Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

getting pop ups in new tabs when i click on links


  • This topic is locked This topic is locked
18 replies to this topic

#1 sminnick

sminnick

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:07 PM

Posted 30 December 2013 - 05:38 PM

Hello, I am helping my dad with his computer and I suspect he has something on his computer.  It keeps opening up popups for advertisements in new windows/tabs whenever I click on links.  He has a bunch of crap on this computer and was wondering If I can get help to see if I can clear some of this up, thanks.  

 

DDS log....

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.45.2
Run by LeRoy E at 17:29:17 on 2013-12-30
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.6135.2795 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe
C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe
C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe
C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\spool\DRIVERS\x64\3\lxeaserv.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Windows\system32\lxeacoms.exe
C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe
C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
C:\Program Files (x86)\Ralink\Common\RaUI.exe
C:\Users\LeRoy E\AppData\Roaming\CBS Interactive\Download App\CBSI.AppStore.Main.exe
C:\Users\LeRoy E\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\SysWOW64\IoctlSvc.exe
C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe
C:\KS600n5\Bin\rds.exe
C:\Program Files (x86)\Intel\IntelAppStore\bin\AppUp.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Users\LeRoy E\AppData\Local\Strongvault Online Backup\SMessaging.exe
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Windows\system32\SearchIndexer.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\LeRoy E\AppData\Local\NativeMessaging\CT3289663\1_0_0_7\TBMessagingHost.exe
C:\Program Files\OutfoxTV\OutfoxTvService.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files\OutfoxTV\OutfoxTvService.exe
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearch Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mURLSearchHooks: {07cbf788-1359-421b-a4e3-5a8d041b90a3} - <orphaned>
mURLSearchHooks: {334293c8-082d-47f8-9f7d-b388d7eb3586} - <orphaned>
mWinlogon: Userinit = userinit.exe
BHO: Webexp Enhanced: {07c7b068-1238-4734-ac6f-a1cc40ad4914} - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha267\ie\WebexpEnhancedV1alpha267.dll
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll
BHO: ScorpionSaver: {10AD2C61-0898-4348-8600-14A342F22AC3} - C:\Program Files (x86)\ScorpionSaver\IECore.dll
BHO: Plus-HD-1.5: {11111111-1111-1111-1111-110311201100} - C:\Program Files (x86)\Plus-HD-1.5\Plus-HD-1.5-bho.dll
BHO: DownloadTerms: {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - 
BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} - 
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: CostMin: {EABF9A3E-C457-CD48-EFA9-F7EAED6DAAC1} - C:\ProgramData\CostMin\7.dll
TB: &RoboForm Toolbar: {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
uRun: [AIM for Windows] "C:\Users\LeRoy E\AppData\Local\AOL\AIM\aim.exe"
uRun: [TBHostSupport] "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\LeRoy E\AppData\Local\TBHostSupport\TBHostSupport_0.dll",DLLRunTBHostSupportPlugin
uRun: [TWC.Win7] C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe
uRun: [GoogleChromeAutoLaunch_F32FC8C7339966E918708FD81C7FCA7B] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
uRun: [OutfoxTV] C:\Program Files\OutfoxTV\OutfoxTV\DesktopContainer.exe
uRunOnce: [Application Restart #2] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe  --flag-switches-begin --flag-switches-end --restore-last-session -- https://e.tigerdirect.com/pub/cc?_ri_=X0Gzc2X%3DWQpglLjHJlYQGtyyhT4IGzdu9kINfj59nzfKG88sjOuHqmVXtpKX%3DTASAA&_ei_=EolaGGF4SNMvxFF7KucKuWPo79aOMRpBu6uNdm9n1krXcdHy3oXRgo5tWLhtUxcG.
mRun: [NBKeyScan] "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
mRun: [Intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.lnk"
mRun: [Intel AppUp(SM) center_Nagware] "C:\Program Files (x86)\Intel\IntelAppStore\bin\AppUp.lnk"
mRun: [SMessaging] "C:\Users\LeRoy E\AppData\Local\Strongvault Online Backup\SMessaging.exe"
mRun: [ApnTBMon] "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
dRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
StartupFolder: C:\Users\LEROYE~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DOWNLO~1.LNK - C:\Users\LeRoy E\AppData\Roaming\CBS Interactive\Download App\CBSI.AppStore.Main.exe
StartupFolder: C:\Users\LEROYE~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\LeRoy E\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\RALINK~1.LNK - C:\Program Files (x86)\Ralink\Common\RaUI.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{13AA27A2-493E-482A-9CDE-7502B84DA494} : DHCPNameServer = 192.168.43.1
TCP: Interfaces\{13AA27A2-493E-482A-9CDE-7502B84DA494}\C696E6B6379737 : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{AE8DC482-6F45-4BD8-B97A-528F54DAEEA4} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs=   
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Plus-HD-1.5: {11111111-1111-1111-1111-110311201100} - C:\Program Files (x86)\Plus-HD-1.5\Plus-HD-1.5-bho64.dll
x64-BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
x64-Run: [lxeamon.exe] "C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe"
x64-Run: [EzPrint] "C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe"
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2012/01/07 08:59:21];C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [2011-9-16 148976]
R2 {73526619-C24F-470B-9BED-53D455FBB5C6};Power Control [2012/10/08 09:59:42];C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl [2012-9-10 147704]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2011-12-20 494424]
R2 APNMCP;Ask Update Service;C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [2013-11-8 166352]
R2 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [2012-1-7 83240]
R2 CLHNServiceForPowerDVD12;CLHNServiceForPowerDVD12;C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [2012-10-8 90640]
R2 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [2012-1-7 75048]
R2 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe [2012-1-7 292136]
R2 CyberLink PowerDVD 12 Media Server Monitor Service;CyberLink PowerDVD 12 Media Server Monitor Service;C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [2012-10-8 78352]
R2 CyberLink PowerDVD 12 Media Server Service;CyberLink PowerDVD 12 Media Server Service;C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [2012-10-8 295440]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2013-6-28 14624]
R2 Level Quality Watcher;Level Quality Watcher;C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe run options=01110010000000000000000000000000 sourceguid=72AE063D --> C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe run options=01110010000000000000000000000000 sourceguid=72AE063D [?]
R2 lxea_device;lxea_device;C:\Windows\System32\lxeacoms.exe -service --> C:\Windows\System32\lxeacoms.exe -service [?]
R2 lxeaCATSCustConnectService;lxeaCATSCustConnectService;C:\Windows\System32\spool\drivers\x64\3\lxeaserv.exe [2010-4-14 45736]
R2 MsgPlusService;Messenger Plus! Service;C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe [2013-3-1 128000]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 134944]
R2 ntk_PowerDVD;ntk_PowerDVD;C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys [2012-1-7 75248]
R2 ntk_PowerDVD12;ntk_PowerDVD12;C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [2012-10-8 83704]
R2 OS Selector;Acronis OS Selector activator;C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe [2010-5-25 2139400]
R2 OutfoxTvService;OutfoxTvService;C:\Program Files\OutfoxTV\OutfoxTvService.exe [2013-12-25 310160]
R2 RalinkRegistryWriter;Ralink Registry Writer;C:\Program Files (x86)\Ralink\Common\RaRegistry.exe [2011-7-16 185632]
R2 RalinkRegistryWriter64;Ralink Registry Writer 64;C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe [2011-7-16 211232]
R2 RDM Server (rdmserver);RDM Server (rdmserver);C:\KS600n5\Bin\rds.exe [2011-11-23 24632]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-12-25 3921880]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-12-25 171416]
R2 SpyHunter 4 Service;SpyHunter 4 Service;C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [2013-10-18 1025408]
R2 supersafer64;supersafer64;C:\Windows\SysWOW64\drivers\supersafer64.sys [2012-2-4 238072]
R2 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2013-12-30 5341536]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
R3 esgiguard;esgiguard;C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [2011-3-2 13088]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
S2 CLKMSVC10_38F51D56;CyberLink Product - 2012/02/26 17:17:28;C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2011-4-20 241648]
S2 CLKMSVC10_90970B6B;CyberLink Product - 2012/10/08 09:51:23;C:\Program Files (x86)\CyberLink\PowerProducer\BDSDK\NavFilter\kmsvc.exe [2010-11-9 246256]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-12-25 1042272]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 EsgScanner;EsgScanner;C:\Windows\System32\drivers\EsgScanner.sys [2013-12-23 22704]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-7-16 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-12 111616]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]
S3 LVUVC64;Logitech Webcam C260(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [2013-9-6 288776]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2011-7-16 718848]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 SWDUMon;SWDUMon;C:\Windows\System32\drivers\SWDUMon.sys [2011-12-10 15672]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-7-15 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-12-30 21:01:55 -------- d-----w- C:\ProgramData\Freemake
2013-12-30 20:58:08 -------- d-----w- C:\Program Files\OutfoxTV
2013-12-30 20:57:31 -------- d-----w- C:\Program Files (x86)\Freemake
2013-12-30 19:57:42 -------- d-----w- C:\v2d
2013-12-30 19:57:21 -------- d-----w- C:\Program Files (x86)\Free MKV Video2Dvd
2013-12-30 15:42:02 10315576 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D2DB99B4-9DB2-40F1-9D14-723EDEF7748E}\mpengine.dll
2013-12-28 23:06:06 10315576 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-12-25 20:13:42 21040 ----a-w- C:\Windows\System32\sdnclean64.exe
2013-12-25 20:13:31 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2013-12-25 20:13:19 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-12-25 19:49:36 -------- d-----w- C:\ProgramData\Microsoft Toolkit
2013-12-25 18:24:07 -------- d-----w- C:\Users\LeRoy E\AppData\Local\Intuit
2013-12-24 03:32:40 439296 ----a-w- C:\Windows\System32\AdpeakProxy64.dll
2013-12-24 03:32:38 338944 ----a-w- C:\Windows\SysWow64\AdpeakProxy.dll
2013-12-24 03:32:36 -------- d-----w- C:\Program Files\ScorpionSaver Services
2013-12-23 15:56:11 22704 ----a-w- C:\Windows\System32\drivers\EsgScanner.sys
2013-12-23 15:56:08 110080 ----a-r- C:\Users\LeRoy E\AppData\Roaming\Microsoft\Installer\{72AAF455-1E54-475B-B0AB-5413C78D0E63}\IconF7A21AF7.exe
2013-12-23 15:56:08 110080 ----a-r- C:\Users\LeRoy E\AppData\Roaming\Microsoft\Installer\{72AAF455-1E54-475B-B0AB-5413C78D0E63}\IconD7F16134.exe
2013-12-23 15:56:08 110080 ----a-r- C:\Users\LeRoy E\AppData\Roaming\Microsoft\Installer\{72AAF455-1E54-475B-B0AB-5413C78D0E63}\Icon1226A4C5.exe
2013-12-23 15:56:01 -------- d-----w- C:\sh4ldr
2013-12-23 15:56:01 -------- d-----w- C:\Program Files\Enigma Software Group
2013-12-23 15:55:00 -------- d-----w- C:\Windows\72AAF4551E54475BB0AB5413C78D0E63.TMP
2013-12-23 15:54:59 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2013-12-23 12:08:55 -------- d-----w- C:\Program Files (x86)\WebexpEnhancedV1
2013-12-12 08:03:06 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2013-12-12 08:03:06 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2013-12-12 08:03:05 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2013-12-12 08:03:04 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2013-12-11 17:44:23 335360 ----a-w- C:\Windows\System32\msieftp.dll
2013-12-09 20:22:04 -------- d-----w- C:\Program Files (x86)\BetterSurf
2013-12-07 16:37:41 965000 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7B6C7E6E-4E50-49F8-9F00-6C14224172CE}\gapaengine.dll
.
==================== Find3M  ====================
.
2013-12-10 21:28:23 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-10 21:28:23 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-11-26 10:19:07 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2013-11-26 10:18:23 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2013-11-26 08:35:02 5769216 ----a-w- C:\Windows\System32\jscript9.dll
2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-11-26 08:02:16 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-11-26 07:32:06 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57 2334208 ----a-w- C:\Windows\System32\wininet.dll
2013-11-26 06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-11-20 03:28:01 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2013-11-20 03:28:01 194048 ----a-w- C:\Windows\SysWow64\elshyph.dll
2013-11-19 10:21:41 267936 ------w- C:\Windows\System32\MpSigStub.exe
2013-11-16 20:46:11 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-11-12 02:23:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-11-12 02:07:29 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-10-30 02:19:52 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll
2013-10-30 01:24:31 3155968 ----a-w- C:\Windows\System32\win32k.sys
2013-10-19 02:18:57 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2013-10-19 01:36:59 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2013-10-12 02:32:04 150016 ----a-w- C:\Windows\System32\wshom.ocx
2013-10-12 02:31:04 202752 ----a-w- C:\Windows\System32\scrrun.dll
2013-10-12 02:30:42 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2013-10-12 02:29:21 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2013-10-12 02:29:08 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2013-10-12 02:04:36 121856 ----a-w- C:\Windows\SysWow64\wshom.ocx
2013-10-12 02:03:31 163840 ----a-w- C:\Windows\SysWow64\scrrun.dll
2013-10-12 02:03:08 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2013-10-12 02:01:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2013-10-12 01:33:39 156160 ----a-w- C:\Windows\System32\cscript.exe
2013-10-12 01:33:26 168960 ----a-w- C:\Windows\System32\wscript.exe
2013-10-12 01:15:48 141824 ----a-w- C:\Windows\SysWow64\wscript.exe
2013-10-12 01:15:48 126976 ----a-w- C:\Windows\SysWow64\cscript.exe
2013-10-05 20:25:35 1474048 ----a-w- C:\Windows\System32\crypt32.dll
2013-10-05 19:57:25 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-10-04 02:28:31 190464 ----a-w- C:\Windows\System32\SmartcardCredentialProvider.dll
2013-10-04 02:25:17 197120 ----a-w- C:\Windows\System32\credui.dll
2013-10-04 02:24:49 1930752 ----a-w- C:\Windows\System32\authui.dll
2013-10-04 02:16:30 116736 ----a-w- C:\Windows\System32\drivers\drmk.sys
2013-10-04 01:58:50 152576 ----a-w- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56:25 168960 ----a-w- C:\Windows\SysWow64\credui.dll
2013-10-04 01:56:00 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
2013-10-04 01:36:04 230400 ----a-w- C:\Windows\System32\drivers\portcls.sys
2013-10-03 02:23:48 404480 ----a-w- C:\Windows\System32\gdi32.dll
2013-10-03 02:00:44 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2013-07-29 13:00:06 51992 ----a-w- C:\Program Files (x86)\WDesktop.Updater.exe
.
============= FINISH: 17:30:14.22 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,310 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:07:07 PM

Posted 31 December 2013 - 03:43 AM

Hello! Welcome to BleepingComputer Forums! :welcome:
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

 

STEP 1

 

 

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Please copy and past the results at pastebin.com and post the link to the log in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

 

 

STEP 2

 

 

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 

 

STEP 3

 

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

 

 

Regards,

Georgi


cXfZ4wS.png


#3 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,310 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:07:07 PM

Posted 04 January 2014 - 06:08 PM

Hi,

 

Are you still there?

 

 

Regards,

Georgi


cXfZ4wS.png


#4 sminnick

sminnick
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:07 PM

Posted 05 January 2014 - 04:38 AM

Hello, sorry for not replying sooner, haven't been able to get to my dads computer, been out of town.  Hopefully i'll get down tomorrow and post the results for you, thanks for your help!



#5 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,310 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:07:07 PM

Posted 05 January 2014 - 05:44 AM

Ok and thank you for letting me know! :)

 

 

 

Regards,

Georgi


cXfZ4wS.png


#6 sminnick

sminnick
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:07 PM

Posted 06 January 2014 - 12:52 PM

Sorry took so long to get back to you, here are the logs requested.  After I scanned with adware, did you also want me to click the clean button?  I haven't done anything yet with it just copied the log file.

 

Adware:

http://pastebin.com/szSmXPFu

 

JRT log:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.9 (01.01.2014:1)
OS: Windows 7 Professional x64
Ran by LeRoy E on Mon 01/06/2014 at 12:28:52.10
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
Successfully stopped: [Service] msgplusservice 
Successfully deleted: [Service] msgplusservice 
Successfully stopped: [Service] APNMCP
Successfully deleted: [Service] APNMCP
 
 
 
~~~ Registry Values
 
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SMessaging [Strongvault]
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\apntbmon
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
Suspicious HKCU\..\Run entries found. Trojan:JS/Medfos.B?
 
    Value Name          Type                             Value Data                     
========================================================================================
    TBHostSupport    REG_SZ    "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\LeRoy E\AppData\Local\TBHostSupport\TBHostSupport_0.dll",DLLRunTBHostSupportPlugin
 
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\defaulttabbho.defaulttabbrowser
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\defaulttabbho.defaulttabbrowser.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\defaulttabbho.defaulttabbrowseractivex
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\defaulttabbho.defaulttabbrowseractivex.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{38495740-0035-4471-851E-F5BBB86AB085}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\defaulttabbho.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{37211D63-CCE9-4780-B182-96538CFC6FED}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{8B9C4F32-044E-491C-893E-362CB8A679D5}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{CBC3E05C-F841-452A-A600-E8D8BBEA63D9}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{CBC3E05D-F841-452A-A600-E8D8BBEA63DA}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{CF2BF214-9D1E-4803-9AEB-38552615FD40}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\apn dtx
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installcore
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installedbrowserextensions
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smartbarlog
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\speedypc software
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\stronghold online backup
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\systweak
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\tuguu sl
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yuna software
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\zugo
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitsearchscopes
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\crossrider
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\lyricsspeaker
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\plus-hd-1.5
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\pricegong
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\toolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1BB8B3AE-757D-443F-B3A4-0629E709B0D9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\esafeseccontrol
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\firstsearch
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\speedypc software
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\systweak
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\yuna software
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\msgplusforskype.animationpackage
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\msgplusforskype.skinpack
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\updater.amiupd
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\updater.amiupd.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\messenger plus! for skype_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\messenger plus! for skype_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\plusskypeservice_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\plusskypeservice_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\smartbar_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\smartbar_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\webcakedesktop_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\webcakedesktop_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\messenger plus! for skype
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\plus-hd-1.5
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{99c91fc5-db5b-4aa0-bb70-5d89c5a4df96}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\sp global
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\sprotector
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0032000.BHO
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0032000.BHO.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0032000.Sandbox
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0032000.Sandbox.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{11111111-1111-1111-1111-110311201100}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220322202200}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{55555555-5555-5555-5555-550355205500}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660366206600}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{44444444-4444-4444-4444-440344204400}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{11111111-1111-1111-1111-110311201100}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{22222222-2222-2222-2222-220322202200}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{55555555-5555-5555-5555-550355205500}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{66666666-6666-6666-6666-660366206600}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440344204400}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0032000.BHO
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0032000.BHO.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0032000.Sandbox
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0032000.Sandbox.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3072253
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3289663
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3289847
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3291679
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3302999
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{55555555-5555-5555-5555-550355205500}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660366206600}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{44444444-4444-4444-4444-440344204400}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110311201100}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskPIP_X-SD_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskPIP_X-SD_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskSLib_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskSLib_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\robotaskbaricon_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\robotaskbaricon_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskScheduler_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskScheduler_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311201100}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{55555555-5555-5555-5555-550355205500}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{66666666-6666-6666-6666-660366206600}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440344204400}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskPIP_X-SD_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskPIP_X-SD_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskSLib_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskSLib_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\robotaskbaricon_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\robotaskbaricon_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\TaskScheduler_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\TaskScheduler_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311201100}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8A21AE69-8B07-4A57-B7F7-E6FE54043115}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8CFFB531-C20D-4E68-A4E6-135C5438738F}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{D66E668A-E47E-43E7-8273-C325C94F40DE}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{110a9ea2-8810-4c04-b916-cfd4e9427fec}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2426}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EABF9A3E-C457-CD48-EFA9-F7EAED6DAAC1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{EABF9A3E-C457-CD48-EFA9-F7EAED6DAAC1}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EABF9A3E-C457-CD48-EFA9-F7EAED6DAAC1}
Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip"
Successfully deleted: [Registry Key] "hkey_current_user\software\askpartnernetwork"
Successfully deleted: [Registry Key] "hkey_local_machine\software\askpartnernetwork"
 
 
 
~~~ Files
 
Successfully deleted: [File] C:\Windows\Tasks\LyricsSpeaker Update.job
Successfully deleted: [File] C:\Windows\Tasks\Plus-HD-1.5-chromeinstaller.job
Successfully deleted: [File] C:\Windows\Tasks\Plus-HD-1.5-codedownloader.job
Successfully deleted: [File] C:\Windows\Tasks\Plus-HD-1.5-enabler.job
Successfully deleted: [File] C:\Windows\Tasks\Plus-HD-1.5-firefoxinstaller.job
Successfully deleted: [File] C:\Windows\Tasks\Plus-HD-1.5-updater.job
Successfully deleted: [File] "C:\Users\LeRoy E\appdata\local\google\chrome\user data\default\local storage\http_app.mam.conduit.com_0.localstorage"
Successfully deleted: [File] "C:\Users\LeRoy E\appdata\local\google\chrome\user data\default\local storage\http_app.mam.conduit.com_0.localstorage-journal"
Successfully deleted: [File] "C:\Users\LeRoy E\appdata\local\google\chrome\user data\default\local storage\http_facebook.conduitapps.com_0.localstorage"
Successfully deleted: [File] "C:\Users\LeRoy E\appdata\local\google\chrome\user data\default\local storage\http_facebook.conduitapps.com_0.localstorage-journal"
Successfully deleted: [File] "C:\Users\LeRoy E\appdata\local\google\chrome\user data\default\local storage\http_pricegong.conduitapps.com_0.localstorage"
Successfully deleted: [File] "C:\Users\LeRoy E\appdata\local\google\chrome\user data\default\local storage\http_pricegong.conduitapps.com_0.localstorage-journal"
Successfully deleted: [File] "C:\Users\LeRoy E\appdata\local\google\chrome\user data\default\local storage\http_storage.conduit.com_0.localstorage"
Successfully deleted: [File] "C:\Windows\syswow64\conduitengine.tmp"
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\ProgramData\costmin"
Successfully deleted: [Folder] "C:\ProgramData\messenger plus! for skype"
Successfully deleted: [Folder] "C:\ProgramData\speedypc software"
Successfully deleted: [Folder] "C:\ProgramData\strongvault online backup"
Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\Users\LeRoy E\AppData\Roaming\dealply"
Successfully deleted: [Folder] "C:\Users\LeRoy E\AppData\Roaming\drivercure"
Successfully deleted: [Folder] "C:\Users\LeRoy E\AppData\Roaming\opencandy"
Successfully deleted: [Folder] "C:\Users\LeRoy E\AppData\Roaming\performersoft"
Successfully deleted: [Folder] "C:\Users\LeRoy E\AppData\Roaming\speedypc software"
Successfully deleted: [Folder] "C:\Users\LeRoy E\AppData\Roaming\strongvault"
Successfully deleted: [Folder] "C:\Users\LeRoy E\AppData\Roaming\systweak"
Successfully deleted: [Folder] "C:\Users\LeRoy E\appdata\local\apn"
Successfully deleted: [Folder] "C:\Users\LeRoy E\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\LeRoy E\appdata\local\cre"
Successfully deleted: [Folder] "C:\Users\LeRoy E\appdata\local\opencandy"
Successfully deleted: [Folder] "C:\Users\LeRoy E\appdata\local\strongvault online backup"
Successfully deleted: [Folder] "C:\Users\LeRoy E\appdata\local\swvupdater"
Successfully deleted: [Folder] "C:\Users\LeRoy E\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\LeRoy E\appdata\locallow\costmin"
Successfully deleted: [Folder] "C:\Users\LeRoy E\appdata\locallow\internethelper3.1"
Successfully deleted: [Folder] "C:\Users\LeRoy E\appdata\locallow\pricegong"
Successfully deleted: [Folder] "C:\Users\LeRoy E\appdata\locallow\radiorage_4j"
Successfully deleted: [Folder] "C:\Users\LeRoy E\appdata\locallow\radiorage_4jei"
Successfully deleted: [Folder] "C:\Users\LeRoy E\appdata\locallow\searchresultstb"
Successfully deleted: [Folder] "C:\Users\LeRoy E\appdata\locallow\smartbar"
Successfully deleted: [Folder] "C:\Users\LeRoy E\appdata\locallow\totalrecipesearch_14"
Successfully deleted: [Folder] "C:\Users\LeRoy E\appdata\locallow\totalrecipesearch_14ei"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\internethelper3.1"
Successfully deleted: [Folder] "C:\Program Files (x86)\radiorage_4jei"
Successfully deleted: [Folder] "C:\Program Files (x86)\totalrecipesearch_14ei"
Successfully deleted: [Folder] "C:\Program Files (x86)\yuna software"
Successfully deleted: [Folder] "C:\Users\LeRoy E\AppData\Roaming\microsoft\windows\start menu\programs\strongvault online backup"
Successfully deleted: [Folder] "C:\ai_recyclebin"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
Successfully deleted: [Folder] "C:\ProgramData\AskPartnerNetwork"
Successfully deleted: [Folder] "C:\Program Files (x86)\askpartnernetwork"
 
 
 
~~~ Chrome
 
Failed to delete: [Folder] C:\Users\LeRoy E\appdata\local\Google\Chrome\User Data\Default\Extensions\ojcgaoafcmbadjkfdippkdddgkeaipbn
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Google\Chrome\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\dedmngkbaffkenlfdcbganndoghblmap
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 01/06/2014 at 12:41:48.77
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
FRST log:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-01-2014
Ran by LeRoy E (administrator) on LEROYE-PC on 06-01-2014 12:44:06
Running from C:\Users\LeRoy E\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
() C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
() C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Lexmark International, Inc.) C:\Windows\System32\spool\drivers\x64\3\lxeaserv.exe
( ) C:\Windows\System32\lxeacoms.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
() C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe
() C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Prolific Technology Inc.) C:\Windows\SysWOW64\IoctlSvc.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
() C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe
() C:\KS600n5\Bin\rds.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaUI.exe
(CBS Interactive Inc.) C:\Users\LeRoy E\AppData\Roaming\CBS Interactive\Download App\CBSI.AppStore.Main.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Dropbox, Inc.) C:\Users\LeRoy E\AppData\Roaming\Dropbox\bin\Dropbox.exe
() C:\Program Files (x86)\Intel\IntelAppStore\bin\AppUp.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
() C:\Users\LeRoy E\Downloads\AdwCleaner.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-01-21] (Microsoft Corporation)
HKLM\...\Run: [lxeamon.exe] - C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe [770728 2011-01-23] ()
HKLM\...\Run: [EzPrint] - C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe [148280 2011-01-23] ()
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM-x32\...\Run: [NBKeyScan] - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2221352 2008-06-08] (Nero AG)
HKLM-x32\...\Run: [Intel AppUp(SM) center] - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.lnk [1370 2011-12-10] ()
HKLM-x32\...\Run: [Intel AppUp(SM) center_Nagware] - C:\Program Files (x86)\Intel\IntelAppStore\bin\AppUp.lnk [2247 2011-12-10] ()
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKCU\...\Run: [Advanced SystemCare 5] - C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe [619352 2011-12-20] (IObit)
HKCU\...\Run: [RoboForm] - C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe [107000 2011-12-31] (Siber Systems)
HKCU\...\Run: [AIM for Windows] - "C:\Users\LeRoy E\AppData\Local\AOL\AIM\aim.exe"
HKCU\...\Run: [TBHostSupport] - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\LeRoy E\AppData\Local\TBHostSupport\TBHostSupport_0.dll",DLLRunTBHostSupportPlugin <===== ATTENTION
HKCU\...\Run: [TWC.Win7] - C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe [46592 2013-12-23] ()
HKCU\...\Run: [GoogleChromeAutoLaunch_F32FC8C7339966E918708FD81C7FCA7B] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [863184 2013-12-03] (Google Inc.)
HKCU\...\Run: [OutfoxTV] - C:\Program Files\OutfoxTV\OutfoxTV\DesktopContainer.exe
HKCU\...\RunOnce: [Application Restart #2] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe  --flag-switches-begin --flag-switches-end --restore-last-session -- https://e.tigerdirect.com/pub/cc?_ri_=X0Gzc2X%3DWQpglLjHJlYQGtyyhT4IGzdu9kINfj59nzfKG88sjOuHqmVXtpKX%3DTASAA&_ei_=EolaGGF4SNMvxFF7KucKuWPo79aOMRpBu6uNdm9n1krXcdHy3oXRgo5tWLhtUxcG. [863184 2013-12-03] (Google Inc.)
AppInit_DLLs:   [ ] ()
AppInit_DLLs-x32:    [ ] ()
Startup: C:\Users\LeRoy E\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Download App.lnk
ShortcutTarget: Download App.lnk -> C:\Users\LeRoy E\AppData\Roaming\CBS Interactive\Download App\CBSI.AppStore.Main.exe (CBS Interactive Inc.)
Startup: C:\Users\LeRoy E\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\LeRoy E\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
URLSearchHook: HKLM-x32 - (No Name) - {07cbf788-1359-421b-a4e3-5a8d041b90a3} - No File
URLSearchHook: HKLM-x32 - (No Name) - {334293c8-082d-47f8-9f7d-b388d7eb3586} - No File
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2426} URL = http://dts.search-results.com/sr?src=ieb&appid=141111&systemid=426&sr=0&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2426} URL = http://dts.search-results.com/sr?src=ieb&appid=141111&systemid=426&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {8A21AE69-8B07-4A57-B7F7-E6FE54043115} URL = 
SearchScopes: HKCU - DefaultScope {8A21AE69-8B07-4A57-B7F7-E6FE54043115} URL = 
SearchScopes: HKCU - {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = 
BHO: Plus-HD-1.5 - {11111111-1111-1111-1111-110311201100} - C:\Program Files (x86)\Plus-HD-1.5\Plus-HD-1.5-bho64.dll (Plus HD)
BHO: RoboForm Toolbar Helper - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: RoboForm Toolbar Helper - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKCU - No Name - {07CBF788-1359-421B-A4E3-5A8D041B90A3} -  No File
Toolbar: HKCU - No Name - {334293C8-082D-47F8-9F7D-B388D7EB3586} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog9-x64 01 C:\Windows\system32\AdpeakProxy64.dll [439296] (Adpeak, Inc.)
Winsock: Catalog9-x64 02 C:\Windows\system32\AdpeakProxy64.dll [439296] (Adpeak, Inc.)
Winsock: Catalog9-x64 03 C:\Windows\system32\AdpeakProxy64.dll [439296] (Adpeak, Inc.)
Winsock: Catalog9-x64 04 C:\Windows\system32\AdpeakProxy64.dll [439296] (Adpeak, Inc.)
Winsock: Catalog9-x64 15 C:\Windows\system32\AdpeakProxy64.dll [439296] (Adpeak, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
Chrome: 
=======
CHR HomePage: 
CHR RestoreOnStartup: "hxxp://search.conduit.com/?ctid=CT3289663&SearchSource=48&CUI=UN36364659227998430&UM=2"
CHR DefaultSearchKeyword: ask search
CHR DefaultSearchProvider: Ask Search
CHR DefaultNewTabURL: 
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.3.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.3.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.3.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.3.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.3.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.3.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.3.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\\npsitesafety.dll No File
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (AppUp) - C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll (Intel)
CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files (x86)\RadioRage_4j\bar\1.bin\NP4jStub.dll No File
CHR Plugin: (Windows Live? Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Extension: (Plus-HD-1.5) - C:\Users\LeRoy E\AppData\Local\Google\Chrome\User Data\Default\Extensions\amcnaamhfnpmekghmhckingkdiingmjm\1.26.113_0
CHR Extension: (Webexp Enhanced) - C:\Users\LeRoy E\AppData\Local\Google\Chrome\User Data\Default\Extensions\bglblameccgldkbdmokgmkglebggddoi\1.1_0
CHR Extension: (CostMin) - C:\Users\LeRoy E\AppData\Local\Google\Chrome\User Data\Default\Extensions\kknahamipfkpmogohibdpaobamecmjgp\2.2
CHR Extension: (WhiteSmoke New) - C:\Users\LeRoy E\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.24.3.503_0
CHR Extension: (InternetHelper3.1) - C:\Users\LeRoy E\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.24.3.503_0
CHR Extension: (Vafmusic6) - C:\Users\LeRoy E\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfnglnjhhbjjkfggljifgnmdgpecgjmp\10.24.3.503_0
CHR Extension: (Google Wallet) - C:\Users\LeRoy E\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0
CHR Extension: (GreatArcadeHits Add-on) - C:\Users\LeRoy E\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0
CHR Extension: (Scorpion Saver) - C:\Users\LeRoy E\AppData\Local\Google\Chrome\User Data\Default\Extensions\oclgomenfkljhfkfflghppidonpkljjg\5.0_0
CHR Extension: () - C:\Users\LeRoy E\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojcgaoafcmbadjkfdippkdddgkeaipbn\4.2.2.9_0
CHR HKLM-x32\...\Chrome\Extension: [alohidmgbcbmihbeifnnadoogmpfehjd] - C:\Users\LeRoy E\AppData\Local\CRE\alohidmgbcbmihbeifnnadoogmpfehjd.crx
CHR HKLM-x32\...\Chrome\Extension: [bglblameccgldkbdmokgmkglebggddoi] - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha267\ch\WebexpEnhancedV1alpha267.crx
CHR HKLM-x32\...\Chrome\Extension: [klibnahbojhkanfgaglnlalfkgpcppfi] - C:\Users\LeRoy E\AppData\Local\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx
CHR HKLM-x32\...\Chrome\Extension: [kmgeophbbmfgkjghdgfgelpipdoclljo] - C:\Program Files (x86)\LyricsSpeaker\120.crx
CHR HKLM-x32\...\Chrome\Extension: [mmifolfpllfdhilecpdpmemhelmanajl] - C:\Program Files (x86)\BetterSurf\BetterSurfPlus\ch\BetterSurfPlus.crx
CHR HKLM-x32\...\Chrome\Extension: [nemfjadlboooiffmcelkafilagddogim] - C:\Users\LeRoy E\AppData\Local\CRE\nemfjadlboooiffmcelkafilagddogim.crx
CHR HKLM-x32\...\Chrome\Extension: [nfnglnjhhbjjkfggljifgnmdgpecgjmp] - C:\Users\LeRoy E\AppData\Local\CRE\nfnglnjhhbjjkfggljifgnmdgpecgjmp.crx
CHR HKLM-x32\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\LEROYE~1\AppData\Local\Temp\ccex.crx
CHR HKLM-x32\...\Chrome\Extension: [pljcgbedjplidkdjahbaalanadmjfgop] - C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ-V7C\CRX\ToolbarCR.crx
CHR HKLM-x32\...\Chrome\Extension: [poheodfamflhhhdcmjfeggbgigeefaco] - C:\Program Files (x86)\Better-Surf\ch\Chrome.crx
 
==================== Services (Whitelisted) =================
 
R2 AdvancedSystemCareService5; C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [494424 2011-12-20] (IObit)
R2 CLHNServiceForPowerDVD; C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [83240 2011-09-14] ()
R2 CLHNServiceForPowerDVD12; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [90640 2012-09-17] (CyberLink Corp.)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [241648 2011-04-20] (CyberLink)
S2 CLKMSVC10_90970B6B; C:\Program Files (x86)\CyberLink\PowerProducer\BDSDK\NavFilter\kmsvc.exe [246256 2010-11-09] (CyberLink)
R2 CyberLink PowerDVD 11.0 Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [75048 2011-10-11] (CyberLink)
R2 CyberLink PowerDVD 11.0 Service; C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe [292136 2011-10-11] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [78352 2012-09-17] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [295440 2012-09-17] (CyberLink)
R2 Level Quality Watcher; C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe [513528 2013-12-10] ()
R2 lxeaCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxeaserv.exe [45736 2010-04-14] (Lexmark International, Inc.)
R2 lxea_device; C:\Windows\system32\lxeacoms.exe [1052328 2010-04-14] ( )
R2 lxea_device; C:\Windows\SysWow64\lxeacoms.exe [598696 2010-04-14] ( )
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R2 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [877864 2008-06-08] (Nero AG)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [537896 2008-06-24] (Nero AG)
R2 OS Selector; C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe [2139400 2010-05-25] ()
R2 PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2011-07-04] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1025408 2013-10-18] (Enigma Software Group USA, LLC.)
S4 IDriverT; "C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" [x]
S2 OutfoxTvService; C:\Program Files\OutfoxTV\OutfoxTvService.exe [x]
R2 RDM Server (rdmserver); C:/KS600n5/Bin/rds.exe [x]
 
==================== Drivers (Whitelisted) ====================
 
R3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [13088 2011-03-02] ()
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2012-06-22] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
R2 ntk_PowerDVD12; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [83704 2012-06-20] (Cyberlink Corp.)
R2 supersafer64; C:\Windows\SysWOW64\drivers\supersafer64.sys [238072 2010-11-11] (Spotmau)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [15672 2011-12-19] ()
R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312}; C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [148976 2011-09-16] (CyberLink Corp.)
R2 {73526619-C24F-470B-9BED-53D455FBB5C6}; C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl [147704 2012-09-10] (CyberLink Corp.)
S3 cpuz134; \??\C:\Users\LEROYE~1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-01-06 12:44 - 2014-01-06 12:44 - 00022414 _____ C:\Users\LeRoy E\Desktop\FRST.txt
2014-01-06 12:43 - 2014-01-06 12:43 - 00000000 ____D C:\FRST
2014-01-06 12:43 - 2014-01-06 12:30 - 01931762 _____ (Farbar) C:\Users\LeRoy E\Desktop\FRST64.exe
2014-01-06 12:41 - 2014-01-06 12:41 - 00023092 _____ C:\Users\LeRoy E\Desktop\JRT.txt
2014-01-06 12:28 - 2014-01-06 12:28 - 00000000 ____D C:\Windows\ERUNT
2014-01-06 12:26 - 2014-01-06 12:24 - 01036305 _____ (Thisisu) C:\Users\LeRoy E\Desktop\JRT.exe
2014-01-06 12:23 - 2014-01-06 12:23 - 00024859 _____ C:\Users\LeRoy E\Desktop\AdwCleaner[R0].txt
2014-01-06 12:16 - 2014-01-06 12:17 - 00000000 ____D C:\AdwCleaner
2014-01-06 12:11 - 2014-01-06 12:11 - 01233962 _____ C:\Users\LeRoy E\Downloads\AdwCleaner.exe
2014-01-01 08:11 - 2014-01-06 12:17 - 00002896 _____ C:\Windows\System32\Tasks\AutoKMS
2013-12-30 17:30 - 2013-12-30 17:31 - 00030366 _____ C:\Users\LeRoy E\Desktop\dds.txt
2013-12-30 17:30 - 2013-12-30 17:30 - 00014891 _____ C:\Users\LeRoy E\Desktop\attach.txt
2013-12-30 17:28 - 2013-12-30 17:29 - 00688992 ____R (Swearware) C:\Users\LeRoy E\Downloads\dds.com
2013-12-30 16:31 - 2013-12-30 16:31 - 00001050 _____ C:\Users\Public\Desktop\TeamViewer 9.lnk
2013-12-30 16:01 - 2013-12-30 16:02 - 00000000 ____D C:\ProgramData\Freemake
2013-12-30 16:01 - 2013-12-30 16:01 - 00000000 ____D C:\Users\LeRoy E\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
2013-12-30 15:58 - 2013-12-30 15:58 - 00000000 ____D C:\Users\LeRoy E\Documents\Freemake
2013-12-30 15:57 - 2013-12-30 16:01 - 00000000 ____D C:\Program Files (x86)\Freemake
2013-12-30 15:52 - 2013-12-30 15:52 - 00001090 _____ C:\Users\LeRoy E\Desktop\Documents - Shortcut.lnk
2013-12-30 15:52 - 2013-12-30 15:52 - 00000000 ____D C:\Users\LeRoy E\Documents\DreamVideoSoft
2013-12-30 15:51 - 2013-12-30 15:48 - 11044621 _____ (TopVideoSoft,Inc.                                           ) C:\Users\LeRoy E\Desktop\MKV2DVDSetup.exe
2013-12-30 14:57 - 2013-12-30 16:04 - 00000000 ____D C:\v2d
2013-12-30 14:57 - 2013-12-30 15:03 - 00000000 ____D C:\Program Files (x86)\Free MKV Video2Dvd
2013-12-30 14:57 - 2013-12-30 14:57 - 00001006 _____ C:\Users\LeRoy E\Desktop\Total Video Player.lnk
2013-12-30 14:57 - 2013-12-30 14:57 - 00001006 _____ C:\Users\LeRoy E\Desktop\Free MKV Video2Dvd.lnk
2013-12-30 14:51 - 2013-12-30 14:20 - 1282946304 _____ C:\Users\LeRoy E\Desktop\The.Great.Christmas.Light.Fight.S01E01.720p.HDTV.x264-SWOLLED.mkv
2013-12-25 16:37 - 2014-01-06 12:17 - 00000266 _____ C:\Windows\Tasks\AutoKMS.job
2013-12-25 15:59 - 2013-12-25 16:43 - 00000000 ____D C:\Users\LeRoy E\Desktop\backups
2013-12-25 15:59 - 2013-12-25 16:37 - 00020830 _____ C:\Users\LeRoy E\Desktop\hijackthis.log
2013-12-25 15:56 - 2013-12-25 15:57 - 00012565 _____ C:\Windows\wininit.ini
2013-12-25 15:14 - 2013-12-25 15:14 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-12-25 15:13 - 2013-12-25 15:54 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-12-25 15:13 - 2013-12-25 15:15 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-12-25 15:13 - 2013-12-25 15:13 - 00001339 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2013-12-25 15:13 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2013-12-25 14:49 - 2013-12-25 14:49 - 00000000 ____D C:\ProgramData\Microsoft Toolkit
2013-12-25 13:24 - 2013-12-25 13:24 - 00000000 ____D C:\Users\LeRoy E\AppData\Local\Intuit
2013-12-23 22:32 - 2014-01-04 11:42 - 00000000 ____D C:\Program Files\ScorpionSaver Services
2013-12-23 22:32 - 2013-10-16 10:18 - 00439296 _____ (Adpeak, Inc.) C:\Windows\system32\AdpeakProxy64.dll
2013-12-23 22:32 - 2013-10-16 10:18 - 00338944 _____ (Adpeak, Inc.) C:\Windows\SysWOW64\AdpeakProxy.dll
2013-12-23 10:56 - 2013-12-23 10:56 - 00003336 _____ C:\Windows\System32\Tasks\SpyHunter4Startup
2013-12-23 10:56 - 2013-12-23 10:56 - 00002258 _____ C:\Users\LeRoy E\Desktop\SpyHunter.lnk
2013-12-23 10:56 - 2013-12-23 10:56 - 00000000 ____D C:\Users\LeRoy E\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2013-12-23 10:56 - 2013-12-23 10:56 - 00000000 ____D C:\sh4ldr
2013-12-23 10:56 - 2013-12-23 10:56 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-12-23 10:56 - 2013-12-23 10:56 - 00000000 _____ C:\autoexec.bat
2013-12-23 10:56 - 2012-06-22 11:01 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys
2013-12-23 10:55 - 2013-12-23 10:56 - 00000000 ____D C:\Windows\72AAF4551E54475BB0AB5413C78D0E63.TMP
2013-12-23 10:54 - 2013-12-23 10:54 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\LeRoy E\Downloads\SpyHunter-Installer.exe
2013-12-23 10:32 - 2013-12-23 10:32 - 00003382 _____ C:\Windows\System32\Tasks\BackgroundContainer Startup Task
2013-12-23 07:08 - 2013-12-23 07:08 - 00000000 ____D C:\Program Files (x86)\WebexpEnhancedV1
2013-12-15 13:44 - 2013-12-15 13:44 - 00190776 _____ (Frserira s·l·) C:\Users\LeRoy E\Downloads\Setup (4).exe
2013-12-13 16:03 - 2013-12-13 16:03 - 00002513 _____ C:\Users\Public\Desktop\TurboTax 2013.lnk
2013-12-12 03:03 - 2013-05-10 00:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-12 03:03 - 2013-05-10 00:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-12 03:03 - 2013-05-09 23:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-12 03:03 - 2013-05-09 23:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-12 03:01 - 2013-11-26 06:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-12 03:01 - 2013-11-26 05:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-12 03:01 - 2013-11-26 05:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-12 03:01 - 2013-11-26 05:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-12 03:01 - 2013-11-26 04:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-12 03:01 - 2013-11-26 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-12 03:01 - 2013-11-26 04:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-12 03:01 - 2013-11-26 04:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-12 03:01 - 2013-11-26 04:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-12 03:01 - 2013-11-26 04:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-12 03:01 - 2013-11-26 04:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-12 03:01 - 2013-11-26 04:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-12 03:01 - 2013-11-26 04:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-12 03:01 - 2013-11-26 04:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-12 03:01 - 2013-11-26 03:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-12 03:01 - 2013-11-26 03:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-12 03:01 - 2013-11-26 03:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-12 03:01 - 2013-11-26 03:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-12 03:01 - 2013-11-26 03:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-12 03:01 - 2013-11-26 03:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-12 03:01 - 2013-11-26 03:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-12 03:01 - 2013-11-26 03:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-12 03:01 - 2013-11-26 02:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-12 03:01 - 2013-11-26 02:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-12 03:01 - 2013-11-26 02:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-12 03:01 - 2013-11-26 02:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-12 03:01 - 2013-11-26 01:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-12 03:01 - 2013-11-26 01:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-12 03:01 - 2013-11-26 01:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-12 03:01 - 2013-11-26 01:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-12 03:01 - 2013-11-26 01:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-11 12:44 - 2013-11-23 13:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-11 12:44 - 2013-11-23 12:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-11 12:44 - 2013-11-11 21:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-11 12:44 - 2013-11-11 21:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-11 12:44 - 2013-10-29 21:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-11 12:44 - 2013-10-29 21:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-11 12:44 - 2013-10-29 20:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-11 12:44 - 2013-10-18 21:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-11 12:44 - 2013-10-18 20:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-11 12:44 - 2013-10-11 21:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-11 12:44 - 2013-10-11 21:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-11 12:44 - 2013-10-11 21:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-11 12:44 - 2013-10-11 21:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-11 12:44 - 2013-10-11 20:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-11 12:44 - 2013-10-11 20:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-11 12:44 - 2013-10-11 20:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-11 12:44 - 2013-10-11 20:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-11 12:44 - 2013-10-03 21:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-11 12:44 - 2013-10-03 20:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-09 15:22 - 2013-12-23 07:09 - 00000161 _____ C:\extensions.ini
 
==================== One Month Modified Files and Folders =======
 
2014-01-06 12:44 - 2014-01-06 12:44 - 00022414 _____ C:\Users\LeRoy E\Desktop\FRST.txt
2014-01-06 12:43 - 2014-01-06 12:43 - 00000000 ____D C:\FRST
2014-01-06 12:41 - 2014-01-06 12:41 - 00023092 _____ C:\Users\LeRoy E\Desktop\JRT.txt
2014-01-06 12:41 - 2011-07-14 20:51 - 00003938 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{E384D823-C75D-4720-9732-6C7489506EC8}
2014-01-06 12:30 - 2014-01-06 12:43 - 01931762 _____ (Farbar) C:\Users\LeRoy E\Desktop\FRST64.exe
2014-01-06 12:28 - 2014-01-06 12:28 - 00000000 ____D C:\Windows\ERUNT
2014-01-06 12:28 - 2012-04-10 06:39 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-06 12:24 - 2014-01-06 12:26 - 01036305 _____ (Thisisu) C:\Users\LeRoy E\Desktop\JRT.exe
2014-01-06 12:23 - 2014-01-06 12:23 - 00024859 _____ C:\Users\LeRoy E\Desktop\AdwCleaner[R0].txt
2014-01-06 12:23 - 2011-07-14 18:24 - 01771210 _____ C:\Windows\WindowsUpdate.log
2014-01-06 12:22 - 2009-07-13 23:45 - 00032096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-06 12:22 - 2009-07-13 23:45 - 00032096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-06 12:17 - 2014-01-06 12:16 - 00000000 ____D C:\AdwCleaner
2014-01-06 12:17 - 2014-01-01 08:11 - 00002896 _____ C:\Windows\System32\Tasks\AutoKMS
2014-01-06 12:17 - 2013-12-25 16:37 - 00000266 _____ C:\Windows\Tasks\AutoKMS.job
2014-01-06 12:16 - 2013-05-12 15:12 - 00000000 ___RD C:\Users\LeRoy E\Dropbox
2014-01-06 12:16 - 2013-05-12 14:56 - 00000000 ____D C:\Users\LeRoy E\AppData\Roaming\Dropbox
2014-01-06 12:14 - 2013-07-04 11:03 - 00000400 _____ C:\Windows\Tasks\LyricsSpeaker Update.job
2014-01-06 12:14 - 2013-06-07 16:29 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
2014-01-06 12:14 - 2013-06-03 07:38 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2014-01-06 12:14 - 2011-08-04 12:46 - 00082210 _____ C:\ProgramData\lxeascan.log
2014-01-06 12:14 - 2011-07-16 22:14 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-06 12:13 - 2013-03-20 19:16 - 00015843 _____ C:\Windows\setupact.log
2014-01-06 12:13 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-06 12:11 - 2014-01-06 12:11 - 01233962 _____ C:\Users\LeRoy E\Downloads\AdwCleaner.exe
2014-01-06 05:12 - 2011-07-16 22:14 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-04 11:42 - 2013-12-23 22:32 - 00000000 ____D C:\Program Files\ScorpionSaver Services
2014-01-03 15:24 - 2009-07-14 00:13 - 00796210 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-03 15:20 - 2011-11-23 14:55 - 00000000 ____D C:\KS600n5
2014-01-03 09:37 - 2009-07-14 00:08 - 00032628 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-01 08:08 - 2013-05-15 20:01 - 00091700 _____ C:\Windows\PFRO.log
2013-12-31 11:12 - 2013-11-13 18:31 - 00000000 ____D C:\Program Files (x86)\Quicken
2013-12-31 10:52 - 2011-07-14 20:40 - 00130624 _____ C:\Users\LeRoy E\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-31 10:52 - 2009-07-14 00:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-12-31 10:52 - 2009-07-13 23:45 - 00455456 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-30 17:31 - 2013-12-30 17:30 - 00030366 _____ C:\Users\LeRoy E\Desktop\dds.txt
2013-12-30 17:30 - 2013-12-30 17:30 - 00014891 _____ C:\Users\LeRoy E\Desktop\attach.txt
2013-12-30 17:29 - 2013-12-30 17:28 - 00688992 ____R (Swearware) C:\Users\LeRoy E\Downloads\dds.com
2013-12-30 16:32 - 2011-11-12 09:58 - 00000000 ____D C:\Users\LeRoy E\AppData\Roaming\TeamViewer
2013-12-30 16:31 - 2013-12-30 16:31 - 00001050 _____ C:\Users\Public\Desktop\TeamViewer 9.lnk
2013-12-30 16:31 - 2011-11-12 09:52 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2013-12-30 16:04 - 2013-12-30 14:57 - 00000000 ____D C:\v2d
2013-12-30 16:02 - 2013-12-30 16:01 - 00000000 ____D C:\ProgramData\Freemake
2013-12-30 16:01 - 2013-12-30 16:01 - 00000000 ____D C:\Users\LeRoy E\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
2013-12-30 16:01 - 2013-12-30 15:57 - 00000000 ____D C:\Program Files (x86)\Freemake
2013-12-30 15:58 - 2013-12-30 15:58 - 00000000 ____D C:\Users\LeRoy E\Documents\Freemake
2013-12-30 15:52 - 2013-12-30 15:52 - 00001090 _____ C:\Users\LeRoy E\Desktop\Documents - Shortcut.lnk
2013-12-30 15:52 - 2013-12-30 15:52 - 00000000 ____D C:\Users\LeRoy E\Documents\DreamVideoSoft
2013-12-30 15:48 - 2013-12-30 15:51 - 11044621 _____ (TopVideoSoft,Inc.                                           ) C:\Users\LeRoy E\Desktop\MKV2DVDSetup.exe
2013-12-30 15:03 - 2013-12-30 14:57 - 00000000 ____D C:\Program Files (x86)\Free MKV Video2Dvd
2013-12-30 14:57 - 2013-12-30 14:57 - 00001006 _____ C:\Users\LeRoy E\Desktop\Total Video Player.lnk
2013-12-30 14:57 - 2013-12-30 14:57 - 00001006 _____ C:\Users\LeRoy E\Desktop\Free MKV Video2Dvd.lnk
2013-12-30 14:20 - 2013-12-30 14:51 - 1282946304 _____ C:\Users\LeRoy E\Desktop\The.Great.Christmas.Light.Fight.S01E01.720p.HDTV.x264-SWOLLED.mkv
2013-12-30 14:01 - 2011-12-19 15:24 - 00000000 ____D C:\Users\LeRoy E\AppData\Roaming\mIRC
2013-12-25 17:02 - 2011-07-14 20:31 - 00000000 ____D C:\Users\LeRoy E\Documents\Outlook Files
2013-12-25 16:43 - 2013-12-25 15:59 - 00000000 ____D C:\Users\LeRoy E\Desktop\backups
2013-12-25 16:42 - 2013-08-19 21:18 - 00000000 ____D C:\Program Files (x86)\Search_Spin_V7
2013-12-25 16:42 - 2013-05-12 16:13 - 00000000 ____D C:\Program Files (x86)\Price Check by AOL
2013-12-25 16:37 - 2013-12-25 15:59 - 00020830 _____ C:\Users\LeRoy E\Desktop\hijackthis.log
2013-12-25 15:57 - 2013-12-25 15:56 - 00012565 _____ C:\Windows\wininit.ini
2013-12-25 15:54 - 2013-12-25 15:13 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-12-25 15:54 - 2011-07-14 18:32 - 00000000 ____D C:\Users\LeRoy E
2013-12-25 15:15 - 2013-12-25 15:13 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-12-25 15:14 - 2013-12-25 15:14 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-12-25 15:13 - 2013-12-25 15:13 - 00001339 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2013-12-25 14:49 - 2013-12-25 14:49 - 00000000 ____D C:\ProgramData\Microsoft Toolkit
2013-12-25 13:24 - 2013-12-25 13:24 - 00000000 ____D C:\Users\LeRoy E\AppData\Local\Intuit
2013-12-24 10:29 - 2013-03-03 10:30 - 00000244 _____ C:\Windows\Tasks\ARO 2013.job
2013-12-23 12:26 - 2011-07-14 18:32 - 00000000 ___RD C:\Users\LeRoy E\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-23 10:56 - 2013-12-23 10:56 - 00003336 _____ C:\Windows\System32\Tasks\SpyHunter4Startup
2013-12-23 10:56 - 2013-12-23 10:56 - 00002258 _____ C:\Users\LeRoy E\Desktop\SpyHunter.lnk
2013-12-23 10:56 - 2013-12-23 10:56 - 00000000 ____D C:\Users\LeRoy E\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2013-12-23 10:56 - 2013-12-23 10:56 - 00000000 ____D C:\sh4ldr
2013-12-23 10:56 - 2013-12-23 10:56 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-12-23 10:56 - 2013-12-23 10:56 - 00000000 _____ C:\autoexec.bat
2013-12-23 10:56 - 2013-12-23 10:55 - 00000000 ____D C:\Windows\72AAF4551E54475BB0AB5413C78D0E63.TMP
2013-12-23 10:54 - 2013-12-23 10:54 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\LeRoy E\Downloads\SpyHunter-Installer.exe
2013-12-23 10:32 - 2013-12-23 10:32 - 00003382 _____ C:\Windows\System32\Tasks\BackgroundContainer Startup Task
2013-12-23 07:09 - 2013-12-09 15:22 - 00000161 _____ C:\extensions.ini
2013-12-23 07:08 - 2013-12-23 07:08 - 00000000 ____D C:\Program Files (x86)\WebexpEnhancedV1
2013-12-18 21:20 - 2011-07-14 20:40 - 00000000 ____D C:\Users\LeRoy E\Documents\Quicken
2013-12-15 13:44 - 2013-12-15 13:44 - 00190776 _____ (Frserira s·l·) C:\Users\LeRoy E\Downloads\Setup (4).exe
2013-12-15 12:50 - 2011-08-09 12:58 - 00002215 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-12-15 03:04 - 2013-08-12 08:17 - 00000000 ____D C:\Windows\system32\MRT
2013-12-15 03:00 - 2011-07-14 21:47 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-13 16:19 - 2011-12-23 11:50 - 00000000 ____D C:\Users\LeRoy E\Documents\TurboTax
2013-12-13 16:03 - 2013-12-13 16:03 - 00002513 _____ C:\Users\Public\Desktop\TurboTax 2013.lnk
2013-12-13 16:03 - 2011-12-23 11:43 - 00000785 _____ C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2013-12-13 16:02 - 2011-12-23 11:41 - 00000000 ____D C:\Program Files (x86)\TurboTax
2013-12-12 10:23 - 2013-11-16 15:52 - 00000000 ____D C:\Users\LeRoy E\AppData\Local\TBHostSupport
2013-12-12 09:59 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2013-12-12 03:02 - 2011-07-14 20:13 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-10 16:28 - 2012-04-10 06:39 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-10 16:28 - 2012-04-10 06:39 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-10 16:28 - 2011-07-16 22:14 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-09 08:17 - 2013-01-08 17:29 - 00000000 ____D C:\Users\LeRoy E\AppData\Roaming\Skype
2013-12-07 17:07 - 2011-07-16 22:14 - 00003896 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-07 17:07 - 2011-07-16 22:14 - 00003644 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-12-07 12:27 - 2011-08-09 12:57 - 00000000 ____D C:\Users\LeRoy E\AppData\Local\Adobe
2013-12-07 12:26 - 2011-08-09 12:57 - 00000000 ____D C:\ProgramData\Adobe
 
Files to move or delete:
====================
C:\ProgramData\PKP_DLdu.DAT
C:\ProgramData\PKP_DLdw.DAT
 
 
Some content of TEMP:
====================
C:\Users\LeRoy E\AppData\Local\Temp\brprvurn.dll
C:\Users\LeRoy E\AppData\Local\Temp\FreemakeVideoConverter_4.1.2.1.exe
C:\Users\LeRoy E\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-12-30 11:22
 
==================== End Of Log ============================

 

Attached Files



#7 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,310 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:07:07 PM

Posted 06 January 2014 - 07:14 PM

Hi,

 

 

STEP 1

 

 

Double click on AdwCleaner.exe to run the tool again.

  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished this time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 

 

 

STEP 2

 

 

Please rerun FRST and make a new scan.

Post the logs in your next reply for my review.

 

 

Regards,

Georgi


cXfZ4wS.png


#8 sminnick

sminnick
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:07 PM

Posted 10 January 2014 - 09:24 AM

Sorry about delay again, I haven't been there since last time I posted, but I promise I will post the results soon!  Thanks again for your help...



#9 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,310 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:07:07 PM

Posted 11 January 2014 - 05:34 AM

Ok, thank you for letting me know! :)

 

 

Regards,

Georgi


cXfZ4wS.png


#10 sminnick

sminnick
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:07 PM

Posted 18 January 2014 - 11:55 AM

Sorry for delay again, here are the two logs...

 

Adware...

 

# AdwCleaner v3.017 - Report created 18/01/2014 at 11:39:09
# Updated 12/01/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : LeRoy E - LEROYE-PC
# Running from : C:\Users\LeRoy E\Desktop\adwcleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\LeRoy E\AppData\Roaming\Systweak
Folder Deleted : C:\Users\LeRoy E\AppData\Local\Google\Chrome\User Data\Default\Extensions\oclgomenfkljhfkfflghppidonpkljjg
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\systweak
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16428
 
 
-\\ Google Chrome v32.0.1700.72
 
[ File : C:\Users\LeRoy E\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted : icon_url
Deleted : search_url
Deleted : suggest_url
 
*************************
 
AdwCleaner[R0].txt - [24827 octets] - [06/01/2014 12:16:44]
AdwCleaner[R1].txt - [1228 octets] - [18/01/2014 11:38:18]
AdwCleaner[S0].txt - [13171 octets] - [06/01/2014 16:27:51]
AdwCleaner[S1].txt - [1100 octets] - [18/01/2014 11:39:09]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1160 octets] ##########
 
 
FRST...
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-01-2014 03
Ran by LeRoy E (administrator) on LEROYE-PC on 18-01-2014 11:50:27
Running from C:\Users\LeRoy E\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
() C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Lexmark International, Inc.) C:\Windows\System32\spool\drivers\x64\3\lxeaserv.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
() C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
() C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
() C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaUI.exe
(CBS Interactive Inc.) C:\Users\LeRoy E\AppData\Roaming\CBS Interactive\Download App\CBSI.AppStore.Main.exe
(Dropbox, Inc.) C:\Users\LeRoy E\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Prolific Technology Inc.) C:\Windows\SysWOW64\IoctlSvc.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe
() C:\KS600n5\Bin\rds.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\Intel\IntelAppStore\bin\AppUp.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
() C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-01-21] (Microsoft Corporation)
HKLM\...\Run: [lxeamon.exe] - C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe [770728 2011-01-23] ()
HKLM\...\Run: [EzPrint] - C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe [148280 2011-01-23] ()
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM-x32\...\Run: [NBKeyScan] - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2221352 2008-06-08] (Nero AG)
HKLM-x32\...\Run: [Intel AppUp(SM) center] - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.lnk [1370 2011-12-10] ()
HKLM-x32\...\Run: [Intel AppUp(SM) center_Nagware] - C:\Program Files (x86)\Intel\IntelAppStore\bin\AppUp.lnk [2247 2011-12-10] ()
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKCU\...\Run: [Advanced SystemCare 5] - C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe [619352 2011-12-20] (IObit)
HKCU\...\Run: [RoboForm] - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [107000 2011-12-31] (Siber Systems)
HKCU\...\Run: [AIM for Windows] - "C:\Users\LeRoy E\AppData\Local\AOL\AIM\aim.exe"
HKCU\...\Run: [TBHostSupport] - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\LeRoy E\AppData\Local\TBHostSupport\TBHostSupport_0.dll",DLLRunTBHostSupportPlugin <===== ATTENTION
HKCU\...\Run: [TWC.Win7] - C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe [46592 2013-12-23] ()
HKCU\...\Run: [GoogleChromeAutoLaunch_F32FC8C7339966E918708FD81C7FCA7B] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [866584 2014-01-06] (Google Inc.)
HKCU\...\Run: [OutfoxTV] - C:\Program Files\OutfoxTV\OutfoxTV\DesktopContainer.exe
HKCU\...\RunOnce: [Application Restart #2] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe  --flag-switches-begin --flag-switches-end --restore-last-session -- https://e.tigerdirect.com/pub/cc?_ri_=X0Gzc2X%3DWQpglLjHJlYQGtyyhT4IGzdu9kINfj59nzfKG88sjOuHqmVXtpKX%3DTASAA&_ei_=EolaGGF4SNMvxFF7KucKuWPo79aOMRpBu6uNdm9n1krXcdHy3oXRgo5tWLhtUxcG. [866584 2014-01-06] (Google Inc.)
AppInit_DLLs:   [ ] ()
AppInit_DLLs-x32:    [ ] ()
Startup: C:\Users\LeRoy E\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Download App.lnk
ShortcutTarget: Download App.lnk -> C:\Users\LeRoy E\AppData\Roaming\CBS Interactive\Download App\CBSI.AppStore.Main.exe (CBS Interactive Inc.)
Startup: C:\Users\LeRoy E\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\LeRoy E\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2426} URL = 
BHO: RoboForm Toolbar Helper - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: RoboForm Toolbar Helper - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog9-x64 01 C:\Windows\system32\AdpeakProxy64.dll File Not found ()
Winsock: Catalog9-x64 02 C:\Windows\system32\AdpeakProxy64.dll File Not found ()
Winsock: Catalog9-x64 03 C:\Windows\system32\AdpeakProxy64.dll File Not found ()
Winsock: Catalog9-x64 04 C:\Windows\system32\AdpeakProxy64.dll File Not found ()
Winsock: Catalog9-x64 15 C:\Windows\system32\AdpeakProxy64.dll File Not found ()
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
Chrome: 
=======
CHR HomePage: 
CHR DefaultSearchKeyword: ask search
CHR DefaultSearchProvider: Ask Search
CHR DefaultSearchURL: http://www.google.com
CHR DefaultNewTabURL: 
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.72\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.72\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.72\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.3.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.3.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.3.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.3.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.3.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.3.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.3.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\\npsitesafety.dll No File
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (AppUp) - C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll (Intel)
CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files (x86)\RadioRage_4j\bar\1.bin\NP4jStub.dll No File
CHR Plugin: (Windows Live? Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Extension: (Webexp Enhanced) - C:\Users\LeRoy E\AppData\Local\Google\Chrome\User Data\Default\Extensions\bglblameccgldkbdmokgmkglebggddoi [2013-12-23]
CHR Extension: (CostMin) - C:\Users\LeRoy E\AppData\Local\Google\Chrome\User Data\Default\Extensions\kknahamipfkpmogohibdpaobamecmjgp [2013-08-21]
CHR Extension: (Google Wallet) - C:\Users\LeRoy E\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-14]
CHR Extension: (GreatArcadeHits Add-on) - C:\Users\LeRoy E\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh [2013-11-30]
CHR HKCU\...\Chrome\Extension: [alohidmgbcbmihbeifnnadoogmpfehjd] - C:\Users\LeRoy E\AppData\Local\CRE\alohidmgbcbmihbeifnnadoogmpfehjd.crx [2013-11-30]
CHR HKLM-x32\...\Chrome\Extension: [alohidmgbcbmihbeifnnadoogmpfehjd] - C:\Users\LeRoy E\AppData\Local\CRE\alohidmgbcbmihbeifnnadoogmpfehjd.crx [2013-11-30]
CHR HKLM-x32\...\Chrome\Extension: [bglblameccgldkbdmokgmkglebggddoi] - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha267\ch\WebexpEnhancedV1alpha267.crx [2013-12-19]
CHR HKLM-x32\...\Chrome\Extension: [kmgeophbbmfgkjghdgfgelpipdoclljo] - C:\Program Files (x86)\LyricsSpeaker\120.crx [2013-12-19]
CHR HKLM-x32\...\Chrome\Extension: [mmifolfpllfdhilecpdpmemhelmanajl] - C:\Program Files (x86)\BetterSurf\BetterSurfPlus\ch\BetterSurfPlus.crx [2013-12-19]
CHR HKLM-x32\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\LEROYE~1\AppData\Local\Temp\ccex.crx [2013-12-19]
CHR HKLM-x32\...\Chrome\Extension: [pljcgbedjplidkdjahbaalanadmjfgop] - C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ-V7C\CRX\ToolbarCR.crx [2013-12-19]
 
==================== Services (Whitelisted) =================
 
R2 AdvancedSystemCareService5; C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [494424 2011-12-20] (IObit)
R2 CLHNServiceForPowerDVD; C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [83240 2011-09-14] ()
S2 CLHNServiceForPowerDVD12; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [90640 2012-09-17] (CyberLink Corp.)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [241648 2011-04-20] (CyberLink)
S2 CLKMSVC10_90970B6B; C:\Program Files (x86)\CyberLink\PowerProducer\BDSDK\NavFilter\kmsvc.exe [246256 2010-11-09] (CyberLink)
R2 CyberLink PowerDVD 11.0 Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [75048 2011-10-11] (CyberLink)
R2 CyberLink PowerDVD 11.0 Service; C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe [292136 2011-10-11] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [78352 2012-09-17] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [295440 2012-09-17] (CyberLink)
R2 lxeaCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxeaserv.exe [45736 2010-04-14] (Lexmark International, Inc.)
S2 lxea_device; C:\Windows\system32\lxeacoms.exe [1052328 2010-04-14] ( )
S2 lxea_device; C:\Windows\SysWOW64\lxeacoms.exe [598696 2010-04-14] ( )
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R2 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [877864 2008-06-08] (Nero AG)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [537896 2008-06-24] (Nero AG)
R2 OS Selector; C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe [2139400 2010-05-25] ()
R2 PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.)
R2 RDM Server (rdmserver); C:/KS600n5/Bin/rds.exe [24632 2003-03-07] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2011-07-04] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1025408 2013-10-18] (Enigma Software Group USA, LLC.)
S4 IDriverT; "C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" [x]
S2 OutfoxTvService; C:\Program Files\OutfoxTV\OutfoxTvService.exe [x]
 
==================== Drivers (Whitelisted) ====================
 
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [13088 2011-03-02] ()
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2012-06-22] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
R2 ntk_PowerDVD12; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [83704 2012-06-20] (Cyberlink Corp.)
R2 supersafer64; C:\Windows\SysWOW64\drivers\supersafer64.sys [238072 2010-11-11] (Spotmau)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [15672 2011-12-19] ()
R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312}; C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [148976 2011-09-16] (CyberLink Corp.)
R2 {73526619-C24F-470B-9BED-53D455FBB5C6}; C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl [147704 2012-09-10] (CyberLink Corp.)
S3 cpuz134; \??\C:\Users\LEROYE~1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-01-18 11:50 - 2014-01-18 11:50 - 00020402 _____ C:\Users\LeRoy E\Desktop\FRST.txt
2014-01-18 11:50 - 2014-01-18 11:44 - 02076160 _____ (Farbar) C:\Users\LeRoy E\Desktop\FRST64.exe
2014-01-18 11:42 - 2014-01-18 11:42 - 00000000 ____D C:\Users\LeRoy E\AppData\Roaming\Systweak
2014-01-18 11:38 - 2014-01-18 11:36 - 01236282 _____ C:\Users\LeRoy E\Desktop\adwcleaner.exe
2014-01-06 12:43 - 2014-01-06 12:43 - 00000000 ____D C:\FRST
2014-01-06 12:28 - 2014-01-06 12:28 - 00000000 ____D C:\Windows\ERUNT
2014-01-06 12:26 - 2014-01-06 12:24 - 01036305 _____ (Thisisu) C:\Users\LeRoy E\Desktop\JRT.exe
2014-01-06 12:16 - 2014-01-18 11:39 - 00000000 ____D C:\AdwCleaner
2014-01-01 08:11 - 2014-01-06 12:17 - 00002896 _____ C:\Windows\System32\Tasks\AutoKMS
2013-12-30 17:28 - 2013-12-30 17:29 - 00688992 ____R (Swearware) C:\Users\LeRoy E\Downloads\dds.com
2013-12-30 16:31 - 2013-12-30 16:31 - 00001050 _____ C:\Users\Public\Desktop\TeamViewer 9.lnk
2013-12-30 16:01 - 2013-12-30 16:02 - 00000000 ____D C:\ProgramData\Freemake
2013-12-30 16:01 - 2013-12-30 16:01 - 00000000 ____D C:\Users\LeRoy E\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
2013-12-30 15:58 - 2013-12-30 15:58 - 00000000 ____D C:\Users\LeRoy E\Documents\Freemake
2013-12-30 15:57 - 2013-12-30 16:01 - 00000000 ____D C:\Program Files (x86)\Freemake
2013-12-30 15:52 - 2013-12-30 15:52 - 00001090 _____ C:\Users\LeRoy E\Desktop\Documents - Shortcut.lnk
2013-12-30 15:52 - 2013-12-30 15:52 - 00000000 ____D C:\Users\LeRoy E\Documents\DreamVideoSoft
2013-12-30 15:51 - 2013-12-30 15:48 - 11044621 _____ (TopVideoSoft,Inc.                                           ) C:\Users\LeRoy E\Desktop\MKV2DVDSetup.exe
2013-12-30 14:57 - 2013-12-30 16:04 - 00000000 ____D C:\v2d
2013-12-30 14:57 - 2013-12-30 15:03 - 00000000 ____D C:\Program Files (x86)\Free MKV Video2Dvd
2013-12-30 14:57 - 2013-12-30 14:57 - 00001006 _____ C:\Users\LeRoy E\Desktop\Total Video Player.lnk
2013-12-30 14:57 - 2013-12-30 14:57 - 00001006 _____ C:\Users\LeRoy E\Desktop\Free MKV Video2Dvd.lnk
2013-12-25 16:37 - 2014-01-06 12:17 - 00000266 _____ C:\Windows\Tasks\AutoKMS.job
2013-12-25 15:59 - 2013-12-25 16:43 - 00000000 ____D C:\Users\LeRoy E\Desktop\backups
2013-12-25 15:59 - 2013-12-25 16:37 - 00020830 _____ C:\Users\LeRoy E\Desktop\hijackthis.log
2013-12-25 15:56 - 2013-12-25 15:57 - 00012565 _____ C:\Windows\wininit.ini
2013-12-25 15:14 - 2013-12-25 15:14 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-12-25 15:13 - 2013-12-25 15:54 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-12-25 15:13 - 2013-12-25 15:15 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-12-25 15:13 - 2013-12-25 15:13 - 00001339 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2013-12-25 15:13 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2013-12-25 14:49 - 2013-12-25 14:49 - 00000000 ____D C:\ProgramData\Microsoft Toolkit
2013-12-25 13:24 - 2013-12-25 13:24 - 00000000 ____D C:\Users\LeRoy E\AppData\Local\Intuit
2013-12-23 10:56 - 2013-12-23 10:56 - 00002258 _____ C:\Users\LeRoy E\Desktop\SpyHunter.lnk
2013-12-23 10:56 - 2013-12-23 10:56 - 00000000 ____D C:\Users\LeRoy E\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2013-12-23 10:56 - 2013-12-23 10:56 - 00000000 ____D C:\sh4ldr
2013-12-23 10:56 - 2013-12-23 10:56 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-12-23 10:56 - 2013-12-23 10:56 - 00000000 _____ C:\autoexec.bat
2013-12-23 10:56 - 2012-06-22 11:01 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys
2013-12-23 10:55 - 2013-12-23 10:56 - 00000000 ____D C:\Windows\72AAF4551E54475BB0AB5413C78D0E63.TMP
2013-12-23 10:54 - 2013-12-23 10:54 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\LeRoy E\Downloads\SpyHunter-Installer.exe
2013-12-23 07:08 - 2013-12-23 07:08 - 00000000 ____D C:\Program Files (x86)\WebexpEnhancedV1
 
==================== One Month Modified Files and Folders =======
 
2014-01-18 11:50 - 2014-01-18 11:50 - 00020402 _____ C:\Users\LeRoy E\Desktop\FRST.txt
2014-01-18 11:50 - 2011-07-14 18:24 - 01887073 _____ C:\Windows\WindowsUpdate.log
2014-01-18 11:49 - 2013-05-12 15:12 - 00000000 ___RD C:\Users\LeRoy E\Dropbox
2014-01-18 11:49 - 2013-05-12 14:56 - 00000000 ____D C:\Users\LeRoy E\AppData\Roaming\Dropbox
2014-01-18 11:49 - 2011-08-04 12:46 - 00592806 _____ C:\ProgramData\lxeascan.log
2014-01-18 11:47 - 2013-03-20 19:16 - 00016571 _____ C:\Windows\setupact.log
2014-01-18 11:47 - 2009-07-14 00:08 - 00032628 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-18 11:47 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-18 11:44 - 2014-01-18 11:50 - 02076160 _____ (Farbar) C:\Users\LeRoy E\Desktop\FRST64.exe
2014-01-18 11:42 - 2014-01-18 11:42 - 00000000 ____D C:\Users\LeRoy E\AppData\Roaming\Systweak
2014-01-18 11:39 - 2014-01-06 12:16 - 00000000 ____D C:\AdwCleaner
2014-01-18 11:39 - 2009-07-13 23:45 - 00032096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-18 11:39 - 2009-07-13 23:45 - 00032096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-18 11:36 - 2014-01-18 11:38 - 01236282 _____ C:\Users\LeRoy E\Desktop\adwcleaner.exe
2014-01-16 17:39 - 2011-07-14 18:32 - 00000000 ___RD C:\Users\LeRoy E\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-16 17:38 - 2013-05-12 15:12 - 00001024 _____ C:\Users\LeRoy E\Desktop\Dropbox.lnk
2014-01-16 17:38 - 2013-05-12 14:59 - 00000000 ____D C:\Users\LeRoy E\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-15 22:19 - 2011-09-03 22:32 - 00138521 _____ C:\ProgramData\lxea.log
2014-01-06 16:28 - 2012-04-10 06:39 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-06 16:15 - 2011-07-14 20:51 - 00003938 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{E384D823-C75D-4720-9732-6C7489506EC8}
2014-01-06 16:12 - 2011-07-16 22:14 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-06 12:43 - 2014-01-06 12:43 - 00000000 ____D C:\FRST
2014-01-06 12:28 - 2014-01-06 12:28 - 00000000 ____D C:\Windows\ERUNT
2014-01-06 12:24 - 2014-01-06 12:26 - 01036305 _____ (Thisisu) C:\Users\LeRoy E\Desktop\JRT.exe
2014-01-06 12:17 - 2014-01-01 08:11 - 00002896 _____ C:\Windows\System32\Tasks\AutoKMS
2014-01-06 12:17 - 2013-12-25 16:37 - 00000266 _____ C:\Windows\Tasks\AutoKMS.job
2014-01-06 12:14 - 2013-06-07 16:29 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
2014-01-06 12:14 - 2013-06-03 07:38 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2014-01-06 12:14 - 2011-07-16 22:14 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-03 15:24 - 2009-07-14 00:13 - 00796210 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-03 15:20 - 2011-11-23 14:55 - 00000000 ____D C:\KS600n5
2014-01-01 08:08 - 2013-05-15 20:01 - 00091700 _____ C:\Windows\PFRO.log
2013-12-31 11:12 - 2013-11-13 18:31 - 00000000 ____D C:\Program Files (x86)\Quicken
2013-12-31 10:52 - 2011-07-14 20:40 - 00130624 _____ C:\Users\LeRoy E\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-31 10:52 - 2009-07-14 00:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-12-31 10:52 - 2009-07-13 23:45 - 00455456 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-30 17:29 - 2013-12-30 17:28 - 00688992 ____R (Swearware) C:\Users\LeRoy E\Downloads\dds.com
2013-12-30 16:32 - 2011-11-12 09:58 - 00000000 ____D C:\Users\LeRoy E\AppData\Roaming\TeamViewer
2013-12-30 16:31 - 2013-12-30 16:31 - 00001050 _____ C:\Users\Public\Desktop\TeamViewer 9.lnk
2013-12-30 16:31 - 2011-11-12 09:52 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2013-12-30 16:04 - 2013-12-30 14:57 - 00000000 ____D C:\v2d
2013-12-30 16:02 - 2013-12-30 16:01 - 00000000 ____D C:\ProgramData\Freemake
2013-12-30 16:01 - 2013-12-30 16:01 - 00000000 ____D C:\Users\LeRoy E\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
2013-12-30 16:01 - 2013-12-30 15:57 - 00000000 ____D C:\Program Files (x86)\Freemake
2013-12-30 15:58 - 2013-12-30 15:58 - 00000000 ____D C:\Users\LeRoy E\Documents\Freemake
2013-12-30 15:52 - 2013-12-30 15:52 - 00001090 _____ C:\Users\LeRoy E\Desktop\Documents - Shortcut.lnk
2013-12-30 15:52 - 2013-12-30 15:52 - 00000000 ____D C:\Users\LeRoy E\Documents\DreamVideoSoft
2013-12-30 15:48 - 2013-12-30 15:51 - 11044621 _____ (TopVideoSoft,Inc.                                           ) C:\Users\LeRoy E\Desktop\MKV2DVDSetup.exe
2013-12-30 15:03 - 2013-12-30 14:57 - 00000000 ____D C:\Program Files (x86)\Free MKV Video2Dvd
2013-12-30 14:57 - 2013-12-30 14:57 - 00001006 _____ C:\Users\LeRoy E\Desktop\Total Video Player.lnk
2013-12-30 14:57 - 2013-12-30 14:57 - 00001006 _____ C:\Users\LeRoy E\Desktop\Free MKV Video2Dvd.lnk
2013-12-30 14:01 - 2011-12-19 15:24 - 00000000 ____D C:\Users\LeRoy E\AppData\Roaming\mIRC
2013-12-25 17:02 - 2011-07-14 20:31 - 00000000 ____D C:\Users\LeRoy E\Documents\Outlook Files
2013-12-25 16:43 - 2013-12-25 15:59 - 00000000 ____D C:\Users\LeRoy E\Desktop\backups
2013-12-25 16:42 - 2013-05-12 16:13 - 00000000 ____D C:\Program Files (x86)\Price Check by AOL
2013-12-25 16:37 - 2013-12-25 15:59 - 00020830 _____ C:\Users\LeRoy E\Desktop\hijackthis.log
2013-12-25 15:57 - 2013-12-25 15:56 - 00012565 _____ C:\Windows\wininit.ini
2013-12-25 15:54 - 2013-12-25 15:13 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-12-25 15:54 - 2011-07-14 18:32 - 00000000 ____D C:\Users\LeRoy E
2013-12-25 15:15 - 2013-12-25 15:13 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-12-25 15:14 - 2013-12-25 15:14 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-12-25 15:13 - 2013-12-25 15:13 - 00001339 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2013-12-25 14:49 - 2013-12-25 14:49 - 00000000 ____D C:\ProgramData\Microsoft Toolkit
2013-12-25 13:24 - 2013-12-25 13:24 - 00000000 ____D C:\Users\LeRoy E\AppData\Local\Intuit
2013-12-24 10:29 - 2013-03-03 10:30 - 00000244 _____ C:\Windows\Tasks\ARO 2013.job
2013-12-23 10:56 - 2013-12-23 10:56 - 00002258 _____ C:\Users\LeRoy E\Desktop\SpyHunter.lnk
2013-12-23 10:56 - 2013-12-23 10:56 - 00000000 ____D C:\Users\LeRoy E\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2013-12-23 10:56 - 2013-12-23 10:56 - 00000000 ____D C:\sh4ldr
2013-12-23 10:56 - 2013-12-23 10:56 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-12-23 10:56 - 2013-12-23 10:56 - 00000000 _____ C:\autoexec.bat
2013-12-23 10:56 - 2013-12-23 10:55 - 00000000 ____D C:\Windows\72AAF4551E54475BB0AB5413C78D0E63.TMP
2013-12-23 10:54 - 2013-12-23 10:54 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\LeRoy E\Downloads\SpyHunter-Installer.exe
2013-12-23 07:09 - 2013-12-09 15:22 - 00000161 _____ C:\extensions.ini
2013-12-23 07:08 - 2013-12-23 07:08 - 00000000 ____D C:\Program Files (x86)\WebexpEnhancedV1
 
Files to move or delete:
====================
C:\ProgramData\PKP_DLdu.DAT
C:\ProgramData\PKP_DLdw.DAT
 
 
Some content of TEMP:
====================
C:\Users\LeRoy E\AppData\Local\Temp\5g4u4w5s.dll
C:\Users\LeRoy E\AppData\Local\Temp\brprvurn.dll
C:\Users\LeRoy E\AppData\Local\Temp\dnd2p3fm.dll
C:\Users\LeRoy E\AppData\Local\Temp\dysw5fp1.dll
C:\Users\LeRoy E\AppData\Local\Temp\FreemakeVideoConverter_4.1.2.1.exe
C:\Users\LeRoy E\AppData\Local\Temp\ijq3osga.dll
C:\Users\LeRoy E\AppData\Local\Temp\Quarantine.exe
C:\Users\LeRoy E\AppData\Local\Temp\tnlzlqib.dll
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-12-30 11:22
 
==================== End Of Log ============================

 



#11 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,310 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:07:07 PM

Posted 18 January 2014 - 10:05 PM

Hi,
 
 
Please download the following file => and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 
 
Regards,
Georgi
 


cXfZ4wS.png


#12 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,310 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:07:07 PM

Posted 30 January 2014 - 09:31 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

cXfZ4wS.png


#13 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,310 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:07:07 PM

Posted 31 January 2014 - 02:20 PM

Topic unlocked due to user request...

 

 

Regards,

Georgi


cXfZ4wS.png


#14 sminnick

sminnick
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:07 PM

Posted 31 January 2014 - 03:16 PM

Hello, thanks...here is the report:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-01-2014 03
Ran by LeRoy E at 2014-01-31 14:19:13 Run:1
Running from C:\Users\LeRoy E\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
HKCU\...\Run: [TBHostSupport] - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\LeRoy E\AppData\Local\TBHostSupport\TBHostSupport_0.dll",DLLRunTBHostSupportPlugin <===== ATTENTION
C:\Users\LeRoy E\AppData\Local\TBHostSupport
AppInit_DLLs:   [ ] ()
AppInit_DLLs-x32:    [ ] ()
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
C:\Program Files\McAfee Security Scan
cmd: netsh winsock reset
CHR DefaultSearchKeyword: ask search
CHR DefaultSearchProvider: Ask Search
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\\npsitesafety.dll No File
CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files (x86)\RadioRage_4j\bar\1.bin\NP4jStub.dll No File
CHR Extension: (Webexp Enhanced) - C:\Users\LeRoy E\AppData\Local\Google\Chrome\User Data\Default\Extensions\bglblameccgldkbdmokgmkglebggddoi [2013-12-23]
CHR Extension: (CostMin) - C:\Users\LeRoy E\AppData\Local\Google\Chrome\User Data\Default\Extensions\kknahamipfkpmogohibdpaobamecmjgp [2013-08-21]
CHR Extension: (GreatArcadeHits Add-on) - C:\Users\LeRoy E\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh [2013-11-30]
CHR HKCU\...\Chrome\Extension: [alohidmgbcbmihbeifnnadoogmpfehjd] - C:\Users\LeRoy E\AppData\Local\CRE\alohidmgbcbmihbeifnnadoogmpfehjd.crx [2013-11-30]
CHR HKLM-x32\...\Chrome\Extension: [alohidmgbcbmihbeifnnadoogmpfehjd] - C:\Users\LeRoy E\AppData\Local\CRE\alohidmgbcbmihbeifnnadoogmpfehjd.crx [2013-11-30]
CHR HKLM-x32\...\Chrome\Extension: [bglblameccgldkbdmokgmkglebggddoi] - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha267\ch\WebexpEnhancedV1alpha267.crx [2013-12-19]
CHR HKLM-x32\...\Chrome\Extension: [kmgeophbbmfgkjghdgfgelpipdoclljo] - C:\Program Files (x86)\LyricsSpeaker\120.crx [2013-12-19]
CHR HKLM-x32\...\Chrome\Extension: [mmifolfpllfdhilecpdpmemhelmanajl] - C:\Program Files (x86)\BetterSurf\BetterSurfPlus\ch\BetterSurfPlus.crx [2013-12-19]
CHR HKLM-x32\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\LEROYE~1\AppData\Local\Temp\ccex.crx [2013-12-19]
CHR HKLM-x32\...\Chrome\Extension: [pljcgbedjplidkdjahbaalanadmjfgop] - C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ-V7C\CRX\ToolbarCR.crx [2013-12-19]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
2014-01-18 11:42 - 2014-01-18 11:42 - 00000000 ____D C:\Users\LeRoy E\AppData\Roaming\Systweak
2013-12-23 07:08 - 2013-12-23 07:08 - 00000000 ____D C:\Program Files (x86)\WebexpEnhancedV1
C:\Users\LeRoy E\appdata\local\Google\Chrome\User Data\Default\Extensions\ojcgaoafcmbadjkfdippkdddgkeaipbn
C:\Users\LeRoy E\AppData\Local\Temp
end

*****************

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\TBHostSupport => Value deleted successfully.
"C:\Users\LeRoy E\AppData\Local\TBHostSupport" => File/Directory not found.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} => Key not found.
HKCR\Wow6432Node\CLSID\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} => Key not found.
"C:\Program Files\McAfee Security Scan" => File/Directory not found.

=========  netsh winsock reset =========

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.

========= End of CMD: =========

CHR DefaultSearchKeyword: ask search ==> The Chrome "Settings" can be used to fix the entry.
CHR DefaultSearchProvider: Ask Search ==> The Chrome "Settings" can be used to fix the entry.
C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\\npsitesafety.dll not found.
C:\Program Files (x86)\RadioRage_4j\bar\1.bin\NP4jStub.dll not found.
CHR Extension: (Webexp Enhanced) - C:\Users\LeRoy E\AppData\Local\Google\Chrome\User Data\Default\Extensions\bglblameccgldkbdmokgmkglebggddoi [2013-12-23] directory not found.
CHR Extension: (CostMin) - C:\Users\LeRoy E\AppData\Local\Google\Chrome\User Data\Default\Extensions\kknahamipfkpmogohibdpaobamecmjgp [2013-08-21] directory not found.
CHR Extension: (GreatArcadeHits Add-on) - C:\Users\LeRoy E\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh [2013-11-30] directory not found.
HKCU\SOFTWARE\Google\Chrome\Extensions\alohidmgbcbmihbeifnnadoogmpfehjd => Key deleted successfully.
"C:\Users\LeRoy E\AppData\Local\CRE\alohidmgbcbmihbeifnnadoogmpfehjd.crx" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\alohidmgbcbmihbeifnnadoogmpfehjd => Key deleted successfully.
"C:\Users\LeRoy E\AppData\Local\CRE\alohidmgbcbmihbeifnnadoogmpfehjd.crx" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bglblameccgldkbdmokgmkglebggddoi => Key deleted successfully.
C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha267\ch\WebexpEnhancedV1alpha267.crx => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\kmgeophbbmfgkjghdgfgelpipdoclljo => Key deleted successfully.
"C:\Program Files (x86)\LyricsSpeaker\120.crx" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mmifolfpllfdhilecpdpmemhelmanajl => Key deleted successfully.
"C:\Program Files (x86)\BetterSurf\BetterSurfPlus\ch\BetterSurfPlus.crx" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc => Key deleted successfully.
"C:\Users\LEROYE~1\AppData\Local\Temp\ccex.crx" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pljcgbedjplidkdjahbaalanadmjfgop => Key deleted successfully.
"C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ-V7C\CRX\ToolbarCR.crx" => File/Directory not found.
McComponentHostService => Service not found.
C:\Users\LeRoy E\AppData\Roaming\Systweak => Moved successfully.
C:\Program Files (x86)\WebexpEnhancedV1 => Moved successfully.
"C:\Users\LeRoy E\appdata\local\Google\Chrome\User Data\Default\Extensions\ojcgaoafcmbadjkfdippkdddgkeaipbn" => File/Directory not found.

"C:\Users\LeRoy E\AppData\Local\Temp" directory move:

C:\Users\LeRoy E\AppData\Local\Temp\5g4u4w5s.0.cs => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\5g4u4w5s.cmdline => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\5g4u4w5s.dll => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\5g4u4w5s.err => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\5g4u4w5s.out => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\5g4u4w5s.tmp => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\a25faf3f-b031-40bc-bf2c-21cc033bbd28.dmp => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\AdobeARM.log => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\AdwCleaner.jpg => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\AiBack_59DB31A9_BCB0_4985_ACA6_F6477C7BE367.bak => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\Attach.txt => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\brprvurn.0.cs => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\brprvurn.dll => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\brprvurn.tmp => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\chrome_installer.log => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\Cleaning.ico => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\CVR4879.tmp.cvr => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\CVRD72C.tmp.cvr => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\CVRF3DD.tmp.cvr => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\CVRFF46.tmp.cvr => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\dat86A5.tmp => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\dat8819.tmp => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\dat8887.tmp => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\dat88E5.tmp => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\dat8954.tmp => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\dat8B19.tmp => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\dat8BA6.tmp => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\dat8BF5.tmp => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\dat8BF6.tmp => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\dat8BF7.tmp => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\dat97C3.tmp => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\dat98E8.tmp => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\dat99B4.tmp => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\dat9A9F.tmp => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\dat9BB9.tmp => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\dat9CB3.tmp => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\dat9DEC.tmp => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\dat9EB8.tmp => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\dat9F74.tmp => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\dat9F75.tmp => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\DDS.txt => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\dnd2p3fm.0.cs => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\dnd2p3fm.cmdline => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\dnd2p3fm.dll => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\dnd2p3fm.err => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\dnd2p3fm.out => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\dnd2p3fm.tmp => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\Donate.ico => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\dqlq1a5b.0.cs => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\dqlq1a5b.cmdline => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\dqlq1a5b.dll => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\dqlq1a5b.err => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\dqlq1a5b.out => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\dqlq1a5b.tmp => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\dysw5fp1.0.cs => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\dysw5fp1.cmdline => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\dysw5fp1.dll => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\dysw5fp1.err => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\dysw5fp1.out => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\dysw5fp1.tmp => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\EsgScanner.inf => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\ESGScanner.sys => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\etilqs_1NLDI4P7qnIHtPk => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\etilqs_5Opdf6AhsjjeeYp => Moved successfully.
Could not move "C:\Users\LeRoy E\AppData\Local\Temp\etilqs_9pHEzyXfmteVo4J" => Scheduled to move on reboot.
C:\Users\LeRoy E\AppData\Local\Temp\etilqs_CuAzNce64myKkxa => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\etilqs_dGSIS5sAwGKjoeu => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\etilqs_ggMPNRsQhfxgumu => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\etilqs_h4BygSvWy9OCWv6 => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\etilqs_ha3hKvJvCqIqQgg => Moved successfully.
Could not move "C:\Users\LeRoy E\AppData\Local\Temp\etilqs_HZxAEdskiVr40Zc" => Scheduled to move on reboot.
C:\Users\LeRoy E\AppData\Local\Temp\etilqs_itUMpPm8saar6th => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\etilqs_j5y392nvvtfsFeI => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\etilqs_jFbecx6IKZ1OusU => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\etilqs_k53bPc0dX83R184 => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\etilqs_KBixVdFbbOYEnAc => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\etilqs_llfgdQtcnPekawp => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\etilqs_o8GLezwZI38EF1I => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\etilqs_RBAQMNftfae25xN => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\etilqs_TXhxpl4OXBlVoEq => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\etilqs_VrcrggxdkJfFmpf => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\etilqs_vX0Ki3YCGkuGZbx => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\etilqs_XUPeRaX2lYdLHD1 => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\etilqs_Y3MbgebiNyb2ZG2 => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\etilqs_zTNMy9TaBImbTQg => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\FreemakeVideoConverter_4.1.2.1.exe => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\FreemakeVideoConverter_4.1.2.1.exe_1 => Moved successfully.
Could not move "C:\Users\LeRoy E\AppData\Local\Temp\FXSAPIDebugLogFile.txt" => Scheduled to move on reboot.
C:\Users\LeRoy E\AppData\Local\Temp\geyb4ghj.0.cs => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\geyb4ghj.cmdline => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\geyb4ghj.dll => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\geyb4ghj.err => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\geyb4ghj.out => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\geyb4ghj.tmp => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\hosts.bk => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\ijq3osga.0.cs => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\ijq3osga.cmdline => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\ijq3osga.dll => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\ijq3osga.err => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\ijq3osga.out => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\ijq3osga.tmp => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\InstalledProductReport.xml => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\JavaDeployReg.log => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\JRT.txt => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\jusched.log => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\LuUpdater.log => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\mirc732.exe => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\MpCmdRun.log => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\MSI6871c.LOG => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\MSIAFTERBURNERSETUP.EXE => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\Report.ico => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\respFromCa.xml => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\Scan.ico => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\send2ca.xml => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\Setup Log 2013-12-30 #001.txt => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\Setup Log 2013-12-30 #002.txt => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\Setup Log 2013-12-30 #003.txt => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\Setup Log 2013-12-30 #004.txt => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\SETUP_AFTERBURNER.EXE => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\spr5.htm => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\StructuredQuery.log => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\System.Data.SQLite.dll => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\system.ini.bk => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\tnlzlqib.0.cs => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\tnlzlqib.cmdline => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\tnlzlqib.dll => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\tnlzlqib.err => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\tnlzlqib.out => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\tnlzlqib.tmp => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\TWAIN.LOG => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\Twain001.Mtx => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\Twunk001.MTX => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\Twunk002.MTX => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\Uninstall.ico => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\users00 => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\vrneahts.0.cs => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\vrneahts.cmdline => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\vrneahts.dll => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\vrneahts.err => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\vrneahts.out => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\vrneahts.tmp => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\win.ini.bk => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\wmplog00.sqm => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\wmplog01.sqm => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\wmsetup.log => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\yb4oiwv1.0.cs => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\yb4oiwv1.cmdline => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\yb4oiwv1.dll => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\yb4oiwv1.err => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\yb4oiwv1.out => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\yb4oiwv1.tmp => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\{070C07FB-CC87-49E7-B854-07788AF297DF}.tmp => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\{6FACE1A8-A7C5-4136-834F-7B21AA078146}.tmp => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\{9FF5CDCF-821E-4B40-B577-2550AE55CADA}.tmp => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\{EAB98E8B-8613-4F15-9B27-91352BFE633D}.tmp => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\{F111C104-177F-40C3-9DFD-8C0050B9D1F3}.tmp => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\{F258A572-1EDD-4C2F-A829-04E0E4DC264D}.tmp => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\~C100.tmp => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\~DF21CFC7BEAED445F8.TMP => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\~DF4787432AB4E93F83.TMP => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\~DF6831F9FC1FFAF556.TMP => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\~DF7D9AF25042AA1384.TMP => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\~DFECFC999159E5C83A.TMP => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\~DFEDEE53DC7D223EE4.TMP => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\~DFF148BA47F46A066D.TMP => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\TeamViewer\Version8\TV9Install.log => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\nslA0C3.tmp\DropboxNSISTools.dll => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\nslA0C3.tmp\UAC.dll => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\MSS\3.8.130.10\ftconfig.ini => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\MSS\3.8.130.10\mcbrwsr2.dll => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\MSS\3.8.130.10\McInstallerRes.dll => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\MSS\3.8.130.10\McInstallerRes_LD.dll => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\MSS\3.8.130.10\McInstallerStartup.dll => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\MSS\3.8.130.10\McUICnt.exe => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\MSS\3.8.130.10\SecurityScanner.dll => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\MSS\3.8.130.10\uninstaller.ini => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\MATS-Temp\Results\IE Performance and Safety_result.cab => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\Low\JavaDeployReg.log => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\jrt\APPID_clsid.dat => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\jrt\APPID_files.dat => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\jrt\appinit64_null.reg => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\jrt\appinit_null.reg => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\jrt\APPPATHS.dat => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\jrt\APPROVEDEXTENSIONS_clsid.dat => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\jrt\ask.bat => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\jrt\askCLSID.dat => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\jrt\askregkey_x64.dat => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\jrt\askregkey_x86.dat => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\jrt\askregvalue_x64.dat => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\jrt\askregvalue_x86.dat => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\jrt\askservices.dat => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\jrt\badAPPINIT.dat => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\jrt\badFOLDERS.cfg => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\jrt\badFOLDERScom.cfg => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\jrt\badFOLDERSstart.cfg => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\jrt\badLNK.cfg => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\jrt\badvalues.cfg => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\jrt\BHO_clsid.dat => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\jrt\BHO_name.dat => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\jrt\browsermngr_keys.cfg => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\jrt\browsermngr_values.cfg => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\jrt\CHOICE.DAT => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\jrt\chrome.bat => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\jrt\CHRregkey_x64.cfg => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\jrt\CHRregkey_x86.cfg => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\jrt\CHR_extensions.cfg => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\jrt\CHR_open_x64.reg => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\jrt\CHR_open_x86.reg => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\jrt\clean_shortcut.vbs => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\jrt\CLSID_clsid.dat => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\jrt\currentmd5.txt => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\jrt\CUT.DAT => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\jrt\datamngr_del.reg => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\jrt\defaultscope.cfg => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\jrt\delfolders.bat => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\jrt\delorphans.bat => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\jrt\ELEVATIONPOLICY_clsid.dat => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\jrt\ev_clear.bat => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\jrt\EXT.dat => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\jrt\FFbrowsermngr.dat => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\jrt\FFextensions.dat => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\jrt\FFpluginREG.dat => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\jrt\FFplugins.dat => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\jrt\FFprefs.dat => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\jrt\FFregkey_x64.dat => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\jrt\FFregkey_x86.dat => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\jrt\FFwhtlist.cfg => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\jrt\FFXML.dat => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\jrt\FFXPI.dat => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\jrt\FF_open_x64.reg => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\jrt\FF_open_x86.reg => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\jrt\firefox.bat => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\jrt\FWCLSID.dat => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\jrt\FWPolicy.bat => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\jrt\get.bat => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\jrt\IEwhtlst.cfg => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\jrt\iexplore.bat => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\jrt\IE_open_x64.reg => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\jrt\IE_open_x86.reg => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\jrt\IFEO.dat => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\jrt\INTERFACE_clsid.dat => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\jrt\JRT.bat => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\jrt\medfos.bat => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\jrt\MENUEXT.dat => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\jrt\misc.bat => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\jrt\modules.bat => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\jrt\modules.dat => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\jrt\moduleservices.dat => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\jrt\newmd5.txt => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\jrt\NIRCMD.DAT => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\jrt\NOTIFY.dat => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\jrt\PREAPPROVED_clsid.dat => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\jrt\prelim.bat => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\jrt\PRODUCTS.dat => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\jrt\REGhcr.cfg => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\jrt\REGhkcu_and_hklm_allow.cfg => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\jrt\REGhkcu_and_hklm_software.cfg => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\jrt\REGhkcu_software_appdatalow.cfg => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\jrt\REGhkcu_software_microsoft.cfg => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\jrt\REGhklm_software_classes.cfg => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\jrt\REGISTRYUSERSID.cfg => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\jrt\runvalues.bat => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\jrt\runvalues_x64.cfg => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\jrt\runvalues_x86.cfg => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\jrt\S1518COMPONENTS.dat => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\jrt\searchlnk.bat => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\jrt\SED.DAT => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\jrt\sednewline.txt => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\jrt\services.dat => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\jrt\serviceseventlog.cfg => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\jrt\SETTINGS_clsid.dat => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\jrt\SHORTCUT.DAT => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\jrt\STATS_clsid.dat => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\jrt\TDL4.bat => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\jrt\TRACING.dat => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\jrt\TYPELIB_clsid.dat => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\jrt\UNINSTALL.dat => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\jrt\UpgradeCodes.dat => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\jrt\WGET.DAT => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\jrt\WOW6432NODE.dat => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\jrt\temp\null.txt => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\jrt\erunt\ERDNT.E_E => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\jrt\erunt\ERDNTDOS.LOC => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\jrt\erunt\ERDNTWIN.LOC => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\jrt\erunt\ERUNT.EXE => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\jrt\erunt\ERUNT.EXE.manifest => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\jrt\erunt\ERUNT.LOC => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\jrt\erunt\README.TXT => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\7952_26974\crl-set => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\7952_26974\manifest.fingerprint => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\7952_26974\manifest.json => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\7208_18600\crl-set => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\7208_18600\manifest.fingerprint => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\7208_18600\manifest.json => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\7072_973\crl-set => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\7072_973\manifest.fingerprint => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\7072_973\manifest.json => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\6512_11846\crl-set => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\6512_11846\manifest.fingerprint => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\6512_11846\manifest.json => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\6440_23569\crl-set => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\6440_23569\manifest.fingerprint => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\6440_23569\manifest.json => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\6352_8647\crl-set => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\6352_8647\manifest.fingerprint => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\6352_8647\manifest.json => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\6292_28816\crl-set => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\6292_28816\manifest.fingerprint => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\6292_28816\manifest.json => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\5928_22304\crl-set => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\5928_22304\manifest.fingerprint => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\5928_22304\manifest.json => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\5180_26750\crl-set => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\5180_26750\manifest.fingerprint => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\5180_26750\manifest.json => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\45420_19684\crl-set => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\45420_19684\manifest.fingerprint => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\45420_19684\manifest.json => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\3180_31808\crl-set => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\3180_31808\manifest.fingerprint => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\3180_31808\manifest.json => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\3080_29383\crl-set => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\3080_29383\manifest.fingerprint => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\3080_29383\manifest.json => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\2812_4985\crl-set => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\2812_4985\manifest.fingerprint => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\2812_4985\manifest.json => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\2676_22336\crl-set => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\2676_22336\manifest.fingerprint => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\2676_22336\manifest.json => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\2492_3198\crl-set => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\2492_3198\manifest.fingerprint => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\2492_3198\manifest.json => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\2468_32472\crl-set => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\2468_32472\manifest.fingerprint => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\2468_32472\manifest.json => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\2452_27541\crl-set => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\2452_27541\manifest.fingerprint => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\2452_27541\manifest.json => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\2448_6404\crl-set => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\2448_6404\manifest.fingerprint => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\2448_6404\manifest.json => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\2448_32014\crl-set => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\2448_32014\manifest.fingerprint => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\2448_32014\manifest.json => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\2448_30639\crl-set => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\2448_30639\manifest.fingerprint => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\2448_30639\manifest.json => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\2448_29748\crl-set => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\2448_29748\manifest.fingerprint => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\2448_29748\manifest.json => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\2448_27481\crl-set => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\2448_27481\manifest.fingerprint => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\2448_27481\manifest.json => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\2448_19219\crl-set => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\2448_19219\manifest.fingerprint => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\2448_19219\manifest.json => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\2448_18475\crl-set => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\2448_18475\manifest.fingerprint => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\2448_18475\manifest.json => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\2448_17426\crl-set => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\2448_17426\manifest.fingerprint => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\2448_17426\manifest.json => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\2448_16670\crl-set => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\2448_16670\manifest.fingerprint => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\2448_16670\manifest.json => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\2448_15870\crl-set => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\2448_15870\manifest.fingerprint => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\2448_15870\manifest.json => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\2440_4456\crl-set => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\2440_4456\manifest.fingerprint => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\2440_4456\manifest.json => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\2440_22318\crl-set => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\2440_22318\manifest.fingerprint => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\2440_22318\manifest.json => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\2368_12580\crl-set => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\2368_12580\manifest.fingerprint => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\2368_12580\manifest.json => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\2368_10434\crl-set => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\2368_10434\manifest.fingerprint => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\2368_10434\manifest.json => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\2332_22782\crl-set => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\2332_22782\manifest.fingerprint => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\2332_22782\manifest.json => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\140_11914\crl-set => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\140_11914\manifest.fingerprint => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\140_11914\manifest.json => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\10588_32593\crl-set => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\10588_32593\manifest.fingerprint => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\10588_32593\manifest.json => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\10072_27181\crl-set => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\10072_27181\manifest.fingerprint => Moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\10072_27181\manifest.json => Moved successfully.
Could not move "C:\Users\LeRoy E\AppData\Local\Temp" directory. => Scheduled to move on reboot.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-01-31 14:23:14)<=

C:\Users\LeRoy E\AppData\Local\Temp\etilqs_9pHEzyXfmteVo4J => Is moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\etilqs_HZxAEdskiVr40Zc => Is moved successfully.
C:\Users\LeRoy E\AppData\Local\Temp\FXSAPIDebugLogFile.txt => Moved successfully.
"C:\Users\LeRoy E\AppData\Local\Temp" => Directory could not move.

==== End of Fixlog ====



#15 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,310 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:07:07 PM

Posted 31 January 2014 - 06:13 PM

Hi,

 

How are things now?

 

I want to make sure there is nothing lurking on the system so just in case I want you to go through these steps:

 

 

STEP 1

 

 

  • Please download RKill by Grinler from the link below and save it to your desktop.

    Rkill
  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply.
  • A log pops up at the end of the run. This log file is located at C:\rkill.log.
  • Please post the log in your next reply.

 

 

STEP 2

 

  • Please download RogueKiller.exe and save to the desktop.
  • Close all windows and browsers
  • Right-click the program and select 'Run as Administrator'
  • Press the scan button.
  • A report opens on the desktop named - RKreport.txt
  • Please copy and past the results at pastebin.com and post the link to the log in your next reply.

 

 

STEP 3
 

 

Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    image000q.png
  • Put a checkmark beside loaded modules.
    Sbf88.png
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
    JtwHB.png
  • Click the Start Scan button.
    19695967.jpg
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    67776163.jpg
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    62117367.jpg
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed!!
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and past the results at pastebin.com and post the link to the log in your next reply.

 

 

STEP 4

 

 

  • Please download the newest version of Malwarebytes' Anti-Malware and install it.
  • Please start the application by double-click on it's icon.
  • Once the program has loaded go to the UPDATE tab and check for updates.
  • When the update is complete, select the Scanner tab
  • Select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad.
  • Please save it to a convenient location and post the results in your next reply.

 

 

STEP 5

 

 

1.Please download HitmanPro.

  • For 32-bit Operating System - dEMD6.gif.
  • This is the mirror - dEMD6.gif
  • For 64-bit Operating System - dEMD6.gif
  • This is the mirror - dEMD6.gif

2.Launch the program by double clicking on the 5vo5F.jpg icon. (Windows Vista/7 users right click on the HitmanPro icon and select run as administrator).

Note: If the program won't run please then open the program while holding down the left CTRL key until the program is loaded.

3.Click on the next button. You must agree with the terms of EULA. (if asked)

4.Check the box beside "No, I only want to perform a one-time scan to check this computer".

5.Click on the next button.

6.The program will start to scan the computer. The scan will typically take no more than 2-3 minutes.

7.When the scan is done click on drop-down menu of the found entries (if any) and choose - Apply to all => Ignore <= IMPORTANT!!!
 
8.Click on the next button.

9.Click on the "Save Log" button.

10.Save that file to your desktop and post the content of that file in your next reply.
 
Note: if there isn't a dropdown menu when the scan is done then please don't delete anything and close HitmanPro

Navigate to C:\ProgramData\HitmanPro\Logs open the report and copy and paste it to your next reply.

 

 

 

STEP 6

 

 

Download Security Check by screen317 from here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

and then if there aren't any issues left I'll give you my final recommendations. :)

 

 

Regards,

Georgi


cXfZ4wS.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users