Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Snapdo and Search Conduit have infiltrated my browsers


  • This topic is locked This topic is locked
21 replies to this topic

#1 mattbiel

mattbiel

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:05:31 AM

Posted 17 April 2014 - 09:57 PM

In the past I have been able to clean these up by running Malwarebytes and then going into my browsers and changing the settings back for the search preferences and start page.  However, I have been unable to rid myself of them this time!  Malwarebytes, RogueKiller, MSE, ADWCleaner have all been unsuccessful at removing these.  

if you are able to help I will be very grateful.  DDS logs attached.

 

Thank you!

Attached Files



BC AdBot (Login to Remove)

 


#2 Jo*

Jo*

  • Malware Response Team
  • 3,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:31 PM

Posted 18 April 2014 - 05:47 AM

:welcome:

Hello mattbiel,

my name is Jo and I will help you with your computer problems.



Please follow these guidelines:
  • Logs can take a while to research, so please be patient.
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

***


1. Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

***


2. Download OTL to your desktop.
  • Double click on the icon to run it.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
    Note: These logs can be located in the OTL folder on your C:\ drive if they fail to open automatically.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#3 mattbiel

mattbiel
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:05:31 AM

Posted 18 April 2014 - 01:41 PM

Thank you Jo!

 

I will post each log in it's own reply.  First one here:
 

 Results of screen317's Security Check version 0.99.82  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 7 Update 51  
 Java version out of Date! 
 Adobe Flash Player 13.0.0.182  
 Adobe Reader 10.1.9 Adobe Reader out of Date!  
 Mozilla Firefox (28.0) 
 Google Chrome 33.0.1750.117  
 Google Chrome 33.0.1750.154  
````````Process Check: objlist.exe by Laurent````````  
 Common Files Microsoft Shared Windows Live AvastSvc.exe -?- 
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log`````````````````````` 

second log:

 

OTL logfile created on: 4/18/2014 11:20:26 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Bruce\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
5.98 Gb Total Physical Memory | 3.87 Gb Available Physical Memory | 64.73% Memory free
11.97 Gb Paging File | 8.43 Gb Available in Paging File | 70.44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 919.87 Gb Total Space | 829.58 Gb Free Space | 90.18% Space Free | Partition Type: NTFS
Drive D: | 11.54 Gb Total Space | 1.41 Gb Free Space | 12.23% Space Free | Partition Type: NTFS
 
Computer Name: BRUCE-HP | User Name: Bruce | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Bruce\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
PRC - C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASC.exe (IObit)
PRC - C:\Users\Bruce\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
PRC - C:\Program Files (x86)\Google\Chrome Remote Desktop\33.0.1750.125\remoting_host.exe (Google Inc.)
PRC - C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe (IObit)
PRC - C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe (IObit)
PRC - C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe (IObit)
PRC - C:\Users\Bruce\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Workspace\offSyncService.exe (Starfield Technologies)
PRC - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
PRC - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - c:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Desktop.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\TeamViewer\Version6\tv_w32.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe (Intuit Inc.)
PRC - C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe ()
PRC - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe ()
PRC - C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe (Citrix Systems, Inc.)
PRC - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
PRC - C:\Program Files (x86)\PDF Complete\pdfsvc.exe (PDF Complete Inc)
PRC - C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe (Roxio)
PRC - C:\Program Files (x86)\Logitech\Vid HD\Vid.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Bruce\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll ()
MOD - C:\Program Files (x86)\Amazon\Amazon1ButtonApp\AmazonExtIE.dll ()
MOD - C:\Program Files (x86)\IObit\Advanced SystemCare 7\Scan.dll ()
MOD - C:\Program Files (x86)\IObit\Advanced SystemCare 7\sqlite3.dll ()
MOD - C:\Users\Bruce\AppData\Roaming\Dropbox\bin\libcef.dll ()
MOD - C:\Program Files (x86)\IObit\Advanced SystemCare 7\madexcept_.bpl ()
MOD - C:\Program Files (x86)\IObit\Advanced SystemCare 7\maddisAsm_.bpl ()
MOD - C:\Program Files (x86)\IObit\Advanced SystemCare 7\madbasic_.bpl ()
MOD - C:\Program Files (x86)\IObit\Advanced SystemCare 7\webres.dll ()
MOD - C:\Program Files (x86)\Common Files\LogiShrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll ()
MOD - C:\Program Files (x86)\Common Files\LogiShrd\SharedBin\LvApi11.dll ()
MOD - C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\vpxmd.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\SDL.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtNetwork4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtCore4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qico4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qgif4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtWebKit4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtXml4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtSql4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtOpenGL4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtGui4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\phonon4.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (CarboniteService) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe (Carbonite, Inc. (www.carbonite.com))
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (STacSV) -- C:\Program Files\IDT\WDM\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (HPClientSvc) -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (HPSLPSVC) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (AESTFilters) -- C:\Program Files\IDT\WDM\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (GoToAssist Remote Support Customer) -- C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\637\g2ax_service.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (chromoting) -- C:\Program Files (x86)\Google\Chrome Remote Desktop\33.0.1750.125\remoting_host.exe (Google Inc.)
SRV - (AdvancedSystemCareService7) -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe (IObit)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (LiveUpdateSvc) -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe (IObit)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (File Backup) -- C:\Program Files (x86)\Workspace\offSyncService.exe (Starfield Technologies)
SRV - (QBCFMonitorService) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe (McAfee, Inc.)
SRV - (QBVSS) -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe (Intuit Inc.)
SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (pdfcDispatcher) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe (PDF Complete Inc)
SRV - (RoxioNow Service) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe (Roxio)
SRV - (QBFCService) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (SWDUMon) -- C:\Windows\SysNative\drivers\SWDUMon.sys ()
DRV:64bit: - (SmartDefragDriver) -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys (IObit)
DRV:64bit: - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys (AVG Technologies)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys ()
DRV:64bit: - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys ()
DRV:64bit: - (amdxhc) -- C:\Windows\SysNative\drivers\amdxhc.sys (Advanced Micro Devices, INC.)
DRV:64bit: - (amdhub30) -- C:\Windows\SysNative\drivers\amdhub30.sys (Advanced Micro Devices, INC.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (ctxusbm) -- C:\Windows\SysNative\drivers\ctxusbm.sys (Citrix Systems, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (BCMH43XX) -- C:\Windows\SysNative\drivers\bcmwlhigh664.sys (Broadcom Corporation)
DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices)
DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{ED2BD941-7D87-431E-87A2-CDFB26A577DC}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,NewTabPageShow = 1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.bing.com/search?q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.bing.com/search?q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {67C334C0-408D-4E6D-B5A7-0ADD6AFFA252}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,NewTabPageShow = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&CUI=UN28571847012905522&UM=2&ctid=CT3310511
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {7F4EFF06-7032-458e-AE16-1C1D8255C28A}
IE - HKCU\..\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}: "URL" = http://www-search.net/search.aspx?site=shdefault&pid=s&shr=d&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "SweetPacks Customized Web Search"
FF - prefs.js..browser.search.selectedEngine: "SweetPacks Customized Web Search"
FF - prefs.js..extensions.enabledAddons: ascsurfingprotection%40iobit.com:1.0
FF - prefs.js..extensions.enabledAddons: %7B635abd67-4fe9-1b23-4f01-e679fa7484c1%7D:3.2.3.20140326060057
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0
FF - prefs.js..searchreset.backup.browser.search.defaultenginename: "SweetPacks Customized Web Search"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@starfield.com/off: C:\Users\Bruce\AppData\Roaming\Mozilla\Plugins\npoff.dll ( Starfield Technologies, LLC.)
FF - HKCU\Software\MozillaPlugins\@starfield.com/off64: C:\Users\Bruce\AppData\Roaming\Mozilla\Plugins\npoff64.dll ( Starfield Technologies, LLC.)
FF - HKCU\Software\MozillaPlugins\@starfield.com/wbe: C:\Users\Bruce\AppData\Roaming\Mozilla\Plugins\npwbe.dll (Starfield Technology, LLC)
FF - HKCU\Software\MozillaPlugins\@starfield.com/wbe64: C:\Users\Bruce\AppData\Roaming\Mozilla\Plugins\npwbe64.dll (Starfield Technology, LLC)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/11/04 15:54:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2013/02/05 20:33:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bruce\AppData\Roaming\Mozilla\Extensions
[2014/04/15 14:45:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\i3vuxzt2.default-1395207302093\extensions
[2014/03/31 18:49:19 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\i3vuxzt2.default-1395207302093\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2014/03/21 10:18:54 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\i3vuxzt2.default-1395207302093\extensions\ascsurfingprotection@iobit.com
[2014/03/21 10:18:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_251650\extensions
[2014/03/21 10:18:55 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_251650\extensions\ascsurfingprotection@iobit.com
[2013/11/27 07:59:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_251650\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com
[2014/03/03 10:17:50 | 000,000,000 | ---D | M] (WordExtra) -- C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_251650\extensions\korey@markus.me
[2014/03/21 10:18:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions
[2013/11/27 07:59:49 | 000,000,000 | ---D | M] ("Snap.Do ") -- C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\{c5fef80d-9a57-ed95-539f-715295ca054a}
[2014/03/21 10:18:55 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\ascsurfingprotection@iobit.com
[2013/11/27 08:00:42 | 000,000,000 | ---D | M] ("LyricsMonkey-1") -- C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com
[2014/03/03 10:17:51 | 000,000,000 | ---D | M] (WordExtra) -- C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\korey@markus.me
[2013/11/27 08:00:42 | 000,000,000 | ---D | M] (Playtopus) -- C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\links@playtopus.com
[2013/11/27 08:00:42 | 000,000,000 | ---D | M] (SearchDonkey) -- C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\support@searchdonkeyapp.com
[2013/11/27 08:00:41 | 000,000,000 | ---D | M] (Tube Dimmer) -- C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\support@tubedimmerapp.com
[2013/11/27 08:00:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\extensionData
[2014/03/19 03:46:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\extensionData\plugins
[2013/11/27 08:00:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\extensionData\userCode
[2014/04/14 17:19:30 | 000,324,918 | ---- | M] () (No name found) -- C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\i3vuxzt2.default-1395207302093\extensions\abb@amazon.com.xpi
[2013/11/18 10:35:26 | 000,007,374 | ---- | M] () (No name found) -- C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\{badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9}.xpi
[2014/04/01 07:00:08 | 000,002,340 | ---- | M] () -- C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\i3vuxzt2.default-1395207302093\searchplugins\amazon.xml
[2014/03/31 13:36:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/03/31 13:36:53 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/03/31 13:36:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions
[2014/03/31 13:36:45 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Users\Bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_1\
CHR - Extension: SweetPacks = C:\Users\Bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\banjjklfojcdbofbhbgiedekefohoaff\10.29.0.520_0\
CHR - Extension: SweetPacks = C:\Users\Bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\banjjklfojcdbofbhbgiedekefohoaff\10.29.0.520_0\nativeMessaging\nmHost
CHR - Extension: Vafmusic2 = C:\Users\Bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.29.0.520_0\
CHR - Extension: Vafmusic2 = C:\Users\Bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.29.0.520_0\nativeMessaging\nmHost
CHR - Extension: InternetHelper3.1 A1 = C:\Users\Bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\epiggbpnpeipncloelnecejhmipiohhh\10.29.0.520_0\
CHR - Extension: InternetHelper3.1 A1 = C:\Users\Bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\epiggbpnpeipncloelnecejhmipiohhh\10.29.0.520_0\nativeMessaging\nmHost
CHR - Extension: Chrome Remote Desktop = C:\Users\Bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\34.0.1847.90_0\
CHR - Extension: Chrome Remote Desktop = C:\Users\Bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\34.0.1847.90_0\~
CHR - Extension: avast! WebRep = C:\Users\Bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\
CHR - Extension: VisualBee V.12 = C:\Users\Bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpkgnchjblgnciiopegmabnakdoapgkj\10.29.0.520_0\
CHR - Extension: VisualBee V.12 = C:\Users\Bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpkgnchjblgnciiopegmabnakdoapgkj\10.29.0.520_0\nativeMessaging\nmHost
CHR - Extension: Google Wallet = C:\Users\Bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Amazon 1Button App for Chrome = C:\Users\Bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam\4.2014.409.0_0\
CHR - Extension: Amazon 1Button App for Chrome = C:\Users\Bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam\4.2014.411.0_0\
 
Hosts file not found
O2:64bit: - BHO: (ExplorerWnd Helper) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
O2:64bit: - BHO: (The Amazon 1Button App for IE) - {26B19FA4-E8A1-4A1B-A163-1A1E46F830DD} - C:\Program Files (x86)\Amazon\Amazon1ButtonApp\AmazonAppIE64.dll (Amazon Inc.)
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (The Amazon 1Button App for IE) - {26B19FA4-E8A1-4A1B-A163-1A1E46F830DD} - C:\Program Files (x86)\Amazon\Amazon1ButtonApp\AmazonAppIE.dll (Amazon Inc.)
O2 - BHO: (no name) - {42435041-2D53-4154-00A7-7A786E7484D7} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {42435041-2D53-4154-00A7-7A786E7484D7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42435041-2D53-4154-00A7-7A786E7484D7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42435041-3300-A76A-76A7-7A786E7484D7} - No CLSID value found.
O4:64bit: - HKLM..\Run: [BeatsOSDApp] C:\Program Files\IDT\WDM\beats64.exe (Hewlett-Packard )
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft Device Center\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelliType Pro] c:\Program Files\Microsoft Device Center\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Bruce\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files (x86)\Logitech\Vid HD\Vid.exe (Logitech Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware)
O4 - Startup: C:\Users\Bruce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Bruce\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]* in Local intranet)
O16 - DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} https://www.icloud.com/system/iCloud.cab (iCloud Web App Plugin)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{56F0E537-07DA-43CB-821D-1C53165E226C}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AE5981C5-48C1-464D-966E-E85BAD3FA8E2}: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D2D97743-A26B-4F14-81E8-A466DA016670}: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
O18:64bit: - Protocol\Handler\intu-help-qb2 - No CLSID value found
O18:64bit: - Protocol\Handler\intu-help-qb3 - No CLSID value found
O18:64bit: - Protocol\Handler\intu-help-qb5 - No CLSID value found
O18:64bit: - Protocol\Handler\intu-help-qb6 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\qbwc - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\intu-help-qb5 {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\intu-help-qb6 {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - C:\Program Files (x86)\Intuit\QuickBooks 2013\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\Amazon\AMAZON~1\AMAZON~2.DLL) - C:\Program Files (x86)\Amazon\Amazon1ButtonApp\AmazonExtIE64.dll ()
O20 - AppInit_DLLs: (C:\PROGRA~2\Amazon\AMAZON~1\\AMAZON~3.DLL) - C:\PROGRA~2\Amazon\AMAZON~1\\AMAZON~3.DLL ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist Express Customer: DllName - (C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\637\g2ax_winlogonx64.dll) - C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\637\g2ax_winlogonx64.dll (Citrix Online, a division of Citrix Systems, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{828806c5-21b4-11e1-b00b-386077042777}\Shell - "" = AutoRun
O33 - MountPoints2\{828806c5-21b4-11e1-b00b-386077042777}\Shell\AutoRun\command - "" = K:\setup.exe /autorun
O34 - HKLM BootExecute: (RegistryDefragBootTime.exe)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/04/18 11:15:21 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Bruce\Desktop\OTL.exe
[2014/04/17 19:50:13 | 000,000,000 | ---D | C] -- C:\Users\Bruce\Desktop\Matt Stuff
[2014/04/17 09:05:38 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2014/04/17 09:05:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2014/04/17 09:05:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan
[2014/04/17 03:01:25 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2014/04/15 15:42:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Carbonite
[2014/04/15 15:42:16 | 000,000,000 | ---D | C] -- C:\Program Files\Carbonite
[2014/04/15 15:42:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Carbonite
[2014/04/15 15:42:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Carbonite
[2014/04/15 15:36:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2014/04/15 15:06:07 | 000,000,000 | ---D | C] -- C:\Users\Bruce\Desktop\RK_Quarantine
[2014/04/12 16:15:10 | 000,000,000 | -HSD | C] -- C:\Users\Bruce\AppData\Local\EmieUserList
[2014/04/12 16:15:10 | 000,000,000 | -HSD | C] -- C:\Users\Bruce\AppData\Local\EmieSiteList
[2014/04/12 13:39:45 | 005,784,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/04/12 13:39:45 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/04/12 13:39:45 | 001,967,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/04/12 13:39:45 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/04/12 13:39:45 | 000,846,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/04/12 13:39:45 | 000,752,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/04/12 13:39:45 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/04/12 13:39:45 | 000,628,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/04/12 13:39:45 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/04/12 13:39:45 | 000,586,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/04/12 13:39:45 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/04/12 13:39:45 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/04/12 13:39:45 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/04/12 13:39:45 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/04/12 13:39:45 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/04/12 13:39:45 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/04/12 13:39:45 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/04/12 13:39:45 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/04/12 13:39:45 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/04/12 13:39:45 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/04/12 13:39:45 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/04/12 13:39:45 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/04/12 13:39:45 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/04/12 13:39:45 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/04/12 13:39:45 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/04/12 13:39:45 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/04/12 13:39:45 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/04/12 13:39:45 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/04/12 13:39:45 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/04/11 12:33:48 | 000,190,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2014/04/11 12:33:47 | 000,027,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2014/04/11 12:33:47 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iologmsg.dll
[2014/04/11 12:33:47 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iologmsg.dll
[2014/04/11 12:33:44 | 001,163,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2014/04/11 12:33:44 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2014/04/11 12:33:43 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2014/04/11 12:33:43 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2014/04/11 12:33:43 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2014/04/11 12:33:43 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2014/04/11 12:33:43 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2014/04/11 12:33:42 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2014/04/11 12:33:42 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2014/04/11 12:33:42 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2014/04/08 20:14:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
[2014/04/08 20:14:48 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1991-06.com.microsoft
[2014/04/08 19:44:58 | 000,000,000 | ---D | C] -- C:\Users\Bruce\AppData\Local\Akamai
[2014/04/02 12:21:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2014/04/02 12:21:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/04/02 12:20:57 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014/04/02 12:20:51 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014/04/02 12:20:51 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014/04/02 12:20:51 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014/04/01 07:36:28 | 000,000,000 | ---D | C] -- C:\Users\Bruce\AppData\Local\LogMeIn
[2014/04/01 07:36:28 | 000,000,000 | ---D | C] -- C:\ProgramData\LogMeIn
[2014/04/01 07:17:04 | 000,000,000 | ---D | C] -- C:\Users\Bruce\AppData\Local\LogMeIn Client
[2014/03/31 13:36:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/03/31 08:07:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyPC Backup
[2014/03/31 08:06:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Systweak
[2014/03/31 08:05:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amazon
[2014/03/31 08:05:23 | 000,020,312 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\SysNative\roboot64.exe
[2014/03/31 08:05:21 | 000,000,000 | ---D | C] -- C:\Users\Bruce\AppData\Roaming\systweak
[2014/03/24 15:46:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Lacerte
[2014/03/20 17:08:25 | 000,000,000 | ---D | C] -- C:\Users\Bruce\Documents\New folder (2)
[2012/02/27 17:28:27 | 001,393,736 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Users\Bruce\gotomypc_635.exe
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/04/18 11:15:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Bruce\Desktop\OTL.exe
[2014/04/18 11:09:11 | 000,855,379 | ---- | M] () -- C:\Users\Bruce\Desktop\SecurityCheck.exe
[2014/04/18 10:31:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/04/18 09:51:05 | 000,000,529 | ---- | M] () -- C:\Users\Bruce\Desktop\QB Login (2).website
[2014/04/18 07:04:48 | 000,002,167 | ---- | M] () -- C:\Users\Public\Desktop\Advanced SystemCare 7.lnk
[2014/04/18 03:28:42 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/04/18 03:28:42 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/04/18 03:19:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/04/18 03:19:41 | 524,767,231 | -HS- | M] () -- C:\hiberfil.sys
[2014/04/18 03:01:11 | 000,819,662 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/04/18 03:01:11 | 000,692,650 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/04/18 03:01:11 | 000,135,330 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/04/18 03:01:04 | 000,819,662 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/04/17 23:00:00 | 000,000,386 | ---- | M] () -- C:\Windows\tasks\Regwork.job
[2014/04/17 09:05:37 | 000,002,128 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2014/04/17 09:05:37 | 000,002,128 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2014/04/17 09:05:32 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/04/17 09:05:32 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/04/16 17:58:47 | 000,238,592 | ---- | M] () -- C:\Users\Bruce\Documents\Four Seasons Los Angeles.mpp
[2014/04/15 20:23:44 | 000,281,088 | ---- | M] () -- C:\Users\Bruce\Documents\MLB Santa Barbara.mpp
[2014/04/15 15:42:22 | 000,002,094 | ---- | M] () -- C:\Users\Public\Desktop\Carbonite InfoCenter.lnk
[2014/04/14 12:59:21 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBruce.job
[2014/04/12 15:28:36 | 000,001,573 | ---- | M] () -- C:\Users\Public\Desktop\2013 Lacerte Tax.LNK
[2014/04/12 13:39:45 | 005,784,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/04/12 13:39:45 | 002,043,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/04/12 13:39:45 | 001,967,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/04/12 13:39:45 | 000,940,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/04/12 13:39:45 | 000,846,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/04/12 13:39:45 | 000,752,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/04/12 13:39:45 | 000,704,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/04/12 13:39:45 | 000,628,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/04/12 13:39:45 | 000,592,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/04/12 13:39:45 | 000,586,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/04/12 13:39:45 | 000,574,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/04/12 13:39:45 | 000,548,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/04/12 13:39:45 | 000,453,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/04/12 13:39:45 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/04/12 13:39:45 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/04/12 13:39:45 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/04/12 13:39:45 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/04/12 13:39:45 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/04/12 13:39:45 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/04/12 13:39:45 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/04/12 13:39:45 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/04/12 13:39:45 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/04/12 13:39:45 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/04/12 13:39:45 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/04/12 13:39:45 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/04/12 13:39:45 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/04/12 13:39:45 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/04/12 13:39:45 | 000,032,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/04/12 13:39:45 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/04/08 20:40:21 | 000,002,855 | ---- | M] () -- C:\Users\Bruce\Desktop\Project 2013.lnk
[2014/04/08 20:25:24 | 000,393,488 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/04/08 19:59:27 | 000,087,940 | ---- | M] () -- C:\Users\Bruce\Desktop\MS Project Data Key32bit.pdf
[2014/04/08 19:43:56 | 000,088,744 | ---- | M] () -- C:\Users\Bruce\Desktop\MS Project Data Key.pdf
[2014/04/04 12:00:59 | 000,163,609 | ---- | M] () -- C:\Users\Bruce\Paid Parking Ticket.pdf
[2014/04/04 07:54:03 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBRUCE-HP$.job
[2014/04/02 11:59:36 | 000,290,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\subinacl.exe
[2014/03/31 08:07:32 | 000,001,931 | ---- | M] () -- C:\Users\Bruce\Desktop\Sync Folder.lnk
[2014/03/28 08:35:46 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/03/28 08:35:46 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/03/24 17:31:36 | 000,002,241 | ---- | M] () -- C:\Users\Bruce\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/03/24 17:31:36 | 000,002,217 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/03/19 12:12:26 | 000,020,312 | ---- | M] (Systweak Inc., (www.systweak.com)) -- C:\Windows\SysNative\roboot64.exe
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/04/18 11:16:43 | 000,855,379 | ---- | C] () -- C:\Users\Bruce\Desktop\SecurityCheck.exe
[2014/04/17 09:05:37 | 000,002,128 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2014/04/17 09:05:37 | 000,002,128 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2014/04/15 20:39:21 | 000,238,592 | ---- | C] () -- C:\Users\Bruce\Documents\Four Seasons Los Angeles.mpp
[2014/04/15 18:32:52 | 000,281,088 | ---- | C] () -- C:\Users\Bruce\Documents\MLB Santa Barbara.mpp
[2014/04/15 15:42:22 | 000,002,094 | ---- | C] () -- C:\Users\Public\Desktop\Carbonite InfoCenter.lnk
[2014/04/15 15:36:19 | 000,001,136 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 6.lnk
[2014/04/08 20:40:21 | 000,002,855 | ---- | C] () -- C:\Users\Bruce\Desktop\Project 2013.lnk
[2014/04/08 19:59:27 | 000,087,940 | ---- | C] () -- C:\Users\Bruce\Desktop\MS Project Data Key32bit.pdf
[2014/04/08 19:43:55 | 000,088,744 | ---- | C] () -- C:\Users\Bruce\Desktop\MS Project Data Key.pdf
[2014/04/04 12:00:58 | 000,163,609 | ---- | C] () -- C:\Users\Bruce\Paid Parking Ticket.pdf
[2014/03/31 08:07:32 | 000,001,931 | ---- | C] () -- C:\Users\Bruce\Desktop\Sync Folder.lnk
[2014/03/31 08:06:26 | 000,016,896 | ---- | C] () -- C:\Windows\SysNative\sasnative64.exe
[2014/03/31 08:05:59 | 000,002,167 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon.lnk
[2013/11/04 17:43:57 | 000,228,419 | ---- | C] () -- C:\Program Files\google-chrome.exe
[2013/04/23 20:10:55 | 000,007,648 | ---- | C] () -- C:\Users\Bruce\AppData\Local\Resmon.ResmonCfg
[2013/04/21 07:42:57 | 000,001,573 | ---- | C] () -- C:\Users\Bruce\2011 Lacerte Tax.LNK
[2012/06/15 09:28:27 | 000,060,304 | ---- | C] () -- C:\Users\Bruce\g2mdlhlpx.exe
[2011/12/09 15:08:25 | 000,113,224 | ---- | C] () -- C:\Users\Bruce\g2ax_customer_downloadhelper_win32_x86.exe
 
========== ZeroAccess Check ==========
 
[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 19:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 18:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012/03/05 09:37:43 | 000,000,000 | ---D | M] -- C:\Users\Bruce\AppData\Roaming\Blio
[2014/04/18 08:47:13 | 000,000,000 | ---D | M] -- C:\Users\Bruce\AppData\Roaming\Dropbox
[2013/11/27 07:57:10 | 000,000,000 | ---D | M] -- C:\Users\Bruce\AppData\Roaming\EurekaLog
[2012/06/12 10:17:17 | 000,000,000 | ---D | M] -- C:\Users\Bruce\AppData\Roaming\ICAClient
[2014/02/13 09:10:16 | 000,000,000 | ---D | M] -- C:\Users\Bruce\AppData\Roaming\IObit
[2014/03/24 13:17:36 | 000,000,000 | ---D | M] -- C:\Users\Bruce\AppData\Roaming\Lacerte
[2011/12/02 17:33:11 | 000,000,000 | ---D | M] -- C:\Users\Bruce\AppData\Roaming\Leadertech
[2013/02/05 20:34:02 | 000,000,000 | ---D | M] -- C:\Users\Bruce\AppData\Roaming\MusicOasis
[2013/12/02 12:48:01 | 000,000,000 | ---D | M] -- C:\Users\Bruce\AppData\Roaming\NewspaperDirect
[2013/04/23 07:54:39 | 000,000,000 | ---D | M] -- C:\Users\Bruce\AppData\Roaming\SparkPDF
[2014/04/02 11:01:46 | 000,000,000 | ---D | M] -- C:\Users\Bruce\AppData\Roaming\systweak
[2014/03/02 12:00:35 | 000,000,000 | ---D | M] -- C:\Users\Bruce\AppData\Roaming\TeamViewer
[2012/04/05 10:58:16 | 000,000,000 | ---D | M] -- C:\Users\Bruce\AppData\Roaming\TuneUp Software
[2011/12/04 08:17:49 | 000,000,000 | ---D | M] -- C:\Users\Bruce\AppData\Roaming\WinBatch
 
========== Purity Check ==========
 
 
 
< End of report >


#4 mattbiel

mattbiel
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:05:31 AM

Posted 18 April 2014 - 01:42 PM

Third log:

 

OTL Extras logfile created on: 4/18/2014 11:20:26 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Bruce\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
5.98 Gb Total Physical Memory | 3.87 Gb Available Physical Memory | 64.73% Memory free
11.97 Gb Paging File | 8.43 Gb Available in Paging File | 70.44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 919.87 Gb Total Space | 829.58 Gb Free Space | 90.18% Space Free | Partition Type: NTFS
Drive D: | 11.54 Gb Total Space | 1.41 Gb Free Space | 12.23% Space Free | Partition Type: NTFS
 
Computer Name: BRUCE-HP | User Name: Bruce | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- 
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- Reg Error: Key error.
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- 
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- Reg Error: Key error.
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0AA1DFCC-2D40-4143-9638-3D128526F7D6}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{122E74BB-539D-45B1-80EC-61AC24AEC761}" = lport=443 | protocol=6 | dir=in | app=system | 
"{208CEDFE-748E-4065-BA22-D34A2346894A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{20F6C9A8-7755-46BD-86FE-F5E8B459B293}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{2F61DB7D-1C1A-4CE5-B9D9-CA69210398BE}" = lport=162 | protocol=17 | dir=in | svc=snmptrap | app=%systemroot%\system32\snmptrap.exe | 
"{37561824-A68C-4E71-BCBE-6030BECF9B74}" = lport=445 | protocol=6 | dir=in | app=system | 
"{3EB1E6F6-A968-4569-9E8F-2F9B705CC1A5}" = lport=rpc | protocol=6 | dir=in | svc=policyagent | app=%systemroot%\system32\svchost.exe | 
"{4C0E221B-B0B3-4F03-8B66-1F3E0D90F2FA}" = lport=445 | protocol=6 | dir=in | app=system | 
"{50ACBE88-2FC5-4A9F-A5D7-3955011D71FA}" = lport=139 | protocol=6 | dir=in | app=system | 
"{556907B5-88E6-4711-8D87-1D5047432FAC}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{5AC58BCB-0AAA-4979-9937-381074C227D4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{5B873FAF-A381-4260-B993-944E97749A8B}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{6135EFE8-87F6-42A1-A325-E2A27F669BAC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{6E79258F-5C04-4FCB-BAC2-95EAC31D25B1}" = lport=1723 | protocol=6 | dir=in | app=system | 
"{6E94A9A6-F375-4BD1-AA6E-D9C82A1E5784}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{72D4E2E1-748B-4359-A395-6B924C5B5EAB}" = lport=10245 | protocol=6 | dir=in | app=system | 
"{767550BE-5D1B-476E-A36D-F8D902AFA464}" = lport=rpc | protocol=6 | dir=in | svc=schedule | app=%systemroot%\system32\svchost.exe | 
"{7CD35422-B183-455D-BBEA-E367018B46BF}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{885D34CD-6A41-4290-A532-5E9382CF5B81}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=%systemroot%\system32\svchost.exe | 
"{8E0D9DFD-D2BB-43C8-821E-9E37F049170A}" = rport=139 | protocol=6 | dir=out | app=system | 
"{9FA29A9C-7425-4A59-AD50-58C61C243B8C}" = rport=138 | protocol=17 | dir=out | app=system | 
"{ACB16C4A-C214-4C7F-9324-F29FBDE4F6A8}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{B3285455-7F0F-4710-89A2-0485D7C14B80}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{BBF1C1D5-5E32-45C5-AC40-CB9A1E371BF0}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{BD9C761F-AD3E-4C0D-97F1-5626E86946AF}" = lport=138 | protocol=17 | dir=in | app=system | 
"{C0BBF3BF-1875-4FBC-B342-1604910D9ED8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{C7153B95-2E94-4577-876D-5C392A2701B8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D2C63680-1DCA-4B62-90E2-8B11F08574B8}" = rport=1701 | protocol=17 | dir=out | app=system | 
"{DBB81F49-2EC3-4E4D-B876-BAA28F7767FF}" = rport=445 | protocol=6 | dir=out | app=system | 
"{E2699C4E-AC3F-48C6-B552-9AF4CE469D6C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{E4560F25-70C4-4ED5-A4DF-7A1839473F6C}" = lport=1701 | protocol=17 | dir=in | app=system | 
"{E6DEB762-2431-4E3F-9035-E7F6A7B115F7}" = rport=137 | protocol=17 | dir=out | app=system | 
"{E96EFD73-7F45-45F2-A181-98489CF2BDD2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{ECDFD1EB-AAC3-402B-81A0-08522A918A38}" = lport=137 | protocol=17 | dir=in | app=system | 
"{FC9E8086-F457-4A55-8263-1E06C42FEF38}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{FD473626-DA77-4FAE-A2C1-9603EC75426C}" = rport=1723 | protocol=6 | dir=out | app=system | 
"{FEEFEF74-4CCF-4B2A-88F9-3F77B2B964AF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{FF00407D-B30D-4B24-B42F-FCC22C7D22A5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0771A991-1020-419D-A8E0-81D2460452CA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{08361616-71BA-4963-BD95-6A2054FCAC7D}" = dir=in | app=c:\program files (x86)\google\chrome remote desktop\33.0.1750.125\remoting_host.exe | 
"{0CF62F9F-54E8-43F7-900F-B890C2033F79}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe | 
"{13679320-1B50-4829-86F1-6D768BFAFBDA}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{1D8DAC7B-DBDD-446B-BC2A-612B9F91D4F8}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{1EED653F-459A-4F3A-B478-0126B4013C16}" = protocol=17 | dir=in | app=c:\users\bruce\appdata\local\temp\7zs1447\hppiw.exe | 
"{1F9D18FB-827A-485F-9600-5CF755787701}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{20458623-FE79-4DFB-8C1C-E3D254FC85AE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{259614FC-99E2-47F3-B290-5961C1FA67B9}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{2ACA69F4-C93C-4D2B-A234-1DAAEE8B9D7B}" = protocol=17 | dir=in | app=c:\users\bruce\appdata\local\temp\7zs13a4\hppiw.exe | 
"{2B76030F-E590-4A33-88F0-E29FEA530CC3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2CB24A39-A892-449C-BBC6-9187DA7DCEA9}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpdevicedetection3.exe | 
"{3035AE64-064E-48C0-AB28-E4F3E6259B3E}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe | 
"{33EEE317-917B-4841-B77E-BE4CC6B8BB8A}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe | 
"{340367A7-087C-4348-AD4A-99F74EA78FE8}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe | 
"{3B5AA6D3-E6F3-45E8-8A16-0502107C744C}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\remote graphics receiver\rgreceiver.exe | 
"{472E17F0-D27F-4420-A80B-21E11752458A}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe | 
"{53430089-6B24-4C65-B0A5-D7AF480E4EFB}" = protocol=6 | dir=in | app=c:\programdata\esafe\egdpsvc.exe | 
"{57970A1F-B236-4F4D-8DD7-8CC47CEFE595}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe | 
"{60B28CC6-308D-4859-9774-29EFAA8579A3}" = protocol=6 | dir=in | app=c:\users\bruce\appdata\roaming\dropbox\bin\dropbox.exe | 
"{64C657C5-19EE-4F61-BD46-82BA6D05831B}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\hp linkup\hp linkup viewer.exe | 
"{68123777-B1F5-4E21-B77E-E1900477DCAF}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe | 
"{6AB4946B-78A2-4652-B3DA-560E67927DF0}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | 
"{6CE6812F-2228-4FE9-8AD3-505B3CBECDBC}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{6D6A2A52-CC77-4483-9CF2-E5B40A607708}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe | 
"{7518045E-87E5-4666-A422-AC52F4079841}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{7BD6E0A9-679F-4F43-98CA-686BA156CAE7}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{8921605E-07A2-4B26-96F6-BE30927496B7}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{8DB3AD33-A3CB-4FF2-8674-590729104E7E}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | 
"{8DFA296C-FB0D-4C9C-AA31-B96F503422A5}" = protocol=6 | dir=in | app=c:\lacerte\05tax\w05cal.exe | 
"{90B8F4DC-FD53-4B3A-9B05-E749FAA1AAA5}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{91BFFADF-A15B-424C-BEA3-62E65A407C60}" = protocol=6 | dir=out | app=c:\program files (x86)\hewlett-packard\remote graphics receiver\rgreceiver.exe | 
"{9771740A-30A1-4DCE-8E7C-E609EF14D9CB}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe | 
"{982A2251-444F-4F29-A14C-678954A86A15}" = protocol=47 | dir=in | app=system | 
"{9A6D68E2-7764-4A52-95D1-943268475CF2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{9C743DD9-9DDF-4B78-9972-38119519F62D}" = protocol=17 | dir=in | app=c:\users\bruce\appdata\roaming\dropbox\bin\dropbox.exe | 
"{9E2B6858-3FA1-482C-BCFB-23A10CA09E79}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe | 
"{9E8C6D4B-EBD3-42E4-AE43-7D372C2717AA}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{A1195AD3-C5D5-4689-AB79-86E2FBC6DDA8}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe | 
"{A4021D3F-AB23-4D86-88FB-CF6820F0307C}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe | 
"{A8760403-9C97-4BB2-AFDD-BE9E21CF8F27}" = protocol=6 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe | 
"{AA228F1E-5C50-4879-A6A8-E0653487706E}" = protocol=17 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe | 
"{B1E458DF-7F6F-42C1-955F-5D852CE4D5AC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{B3BCCD3A-0DA0-4F80-87E9-68F352577478}" = protocol=6 | dir=in | app=c:\users\bruce\appdata\local\temp\7zs13a4\hppiw.exe | 
"{BBFBD6EB-56FC-460D-81FB-0C6BDAC5043E}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe | 
"{C0C40AAE-6FB5-4987-AD86-DF47673A9C16}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpwarrantychecker.exe | 
"{C0DBA9E7-6E2C-4B63-BB22-E2D26944BB50}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe | 
"{CF25235F-CBB7-4589-9F30-B63403F73459}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe | 
"{D1E76022-ECB1-41F4-BAAC-ACA46CD04B2E}" = protocol=17 | dir=out | app=c:\program files (x86)\hewlett-packard\hp linkup\hp linkup viewer.exe | 
"{D3AC2736-7BBA-428E-A77E-94490AB23B23}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{D896FEB8-334E-45DA-A6B6-6A92C879CB9A}" = protocol=47 | dir=out | app=system | 
"{DEE71ECE-C72C-485E-85A9-160D5621C70A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{E05165C9-28C5-465A-B821-3CA59F3B4B10}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{E4364ED3-BF5C-4A0F-B378-507B09F255BE}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{E4AA3B0A-FDA8-44CB-8AD4-9F0A92229F85}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{E6F605D2-5A7D-4693-B93F-B09A41761E03}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{EAB8D559-187F-42D7-BC95-1A71999AB9C9}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{EE2395BA-308B-48AE-82AA-0EFAEADDF96C}" = protocol=6 | dir=in | app=c:\users\bruce\appdata\local\temp\7zs1447\hppiw.exe | 
"{F0AE81D2-1104-44F0-A456-70FA19868561}" = protocol=17 | dir=in | app=c:\lacerte\05tax\w05cal.exe | 
"{F34D706B-7501-44F8-9B16-A6B8587AB77C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{F4B03DBA-7389-4839-8394-FB4D9C113A36}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{FA908DEE-4D96-498B-960E-E72FB3D3999A}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe | 
"TCP Query User{04597CE7-8866-4D39-BEB7-3B987C085F13}C:\users\bruce\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\bruce\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{5C3CE171-1029-4874-902F-E7DFFA3AB4FA}C:\users\bruce\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe" = protocol=6 | dir=in | app=c:\users\bruce\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe | 
"TCP Query User{9D6F8481-455B-4D6B-AEEC-71A2E462B11A}C:\users\bruce\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\bruce\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{E0F84A67-57E4-4156-AA8F-224A2A314255}C:\users\bruce\appdata\local\temp\lmi34a6.tmp\logmein client.exe" = protocol=6 | dir=in | app=c:\users\bruce\appdata\local\temp\lmi34a6.tmp\logmein client.exe | 
"TCP Query User{EC2EFE94-95C1-4C75-AA49-736C534F6F60}C:\users\bruce\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\bruce\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{23BEE2EF-E522-4853-BCBD-F1E4F33BEB92}C:\users\bruce\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe" = protocol=17 | dir=in | app=c:\users\bruce\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe | 
"UDP Query User{786C60AE-4F83-4449-8CF8-F66B1AB94DCF}C:\users\bruce\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\bruce\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{8DDE1BDF-87F3-41A1-ADC1-B762FE5DBBA1}C:\users\bruce\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\bruce\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{B785F05F-046C-4998-B77D-84BDEFE2E126}C:\users\bruce\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\bruce\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{D7045926-303B-40B9-9ACA-F9AA251744D1}C:\users\bruce\appdata\local\temp\lmi34a6.tmp\logmein client.exe" = protocol=17 | dir=in | app=c:\users\bruce\appdata\local\temp\lmi34a6.tmp\logmein client.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}" = Apple Mobile Device Support
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{81E20D41-C277-4526-934D-F2380AF91B78}" = iCloud
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{90150000-002A-0000-1000-0000000FF1CE}" = Microsoft Office 64-bit Components 2013
"{90150000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2013
"{90150000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2013
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{AEF6C676-D7A2-4487-BD4B-1BED17B229B5}" = Microsoft Mouse and Keyboard Center
"{B143BE44-8723-315E-9413-011C55873C0E}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}" = iTunes
"{D79A02E9-6713-4335-9668-AAC7474C0C0E}" = HP Vision Hardware Diagnostics
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{FA8D4B26-17BE-B76F-B2F6-0FD7391EDF95}" = AMD Media Foundation Decoders
"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06A9E630-DBA6-4D92-9DE7-A235AA6496C7}" = QuickBooks
"{0700E22B-A423-40A5-BD20-04BF618CA0F9}" = QuickBooks Premier: Accountant Edition 2010
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EDEB615-1A60-425E-8306-0E10519C7B55}" = RoxioNow Player
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{16FC3056-90C0-4757-8A68-64D8DA846ADA}" = Remote Graphics Receiver
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{1845470B-EB14-4ABC-835B-E36C693DC07D}" = Skype™ 5.9
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2181214D-1954-4C60-91FD-EEA7EBB32022}" = QuickBooks Premier: Accountant Edition 2012
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{25E202D1-D8E7-46AF-B4B0-157D9993A93E}" = QuickBooks
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 51
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{3167CC62-C775-4E47-92C1-73EBB845751A}" = QuickBooks
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{36B3E6E3-D4DE-4B89-A9E6-727715C2A318}" = QuickBooks Premier: Accountant Edition 2013
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D090F70-6F08-4B60-9357-A1DFD4458F09}" = Microsoft Mathematics
"{54AA7C11-54B7-4BD8-84B2-85873B5C7A04}" = Amazon 1Button App
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{59111E3F-59C0-A8A5-9B49-253D6625F194}" = Catalyst Control Center InstallProxy
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A3CAA8E-6DDB-4AA7-A411-9982FF9180FE}" = Intuit Runtime Components 6.0.16
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7170F93F-6B61-4DC1-A664-0E222744CEC7}" = Citrix online plug-in (DV)
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}" = HP Support Information
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink 802.11n Wireless LAN Card
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2010
"{90140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOK_{F985BE0E-7FA3-4AEA-AD03-E4C84B6EB17F}" = 
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90150000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - English
"{90150000-001F-040C-0000-0000000FF1CE}" = Outils de vérification linguistique 2013 de Microsoft Office - Français
"{90150000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - Español
"{90150000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2013
"{90150000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2013
"{90150000-00B4-0409-0000-0000000FF1CE}" = Microsoft Project MUI (English) 2013
"{90150000-00E1-0409-0000-0000000FF1CE}" = Microsoft Office OSM MUI (English) 2013
"{90150000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2013
"{91150000-003B-0000-0000-0000000FF1CE}" = Microsoft Project Professional 2013
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A2F0810-3622-4E86-9072-973FBE1679C5}" = QuickBooks Pro 2009
"{9A2F0810-369F-4E86-9072-973FBE1679C5}" = QuickBooks
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.9)
"{AE66F944-596A-4D09-9A1C-DAF3DE836991}" = Citrix online plug-in (HDX)
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D35B72B6-F0E4-462B-BDEB-E08032B3B681}" = HP Setup
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5913187-E268-4F49-BE51-BE7E2517866B}" = Chrome Remote Desktop Host
"{D641760F-FE66-4655-99B9-59A451F2FFAB}" = Citrix online plug-in (USB)
"{DB3147AB-4024-4773-8EC0-A1FE5B44933D}" = HP LinkUp
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE77FE3F-A33D-499A-87AD-5FC406617B40}" = HP Update
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (LACERTEDB)
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F9F0C5D5-AAE5-45FA-95C2-CA1EE0FA067A}" = Citrix online plug-in (Web)
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"2005 Lacerte Tax" = 2005 Lacerte Tax
"2005 Lacerte Tax Planner" = 2005 Lacerte Tax Planner
"2010 Lacerte Tax" = 2010 Lacerte Tax
"2011 Lacerte Tax" = 2011 Lacerte Tax
"2012 Lacerte Tax" = 2012 Lacerte Tax
"2013 Lacerte Tax" = 2013 Lacerte Tax
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"Advanced SystemCare 7_is1" = Advanced SystemCare 7
"avast" = avast! Free Antivirus
"Carbonite Backup" = Carbonite
"CitrixOnlinePluginPackWeb" = Citrix online plug-in - web
"Google Chrome" = Google Chrome
"GoToAssist Express Customer" = GoToAssist Customer 2.0.0.637
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"IObit Surfing Protection_is1" = Surfing Protection
"IObitUninstall" = IObit Uninstaller
"Logitech Vid" = Logitech Vid HD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 28.0 (x86 en-US)" = Mozilla Firefox 28.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.OUTLOOK" = Microsoft Outlook 2010
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Office15.PRJPROR" = Microsoft Project Professional 2013
"outlookset" = Outlook Setup Tool
"PDF Complete" = PDF Complete Corporate Edition
"PDF Reader" = PDF Reader
"Smart Defrag 3_is1" = Smart Defrag 3
"TeamViewer 6" = TeamViewer 6
"VirtualCloneDrive" = VirtualCloneDrive
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"WinLiveSuite" = Windows Live Essentials
"xTuple ERP 4.2.0 4.2.0" = xTuple ERP 4.2.0
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Dropbox" = Dropbox
"GoToMeeting" = GoToMeeting 5.1.0.880
"JoinMe" = join.me
"workspacedesktop" = Workspace Desktop
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 4/17/2014 5:07:15 PM | Computer Name = Bruce-HP | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Accountant 2013": V23.0D
 R5 (M=1066, L=339, C=249, V=0 (0)
 
Error - 4/17/2014 5:07:15 PM | Computer Name = Bruce-HP | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Accountant 2013": V23.0D
 R5 (M=1066, L=339, C=249, V=0 (0)
 
Error - 4/17/2014 5:07:16 PM | Computer Name = Bruce-HP | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Accountant 2013": V23.0D
 R5 (M=1066, L=339, C=249, V=0 (0)
 
Error - 4/17/2014 5:07:16 PM | Computer Name = Bruce-HP | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Accountant 2013": V23.0D
 R5 (M=1066, L=339, C=249, V=0 (0)
 
Error - 4/17/2014 5:07:16 PM | Computer Name = Bruce-HP | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Accountant 2013": V23.0D
 R5 (M=1066, L=339, C=249, V=0 (0)
 
Error - 4/17/2014 5:07:16 PM | Computer Name = Bruce-HP | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Accountant 2013": V23.0D
 R5 (M=1066, L=339, C=249, V=0 (0)
 
Error - 4/17/2014 5:07:16 PM | Computer Name = Bruce-HP | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Accountant 2013": V23.0D
 R5 (M=1066, L=339, C=249, V=0 (0)
 
Error - 4/17/2014 5:07:16 PM | Computer Name = Bruce-HP | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Accountant 2013": V23.0D
 R5 (M=1066, L=339, C=249, V=0 (0)
 
Error - 4/17/2014 5:07:16 PM | Computer Name = Bruce-HP | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Accountant 2013": V23.0D
 R5 (M=1066, L=339, C=249, V=0 (0)
 
Error - 4/17/2014 5:07:16 PM | Computer Name = Bruce-HP | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Accountant 2013": V23.0D
 R5 (M=1066, L=339, C=249, V=0 (0)
 
[ Hewlett-Packard Events ]
Error - 12/12/2011 11:32:19 AM | Computer Name = Bruce-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2146233088   at HPSFConfigReader.ConfigHelper.loadXML()
 
   at HPSFConfigReader.ConfigHelper..ctor()     at HP.SupportAssistant.Engine.Resources.ResourceTasks.LoadApplicationResources(Boolean
 isOnAppLoad)  Message: Exception of type 'System.Exception' was thrown.  StackTrace:
   at HPSFConfigReader.ConfigHelper.loadXML()     at HPSFConfigReader.ConfigHelper..ctor()
 
   at HP.SupportAssistant.Engine.Resources.ResourceTasks.LoadApplicationResources(Boolean
 isOnAppLoad)  Source: HPSFConfigReader    Name: HPSF.exe  Version: 06.00.01.01  Path: C:\Program
 Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: en-US  RAM: 6128
Ram
 Utilization: 20  TargetSite: Void loadXML()  
 
Error - 4/23/2012 7:11:14 AM | Computer Name = Bruce-HP | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 4/30/2012 12:40:09 PM | Computer Name = Bruce-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
 category)     at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()
 
   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: Failed to perform update.  StackTrace:   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
 category)     at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()
 
   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager  InnerException.Message:
 Object '/beeced8a_3267_458c_b8a4_b772a24e9133/0kahzloudaph7uhxms6bffuz_5.rem' has
 been disconnected or does not exist at the server.    Name: hpsa_service.exe  Version:
 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 en-US  RAM: 6128  Ram Utilization: 30  TargetSite: Void UpdateDetail(System.String)  
 
Error - 5/12/2012 2:24:23 PM | Computer Name = Bruce-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262   at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
 dr, Boolean bOnlyDetected, HPSASession SFSession)  Message: Unable to cast object
 of type 'System.DBNull' to type 'System.String'.  StackTrace:   at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
 dr, Boolean bOnlyDetected, HPSASession SFSession)  Source: HP.SupportAssistant.Common
 
Name:
 HPSF.exe  Version: 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
 Framework\HPSF.exe  Format: en-US  RAM: 6128  Ram Utilization: 20  TargetSite: Void SaveSessionInfo(System.Data.DataRow,
 Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)  
 
Error - 5/20/2012 10:20:17 AM | Computer Name = Bruce-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262   at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
 dr, Boolean bOnlyDetected, HPSASession SFSession)  Message: Unable to cast object
 of type 'System.DBNull' to type 'System.String'.  StackTrace:   at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
 dr, Boolean bOnlyDetected, HPSASession SFSession)  Source: HP.SupportAssistant.Common
 
Name:
 HPSF.exe  Version: 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
 Framework\HPSF.exe  Format: en-US  RAM: 6128  Ram Utilization: 30  TargetSite: Void SaveSessionInfo(System.Data.DataRow,
 Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)  
 
Error - 5/29/2012 1:24:24 PM | Computer Name = Bruce-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261   at HPSFConfigReader.ConfigHelper.loadXML()
 
   at HPSFConfigReader.ConfigHelper..ctor()     at HP.SupportAssistant.Engine.Resources.ResourceTasks.LoadApplicationResources(Boolean
 isOnAppLoad)  Message: Object reference not set to an instance of an object.  StackTrace:
   at HPSFConfigReader.ConfigHelper.loadXML()     at HPSFConfigReader.ConfigHelper..ctor()
 
   at HP.SupportAssistant.Engine.Resources.ResourceTasks.LoadApplicationResources(Boolean
 isOnAppLoad)  Source: HPSFConfigReader    Name: HPSF.exe  Version: 06.00.01.01  Path: C:\Program
 Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: en-US  RAM: 6128
Ram
 Utilization: 40  TargetSite: Void loadXML()  
 
Error - 5/29/2012 1:25:57 PM | Computer Name = Bruce-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262HPSF.exe   at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
 dr, Boolean bOnlyDetected, HPSASession SFSession)  Message: Unable to cast object
 of type 'System.DBNull' to type 'System.String'.  StackTrace:   at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
 dr, Boolean bOnlyDetected, HPSASession SFSession)  Source: HP.SupportAssistant.Common
 
Name:
 HPSF.exe  Version: 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
 Framework\HPSF.exe  Format: en-US  RAM: 6128  Ram Utilization: 50  TargetSite: Void SaveSessionInfo(System.Data.DataRow,
 Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)  
 
Error - 6/18/2012 11:01:24 AM | Computer Name = Bruce-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
 category)     at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()
 
   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: Failed to perform update.  StackTrace:   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
 category)     at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()
 
   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager  InnerException.Message:
 Object '/67a3886d_5244_4d05_95f8_af60b68db5cd/x45eujlb7eewrdbju1atiyyl_5.rem' has
 been disconnected or does not exist at the server.    Name: hpsa_service.exe  Version:
 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 en-US  RAM: 6128  Ram Utilization: 30  TargetSite: Void UpdateDetail(System.String)  
 
Error - 8/7/2012 10:09:17 AM | Computer Name = Bruce-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
 category)     at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()
 
   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: Failed to perform update.  StackTrace:   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
 category)     at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()
 
   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager  InnerException.Message:
 Object '/54306393_bd20_4d59_8c90_16886bebd962/eeasxbafgzc2hq+yh34cg5lk_5.rem' has
 been disconnected or does not exist at the server.    Name: hpsa_service.exe  Version:
 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 en-US  RAM: 6128  Ram Utilization: 20  TargetSite: Void UpdateDetail(System.String)  
 
Error - 9/16/2012 10:50:36 AM | Computer Name = Bruce-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
 category)     at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()
 
   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: Failed to perform update.  StackTrace:   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
 category)     at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()
 
   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager  InnerException.Message:
 Object '/4d653bb8_5049_4e5d_ada7_421f6f2cfc22/irplkndmswvhvgx42j5w7ruq_5.rem' has
 been disconnected or does not exist at the server.    Name: hpsa_service.exe  Version:
 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 en-US  RAM: 6128  Ram Utilization: 40  TargetSite: Void UpdateDetail(System.String)  
 
[ System Events ]
Error - 4/18/2014 6:22:26 AM | Computer Name = Bruce-HP | Source = Service Control Manager | ID = 7000
Description = The iPod Service service failed to start due to the following error:
   %%1053
 
Error - 4/18/2014 6:22:32 AM | Computer Name = Bruce-HP | Source = Service Control Manager | ID = 7034
Description = The LiveUpdate service terminated unexpectedly.  It has done this 
1 time(s).
 
Error - 4/18/2014 6:23:35 AM | Computer Name = Bruce-HP | Source = DCOM | ID = 10016
Description = 
 
Error - 4/18/2014 6:23:35 AM | Computer Name = Bruce-HP | Source = Service Control Manager | ID = 7023
Description = The HP Network Devices Support service terminated with the following
 error:   %%2
 
Error - 4/18/2014 6:23:37 AM | Computer Name = Bruce-HP | Source = Service Control Manager | ID = 7038
Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
 with the currently configured password due to the following error:   %%1330    To ensure
 that the service is configured properly, use the Services snap-in in Microsoft 
Management Console (MMC).
 
Error - 4/18/2014 6:23:37 AM | Computer Name = Bruce-HP | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
 following error:   %%1069
 
Error - 4/18/2014 1:38:31 PM | Computer Name = Bruce-HP | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.
 
Error - 4/18/2014 1:40:38 PM | Computer Name = Bruce-HP | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.
 
Error - 4/18/2014 1:40:39 PM | Computer Name = Bruce-HP | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.
 
Error - 4/18/2014 1:40:41 PM | Computer Name = Bruce-HP | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.
 
 
< End of report >


#5 Jo*

Jo*

  • Malware Response Team
  • 3,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:31 PM

Posted 18 April 2014 - 03:09 PM

Hello mattbiel,

Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Scan your system for malware
With some infections, you may see two messages boxes.
  • 'Could not load protection driver'. Click 'OK'.
  • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


Please download AdwCleaner by Xplode and save to your Desktop.
Double-click AdwCleaner.exe
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
    The actual line should say "Pending. Please uncheck elements you do not want to remove" => scan is complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
    If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#6 mattbiel

mattbiel
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:05:31 AM

Posted 18 April 2014 - 04:55 PM

MBAR log:

 

Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org
 
Database version: v2014.04.18.08
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17041
Bruce :: BRUCE-HP [administrator]
 
4/18/2014 2:19:38 PM
mbar-log-2014-04-18 (14-19-38).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 297726
Time elapsed: 16 minute(s), 58 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 
 
ADWCleaner log:
 
# AdwCleaner v3.024 - Report created 18/04/2014 at 14:47:18
# Updated 18/04/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Bruce - BRUCE-HP
# Running from : C:\Users\Bruce\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\Windows\System32\roboot64.exe
File Found : C:\Windows\System32\Tasks\Advanced System Protector_startup
Folder Found : C:\Users\Bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\banjjklfojcdbofbhbgiedekefohoaff
Folder Found : C:\Users\Bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko
Folder Found : C:\Users\Bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\epiggbpnpeipncloelnecejhmipiohhh
Folder Found : C:\Users\Bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpkgnchjblgnciiopegmabnakdoapgkj
Folder Found : C:\Users\Bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam
Folder Found : C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\i3vuxzt2.default-1395207302093\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Folder Found C:\Program Files (x86)\MyPC Backup
Folder Found C:\ProgramData\Systweak
Folder Found C:\Users\Bruce\AppData\Local\CrashRpt
Folder Found C:\Users\Bruce\AppData\Roaming\Systweak
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\distromatic
Key Found : HKCU\Software\Google\Chrome\Extensions\banjjklfojcdbofbhbgiedekefohoaff
Key Found : HKCU\Software\Google\Chrome\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko
Key Found : HKCU\Software\Google\Chrome\Extensions\epiggbpnpeipncloelnecejhmipiohhh
Key Found : HKCU\Software\Google\Chrome\Extensions\jpkgnchjblgnciiopegmabnakdoapgkj
Key Found : HKCU\Software\Google\Chrome\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458E-AE16-1C1D8255C28A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD}
Key Found : HKCU\Software\systweak
Key Found : [x64] HKCU\Software\distromatic
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458E-AE16-1C1D8255C28A}
Key Found : [x64] HKCU\Software\systweak
Key Found : HKLM\SOFTWARE\Classes\CLSID\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD}
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\banjjklfojcdbofbhbgiedekefohoaff
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\epiggbpnpeipncloelnecejhmipiohhh
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jpkgnchjblgnciiopegmabnakdoapgkj
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD}
Key Found : HKLM\Software\systweak
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD}
Key Found : [x64] HKLM\SOFTWARE\LevelQualityWatcher
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17041
 
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://search.conduit.com?SearchSource=10&CUI=UN28571847012905522&UM=2&ctid=CT3310511
 
-\\ Mozilla Firefox v28.0 (en-US)
 
[ File : C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\i3vuxzt2.default-1395207302093\prefs.js ]
 
Line Found : user_pref("browser.search.defaultenginename", "SweetPacks Customized Web Search");
Line Found : user_pref("browser.search.selectedEngine", "SweetPacks Customized Web Search");
Line Found : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3310511&CUI=UN28860449842335616&UM=2&SearchSource=13");
Line Found : user_pref("keyword.url", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3310511&SearchSource=2&CUI=UN28860449842335616&UM=2&q=");
Line Found : user_pref("searchreset.backup.browser.search.defaultenginename", "SweetPacks Customized Web Search");
Line Found : user_pref("searchreset.backup.browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3310511&CUI=UN28860449842335616&UM=2&SearchSource=13");
 
[ File : C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_251650\prefs.js ]
 
 
[ File : C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\prefs.js ]
 
 
-\\ Google Chrome v33.0.1750.154
 
[ File : C:\Users\Bruce\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [82920 octets] - [18/03/2014 23:04:37]
AdwCleaner[R1].txt - [4994 octets] - [18/04/2014 14:47:18]
AdwCleaner[S0].txt - [76774 octets] - [18/03/2014 23:06:19]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [5115 octets] ##########
 


#7 Jo*

Jo*

  • Malware Response Team
  • 3,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:31 PM

Posted 19 April 2014 - 03:49 AM

Hello mattbiel,

Double click on AdwCleaner.exe to run the tool again.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • When the scan has finished, the actual line should say "Pending. Please uncheck elements you do not want to remove". Look through the scan results and uncheck any entries that you do not wish to remove.
  • This time, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

***


Please download Junkware Removal Tool from HERE and save it to your desktop.
Shutdown your antivirus to avoid any potential conflicts.
Double click JRT.exe to run the tool.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • JRT will begin to backup your registry and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, the log JRT.txt is saved on your desktop and will automatically open.
Enable your antivirus!
Post the contents of JRT.txt into your next reply.


***


Run OTL again.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • don't check the boxes beside LOP Check and Purity Check this time.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open a notepad window OTL.Txt.
  • Please copy (Edit->Select All, Edit->Copy) the content of the file and post it with your next reply.

***


How the computer is running now?


***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#8 mattbiel

mattbiel
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:05:31 AM

Posted 19 April 2014 - 10:29 PM


All three logs posted below...problem persists!  No change.  When I change the default start page back to google in my browsers and then reopen them they go back to Conduit/sweetpacks, etc.

 

# AdwCleaner v3.100 - Report created 19/04/2014 at 19:29:16
# Updated 20/04/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Bruce - BRUCE-HP
# Running from : C:\Users\Bruce\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Systweak
Folder Deleted : C:\Program Files (x86)\MyPC Backup
Folder Deleted : C:\Users\Bruce\AppData\Local\CrashRpt
Folder Deleted : C:\Users\Bruce\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\i3vuxzt2.default-1395207302093\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Folder Deleted : C:\Users\Bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam
Folder Deleted : C:\Users\Bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\banjjklfojcdbofbhbgiedekefohoaff
Folder Deleted : C:\Users\Bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko
Folder Deleted : C:\Users\Bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\epiggbpnpeipncloelnecejhmipiohhh
Folder Deleted : C:\Users\Bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpkgnchjblgnciiopegmabnakdoapgkj
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Windows\System32\Tasks\Advanced System Protector_startup
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\Google\Chrome\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam
Key Deleted : HKCU\Software\Google\Chrome\Extensions\banjjklfojcdbofbhbgiedekefohoaff
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\banjjklfojcdbofbhbgiedekefohoaff
Key Deleted : HKCU\Software\Google\Chrome\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko
Key Deleted : HKCU\Software\Google\Chrome\Extensions\epiggbpnpeipncloelnecejhmipiohhh
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\epiggbpnpeipncloelnecejhmipiohhh
Key Deleted : HKCU\Software\Google\Chrome\Extensions\jpkgnchjblgnciiopegmabnakdoapgkj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jpkgnchjblgnciiopegmabnakdoapgkj
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458E-AE16-1C1D8255C28A}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}]
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKCU\Software\distromatic
Key Deleted : HKCU\Software\systweak
Key Deleted : HKLM\Software\systweak
Key Deleted : [x64] HKLM\SOFTWARE\LevelQualityWatcher
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17041
 
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
 
-\\ Mozilla Firefox v28.0 (en-US)
 
[ File : C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\i3vuxzt2.default-1395207302093\prefs.js ]
 
Line Deleted : user_pref("browser.search.defaultenginename", "SweetPacks Customized Web Search");
Line Deleted : user_pref("browser.search.selectedEngine", "SweetPacks Customized Web Search");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3310511&CUI=UN28860449842335616&UM=2&SearchSource=13");
Line Deleted : user_pref("keyword.url", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3310511&SearchSource=2&CUI=UN28860449842335616&UM=2&q=");
Line Deleted : user_pref("searchreset.backup.browser.search.defaultenginename", "SweetPacks Customized Web Search");
Line Deleted : user_pref("searchreset.backup.browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3310511&CUI=UN28860449842335616&UM=2&SearchSource=13");
 
[ File : C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_251650\prefs.js ]
 
 
[ File : C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\prefs.js ]
 
 
-\\ Google Chrome v33.0.1750.154
 
[ File : C:\Users\Bruce\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [82920 octets] - [18/03/2014 23:04:37]
AdwCleaner[R1].txt - [5219 octets] - [18/04/2014 14:47:18]
AdwCleaner[R2].txt - [6287 octets] - [19/04/2014 19:27:53]
AdwCleaner[S0].txt - [76774 octets] - [18/03/2014 23:06:19]
AdwCleaner[S1].txt - [5884 octets] - [19/04/2014 19:29:16]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [5944 octets] ##########
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Bruce on Sat 04/19/2014 at 19:37:15.01
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-1601676618-518298961-3965919670-1000\Software\Microsoft\Internet Explorer\Main\\Start Page
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"
 
 
 
~~~ Files
 
Successfully deleted: [File] C:\Windows\Tasks\regwork.job
Successfully deleted: [File] "C:\Users\Bruce\appdata\locallow\SkwConfig.bin"
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\regwork"
 
 
 
~~~ FireFox
 
Successfully deleted the following from C:\Users\Bruce\AppData\Roaming\mozilla\firefox\profiles\i3vuxzt2.default-1395207302093\prefs.js
 
user_pref("browser.search.selectedEngine", "SweetPacks Customized Web Search");
user_pref("browser.search.defaultenginename", "SweetPacks Customized Web Search");
user_pref("keyword.url", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3310511&SearchSource=2&CUI=UN28860449842335616&UM=2&q=");
user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3310511&CUI=UN28860449842335616&UM=2&SearchSource=13");
Emptied folder: C:\Users\Bruce\AppData\Roaming\mozilla\firefox\profiles\i3vuxzt2.default-1395207302093\minidumps [2 files]
 
 
 
~~~ Chrome
 
Successfully deleted: [Folder] C:\Users\Bruce\appdata\local\Google\Chrome\User Data\Default\Extensions\banjjklfojcdbofbhbgiedekefohoaff
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 04/19/2014 at 19:48:21.35
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

OTL logfile created on: 4/19/2014 7:57:42 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Bruce\Desktop\Matt Stuff
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
5.98 Gb Total Physical Memory | 4.08 Gb Available Physical Memory | 68.11% Memory free
11.97 Gb Paging File | 9.21 Gb Available in Paging File | 76.95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 919.87 Gb Total Space | 829.36 Gb Free Space | 90.16% Space Free | Partition Type: NTFS
Drive D: | 11.54 Gb Total Space | 1.41 Gb Free Space | 12.23% Space Free | Partition Type: NTFS
 
Computer Name: BRUCE-HP | User Name: Bruce | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Bruce\Desktop\Matt Stuff\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
PRC - C:\Users\Bruce\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
PRC - C:\Program Files (x86)\Google\Chrome Remote Desktop\33.0.1750.125\remoting_host.exe (Google Inc.)
PRC - C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe (IObit)
PRC - C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe (IObit)
PRC - C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe (IObit)
PRC - C:\Users\Bruce\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Workspace\offSyncService.exe (Starfield Technologies)
PRC - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
PRC - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - c:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Desktop.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\TeamViewer\Version6\tv_w32.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe ()
PRC - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe ()
PRC - C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe (Citrix Systems, Inc.)
PRC - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
PRC - C:\Program Files (x86)\PDF Complete\pdfsvc.exe (PDF Complete Inc)
PRC - C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe (Roxio)
PRC - C:\Program Files (x86)\Logitech\Vid HD\Vid.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Bruce\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll ()
MOD - C:\Users\Bruce\AppData\Roaming\Dropbox\bin\libcef.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\IObit\Advanced SystemCare 7\madexcept_.bpl ()
MOD - C:\Program Files (x86)\IObit\Advanced SystemCare 7\maddisAsm_.bpl ()
MOD - C:\Program Files (x86)\IObit\Advanced SystemCare 7\madbasic_.bpl ()
MOD - C:\Program Files (x86)\IObit\Advanced SystemCare 7\webres.dll ()
MOD - C:\Program Files (x86)\Common Files\LogiShrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll ()
MOD - C:\Program Files (x86)\Common Files\LogiShrd\SharedBin\LvApi11.dll ()
MOD - C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\vpxmd.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\SDL.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtNetwork4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtCore4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qico4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qgif4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtWebKit4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtXml4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtSql4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtOpenGL4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtGui4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\phonon4.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (CarboniteService) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe (Carbonite, Inc. (www.carbonite.com))
SRV:64bit: - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe (McAfee, Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (STacSV) -- C:\Program Files\IDT\WDM\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (HPClientSvc) -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (HPSLPSVC) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (AESTFilters) -- C:\Program Files\IDT\WDM\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (GoToAssist Remote Support Customer) -- C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\637\g2ax_service.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (chromoting) -- C:\Program Files (x86)\Google\Chrome Remote Desktop\33.0.1750.125\remoting_host.exe (Google Inc.)
SRV - (AdvancedSystemCareService7) -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe (IObit)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (LiveUpdateSvc) -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe (IObit)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (File Backup) -- C:\Program Files (x86)\Workspace\offSyncService.exe (Starfield Technologies)
SRV - (QBCFMonitorService) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (QBVSS) -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe (Intuit Inc.)
SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (pdfcDispatcher) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe (PDF Complete Inc)
SRV - (RoxioNow Service) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe (Roxio)
SRV - (QBFCService) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (SWDUMon) -- C:\Windows\SysNative\drivers\SWDUMon.sys ()
DRV:64bit: - (SmartDefragDriver) -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys (IObit)
DRV:64bit: - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys (AVG Technologies)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys ()
DRV:64bit: - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys ()
DRV:64bit: - (amdxhc) -- C:\Windows\SysNative\drivers\amdxhc.sys (Advanced Micro Devices, INC.)
DRV:64bit: - (amdhub30) -- C:\Windows\SysNative\drivers\amdhub30.sys (Advanced Micro Devices, INC.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (ctxusbm) -- C:\Windows\SysNative\drivers\ctxusbm.sys (Citrix Systems, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (BCMH43XX) -- C:\Windows\SysNative\drivers\bcmwlhigh664.sys (Broadcom Corporation)
DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices)
DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{ED2BD941-7D87-431E-87A2-CDFB26A577DC}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,NewTabPageShow = 1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.bing.com/search?q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.bing.com/search?q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,NewTabPageShow = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&CUI=UN28571847012905522&UM=2&ctid=CT3310511
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {7F4EFF06-7032-458e-AE16-1C1D8255C28A}
IE - HKCU\..\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}: "URL" = http://www-search.net/search.aspx?site=shdefault&pid=s&shr=d&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: ascsurfingprotection%40iobit.com:1.0
FF - prefs.js..extensions.enabledAddons: %7B635abd67-4fe9-1b23-4f01-e679fa7484c1%7D:3.2.3.20140326060057
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0
FF - prefs.js..browser.search.selectedEngine: "SweetPacks Customized Web Search"
FF - prefs.js..browser.search.defaultenginename: "SweetPacks Customized Web Search"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@starfield.com/off: C:\Users\Bruce\AppData\Roaming\Mozilla\Plugins\npoff.dll ( Starfield Technologies, LLC.)
FF - HKCU\Software\MozillaPlugins\@starfield.com/off64: C:\Users\Bruce\AppData\Roaming\Mozilla\Plugins\npoff64.dll ( Starfield Technologies, LLC.)
FF - HKCU\Software\MozillaPlugins\@starfield.com/wbe: C:\Users\Bruce\AppData\Roaming\Mozilla\Plugins\npwbe.dll (Starfield Technology, LLC)
FF - HKCU\Software\MozillaPlugins\@starfield.com/wbe64: C:\Users\Bruce\AppData\Roaming\Mozilla\Plugins\npwbe64.dll (Starfield Technology, LLC)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/11/04 15:54:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2013/02/05 20:33:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bruce\AppData\Roaming\Mozilla\Extensions
[2014/04/19 19:29:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\i3vuxzt2.default-1395207302093\extensions
[2014/03/21 10:18:54 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\i3vuxzt2.default-1395207302093\extensions\ascsurfingprotection@iobit.com
[2014/03/21 10:18:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_251650\extensions
[2014/03/21 10:18:55 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_251650\extensions\ascsurfingprotection@iobit.com
[2013/11/27 07:59:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_251650\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com
[2014/03/03 10:17:50 | 000,000,000 | ---D | M] (WordExtra) -- C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_251650\extensions\korey@markus.me
[2014/03/21 10:18:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions
[2013/11/27 07:59:49 | 000,000,000 | ---D | M] ("Snap.Do ") -- C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\{c5fef80d-9a57-ed95-539f-715295ca054a}
[2014/03/21 10:18:55 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\ascsurfingprotection@iobit.com
[2013/11/27 08:00:42 | 000,000,000 | ---D | M] ("LyricsMonkey-1") -- C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com
[2014/03/03 10:17:51 | 000,000,000 | ---D | M] (WordExtra) -- C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\korey@markus.me
[2013/11/27 08:00:42 | 000,000,000 | ---D | M] (Playtopus) -- C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\links@playtopus.com
[2013/11/27 08:00:42 | 000,000,000 | ---D | M] (SearchDonkey) -- C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\support@searchdonkeyapp.com
[2013/11/27 08:00:41 | 000,000,000 | ---D | M] (Tube Dimmer) -- C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\support@tubedimmerapp.com
[2013/11/27 08:00:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\extensionData
[2014/03/19 03:46:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\extensionData\plugins
[2013/11/27 08:00:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\extensionData\userCode
[2014/04/14 17:19:30 | 000,324,918 | ---- | M] () (No name found) -- C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\i3vuxzt2.default-1395207302093\extensions\abb@amazon.com.xpi
[2013/11/18 10:35:26 | 000,007,374 | ---- | M] () (No name found) -- C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\{badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9}.xpi
[2014/04/01 07:00:08 | 000,002,340 | ---- | M] () -- C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\i3vuxzt2.default-1395207302093\searchplugins\amazon.xml
[2014/03/31 13:36:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/03/31 13:36:53 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/03/31 13:36:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions
[2014/03/31 13:36:45 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
File not found (No name found) -- C:\USERS\BRUCE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I3VUXZT2.DEFAULT-1395207302093\EXTENSIONS\{635ABD67-4FE9-1B23-4F01-E679FA7484C1}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Users\Bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_1\
CHR - Extension: Chrome Remote Desktop = C:\Users\Bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\34.0.1847.90_0\
CHR - Extension: Chrome Remote Desktop = C:\Users\Bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\34.0.1847.90_0\~
CHR - Extension: avast! WebRep = C:\Users\Bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\
CHR - Extension: Google Wallet = C:\Users\Bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
 
Hosts file not found
O2:64bit: - BHO: (ExplorerWnd Helper) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
O2:64bit: - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (no name) - {42435041-2D53-4154-00A7-7A786E7484D7} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {42435041-2D53-4154-00A7-7A786E7484D7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42435041-2D53-4154-00A7-7A786E7484D7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42435041-3300-A76A-76A7-7A786E7484D7} - No CLSID value found.
O4:64bit: - HKLM..\Run: [BeatsOSDApp] C:\Program Files\IDT\WDM\beats64.exe (Hewlett-Packard )
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft Device Center\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelliType Pro] c:\Program Files\Microsoft Device Center\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Bruce\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files (x86)\Logitech\Vid HD\Vid.exe (Logitech Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware)
O4 - Startup: C:\Users\Bruce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Bruce\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]* in Local intranet)
O16 - DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} https://www.icloud.com/system/iCloud.cab (iCloud Web App Plugin)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/RACtrl.cab?rnd=3166873311 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{56F0E537-07DA-43CB-821D-1C53165E226C}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AE5981C5-48C1-464D-966E-E85BAD3FA8E2}: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D2D97743-A26B-4F14-81E8-A466DA016670}: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
O18:64bit: - Protocol\Handler\intu-help-qb2 - No CLSID value found
O18:64bit: - Protocol\Handler\intu-help-qb3 - No CLSID value found
O18:64bit: - Protocol\Handler\intu-help-qb5 - No CLSID value found
O18:64bit: - Protocol\Handler\intu-help-qb6 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\qbwc - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\intu-help-qb5 {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\intu-help-qb6 {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - C:\Program Files (x86)\Intuit\QuickBooks 2013\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\Amazon\AMAZON~1\AMAZON~2.DLL) - C:\Program Files (x86)\Amazon\Amazon1ButtonApp\AmazonExtIE64.dll ()
O20 - AppInit_DLLs: (C:\PROGRA~2\Amazon\AMAZON~1\\AMAZON~3.DLL) - C:\PROGRA~2\Amazon\AMAZON~1\\AMAZON~3.DLL ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist Express Customer: DllName - (C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\637\g2ax_winlogonx64.dll) - C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\637\g2ax_winlogonx64.dll (Citrix Online, a division of Citrix Systems, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{828806c5-21b4-11e1-b00b-386077042777}\Shell - "" = AutoRun
O33 - MountPoints2\{828806c5-21b4-11e1-b00b-386077042777}\Shell\AutoRun\command - "" = K:\setup.exe /autorun
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/04/19 19:37:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2014/04/19 19:37:26 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2014/04/19 19:37:05 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/04/19 19:30:28 | 001,016,261 | ---- | C] (Thisisu) -- C:\Users\Bruce\Desktop\JRT.exe
[2014/04/18 14:19:32 | 000,119,000 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/04/18 14:19:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2014/04/18 14:18:33 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/04/17 19:50:13 | 000,000,000 | ---D | C] -- C:\Users\Bruce\Desktop\Matt Stuff
[2014/04/17 09:05:38 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2014/04/17 03:01:25 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2014/04/15 15:42:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Carbonite
[2014/04/15 15:42:16 | 000,000,000 | ---D | C] -- C:\Program Files\Carbonite
[2014/04/15 15:42:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Carbonite
[2014/04/15 15:42:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Carbonite
[2014/04/15 15:36:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2014/04/15 15:06:07 | 000,000,000 | ---D | C] -- C:\Users\Bruce\Desktop\RK_Quarantine
[2014/04/12 16:15:10 | 000,000,000 | -HSD | C] -- C:\Users\Bruce\AppData\Local\EmieUserList
[2014/04/12 16:15:10 | 000,000,000 | -HSD | C] -- C:\Users\Bruce\AppData\Local\EmieSiteList
[2014/04/12 13:39:45 | 005,784,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/04/12 13:39:45 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/04/12 13:39:45 | 001,967,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/04/12 13:39:45 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/04/12 13:39:45 | 000,846,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/04/12 13:39:45 | 000,752,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/04/12 13:39:45 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/04/12 13:39:45 | 000,628,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/04/12 13:39:45 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/04/12 13:39:45 | 000,586,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/04/12 13:39:45 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/04/12 13:39:45 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/04/12 13:39:45 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/04/12 13:39:45 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/04/12 13:39:45 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/04/12 13:39:45 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/04/12 13:39:45 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/04/12 13:39:45 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/04/12 13:39:45 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/04/12 13:39:45 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/04/12 13:39:45 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/04/12 13:39:45 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/04/12 13:39:45 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/04/12 13:39:45 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/04/12 13:39:45 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/04/12 13:39:45 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/04/12 13:39:45 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/04/12 13:39:45 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/04/12 13:39:45 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/04/11 12:33:48 | 000,190,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2014/04/11 12:33:47 | 000,027,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2014/04/11 12:33:47 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iologmsg.dll
[2014/04/11 12:33:47 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iologmsg.dll
[2014/04/11 12:33:44 | 001,163,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2014/04/11 12:33:44 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2014/04/11 12:33:43 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2014/04/11 12:33:43 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2014/04/11 12:33:43 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2014/04/11 12:33:43 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2014/04/11 12:33:43 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2014/04/11 12:33:42 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2014/04/11 12:33:42 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2014/04/11 12:33:42 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2014/04/08 20:14:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
[2014/04/08 20:14:48 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1991-06.com.microsoft
[2014/04/08 19:44:58 | 000,000,000 | ---D | C] -- C:\Users\Bruce\AppData\Local\Akamai
[2014/04/02 12:21:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2014/04/02 12:21:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/04/02 12:20:57 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014/04/02 12:20:51 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014/04/02 12:20:51 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014/04/02 12:20:51 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014/04/01 07:36:28 | 000,000,000 | ---D | C] -- C:\Users\Bruce\AppData\Local\LogMeIn
[2014/04/01 07:36:28 | 000,000,000 | ---D | C] -- C:\ProgramData\LogMeIn
[2014/04/01 07:17:04 | 000,000,000 | ---D | C] -- C:\Users\Bruce\AppData\Local\LogMeIn Client
[2014/03/31 13:36:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/03/31 08:05:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amazon
[2014/03/24 15:46:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Lacerte
[2012/02/27 17:28:27 | 001,393,736 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Users\Bruce\gotomypc_635.exe
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/04/19 19:42:21 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/04/19 19:42:21 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/04/19 19:37:29 | 000,001,933 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2014/04/19 19:37:29 | 000,001,933 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2014/04/19 19:33:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/04/19 19:32:54 | 524,767,231 | -HS- | M] () -- C:\hiberfil.sys
[2014/04/19 19:32:21 | 000,000,000 | ---- | M] () -- C:\asc_rdflag
[2014/04/19 19:31:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/04/19 19:29:39 | 001,016,261 | ---- | M] (Thisisu) -- C:\Users\Bruce\Desktop\JRT.exe
[2014/04/19 19:11:29 | 000,000,529 | ---- | M] () -- C:\Users\Bruce\Desktop\QB Login (2).website
[2014/04/18 14:19:32 | 000,119,000 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/04/18 14:18:33 | 000,091,352 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/04/18 12:59:03 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBruce.job
[2014/04/18 07:04:48 | 000,002,167 | ---- | M] () -- C:\Users\Public\Desktop\Advanced SystemCare 7.lnk
[2014/04/18 03:01:11 | 000,819,662 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/04/18 03:01:11 | 000,692,650 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/04/18 03:01:11 | 000,135,330 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/04/18 03:01:04 | 000,819,662 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/04/17 09:05:32 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/04/17 09:05:32 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/04/16 17:58:47 | 000,238,592 | ---- | M] () -- C:\Users\Bruce\Documents\Four Seasons Los Angeles.mpp
[2014/04/15 20:23:44 | 000,281,088 | ---- | M] () -- C:\Users\Bruce\Documents\MLB Santa Barbara.mpp
[2014/04/15 15:42:22 | 000,002,094 | ---- | M] () -- C:\Users\Public\Desktop\Carbonite InfoCenter.lnk
[2014/04/12 15:28:36 | 000,001,573 | ---- | M] () -- C:\Users\Public\Desktop\2013 Lacerte Tax.LNK
[2014/04/12 13:39:45 | 005,784,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/04/12 13:39:45 | 002,043,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/04/12 13:39:45 | 001,967,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/04/12 13:39:45 | 000,940,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/04/12 13:39:45 | 000,846,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/04/12 13:39:45 | 000,752,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/04/12 13:39:45 | 000,704,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/04/12 13:39:45 | 000,628,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/04/12 13:39:45 | 000,592,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/04/12 13:39:45 | 000,586,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/04/12 13:39:45 | 000,574,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/04/12 13:39:45 | 000,548,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/04/12 13:39:45 | 000,453,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/04/12 13:39:45 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/04/12 13:39:45 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/04/12 13:39:45 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/04/12 13:39:45 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/04/12 13:39:45 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/04/12 13:39:45 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/04/12 13:39:45 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/04/12 13:39:45 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/04/12 13:39:45 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/04/12 13:39:45 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/04/12 13:39:45 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/04/12 13:39:45 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/04/12 13:39:45 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/04/12 13:39:45 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/04/12 13:39:45 | 000,032,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/04/12 13:39:45 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/04/08 20:40:21 | 000,002,855 | ---- | M] () -- C:\Users\Bruce\Desktop\Project 2013.lnk
[2014/04/08 20:25:24 | 000,393,488 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/04/08 19:59:27 | 000,087,940 | ---- | M] () -- C:\Users\Bruce\Desktop\MS Project Data Key32bit.pdf
[2014/04/08 19:43:56 | 000,088,744 | ---- | M] () -- C:\Users\Bruce\Desktop\MS Project Data Key.pdf
[2014/04/04 12:00:59 | 000,163,609 | ---- | M] () -- C:\Users\Bruce\Paid Parking Ticket.pdf
[2014/04/04 07:54:03 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBRUCE-HP$.job
[2014/04/02 11:59:36 | 000,290,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\subinacl.exe
[2014/03/31 08:07:32 | 000,001,931 | ---- | M] () -- C:\Users\Bruce\Desktop\Sync Folder.lnk
[2014/03/28 08:35:46 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/03/28 08:35:46 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/03/24 17:31:36 | 000,002,241 | ---- | M] () -- C:\Users\Bruce\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/03/24 17:31:36 | 000,002,217 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/04/19 19:32:21 | 000,000,000 | ---- | C] () -- C:\asc_rdflag
[2014/04/17 09:05:37 | 000,001,933 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2014/04/17 09:05:37 | 000,001,933 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2014/04/15 20:39:21 | 000,238,592 | ---- | C] () -- C:\Users\Bruce\Documents\Four Seasons Los Angeles.mpp
[2014/04/15 18:32:52 | 000,281,088 | ---- | C] () -- C:\Users\Bruce\Documents\MLB Santa Barbara.mpp
[2014/04/15 15:42:22 | 000,002,094 | ---- | C] () -- C:\Users\Public\Desktop\Carbonite InfoCenter.lnk
[2014/04/15 15:36:19 | 000,001,136 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 6.lnk
[2014/04/08 20:40:21 | 000,002,855 | ---- | C] () -- C:\Users\Bruce\Desktop\Project 2013.lnk
[2014/04/08 19:59:27 | 000,087,940 | ---- | C] () -- C:\Users\Bruce\Desktop\MS Project Data Key32bit.pdf
[2014/04/08 19:43:55 | 000,088,744 | ---- | C] () -- C:\Users\Bruce\Desktop\MS Project Data Key.pdf
[2014/04/04 12:00:58 | 000,163,609 | ---- | C] () -- C:\Users\Bruce\Paid Parking Ticket.pdf
[2014/03/31 08:07:32 | 000,001,931 | ---- | C] () -- C:\Users\Bruce\Desktop\Sync Folder.lnk
[2014/03/31 08:06:26 | 000,016,896 | ---- | C] () -- C:\Windows\SysNative\sasnative64.exe
[2014/03/31 08:05:59 | 000,002,167 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon.lnk
[2014/01/09 10:56:54 | 000,009,584 | ---- | C] () -- C:\Windows\SysWow64\ractrlkeyhook.dll
[2013/11/04 17:43:57 | 000,228,419 | ---- | C] () -- C:\Program Files\google-chrome.exe
[2013/04/23 20:10:55 | 000,007,648 | ---- | C] () -- C:\Users\Bruce\AppData\Local\Resmon.ResmonCfg
[2013/04/21 07:42:57 | 000,001,573 | ---- | C] () -- C:\Users\Bruce\2011 Lacerte Tax.LNK
[2012/06/15 09:28:27 | 000,060,304 | ---- | C] () -- C:\Users\Bruce\g2mdlhlpx.exe
[2011/12/09 15:08:25 | 000,113,224 | ---- | C] () -- C:\Users\Bruce\g2ax_customer_downloadhelper_win32_x86.exe
 
========== ZeroAccess Check ==========
 
[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 19:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 18:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
< End of report >
 
 


#9 mattbiel

mattbiel
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:05:31 AM

Posted 19 April 2014 - 10:43 PM

Something I did not mention in an earlier step when you had me run Malwarebytes Anti-rootkit...  When I start it, a warning window comes up that says "Probable rootkit activity detected" and then:

 

Registry value "appInit_Dlls" has been found, which may be caused by rootkit activity.  Do you want to remove this value and restart the tool?"

 

I chose "no" because You didn't tell me to choose yes, and I also figured you would see it in the log.  Could this be my problem?  Should I go back and rerun it and click "yes"?

 

mb



#10 Jo*

Jo*

  • Malware Response Team
  • 3,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:31 PM

Posted 20 April 2014 - 03:43 AM

Hello mattbiel,

looks like the appinit is from Amazon:
 

O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\Amazon\AMAZON~1\AMAZON~2.DLL) - C:\Program Files (x86)\Amazon\Amazon1ButtonApp\AmazonExtIE64.dll ()
O20 - AppInit_DLLs: (C:\PROGRA~2\Amazon\AMAZON~1\\AMAZON~3.DLL) - C:\PROGRA~2\Amazon\AMAZON~1\\AMAZON~3.DLL ()


If you want to remove it (case not, skip Malwarebytes Anti-Rootkit):
Run Malwarebytes Anti-Rootkit again: Right-click mbar.exe and select Run As Administrator
  • Scan your system for malware
  • If malware is found, click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • then please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
If there is no malware found, please let me know as well.

 

***



Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :OTL
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&CUI=UN28571847012905522&UM=2&ctid=CT3310511
    FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT3310511&CUI=UN28860449842335616&UM=2&SearchSource=13"
    FF - prefs.js..browser.search.selectedEngine: "SweetPacks Customized Web Search"
    FF - prefs.js..browser.search.defaultenginename: "SweetPacks Customized Web Search"
    FF - prefs.js..keyword.url: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3310511&SearchSource=2&CUI=UN28860449842335616&UM=2&q="
    [2013/11/27 07:59:49 | 000,000,000 | ---D | M] ("Snap.Do ") -- C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\{c5fef80d-9a57-ed95-539f-715295ca054a}
    
    :Commands
    [purity]
    [emptytemp]
    

    NOTICE: This script was written specifically for this user, for use on that particular machine.
    Running this on another machine may cause damage to your operating system
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post Fix OTL log.

Edited by Jo*, 20 April 2014 - 03:55 AM.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#11 mattbiel

mattbiel
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:05:31 AM

Posted 21 April 2014 - 10:47 PM

Thank you for sticking with me.  I was not at the computer for the past day.  I followed your instructions but could not find the fix OTL log.  I found an OTL log with the correct date/time and am posting it below.  I hope it's the right log.  Unfortunately, this did not fix my problem.  Conduit and Sweetpacks are still taking over my browsers.  I ran ADWCleaner again after the OTL fix and it still found the same stuff.  I let it do a clean, then rebooted and ran it again, and it found the same stuff again.  This stuff is sticky!

 

Here is the log:

 

All processes killed
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Prefs.js: "SweetPacks Customized Web Search" removed from browser.search.selectedEngine
Prefs.js: "SweetPacks Customized Web Search" removed from browser.search.defaultenginename
C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\{c5fef80d-9a57-ed95-539f-715295ca054a}\components folder moved successfully.
C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\{c5fef80d-9a57-ed95-539f-715295ca054a}\chrome\PublisherImages folder moved successfully.
C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\{c5fef80d-9a57-ed95-539f-715295ca054a}\chrome\images folder moved successfully.
C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\{c5fef80d-9a57-ed95-539f-715295ca054a}\chrome folder moved successfully.
C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\{c5fef80d-9a57-ed95-539f-715295ca054a} folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Bruce
->Temp folder emptied: 186188498 bytes
->Temporary Internet Files folder emptied: 78920970 bytes
->Java cache emptied: 103883 bytes
->FireFox cache emptied: 28357839 bytes
->Google Chrome cache emptied: 71775059 bytes
->Flash cache emptied: 66296 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 57472 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Garrett Leight LLC Workpapers Attached to QB 2013
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56466 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1046943797 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 172254 bytes
RecycleBin emptied: 30945636 bytes
 
Total Files Cleaned = 1,377.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 04212014_194549
 
Files\Folders moved on Reboot...
C:\Users\Bruce\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...


#12 Jo*

Jo*

  • Malware Response Team
  • 3,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:31 PM

Posted 22 April 2014 - 04:31 AM

Hello mattbiel,

post your latest AdwCleaner log!


Now turn off all computers,
then unplug the power cable from the router,
then unplug the power cable from the (Cable) modem

....let it OFF for about 5 minutes.

Then with the computers still off,
plug back in the Cable modem power cable.

...when all the lights come on:
then plug in the router,

when all the lights come back on:
then start all computers:
 

***


Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :OTL
    
    :Commands
    [resethosts]
    [purity]
    [emptytemp]
    
    NOTICE: This script was written specifically for this user, for use on that particular machine.
    Running this on another machine may cause damage to your operating system
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post Fix OTL log.

***


Run OTL again.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • don't check the boxes beside LOP Check and Purity Check this time.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open a notepad window OTL.Txt.
  • Please copy (Edit->Select All, Edit->Copy) the content of the file and post it with your next reply.

***


Now check if your problem still exists.
Post results here!
 

***


Edited by Jo*, 22 April 2014 - 09:22 AM.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#13 mattbiel

mattbiel
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:05:31 AM

Posted 22 April 2014 - 11:57 AM

Hi Jo - 

 

I followed your instructions, turning off both machines I have on my network, removing power from both modem and router for 5 minutes, then rebooting all.  I ran your OTL fix.  Unfortunately, problem persists.  I also ran another ADWCleaner scan/clean, but problem persists.  Both OTL logs and ADWCleaner log below:

 

OTL fix log file:

 

All processes killed
========== OTL ==========
========== COMMANDS ==========
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
 
User: Bruce
->Temp folder emptied: 18330235 bytes
->Temporary Internet Files folder emptied: 29038686 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 15739043 bytes
->Google Chrome cache emptied: 8599412 bytes
->Flash cache emptied: 708 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Garrett Leight LLC Workpapers Attached to QB 2013
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4870 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 68.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 04222014_092409
 
Files\Folders moved on Reboot...
C:\Users\Bruce\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...
 
 
OTL second run log file:
 

OTL logfile created on: 4/22/2014 9:32:56 AM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Bruce\Desktop\Matt Stuff
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
5.98 Gb Total Physical Memory | 4.11 Gb Available Physical Memory | 68.64% Memory free
11.97 Gb Paging File | 9.35 Gb Available in Paging File | 78.09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 919.87 Gb Total Space | 834.15 Gb Free Space | 90.68% Space Free | Partition Type: NTFS
Drive D: | 11.54 Gb Total Space | 1.41 Gb Free Space | 12.23% Space Free | Partition Type: NTFS
 
Computer Name: BRUCE-HP | User Name: Bruce | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Bruce\Desktop\Matt Stuff\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
PRC - C:\Users\Bruce\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
PRC - C:\Program Files (x86)\Google\Chrome Remote Desktop\33.0.1750.125\remoting_host.exe (Google Inc.)
PRC - C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe (IObit)
PRC - C:\Users\Bruce\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Workspace\offSyncService.exe (Starfield Technologies)
PRC - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
PRC - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - c:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Desktop.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\TeamViewer\Version6\tv_w32.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe (Intuit Inc.)
PRC - C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe ()
PRC - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe ()
PRC - C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe (Citrix Systems, Inc.)
PRC - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
PRC - C:\Program Files (x86)\PDF Complete\pdfsvc.exe (PDF Complete Inc)
PRC - C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe (Roxio)
PRC - C:\Program Files (x86)\Logitech\Vid HD\Vid.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Bruce\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll ()
MOD - C:\Users\Bruce\AppData\Roaming\Dropbox\bin\libcef.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Common Files\LogiShrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll ()
MOD - C:\Program Files (x86)\Common Files\LogiShrd\SharedBin\LvApi11.dll ()
MOD - C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\vpxmd.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\SDL.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtNetwork4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtCore4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qico4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qgif4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtWebKit4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtXml4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtSql4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtOpenGL4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtGui4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\phonon4.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (CarboniteService) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe (Carbonite, Inc. (www.carbonite.com))
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (STacSV) -- C:\Program Files\IDT\WDM\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (HPClientSvc) -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (HPSLPSVC) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (AESTFilters) -- C:\Program Files\IDT\WDM\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (GoToAssist Remote Support Customer) -- C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\637\g2ax_service.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (chromoting) -- C:\Program Files (x86)\Google\Chrome Remote Desktop\33.0.1750.125\remoting_host.exe (Google Inc.)
SRV - (AdvancedSystemCareService7) -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe (IObit)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (LiveUpdateSvc) -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe (IObit)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (File Backup) -- C:\Program Files (x86)\Workspace\offSyncService.exe (Starfield Technologies)
SRV - (QBCFMonitorService) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (QBVSS) -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe (Intuit Inc.)
SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (pdfcDispatcher) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe (PDF Complete Inc)
SRV - (RoxioNow Service) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe (Roxio)
SRV - (QBFCService) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (SWDUMon) -- C:\Windows\SysNative\drivers\SWDUMon.sys ()
DRV:64bit: - (SmartDefragDriver) -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys (IObit)
DRV:64bit: - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys (AVG Technologies)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys ()
DRV:64bit: - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys ()
DRV:64bit: - (amdxhc) -- C:\Windows\SysNative\drivers\amdxhc.sys (Advanced Micro Devices, INC.)
DRV:64bit: - (amdhub30) -- C:\Windows\SysNative\drivers\amdhub30.sys (Advanced Micro Devices, INC.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (ctxusbm) -- C:\Windows\SysNative\drivers\ctxusbm.sys (Citrix Systems, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (BCMH43XX) -- C:\Windows\SysNative\drivers\bcmwlhigh664.sys (Broadcom Corporation)
DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices)
DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{ED2BD941-7D87-431E-87A2-CDFB26A577DC}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,NewTabPageShow = 1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.bing.com/search?q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.bing.com/search?q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,NewTabPageShow = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&CUI=UN28571847012905522&UM=2&ctid=CT3310511
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {7F4EFF06-7032-458e-AE16-1C1D8255C28A}
IE - HKCU\..\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}: "URL" = http://www-search.net/search.aspx?site=shdefault&pid=s&shr=d&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "SweetPacks Customized Web Search"
FF - prefs.js..browser.search.selectedEngine: "SweetPacks Customized Web Search"
FF - prefs.js..extensions.enabledAddons: ascsurfingprotection%40iobit.com:1.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@starfield.com/off: C:\Users\Bruce\AppData\Roaming\Mozilla\Plugins\npoff.dll ( Starfield Technologies, LLC.)
FF - HKCU\Software\MozillaPlugins\@starfield.com/off64: C:\Users\Bruce\AppData\Roaming\Mozilla\Plugins\npoff64.dll ( Starfield Technologies, LLC.)
FF - HKCU\Software\MozillaPlugins\@starfield.com/wbe: C:\Users\Bruce\AppData\Roaming\Mozilla\Plugins\npwbe.dll (Starfield Technology, LLC)
FF - HKCU\Software\MozillaPlugins\@starfield.com/wbe64: C:\Users\Bruce\AppData\Roaming\Mozilla\Plugins\npwbe64.dll (Starfield Technology, LLC)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/11/04 15:54:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2013/02/05 20:33:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bruce\AppData\Roaming\Mozilla\Extensions
[2014/04/19 19:29:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\i3vuxzt2.default-1395207302093\extensions
[2014/03/21 10:18:54 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\i3vuxzt2.default-1395207302093\extensions\ascsurfingprotection@iobit.com
[2014/03/21 10:18:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_251650\extensions
[2014/03/21 10:18:55 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_251650\extensions\ascsurfingprotection@iobit.com
[2013/11/27 07:59:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_251650\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com
[2014/03/03 10:17:50 | 000,000,000 | ---D | M] (WordExtra) -- C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_251650\extensions\korey@markus.me
[2014/04/21 19:45:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions
[2014/03/21 10:18:55 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\ascsurfingprotection@iobit.com
[2013/11/27 08:00:42 | 000,000,000 | ---D | M] ("LyricsMonkey-1") -- C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com
[2014/03/03 10:17:51 | 000,000,000 | ---D | M] (WordExtra) -- C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\korey@markus.me
[2013/11/27 08:00:42 | 000,000,000 | ---D | M] (Playtopus) -- C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\links@playtopus.com
[2013/11/27 08:00:42 | 000,000,000 | ---D | M] (SearchDonkey) -- C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\support@searchdonkeyapp.com
[2013/11/27 08:00:41 | 000,000,000 | ---D | M] (Tube Dimmer) -- C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\support@tubedimmerapp.com
[2013/11/27 08:00:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\extensionData
[2014/03/19 03:46:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\extensionData\plugins
[2013/11/27 08:00:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\extensionData\userCode
[2014/04/14 17:19:30 | 000,324,918 | ---- | M] () (No name found) -- C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\i3vuxzt2.default-1395207302093\extensions\abb@amazon.com.xpi
[2013/11/18 10:35:26 | 000,007,374 | ---- | M] () (No name found) -- C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\{badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9}.xpi
[2014/04/01 07:00:08 | 000,002,340 | ---- | M] () -- C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\i3vuxzt2.default-1395207302093\searchplugins\amazon.xml
[2014/03/31 13:36:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/03/31 13:36:53 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/03/31 13:36:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions
[2014/03/31 13:36:45 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Users\Bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_1\
CHR - Extension: Chrome Remote Desktop = C:\Users\Bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\34.0.1847.90_0\
CHR - Extension: Chrome Remote Desktop = C:\Users\Bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\34.0.1847.90_0\~
CHR - Extension: avast! WebRep = C:\Users\Bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\
CHR - Extension: Google Wallet = C:\Users\Bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
 
O1 HOSTS File: ([2014/04/22 09:24:10 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2:64bit: - BHO: (ExplorerWnd Helper) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
O2:64bit: - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (no name) - {42435041-2D53-4154-00A7-7A786E7484D7} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {42435041-2D53-4154-00A7-7A786E7484D7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42435041-2D53-4154-00A7-7A786E7484D7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42435041-3300-A76A-76A7-7A786E7484D7} - No CLSID value found.
O4:64bit: - HKLM..\Run: [BeatsOSDApp] C:\Program Files\IDT\WDM\beats64.exe (Hewlett-Packard )
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft Device Center\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelliType Pro] c:\Program Files\Microsoft Device Center\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Bruce\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files (x86)\Logitech\Vid HD\Vid.exe (Logitech Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware)
O4 - Startup: C:\Users\Bruce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Bruce\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]* in Local intranet)
O16 - DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} https://www.icloud.com/system/iCloud.cab (iCloud Web App Plugin)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/RACtrl.cab?rnd=3166873311 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{56F0E537-07DA-43CB-821D-1C53165E226C}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AE5981C5-48C1-464D-966E-E85BAD3FA8E2}: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D2D97743-A26B-4F14-81E8-A466DA016670}: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
O18:64bit: - Protocol\Handler\intu-help-qb2 - No CLSID value found
O18:64bit: - Protocol\Handler\intu-help-qb3 - No CLSID value found
O18:64bit: - Protocol\Handler\intu-help-qb5 - No CLSID value found
O18:64bit: - Protocol\Handler\intu-help-qb6 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\qbwc - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\intu-help-qb5 {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\intu-help-qb6 {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - C:\Program Files (x86)\Intuit\QuickBooks 2013\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\Amazon\AMAZON~1\AMAZON~2.DLL) - C:\Program Files (x86)\Amazon\Amazon1ButtonApp\AmazonExtIE64.dll ()
O20 - AppInit_DLLs: (C:\PROGRA~2\Amazon\AMAZON~1\\AMAZON~3.DLL) - C:\PROGRA~2\Amazon\AMAZON~1\\AMAZON~3.DLL ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist Express Customer: DllName - (C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\637\g2ax_winlogonx64.dll) - C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\637\g2ax_winlogonx64.dll (Citrix Online, a division of Citrix Systems, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{828806c5-21b4-11e1-b00b-386077042777}\Shell - "" = AutoRun
O33 - MountPoints2\{828806c5-21b4-11e1-b00b-386077042777}\Shell\AutoRun\command - "" = K:\setup.exe /autorun
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/04/21 19:45:49 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/04/19 20:21:42 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014/04/19 20:21:36 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014/04/19 20:21:36 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014/04/19 20:21:36 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014/04/19 19:37:05 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/04/19 19:30:28 | 001,016,261 | ---- | C] (Thisisu) -- C:\Users\Bruce\Desktop\JRT.exe
[2014/04/18 14:19:32 | 000,119,000 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/04/18 14:19:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2014/04/18 14:18:33 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/04/17 19:50:13 | 000,000,000 | ---D | C] -- C:\Users\Bruce\Desktop\Matt Stuff
[2014/04/17 03:01:25 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2014/04/15 15:42:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Carbonite
[2014/04/15 15:42:16 | 000,000,000 | ---D | C] -- C:\Program Files\Carbonite
[2014/04/15 15:42:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Carbonite
[2014/04/15 15:42:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Carbonite
[2014/04/15 15:36:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2014/04/12 16:15:10 | 000,000,000 | -HSD | C] -- C:\Users\Bruce\AppData\Local\EmieUserList
[2014/04/12 16:15:10 | 000,000,000 | -HSD | C] -- C:\Users\Bruce\AppData\Local\EmieSiteList
[2014/04/12 13:39:45 | 005,784,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/04/12 13:39:45 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/04/12 13:39:45 | 001,967,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/04/12 13:39:45 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/04/12 13:39:45 | 000,846,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/04/12 13:39:45 | 000,752,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/04/12 13:39:45 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/04/12 13:39:45 | 000,628,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/04/12 13:39:45 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/04/12 13:39:45 | 000,586,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/04/12 13:39:45 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/04/12 13:39:45 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/04/12 13:39:45 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/04/12 13:39:45 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/04/12 13:39:45 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/04/12 13:39:45 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/04/12 13:39:45 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/04/12 13:39:45 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/04/12 13:39:45 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/04/12 13:39:45 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/04/12 13:39:45 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/04/12 13:39:45 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/04/12 13:39:45 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/04/12 13:39:45 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/04/12 13:39:45 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/04/12 13:39:45 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/04/12 13:39:45 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/04/12 13:39:45 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/04/12 13:39:45 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/04/11 12:33:48 | 000,190,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2014/04/11 12:33:47 | 000,027,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2014/04/11 12:33:47 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iologmsg.dll
[2014/04/11 12:33:47 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iologmsg.dll
[2014/04/11 12:33:44 | 001,163,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2014/04/11 12:33:44 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2014/04/11 12:33:43 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2014/04/11 12:33:43 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2014/04/11 12:33:43 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2014/04/11 12:33:43 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2014/04/11 12:33:43 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2014/04/11 12:33:42 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2014/04/11 12:33:42 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2014/04/11 12:33:42 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2014/04/08 20:14:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
[2014/04/08 20:14:48 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1991-06.com.microsoft
[2014/04/08 19:44:58 | 000,000,000 | ---D | C] -- C:\Users\Bruce\AppData\Local\Akamai
[2014/04/02 12:21:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2014/04/02 12:21:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/04/01 07:36:28 | 000,000,000 | ---D | C] -- C:\Users\Bruce\AppData\Local\LogMeIn
[2014/04/01 07:36:28 | 000,000,000 | ---D | C] -- C:\ProgramData\LogMeIn
[2014/04/01 07:17:04 | 000,000,000 | ---D | C] -- C:\Users\Bruce\AppData\Local\LogMeIn Client
[2014/03/31 13:36:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/03/31 08:05:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amazon
[2014/03/24 15:46:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Lacerte
[2012/02/27 17:28:27 | 001,393,736 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Users\Bruce\gotomypc_635.exe
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/04/22 09:34:27 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/04/22 09:34:27 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/04/22 09:31:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/04/22 09:26:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/04/22 09:26:23 | 524,767,231 | -HS- | M] () -- C:\hiberfil.sys
[2014/04/22 09:24:10 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2014/04/21 20:08:01 | 000,000,000 | ---- | M] () -- C:\asc_rdflag
[2014/04/21 12:42:01 | 000,001,573 | ---- | M] () -- C:\Users\Public\Desktop\2012 Lacerte Tax.LNK
[2014/04/21 06:59:06 | 000,002,167 | ---- | M] () -- C:\Users\Public\Desktop\Advanced SystemCare 7.lnk
[2014/04/19 20:43:42 | 000,091,352 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/04/19 20:26:45 | 001,308,369 | ---- | M] () -- C:\Users\Bruce\Desktop\AdwCleaner (1).exe
[2014/04/19 19:37:27 | 000,000,426 | ---- | M] () -- C:\AVScanner.ini
[2014/04/19 19:29:39 | 001,016,261 | ---- | M] (Thisisu) -- C:\Users\Bruce\Desktop\JRT.exe
[2014/04/19 19:11:29 | 000,000,529 | ---- | M] () -- C:\Users\Bruce\Desktop\QB Login (2).website
[2014/04/18 14:19:32 | 000,119,000 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/04/18 12:59:03 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBruce.job
[2014/04/18 03:01:11 | 000,819,662 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/04/18 03:01:11 | 000,692,650 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/04/18 03:01:11 | 000,135,330 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/04/18 03:01:04 | 000,819,662 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/04/17 09:05:32 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/04/17 09:05:32 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/04/16 17:58:47 | 000,238,592 | ---- | M] () -- C:\Users\Bruce\Documents\Four Seasons Los Angeles.mpp
[2014/04/15 20:23:44 | 000,281,088 | ---- | M] () -- C:\Users\Bruce\Documents\MLB Santa Barbara.mpp
[2014/04/15 15:42:22 | 000,002,094 | ---- | M] () -- C:\Users\Public\Desktop\Carbonite InfoCenter.lnk
[2014/04/14 20:13:43 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014/04/14 20:05:11 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014/04/14 20:05:06 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014/04/14 20:04:29 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014/04/12 15:28:36 | 000,001,573 | ---- | M] () -- C:\Users\Public\Desktop\2013 Lacerte Tax.LNK
[2014/04/12 13:39:45 | 005,784,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/04/12 13:39:45 | 002,043,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/04/12 13:39:45 | 001,967,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/04/12 13:39:45 | 000,940,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/04/12 13:39:45 | 000,846,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/04/12 13:39:45 | 000,752,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/04/12 13:39:45 | 000,704,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/04/12 13:39:45 | 000,628,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/04/12 13:39:45 | 000,592,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/04/12 13:39:45 | 000,586,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/04/12 13:39:45 | 000,574,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/04/12 13:39:45 | 000,548,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/04/12 13:39:45 | 000,453,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/04/12 13:39:45 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/04/12 13:39:45 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/04/12 13:39:45 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/04/12 13:39:45 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/04/12 13:39:45 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/04/12 13:39:45 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/04/12 13:39:45 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/04/12 13:39:45 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/04/12 13:39:45 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/04/12 13:39:45 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/04/12 13:39:45 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/04/12 13:39:45 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/04/12 13:39:45 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/04/12 13:39:45 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/04/12 13:39:45 | 000,032,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/04/12 13:39:45 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/04/08 20:40:21 | 000,002,855 | ---- | M] () -- C:\Users\Bruce\Desktop\Project 2013.lnk
[2014/04/08 20:25:24 | 000,393,488 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/04/08 19:59:27 | 000,087,940 | ---- | M] () -- C:\Users\Bruce\Desktop\MS Project Data Key32bit.pdf
[2014/04/08 19:43:56 | 000,088,744 | ---- | M] () -- C:\Users\Bruce\Desktop\MS Project Data Key.pdf
[2014/04/04 12:00:59 | 000,163,609 | ---- | M] () -- C:\Users\Bruce\Paid Parking Ticket.pdf
[2014/04/04 07:54:03 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBRUCE-HP$.job
[2014/04/02 11:59:36 | 000,290,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\subinacl.exe
[2014/03/28 08:35:46 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/03/28 08:35:46 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/03/24 17:31:36 | 000,002,241 | ---- | M] () -- C:\Users\Bruce\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/03/24 17:31:36 | 000,002,217 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/04/21 20:08:01 | 000,000,000 | ---- | C] () -- C:\asc_rdflag
[2014/04/19 20:26:37 | 001,308,369 | ---- | C] () -- C:\Users\Bruce\Desktop\AdwCleaner (1).exe
[2014/04/19 20:08:22 | 000,000,426 | ---- | C] () -- C:\AVScanner.ini
[2014/04/15 20:39:21 | 000,238,592 | ---- | C] () -- C:\Users\Bruce\Documents\Four Seasons Los Angeles.mpp
[2014/04/15 18:32:52 | 000,281,088 | ---- | C] () -- C:\Users\Bruce\Documents\MLB Santa Barbara.mpp
[2014/04/15 15:42:22 | 000,002,094 | ---- | C] () -- C:\Users\Public\Desktop\Carbonite InfoCenter.lnk
[2014/04/15 15:36:19 | 000,001,136 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 6.lnk
[2014/04/08 20:40:21 | 000,002,855 | ---- | C] () -- C:\Users\Bruce\Desktop\Project 2013.lnk
[2014/04/08 19:59:27 | 000,087,940 | ---- | C] () -- C:\Users\Bruce\Desktop\MS Project Data Key32bit.pdf
[2014/04/08 19:43:55 | 000,088,744 | ---- | C] () -- C:\Users\Bruce\Desktop\MS Project Data Key.pdf
[2014/04/04 12:00:58 | 000,163,609 | ---- | C] () -- C:\Users\Bruce\Paid Parking Ticket.pdf
[2014/03/31 08:06:26 | 000,016,896 | ---- | C] () -- C:\Windows\SysNative\sasnative64.exe
[2014/03/31 08:05:59 | 000,002,167 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon.lnk
[2014/01/09 10:56:54 | 000,009,584 | ---- | C] () -- C:\Windows\SysWow64\ractrlkeyhook.dll
[2013/11/04 17:43:57 | 000,228,419 | ---- | C] () -- C:\Program Files\google-chrome.exe
[2013/04/23 20:10:55 | 000,007,648 | ---- | C] () -- C:\Users\Bruce\AppData\Local\Resmon.ResmonCfg
[2013/04/21 07:42:57 | 000,001,573 | ---- | C] () -- C:\Users\Bruce\2011 Lacerte Tax.LNK
[2012/06/15 09:28:27 | 000,060,304 | ---- | C] () -- C:\Users\Bruce\g2mdlhlpx.exe
[2011/12/09 15:08:25 | 000,113,224 | ---- | C] () -- C:\Users\Bruce\g2ax_customer_downloadhelper_win32_x86.exe
 
========== ZeroAccess Check ==========
 
[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 19:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 18:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
< End of report >
 
 
ADWCleaner Log:
 

# AdwCleaner v3.201 - Report created 22/04/2014 at 09:46:31
# Updated 22/04/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Bruce - BRUCE-HP
# Running from : C:\Users\Bruce\Desktop\Matt Stuff\AdwCleaner (1).exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458E-AE16-1C1D8255C28A}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17041
 
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
 
-\\ Mozilla Firefox v28.0 (en-US)
 
[ File : C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\i3vuxzt2.default-1395207302093\prefs.js ]
 
Line Deleted : user_pref("browser.search.defaultenginename", "SweetPacks Customized Web Search");
Line Deleted : user_pref("browser.search.selectedEngine", "SweetPacks Customized Web Search");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3310511&CUI=UN28860449842335616&UM=2&SearchSource=13");
Line Deleted : user_pref("keyword.url", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3310511&SearchSource=2&CUI=UN28860449842335616&UM=2&q=");
 
[ File : C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_251650\prefs.js ]
 
 
[ File : C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\prefs.js ]
 
 
-\\ Google Chrome v33.0.1750.154
 
[ File : C:\Users\Bruce\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Startup_urls] : 
Deleted [Extension] : igjjkeeamkpihpncmmbgdkhdnjpcfmfb
 
*************************
 
AdwCleaner[R0].txt - [82920 octets] - [18/03/2014 23:04:37]
AdwCleaner[R1].txt - [5219 octets] - [18/04/2014 14:47:18]
AdwCleaner[R2].txt - [6287 octets] - [19/04/2014 19:27:53]
AdwCleaner[R3].txt - [2270 octets] - [19/04/2014 20:27:22]
AdwCleaner[R4].txt - [2390 octets] - [19/04/2014 20:38:26]
AdwCleaner[R5].txt - [2450 octets] - [21/04/2014 20:33:41]
AdwCleaner[R6].txt - [2570 octets] - [21/04/2014 20:40:53]
AdwCleaner[R7].txt - [3015 octets] - [22/04/2014 09:44:26]
AdwCleaner[S0].txt - [76774 octets] - [18/03/2014 23:06:19]
AdwCleaner[S1].txt - [6052 octets] - [19/04/2014 19:29:16]
AdwCleaner[S2].txt - [2143 octets] - [19/04/2014 20:30:57]
AdwCleaner[S3].txt - [2323 octets] - [21/04/2014 20:35:09]
AdwCleaner[S4].txt - [2617 octets] - [22/04/2014 09:46:31]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [2677 octets] ##########
 
 


#14 Jo*

Jo*

  • Malware Response Team
  • 3,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:31 PM

Posted 22 April 2014 - 12:37 PM

Hello mattbiel,

Download ComboFix from the following location:
Link

* IMPORTANT- Save ComboFix.exe to your Desktop
 

***


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link:
How to Disable your Security Programs


***


Double click on combofix.exe & follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.
Enable your antivirus!

 

***


Run OTL again.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • don't check the boxes beside LOP Check and Purity Check this time.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open a notepad window OTL.Txt.
  • Please copy (Edit->Select All, Edit->Copy) the content of the file and post it with your next reply.

***


Now check if your problem still exists.
 

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#15 mattbiel

mattbiel
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:05:31 AM

Posted 22 April 2014 - 02:40 PM

Thank you for your continued help. Problem still exists.  Log files from above steps here:

 

ComboFix 14-04-20.01 - Bruce 04/22/2014  10:51:07.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6129.4259 [GMT -7:00]
Running from: c:\users\Bruce\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Z@!-08663074-13b3-4275-a372-675daa78225b.tmp
c:\programdata\Z@S!-ff7c53a4-6df0-43fd-9023-e027f238fca6.tmp
c:\users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com
c:\users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\chrome.manifest
c:\users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\chrome\content\api.js
c:\users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\chrome\content\api\asyncDB.js
c:\users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\chrome\content\api\background.js
c:\users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\chrome\content\api\browserAction.js
c:\users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\chrome\content\api\contextMenu.js
c:\users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\chrome\content\api\dbManager.js
c:\users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\chrome\content\api\dom_bg.js
c:\users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\chrome\content\api\fileManager.js
c:\users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\chrome\content\api\firefox.js
c:\users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\chrome\content\api\firefoxNotifications.js
c:\users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\chrome\content\api\firefoxOmnibox.js
c:\users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\chrome\content\api\message.js
c:\users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\chrome\content\api\pageAction.js
c:\users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\chrome\content\api\request.js
c:\users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\chrome\content\api\tabs.js
c:\users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\chrome\content\api\webRequest.js
c:\users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\chrome\content\background.html
c:\users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\chrome\content\baseObject.js
c:\users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\chrome\content\browser.xul
c:\users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\chrome\content\core\console.js
c:\users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\chrome\content\core\consts.js
c:\users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\chrome\content\core\delegate.js
c:\users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\chrome\content\core\extensionDataStore.js
c:\users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\chrome\content\core\folderIOWrapper.js
c:\users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\chrome\content\core\httpObserver.js
c:\users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\chrome\content\core\IDBWrapper.js
c:\users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\chrome\content\core\installer.js
c:\users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\chrome\content\core\logFile.js
c:\users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\chrome\content\core\prefs.js
c:\users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\chrome\content\core\progressListenerObserver.js
c:\users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\chrome\content\core\registry.js
c:\users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\chrome\content\core\reloadObserver.js
c:\users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\chrome\content\core\reports.js
c:\users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\chrome\content\core\requestObject.js
c:\users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\chrome\content\core\searchSettings.js
c:\users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\chrome\content\core\uninstallObserver.js
c:\users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\chrome\content\core\updateManager.js
c:\users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\chrome\content\core\utils.js
c:\users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\chrome\content\core\xhr.js
c:\users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\chrome\content\dialog.js
c:\users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\chrome\content\main.js
c:\users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\chrome\content\options.js
c:\users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\chrome\content\options.xul
c:\users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\chrome\content\search_dialog.xul
c:\users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\defaults\preferences\prefs.js
c:\users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\extensionData\manifest.xml
c:\users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\extensionData\plugins.json
c:\users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\extensionData\plugins\1_base.js
c:\users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\extensionData\plugins\101_cortica_m.js
c:\users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\extensionData\plugins\103_intext_5_m.js
c:\users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\extensionData\plugins\104_jollywallet_m.js
c:\users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\extensionData\plugins\105_corticas_m.js
c:\users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\extensionData\plugins\108_icm_m.js
c:\users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\extensionData\plugins\116_ads_only_5_m.js
c:\users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\extensionData\plugins\117_coupons_intext_ads_5_m.js
c:\users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\extensionData\plugins\119_similar_web_m.js
c:\users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\extensionData\plugins\120_luck_m.js
c:\users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\extensionData\plugins\123_intext_adv_m.js
c:\users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\extensionData\plugins\124_superfish_no_search_no_coupons_m.js
c:\users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\extensionData\plugins\125_arcadi2_m.js
c:\users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\extensionData\plugins\126_revizer_ws_m.js
c:\users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\extensionData\plugins\127_revizer_p_m.js
c:\users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\extensionData\plugins\128_superfish_pricora_m.js
c:\users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\extensionData\plugins\129_widdit_m.js
c:\users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\extensionData\plugins\13_CrossriderAppUtils.js
c:\users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\extensionData\plugins\135_arcadi3_m.js
c:\users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\extensionData\plugins\138_getdeal_m.js
c:\users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\extensionData\plugins\14_CrossriderUtils.js
c:\users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\extensionData\plugins\141_corticas_ru_m.js.js
c:\users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\extensionData\plugins\142_intext_fa_m.js
c:\users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\extensionData\plugins\155_ibario_pops_m.js
c:\users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\extensionData\plugins\158_50onred_ads_only_no_fb_m.js
c:\users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\extensionData\plugins\159_cortica_rollover_m.js
c:\users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\extensionData\plugins\16_FFAppAPIWrapper.js
c:\users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\extensionData\plugins\17_jQuery.js
c:\users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\extensionData\plugins\170_icm1_5_m.js
c:\users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\extensionData\plugins\171_arcadi2_sourceID_m.js
c:\users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\extensionData\plugins\174_arcadi_serp_dynamic_id_m.js
c:\users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\extensionData\plugins\175_coolmirage_m.js
c:\users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\extensionData\plugins\178_revizer_ws_dynamic_m.js
c:\users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\extensionData\plugins\179_revizer_p_dynamic_m.js
c:\users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\extensionData\plugins\21_debug.js
c:\users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\extensionData\plugins\22_resources.js
c:\users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\extensionData\plugins\28_initializer.js
c:\users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\extensionData\plugins\4_jquery_1_7_1.js
c:\users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\extensionData\plugins\47_resources_background.js
c:\users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\extensionData\plugins\64_appApiMessage.js
c:\users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\extensionData\plugins\7_hooks.js
c:\users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\extensionData\plugins\72_appApiValidation.js
c:\users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\extensionData\plugins\78_CrossriderInfo.js
c:\users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\extensionData\plugins\87_ginyas_wrapper.js
c:\users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\extensionData\plugins\9_search_engine_hook.js
c:\users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\extensionData\plugins\91_monetizationLoader.js.js
c:\users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\extensionData\plugins\92_superfish_m.js
c:\users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\extensionData\plugins\93_superfish_no_coupons_m.js
c:\users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\extensionData\plugins\98_omniCommands.js
c:\users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\extensionData\userCode\background.js
c:\users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\extensionData\userCode\extension.js
c:\users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\install.rdf
c:\users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\locale\en-US\translations.dtd
c:\users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\skin\button1.png
c:\users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\skin\button2.png
c:\users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\skin\button3.png
c:\users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\skin\button4.png
c:\users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\skin\button5.png
c:\users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\skin\crossrider_statusbar.png
c:\users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\skin\icon128.png
c:\users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\skin\icon16.png
c:\users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\skin\icon24.png
c:\users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\skin\icon48.png
c:\users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\skin\panelarrow-up.png
c:\users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\skin\popup.html
c:\users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\skin\skin.css
c:\users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com\skin\update.css
c:\users\Bruce\g2ax_customer_downloadhelper_win32_x86.exe
c:\users\Bruce\g2mdlhlpx.exe
c:\windows\SysWow64\html
c:\windows\SysWow64\images
.
.
(((((((((((((((((((((((((   Files Created from 2014-03-22 to 2014-04-22  )))))))))))))))))))))))))))))))
.
.
2014-04-22 16:18 . 2014-04-17 12:31 10651704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4E5B6AF7-9A30-4562-BB33-CCC6A2FA5DF0}\mpengine.dll
2014-04-22 02:45 . 2014-04-22 02:45 -------- d-----w- C:\_OTL
2014-04-20 03:21 . 2014-04-15 03:13 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-04-20 02:37 . 2014-04-20 02:37 -------- d-----w- c:\windows\ERUNT
2014-04-18 21:19 . 2014-04-18 21:40 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-04-18 21:19 . 2014-04-18 21:19 119000 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-04-18 21:18 . 2014-04-20 03:43 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-04-17 10:01 . 2014-04-17 10:01 -------- d-----w- c:\windows\Migration
2014-04-15 22:42 . 2014-04-15 22:42 -------- d-----w- c:\program files\Carbonite
2014-04-15 22:42 . 2014-04-15 22:42 -------- d-----w- c:\programdata\Carbonite
2014-04-15 22:42 . 2014-04-15 22:42 -------- d-----w- c:\program files (x86)\Carbonite
2014-04-15 22:36 . 2014-04-15 22:36 -------- d-----w- c:\program files (x86)\TeamViewer
2014-04-12 23:15 . 2014-04-12 23:15 -------- d-sh--w- c:\users\Bruce\AppData\Local\EmieUserList
2014-04-12 23:15 . 2014-04-12 23:15 -------- d-sh--w- c:\users\Bruce\AppData\Local\EmieSiteList
2014-04-11 19:33 . 2014-02-04 02:35 190912 ----a-w- c:\windows\system32\drivers\storport.sys
2014-04-09 03:14 . 2014-04-09 03:14 -------- d-----w- c:\programdata\regid.1991-06.com.microsoft
2014-04-09 02:44 . 2014-04-09 02:47 -------- d-----w- c:\users\Bruce\AppData\Local\Akamai
2014-04-02 19:21 . 2014-04-20 03:21 -------- d-----w- c:\programdata\Oracle
2014-04-02 19:21 . 2014-04-02 19:21 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-04-01 14:36 . 2014-04-01 14:36 -------- d-----w- c:\users\Bruce\AppData\Local\LogMeIn
2014-04-01 14:36 . 2014-04-01 14:36 -------- d-----w- c:\programdata\LogMeIn
2014-04-01 14:17 . 2014-04-01 14:17 -------- d-----w- c:\users\Bruce\AppData\Local\LogMeIn Client
2014-03-31 15:06 . 2012-07-25 19:03 16896 ----a-w- c:\windows\system32\sasnative64.exe
2014-03-31 15:05 . 2014-03-31 15:06 -------- d-----w- c:\program files (x86)\Amazon
2014-03-24 22:46 . 2014-04-21 19:42 -------- d-----w- c:\programdata\Lacerte
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-17 16:05 . 2012-04-27 22:50 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-04-17 16:05 . 2011-08-17 18:25 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-04-12 04:45 . 2011-12-03 00:04 90655440 ----a-w- c:\windows\system32\MRT.exe
2014-04-02 18:59 . 2014-03-19 10:40 290304 ----a-w- c:\windows\SysWow64\subinacl.exe
2014-03-31 16:35 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-03-17 01:03 . 2013-12-02 21:17 16152 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2014-03-15 18:49 . 2014-03-15 18:49 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-03-15 18:49 . 2014-03-15 18:49 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-03-15 18:49 . 2014-03-15 18:49 228864 ----a-w- c:\windows\system32\wwansvc.dll
2014-03-04 09:17 . 2014-04-11 19:33 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2014-03-03 18:52 . 2014-03-03 18:52 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2014-03-03 18:52 . 2014-03-03 18:52 312744 ----a-w- c:\windows\system32\javaws.exe
2014-03-03 18:52 . 2014-03-03 18:52 189352 ----a-w- c:\windows\system32\javaw.exe
2014-03-03 18:52 . 2014-03-03 18:52 189352 ----a-w- c:\windows\system32\java.exe
2014-03-03 18:52 . 2014-03-03 18:52 973736 ----a-w- c:\windows\system32\deployJava1.dll
2014-03-03 18:52 . 2014-03-03 18:52 1095080 ----a-w- c:\windows\system32\npDeployJava1.dll
2014-02-17 20:41 . 2013-03-31 01:50 27456 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2014-02-14 03:01 . 2014-02-13 16:19 128320 ----a-w- c:\windows\system32\IObitSmartDefragExtension.dll
2014-02-12 18:17 . 2014-02-12 18:17 87040 ----a-w- c:\windows\SysWow64\secproc_ssp_isv.dll
2014-02-12 18:17 . 2014-02-12 18:17 87040 ----a-w- c:\windows\SysWow64\secproc_ssp.dll
2014-02-12 18:17 . 2014-02-12 18:17 658432 ----a-w- c:\windows\system32\RMActivate_isv.exe
2014-02-12 18:17 . 2014-02-12 18:17 626176 ----a-w- c:\windows\system32\RMActivate.exe
2014-02-12 18:17 . 2014-02-12 18:17 594944 ----a-w- c:\windows\SysWow64\RMActivate_isv.exe
2014-02-12 18:17 . 2014-02-12 18:17 572416 ----a-w- c:\windows\SysWow64\RMActivate.exe
2014-02-12 18:17 . 2014-02-12 18:17 553984 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2014-02-12 18:17 . 2014-02-12 18:17 552960 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2014-02-12 18:17 . 2014-02-12 18:17 528384 ----a-w- c:\windows\system32\msdrm.dll
2014-02-12 18:17 . 2014-02-12 18:17 510976 ----a-w- c:\windows\SysWow64\RMActivate_ssp.exe
2014-02-12 18:17 . 2014-02-12 18:17 508928 ----a-w- c:\windows\SysWow64\RMActivate_ssp_isv.exe
2014-02-12 18:17 . 2014-02-12 18:17 488448 ----a-w- c:\windows\system32\secproc.dll
2014-02-12 18:17 . 2014-02-12 18:17 485888 ----a-w- c:\windows\system32\secproc_isv.dll
2014-02-12 18:17 . 2014-02-12 18:17 428032 ----a-w- c:\windows\SysWow64\secproc.dll
2014-02-12 18:17 . 2014-02-12 18:17 423936 ----a-w- c:\windows\SysWow64\secproc_isv.dll
2014-02-12 18:17 . 2014-02-12 18:17 390144 ----a-w- c:\windows\SysWow64\msdrm.dll
2014-02-12 18:17 . 2014-02-12 18:17 123392 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2014-02-12 18:17 . 2014-02-12 18:17 123392 ----a-w- c:\windows\system32\secproc_ssp.dll
2014-02-07 01:23 . 2014-03-12 14:57 3156480 ----a-w- c:\windows\system32\win32k.sys
2014-02-04 02:32 . 2014-03-12 14:56 624128 ----a-w- c:\windows\system32\qedit.dll
2014-02-04 02:04 . 2014-03-12 14:56 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2014-01-29 02:32 . 2014-03-12 14:57 484864 ----a-w- c:\windows\system32\wer.dll
2014-01-29 02:06 . 2014-03-12 14:57 381440 ----a-w- c:\windows\SysWow64\wer.dll
2014-01-23 14:55 . 2014-01-23 14:55 659264 ----a-w- c:\windows\SysWow64\mscomct2.ocx
2014-01-23 14:55 . 2014-01-23 14:55 31888 ----a-w- c:\windows\SysWow64\FM20ENU.DLL
2014-01-23 14:54 . 2014-01-23 14:54 1239208 ----a-w- c:\windows\SysWow64\FM20.DLL
2013-11-05 00:44 . 2013-11-05 00:43 228419 ----a-w- c:\program files\google-chrome.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2014-04-08 04:59 1020424 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2014-04-08 04:59 1020424 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2014-04-08 04:59 1020424 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Bruce\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Bruce\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Bruce\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Bruce\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Vid"="c:\program files (x86)\Logitech\Vid HD\Vid.exe" [2010-10-29 5915480]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-05-03 17355912]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2014-01-28 6563608]
"Akamai NetSession Interface"="c:\users\Bruce\AppData\Local\Akamai\netsession_win.exe" [2014-03-06 4672920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-08-12 205336]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2013-05-31 2786104]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2011-02-08 567320]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2011-04-25 305088]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-02 152392]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"Carbonite Backup"="c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe" [2014-04-08 1053704]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 7"="c:\program files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" [2014-02-12 2288928]
.
c:\users\Bruce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Bruce\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-1-2 30714328]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Intuit Data Protect.lnk - c:\program files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe /Startup [2013-5-31 6258488]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R2 chromoting;Chrome Remote Desktop Service;c:\program files (x86)\Google\Chrome Remote Desktop\33.0.1750.125\remoting_host.exe;c:\program files (x86)\Google\Chrome Remote Desktop\33.0.1750.125\remoting_host.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]
R3 aswVmm;aswVmm; [x]
R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys;c:\windows\SYSNATIVE\DRIVERS\bcmwlhigh664.sys [x]
R3 GoToAssist Remote Support Customer;GoToAssist Remote Support Customer;c:\program files (x86)\Citrix\GoToAssist Remote Support Customer\637\g2ax_service.exe Start=service;c:\program files (x86)\Citrix\GoToAssist Remote Support Customer\637\g2ax_service.exe Start=service [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MSSQL$LACERTEDB;MSSQL$LACERTEDB;c:\program files (x86)\Microsoft SQL Server\MSSQL$LACERTEDB\Binn\sqlservr.exe;c:\program files (x86)\Microsoft SQL Server\MSSQL$LACERTEDB\Binn\sqlservr.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SQLAgent$LACERTEDB;SQLAgent$LACERTEDB;c:\program files (x86)\Microsoft SQL Server\MSSQL$LACERTEDB\Binn\sqlagent.EXE;c:\program files (x86)\Microsoft SQL Server\MSSQL$LACERTEDB\Binn\sqlagent.EXE [x]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys;c:\windows\SYSNATIVE\DRIVERS\SWDUMon.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys;c:\windows\SYSNATIVE\drivers\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys;c:\windows\SYSNATIVE\drivers\amd_xata.sys [x]
S0 aswRvrt;aswRvrt; [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys;c:\windows\SYSNATIVE\Drivers\SmartDefragDriver.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys;c:\windows\SYSNATIVE\DRIVERS\ctxusbm.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 AdvancedSystemCareService7;Advanced SystemCare Service 7;c:\program files (x86)\IObit\Advanced SystemCare 7\ASCService.exe;c:\program files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 File Backup;File Backup Service;c:\program files (x86)\Workspace\offSyncService.exe;c:\program files (x86)\Workspace\offSyncService.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x]
S2 QBVSS;QBIDPService;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [x]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\amdhub30.sys;c:\windows\SYSNATIVE\DRIVERS\amdhub30.sys [x]
S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\amdxhc.sys;c:\windows\SYSNATIVE\DRIVERS\amdxhc.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech HD Webcam C310(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys;c:\windows\SYSNATIVE\drivers\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-25 00:31 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-07-14 01:14 126464 ----a-w- c:\windows\System32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2014-04-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-17 16:05]
.
2014-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-03-02 19:08]
.
2014-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-03-02 19:08]
.
2014-04-04 c:\windows\Tasks\HPCeeScheduleForBRUCE-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
2014-04-18 c:\windows\Tasks\HPCeeScheduleForBruce.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
2011-12-02 c:\windows\Tasks\User_Feed_Synchronization-{7D5288AB-1BD4-44FE-9826-4A8358BAC825}.job
- c:\windows\system32\msfeedssync.exe [2013-11-28 04:54]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
2014-03-01 15:32 2471744 ----a-w- c:\program files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-03-13 03:11 2333400 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-03-13 03:11 2333400 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-03-13 03:11 2333400 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 17:21 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2014-04-08 04:48 1293320 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2014-04-08 04:48 1293320 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2014-04-08 04:48 1293320 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Bruce\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Bruce\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Bruce\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Bruce\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\off0]
@="{8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5}"
[HKEY_CLASSES_ROOT\CLSID\{8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5}]
2013-05-16 00:11 1308432 ----a-w- c:\program files (x86)\Workspace\offsyncext64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\off1]
@="{8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5}"
[HKEY_CLASSES_ROOT\CLSID\{8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5}]
2013-05-16 00:11 1308432 ----a-w- c:\program files (x86)\Workspace\offsyncext64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BeatsOSDApp"="c:\program files\IDT\WDM\beats64.exe" [2010-10-21 37888]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-06-24 1128448]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"IntelliType Pro"="c:\program files\Microsoft Device Center\itype.exe" [2012-06-27 1464928]
"IntelliPoint"="c:\program files\Microsoft Device Center\ipoint.exe" [2012-06-27 2004584]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com?SearchSource=10&CUI=UN28571847012905522&UM=2&ctid=CT3310511
mDefault_Search_URL = hxxp://www.google.com
mDefault_Page_URL = about:blank
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com
mCustomizeSearch = hxxp://www.bing.com/search?q={searchTerms}
mSearchAssistant = hxxp://www.bing.com/search?q={searchTerms}
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
Handler: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - c:\program files (x86)\Intuit\QuickBooks 2013\HelpAsyncPluggableProtocol.dll
FF - ProfilePath - c:\users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\
FF - ExtSQL: 2014-03-21 03:18; ascsurfingprotection@iobit.com; c:\users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\ascsurfingprotection@iobit.com
FF - ExtSQL: !HIDDEN! 2013-08-04 10:35; 64ffxtbr@TelevisionFanatic.com; c:\program files (x86)\TelevisionFanatic\bar\1.bin
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{42435041-2D53-4154-00A7-7A786E7484D7} - (no file)
Toolbar-{42435041-2D53-4154-00A7-7A786E7484D7} - (no file)
Toolbar-Locked - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
WebBrowser-{42435041-2D53-4154-00A7-7A786E7484D7} - (no file)
WebBrowser-{42435041-3300-A76A-76A7-7A786E7484D7} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\IObit\Advanced SystemCare 7\Monitor.exe
c:\program files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files (x86)\TeamViewer\Version6\TeamViewer.exe
c:\program files (x86)\IObit\Advanced SystemCare 7\DelayLoad.exe
.
**************************************************************************
.
Completion time: 2014-04-22  11:57:38 - machine was rebooted
ComboFix-quarantined-files.txt  2014-04-22 18:57
.
Pre-Run: 895,214,538,752 bytes free
Post-Run: 894,672,228,352 bytes free
.
- - End Of File - - 16AA07F7483F8D0C97A8AB0233C08384
A36C5E4F47E84449FF07ED3517B43A31
 

OTL logfile created on: 4/22/2014 12:26:14 PM - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Bruce\Desktop\Matt Stuff
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
5.98 Gb Total Physical Memory | 4.31 Gb Available Physical Memory | 71.95% Memory free
11.97 Gb Paging File | 10.23 Gb Available in Paging File | 85.50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 919.87 Gb Total Space | 833.10 Gb Free Space | 90.57% Space Free | Partition Type: NTFS
Drive D: | 11.54 Gb Total Space | 1.41 Gb Free Space | 12.23% Space Free | Partition Type: NTFS
 
Computer Name: BRUCE-HP | User Name: Bruce | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Bruce\Desktop\Matt Stuff\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe (IObit)
PRC - C:\Program Files (x86)\Workspace\offSyncService.exe (Starfield Technologies)
PRC - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
PRC - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - c:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Desktop.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\TeamViewer\Version6\tv_w32.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe (Intuit Inc.)
PRC - C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\PDF Complete\pdfsvc.exe (PDF Complete Inc)
PRC - C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe (Roxio)
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (CarboniteService) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe (Carbonite, Inc. (www.carbonite.com))
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (STacSV) -- C:\Program Files\IDT\WDM\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (HPClientSvc) -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (HPSLPSVC) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (AESTFilters) -- C:\Program Files\IDT\WDM\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (GoToAssist Remote Support Customer) -- C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\637\g2ax_service.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (chromoting) -- C:\Program Files (x86)\Google\Chrome Remote Desktop\33.0.1750.125\remoting_host.exe (Google Inc.)
SRV - (AdvancedSystemCareService7) -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe (IObit)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (LiveUpdateSvc) -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe (IObit)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (File Backup) -- C:\Program Files (x86)\Workspace\offSyncService.exe (Starfield Technologies)
SRV - (QBCFMonitorService) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (QBVSS) -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe (Intuit Inc.)
SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (pdfcDispatcher) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe (PDF Complete Inc)
SRV - (RoxioNow Service) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe (Roxio)
SRV - (QBFCService) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (SWDUMon) -- C:\Windows\SysNative\drivers\SWDUMon.sys ()
DRV:64bit: - (SmartDefragDriver) -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys (IObit)
DRV:64bit: - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys (AVG Technologies)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys ()
DRV:64bit: - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys ()
DRV:64bit: - (amdxhc) -- C:\Windows\SysNative\drivers\amdxhc.sys (Advanced Micro Devices, INC.)
DRV:64bit: - (amdhub30) -- C:\Windows\SysNative\drivers\amdhub30.sys (Advanced Micro Devices, INC.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (ctxusbm) -- C:\Windows\SysNative\drivers\ctxusbm.sys (Citrix Systems, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (BCMH43XX) -- C:\Windows\SysNative\drivers\bcmwlhigh664.sys (Broadcom Corporation)
DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices)
DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{ED2BD941-7D87-431E-87A2-CDFB26A577DC}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,NewTabPageShow = 1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.bing.com/search?q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.bing.com/search?q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,NewTabPageShow = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&CUI=UN28571847012905522&UM=2&ctid=CT3310511
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {7F4EFF06-7032-458e-AE16-1C1D8255C28A}
IE - HKCU\..\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}: "URL" = http://www-search.net/search.aspx?site=shdefault&pid=s&shr=d&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: ascsurfingprotection%40iobit.com:1.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0
FF - prefs.js..browser.search.selectedEngine: "SweetPacks Customized Web Search"
FF - prefs.js..browser.search.defaultenginename: "SweetPacks Customized Web Search"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@starfield.com/off: C:\Users\Bruce\AppData\Roaming\Mozilla\Plugins\npoff.dll ( Starfield Technologies, LLC.)
FF - HKCU\Software\MozillaPlugins\@starfield.com/off64: C:\Users\Bruce\AppData\Roaming\Mozilla\Plugins\npoff64.dll ( Starfield Technologies, LLC.)
FF - HKCU\Software\MozillaPlugins\@starfield.com/wbe: C:\Users\Bruce\AppData\Roaming\Mozilla\Plugins\npwbe.dll (Starfield Technology, LLC)
FF - HKCU\Software\MozillaPlugins\@starfield.com/wbe64: C:\Users\Bruce\AppData\Roaming\Mozilla\Plugins\npwbe64.dll (Starfield Technology, LLC)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/11/04 15:54:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2013/02/05 20:33:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bruce\AppData\Roaming\Mozilla\Extensions
[2014/04/19 19:29:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\i3vuxzt2.default-1395207302093\extensions
[2014/03/21 10:18:54 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\i3vuxzt2.default-1395207302093\extensions\ascsurfingprotection@iobit.com
[2014/03/21 10:18:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_251650\extensions
[2014/03/21 10:18:55 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_251650\extensions\ascsurfingprotection@iobit.com
[2013/11/27 07:59:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_251650\extensions\b369ec0b-ca2c-4a80-a1e3-08fd373cdfb5@91e50ee5-448d-41f7-92ed-30eed93f2f2f.com
[2014/03/03 10:17:50 | 000,000,000 | ---D | M] (WordExtra) -- C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_251650\extensions\korey@markus.me
[2014/04/22 11:49:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions
[2014/03/21 10:18:55 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\ascsurfingprotection@iobit.com
[2014/03/03 10:17:51 | 000,000,000 | ---D | M] (WordExtra) -- C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\korey@markus.me
[2013/11/27 08:00:42 | 000,000,000 | ---D | M] (Playtopus) -- C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\links@playtopus.com
[2013/11/27 08:00:42 | 000,000,000 | ---D | M] (SearchDonkey) -- C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\support@searchdonkeyapp.com
[2013/11/27 08:00:41 | 000,000,000 | ---D | M] (Tube Dimmer) -- C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\support@tubedimmerapp.com
[2014/04/14 17:19:30 | 000,324,918 | ---- | M] () (No name found) -- C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\i3vuxzt2.default-1395207302093\extensions\abb@amazon.com.xpi
[2013/11/18 10:35:26 | 000,007,374 | ---- | M] () (No name found) -- C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_747901\extensions\{badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9}.xpi
[2014/04/01 07:00:08 | 000,002,340 | ---- | M] () -- C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\i3vuxzt2.default-1395207302093\searchplugins\amazon.xml
[2014/03/31 13:36:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/03/31 13:36:53 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/03/31 13:36:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions
[2014/03/31 13:36:45 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Users\Bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_1\
CHR - Extension: Chrome Remote Desktop = C:\Users\Bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\34.0.1847.90_0\
CHR - Extension: Chrome Remote Desktop = C:\Users\Bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\34.0.1847.90_0\~
CHR - Extension: avast! WebRep = C:\Users\Bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\
CHR - Extension: Google Wallet = C:\Users\Bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
 
O1 HOSTS File: ([2014/04/22 11:53:04 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (ExplorerWnd Helper) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
O2:64bit: - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (no name) - {42435041-2D53-4154-00A7-7A786E7484D7} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {42435041-2D53-4154-00A7-7A786E7484D7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42435041-3300-A76A-76A7-7A786E7484D7} - No CLSID value found.
O4:64bit: - HKLM..\Run: [BeatsOSDApp] C:\Program Files\IDT\WDM\beats64.exe (Hewlett-Packard )
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft Device Center\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelliType Pro] c:\Program Files\Microsoft Device Center\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Bruce\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files (x86)\Logitech\Vid HD\Vid.exe (Logitech Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware)
O4 - Startup: C:\Users\Bruce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Bruce\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]* in Local intranet)
O16 - DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} https://www.icloud.com/system/iCloud.cab (iCloud Web App Plugin)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/RACtrl.cab?rnd=3166873311 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{56F0E537-07DA-43CB-821D-1C53165E226C}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AE5981C5-48C1-464D-966E-E85BAD3FA8E2}: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D2D97743-A26B-4F14-81E8-A466DA016670}: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
O18:64bit: - Protocol\Handler\intu-help-qb2 - No CLSID value found
O18:64bit: - Protocol\Handler\intu-help-qb3 - No CLSID value found
O18:64bit: - Protocol\Handler\intu-help-qb5 - No CLSID value found
O18:64bit: - Protocol\Handler\intu-help-qb6 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\qbwc - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\intu-help-qb5 {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\intu-help-qb6 {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - C:\Program Files (x86)\Intuit\QuickBooks 2013\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist Express Customer: DllName - (C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\637\g2ax_winlogonx64.dll) - C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\637\g2ax_winlogonx64.dll (Citrix Online, a division of Citrix Systems, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/04/22 11:53:07 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2014/04/22 10:49:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2014/04/22 10:49:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2014/04/22 10:49:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2014/04/22 10:49:23 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/04/22 10:49:07 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2014/04/22 10:45:03 | 005,196,870 | R--- | C] (Swearware) -- C:\Users\Bruce\Desktop\ComboFix.exe
[2014/04/21 19:45:49 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/04/19 20:21:42 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014/04/19 20:21:36 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014/04/19 20:21:36 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014/04/19 20:21:36 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014/04/19 19:37:05 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/04/18 14:19:32 | 000,119,000 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/04/18 14:19:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2014/04/18 14:18:33 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/04/17 19:50:13 | 000,000,000 | ---D | C] -- C:\Users\Bruce\Desktop\Matt Stuff
[2014/04/17 03:01:25 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2014/04/15 15:42:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Carbonite
[2014/04/15 15:42:16 | 000,000,000 | ---D | C] -- C:\Program Files\Carbonite
[2014/04/15 15:42:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Carbonite
[2014/04/15 15:42:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Carbonite
[2014/04/15 15:36:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2014/04/12 16:15:10 | 000,000,000 | -HSD | C] -- C:\Users\Bruce\AppData\Local\EmieUserList
[2014/04/12 16:15:10 | 000,000,000 | -HSD | C] -- C:\Users\Bruce\AppData\Local\EmieSiteList
[2014/04/12 13:39:45 | 005,784,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/04/12 13:39:45 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/04/12 13:39:45 | 001,967,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/04/12 13:39:45 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/04/12 13:39:45 | 000,846,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/04/12 13:39:45 | 000,752,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/04/12 13:39:45 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/04/12 13:39:45 | 000,628,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/04/12 13:39:45 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/04/12 13:39:45 | 000,586,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/04/12 13:39:45 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/04/12 13:39:45 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/04/12 13:39:45 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/04/12 13:39:45 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/04/12 13:39:45 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/04/12 13:39:45 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/04/12 13:39:45 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/04/12 13:39:45 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/04/12 13:39:45 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/04/12 13:39:45 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/04/12 13:39:45 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/04/12 13:39:45 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/04/12 13:39:45 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/04/12 13:39:45 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/04/12 13:39:45 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/04/12 13:39:45 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/04/12 13:39:45 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/04/12 13:39:45 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/04/12 13:39:45 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/04/11 12:33:48 | 000,190,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2014/04/11 12:33:47 | 000,027,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2014/04/11 12:33:47 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iologmsg.dll
[2014/04/11 12:33:47 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iologmsg.dll
[2014/04/11 12:33:44 | 001,163,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2014/04/11 12:33:44 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2014/04/11 12:33:43 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2014/04/11 12:33:43 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2014/04/11 12:33:43 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2014/04/11 12:33:43 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2014/04/11 12:33:43 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2014/04/11 12:33:42 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2014/04/11 12:33:42 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2014/04/11 12:33:42 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2014/04/08 20:14:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
[2014/04/08 20:14:48 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1991-06.com.microsoft
[2014/04/08 19:44:58 | 000,000,000 | ---D | C] -- C:\Users\Bruce\AppData\Local\Akamai
[2014/04/02 12:21:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2014/04/02 12:21:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/04/01 07:36:28 | 000,000,000 | ---D | C] -- C:\Users\Bruce\AppData\Local\LogMeIn
[2014/04/01 07:36:28 | 000,000,000 | ---D | C] -- C:\ProgramData\LogMeIn
[2014/04/01 07:17:04 | 000,000,000 | ---D | C] -- C:\Users\Bruce\AppData\Local\LogMeIn Client
[2014/03/31 13:36:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/03/31 08:05:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amazon
[2014/03/24 15:46:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Lacerte
[2012/02/27 17:28:27 | 001,393,736 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Users\Bruce\gotomypc_635.exe
 
========== Files - Modified Within 30 Days ==========
 
[2014/04/22 11:59:02 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/04/22 11:59:02 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/04/22 11:53:04 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2014/04/22 11:51:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/04/22 11:50:59 | 524,767,231 | -HS- | M] () -- C:\hiberfil.sys
[2014/04/22 11:31:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/04/22 10:45:21 | 005,196,870 | R--- | M] (Swearware) -- C:\Users\Bruce\Desktop\ComboFix.exe
[2014/04/21 20:08:01 | 000,000,000 | ---- | M] () -- C:\asc_rdflag
[2014/04/21 12:42:01 | 000,001,573 | ---- | M] () -- C:\Users\Public\Desktop\2012 Lacerte Tax.LNK
[2014/04/19 20:43:42 | 000,091,352 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/04/19 19:37:27 | 000,000,426 | ---- | M] () -- C:\AVScanner.ini
[2014/04/19 19:11:29 | 000,000,529 | ---- | M] () -- C:\Users\Bruce\Desktop\QB Login (2).website
[2014/04/18 14:19:32 | 000,119,000 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/04/18 12:59:03 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBruce.job
[2014/04/18 03:01:11 | 000,819,662 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/04/18 03:01:11 | 000,692,650 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/04/18 03:01:11 | 000,135,330 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/04/18 03:01:04 | 000,819,662 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/04/17 09:05:32 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/04/17 09:05:32 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/04/16 17:58:47 | 000,238,592 | ---- | M] () -- C:\Users\Bruce\Documents\Four Seasons Los Angeles.mpp
[2014/04/15 20:23:44 | 000,281,088 | ---- | M] () -- C:\Users\Bruce\Documents\MLB Santa Barbara.mpp
[2014/04/14 20:13:43 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014/04/14 20:05:11 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014/04/14 20:05:06 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014/04/14 20:04:29 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014/04/12 15:28:36 | 000,001,573 | ---- | M] () -- C:\Users\Public\Desktop\2013 Lacerte Tax.LNK
[2014/04/12 13:39:45 | 005,784,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/04/12 13:39:45 | 002,043,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/04/12 13:39:45 | 001,967,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/04/12 13:39:45 | 000,940,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/04/12 13:39:45 | 000,846,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/04/12 13:39:45 | 000,752,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/04/12 13:39:45 | 000,704,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/04/12 13:39:45 | 000,628,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/04/12 13:39:45 | 000,592,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/04/12 13:39:45 | 000,586,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/04/12 13:39:45 | 000,574,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/04/12 13:39:45 | 000,548,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/04/12 13:39:45 | 000,453,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/04/12 13:39:45 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/04/12 13:39:45 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/04/12 13:39:45 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/04/12 13:39:45 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/04/12 13:39:45 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/04/12 13:39:45 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/04/12 13:39:45 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/04/12 13:39:45 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/04/12 13:39:45 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/04/12 13:39:45 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/04/12 13:39:45 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/04/12 13:39:45 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/04/12 13:39:45 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/04/12 13:39:45 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/04/12 13:39:45 | 000,032,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/04/12 13:39:45 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/04/08 20:40:21 | 000,002,855 | ---- | M] () -- C:\Users\Bruce\Desktop\Project 2013.lnk
[2014/04/08 20:25:24 | 000,393,488 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/04/08 19:59:27 | 000,087,940 | ---- | M] () -- C:\Users\Bruce\Desktop\MS Project Data Key32bit.pdf
[2014/04/08 19:43:56 | 000,088,744 | ---- | M] () -- C:\Users\Bruce\Desktop\MS Project Data Key.pdf
[2014/04/04 12:00:59 | 000,163,609 | ---- | M] () -- C:\Users\Bruce\Paid Parking Ticket.pdf
[2014/04/04 07:54:03 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBRUCE-HP$.job
[2014/04/02 11:59:36 | 000,290,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\subinacl.exe
[2014/03/28 08:35:46 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/03/28 08:35:46 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/03/24 17:31:36 | 000,002,241 | ---- | M] () -- C:\Users\Bruce\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/03/24 17:31:36 | 000,002,217 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
 
========== Files Created - No Company Name ==========
 
[2014/04/22 10:49:30 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014/04/22 10:49:30 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014/04/22 10:49:30 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014/04/22 10:49:30 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014/04/22 10:49:30 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014/04/21 20:08:01 | 000,000,000 | ---- | C] () -- C:\asc_rdflag
[2014/04/19 20:08:22 | 000,000,426 | ---- | C] () -- C:\AVScanner.ini
[2014/04/15 20:39:21 | 000,238,592 | ---- | C] () -- C:\Users\Bruce\Documents\Four Seasons Los Angeles.mpp
[2014/04/15 18:32:52 | 000,281,088 | ---- | C] () -- C:\Users\Bruce\Documents\MLB Santa Barbara.mpp
[2014/04/15 15:36:19 | 000,001,136 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 6.lnk
[2014/04/08 20:40:21 | 000,002,855 | ---- | C] () -- C:\Users\Bruce\Desktop\Project 2013.lnk
[2014/04/08 19:59:27 | 000,087,940 | ---- | C] () -- C:\Users\Bruce\Desktop\MS Project Data Key32bit.pdf
[2014/04/08 19:43:55 | 000,088,744 | ---- | C] () -- C:\Users\Bruce\Desktop\MS Project Data Key.pdf
[2014/04/04 12:00:58 | 000,163,609 | ---- | C] () -- C:\Users\Bruce\Paid Parking Ticket.pdf
[2014/03/31 08:06:26 | 000,016,896 | ---- | C] () -- C:\Windows\SysNative\sasnative64.exe
[2014/03/31 08:05:59 | 000,002,167 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon.lnk
[2014/01/09 10:56:54 | 000,009,584 | ---- | C] () -- C:\Windows\SysWow64\ractrlkeyhook.dll
[2013/11/04 17:43:57 | 000,228,419 | ---- | C] () -- C:\Program Files\google-chrome.exe
[2013/04/23 20:10:55 | 000,007,648 | ---- | C] () -- C:\Users\Bruce\AppData\Local\Resmon.ResmonCfg
[2013/04/21 07:42:57 | 000,001,573 | ---- | C] () -- C:\Users\Bruce\2011 Lacerte Tax.LNK
 
========== ZeroAccess Check ==========
 
[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 19:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 18:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
< End of report >
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users