Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Firefox Browser Hijacked. Newbie Needs Help!!


  • This topic is locked This topic is locked
32 replies to this topic

#1 BarbaraJG

BarbaraJG

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:NJ
  • Local time:08:18 AM

Posted 28 April 2014 - 08:15 PM

Hi,

 

I believe that my Firefox browser has been hijacked.  Example is when I  tried  to go to weightwatchers.com, I ended up on a CPA site. I tried it many times with the same results.

 

I tried the same thing on Chrome and had no problems.

 

Other crazy things were happening including other misdirections.

 

I'm a newbie at this and if I have not provided enough information, please let me know.

 

Can you please help me with this?

 

Thanks,

Barbara

Attached Files



BC AdBot (Login to Remove)

 


#2 Jo*

Jo*

  • Malware Response Team
  • 3,400 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:18 PM

Posted 30 April 2014 - 06:01 AM

:welcome:

Hello BarbaraJG,

my name is Jo and I will help you with your computer problems.



Please follow these guidelines:
  • Logs can take a while to research, so please be patient.
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

***


1. Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

***


2. Download OTL to your desktop.
  • Double click on the icon to run it.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
    Note: These logs can be located in the OTL folder on your C:\ drive if they fail to open automatically.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#3 BarbaraJG

BarbaraJG
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:NJ
  • Local time:08:18 AM

Posted 01 May 2014 - 03:58 PM

Hi Jo,

 

Here's the info that I got.  Thanks for your help!

 

Results of screen317's Security Check version 0.99.82  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10 Out of date! 
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
avast! Internet Security   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 AuthoritySpy - Version 1.0.6  
 Java 7 Update 51  
 Java version out of Date! 
 Adobe Flash Player 13.0.0.182  
 Adobe Reader XI  
 Mozilla Firefox (28.0) 
 Google Chrome 34.0.1847.116  
 Google Chrome 34.0.1847.131  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 IObit IObit Malware Fighter IMFsrv.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
 IObit IObit Malware Fighter adsremoval IE\Adblock.exe 
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast afwServ.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 1% 
````````````````````End of Log`````````````````````` 
 

OTL logfile created on: 5/1/2014 4:29:30 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Barbara\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16844)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.91 Gb Total Physical Memory | 1.99 Gb Available Physical Memory | 25.10% Memory free
15.82 Gb Paging File | 8.49 Gb Available in Paging File | 53.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 682.11 Gb Total Space | 449.86 Gb Free Space | 65.95% Space Free | Partition Type: NTFS
Drive D: | 287.24 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: BJGPC | User Name: Barbara | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Barbara\Downloads\OTL (2).exe (OldTimer Tools)
PRC - C:\Users\Barbara\Downloads\OTL (1).exe (OldTimer Tools)
PRC - C:\Users\Barbara\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\Barbara\Downloads\SecurityCheck.exe ()
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\afwServ.exe (AVAST Software)
PRC - C:\Program Files (x86)\Glary Utilities 4\Integrator.exe (Glarysoft Ltd)
PRC - C:\Program Files (x86)\Glary Utilities 4\CheckUpdate.exe (Glarysoft Ltd)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\Adblock.exe (Adblock)
PRC - C:\Users\Barbara\AppData\Roaming\Dashlane\Dashlane.exe ()
PRC - C:\Users\Barbara\AppData\Roaming\Dashlane\DashlanePlugin.exe ()
PRC - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe (IObit)
PRC - C:\Users\Barbara\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Notepad++\notepad++.exe (Don HO don.h@free.fr)
PRC - C:\Windows\SysWOW64\atashost.exe (Cisco WebEx LLC)
PRC - C:\Users\Barbara\AppData\Local\Social Prospector\jre6\launch4j-tmp\SocialProspector.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files (x86)\TOSHIBA\widimon\widimon.exe (TOSHIBA CORPORATION)
PRC - C:\Windows\SysWOW64\cmd.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Barbara\Downloads\SecurityCheck.exe ()
MOD - C:\Users\Barbara\AppData\Local\Temp\skype.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\libglesv2.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\libegl.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ffmpegsumo.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\chrome_elf.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
MOD - C:\Program Files (x86)\Glary Utilities 4\zlib1.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\6ec20h89.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll ()
MOD - C:\Users\Barbara\AppData\Roaming\Dashlane\Dashlane.exe ()
MOD - C:\Users\Barbara\AppData\Roaming\Dashlane\2.4.0.56656\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLibData.2.4.0.56656.dll ()
MOD - C:\Users\Barbara\AppData\Roaming\Dashlane\2.4.0.56656\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWUtils.2.4.0.56656.dll ()
MOD - C:\Users\Barbara\AppData\Roaming\Dashlane\2.4.0.56656\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib_win.2.4.0.56656.dll ()
MOD - C:\Users\Barbara\AppData\Roaming\Dashlane\2.4.0.56656\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib.2.4.0.56656.dll ()
MOD - C:\Users\Barbara\AppData\Roaming\Dashlane\2.4.0.56656\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\Kwift_DP.2.4.0.56656.dll ()
MOD - C:\Users\Barbara\AppData\Roaming\Dashlane\2.4.0.56656\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWExternLib.2.4.0.56656.dll ()
MOD - C:\Users\Barbara\AppData\Roaming\Dashlane\2.4.0.56656\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebugDll_win32.2.4.0.56656.dll ()
MOD - C:\Users\Barbara\AppData\Roaming\Dashlane\2.4.0.56656\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWData.2.4.0.56656.dll ()
MOD - C:\Users\Barbara\AppData\Roaming\Dashlane\2.4.0.56656\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWApplication.2.4.0.56656.dll ()
MOD - C:\Users\Barbara\AppData\Roaming\Dashlane\2.4.0.56656\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebug.2.4.0.56656.dll ()
MOD - C:\Users\Barbara\AppData\Roaming\Dashlane\DashlanePlugin.exe ()
MOD - C:\Users\Barbara\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll ()
MOD - C:\Users\Barbara\AppData\Roaming\Dropbox\bin\libcef.dll ()
MOD - C:\Program Files\AVAST Software\Avast\libcef.dll ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Program Files (x86)\Notepad++\plugins\NppFTP.dll ()
MOD - C:\Program Files (x86)\Notepad++\plugins\NppExport.dll ()
MOD - C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (avast! Firewall) -- C:\Program Files\AVAST Software\Avast\afwServ.exe (AVAST Software)
SRV:64bit: - (SpyHunter 4 Service) -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe (Enigma Software Group USA, LLC.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (Zoolz 2 Service) -- C:\Program Files\Genie9\Zoolz2\ZoolzService.exe (Genie9)
SRV:64bit: - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV:64bit: - (TPCHSrv) -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (DMAgent) -- C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe (Red Bend Ltd.)
SRV:64bit: - (WiMAXAppSrv) -- C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe (Intel® Corporation)
SRV:64bit: - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
SRV:64bit: - (TOSHIBA eco Utility Service) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation)
SRV:64bit: - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (Thpsrv) -- C:\Windows\SysNative\ThpSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (IMFservice) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe (IObit)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (atashost) -- C:\Windows\SysWOW64\atashost.exe (Cisco WebEx LLC)
SRV - (DragonSvc) -- C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe (Nuance Communications, Inc.)
SRV - (Garmin Core Update Service) -- C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe (Garmin Ltd or its subsidiaries)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe (McAfee, Inc.)
SRV - (WACService) -- C:\Program Files (x86)\Wondershare\Wondershare Application Center\WACService.exe (Wondershare)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (TMachInfo) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
SRV - (AdobeActiveFileMonitor10.0) -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (HP LaserJet Service) -- C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe (HP)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswsp.sys (AVAST Software)
DRV:64bit: - (aswVmm) -- C:\windows\SysNative\drivers\aswVmm.sys ()
DRV:64bit: - (aswStm) -- C:\Windows\SysNative\drivers\aswstm.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswRvrt) -- C:\windows\SysNative\drivers\aswRvrt.sys ()
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswKbd) -- C:\Windows\SysNative\drivers\aswKbd.sys (AVAST Software)
DRV:64bit: - (aswNdisFlt) -- C:\Windows\SysNative\drivers\aswNdisFlt.sys (AVAST Software)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LEqdUsb) -- C:\Windows\SysNative\drivers\LEqdUsb.sys (Logitech, Inc.)
DRV:64bit: - (LHidEqd) -- C:\Windows\SysNative\drivers\LHidEqd.sys (Logitech, Inc.)
DRV:64bit: - (mozyFilter) -- C:\Windows\SysNative\drivers\mozy.sys (Mozy, Inc.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (EsgScanner) -- C:\Windows\SysNative\drivers\EsgScanner.sys ()
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwampfl) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.)
DRV:64bit: - (bcbtums) -- C:\Windows\SysNative\drivers\bcbtums.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (CeKbFilter) -- C:\Windows\SysNative\drivers\CeKbFilter.sys (Compal Electronics, INC.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation)
DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (iwdbus) -- C:\Windows\SysNative\drivers\iwdbus.sys (Intel Corporation)
DRV:64bit: - (intaud_WaveExtensible) -- C:\Windows\SysNative\drivers\intelaud.sys (Intel Corporation)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (tos_sps64) -- C:\Windows\SysNative\drivers\tos_sps64.sys (TOSHIBA Corporation)
DRV:64bit: - (bpmp) -- C:\Windows\SysNative\drivers\bpmp.sys (Intel Corporation)
DRV:64bit: - (bpusb) -- C:\Windows\SysNative\drivers\bpusb.sys (Intel Corporation)
DRV:64bit: - (bpenum) -- C:\Windows\SysNative\drivers\bpenum.sys (Intel Corporation)
DRV:64bit: - (Thpdrv) -- C:\Windows\SysNative\drivers\thpdrv.sys (TOSHIBA Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys ()
DRV:64bit: - (PGEffect) -- C:\Windows\SysNative\drivers\PGEffect.sys (TOSHIBA Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HPFXBULKLEDM) -- C:\Windows\SysNative\drivers\hppdbulkio.sys (Hewlett Packard)
DRV:64bit: - (ICCWDT) -- C:\Windows\SysNative\drivers\ICCWDT.sys (Intel Corporation)
DRV:64bit: - (LPCFilter) -- C:\Windows\SysNative\drivers\LPCFilter.sys (COMPAL ELECTRONIC INC.)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (WSDScan) -- C:\Windows\SysNative\drivers\WSDScan.sys (Microsoft Corporation)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (Thpevm) -- C:\Windows\SysNative\drivers\Thpevm.sys (TOSHIBA Corporation)
DRV:64bit: - (TVALZFL) -- C:\Windows\SysNative\drivers\TVALZFL.sys (TOSHIBA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (HBtnKey) -- C:\Windows\SysNative\drivers\wstbtndb.sys (Lenovo)
DRV - (RegFilter) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys (IObit.com)
DRV - (UrlFilter) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys (IObit.com)
DRV - (FileMonitor) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys (IObit)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/?cid=C001B2Y
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{180780f0-b348-4b44-8210-94a8f3ee15b2}: "URL" = http://search.comcast.net/search/?cat=Web&con=toolbar&q={searchTerms}
IE - HKCU\..\SearchScopes\{33AA777C-A1A0-4939-8954-FAB5C154653D}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=800236&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "about:superstart"
FF - prefs.js..extensions.enabledAddons: %7B0538E3E3-7E9B-4d49-8831-A227C80A7AD3%7D:2.2.2
FF - prefs.js..extensions.enabledAddons: %7BE0B8C461-F8FB-49b4-8373-FE32E9252800%7D:5.9.1
FF - prefs.js..extensions.enabledAddons: %7B097d3191-e6fa-4728-9826-b533d755359d%7D:0.7.21
FF - prefs.js..extensions.enabledAddons: foxmarks%40kei.com:4.2.5
FF - prefs.js..extensions.enabledAddons: support%40lastpass.com:3.1.1
FF - prefs.js..extensions.enabledAddons: browser_boost%40browser-boost.com:1.0.0
FF - prefs.js..extensions.enabledAddons: superstart%40enjoyfreeware.org:7.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\Barbara\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/04/17 00:18:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{9193F654-D886-4fef-8894-A97EF6623104}: C:\Program Files (x86)\Wondershare\AllMyTube\SVRFirefoxExt\ [2012/06/05 22:27:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/04/01 13:30:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/02/28 11:59:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/02/28 11:59:53 | 000,000,000 | ---D | M]
 
[2013/09/14 10:37:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Barbara\AppData\Roaming\Mozilla\Extensions
[2014/05/01 16:17:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\6ec20h89.default\extensions
[2012/10/09 15:51:08 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\6ec20h89.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2013/10/10 18:58:02 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\6ec20h89.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2013/05/29 11:59:02 | 000,000,000 | ---D | M] ("Boomerang for GMail") -- C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\6ec20h89.default\extensions\{65e41d20-f092-41b7-bb83-c6e8a9ab0f57}
[2012/12/31 13:29:46 | 000,000,000 | ---D | M] ("StumbleUpon") -- C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\6ec20h89.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2013/12/27 12:02:45 | 000,000,000 | ---D | M] (Evernote Web Clipper) -- C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\6ec20h89.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
[2013/07/04 11:49:52 | 000,000,000 | ---D | M] (feedly) -- C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\6ec20h89.default\extensions\feedly@devhd
[2014/01/13 18:59:16 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\6ec20h89.default\extensions\foxmarks@kei.com
[2014/05/01 16:17:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\6ec20h89.default\extensions\staged
[2014/04/22 20:47:17 | 000,000,000 | ---D | M] (Super Start) -- C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\6ec20h89.default\extensions\superstart@enjoyfreeware.org
[2014/03/21 13:48:26 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\6ec20h89.default\extensions\support@lastpass.com
[2014/04/21 13:38:33 | 000,035,856 | ---- | M] () (No name found) -- C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\6ec20h89.default\extensions\browser_boost@browser-boost.com.xpi
[2013/07/04 11:49:51 | 000,027,050 | ---- | M] () (No name found) -- C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\6ec20h89.default\extensions\feedly@devhd.xpi
[2013/11/05 16:23:05 | 000,177,056 | ---- | M] () (No name found) -- C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\6ec20h89.default\extensions\jid0-58lecu6hJxQxqq7FSTmrn6W5eZY@jetpack.xpi
[2014/03/08 17:11:47 | 000,696,321 | ---- | M] () (No name found) -- C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\6ec20h89.default\extensions\toolbar@seomoz.org.xpi
[2014/01/07 16:55:14 | 000,475,779 | ---- | M] () (No name found) -- C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\6ec20h89.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi
[2014/03/13 11:23:25 | 000,383,888 | ---- | M] () (No name found) -- C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\6ec20h89.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
[2013/05/29 11:59:02 | 000,046,841 | ---- | M] () (No name found) -- C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\6ec20h89.default\extensions\{65e41d20-f092-41b7-bb83-c6e8a9ab0f57}.xpi
[2014/04/27 14:04:14 | 000,022,724 | ---- | M] () (No name found) -- C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\6ec20h89.default\extensions\{902D2C4A-457A-4EF9-AD43-7014562929FF}.xpi
[2012/12/31 13:29:44 | 000,377,738 | ---- | M] () (No name found) -- C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\6ec20h89.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}.xpi
[2014/01/10 11:54:53 | 000,007,373 | ---- | M] () (No name found) -- C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\6ec20h89.default\extensions\{badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9}.xpi
[2014/05/01 16:17:59 | 000,957,880 | ---- | M] () (No name found) -- C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\6ec20h89.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/04/30 15:45:28 | 002,846,807 | ---- | M] () (No name found) -- C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\6ec20h89.default\extensions\{d9284e50-81fc-11da-a72b-0800200c9a66}.xpi
[2014/02/22 16:04:01 | 000,787,979 | ---- | M] () (No name found) -- C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\6ec20h89.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2012/06/21 08:50:17 | 000,002,973 | ---- | M] () -- C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\6ec20h89.default\searchplugins\twitter-.xml
[2013/07/28 17:29:43 | 000,000,904 | ---- | M] () -- C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\6ec20h89.default\searchplugins\yahoo.xml
[2013/10/15 18:19:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/10/08 13:35:20 | 000,000,000 | ---D | M] (WordOv) -- C:\Program Files (x86)\Mozilla Firefox\extensions\jzkenlkaloil@kctewplunsmgzuca.org
[2013/10/15 18:19:59 | 000,000,000 | ---D | M] (Word Layers) -- C:\Program Files (x86)\Mozilla Firefox\extensions\ugnraew@jqhljqmpngx.net
[2013/10/01 06:32:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/03/30 18:07:47 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/10/19 18:18:49 | 000,248,192 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2012/10/19 18:18:57 | 000,248,192 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2013/02/08 10:54:00 | 000,171,584 | ---- | M] (Tracker Software Products (Canada) Ltd.) -- C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: 
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_1\
CHR - Extension: Google Drive = C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1\
CHR - Extension: YouTube = C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1\
CHR - Extension: Google Search = C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1\
CHR - Extension: Dashlane = C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdjamakpfbbddfjaooikfcpapjohcfmg\2.4.0.53495_0\
CHR - Extension: Ads Removal = C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\fopdddcinljmpmioaklghcalngfhbaen\1.0.0_0\
CHR - Extension: avast! Online Security = C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2018.95_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_1\
CHR - Extension: Google Wallet = C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Wondershare YouTube Downloader = C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\odoegbfnimkkocjoeoelkonmlfpbhlnc\2.2.0_1\
CHR - Extension: Wondershare YouTube Downloader = C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\odoegbfnimkkocjoeoelkonmlfpbhlnc\2.2.0_1\.svn\text-base\.svn-base
CHR - Extension: Gmail = C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2\
 
O1 HOSTS File: ([2009/06/10 14:00:28 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll (TechSmith Corporation)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Wondershare YouTube Downloader) - {133232D2-DAE3-4B6F-AAC2-17CD87495682} - C:\Program Files (x86)\Wondershare\AllMyTube\SVRIEPlugin.dll (Wondershare Software Co., Ltd.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Evernote extension) - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O2 - BHO: (Ads Removal) - {9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} - C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\Adblock.dll (Adblock)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3:64bit: - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll (TechSmith Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKCU..\Run: [Dashlane] C:\Users\Barbara\AppData\Roaming\Dashlane\Dashlane.exe ()
O4 - HKCU..\Run: [GUDelayStartup] C:\Program Files (x86)\Glary Utilities 4\StartupManager.exe (Glarysoft Ltd)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_13_0_0_182_Plugin.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Users\Barbara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Barbara\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3 File not found
O8:64bit: - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1 File not found
O8:64bit: - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found
O8:64bit: - Extra context menu item: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3 File not found
O8 - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1 File not found
O8 - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found
O8 - Extra context menu item: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html ()
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab (Java Plug-in 1.7.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_40-windows-i586.cab (Java Plug-in 10.51.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{98D45308-92D1-40AE-8FEE-0D9541F28F83}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C1CF4F37-9247-446E-B76D-78DB86654E32}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll (Stardock)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/09/28 12:03:23 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (BootDefrag.exe)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/05/01 14:54:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegHunter
[2014/04/30 10:59:01 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Documents\Storyselling
[2014/04/29 16:33:15 | 000,119,512 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/04/29 16:32:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/04/29 16:32:52 | 000,088,280 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbamchameleon.sys
[2014/04/29 16:32:52 | 000,063,192 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mwac.sys
[2014/04/29 16:32:52 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2014/04/29 16:32:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/04/29 16:02:15 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\windows\SysWow64\sqlite3.dll
[2014/04/29 16:01:30 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/04/28 15:16:51 | 000,000,000 | ---D | C] -- C:\NPE
[2014/04/28 15:14:24 | 000,000,000 | -HSD | C] -- C:\found.000
[2014/04/28 15:06:52 | 000,000,000 | ---D | C] -- C:\Users\Barbara\AppData\Local\NPE
[2014/04/28 14:32:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
[2014/04/28 14:12:50 | 000,000,000 | ---D | C] -- C:\ProgramData\XDMessagingv4
[2014/04/28 14:12:49 | 000,000,000 | ---D | C] -- C:\Users\Barbara\AppData\Local\Abelssoft
[2014/04/27 17:04:45 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Documents\New folder (3)
[2014/04/27 09:06:24 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Documents\Clearbrook FHA Documents
[2014/04/26 18:31:48 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Documents\Sean Mize - BalckbeltProduct Creation -
[2014/04/26 18:30:02 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Documents\Product Developement - One Problem
[2014/04/26 18:28:52 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Documents\Evernote Guide
[2014/04/26 18:28:09 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Documents\MasteringMindMaps
[2014/04/26 18:06:05 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Documents\Sean Mize  - Targeted Traffic Training
[2014/04/26 17:59:04 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Documents\Sean Mize - WSO Master Blueprint
[2014/04/26 17:49:33 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Documents\Get REsponse Training
[2014/04/25 12:47:35 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Documents\Jason Fladlien
[2014/04/25 12:40:16 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Documents\Sean Mize - Content Marketing
[2014/04/25 12:18:49 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Documents\Sean Mize - 60 Day Coaching
[2014/04/24 15:58:59 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Documents\Blogging Headline Haacks
[2014/04/24 12:18:02 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Documents\Video Creation Tools
[2014/04/24 11:25:10 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Documents\Coaching Tools
[2014/04/24 11:20:57 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Documents\List Building Secrets
[2014/04/24 11:16:14 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Documents\Coaching - 101- Real Coaching Niches
[2014/04/23 19:48:37 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Documents\Persusuasion - 30 Days
[2014/04/23 16:53:30 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Documents\Keywords - Niche
[2014/04/23 10:56:37 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Documents\WP Dollar
[2014/04/21 22:15:54 | 000,000,000 | ---D | C] -- C:\Users\Barbara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Glarysoft
[2014/04/21 22:15:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Glarysoft
[2014/04/21 21:43:38 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Documents\New folder (2)
[2014/04/21 21:42:21 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Documents\New folder
[2014/04/21 14:07:36 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Documents\PAC - Jim
[2014/04/21 12:25:31 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Documents\Consulting - WSO
[2014/04/19 19:43:51 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Documents\email - 7 embarrassing email mistakes
[2014/04/19 19:38:24 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Documents\Images
[2014/04/19 16:14:02 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Documents\BluePrint Pro
[2014/04/19 13:41:34 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Documents\Opt In Profits
[2014/04/18 13:16:48 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Documents\Covucci
[2014/04/18 10:25:42 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Documents\Product Creation Map
[2014/04/17 21:17:08 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Documents\Product Creation - Sean Mize
[2014/04/17 17:46:38 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Documents\Small Reports Mastery - One Month
[2014/04/17 17:12:36 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Documents\Barb Ling - WSO
[2014/04/16 14:35:33 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Documents\SERPAlertBoss
[2014/04/16 14:35:32 | 000,000,000 | ---D | C] -- C:\Users\Barbara\AppData\Roaming\com.pageone.SERPAlertBoss
[2014/04/16 14:25:20 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Documents\Perry Marshall
[2014/04/16 14:15:33 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Documents\Public Info - Project Gutenburg
[2014/04/16 13:42:52 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Documents\Facebook - Time Line Optin
[2014/04/16 11:02:25 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Documents\Graphics - Marketing
[2014/04/15 16:31:41 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Documents\Fiverr Report
[2014/04/15 10:39:02 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Documents\Sales - The Salesperson is Dead
[2014/04/15 10:36:36 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Documents\Sales - Customer Segmentation
[2014/04/15 10:34:35 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Documents\Sales Negotiation
[2014/04/14 15:59:49 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Documents\Kindle - Fiction Book
[2014/04/12 11:26:00 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Documents\Mind Maps for Marketers
[2014/04/10 17:37:52 | 000,312,744 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\javaws.exe
[2014/04/10 17:37:44 | 000,189,352 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\javaw.exe
[2014/04/10 17:37:44 | 000,189,352 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\java.exe
[2014/04/10 17:37:44 | 000,108,968 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\WindowsAccessBridge-64.dll
[2014/04/10 17:37:31 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2014/04/10 10:55:39 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Documents\Pointblank
[2014/04/06 18:31:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KD Promo Submitter
[2014/04/06 18:31:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KD Promo Submitter
[2014/04/06 18:08:09 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Documents\Biz  - Web
[2014/04/06 09:59:07 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Documents\Zero Cost Tools
[2014/04/05 16:00:28 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Documents\Evernote New
[2014/04/04 15:02:28 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Documents\Lead Generation on Steriods
[2014/04/04 15:01:15 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Documents\Generation on Steriods
[2014/04/04 14:56:02 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Documents\Fiver - Sites Like
[2014/04/04 14:12:52 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Documents\Offline Business
[2014/04/04 11:42:40 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Documents\REdirect Ninja
[2014/04/04 11:17:02 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Documents\PayPal 2-1 to 4-3
[2014/04/04 10:43:07 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Documents\Speedazon - Developer
[2014/04/03 17:18:58 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Documents\Outsourcing Toolkit
[2014/04/03 16:53:44 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Documents\WP Unite Plugins and Acme Theme
[2014/04/02 16:56:15 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Documents\PLR from Tiffany
[2014/04/02 14:04:26 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Documents\Social Media
[2014/04/01 18:50:43 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Documents\Facebook Page Profits
[2014/04/01 18:42:58 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Documents\Solo Ad Profits
[2014/04/01 18:07:43 | 000,000,000 | ---D | C] -- C:\Users\Barbara\AppData\Roaming\googSearch
[2014/04/01 18:07:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FB Business Finder
[2014/04/01 17:23:44 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Documents\Per Click
[2014/04/01 17:21:09 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Documents\Social Ad Maker
[4 C:\Users\Barbara\Desktop\*.tmp files -> C:\Users\Barbara\Desktop\*.tmp -> ]
[2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\Users\Barbara\*.tmp files -> C:\Users\Barbara\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/05/01 14:54:09 | 000,001,174 | ---- | M] () -- C:\Users\Public\Desktop\RegHunter.lnk
[2014/05/01 14:37:37 | 000,119,512 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/05/01 13:27:03 | 001,992,654 | ---- | M] () -- C:\Users\Barbara\Desktop\AttendeeViewerImage004.bmp
[2014/05/01 10:33:05 | 000,003,612 | ---- | M] () -- C:\windows\mozy.flt
[2014/05/01 10:33:05 | 000,003,584 | ---- | M] () -- C:\windows\mozy.blk
[2014/05/01 09:44:42 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2014/04/30 13:54:04 | 000,025,120 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/04/30 13:54:04 | 000,025,120 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/04/30 13:50:31 | 000,855,650 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2014/04/30 13:50:31 | 000,715,854 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2014/04/30 13:50:31 | 000,140,750 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2014/04/30 13:46:34 | 000,000,336 | ---- | M] () -- C:\windows\tasks\GlaryInitialize 4.job
[2014/04/30 13:45:16 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/04/30 13:44:20 | 2074,947,583 | -HS- | M] () -- C:\hiberfil.sys
[2014/04/29 15:55:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2014/04/29 15:32:12 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/04/29 15:09:39 | 000,000,574 | ---- | M] () -- C:\windows\tasks\G2MUpdateTask-S-1-5-21-1969887077-1188993951-1613878534-1001.job
[2014/04/29 15:09:39 | 000,000,392 | ---- | M] () -- C:\windows\tasks\update-S-1-5-21-1969887077-1188993951-1613878534-1001.job
[2014/04/29 15:09:38 | 000,000,392 | ---- | M] () -- C:\windows\tasks\update-sys.job
[2014/04/29 10:19:01 | 000,000,514 | ---- | M] () -- C:\windows\tasks\SUPERAntiSpyware Scheduled Task 68d3b8c9-189b-4f50-b66b-794f2e4bfbd1.job
[2014/04/29 02:00:02 | 000,000,514 | ---- | M] () -- C:\windows\tasks\SUPERAntiSpyware Scheduled Task 77b1a562-e034-4c88-9e62-ecbfd99a9df8.job
[2014/04/28 15:48:28 | 000,975,426 | ---- | M] () -- C:\ProgramData\SMRResults410.dat
[2014/04/28 15:20:26 | 000,001,060 | ---- | M] () -- C:\Users\Barbara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/04/28 14:32:29 | 000,001,148 | ---- | M] () -- C:\Users\Public\Desktop\IObit Malware Fighter.lnk
[2014/04/26 18:05:30 | 041,712,357 | ---- | M] () -- C:\Users\Barbara\Documents\InfographicsBuilderVer2.zip
[2014/04/24 18:18:24 | 001,992,654 | ---- | M] () -- C:\Users\Barbara\Desktop\AttendeeViewerImage003.bmp
[2014/04/21 22:15:54 | 000,001,183 | ---- | M] () -- C:\Users\Barbara\Desktop\Quick Search.lnk
[2014/04/17 17:12:06 | 000,005,353 | ---- | M] () -- C:\Users\Barbara\Documents\New folder (6) - Shortcut.lnk
[2014/04/15 11:15:16 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2014/04/15 11:15:16 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/04/12 10:53:29 | 000,103,771 | ---- | M] () -- C:\Users\Barbara\Documents\327WebinarHandout.pdf
[2014/04/12 10:19:46 | 000,001,079 | ---- | M] () -- C:\Users\Barbara\Application Data\Microsoft\Internet Explorer\Quick Launch\Glary Utilities 4.lnk
[2014/04/12 10:19:46 | 000,001,055 | ---- | M] () -- C:\Users\Public\Desktop\Glary Utilities 4.lnk
[2014/04/12 06:15:01 | 000,084,543 | ---- | M] () -- C:\spyhunter.fix
[2014/04/10 17:37:40 | 000,108,968 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\WindowsAccessBridge-64.dll
[2014/04/10 17:37:36 | 000,312,744 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\javaws.exe
[2014/04/10 17:37:36 | 000,189,352 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\javaw.exe
[2014/04/10 17:37:35 | 000,189,352 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\java.exe
[2014/04/09 15:02:00 | 000,002,136 | ---- | M] () -- C:\windows\SysNative\ScanResults.xml
[2014/04/09 14:57:43 | 000,001,056 | ---- | M] () -- C:\windows\SysNative\SettingsFile
[2014/04/08 16:28:09 | 000,426,144 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2014/04/08 15:16:08 | 000,057,444 | ---- | M] () -- C:\Users\Barbara\Desktop\PP - Latest.csv
[2014/04/05 13:45:15 | 000,001,196 | ---- | M] () -- C:\Users\Public\Desktop\Social Prospector.lnk
[2014/04/04 15:00:42 | 001,078,334 | ---- | M] () -- C:\Users\Barbara\Documents\Lead Generation on Steriods.pdf
[2014/04/03 09:51:16 | 000,063,192 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mwac.sys
[2014/04/03 09:51:04 | 000,088,280 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbamchameleon.sys
[2014/04/03 09:50:58 | 000,025,816 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2014/04/02 18:21:43 | 002,210,382 | ---- | M] () -- C:\Users\Barbara\Desktop\AttendeeViewerImage002.bmp
[2014/04/02 18:09:37 | 002,210,382 | ---- | M] () -- C:\Users\Barbara\Desktop\AttendeeViewerImage001.bmp
[2014/04/01 18:34:05 | 000,102,208 | ---- | M] () -- C:\Users\Barbara\Documents\AdNetworks.pdf
[2014/04/01 18:07:05 | 000,000,942 | ---- | M] () -- C:\Users\Public\Desktop\FB Business Finder.lnk
[4 C:\Users\Barbara\Desktop\*.tmp files -> C:\Users\Barbara\Desktop\*.tmp -> ]
[2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\Users\Barbara\*.tmp files -> C:\Users\Barbara\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/05/01 14:54:09 | 000,001,174 | ---- | C] () -- C:\Users\Public\Desktop\RegHunter.lnk
[2014/05/01 13:27:03 | 001,992,654 | ---- | C] () -- C:\Users\Barbara\Desktop\AttendeeViewerImage004.bmp
[2014/04/28 15:47:47 | 000,975,426 | ---- | C] () -- C:\ProgramData\SMRResults410.dat
[2014/04/28 15:20:26 | 000,001,060 | ---- | C] () -- C:\Users\Barbara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/04/28 14:32:29 | 000,001,148 | ---- | C] () -- C:\Users\Public\Desktop\IObit Malware Fighter.lnk
[2014/04/26 18:05:34 | 041,712,357 | ---- | C] () -- C:\Users\Barbara\Documents\InfographicsBuilderVer2.zip
[2014/04/24 18:18:24 | 001,992,654 | ---- | C] () -- C:\Users\Barbara\Desktop\AttendeeViewerImage003.bmp
[2014/04/21 22:15:54 | 000,001,183 | ---- | C] () -- C:\Users\Barbara\Desktop\Quick Search.lnk
[2014/04/17 17:12:06 | 000,005,353 | ---- | C] () -- C:\Users\Barbara\Documents\New folder (6) - Shortcut.lnk
[2014/04/12 10:53:55 | 000,103,771 | ---- | C] () -- C:\Users\Barbara\Documents\327WebinarHandout.pdf
[2014/04/12 10:16:40 | 2074,947,583 | -HS- | C] () -- C:\hiberfil.sys
[2014/04/08 21:31:48 | 000,084,543 | ---- | C] () -- C:\spyhunter.fix
[2014/04/04 15:00:42 | 001,078,334 | ---- | C] () -- C:\Users\Barbara\Documents\Lead Generation on Steriods.pdf
[2014/04/02 18:21:43 | 002,210,382 | ---- | C] () -- C:\Users\Barbara\Desktop\AttendeeViewerImage002.bmp
[2014/04/02 18:09:37 | 002,210,382 | ---- | C] () -- C:\Users\Barbara\Desktop\AttendeeViewerImage001.bmp
[2014/04/01 18:34:05 | 000,102,208 | ---- | C] () -- C:\Users\Barbara\Documents\AdNetworks.pdf
[2014/04/01 18:07:05 | 000,000,954 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FB Business Finder.lnk
[2014/04/01 18:07:05 | 000,000,942 | ---- | C] () -- C:\Users\Public\Desktop\FB Business Finder.lnk
[2014/02/08 00:40:40 | 000,000,096 | ---- | C] () -- C:\Users\Barbara\AppData\Roaming\F48G-9M4H
[2014/01/20 01:07:09 | 000,014,336 | ---- | C] () -- C:\Users\Barbara\AppData\Roaming\ClickSalez.db
[2014/01/20 01:07:09 | 000,002,048 | ---- | C] () -- C:\Users\Barbara\AppData\Roaming\ctSettings
[2013/11/13 14:48:06 | 000,129,536 | ---- | C] () -- C:\windows\SysWow64\sqlite3_mod_fts3.dll
[2013/11/13 14:48:06 | 000,092,672 | ---- | C] () -- C:\windows\SysWow64\sqlite3_mod_zipfile.dll
[2013/11/13 14:48:06 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\sqlite3_mod_csvtable.dll
[2013/11/13 14:48:06 | 000,053,760 | ---- | C] () -- C:\windows\SysWow64\sqlite3_mod_impexp.dll
[2013/11/13 14:48:06 | 000,053,760 | ---- | C] () -- C:\windows\SysWow64\sqlite3_mod_extfunc.dll
[2013/11/13 14:48:06 | 000,053,248 | ---- | C] () -- C:\windows\SysWow64\sqlite3_mod_rtree.dll
[2013/11/13 14:48:06 | 000,000,392 | ---- | C] () -- C:\windows\ODBC.INI
[2013/10/22 14:13:07 | 000,000,180 | ---- | C] () -- C:\windows\Reimage.ini
[2013/10/21 15:07:04 | 000,026,401 | ---- | C] () -- C:\ProgramData\HPSSOSS.HTM
[2013/10/21 15:07:04 | 000,024,772 | ---- | C] () -- C:\ProgramData\HPSSDEF.CSS
[2013/10/21 15:07:04 | 000,002,944 | ---- | C] () -- C:\ProgramData\HPSSSIG.GIF
[2013/10/13 15:58:38 | 000,000,049 | ---- | C] () -- C:\Users\Barbara\AppData\Roaming\mbam.context.scan
[2013/09/29 17:26:03 | 000,028,672 | ---- | C] () -- C:\windows\SysWow64\lgpi32.dll
[2013/09/13 14:27:29 | 000,000,028 | --S- | C] () -- C:\windows\SysWow64\drivers\bwaut.sys
[2013/05/10 15:00:45 | 000,869,376 | ---- | C] () -- C:\windows\is-AQFPH.exe
[2013/04/11 08:47:17 | 000,184,160 | ---- | C] () -- C:\Users\Barbara\AppData\Local\ars.cache
[2013/04/11 08:39:01 | 000,000,036 | ---- | C] () -- C:\Users\Barbara\AppData\Local\housecall.guid.cache
[2013/03/18 17:43:52 | 000,000,059 | ---- | C] () -- C:\Users\Barbara\AppData\Local\UserProducts.xml
[2013/03/18 15:53:08 | 000,000,095 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2013/03/18 15:52:56 | 000,000,089 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc
[2013/03/10 16:04:24 | 000,044,032 | ---- | C] () -- C:\Users\Barbara\AppData\Local\DB_AntBook.db
[2013/02/26 12:41:09 | 000,000,172 | ---- | C] () -- C:\windows\efix.ini
[2012/08/31 15:42:07 | 000,000,758 | ---- | C] () -- C:\windows\ODBCINST.INI
[2012/08/07 10:30:41 | 000,000,970 | ---- | C] () -- C:\Users\Barbara\XMind.lnk
[2012/06/05 09:22:34 | 000,000,105 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2012/05/26 21:14:39 | 000,022,528 | ---- | C] () -- C:\Users\Barbara\AppData\Roaming\DomainFinder.rsd
[2012/05/24 15:16:46 | 000,003,584 | ---- | C] () -- C:\Users\Barbara\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/06 20:57:24 | 000,005,120 | ---- | C] () -- C:\Users\Barbara\buckaroodashboard.db
[2012/04/20 13:18:53 | 000,001,795 | ---- | C] () -- C:\Users\Barbara\AppData\Roaming\SAS7_000.DAT
[2012/03/15 21:51:52 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/03/14 19:03:15 | 000,061,304 | ---- | C] () -- C:\Users\Barbara\g2mdlhlpx.exe
 
========== ZeroAccess Check ==========
 
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 22:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 21:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/05/02 09:40:28 | 000,000,000 | -HSD | M] -- C:\Users\Barbara\AppData\Roaming\.#
[2013/02/11 15:00:48 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\AceSniperDesktop
[2012/07/13 09:59:57 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\Ad-Aware Antivirus
[2012/04/13 08:54:16 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\Affilorama
[2014/02/28 12:23:54 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\AgedDomainHunter
[2013/04/27 17:23:49 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\Ant-Judge-and-Jury
[2013/05/12 09:43:12 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\AntPugilist
[2013/05/06 16:10:04 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\Applian FLV and Media Player
[2013/07/14 16:34:24 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\Ashampoo
[2013/11/13 00:01:19 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\Audacity
[2013/10/17 09:12:28 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\AVAST Software
[2012/04/01 05:10:28 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\Book Place
[2014/02/23 17:05:15 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\BookImageSoftware
[2013/09/03 11:37:00 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\BoostFanPageTraffic
[2013/09/03 12:10:47 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\BuckarooWatchboard
[2013/12/02 21:11:32 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\ClickBank.Goldminer
[2014/02/08 00:26:42 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\com.authorityspy
[2013/09/02 16:30:54 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\com.blueprintcentral.keywordblaze
[2014/01/13 16:09:27 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\com.focusboosterapp.focusbooster
[2012/04/04 08:54:23 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\com.focusboosterapp.focusbooster.8E5F79C899747AD22E21DB62AA496926DA6BBC64.1
[2013/08/17 13:41:57 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\com.ideaincubatorlp.crystl
[2013/12/09 12:28:40 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\com.instantdomainsniper
[2012/04/04 14:16:51 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\com.pageone.Curator
[2014/04/16 15:08:01 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\com.pageone.KeywordXP
[2013/08/07 17:12:11 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\com.pageone.Kudani
[2014/04/25 15:11:59 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\com.pageone.MemeCrusher
[2014/04/16 14:35:32 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\com.pageone.SERPAlertBoss
[2013/09/03 09:00:17 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\com.scoritz.publishersreviewaccelerator
[2012/05/08 13:56:02 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\com.sessionplannerpro.warriorsessionplannerpro
[2012/06/12 10:35:17 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\com.webdimensions.instant-content-curator-pro
[2013/06/16 19:07:51 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\com.webdimensions.instantcontentcurator.express
[2013/10/17 18:38:09 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\com.webdimensions.viralimagecuratorpro
[2013/06/16 19:11:37 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\com.webdimensions.viralvideocuratorpro
[2012/06/04 06:51:53 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\com.ynab.YNAB3.LiveCaptive.9C763150EFAB05FD2A2B78705C7A54E2FCDDE07D.1
[2012/06/26 20:53:57 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\com.ynab.YNAB4.LiveCaptive
[2013/10/24 11:56:12 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\CurationSoft
[2014/02/25 14:26:22 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\Dashlane
[2013/06/25 17:40:12 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\DataFeedDomainDigger
[2012/11/25 12:50:30 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\Digiarty
[2014/02/08 18:38:23 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\DK Finder
[2014/05/01 13:30:48 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\Dropbox
[2013/11/06 13:24:11 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\EasyDuplicateFinder
[2013/08/31 12:04:33 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\EbookNicheExplorer
[2012/04/09 13:08:26 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\FileZilla
[2012/06/21 09:02:33 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\FireShot
[2013/05/10 09:50:52 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\Garmin
[2013/04/21 11:42:47 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\Genie9
[2013/11/06 13:14:08 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\GIGProspector
[2013/10/29 15:21:12 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\GInsider
[2014/03/30 09:48:03 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\GlarySoft
[2014/04/01 18:07:43 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\googSearch
[2013/04/02 08:42:24 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\GrabPro
[2013/08/31 11:45:37 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\ImageEasy
[2013/10/02 09:51:28 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\Individual Software
[2014/01/19 23:25:28 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\InfoCentral
[2013/02/17 14:20:02 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\IObit
[2012/10/10 05:21:19 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\IrfanView
[2013/11/12 12:53:26 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\JAM Software
[2013/09/25 09:58:33 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\KDPublishingPro
[2013/03/21 21:22:37 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\KDSubmitterPro
[2014/01/20 20:17:58 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\KeywordLsi
[2012/03/15 22:47:20 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\kompozer.net
[2012/03/29 16:55:23 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\Leadertech
[2012/03/26 05:53:34 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\Leawo
[2012/04/16 22:47:07 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2012/05/06 17:39:30 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\mydesktoptherapist.com
[2014/01/31 22:56:49 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\MySolodex
[2013/03/16 13:09:04 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\NAppUpdateWinFormsSample
[2012/05/08 15:02:55 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\No Company Name
[2013/07/19 18:35:48 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\Notepad++
[2013/11/07 13:02:34 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\Nuance
[2014/01/24 13:09:36 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\Orbit
[2013/04/12 22:26:03 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\Pamela
[2012/10/27 10:22:48 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\PDF Writer
[2012/03/23 15:08:50 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\PhotoScape
[2012/05/28 14:23:05 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\ProgSense
[2013/05/06 14:42:59 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\Publish Providers
[2013/08/10 20:11:32 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\Scraper
[2012/05/31 08:40:32 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\SEO Elite
[2013/05/06 14:43:39 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\Sony
[2012/06/24 19:19:14 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\Sound Editor Pro
[2012/03/23 15:18:05 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\Stardock
[2012/05/12 09:45:52 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\StartMenuX
[2013/05/06 14:27:42 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\StealthKeywordDigger
[2013/08/31 13:41:41 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\StealthNicheBrainstorm
[2013/04/02 08:32:30 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\TechSmith
[2013/12/01 11:36:56 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\Teknikforce
[2013/11/13 14:48:37 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\The Creative Bots Inc
[2012/03/26 05:54:12 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\tiger-k
[2013/09/02 13:00:28 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\tnrebookcategoryhawk
[2013/09/03 12:03:11 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\TNRKeywordSuggestBloodhound
[2012/03/20 19:24:53 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\Toshiba
[2013/02/15 06:46:37 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\Traffic Travis v4
[2014/01/10 18:48:36 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\TubeAssassin
[2012/05/06 19:14:38 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\ubot
[2012/08/09 17:52:09 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\UBot Studio
[2013/10/16 12:32:31 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\uPlayer
[2014/03/22 16:04:48 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\Web Content Studio
[2012/03/14 15:33:03 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\WinBatch
[2012/04/13 06:40:01 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\Wondershare
[2012/03/25 19:14:14 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\XMind
[2012/04/26 10:28:36 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\YouSendIt
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 203 bytes -> C:\ProgramData\TEMP:0FF263E8
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:373E1720
 
< End of report >
 


#4 Jo*

Jo*

  • Malware Response Team
  • 3,400 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:18 PM

Posted 02 May 2014 - 03:05 AM

Hello BarbaraJG,

Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Scan your system for malware
With some infections, you may see two messages boxes.
  • 'Could not load protection driver'. Click 'OK'.
  • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


Please download AdwCleaner by Xplode and save to your Desktop.
Double-click AdwCleaner.exe
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
    The actual line should say "Pending. Please uncheck elements you do not want to remove" => scan is complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
    If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#5 Jo*

Jo*

  • Malware Response Team
  • 3,400 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:18 PM

Posted 04 May 2014 - 02:40 PM

Hi,

 

it has been several days since I sent my last set of instructions to help with your computer problem.

Please let me know if you are having problems and still need help.

 

Note: Threads will be closed if no response after 3 days.


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#6 BarbaraJG

BarbaraJG
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:NJ
  • Local time:08:18 AM

Posted 06 May 2014 - 10:51 AM

Jo,

 

There was no malware found by the Malwarebytes Anti-Rootkit.

 

# AdwCleaner v3.206 - Report created 04/05/2014 at 18:30:17
# Updated 04/05/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Barbara - BJGPC
# Running from : C:\Users\Barbara\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Found : C:\ProgramData\Systweak
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16843
 
 
-\\ Mozilla Firefox v28.0 (en-US)
 
[ File : C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\6ec20h89.default\prefs.js ]
 
 
-\\ Google Chrome v34.0.1847.131
 
[ File : C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Found [Extension] : gkcefkcdkepgkpbgncjchhbjgoanleod
 
*************************
 
AdwCleaner[R0].txt - [857 octets] - [04/05/2014 18:30:17]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [916 octets] ##########
 
Thanks,
Barbara


#7 BarbaraJG

BarbaraJG
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:NJ
  • Local time:08:18 AM

Posted 06 May 2014 - 10:53 AM

Jo,

 

Sorry for the delay, but I have been sick with the flu.

 

I appreciate all your time and efforts, believe me!!!

 

Barbara



#8 Jo*

Jo*

  • Malware Response Team
  • 3,400 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:18 PM

Posted 06 May 2014 - 11:30 AM

Hello BarbaraJG,

Double click on AdwCleaner.exe to run the tool again.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • When the scan has finished, the actual line should say "Pending. Please uncheck elements you do not want to remove". Look through the scan results and uncheck any entries that you do not wish to remove.
  • This time, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

***


Please download Junkware Removal Tool from HERE and save it to your desktop.
Shutdown your antivirus to avoid any potential conflicts.
Double click JRT.exe to run the tool.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • JRT will begin to backup your registry and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, the log JRT.txt is saved on your desktop and will automatically open.
Enable your antivirus!
Post the contents of JRT.txt into your next reply.




***


Run OTL again.
  • Double click on the OTL icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • don't check the boxes beside LOP Check and Purity Check this time.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open a notepad window OTL.Txt.
  • Please copy (Edit->Select All, Edit->Copy) the content of the file and post it with your next reply.

***


How the computer is running now?




***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#9 BarbaraJG

BarbaraJG
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:NJ
  • Local time:08:18 AM

Posted 06 May 2014 - 12:51 PM


Jo,
 
Still having the same problem with Firefox!  What do we do next?
 
Thanks,
Barbara
 
 
# AdwCleaner v3.207 - Report created 06/05/2014 at 12:55:03
# Updated 05/05/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Barbara - BJGPC
# Running from : C:\Users\Barbara\Downloads\AdwCleaner (5).exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Systweak
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16843
 
 
-\\ Mozilla Firefox v28.0 (en-US)
 
[ File : C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\6ec20h89.default\prefs.js ]
 
 
-\\ Google Chrome v34.0.1847.131
 
[ File : C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Extension] : gkcefkcdkepgkpbgncjchhbjgoanleod
 
*************************
 
AdwCleaner[R0].txt - [995 octets] - [04/05/2014 18:30:17]
AdwCleaner[R1].txt - [1060 octets] - [06/05/2014 12:52:30]
AdwCleaner[S0].txt - [987 octets] - [06/05/2014 12:55:03]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1046 octets] ##########
 
 
 
 
 
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Barbara on Tue 05/06/2014 at 13:13:44.13
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1969887077-1188993951-1613878534-1001\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011501160}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{180780f0-b348-4b44-8210-94a8f3ee15b2}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95C2914D-756A-48C1-A937-82305EEB47DB}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E607433C-38CB-47B3-8324-DA09804A41F1}
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\Users\Barbara\appdata\locallow\SkwConfig.bin"
Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npcouponprinter.dll"
Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npmozcouponprinter.dll"
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Users\Barbara\appdata\locallow\ytd"
Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"
 
 
 
~~~ FireFox
 
Successfully deleted: [File] C:\user.js
Successfully deleted: [Folder] C:\Users\Barbara\AppData\Roaming\mozilla\firefox\profiles\6ec20h89.default\extensions\staged
Emptied folder: C:\Users\Barbara\AppData\Roaming\mozilla\firefox\profiles\6ec20h89.default\minidumps [105 files]
 
 
 
~~~ Event Viewer Logs were cleared
 

OTL logfile created on: 5/6/2014 1:36:32 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Barbara\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16844)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.91 Gb Total Physical Memory | 5.02 Gb Available Physical Memory | 63.52% Memory free
15.82 Gb Paging File | 12.75 Gb Available in Paging File | 80.61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 682.11 Gb Total Space | 448.86 Gb Free Space | 65.81% Space Free | Partition Type: NTFS
Drive D: | 287.24 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: BJGPC | User Name: Barbara | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Barbara\Downloads\OTL (3).exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Users\Barbara\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Glary Utilities 4\Integrator.exe (Glarysoft Ltd)
PRC - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\afwServ.exe (AVAST Software)
PRC - C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Users\Barbara\AppData\Roaming\Dashlane\Dashlane.exe ()
PRC - C:\Users\Barbara\AppData\Roaming\Dashlane\DashlanePlugin.exe ()
PRC - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe (IObit)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\SysWOW64\atashost.exe (Cisco WebEx LLC)
PRC - C:\Program Files (x86)\TOSHIBA\widimon\widimon.exe (TOSHIBA CORPORATION)
PRC - C:\Windows\SysWOW64\cmd.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - c:\Users\Barbara\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgdwkxe.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\libglesv2.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\libegl.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ffmpegsumo.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\chrome_elf.dll ()
MOD - C:\Program Files (x86)\Glary Utilities 4\zlib1.dll ()
MOD - C:\Users\Barbara\AppData\Roaming\Dashlane\Dashlane.exe ()
MOD - C:\Users\Barbara\AppData\Roaming\Dashlane\2.4.0.56656\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLibData.2.4.0.56656.dll ()
MOD - C:\Users\Barbara\AppData\Roaming\Dashlane\2.4.0.56656\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWUtils.2.4.0.56656.dll ()
MOD - C:\Users\Barbara\AppData\Roaming\Dashlane\2.4.0.56656\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib_win.2.4.0.56656.dll ()
MOD - C:\Users\Barbara\AppData\Roaming\Dashlane\2.4.0.56656\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib.2.4.0.56656.dll ()
MOD - C:\Users\Barbara\AppData\Roaming\Dashlane\2.4.0.56656\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\Kwift_DP.2.4.0.56656.dll ()
MOD - C:\Users\Barbara\AppData\Roaming\Dashlane\2.4.0.56656\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWExternLib.2.4.0.56656.dll ()
MOD - C:\Users\Barbara\AppData\Roaming\Dashlane\2.4.0.56656\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebugDll_win32.2.4.0.56656.dll ()
MOD - C:\Users\Barbara\AppData\Roaming\Dashlane\2.4.0.56656\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWData.2.4.0.56656.dll ()
MOD - C:\Users\Barbara\AppData\Roaming\Dashlane\2.4.0.56656\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWApplication.2.4.0.56656.dll ()
MOD - C:\Users\Barbara\AppData\Roaming\Dashlane\2.4.0.56656\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebug.2.4.0.56656.dll ()
MOD - C:\Users\Barbara\AppData\Roaming\Dashlane\DashlanePlugin.exe ()
MOD - C:\Users\Barbara\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll ()
MOD - C:\Users\Barbara\AppData\Roaming\Dropbox\bin\libcef.dll ()
MOD - C:\Program Files\AVAST Software\Avast\libcef.dll ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (avast! Firewall) -- C:\Program Files\AVAST Software\Avast\afwServ.exe (AVAST Software)
SRV:64bit: - (SpyHunter 4 Service) -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe (Enigma Software Group USA, LLC.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (Zoolz 2 Service) -- C:\Program Files\Genie9\Zoolz2\ZoolzService.exe (Genie9)
SRV:64bit: - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV:64bit: - (TPCHSrv) -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (DMAgent) -- C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe (Red Bend Ltd.)
SRV:64bit: - (WiMAXAppSrv) -- C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe (Intel® Corporation)
SRV:64bit: - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
SRV:64bit: - (TOSHIBA eco Utility Service) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation)
SRV:64bit: - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (Thpsrv) -- C:\Windows\SysNative\ThpSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (IMFservice) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe (IObit)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (atashost) -- C:\Windows\SysWOW64\atashost.exe (Cisco WebEx LLC)
SRV - (DragonSvc) -- C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe (Nuance Communications, Inc.)
SRV - (Garmin Core Update Service) -- C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe (Garmin Ltd or its subsidiaries)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe (McAfee, Inc.)
SRV - (WACService) -- C:\Program Files (x86)\Wondershare\Wondershare Application Center\WACService.exe (Wondershare)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (TMachInfo) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
SRV - (AdobeActiveFileMonitor10.0) -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (HP LaserJet Service) -- C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe (HP)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMSwissArmy) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys (Malwarebytes Corporation)
DRV:64bit: - (BootDefragDriver) -- C:\Windows\SysNative\drivers\BootDefragDriver.sys (Glarysoft Ltd)
DRV:64bit: - (MBAMWebAccessControl) -- C:\Windows\SysNative\drivers\mwac.sys (Malwarebytes Corporation)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswsp.sys (AVAST Software)
DRV:64bit: - (aswVmm) -- C:\windows\SysNative\drivers\aswVmm.sys ()
DRV:64bit: - (aswStm) -- C:\Windows\SysNative\drivers\aswstm.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswRvrt) -- C:\windows\SysNative\drivers\aswRvrt.sys ()
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswKbd) -- C:\Windows\SysNative\drivers\aswKbd.sys (AVAST Software)
DRV:64bit: - (aswNdisFlt) -- C:\Windows\SysNative\drivers\aswNdisFlt.sys (AVAST Software)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LEqdUsb) -- C:\Windows\SysNative\drivers\LEqdUsb.sys (Logitech, Inc.)
DRV:64bit: - (LHidEqd) -- C:\Windows\SysNative\drivers\LHidEqd.sys (Logitech, Inc.)
DRV:64bit: - (mozyFilter) -- C:\Windows\SysNative\drivers\mozy.sys (Mozy, Inc.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (EsgScanner) -- C:\Windows\SysNative\drivers\EsgScanner.sys ()
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwampfl) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.)
DRV:64bit: - (bcbtums) -- C:\Windows\SysNative\drivers\bcbtums.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (CeKbFilter) -- C:\Windows\SysNative\drivers\CeKbFilter.sys (Compal Electronics, INC.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation)
DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (iwdbus) -- C:\Windows\SysNative\drivers\iwdbus.sys (Intel Corporation)
DRV:64bit: - (intaud_WaveExtensible) -- C:\Windows\SysNative\drivers\intelaud.sys (Intel Corporation)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (tos_sps64) -- C:\Windows\SysNative\drivers\tos_sps64.sys (TOSHIBA Corporation)
DRV:64bit: - (bpmp) -- C:\Windows\SysNative\drivers\bpmp.sys (Intel Corporation)
DRV:64bit: - (bpusb) -- C:\Windows\SysNative\drivers\bpusb.sys (Intel Corporation)
DRV:64bit: - (bpenum) -- C:\Windows\SysNative\drivers\bpenum.sys (Intel Corporation)
DRV:64bit: - (Thpdrv) -- C:\Windows\SysNative\drivers\thpdrv.sys (TOSHIBA Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys ()
DRV:64bit: - (PGEffect) -- C:\Windows\SysNative\drivers\PGEffect.sys (TOSHIBA Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HPFXBULKLEDM) -- C:\Windows\SysNative\drivers\hppdbulkio.sys (Hewlett Packard)
DRV:64bit: - (ICCWDT) -- C:\Windows\SysNative\drivers\ICCWDT.sys (Intel Corporation)
DRV:64bit: - (LPCFilter) -- C:\Windows\SysNative\drivers\LPCFilter.sys (COMPAL ELECTRONIC INC.)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (WSDScan) -- C:\Windows\SysNative\drivers\WSDScan.sys (Microsoft Corporation)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (Thpevm) -- C:\Windows\SysNative\drivers\Thpevm.sys (TOSHIBA Corporation)
DRV:64bit: - (TVALZFL) -- C:\Windows\SysNative\drivers\TVALZFL.sys (TOSHIBA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (HBtnKey) -- C:\Windows\SysNative\drivers\wstbtndb.sys (Lenovo)
DRV - (RegFilter) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys (IObit.com)
DRV - (UrlFilter) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys (IObit.com)
DRV - (FileMonitor) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys (IObit)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/?cid=C001B2Y
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{33AA777C-A1A0-4939-8954-FAB5C154653D}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=800236&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "about:superstart"
FF - prefs.js..extensions.enabledAddons: %7B0538E3E3-7E9B-4d49-8831-A227C80A7AD3%7D:2.2.2
FF - prefs.js..extensions.enabledAddons: %7BE0B8C461-F8FB-49b4-8373-FE32E9252800%7D:5.9.1
FF - prefs.js..extensions.enabledAddons: %7B097d3191-e6fa-4728-9826-b533d755359d%7D:0.7.21
FF - prefs.js..extensions.enabledAddons: foxmarks%40kei.com:4.2.5
FF - prefs.js..extensions.enabledAddons: support%40lastpass.com:3.1.1
FF - prefs.js..extensions.enabledAddons: browser_boost%40browser-boost.com:1.0.0
FF - prefs.js..extensions.enabledAddons: superstart%40enjoyfreeware.org:7.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\Barbara\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/04/17 00:18:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{9193F654-D886-4fef-8894-A97EF6623104}: C:\Program Files (x86)\Wondershare\AllMyTube\SVRFirefoxExt\ [2012/06/05 22:27:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/04/01 13:30:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/02/28 11:59:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/05/06 13:15:53 | 000,000,000 | ---D | M]
 
[2013/09/14 10:37:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Barbara\AppData\Roaming\Mozilla\Extensions
[2014/05/06 13:22:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\6ec20h89.default\extensions
[2012/10/09 15:51:08 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\6ec20h89.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2013/10/10 18:58:02 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\6ec20h89.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2013/05/29 11:59:02 | 000,000,000 | ---D | M] ("Boomerang for GMail") -- C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\6ec20h89.default\extensions\{65e41d20-f092-41b7-bb83-c6e8a9ab0f57}
[2012/12/31 13:29:46 | 000,000,000 | ---D | M] ("StumbleUpon") -- C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\6ec20h89.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2013/12/27 12:02:45 | 000,000,000 | ---D | M] (Evernote Web Clipper) -- C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\6ec20h89.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
[2013/07/04 11:49:52 | 000,000,000 | ---D | M] (feedly) -- C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\6ec20h89.default\extensions\feedly@devhd
[2014/01/13 18:59:16 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\6ec20h89.default\extensions\foxmarks@kei.com
[2014/04/22 20:47:17 | 000,000,000 | ---D | M] (Super Start) -- C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\6ec20h89.default\extensions\superstart@enjoyfreeware.org
[2014/03/21 13:48:26 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\6ec20h89.default\extensions\support@lastpass.com
[2014/04/21 13:38:33 | 000,035,856 | ---- | M] () (No name found) -- C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\6ec20h89.default\extensions\browser_boost@browser-boost.com.xpi
[2013/07/04 11:49:51 | 000,027,050 | ---- | M] () (No name found) -- C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\6ec20h89.default\extensions\feedly@devhd.xpi
[2013/11/05 16:23:05 | 000,177,056 | ---- | M] () (No name found) -- C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\6ec20h89.default\extensions\jid0-58lecu6hJxQxqq7FSTmrn6W5eZY@jetpack.xpi
[2014/03/08 17:11:47 | 000,696,321 | ---- | M] () (No name found) -- C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\6ec20h89.default\extensions\toolbar@seomoz.org.xpi
[2014/01/07 16:55:14 | 000,475,779 | ---- | M] () (No name found) -- C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\6ec20h89.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi
[2014/03/13 11:23:25 | 000,383,888 | ---- | M] () (No name found) -- C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\6ec20h89.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
[2013/05/29 11:59:02 | 000,046,841 | ---- | M] () (No name found) -- C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\6ec20h89.default\extensions\{65e41d20-f092-41b7-bb83-c6e8a9ab0f57}.xpi
[2014/04/27 14:04:14 | 000,022,724 | ---- | M] () (No name found) -- C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\6ec20h89.default\extensions\{902D2C4A-457A-4EF9-AD43-7014562929FF}.xpi
[2012/12/31 13:29:44 | 000,377,738 | ---- | M] () (No name found) -- C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\6ec20h89.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}.xpi
[2014/01/10 11:54:53 | 000,007,373 | ---- | M] () (No name found) -- C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\6ec20h89.default\extensions\{badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9}.xpi
[2014/05/01 16:17:59 | 000,957,880 | ---- | M] () (No name found) -- C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\6ec20h89.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/04/30 15:45:28 | 002,846,807 | ---- | M] () (No name found) -- C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\6ec20h89.default\extensions\{d9284e50-81fc-11da-a72b-0800200c9a66}.xpi
[2014/02/22 16:04:01 | 000,787,979 | ---- | M] () (No name found) -- C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\6ec20h89.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2012/06/21 08:50:17 | 000,002,973 | ---- | M] () -- C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\6ec20h89.default\searchplugins\twitter-.xml
[2013/07/28 17:29:43 | 000,000,904 | ---- | M] () -- C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\6ec20h89.default\searchplugins\yahoo.xml
[2013/10/15 18:19:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/10/08 13:35:20 | 000,000,000 | ---D | M] (WordOv) -- C:\Program Files (x86)\Mozilla Firefox\extensions\jzkenlkaloil@kctewplunsmgzuca.org
[2013/10/15 18:19:59 | 000,000,000 | ---D | M] (Word Layers) -- C:\Program Files (x86)\Mozilla Firefox\extensions\ugnraew@jqhljqmpngx.net
[2013/10/01 06:32:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/03/30 18:07:47 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/02/20 11:46:44 | 000,000,000 | ---D | M] (Dashlane) -- C:\USERS\BARBARA\APPDATA\ROAMING\DASHLANE\2.4.0.56656\BIN\FIREFOX_EXTENSION\{442718D9-475E-452A-B3E1-FB1EE16B8E9F}
[2013/02/08 10:54:00 | 000,171,584 | ---- | M] (Tracker Software Products (Canada) Ltd.) -- C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: 
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_1\
CHR - Extension: Google Drive = C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1\
CHR - Extension: YouTube = C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1\
CHR - Extension: Google Search = C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1\
CHR - Extension: Dashlane = C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdjamakpfbbddfjaooikfcpapjohcfmg\2.4.0.53495_0\
CHR - Extension: Ads Removal = C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\fopdddcinljmpmioaklghcalngfhbaen\1.0.0_0\
CHR - Extension: avast! Online Security = C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2018.95_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_1\
CHR - Extension: Google Wallet = C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Wondershare YouTube Downloader = C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\odoegbfnimkkocjoeoelkonmlfpbhlnc\2.2.0_1\
CHR - Extension: Wondershare YouTube Downloader = C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\odoegbfnimkkocjoeoelkonmlfpbhlnc\2.2.0_1\.svn\text-base\.svn-base
CHR - Extension: Gmail = C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2\
 
O1 HOSTS File: ([2009/06/10 14:00:28 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll (TechSmith Corporation)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Wondershare YouTube Downloader) - {133232D2-DAE3-4B6F-AAC2-17CD87495682} - C:\Program Files (x86)\Wondershare\AllMyTube\SVRIEPlugin.dll (Wondershare Software Co., Ltd.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Evernote extension) - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O2 - BHO: (Ads Removal) - {9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} - C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\Adblock.dll (Adblock)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3:64bit: - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll (TechSmith Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKCU..\Run: [Dashlane] C:\Users\Barbara\AppData\Roaming\Dashlane\Dashlane.exe ()
O4 - HKCU..\Run: [GUDelayStartup] C:\Program Files (x86)\Glary Utilities 4\StartupManager.exe (Glarysoft Ltd)
O4 - Startup: C:\Users\Barbara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Barbara\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Clip image - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4 File not found
O8:64bit: - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3 File not found
O8:64bit: - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1 File not found
O8:64bit: - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0 File not found
O8:64bit: - Extra context menu item: New note - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Clip image - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4 File not found
O8 - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3 File not found
O8 - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1 File not found
O8 - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0 File not found
O8 - Extra context menu item: New note - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html ()
O9:64bit: - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\AddNote.html ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\AddNote.html ()
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab (Java Plug-in 1.7.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_40-windows-i586.cab (Java Plug-in 10.51.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{98D45308-92D1-40AE-8FEE-0D9541F28F83}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C1CF4F37-9247-446E-B76D-78DB86654E32}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll (Stardock)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/09/28 12:03:23 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (BootDefrag.exe)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/05/06 13:13:41 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2014/05/06 12:34:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
[2014/05/06 12:25:55 | 000,017,600 | ---- | C] (Glarysoft Ltd) -- C:\windows\SysNative\drivers\BootDefragDriver.sys
[2014/05/06 12:25:55 | 000,000,000 | ---D | C] -- C:\Users\Barbara\AppData\Roaming\DropboxMaster
[2014/05/04 18:30:13 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/05/04 11:26:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2014/05/04 11:25:27 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Desktop\mbar
[2014/05/04 11:24:49 | 012,589,848 | ---- | C] (Malwarebytes Corp.) -- C:\Users\Barbara\Desktop\mbar-1.07.0.1009.exe
[2014/05/02 11:27:48 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Documents\Affiliate Funnel
[2014/05/01 14:54:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegHunter
[2014/04/30 10:59:01 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Documents\Storyselling
[2014/04/29 16:33:15 | 000,119,512 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/04/29 16:32:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/04/29 16:32:52 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbamchameleon.sys
[2014/04/29 16:32:52 | 000,063,192 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mwac.sys
[2014/04/29 16:32:52 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2014/04/29 16:32:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/04/29 16:02:15 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\windows\SysWow64\sqlite3.dll
[2014/04/28 15:16:51 | 000,000,000 | ---D | C] -- C:\NPE
[2014/04/28 15:14:24 | 000,000,000 | -HSD | C] -- C:\found.000
[2014/04/28 15:06:52 | 000,000,000 | ---D | C] -- C:\Users\Barbara\AppData\Local\NPE
[2014/04/28 14:32:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
[2014/04/28 14:12:50 | 000,000,000 | ---D | C] -- C:\ProgramData\XDMessagingv4
[2014/04/28 14:12:49 | 000,000,000 | ---D | C] -- C:\Users\Barbara\AppData\Local\Abelssoft
[2014/04/27 17:04:45 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Documents\New folder (3)
[2014/04/27 09:06:24 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Documents\Clearbrook FHA Documents
[2014/04/26 18:31:48 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Documents\Sean Mize - BalckbeltProduct Creation -
[2014/04/26 18:30:02 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Documents\Product Developement - One Problem
[2014/04/26 18:28:52 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Documents\Evernote Guide
[2014/04/26 18:28:09 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Documents\MasteringMindMaps
[2014/04/26 18:06:05 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Documents\Sean Mize  - Targeted Traffic Training
[2014/04/26 17:59:04 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Documents\Sean Mize - WSO Master Blueprint
[2014/04/26 17:49:33 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Documents\Get REsponse Training
[2014/04/25 12:47:35 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Documents\Jason Fladlien
[2014/04/25 12:40:16 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Documents\Sean Mize - Content Marketing
[2014/04/25 12:18:49 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Documents\Sean Mize - 60 Day Coaching
[2014/04/24 15:58:59 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Documents\Blogging Headline Haacks
[2014/04/24 12:18:02 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Documents\Video Creation Tools
[2014/04/24 11:25:10 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Documents\Coaching Tools
[2014/04/24 11:20:57 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Documents\List Building Secrets
[2014/04/24 11:16:14 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Documents\Coaching - 101- Real Coaching Niches
[2014/04/23 19:48:37 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Documents\Persusuasion - 30 Days
[2014/04/23 16:53:30 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Documents\Keywords - Niche
[2014/04/23 10:56:37 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Documents\WP Dollar
[2014/04/21 22:15:54 | 000,000,000 | ---D | C] -- C:\Users\Barbara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Glarysoft
[2014/04/21 22:15:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Glarysoft
[2014/04/21 21:43:38 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Documents\New folder (2)
[2014/04/21 21:42:21 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Documents\New folder
[2014/04/21 14:07:36 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Documents\PAC - Jim
[2014/04/21 12:25:31 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Documents\Consulting - WSO
[2014/04/19 19:43:51 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Documents\email - 7 embarrassing email mistakes
[2014/04/19 19:38:24 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Documents\Images
[2014/04/19 16:14:02 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Documents\BluePrint Pro
[2014/04/19 13:41:34 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Documents\Opt In Profits
[2014/04/18 13:16:48 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Documents\Covucci
[2014/04/18 10:25:42 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Documents\Product Creation Map
[2014/04/17 21:17:08 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Documents\Product Creation - Sean Mize
[2014/04/17 17:46:38 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Documents\Small Reports Mastery - One Month
[2014/04/17 17:12:36 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Documents\Barb Ling - WSO
[2014/04/16 14:35:33 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Documents\SERPAlertBoss
[2014/04/16 14:35:32 | 000,000,000 | ---D | C] -- C:\Users\Barbara\AppData\Roaming\com.pageone.SERPAlertBoss
[2014/04/16 14:25:20 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Documents\Perry Marshall
[2014/04/16 14:15:33 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Documents\Public Info - Project Gutenburg
[2014/04/16 13:42:52 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Documents\Facebook - Time Line Optin
[2014/04/16 11:02:25 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Documents\Graphics - Marketing
[2014/04/15 16:31:41 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Documents\Fiverr Report
[2014/04/15 10:39:02 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Documents\Sales - The Salesperson is Dead
[2014/04/15 10:36:36 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Documents\Sales - Customer Segmentation
[2014/04/15 10:34:35 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Documents\Sales Negotiation
[2014/04/14 15:59:49 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Documents\Kindle - Fiction Book
[2014/04/12 11:26:00 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Documents\Mind Maps for Marketers
[2014/04/10 17:37:52 | 000,312,744 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\javaws.exe
[2014/04/10 17:37:44 | 000,189,352 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\javaw.exe
[2014/04/10 17:37:44 | 000,189,352 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\java.exe
[2014/04/10 17:37:44 | 000,108,968 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\WindowsAccessBridge-64.dll
[2014/04/10 17:37:31 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2014/04/10 10:55:39 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Documents\Pointblank
[2014/04/06 18:31:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KD Promo Submitter
[2014/04/06 18:31:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KD Promo Submitter
[2014/04/06 18:08:09 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Documents\Biz  - Web
[4 C:\Users\Barbara\Desktop\*.tmp files -> C:\Users\Barbara\Desktop\*.tmp -> ]
[2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\Users\Barbara\*.tmp files -> C:\Users\Barbara\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/05/06 13:04:22 | 000,025,120 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/05/06 13:04:22 | 000,025,120 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/05/06 13:01:52 | 000,000,336 | ---- | M] () -- C:\windows\tasks\GlaryInitialize 4.job
[2014/05/06 13:01:28 | 000,119,512 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/05/06 13:01:28 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/05/06 12:56:46 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2014/05/06 12:56:42 | 2074,947,583 | -HS- | M] () -- C:\hiberfil.sys
[2014/05/06 12:36:00 | 000,000,416 | ---- | M] () -- C:\windows\tasks\GlaryOneClickOptimizer 4.job
[2014/05/06 12:27:46 | 000,855,650 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2014/05/06 12:27:46 | 000,715,854 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2014/05/06 12:27:46 | 000,140,750 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2014/05/06 12:26:09 | 000,001,079 | ---- | M] () -- C:\Users\Barbara\Application Data\Microsoft\Internet Explorer\Quick Launch\Glary Utilities 4.lnk
[2014/05/06 12:26:09 | 000,001,055 | ---- | M] () -- C:\Users\Public\Desktop\Glary Utilities 4.lnk
[2014/05/06 12:26:04 | 000,001,060 | ---- | M] () -- C:\Users\Barbara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/05/05 02:06:55 | 000,003,612 | ---- | M] () -- C:\windows\mozy.flt
[2014/05/05 02:06:55 | 000,003,584 | ---- | M] () -- C:\windows\mozy.blk
[2014/05/04 11:25:34 | 000,091,352 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbamchameleon.sys
[2014/05/04 11:24:57 | 012,589,848 | ---- | M] (Malwarebytes Corp.) -- C:\Users\Barbara\Desktop\mbar-1.07.0.1009.exe
[2014/05/01 14:54:09 | 000,001,174 | ---- | M] () -- C:\Users\Public\Desktop\RegHunter.lnk
[2014/05/01 13:27:03 | 001,992,654 | ---- | M] () -- C:\Users\Barbara\Desktop\AttendeeViewerImage004.bmp
[2014/04/29 15:55:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2014/04/29 15:32:12 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/04/29 15:09:39 | 000,000,574 | ---- | M] () -- C:\windows\tasks\G2MUpdateTask-S-1-5-21-1969887077-1188993951-1613878534-1001.job
[2014/04/29 15:09:39 | 000,000,392 | ---- | M] () -- C:\windows\tasks\update-S-1-5-21-1969887077-1188993951-1613878534-1001.job
[2014/04/29 15:09:38 | 000,000,392 | ---- | M] () -- C:\windows\tasks\update-sys.job
[2014/04/29 10:19:01 | 000,000,514 | ---- | M] () -- C:\windows\tasks\SUPERAntiSpyware Scheduled Task 68d3b8c9-189b-4f50-b66b-794f2e4bfbd1.job
[2014/04/29 02:00:02 | 000,000,514 | ---- | M] () -- C:\windows\tasks\SUPERAntiSpyware Scheduled Task 77b1a562-e034-4c88-9e62-ecbfd99a9df8.job
[2014/04/28 15:48:28 | 000,975,426 | ---- | M] () -- C:\ProgramData\SMRResults410.dat
[2014/04/28 14:32:29 | 000,001,148 | ---- | M] () -- C:\Users\Public\Desktop\IObit Malware Fighter.lnk
[2014/04/26 18:05:30 | 041,712,357 | ---- | M] () -- C:\Users\Barbara\Documents\InfographicsBuilderVer2.zip
[2014/04/24 18:18:24 | 001,992,654 | ---- | M] () -- C:\Users\Barbara\Desktop\AttendeeViewerImage003.bmp
[2014/04/21 22:15:54 | 000,001,183 | ---- | M] () -- C:\Users\Barbara\Desktop\Quick Search.lnk
[2014/04/17 17:12:06 | 000,005,353 | ---- | M] () -- C:\Users\Barbara\Documents\New folder (6) - Shortcut.lnk
[2014/04/15 11:15:16 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2014/04/15 11:15:16 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/04/14 04:05:34 | 000,118,048 | ---- | M] (Glarysoft Ltd) -- C:\windows\SysNative\BootDefrag.exe
[2014/04/13 22:07:36 | 000,017,600 | ---- | M] (Glarysoft Ltd) -- C:\windows\SysNative\drivers\BootDefragDriver.sys
[2014/04/12 10:53:29 | 000,103,771 | ---- | M] () -- C:\Users\Barbara\Documents\327WebinarHandout.pdf
[2014/04/12 06:15:01 | 000,084,543 | ---- | M] () -- C:\spyhunter.fix
[2014/04/10 17:37:40 | 000,108,968 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\WindowsAccessBridge-64.dll
[2014/04/10 17:37:36 | 000,312,744 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\javaws.exe
[2014/04/10 17:37:36 | 000,189,352 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\javaw.exe
[2014/04/10 17:37:35 | 000,189,352 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\java.exe
[2014/04/09 15:02:00 | 000,002,136 | ---- | M] () -- C:\windows\SysNative\ScanResults.xml
[2014/04/09 14:57:43 | 000,001,056 | ---- | M] () -- C:\windows\SysNative\SettingsFile
[2014/04/08 16:28:09 | 000,426,144 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2014/04/08 15:16:08 | 000,057,444 | ---- | M] () -- C:\Users\Barbara\Desktop\PP - Latest.csv
[4 C:\Users\Barbara\Desktop\*.tmp files -> C:\Users\Barbara\Desktop\*.tmp -> ]
[2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\Users\Barbara\*.tmp files -> C:\Users\Barbara\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/05/06 12:27:50 | 000,000,416 | ---- | C] () -- C:\windows\tasks\GlaryOneClickOptimizer 4.job
[2014/05/01 14:54:09 | 000,001,174 | ---- | C] () -- C:\Users\Public\Desktop\RegHunter.lnk
[2014/05/01 13:27:03 | 001,992,654 | ---- | C] () -- C:\Users\Barbara\Desktop\AttendeeViewerImage004.bmp
[2014/04/28 15:47:47 | 000,975,426 | ---- | C] () -- C:\ProgramData\SMRResults410.dat
[2014/04/28 15:20:26 | 000,001,060 | ---- | C] () -- C:\Users\Barbara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/04/28 14:32:29 | 000,001,148 | ---- | C] () -- C:\Users\Public\Desktop\IObit Malware Fighter.lnk
[2014/04/26 18:05:34 | 041,712,357 | ---- | C] () -- C:\Users\Barbara\Documents\InfographicsBuilderVer2.zip
[2014/04/24 18:18:24 | 001,992,654 | ---- | C] () -- C:\Users\Barbara\Desktop\AttendeeViewerImage003.bmp
[2014/04/21 22:15:54 | 000,001,183 | ---- | C] () -- C:\Users\Barbara\Desktop\Quick Search.lnk
[2014/04/17 17:12:06 | 000,005,353 | ---- | C] () -- C:\Users\Barbara\Documents\New folder (6) - Shortcut.lnk
[2014/04/12 10:53:55 | 000,103,771 | ---- | C] () -- C:\Users\Barbara\Documents\327WebinarHandout.pdf
[2014/04/12 10:16:40 | 2074,947,583 | -HS- | C] () -- C:\hiberfil.sys
[2014/04/08 21:31:48 | 000,084,543 | ---- | C] () -- C:\spyhunter.fix
[2014/02/08 00:40:40 | 000,000,096 | ---- | C] () -- C:\Users\Barbara\AppData\Roaming\F48G-9M4H
[2014/01/20 01:07:09 | 000,014,336 | ---- | C] () -- C:\Users\Barbara\AppData\Roaming\ClickSalez.db
[2014/01/20 01:07:09 | 000,002,048 | ---- | C] () -- C:\Users\Barbara\AppData\Roaming\ctSettings
[2013/11/13 14:48:06 | 000,129,536 | ---- | C] () -- C:\windows\SysWow64\sqlite3_mod_fts3.dll
[2013/11/13 14:48:06 | 000,092,672 | ---- | C] () -- C:\windows\SysWow64\sqlite3_mod_zipfile.dll
[2013/11/13 14:48:06 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\sqlite3_mod_csvtable.dll
[2013/11/13 14:48:06 | 000,053,760 | ---- | C] () -- C:\windows\SysWow64\sqlite3_mod_impexp.dll
[2013/11/13 14:48:06 | 000,053,760 | ---- | C] () -- C:\windows\SysWow64\sqlite3_mod_extfunc.dll
[2013/11/13 14:48:06 | 000,053,248 | ---- | C] () -- C:\windows\SysWow64\sqlite3_mod_rtree.dll
[2013/11/13 14:48:06 | 000,000,392 | ---- | C] () -- C:\windows\ODBC.INI
[2013/10/22 14:13:07 | 000,000,180 | ---- | C] () -- C:\windows\Reimage.ini
[2013/10/21 15:07:04 | 000,026,401 | ---- | C] () -- C:\ProgramData\HPSSOSS.HTM
[2013/10/21 15:07:04 | 000,024,772 | ---- | C] () -- C:\ProgramData\HPSSDEF.CSS
[2013/10/21 15:07:04 | 000,002,944 | ---- | C] () -- C:\ProgramData\HPSSSIG.GIF
[2013/10/13 15:58:38 | 000,000,049 | ---- | C] () -- C:\Users\Barbara\AppData\Roaming\mbam.context.scan
[2013/09/29 17:26:03 | 000,028,672 | ---- | C] () -- C:\windows\SysWow64\lgpi32.dll
[2013/09/13 14:27:29 | 000,000,028 | --S- | C] () -- C:\windows\SysWow64\drivers\bwaut.sys
[2013/05/10 15:00:45 | 000,869,376 | ---- | C] () -- C:\windows\is-AQFPH.exe
[2013/04/11 08:47:17 | 000,184,160 | ---- | C] () -- C:\Users\Barbara\AppData\Local\ars.cache
[2013/04/11 08:39:01 | 000,000,036 | ---- | C] () -- C:\Users\Barbara\AppData\Local\housecall.guid.cache
[2013/03/18 17:43:52 | 000,000,059 | ---- | C] () -- C:\Users\Barbara\AppData\Local\UserProducts.xml
[2013/03/18 15:53:08 | 000,000,095 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2013/03/18 15:52:56 | 000,000,089 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc
[2013/03/10 16:04:24 | 000,044,032 | ---- | C] () -- C:\Users\Barbara\AppData\Local\DB_AntBook.db
[2013/02/26 12:41:09 | 000,000,172 | ---- | C] () -- C:\windows\efix.ini
[2012/08/31 15:42:07 | 000,000,758 | ---- | C] () -- C:\windows\ODBCINST.INI
[2012/08/07 10:30:41 | 000,000,970 | ---- | C] () -- C:\Users\Barbara\XMind.lnk
[2012/06/05 09:22:34 | 000,000,105 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2012/05/26 21:14:39 | 000,022,528 | ---- | C] () -- C:\Users\Barbara\AppData\Roaming\DomainFinder.rsd
[2012/05/24 15:16:46 | 000,003,584 | ---- | C] () -- C:\Users\Barbara\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/06 20:57:24 | 000,005,120 | ---- | C] () -- C:\Users\Barbara\buckaroodashboard.db
[2012/04/20 13:18:53 | 000,001,795 | ---- | C] () -- C:\Users\Barbara\AppData\Roaming\SAS7_000.DAT
[2012/03/15 21:51:52 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/03/14 19:03:15 | 000,061,304 | ---- | C] () -- C:\Users\Barbara\g2mdlhlpx.exe
 
========== ZeroAccess Check ==========
 
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 22:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 21:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 203 bytes -> C:\ProgramData\TEMP:0FF263E8
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:373E1720
 
< End of report >
 


#10 BarbaraJG

BarbaraJG
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:NJ
  • Local time:08:18 AM

Posted 06 May 2014 - 01:00 PM

Jo,

 

Now I can't even use Firefox as it says it's not responding and the hourglass just keeps spinning.

 

Also keep getting this message: A script on this page may be busy, or it may have stopped responding. You can stop the script now, or you can continue to see if the script will complete.

 

Thanks,

Barb



#11 BarbaraJG

BarbaraJG
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:NJ
  • Local time:08:18 AM

Posted 06 May 2014 - 01:07 PM

Jo,

 

Just found something of interest.  Remember when I try to go Weight Watchers, it takes me to a CPA site? The site it is going to is: Good Housekeeping On Garcinia Cambogia Weight-Loss Treatment - http://lifeandhealthreports.com/diet/5/.

 

Don't know if that helps, but it is still doing it.

 

Thanks,

Barb

 

PS: I was able to get into Firefox a couple of times, but still having same problem.



#12 BarbaraJG

BarbaraJG
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:NJ
  • Local time:08:18 AM

Posted 06 May 2014 - 01:29 PM

Jo,

 

Sorry about sending all these messages, but as I come upon things that you might need, I want to send them to you.

 

The script that I mentioned is: Script: about:superstart:3.

 

Barb



#13 BarbaraJG

BarbaraJG
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:NJ
  • Local time:08:18 AM

Posted 06 May 2014 - 01:47 PM

Jo,

 

Another script message: Script: https://www.facebook.com/groups/jobsearchaccelerator/:4



#14 Jo*

Jo*

  • Malware Response Team
  • 3,400 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:18 PM

Posted 06 May 2014 - 02:17 PM

Hello BarbaraJG,


Download ComboFix from the following location:
Link

* IMPORTANT- Save ComboFix.exe to your Desktop
 

***


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link:
How to Disable your Security Programs


***


Double click on combofix.exe & follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.
Enable your antivirus!
 

---


How the computer is running now?


***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#15 BarbaraJG

BarbaraJG
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:NJ
  • Local time:08:18 AM

Posted 06 May 2014 - 05:47 PM

Jo,

 

Problem still the same....

 

 

ComboFix 14-05-05.01 - Barbara 05/06/2014  18:23:26.2.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8100.5804 [GMT -4:00]
Running from: c:\users\Barbara\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
C:\pushbutton2006.exe
c:\pushbutton2006.exe\pushbutton2006.exe
c:\users\Barbara\AppData\Local\assembly\tmp
c:\users\Barbara\AppData\Local\assembly\tmp\BLT66WJ0\__AssemblyInfo__.ini
c:\users\Barbara\AppData\Local\assembly\tmp\BLT66WJ0\WordCrusher.DLL
c:\users\Barbara\AppData\Roaming\.#
c:\users\Barbara\AppData\Roaming\.#\MBX@5680@2152780.###
c:\users\Barbara\AppData\Roaming\.#\MBX@5680@21527B0.###
c:\users\Barbara\AppData\Roaming\.#\MBX@63290@24F2780.###
c:\users\Barbara\AppData\Roaming\.#\MBX@63290@24F27B0.###
c:\users\Barbara\AppData\Roaming\ubot
.
.
(((((((((((((((((((((((((   Files Created from 2014-04-06 to 2014-05-06  )))))))))))))))))))))))))))))))
.
.
2014-05-06 22:31 . 2014-05-06 22:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-05-06 20:18 . 2014-05-06 20:18 -------- d-s---w- c:\windows\SysWow64\Microsoft
2014-05-06 17:13 . 2014-05-06 17:13 -------- d-----w- c:\windows\ERUNT
2014-05-06 16:25 . 2014-05-06 16:25 -------- d-----w- c:\users\Barbara\AppData\Roaming\DropboxMaster
2014-05-06 16:25 . 2014-04-14 02:07 17600 ----a-w- c:\windows\system32\drivers\BootDefragDriver.sys
2014-05-04 22:30 . 2014-05-06 16:55 -------- d-----w- C:\AdwCleaner
2014-05-04 15:26 . 2014-05-04 17:37 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-04-29 20:33 . 2014-05-06 22:09 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-04-29 20:32 . 2014-05-04 15:25 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-04-29 20:32 . 2014-04-29 20:35 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-04-29 20:32 . 2014-04-03 13:51 63192 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-04-29 20:32 . 2014-04-03 13:50 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-04-29 20:02 . 2010-08-30 12:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-04-28 19:16 . 2014-04-28 19:18 -------- d-----w- C:\NPE
2014-04-28 19:14 . 2014-04-28 19:14 -------- d-----w- C:\found.000
2014-04-28 19:06 . 2014-04-28 19:46 -------- d-----w- c:\users\Barbara\AppData\Local\NPE
2014-04-28 18:12 . 2014-04-28 18:12 -------- d-----w- c:\programdata\XDMessagingv4
2014-04-28 18:12 . 2014-04-28 18:12 -------- d-----w- c:\users\Barbara\AppData\Local\Abelssoft
2014-04-22 02:15 . 2014-04-22 02:15 -------- d-----w- c:\program files (x86)\Glarysoft
2014-04-16 18:35 . 2014-04-16 18:35 -------- d-----w- c:\users\Barbara\AppData\Roaming\com.pageone.SERPAlertBoss
2014-04-10 21:37 . 2014-04-10 21:37 312744 ----a-w- c:\windows\system32\javaws.exe
2014-04-10 21:37 . 2014-04-10 21:37 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2014-04-10 21:37 . 2014-04-10 21:37 189352 ----a-w- c:\windows\system32\javaw.exe
2014-04-10 21:37 . 2014-04-10 21:37 189352 ----a-w- c:\windows\system32\java.exe
2014-04-10 21:37 . 2014-04-10 21:37 -------- d-----w- c:\program files\Java
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-15 15:15 . 2012-04-07 19:48 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-04-15 15:15 . 2011-11-22 04:31 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-04-14 08:05 . 2013-12-05 16:10 118048 ----a-w- c:\windows\system32\BootDefrag.exe
2014-03-17 14:16 . 2014-04-01 18:08 10521840 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A2BFEC46-F92C-4E95-95BB-095E1A21A0B8}\mpengine.dll
2014-03-02 18:05 . 2012-03-18 16:59 90015360 ----a-w- c:\windows\system32\MRT.exe
2014-02-23 08:13 . 2014-04-01 18:11 51712 ----a-w- c:\windows\system32\ie4uinit.exe
2014-02-23 08:13 . 2014-04-01 18:10 2241536 ----a-w- c:\windows\system32\wininet.dll
2014-02-23 08:13 . 2014-04-01 18:11 1365504 ----a-w- c:\windows\system32\urlmon.dll
2014-02-23 08:12 . 2014-04-01 18:11 197120 ----a-w- c:\windows\system32\msrating.dll
2014-02-23 08:12 . 2014-04-01 18:10 19273216 ----a-w- c:\windows\system32\mshtml.dll
2014-02-23 08:12 . 2014-04-01 18:11 603136 ----a-w- c:\windows\system32\msfeeds.dll
2014-02-23 08:11 . 2014-04-01 18:11 855552 ----a-w- c:\windows\system32\jscript.dll
2014-02-23 08:11 . 2014-04-01 18:11 3960320 ----a-w- c:\windows\system32\jscript9.dll
2014-02-23 08:11 . 2014-04-01 18:10 53760 ----a-w- c:\windows\system32\jsproxy.dll
2014-02-23 08:11 . 2014-04-01 18:11 526336 ----a-w- c:\windows\system32\ieui.dll
2014-02-23 08:11 . 2014-04-01 18:11 67072 ----a-w- c:\windows\system32\iesetup.dll
2014-02-23 08:11 . 2014-04-01 18:11 136704 ----a-w- c:\windows\system32\iesysprep.dll
2014-02-23 08:11 . 2014-04-01 18:11 2648576 ----a-w- c:\windows\system32\iertutil.dll
2014-02-23 08:11 . 2014-04-01 18:11 39936 ----a-w- c:\windows\system32\iernonce.dll
2014-02-23 08:11 . 2014-04-01 18:10 15404032 ----a-w- c:\windows\system32\ieframe.dll
2014-02-23 06:54 . 2014-04-01 18:10 1767936 ----a-w- c:\windows\SysWow64\wininet.dll
2014-02-23 06:53 . 2014-04-01 18:11 2877952 ----a-w- c:\windows\SysWow64\jscript9.dll
2014-02-23 06:53 . 2014-04-01 18:11 61440 ----a-w- c:\windows\SysWow64\iesetup.dll
2014-02-23 06:53 . 2014-04-01 18:11 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll
2014-02-23 06:35 . 2014-04-01 18:11 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2014-02-23 06:31 . 2014-04-01 18:11 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-02-23 05:39 . 2014-04-01 18:11 89600 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2014-02-23 05:35 . 2014-04-01 18:11 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2014-02-07 01:23 . 2014-04-01 17:55 3156480 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00001YSISyncComplete]
@="{89B5F9CC-C4A2-462C-BD27-29CEAC972135}"
[HKEY_CLASSES_ROOT\CLSID\{89B5F9CC-C4A2-462C-BD27-29CEAC972135}]
2012-04-13 16:00 2384976 ----a-w- c:\program files (x86)\YouSendIt Desktop App\YSINSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00002YSISyncActive]
@="{84B7BDFB-C50A-4335-B7C2-8AEC454F9E25}"
[HKEY_CLASSES_ROOT\CLSID\{84B7BDFB-C50A-4335-B7C2-8AEC454F9E25}]
2012-04-13 16:00 2384976 ----a-w- c:\program files (x86)\YouSendIt Desktop App\YSINSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00003YSISyncError]
@="{306A9CDE-AC70-453A-8008-B5F9962B8F88}"
[HKEY_CLASSES_ROOT\CLSID\{306A9CDE-AC70-453A-8008-B5F9962B8F88}]
2012-04-13 16:00 2384976 ----a-w- c:\program files (x86)\YouSendIt Desktop App\YSINSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Barbara\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Barbara\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Barbara\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dashlane"="c:\users\Barbara\AppData\Roaming\Dashlane\Dashlane.exe" [2014-02-18 219832]
"GUDelayStartup"="c:\program files (x86)\Glary Utilities 4\StartupManager.exe" [2014-04-14 37152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk * \0BootDefrag.exe
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ   scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"SearchSettings"="c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"HP Software Update"=c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe
"SearchProtectAll"="c:\program files (x86)\SearchProtect\bin\cltmng.exe"
"Zoolz Tray"="c:\program files\Genie9\Zoolz2\ZoolzLauncher.exe" "c:\program files\Genie9\Zoolz2\Zoolz.exe" "-Delay"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"vProt"="c:\program files (x86)\AVG SafeGuard toolbar\vprot.exe"
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HP LaserJet Service;HP LaserJet Service;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys;c:\windows\SYSNATIVE\DRIVERS\sbapifs.sys [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 CeKbFilter;CeKbFilter;c:\windows\system32\DRIVERS\CeKbFilter.sys;c:\windows\SYSNATIVE\DRIVERS\CeKbFilter.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 EsgScanner;EsgScanner;c:\windows\system32\DRIVERS\EsgScanner.sys;c:\windows\SYSNATIVE\DRIVERS\EsgScanner.sys [x]
R3 HPFXBULKLEDM;HPFXBULKLEDM;c:\windows\system32\drivers\hppdbulkio.sys;c:\windows\SYSNATIVE\drivers\hppdbulkio.sys [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
R4 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [x]
R4 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [x]
R4 DragonSvc;Dragon Service;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe [x]
R4 Garmin Core Update Service;Garmin Core Update Service;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [x]
R4 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [x]
R4 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R4 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE;c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [x]
R4 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
R4 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x]
R4 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
R4 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]
R4 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
R4 WACService;WACService;c:\program files (x86)\Wondershare\Wondershare Application Center\WACService.exe;c:\program files (x86)\Wondershare\Wondershare Application Center\WACService.exe [x]
R4 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
R4 Zoolz 2 Service;Zoolz Service;c:\program files\Genie9\Zoolz2\ZoolzService.exe;c:\program files\Genie9\Zoolz2\ZoolzService.exe [x]
S0 BootDefragDriver;BootDefragDriver;c:\windows\System32\drivers\BootDefragDriver.sys;c:\windows\SYSNATIVE\drivers\BootDefragDriver.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys;c:\windows\SYSNATIVE\DRIVERS\thpdrv.sys [x]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS;c:\windows\SYSNATIVE\DRIVERS\Thpevm.SYS [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys;c:\windows\SYSNATIVE\DRIVERS\tos_sps64.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 atashost;WebEx Service Host for Support Center;c:\windows\SysWOW64\atashost.exe;c:\windows\SysWOW64\atashost.exe [x]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x]
S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x]
S3 bpenum;Intel® Centrino® WiMAX Enumerator;c:\windows\system32\DRIVERS\bpenum.sys;c:\windows\SYSNATIVE\DRIVERS\bpenum.sys [x]
S3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys;c:\windows\SYSNATIVE\DRIVERS\bpmp.sys [x]
S3 bpusb;Intel® Centrino® WiMAX 6050 Series Function Driver;c:\windows\system32\Drivers\bpusb.sys;c:\windows\SYSNATIVE\Drivers\bpusb.sys [x]
S3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);c:\windows\system32\DRIVERS\ICCWDT.sys;c:\windows\SYSNATIVE\DRIVERS\ICCWDT.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-28 19:32 1078088 ----a-w- c:\program files (x86)\Google\Chrome\Application\34.0.1847.131\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-04-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-03 15:15]
.
2014-04-29 c:\windows\Tasks\G2MUpdateTask-S-1-5-21-1969887077-1188993951-1613878534-1001.job
- c:\users\Barbara\AppData\Local\Citrix\GoToMeeting\1350\g2mupdate.exe [2014-03-12 18:08]
.
2014-05-06 c:\windows\Tasks\GlaryInitialize 4.job
- c:\program files (x86)\Glary Utilities 4\Initialize.exe [2014-04-14 08:01]
.
2014-05-06 c:\windows\Tasks\GlaryOneClickOptimizer 4.job
- c:\program files (x86)\Glary Utilities 4\OneClickMaintenance.exe [2014-04-14 08:02]
.
2014-05-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-22 12:24]
.
2014-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-22 12:24]
.
2014-04-29 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 68d3b8c9-189b-4f50-b66b-794f2e4bfbd1.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-10-10 22:55]
.
2014-04-29 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 77b1a562-e034-4c88-9e62-ecbfd99a9df8.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-10-10 22:55]
.
2014-04-29 c:\windows\Tasks\update-S-1-5-21-1969887077-1188993951-1613878534-1001.job
- c:\program files (x86)\Skillbrains\Updater\Updater.exe [2013-03-18 18:37]
.
2014-04-29 c:\windows\Tasks\update-sys.job
- c:\program files (x86)\Skillbrains\Updater\Updater.exe [2013-03-18 18:37]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ mozysyncNotUploaded]
@="{34DF8AC2-A6BB-4855-B45A-CC1B4D9183E3}"
[HKEY_CLASSES_ROOT\CLSID\{34DF8AC2-A6BB-4855-B45A-CC1B4D9183E3}]
2013-11-18 18:46 876032 ----a-w- c:\program files\Mozy Sync\mozysyncshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ mozysyncPendingChanges]
@="{6673BC77-4A7B-4299-A130-14312E6B203A}"
[HKEY_CLASSES_ROOT\CLSID\{6673BC77-4A7B-4299-A130-14312E6B203A}]
2013-11-18 18:46 876032 ----a-w- c:\program files\Mozy Sync\mozysyncshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ mozysyncUpToDate]
@="{04547006-32F5-4635-844B-B8D7FCE47692}"
[HKEY_CLASSES_ROOT\CLSID\{04547006-32F5-4635-844B-B8D7FCE47692}]
2013-11-18 18:46 876032 ----a-w- c:\program files\Mozy Sync\mozysyncshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0Genie9 Zoolz-BackedupIcon]
@="{9DB6687B-FDB2-4284-AF2A-4562D4EB371D}"
[HKEY_CLASSES_ROOT\CLSID\{9DB6687B-FDB2-4284-AF2A-4562D4EB371D}]
2012-12-31 09:56 153088 ----a-w- c:\program files\Genie9\Zoolz2\ZoolzOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0Genie9 Zoolz-BackedUpModifiedIcon]
@="{9DB6687D-FDB2-4284-AF2A-4562D4EB371D}"
[HKEY_CLASSES_ROOT\CLSID\{9DB6687D-FDB2-4284-AF2A-4562D4EB371D}]
2012-12-31 09:56 153088 ----a-w- c:\program files\Genie9\Zoolz2\ZoolzOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0Genie9 Zoolz-ColdStorageIcon]
@="{9DB6687F-FDB2-4284-AF2A-4562D4EB371D}"
[HKEY_CLASSES_ROOT\CLSID\{9DB6687F-FDB2-4284-AF2A-4562D4EB371D}]
2012-12-31 09:56 153088 ----a-w- c:\program files\Genie9\Zoolz2\ZoolzOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0Genie9 Zoolz-FolderInCloudIcon]
@="{9DB6687E-FDB2-4284-AF2A-4562D4EB371D}"
[HKEY_CLASSES_ROOT\CLSID\{9DB6687E-FDB2-4284-AF2A-4562D4EB371D}]
2012-12-31 09:56 153088 ----a-w- c:\program files\Genie9\Zoolz2\ZoolzOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0Genie9 Zoolz-NotBackedUpIcon]
@="{9DB6687C-FDB2-4284-AF2A-4562D4EB371D}"
[HKEY_CLASSES_ROOT\CLSID\{9DB6687C-FDB2-4284-AF2A-4562D4EB371D}]
2012-12-31 09:56 153088 ----a-w- c:\program files\Genie9\Zoolz2\ZoolzOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Barbara\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Barbara\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Barbara\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Barbara\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-01-30 20:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-01-30 20:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-01-30 20:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-01-30 20:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-01-30 20:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-01-30 20:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2014-03-13 14:38 6485832 ----a-w- c:\program files\MozyHome\mozyshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2014-03-13 14:38 6485832 ----a-w- c:\program files\MozyHome\mozyshell.dll
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Stardock\Fences\FencesMenu64.dll" [2012-10-29 551640]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Clip image - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4
IE: Clip selection - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1
IE: Clip URL - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: New note - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\6ec20h89.default\
FF - prefs.js: browser.startup.homepage - about:superstart
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
ShellIconOverlayIdentifiers-{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d} - (no file)
AddRemove-Coupon Printer for Windows5.0.0.3 - c:\program files (x86)\Coupons\uninstall.exe
AddRemove-OfflinePennyPuncher - c:\program files (x86)\OfflinePennyPuncher\uninstall.exe
AddRemove-Stealth Niche Brainstorm_is1 - c:\program files (x86)\Stealth Niche Brainstorm\unins000.exe
AddRemove-{D1866CDE-BBE5-40F1-984E-E4E00B967BB9}_is1 - c:\program files (x86)\Nichegenerator\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{669695BC-A811-4A9D-8CDF-BA8C795F261C}"=hex:51,66,7a,6c,4c,1d,38,12,d2,96,85,
   62,23,e6,f3,0f,f3,c9,f9,cc,7c,01,62,08
"{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}"=hex:51,66,7a,6c,4c,1d,38,12,15,21,99,
   35,ad,10,d3,00,f6,8f,3c,cf,15,94,08,e1
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:1e,c5,11,62,0b,ca,ce,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fd,24,4a,a5,11,e6,27,47,9b,dd,ed,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fd,24,4a,a5,11,e6,27,47,9b,dd,ed,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_182_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_182_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_182_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_182_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_182.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_182.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_182.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_182.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-05-06  18:34:20
ComboFix-quarantined-files.txt  2014-05-06 22:34
ComboFix2.txt  2014-05-06 21:40
.
Pre-Run: 482,310,172,672 bytes free
Post-Run: 481,879,310,336 bytes free
.
- - End Of File - - 4F359DA9DBA18908D2B0AF5A8E461ED3





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users