5_0
CHR Extension: (Boomerang for Gmail) - C:\Users\Darrell\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdanidgdpmkimeiiojknlnekblgmpdll\1.2.2_0
CHR Extension: (CRM Science - Code & Query Keeper) - C:\Users\Darrell\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkebppabmgknkobbnhmfochanfgnlfc\1.0.5_0
CHR Extension: (RSS Subscription Extension (by Google)) - C:\Users\Darrell\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd\2.2.2_0
CHR Extension: (Evernote Web Clipper) - C:\Users\Darrell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\6.0.3_0
CHR Extension: (Gmail) - C:\Users\Darrell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - C:\Program Files (x86)\LastPass\lpchrome.crx
CHR StartMenuInternet: Google Chrome - C:\Users\Darrell\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
S2 avgfws; C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [1432080 2013-09-04] (AVG Technologies CZ, s.r.o.)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-07-23] (AVG Technologies CZ, s.r.o.)
R2 InformaticaCloudSecureAgent; C:\PROGRA~2\INFORM~1\INFAAG~1.EXE [77824 2011-12-22] ()
S4 Jitterbit Data Loader Apache Server; C:\Program Files (x86)\Jitterbit Data Loader for Salesforce\apache\bin\JitterbitApache.exe [20550 2012-04-16] (Apache Software Foundation)
S4 Jitterbit Data Loader Cleanup; C:\Program Files (x86)\Jitterbit Data Loader for Salesforce\bin\JitterbitCleanupService.exe [603648 2012-11-16] (Jitterbit, Inc.)
S4 Jitterbit Data Loader Process Engine; C:\Program Files (x86)\Jitterbit Data Loader for Salesforce\bin\JitterbitProcessEngineService.exe [603648 2012-11-16] (Jitterbit, Inc.)
S4 Jitterbit Data Loader Scheduler; C:\Program Files (x86)\Jitterbit Data Loader for Salesforce\bin\JitterbitSchedulerService.exe [603648 2012-11-16] (Jitterbit, Inc.)
S4 Jitterbit Data Loader Tomcat Server; C:\Program Files (x86)\Jitterbit Data Loader for Salesforce\tomcat\bin\JitterbitTomcat6.exe [74752 2012-04-16] (Apache Software Foundation)
S4 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-09-06] (Microsoft Corporation)
R2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [460288 2013-02-25] (Alcatel-Lucent)
R2 Recovery Service for Windows; C:\Program Files (x86)\SMINST\BLService.exe [365952 2008-12-17] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [241734 2008-09-15] ()
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe [247808 2010-03-23] (IDT, Inc.)
R2 vfsFPService; C:\Windows\system32\vfsFPService.exe [721712 2008-11-18] (Validity Sensors, Inc.)
R2 vfsFPService; C:\Windows\SysWow64\vfsFPService.exe [599344 2008-11-18] (Validity Sensors, Inc.)
S3 CACLEARWIRE; "C:\Program Files (x86)\Clearwire\Connection Manager\ConAppsSvc.exe" /n "CACLEARWIRE" [x]
S3 CLEARWIRERcAppSvc; "C:\Program Files (x86)\Clearwire\Connection Manager\RcAppSvc.exe" /n "CLEARWIRERcAppSvc" [x]
 
==================== Drivers (Whitelisted) ====================
 
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [50296 2012-09-04] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-09-05] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-10-01] (AVG Technologies)
S3 bcm; C:\Windows\System32\DRIVERS\drxvi314_64.sys [357248 2010-07-08] (Beceem communications pvt ltd.)
S3 bcmbusctr; C:\Windows\System32\DRIVERS\BcmBusCtr_64.sys [62976 2010-07-08] (Beceem communications pvt ltd.)
S3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2011-08-04] (Broadcom Corporation.)
S3 MREMP50; C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [21248 2013-02-25] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MREMP50a64; C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [43008 2013-02-25] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [20096 2013-02-25] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50a64; C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [40960 2013-02-25] (Printing Communications Assoc., Inc. (PCAUSA))
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2008-11-28] (CyberLink Corp.)
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x]
S3 PCTINDIS5X64; \??\C:\Windows\system32\PCTINDIS5X64.SYS [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-10-29 11:57 - 2013-10-29 11:58 - 00007838 _____ C:\Windows\setupact.log
2013-10-29 11:57 - 2013-10-29 11:57 - 00000000 _____ C:\Windows\setuperr.log
2013-10-29 11:47 - 2013-10-29 11:47 - 01956538 _____ (Farbar) C:\Users\Darrell\Desktop\FRST64.exe
2013-10-29 11:47 - 2013-10-29 11:47 - 00000000 ____D C:\FRST
2013-10-29 11:35 - 2013-10-29 11:35 - 00029237 _____ C:\Users\Darrell\Desktop\JRT.txt
2013-10-29 10:08 - 2013-10-29 10:08 - 00000000 ____D C:\Windows\ERUNT
2013-10-29 09:47 - 2013-10-29 09:49 - 00000000 ____D C:\AdwCleaner
2013-10-29 09:43 - 2013-10-29 09:43 - 01089183 _____ (Farbar) C:\Users\Darrell\Desktop\FRST.exe
2013-10-29 09:42 - 2013-10-29 09:42 - 01033335 _____ (Thisisu) C:\Users\Darrell\Desktop\JRT.exe
2013-10-29 09:40 - 2013-10-29 09:40 - 01060070 _____ C:\Users\Darrell\Desktop\AdwCleaner.exe
2013-10-26 11:13 - 2013-10-26 11:13 - 00000000 ____D C:\Program Files (x86)\Evernote
2013-10-24 21:44 - 2013-10-24 21:44 - 00025204 _____ C:\Users\Darrell\Desktop\attach.txt
2013-10-24 21:44 - 2013-10-24 21:43 - 00034498 _____ C:\Users\Darrell\Desktop\dds.txt
2013-10-23 20:12 - 2013-10-23 20:12 - 00000000 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log
2013-10-22 21:13 - 2013-10-26 14:20 - 00000258 __RSH C:\ProgramData\ntuser.pol
2013-10-22 21:04 - 2013-10-22 21:05 - 00000000 ____D C:\Users\Guest\AppData\Local\Google
2013-10-22 19:33 - 2013-10-29 11:57 - 00379471 _____ C:\Windows\WindowsUpdate.log
2013-10-19 17:40 - 2013-10-19 17:10 - 00015755 _____ C:\Users\Darrell\Documents\untitled_0.ods
2013-10-19 15:06 - 2013-10-20 14:34 - 00000000 ____D C:\Users\Darrell\.jitterbit_dataloader
2013-10-19 14:58 - 2013-10-19 14:58 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2013-10-19 14:58 - 2013-10-19 14:58 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
2013-10-17 21:09 - 2013-10-17 21:09 - 00000000 ____D C:\Users\Darrell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromecast
2013-10-15 23:42 - 2013-09-22 19:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-15 23:42 - 2013-09-22 19:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-15 23:42 - 2013-09-22 19:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-15 23:42 - 2013-09-22 19:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-15 23:42 - 2013-09-22 19:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-15 23:42 - 2013-09-22 19:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-15 23:42 - 2013-09-22 19:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-15 23:42 - 2013-09-22 19:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-15 23:42 - 2013-09-22 19:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-15 23:42 - 2013-09-22 19:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-15 23:42 - 2013-09-22 19:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-15 23:42 - 2013-09-22 19:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-15 23:42 - 2013-09-22 19:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-15 23:42 - 2013-09-22 18:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-15 23:42 - 2013-09-22 18:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-15 23:42 - 2013-09-22 18:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-15 23:42 - 2013-09-22 18:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-15 23:42 - 2013-09-22 18:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-15 23:42 - 2013-09-22 18:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-15 23:42 - 2013-09-22 18:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-15 23:42 - 2013-09-22 18:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-15 23:42 - 2013-09-22 18:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-15 23:42 - 2013-09-22 18:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-15 23:42 - 2013-09-22 18:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-15 23:42 - 2013-09-22 18:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-15 23:42 - 2013-09-22 18:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-15 23:42 - 2013-09-22 18:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-15 23:42 - 2013-09-20 23:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-15 23:42 - 2013-09-20 23:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-15 23:42 - 2013-09-20 22:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-15 23:42 - 2013-09-20 22:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-15 23:31 - 2013-10-15 23:32 - 00000000 ____D C:\Program Files (x86)\Jitterbit Data Loader for Salesforce
2013-10-09 04:48 - 2013-07-12 06:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-10-09 04:48 - 2013-07-12 06:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-09 04:48 - 2013-07-12 06:40 - 00109824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
2013-10-09 04:48 - 2013-07-04 08:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-09 04:48 - 2013-07-04 08:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-09 04:48 - 2013-07-04 08:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-09 04:48 - 2013-07-04 07:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-10-09 04:48 - 2013-07-04 07:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-10-09 04:48 - 2013-07-04 07:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-09 04:48 - 2013-07-04 06:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-09 04:48 - 2013-07-03 00:40 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2013-10-09 04:48 - 2013-07-03 00:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-09 04:48 - 2013-07-03 00:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-09 04:48 - 2013-06-25 18:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-09 04:48 - 2013-06-06 01:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-09 04:48 - 2013-06-06 01:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-09 04:48 - 2013-06-06 01:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-09 04:48 - 2013-06-06 01:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-09 04:48 - 2013-06-06 00:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-10-09 04:48 - 2013-06-06 00:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-10-09 04:48 - 2013-06-06 00:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-10-09 04:48 - 2013-06-05 23:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-09 04:48 - 2013-06-05 23:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-09 04:48 - 2013-06-05 23:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-09 04:47 - 2013-09-13 21:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-10-09 04:47 - 2013-09-07 22:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-09 04:47 - 2013-09-07 22:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-10-09 04:47 - 2013-09-07 22:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-10-09 04:47 - 2013-08-28 22:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-09 04:47 - 2013-08-28 22:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-09 04:47 - 2013-08-28 22:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-10-09 04:47 - 2013-08-28 22:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-10-09 04:47 - 2013-08-28 22:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-10-09 04:47 - 2013-08-28 21:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-10-09 04:47 - 2013-08-28 21:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-10-09 04:47 - 2013-08-28 21:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-10-09 04:47 - 2013-08-28 21:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-10-09 04:47 - 2013-08-28 21:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-10-09 04:47 - 2013-08-28 21:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-10-09 04:47 - 2013-08-28 20:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-10-09 04:47 - 2013-08-28 20:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-10-09 04:47 - 2013-08-28 20:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-10-09 04:47 - 2013-08-28 20:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-10-09 04:47 - 2013-08-27 21:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-09 04:47 - 2013-08-27 21:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-09 04:47 - 2013-08-01 08:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-09 04:47 - 2013-07-20 06:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 04:47 - 2013-07-20 06:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-07 23:00 - 2013-10-07 23:00 - 00001783 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-10-07 22:59 - 2013-10-07 23:00 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-10-07 22:59 - 2013-10-07 23:00 - 00000000 ____D C:\Program Files\iTunes
2013-10-07 22:59 - 2013-10-07 23:00 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-10-07 22:59 - 2013-10-07 22:59 - 00000000 ____D C:\Program Files\iPod
2013-10-03 22:10 - 2013-10-03 22:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
 
==================== One Month Modified Files and Folders =======
 
2013-10-29 12:09 - 2010-06-12 21:53 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2066770089-1179433659-3665376092-1000UA.job
2013-10-29 11:58 - 2013-10-29 11:57 - 00007838 _____ C:\Windows\setupact.log
2013-10-29 11:58 - 2010-05-09 12:46 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-29 11:57 - 2013-10-29 11:57 - 00000000 _____ C:\Windows\setuperr.log
2013-10-29 11:57 - 2013-10-22 19:33 - 00379471 _____ C:\Windows\WindowsUpdate.log
2013-10-29 11:47 - 2013-10-29 11:47 - 01956538 _____ (Farbar) C:\Users\Darrell\Desktop\FRST64.exe
2013-10-29 11:47 - 2013-10-29 11:47 - 00000000 ____D C:\FRST
2013-10-29 11:45 - 2009-12-03 22:46 - 00003962 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{D3EC5A3A-4D33-4B5A-A4AF-D3E30E396E27}
2013-10-29 11:35 - 2013-10-29 11:35 - 00029237 _____ C:\Users\Darrell\Desktop\JRT.txt
2013-10-29 11:22 - 2012-05-26 14:06 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-29 11:14 - 2013-08-27 21:58 - 00000340 _____ C:\Windows\Tasks\HPCeeScheduleForDarrell.job
2013-10-29 11:13 - 2013-08-27 21:58 - 00003198 _____ C:\Windows\System32\Tasks\HPCeeScheduleForDarrell
2013-10-29 10:08 - 2013-10-29 10:08 - 00000000 ____D C:\Windows\ERUNT
2013-10-29 10:08 - 2013-09-20 13:36 - 00000000 ____D C:\Users\Darrell\AppData\Roaming\Box Sync
2013-10-29 10:06 - 2010-10-09 11:21 - 00000000 ____D C:\ProgramData\MFAData
2013-10-29 10:05 - 2009-12-02 22:45 - 00011440 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-29 10:05 - 2009-12-02 22:45 - 00011440 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-29 09:57 - 2013-09-25 21:15 - 00000000 ___RD C:\Users\Darrell\Google Drive
2013-10-29 09:55 - 2010-05-09 12:46 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-29 09:54 - 2009-12-24 12:11 - 00000442 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2013-10-29 09:54 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-29 09:49 - 2013-10-29 09:47 - 00000000 ____D C:\AdwCleaner
2013-10-29 09:43 - 2013-10-29 09:43 - 01089183 _____ (Farbar) C:\Users\Darrell\Desktop\FRST.exe
2013-10-29 09:42 - 2013-10-29 09:42 - 01033335 _____ (Thisisu) C:\Users\Darrell\Desktop\JRT.exe
2013-10-29 09:40 - 2013-10-29 09:40 - 01060070 _____ C:\Users\Darrell\Desktop\AdwCleaner.exe
2013-10-26 14:20 - 2013-10-22 21:13 - 00000258 __RSH C:\ProgramData\ntuser.pol
2013-10-26 11:13 - 2013-10-26 11:13 - 00000000 ____D C:\Program Files (x86)\Evernote
2013-10-26 10:18 - 2009-09-07 13:05 - 00000000 ____D C:\Users\Darrell\AppData\Local\Adobe
2013-10-25 09:55 - 2010-02-21 13:02 - 00000298 _____ C:\Windows\Tasks\Defraggler Volume C Task.job
2013-10-24 21:44 - 2013-10-24 21:44 - 00025204 _____ C:\Users\Darrell\Desktop\attach.txt
2013-10-24 21:43 - 2013-10-24 21:44 - 00034498 _____ C:\Users\Darrell\Desktop\dds.txt
2013-10-24 21:09 - 2010-06-12 21:53 - 00000864 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2066770089-1179433659-3665376092-1000Core.job
2013-10-24 20:18 - 2012-02-05 15:28 - 00000000 ____D C:\Program Files (x86)\Informatica Cloud Secure Agent
2013-10-24 15:56 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
2013-10-24 11:19 - 2013-08-18 12:31 - 00000000 ____D C:\Windows\pss
2013-10-23 20:12 - 2013-10-23 20:12 - 00000000 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log
2013-10-23 20:12 - 2009-02-06 11:22 - 00000000 ____D C:\Program Files (x86)\Java
2013-10-23 19:47 - 2010-04-25 10:31 - 00000000 ____D C:\Windows\Minidump
2013-10-22 21:21 - 2013-03-09 11:00 - 00000000 ____D C:\Users\Guest\AppData\Local\LogMeIn Rescue Applet
2013-10-22 21:17 - 2011-12-18 23:10 - 00123912 _____ C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2013-10-22 21:13 - 2011-12-18 23:10 - 00000000 ___RD C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-22 21:13 - 2011-12-18 23:10 - 00000000 ___RD C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-10-22 21:05 - 2013-10-22 21:04 - 00000000 ____D C:\Users\Guest\AppData\Local\Google
2013-10-22 09:29 - 2013-06-15 11:13 - 00000965 _____ C:\Users\Public\Desktop\AVG 2013.lnk
2013-10-21 11:49 - 2009-07-14 01:13 - 00779306 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-20 14:34 - 2013-10-19 15:06 - 00000000 ____D C:\Users\Darrell\.jitterbit_dataloader
2013-10-20 10:15 - 2010-03-06 16:42 - 00000000 _____ C:\Users\Darrell\AppData\Local\prvlcl.dat
2013-10-19 17:10 - 2013-10-19 17:40 - 00015755 _____ C:\Users\Darrell\Documents\untitled_0.ods
2013-10-19 15:06 - 2009-12-02 22:49 - 00000000 ____D C:\Users\Darrell
2013-10-19 14:58 - 2013-10-19 14:58 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2013-10-19 14:58 - 2013-10-19 14:58 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
2013-10-19 12:27 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2013-10-17 21:09 - 2013-10-17 21:09 - 00000000 ____D C:\Users\Darrell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromecast
2013-10-17 21:09 - 2013-09-28 21:08 - 00001223 _____ C:\Users\Darrell\Desktop\Chromecast.lnk
2013-10-17 21:04 - 2010-06-12 21:53 - 00003890 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2066770089-1179433659-3665376092-1000UA
2013-10-17 21:04 - 2010-06-12 21:53 - 00003494 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2066770089-1179433659-3665376092-1000Core
2013-10-16 21:52 - 2010-05-09 12:46 - 00003896 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-16 21:52 - 2010-05-09 12:46 - 00003644 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-10-16 21:39 - 2009-12-02 23:48 - 00123912 _____ C:\Users\Darrell\AppData\Local\GDIPFONTCACHEV1.DAT
2013-10-16 21:36 - 2009-07-14 00:45 - 00487216 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-15 23:32 - 2013-10-15 23:31 - 00000000 ____D C:\Program Files (x86)\Jitterbit Data Loader for Salesforce
2013-10-15 23:29 - 2009-02-06 10:16 - 00000000 ____D C:\Windows\Downloaded Installations
2013-10-15 21:01 - 2013-08-30 10:41 - 00000000 ____D C:\Program Files\Microsoft Office 15
2013-10-15 20:46 - 2012-01-04 19:55 - 00000000 ____D C:\Users\Darrell\AppData\Roaming\HpUpdate
2013-10-15 20:34 - 2012-05-12 23:08 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-09 08:36 - 2013-05-15 17:37 - 00773522 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-10-09 08:36 - 2012-05-12 23:08 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-09 08:29 - 2013-07-18 16:29 - 00000000 ____D C:\Windows\system32\MRT
2013-10-09 08:27 - 2009-12-09 22:31 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-09 00:23 - 2012-05-26 14:06 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-09 00:23 - 2012-05-26 14:06 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-09 00:23 - 2011-05-17 21:14 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-07 23:00 - 2013-10-07 23:00 - 00001783 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-10-07 23:00 - 2013-10-07 22:59 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-10-07 23:00 - 2013-10-07 22:59 - 00000000 ____D C:\Program Files\iTunes
2013-10-07 23:00 - 2013-10-07 22:59 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-10-07 22:59 - 2013-10-07 22:59 - 00000000 ____D C:\Program Files\iPod
2013-10-06 11:02 - 2009-10-27 14:56 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2013-10-06 11:01 - 2011-10-30 10:55 - 00000000 _____ C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-10-05 19:46 - 2012-11-22 13:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-10-05 10:57 - 2013-08-24 11:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox.bak
2013-10-05 10:57 - 2009-08-30 12:07 - 00000000 ____D C:\Users\Darrell\AppData\Local\Mozilla
2013-10-05 10:10 - 2009-07-14 01:08 - 00032642 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-03 22:11 - 2013-10-03 22:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-10-01 21:59 - 2013-06-29 19:01 - 00003734 _____ C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2013-10-01 21:58 - 2013-01-30 22:32 - 00046368 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2013-10-01 21:58 - 2013-01-30 22:32 - 00000000 ____D C:\Program Files (x86)\AVG SafeGuard toolbar
 
Files to move or delete:
====================
C:\Users\Darrell\AppData\Roaming\desktop.ini
C:\Users\Darrell\gotomypc_540.exe
C:\Users\Darrell\gotomypc_626.exe
C:\Users\Darrell\gotomypc_635.exe
 
 
Some content of TEMP:
====================
C:\Users\Darrell\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-10-21 13:33
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-10-2013
Ran by Darrell at 2013-10-29 12:44:33
Running from C:\Users\Darrell\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: AVG Internet Security 2013 (Disabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security 2013 (Disabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2013 (Disabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
 
==================== Installed Programs ======================
 
64 Bit HP CIO Components Installer (Version: 2.2.5)
950000 ClickArt (x32 Version: 3.21.0000)
Acrobat.com (x32 Version: 2.0.0)
Acrobat.com (x32 Version: 2.0.0.0)
Adobe Acrobat XI Pro (x32 Version: 11.0.05)
Adobe AIR (x32 Version: 3.7.0.1530)
Adobe Anchor Service CS4 (x32 Version: 2.0)
Adobe Common Components (x32 Version: 1.0)
Adobe Download Assistant (x32 Version: 1.2.6)
Adobe Flash Builder for Force.com (x32 Version: 1.0.0)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Reader X (10.1.8) (x32 Version: 10.1.8)
Adobe Setup (x32 Version: 2.0)
Amazon Kindle (HKCU)
Apple Application Support (x32 Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (x32 Version: 2.1.3.127)
Audible Download Manager (x32 Version: 6.6.0.15)
AutoHotkey 1.1.10.01 (Version: 1.1.10.01)
AVerMedia TV Tuner Card 1.0.0.3 (x32 Version: 1.0.0.3)
AVG 2013 (Version: 13.0.3222)
AVG 2013 (Version: 13.0.3426)
AVG 2013 (Version: 2013.0.3426)
AVG SafeGuard toolbar (x32 Version: 17.0.1.12)
Bonjour (Version: 3.0.0.10)
Box Sync (64 bit) (Version: 3.4.25.0)
Broadcom Bluetooth Software (Version: 6.5.0.2000)
Broadcom InConcert Maestro (Version: 1.0.1.1900)
CCleaner (Version: 3.00)
Chatter Desktop (x32 Version: 3.1.1)
ChromecastApp (HKCU Version: 1.1.258.0)
Cisco WebEx Meetings (HKCU)
Citrix Online Launcher (x32 Version: 1.0.122)
Citrix online plug-in - web (x32 Version: 11.2.0.31560)
Citrix online plug-in (DV) (x32 Version: 11.2.0.31560)
Citrix online plug-in (HDX) (x32 Version: 11.2.0.31560)
Citrix online plug-in (USB) (x32 Version: 11.2.0.31560)
Citrix online plug-in (Web) (x32 Version: 11.2.0.31560)
Contact Capture 4.1 (x32)
CyberLink DVD Suite (x32 Version: 6.0.2326)
D3DX10 (x32 Version: 15.4.2368.0902)
Defraggler (Version: 2.15)
DigitalPersona Personal 4.11 (Version: 4.11.3805)
Ditto (x32)
DJ_AIO_03_F4200_Software_Min (x32 Version: 110.0.206.000)
DriverAgent by eSupport.com
eReg (x32 Version: 1.20.138.34)
ESU for Microsoft Vista (x32 Version: 1.0.0)
Evernote v. 5.0.3 (x32 Version: 5.0.3.1614)
Facebook Video Calling 1.2.0.287 (x32 Version: 1.2.287)
GanttProject (x32)
Git version 1.7.9-preview20120201 (x32 Version: 1.7.9-preview20120201)
GitHub (HKCU Version: 1.0.45.0)
Google Chrome (HKCU Version: 30.0.1599.101)
Google Drive (x32 Version: 1.12.5329.1887)
Google Earth Plug-in (x32 Version: 7.1.1.1888)
Google Update Helper (x32 Version: 1.3.21.165)
GoToMeeting 5.4.0.1082 (HKCU Version: 5.4.0.1082)
Heroku version 2.33.2 (x32 Version: 2.33.2)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000)
HP 3D DriveGuard (Version: 4.0.3.1)
HP Advisor (x32 Version: 3.2.9652.3188)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7)
HP Deskjet F4200 All-In-One Driver 11.0 03 (Version: 11.0)
HP Doc Viewer (x32 Version: 1.01.0005)
HP MediaSmart DVD (x32 Version: 2.1.2328)
HP MediaSmart SlingPlayer (x32 Version: 2.1)
HP MediaSmart Webcam (x32 Version: 4.0.2626)
HP Print Diagnostic Utility (x32 Version: 1.51.0000)
HP Product Detection (x32 Version: 11.15.0008)
HP Support Assistant (x32 Version: 7.0.39.15)
HP Total Care Setup (x32 Version: 1.1.2413.2876)
HP Update (x32 Version: 5.003.001.001)
HP User Guides 0115 (x32 Version: 1.04.0000)
iCloud (Version: 3.0.2.163)
IDT Audio (x32 Version: 1.0.6225.0)
Informatica Cloud Secure Agent (x32 Version: 1.0.0.0)
iTunes (Version: 11.1.1.11)
Java 7 Update 25 (x32 Version: 7.0.250)
Java™ 6 Update 25 (x32 Version: 6.0.250)
Java™ 6 Update 29 (x32 Version: 6.0.290)
JavaFX 2.1.1 (x32 Version: 2.1.1)
Jitterbit Data Loader for Salesforce (x32 Version: 5.0.3.8)
JMicron JMB38X Flash Media Controller Driver (x32 Version: 1.00.20.07)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Juno Preloader (x32 Version: 1.0.0)
LabelPrint (x32 Version: 2.5.1118)
LastPass (uninstall only) (HKCU)
LightScribe System Software (x32 Version: 1.18.10.2)
Logitech SetPoint 6.30 (Version: 6.30.43)
Loki ActiveX Control (x32 Version: 3.1.0.05)
McAfee Security Scan Plus (x32 Version: 3.0.318.3)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft IntelliPoint 8.2 (Version: 8.20.468.0)
Microsoft IntelliType Pro 8.2 (Version: 8.20.469.0)
Microsoft Office 365 Small Business Premium - en-us (Version: 15.0.4535.1511)
Microsoft Office Live Add-in 1.4 (x32 Version: 2.0.3008.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (x32 Version: 9.0.21022.218)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Mozilla Firefox 24.0 (x86 en-US) (x32 Version: 24.0)
Mozilla Maintenance Service (x32 Version: 24.0)
mSpot (x32 Version: 1.3.18)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
muvee Reveal (x32 Version: 7.0.40.10061)
MySQL Workbench 5.2 CE (x32 Version: 5.2.35)
NetZero Preloader (x32 Version: 1.0.0)
Notepad++ (x32 Version: 6.3.3)
NVIDIA Display Control Panel (Version: 6.14.12.5896)
NVIDIA Drivers (Version: 1.10.62.40)
NVIDIA PhysX (x32 Version: 9.10.0224)
Octoshape add-in for Adobe Flash Player (HKCU)
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4535.1511)
Office 15 Click-to-Run Licensing Component (Version: 15.0.4535.1511)
Office 15 Click-to-Run Localization Component (Version: 15.0.4535.1511)
OpenOffice 4.0.0 (x32 Version: 4.00.9702)
Oxelon Media Converter 1.1 (x32)
Power2Go (x32 Version: 6.0.2325)
PowerDirector (x32 Version: 7.0.2317)
PVSonyDll (Version: 1.00.0001)
Python 3.3.0 (x32 Version: 3.3.150)
QLBCASL (x32 Version: 6.40.17.2)
QuickBooks Remote Access (HKCU)
QuickTime (x32 Version: 7.74.80.86)
Realtek 8169 8168 8101E 8102E Ethernet Driver (x32 Version: 1.00.0000)
Respondus LockDown Browser (x32 Version: 1.02.0001)
Ruby 1.9.2-p290 (HKCU Version: 1.9.2-p290)
salesforce.com Data Loader (x32)
Scan (x32 Version: 11.0.0.0)
Seesmic Desktop 2 (HKCU)
Slingbox - Watch Your TV Anywhere (x32 Version: 1.0.0)
SlingPlayer (x32 Version: 1.04.0206)
Spotify (HKCU Version: 0.8.3.222.g317ab79d)
Startup Delayer v2.5 (build 138) (x32)
Synaptics Pointing Device Driver (Version: 15.0.17.4)
System Requirements Lab (x32)
Tableau 6.0 (x32 Version: 6.0.264)
Tableau 8.0 (x32 Version: 8.0.357)
Toolbox (x32 Version: 110.0.180.000)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3)
Validity Sensors software (Version: 2.8.109)
Visual C++ 8.0 Runtime Setup Package (x64) (x32 Version: 9.0.0.623)
Visual Studio 2008 x64 Redistributables (x32 Version: 10.0.0.2)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
WebEx Meeting Manager for Mozilla Firefox/Netscape Navigator (x32 Version: 7.5.3)
Windows Driver Package - ENE (enecir) HIDClass  (09/04/2008 2.6.0.0) (Version: 09/04/2008 2.6.0.0)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3538.0513)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live Sync (x32 Version: 14.0.8089.726)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8)
Windows Mobile Device Center (Version: 6.1.6965.0)
Xiph.Org Open Codecs 0.85.17777 (x32 Version: 0.85.17777)
Xtranormal - TTS Engine (x32 Version: 1.0.3)
Xtranormal Desktop (x32 Version: 3.5.873.3809)
Xtranormal State - Showpak-Beiges (x32 Version: 1.2.8)
Xtranormal State - Showpak-COL (x32 Version: 1.0.5)
Xtranormal State - Showpak-EBU-Full (x32 Version: 1.0.5)
Xtranormal State - Showpak-FM (x32 Version: 1.2.9)
Xtranormal State - Showpak-FMHIST (x32 Version: 1.0.2)
Xtranormal State - Showpak-PlaygozPresidents (x32 Version: 1.0.0)
Xtranormal State - Showpak-RBT (x32 Version: 1.2.8)
Xtranormal State - Showpak-STA1 (x32 Version: 1.0.15)
Xtranormal State - Showpak-STK (x32 Version: 1.0.3)
Xtranormal State - Showpak-SUT (x32 Version: 1.2.7)
Xtranormal State - Showpak-THN (x32 Version: 1.2.11)
Xtranormal State - Showpak-WorldCup (x32 Version: 1.0.1)
Xtranormal State - SoundPack-Sound Effects (x32 Version: 1.0.2)
Xtranormal State - SoundPack-Starter Kit (x32 Version: 1.0.2)
Xtranormal State - SounpPack-Music samples (x32 Version: 1.0.1)
Xtranormal State - Voicepack-BelgianDutch-Jeroen22k (x32 Version: 1.0.0)
Xtranormal State - Voicepack-BelgianDutch-Sofie22k (x32 Version: 1.0.0)
Xtranormal State - Voicepack-Brazilian-Marcia22k (x32 Version: 1.0.0)
Xtranormal State - Voicepack-British-Graham22k (x32 Version: 1.0.2)
Xtranormal State - Voicepack-British-Lucy22k (x32 Version: 1.0.2)
Xtranormal State - Voicepack-British-Peter22k (x32 Version: 1.0.0)
Xtranormal State - Voicepack-British-Rachel22k (x32 Version: 1.0.0)
Xtranormal State - Voicepack-Catalan-Laia22k (x32 Version: 1.0.0)
Xtranormal State - Voicepack-Danish-Mette22k (x32 Version: 1.0.0)
Xtranormal State - Voicepack-Danish-Rasmus22k (x32 Version: 1.0.0)
Xtranormal State - Voicepack-Dutch-Femke22k (x32 Version: 1.0.0)
Xtranormal State - Voicepack-Dutch-Max22k (x32 Version: 1.0.0)
Xtranormal State - Voicepack-German-Julia22k (x32 Version: 1.0.0)
Xtranormal State - Voicepack-German-Klaus22k (x32 Version: 1.0.0)
Xtranormal State - Voicepack-German-Sarah22k (x32 Version: 1.0.0)
Xtranormal State - Voicepack-Greek-Dimitris22k (x32 Version: 1.0.0)
Xtranormal State - Voicepack-IndianEnglish-Deepa22k (x32 Version: 1.0.0)
Xtranormal State - Voicepack-Italian-Chiara22k (x32 Version: 1.0.0)
Xtranormal State - Voicepack-Italian-Vittorio22k (x32 Version: 1.0.0)
Xtranormal State - Voicepack-Portuguese-Celia22k (x32 Version: 1.0.0)
Xtranormal State - Voicepack-Spanish-Antonio22k (x32 Version: 1.0.0)
Xtranormal State - Voicepack-Spanish-Maria22k (x32 Version: 1.0.0)
Xtranormal State - Voicepack-USEnglish-Heather22k (x32 Version: 1.0.2)
Xtranormal State - Voicepack-USEnglish-Kenny22k (x32 Version: 1.0.0)
Xtranormal State - Voicepack-USEnglish-Laura22k (x32 Version: 1.0.0)
Xtranormal State - Voicepack-USEnglish-Nelly22k (x32 Version: 1.0.0)
Xtranormal State - Voicepack-USEnglish-Ryan22k (x32 Version: 1.0.2)
Xtranormal State - Voicepack-USEnglish-Tracy22k (x32 Version: 1.0.0)
Xtranormal State - Voicepack-USSpanish-Rosa22k (x32 Version: 1.0.0)
Xtranormal State (x32 Version: 2.6.3720.108)
 
==================== Restore Points  =========================
 
24-10-2013 14:18:09 Scheduled Checkpoint
26-10-2013 15:12:16 Installed Evernote v. 5.0.3
 
==================== Hosts content: ==========================
 
2006-11-02 08:34 - 2006-09-18 17:37 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {02EF69DC-1D60-4769-A07D-71D5965A7904} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-09-06] (Microsoft Corporation)
Task: {070B4990-31BF-4CA5-BF7C-1A9A4C648B3A} - System32\Tasks\AdobeAAMUpdater-1.0-HealthDetail-DD-Darrell => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2012-09-20] (Adobe Systems Incorporated)
Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {19A9E4F2-E6C1-4DAE-9BD7-88759F12CEA2} - System32\Tasks\{16BF84F5-1849-4AF7-8B04-1C74B76130ED} => C:\Program Files (x86)\Skype\\Phone\Skype.exe
Task: {1A27F881-501D-46CE-B673-1D2E91AFC4D5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {1B120C6F-9883-41E3-8601-D0BBBE0B57C2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-09-05] (Hewlett-Packard Company)
Task: {28108D82-2749-4B9D-B876-60F0E21934A8} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2066770089-1179433659-3665376092-1000Core => C:\Users\Darrell\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-09] (Google Inc.)
Task: {32FD0C4B-1998-4300-9E5B-E6BB61E95972} - System32\Tasks\HPCeeScheduleForDarrell => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {362256FD-6FD5-4C4E-B2B3-A93DAC6CD319} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2066770089-1179433659-3665376092-1000UA => C:\Users\Darrell\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-09] (Google Inc.)
Task: {4C740C6E-564E-4FD2-A9D3-9F019281AAAF} - System32\Tasks\Defraggler Volume C Task => C:\Program Files\Defraggler\df64.exe [2010-07-30] (Piriform Ltd)
Task: {68E7258C-EFC5-4BC3-87D5-8DB59686C37F} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {712C6861-2B14-4E72-92BA-22B6921FE2B7} - System32\Tasks\Microsoft\Windows\Wired\GatherWiredInfo => C:\Windows\system32\gatherWiredInfo.vbs
Task: {7144E490-7102-4A7E-A2CD-266B39BCD771} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-08-09] (Hewlett-Packard)
Task: {82C1B26B-3B84-47E2-A7BB-46D02B63D516} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {86A08A1A-05C0-4625-A100-B930B568E73D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09] (Adobe Systems Incorporated)
Task: {8F77B7BF-95E8-4B7F-8D29-0509539FACC0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-05-09] (Google Inc.)
Task: {966A2401-9ED0-4A4C-80C4-2B5E8749074F} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Darrell => c:\program files\windows calendar\wincal.exe
Task: {A14943F1-7F71-4C72-B1B1-A3AE703AEBE8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-05-09] (Google Inc.)
Task: {A59F8935-C42F-44A8-BD75-06D8DEABEDD9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {BF507D98-B25E-4BCC-848F-82446901564F} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => C:\Program Files\Microsoft IntelliType Pro\itype.exe [2011-08-10] (Microsoft Corporation)
Task: {E0742A39-C95B-4034-A43A-40DC9F6C5F1B} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2011-08-01] (Microsoft Corporation)
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs
Task: {EE338562-27AE-4895-B16B-84312CCDC6B4} - System32\Tasks\IHUninstallTrackingTASK => C:\Windows\System32\CMD
Task: {FECC5994-8729-4EF6-8FB3-A46F532388EE} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2013-10-15] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Defraggler Volume C Task.job => C:\Program Files\Defraggler\df64.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2066770089-1179433659-3665376092-1000Core.job => C:\Users\Darrell\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2066770089-1179433659-3665376092-1000UA.job => C:\Users\Darrell\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForDarrell.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Loaded Modules (whitelisted) =============
 
2011-06-23 19:42 - 2011-06-23 19:42 - 01302808 _____ () C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll
2013-09-13 10:45 - 2013-09-13 10:45 - 08866472 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2011-06-24 22:56 - 2011-06-24 22:56 - 00087328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-06-24 22:56 - 2011-06-24 22:56 - 01241888 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2009-02-06 12:15 - 2008-12-17 20:11 - 00132480 _____ () C:\Program Files (x86)\SMINST\STWmiM.dll
2013-09-26 13:50 - 2013-09-26 13:50 - 00433664 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
2013-09-26 13:49 - 2013-09-26 13:49 - 00315392 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
2013-09-13 10:45 - 2013-09-13 10:45 - 08866472 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-10-19 10:17 - 2013-10-08 20:01 - 00698832 _____ () C:\Users\Darrell\AppData\Local\Google\Chrome\Application\30.0.1599.101\libglesv2.dll
2013-10-19 10:17 - 2013-10-08 20:01 - 00099792 _____ () C:\Users\Darrell\AppData\Local\Google\Chrome\Application\30.0.1599.101\libegl.dll
2013-10-19 10:17 - 2013-10-08 20:02 - 04055504 _____ () C:\Users\Darrell\AppData\Local\Google\Chrome\Application\30.0.1599.101\pdf.dll
2013-10-19 10:17 - 2013-10-08 20:02 - 00415184 _____ () C:\Users\Darrell\AppData\Local\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll
2013-10-19 10:17 - 2013-10-08 20:01 - 01604560 _____ () C:\Users\Darrell\AppData\Local\Google\Chrome\Application\30.0.1599.101\ffmpegsumo.dll
2013-03-27 12:47 - 2013-03-27 12:47 - 00342528 _____ () C:\Users\Darrell\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpngackimfmofbokmjmljamhdncknpmg\5.0.6_0\plugin\screen_capture.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
 
System errors:
=============
Error: (10/29/2013 00:34:47 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the btwdins service.
 
Error: (10/29/2013 00:33:48 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the btwdins service.
 
Error: (10/29/2013 00:30:40 PM) (Source: ipnathlp) (User: )
Description: The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
 
Error: (10/29/2013 00:28:44 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the btwdins service.
 
Error: (10/29/2013 00:27:58 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the btwdins service.
 
Error: (10/29/2013 00:27:54 PM) (Source: ipnathlp) (User: )
Description: The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
 
Error: (10/29/2013 00:27:02 PM) (Source: ipnathlp) (User: )
Description: The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
 
Error: (10/29/2013 00:26:33 PM) (Source: ipnathlp) (User: )
Description: The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
 
Error: (10/29/2013 00:26:03 PM) (Source: ipnathlp) (User: )
Description: The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
 
Error: (10/29/2013 00:21:21 PM) (Source: ipnathlp) (User: )
Description: The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
 
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2010-10-09 11:11:42.916
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgfwd6a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2010-10-09 11:11:42.900
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgfwd6a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2010-10-07 17:10:30.884
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgfwd6a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2010-10-07 17:10:30.869
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgfwd6a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2010-10-05 17:28:28.195
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgfwd6a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2010-10-05 17:28:28.179
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgfwd6a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2010-10-03 11:45:54.132
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgfwd6a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2010-10-03 11:45:54.132
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgfwd6a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2010-10-02 18:47:50.132
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgfwd6a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2010-10-02 18:47:50.132
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgfwd6a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 49%
Total physical RAM: 4063.2 MB
Available physical RAM: 2059.29 MB
Total Pagefile: 8124.57 MB
Available Pagefile: 5369.77 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:223.03 GB) (Free:83.78 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:9.85 GB) (Free:1.72 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 233 GB) (Disk ID: 6F656A5A)
Partition 1: (Active) - (Size=223 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

 



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,427 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:45 PM

Posted 29 October 2013 - 06:10 PM

Greetings,

Thank you for the information. Please do these things.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
SearchScopes: HKLM - {9C37F2A3-6850-40B3-A381-2A0AF373F32F} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM-x32 - {9C37F2A3-6850-40B3-A381-2A0AF373F32F} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKCU - {9C37F2A3-6850-40B3-A381-2A0AF373F32F} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
C:\Users\Darrell\AppData\Roaming\desktop.ini
C:\Users\Darrell\gotomypc_540.exe
C:\Users\Darrell\gotomypc_626.exe
C:\Users\Darrell\gotomypc_635.exe
C:\Users\Darrell\AppData\Local\Temp\Quarantine.exe
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

RogueKiller by Tigzy

--------------------
  • Download RogueKiller and save it to your desktop
  • Close all running programs
  • For Vista/7 users right click on the icon and select Run as Administrator
  • For Windows XP simply double click on the icon
  • When prompted, Click Scan
  • When the Status box shows Scan Finished click Delete
  • Click Report
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it winlogon.exe (or winlogon.com) and try again
  • Copy and paste the contents of the report in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • RogueKiller log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 ddeveaux

ddeveaux
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:09:45 PM

Posted 29 October 2013 - 07:53 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-10-2013
Ran by Darrell at 2013-10-29 20:37:50 Run:1
Running from C:\Users\Darrell\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
SearchScopes: HKLM - {9C37F2A3-6850-40B3-A381-2A0AF373F32F} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM-x32 - {9C37F2A3-6850-40B3-A381-2A0AF373F32F} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKCU - {9C37F2A3-6850-40B3-A381-2A0AF373F32F} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No
File
C:\Users\Darrell\AppData\Roaming\desktop.ini
C:\Users\Darrell\gotomypc_540.exe
C:\Users\Darrell\gotomypc_626.exe
C:\Users\Darrell\gotomypc_635.exe
C:\Users\Darrell\AppData\Local\Temp\Quarantine.exe
*****************
 
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9C37F2A3-6850-40B3-A381-2A0AF373F32F} => Key deleted successfully.
HKCR\CLSID\{9C37F2A3-6850-40B3-A381-2A0AF373F32F} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9C37F2A3-6850-40B3-A381-2A0AF373F32F} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{9C37F2A3-6850-40B3-A381-2A0AF373F32F} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9C37F2A3-6850-40B3-A381-2A0AF373F32F} => Key deleted successfully.
HKCR\CLSID\{9C37F2A3-6850-40B3-A381-2A0AF373F32F} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => Value deleted successfully.
HKCR\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => Key not found.
HKCR\PROTOCOLS\Handler\linkscanner => Key deleted successfully.
HKCR\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} => Key not found.
HKCR\Wow6432Node\PROTOCOLS\Handler\linkscanner => Key not found.
HKCR\Wow6432Node\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} => Key not found.
C:\Users\Darrell\AppData\Roaming\desktop.ini => Moved successfully.
C:\Users\Darrell\gotomypc_540.exe => Moved successfully.
C:\Users\Darrell\gotomypc_626.exe => Moved successfully.
C:\Users\Darrell\gotomypc_635.exe => Moved successfully.
C:\Users\Darrell\AppData\Local\Temp\Quarantine.exe => Moved successfully.
 
==== End of Fixlog ====
 
RogueKiller V8.7.6 [Oct 28 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Darrell [Admin rights]
Mode : Remove -- Date : 10/29/2013 20:52:45
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 4 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
 
¤¤¤ Scheduled tasks : 1 ¤¤¤
[V2][SUSP PATH] IHUninstallTrackingTASK : CMD - /C DEL C:\Windows\TEMP\IHU4A86.tmp.exe [x][x] -> DELETED
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
127.0.0.1       localhost
::1             localhost
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HTS723225L9A360 ATA Device +++++
--- User ---
[MBR] 6cc5910406bfb3c875662370de2b2dc9
[BSP] 41c98757aa94f3af9c83c158839907b6 : Toshiba MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 228380 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 467724288 | Size: 10091 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_D_10292013_205245.txt >>
RKreport[0]_S_10292013_204734.txt

 



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,427 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:45 PM

Posted 29 October 2013 - 08:47 PM

Any change in computer behavior?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 ddeveaux

ddeveaux
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:09:45 PM

Posted 29 October 2013 - 10:30 PM

Unfortunately, there doesn't seem to be. What happens, all along so far, is that 10-15 min after the computer boots up the cursor is essentially uncontrollable as it seems to jump all over when moved by mouse. The computer also makes a kind of grinding noise through the speakers. (not fan or anything). Hourglass occasionally comes on to indicate something is running on computer occasionally. Computer then slows to crawl where response time for anything is a couple of minutes.

 

All of the above occurs whether I use computer or just boot it up and let it sit, which is what I did tonight after running the programs you suggested and rebooting. Didn't open a program at all and behavior started after 10 min or so.

 

Darrell



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,427 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:45 PM

Posted 30 October 2013 - 08:09 AM

Hi Darrell,

Thanks for the detailed update. If you have not done so already, please boot into Safe Mode and see if the behavior continues.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 ddeveaux

ddeveaux
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:09:45 PM

Posted 30 October 2013 - 08:27 PM

It looks like the answer is no, that it does not continue in Safe Mode. I logged in and let computer sit in Safe Mode for a few hours and it appears very speedy...I cannot connect to Internet since I do not have wireless access in Safe Mode, but in regular login the system behaves poorly whether connected to Internet or not. So I guess Safe Mode is good. So any ideas now?



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,427 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:45 PM

Posted 30 October 2013 - 08:33 PM

Yes I do have a follow up step for you. Please do this.

===================================================

Clean Boot
--------------------
  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msconfig and press Enter
  • If you are prompted for an administrator password or for a confirmation, type the password, or provide confirmation
  • In the System Configuration Utility dialog box, click Selective Startup on the General tab
  • Click to clear the Load Startup Items check box
  • Click the Services tab
  • Click to select the Hide All Microsoft Services check box
  • Click Disable All, and then click OK
  • When you are prompted, click Restart
  • Check your computer performance
===================================================

Things I would like to see in your next reply. :thumbsup2:
  • How is your computer behaving?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 ddeveaux

ddeveaux
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:09:45 PM

Posted 31 October 2013 - 08:07 AM

From Safe Mode or Normal Startup?



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,427 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:45 PM

Posted 31 October 2013 - 08:13 AM

Normal
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users