Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

how to read DDS and Attach files


  • This topic is locked This topic is locked
5 replies to this topic

#1 Michael Aaron Karsh

Michael Aaron Karsh

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 13 June 2014 - 09:16 PM

I thought that I may have been attacked by malware on June 12, 2014.  Here is what I did:

 

1. I uninstalled all programs installed on my computer on that date.

 

2. I ran CCleaner

 

3. I updated and ran Superantispyware, and it just found 4 tracking cookies, which I then had it delete.

 

4. I updated and ran Malwarebytes AntiMalware, and it found 120 potentially unwanted programs, which I had it delete.  I then had to reboot my computer to get them off.

 

5. I updated Java from Version 7 update 55 to Version 7 update 60.

 

6. I ran DDS, and I want to post the results here.

 

Results from dds.txt file:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16476  BrowserJavaVersion: 10.60.2
Run by Owner at 22:49:56 on 2014-06-12
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.3836.1729 [GMT -7:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Webroot SecureAnywhere *Enabled/Updated* {66A6FE14-08CB-F415-3742-517201416109}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Webroot SecureAnywhere *Enabled/Updated* {DDC71FF0-2EF1-FB9B-0DF2-6A007AC62BB4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Webroot\WRSA.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files\Webroot\WRSA.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\dlcxcoms.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\SPLASH.SYS\config\DVMExportService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\McAfee\MSC\McAPExe.exe
C:\Program Files (x86)\MediaMall\MediaMallServer.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
C:\Windows\SysWOW64\NLSSRV32.EXE
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe
C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\Dell Photo AIO Printer 926\dlcxmon.exe
C:\Program Files (x86)\Dell Photo AIO Printer 926\memcard.exe
C:\Program Files (x86)\Verizon\FiOS\ihs\IHANotify.exe
C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\McAfee Online Backup\MOBK755backup.exe
C:\Program Files (x86)\McAfee Online Backup\MOBK755backup.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
C:\Windows\system32\Macromed\Flash\FlashUtil64_13_0_0_214_ActiveX.exe
C:\Program Files (x86)\OpenOffice 4\program\swriter.exe
C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
C:\Program Files (x86)\OpenOffice 4\program\soffice.bin
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://search.v9.com/web/?type=ds&ts=1402602198&from=tugs&uid=ST9320423AS_5VH2APDY&i=psd&t=344041c5f&q={searchTerms}
uDefault_Page_URL = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearch Page = hxxp://search.v9.com/web/?type=ds&ts=1402602198&from=tugs&uid=ST9320423AS_5VH2APDY&i=psd&t=344041c5f&q={searchTerms}
mDefault_Page_URL = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: {56bc31de-97ab-4563-8599-ad5d4e9800f9} - <orphaned>
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: PlayOn: {9A87E478-A2BD-44C4-9F8C-D3989A5271B1} - C:\Program Files (x86)\MediaMall\toolbar\pobho.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: Webroot Filtering Extension: {C9C42510-9B41-42c1-9DCD-7282A2D07C61} - C:\Program Files\Webroot\WRData\PKG\Vistax86\wrflt.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
TB: PlayOn: {9A87E478-A2BD-44C4-9F8C-D3989A5271B1} - C:\Program Files (x86)\MediaMall\toolbar\pobho.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [ihanotify] C:\Program Files (x86)\Verizon\FiOS\ihs\IHANotify.exe 1 fios
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
uRun: [Google Update] "C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [iLivid] "C:\Users\Owner\AppData\Local\iLivid\iLivid.exe" -autorun
mRun: [WirelessAssistant] "C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe"
mRun: [VERIZONDM] "C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe" /P VERIZONDM
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
mRun: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul
mRun: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [PC HealthFix] "C:\ProgramData\PC HealthFix\PCHealthFix.exe" /runscan
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\REALPL~1.LNK - C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
uPolicies-Explorer: NoViewOnDrive = dword:0
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: DisableLocalMachineRun = dword:0
uPolicies-Explorer: DisableLocalMachineRunOnce = dword:0
uPolicies-Explorer: DisableCurrentUserRun = dword:0
uPolicies-Explorer: DisableCurrentUserRunOnce = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:0
uPolicies-Explorer: NoFile = dword:0
uPolicies-Explorer: NoDevMgrUpdate = dword:0
uPolicies-Explorer: NoDFSTab = dword:0
uPolicies-Explorer: NoWindowsUpdate = dword:0
uPolicies-Explorer: NoEncryptOnMove = dword:0
uPolicies-Explorer: NoResolveTrack = dword:0
uPolicies-Explorer: NoStartMenuSubFolders = dword:0
uPolicies-System: NoDispAppearancePage = dword:0
uPolicies-System: NoDispSettingsPage = dword:0
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoViewOnDrive = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: DisableLocalMachineRun = dword:0
mPolicies-Explorer: DisableLocalMachineRunOnce = dword:0
mPolicies-Explorer: DisableCurrentUserRun = dword:0
mPolicies-Explorer: DisableCurrentUserRunOnce = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:0
mPolicies-Explorer: NoFile = dword:0
mPolicies-Explorer: HideClock = dword:0
mPolicies-Explorer: NoDevMgrUpdate = dword:0
mPolicies-Explorer: NoDFSTab = dword:0
mPolicies-Explorer: NoWindowsUpdate = dword:0
mPolicies-Explorer: NoEncryptOnMove = dword:0
mPolicies-Explorer: NoRunasInstallPrompt = dword:0
mPolicies-Explorer: NoResolveTrack = dword:0
mPolicies-Explorer: NoStartMenuSubFolders = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: NoDispAppearancePage = dword:0
mPolicies-System: NoDispSettingsPage = dword:0
mPolicies-Explorer: NoViewOnDrive = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: DisableLocalMachineRun = dword:0
mPolicies-Explorer: DisableLocalMachineRunOnce = dword:0
mPolicies-Explorer: DisableCurrentUserRun = dword:0
mPolicies-Explorer: DisableCurrentUserRunOnce = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:0
mPolicies-Explorer: NoFile = dword:0
mPolicies-Explorer: NoDevMgrUpdate = dword:0
mPolicies-Explorer: NoDFSTab = dword:0
mPolicies-Explorer: NoWindowsUpdate = dword:0
mPolicies-Explorer: NoEncryptOnMove = dword:0
mPolicies-Explorer: NoResolveTrack = dword:0
mPolicies-Explorer: NoStartMenuSubFolders = dword:0
mPolicies-System: NoDispAppearancePage = dword:0
mPolicies-System: NoDispSettingsPage = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: PlayOn - C:\Program Files (x86)\MediaMall\toolbar\MenuLoad.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {936CEA21-9A68-46D9-A31B-1173A976D896} - {9A87E478-A2BD-44C4-9F8C-D3989A5271B1} - C:\Program Files (x86)\MediaMall\toolbar\pobho.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://amsaevents.webex.com/client/WBXclient-T28L10NSP12_CP1-16851/nbr/ieatgpc1.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{6AE25851-2F02-4F8C-989E-381725231F81} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{E878202B-407B-4356-9F27-D0387E19D122} : DHCPNameServer = 192.168.123.254
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
x64-mStart Page = hxxp://www.v9.com/?type=hp&ts=1402602198&from=tugs&uid=ST9320423AS_5VH2APDY&i=psd&t=344041c5f
x64-mSearch Page = hxxp://search.v9.com/web/?type=ds&ts=1402602198&from=tugs&uid=ST9320423AS_5VH2APDY&i=psd&t=344041c5f&q={searchTerms}
x64-mDefault_Page_URL = hxxp://www.v9.com/?type=hp&ts=1402602198&from=tugs&uid=ST9320423AS_5VH2APDY&i=psd&t=344041c5f
x64-mDefault_Search_URL = hxxp://search.v9.com/web/?type=ds&ts=1402602198&from=tugs&uid=ST9320423AS_5VH2APDY&i=psd&t=344041c5f&q={searchTerms}
x64-BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} -
x64-BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll
x64-BHO: {56bc31de-97ab-4563-8599-ad5d4e9800f9} - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: PlayOn: {9A87E478-A2BD-44C4-9F8C-D3989A5271B1} - C:\Program Files (x86)\MediaMall\toolbar\pobho64.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-BHO: Webroot Filtering Extension: {C9C42510-9B41-42c1-9DCD-7282A2D07C61} - C:\Program Files\Webroot\WRData\PKG\Vistax64\wrflt.dll
x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-TB: PlayOn: {9A87E478-A2BD-44C4-9F8C-D3989A5271B1} - C:\Program Files (x86)\MediaMall\toolbar\pobho64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [Apoint] "C:\Program Files\Apoint2K\Apoint.exe"
x64-Run: [SmartMenu] "C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" /background
x64-Run: [SysTrayApp] "C:\Program Files\IDT\WDM\sttray64.exe"
x64-Run: [dlcxmon.exe] "C:\Program Files (x86)\Dell Photo AIO Printer 926\dlcxmon.exe"
x64-Run: [MemoryCardManager] "C:\Program Files (x86)\Dell Photo AIO Printer 926\memcard.exe"
x64-IE: {936CEA21-9A68-46D9-A31B-1173A976D896} - {9A87E478-A2BD-44C4-9F8C-D3989A5271B1} - C:\Program Files (x86)\MediaMall\toolbar\pobho64.dll
x64-DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2011-3-13 781312]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2011-11-25 343568]
R0 WRkrn;WRkrn;C:\Windows\System32\drivers\WRkrn.sys [2013-1-28 115680]
R1 DVMIO;DVMIO;C:\SPLASH.SYS\config\dvmio.sys [2009-9-27 21624]
R1 MOBK755Filter;MOBK755Filter;C:\Windows\System32\drivers\MOBK755.sys [2011-11-25 66040]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-3-2 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-8-4 203264]
R2 dlcx_device;dlcx_device;C:\Windows\System32\dlcxcoms.exe -service --> C:\Windows\System32\dlcxcoms.exe -service [?]
R2 DvmMDES;DeviceVM Meta Data Export Service;C:\SPLASH.SYS\config\DVMExportService.exe [2009-7-8 323584]
R2 HomeNetSvc;McAfee Home Network;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-10-10 328928]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2010-2-26 30520]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-11-15 201304]
R2 McAPExe;McAfee AP Service;C:\Program Files\McAfee\MSC\McAPExe.exe [2013-10-10 178048]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-10-10 328928]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-10-10 328928]
R2 mcpltsvc;McAfee Platform Services;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-10-10 328928]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-10-10 328928]
R2 MediaMall Server;MediaMall Server;C:\Program Files (x86)\MediaMall\MediaMallServer.exe [2013-12-4 5454640]
R2 mfecore;McAfee Anti-Malware Core;C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [2013-10-10 1017016]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2011-11-25 219272]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2011-11-25 182752]
R2 MOBK755backup;McAfee Online Backup Service;C:\Program Files (x86)\McAfee Online Backup\MOBK755backup.exe [2010-9-20 207672]
R2 NitroDriverReadSpool9;NitroPDFDriverCreatorReadSpool9;C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [2013-10-25 230920]
R2 NitroReaderDriverReadSpool3;NitroPDFReaderDriverCreatorReadSpool3;C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [2013-3-26 230416]
R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\NLSSRV32.EXE [2013-10-25 69640]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2014-3-15 39568]
R2 RealPlayer Cloud Service;RealPlayer Cloud Service;C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [2014-4-2 1141848]
R2 RealPlayerUpdateSvc;RealPlayer Update Service;C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [2014-3-20 23552]
R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe [2010-9-2 206120]
R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe [2010-9-2 185640]
R2 WRSVC;WRSVC;C:\Program Files\Webroot\WRSA.exe [2013-1-28 765528]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2011-11-25 70112]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-11-5 227896]
R3 enecir;ENE CIR Receiver;C:\Windows\System32\drivers\enecir.sys [2009-5-20 70656]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2011-11-25 310224]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2011-11-25 519192]
R3 mfencbdc;McAfee Inc. mfencbdc;C:\Windows\System32\drivers\mfencbdc.sys [2013-9-20 390552]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-4-26 215040]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2010-4-26 34872]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 GSRestartSvc;GSRestartSvc;"C:\ProgramData\Geek Squad\Customizer\GSRestartSvc.exe" --> C:\ProgramData\Geek Squad\Customizer\GSRestartSvc.exe [?]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2013-7-13 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2013-10-17 197704]
S3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2009-7-28 140128]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [2010-9-2 227232]
S3 mfencrk;McAfee Inc. mfencrk;C:\Windows\System32\drivers\mfencrk.sys [2013-9-20 95984]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-5-30 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\Windows\SysWow64\NOTEPAD.EXE %1
FileExt: .ini: inifile=C:\Windows\SysWow64\NOTEPAD.EXE %1
FileExt: .inf: inffile=C:\Windows\SysWow64\NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2014-06-13 05:35:10 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-06-12 20:04:14 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E2F1AD0C-0249-42E3-9363-94F575C4319E}\offreg.dll
2014-06-12 20:01:44 -------- d-----w- C:\Program Files (x86)\predm
2014-06-12 19:48:09 -------- d-----w- C:\Users\Owner\AppData\Local\globalUpdate
2014-06-12 19:48:09 -------- d-----w- C:\Program Files (x86)\globalUpdate
2014-06-12 19:46:14 -------- d-----w- C:\Users\Owner\AppData\Roaming\SupTab
2014-06-12 04:04:24 10702536 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E2F1AD0C-0249-42E3-9363-94F575C4319E}\mpengine.dll
2014-06-10 20:33:23 -------- d-----w- C:\Program Files\iPod
2014-06-10 20:33:22 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-06-10 20:33:22 -------- d-----w- C:\Program Files\iTunes
2014-06-10 20:33:22 -------- d-----w- C:\Program Files (x86)\iTunes
2014-06-10 07:34:22 -------- d-----w- C:\Windows\System32\SPReview
2014-05-15 22:20:06 -------- d-----w- C:\Users\Owner\AppData\Roaming\DropboxMaster
.
==================== Find3M  ====================
.
2014-06-07 16:51:20 115680 ----a-w- C:\Windows\System32\drivers\WRkrn.sys
2014-06-07 16:51:19 154760 ----a-w- C:\Windows\SysWow64\WRusr.dll
2014-06-07 16:51:19 105320 ----a-w- C:\Windows\System32\WRusr.dll
2014-05-14 00:16:59 70832 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-14 00:16:59 692400 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-05-14 00:16:47 17352880 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2014-03-31 16:35:08 270496 ------w- C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 22:51:50.73 ===============
 

Results from attach.txt file:

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 5/29/2010 9:16:48 PM
System Uptime: 6/12/2014 10:22:56 PM (0 hours ago)
.
Motherboard: Hewlett-Packard |  | 3642
Processor: AMD Turion™ II Dual-Core Mobile M520 | Socket S1G3 | 2300/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 283 GiB total, 219.954 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 2.51 GiB free.
E: is FIXED (FAT32) - 0 GiB total, 0.093 GiB free.
F: is CDROM ()
G: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP645: 6/6/2014 12:31:56 AM - Windows 7 Service Pack 1
RP646: 6/7/2014 12:22:59 AM - Windows Update
RP647: 6/8/2014 12:18:13 AM - Windows Update
RP648: 6/9/2014 12:24:34 AM - Windows Update
RP649: 6/10/2014 12:31:13 AM - Windows Update
RP650: 6/12/2014 12:30:27 AM - Windows Update
RP651: 6/12/2014 12:55:07 PM - Removed Compatibility Pack for the 2007 Office system
RP652: 6/12/2014 12:57:26 PM - Removed Compatibility Pack for the 2007 Office system
RP653: 6/12/2014 2:22:28 PM - Removed Compatibility Pack for the 2007 Office system
RP654: 6/12/2014 10:26:02 PM - Removed Java 7 Update 55
RP655: 6/12/2014 10:34:02 PM - Installed Java 7 Update 60
RP656: 6/12/2014 10:37:34 PM - Removed HiJackThis
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 13 ActiveX
Adobe Shockwave Player
Alps Touch Pad Driver
Amazon Kindle
AMD USB Filter Driver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASPCA Reminder by We-Care.com v4.1.22.1
Atheros Driver Installation Program
ATI Catalyst Install Manager
Audacity 1.3.14 (Unicode)
Best Buy pc app
Bonjour
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
CyberLink DVD Suite
D3DX10
Dell Photo AIO Printer 926
Dropbox
DVD Menu Pack for HP MediaSmart Video
ENE CIR Receiver Driver
Google Chrome
Google Toolbar for Internet Explorer
Hewlett-Packard ACLM.NET v1.2.1.1
HP 3D DriveGuard
HP Advisor
HP Customer Experience Enhancements
HP Games
HP MediaSmart DVD
HP MediaSmart Internet TV
HP MediaSmart Live TV
HP MediaSmart Music/Photo/Video
HP MediaSmart SlingPlayer
HP MediaSmart SmartMenu
HP MediaSmart Software Notebook Demo
HP MediaSmart Webcam
HP MediaSmart/TouchSmart Netflix
HP Quick Launch Buttons
HP QuickWeb
HP Setup
HP Smart Web Printing
HP Support Assistant
HP Update
HP User Guides 0146
HP Wireless Assistant
Hulu Desktop
iCloud
IDT Audio
iLivid
iTunes
Java 7 Update 60
Java Auto Updater
JMicron Flash Media Controller Driver
Junk Mail filter update
LabelPrint
LightScribe System Software
Malwarebytes Anti-Malware version 1.75.0.1300
MathGV 4.1
McAfee Internet Security
McAfee Online Backup
McAfee Security Scan Plus
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Live Search Toolbar
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Movie Theme Pack for HP MediaSmart Video
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
Nitro Pro 9
Nitro Reader 3
Norton Online Backup
OpenOffice 4.1.0
PlayOn
Power2Go
PowerDirector
PrimoPDF -- brought to you by Nitro PDF Software
QLBCASL
QuickTime 7
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer Cloud
Realtek 8136 8168 8169 Ethernet Driver
RealUpgrade 1.1
Recovery Manager
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Shared C Run-time for x64
SUPERAntiSpyware
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
UpdateService
Verizon Download Manager
Vz In Home Agent
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
6/12/2014 12:51:14 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Computer Backup (MyPC Backup) service to connect.
6/12/2014 12:51:14 PM, Error: Service Control Manager [7000]  - The Computer Backup (MyPC Backup) service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
6/12/2014 10:24:31 PM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:  An instance of the service is already running.
6/12/2014 10:23:59 PM, Error: Service Control Manager [7031]  - The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
6/12/2014 10:23:59 PM, Error: Service Control Manager [7024]  - The Windows Search service terminated with service-specific error %%-1073473535.
6/12/2014 10:23:25 PM, Error: Service Control Manager [7000]  - The GSRestartSvc service failed to start due to the following error:  The system cannot find the file specified.
6/12/2014 10:23:13 PM, Error: atikmdag [52236]  - CPLIB :: General - Invalid Parameter
6/10/2014 9:47:43 PM, Error: bowser [8003]  - The master browser has received a server announcement from the computer PAUL-ACEERPC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{6AE25851-2F02-4F8C-989E-381725231F81}. The master browser is stopping or an election is being forced.
6/10/2014 9:36:59 PM, Error: NetBT [4321]  - The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.1.65. The computer with the IP address 192.168.1.70 did not allow the name to be claimed by this computer.
6/10/2014 12:36:53 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x8024200d: Windows 7 Service Pack 1 for x64-based Systems (KB976932).
.
==== End Of File ===========================
 

Do you see any evidence of a remaining infection?



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,458 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:35 AM

Posted 17 June 2014 - 07:54 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.

Let me know what problem persists.

#3 Michael Aaron Karsh

Michael Aaron Karsh
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 17 June 2014 - 10:57 PM

These are the contents of my AdwCleaner log file:
 
# AdwCleaner v3.212 - Report created 17/06/2014 at 20:02:25
# Updated 05/06/2014 by Xplode
# Operating System : Windows 7 Home Premium  (64 bits)
# Username : Owner - DEBBIESGIFT
# Running from : C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\02TQNR28\AdwCleaner.exe
# Option : Scan
***** [ Services ] *****

***** [ Files / Folders ] *****
File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Found : C:\ProgramData\uninstaller.exe
File Found : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Found : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Found : C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk
File Found : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ud4bjk33.default\user.js
File Found : C:\Users\Owner\Desktop\iLivid.lnk
Folder Found : C:\Program Files (x86)\globalUpdate
Folder Found : C:\Program Files (x86)\predm
Folder Found : C:\Program Files (x86)\TelevisionFanaticEI
Folder Found : C:\Users\Owner\AppData\Local\globalUpdate
Folder Found : C:\Users\Owner\AppData\Local\iLivid
Folder Found : C:\Users\Owner\AppData\Local\PackageAware
Folder Found : C:\Users\Owner\AppData\Roaming\Funmoods
Folder Found : C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly
Folder Found : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ud4bjk33.default\Extensions\wecarereminder@bryan
Folder Found : C:\Users\Owner\AppData\Roaming\SupTab
***** [ Shortcuts ] *****

***** [ Registry ] *****
Data Found : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SupTab\SEARCH~2.DLL
Key Found : HKCU\Software\Classes\iLivid.torrent
Key Found : HKCU\Software\ilivid
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\TutoTag
Key Found : HKCU\Software\wecarereminder
Key Found : [x64] HKCU\Software\ilivid
Key Found : [x64] HKCU\Software\IM
Key Found : [x64] HKCU\Software\ImInstaller
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Found : [x64] HKCU\Software\TutoTag
Key Found : [x64] HKCU\Software\wecarereminder
Key Found : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}
Key Found : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7CD74AFF-3433-4E34-92E2-D98DFDB30754}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Classes\iLivid.torrent
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4084D718-3644-4504-B828-BB054729E39C}
Key Found : HKLM\Software\DeviceVM
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SupTab_Setup302_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SupTab_Setup302_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ilivid
Key Found : HKLM\SOFTWARE\MozillaPlugins\@ei.TelevisionFanatic.com/Plugin
Key Found : HKLM\Software\SupDp
Key Found : HKLM\Software\SupTab
Key Found : HKLM\Software\TelevisionFanaticEI
Key Found : HKLM\Software\Tutorials
Key Found : HKLM\Software\V9Software
Key Found : HKLM\Software\Wpm
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Found : [x64] HKLM\SOFTWARE\DeviceVM
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Found : [x64] HKLM\SOFTWARE\Updater By Sweetpacks
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [iLivid]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Found : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}]
***** [ Browsers ] *****
-\\ Internet Explorer v9.0.8112.16476
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page] - hxxp://search.v9.com/web/?type=ds&ts=1402602198&from=tugs&uid=ST9320423AS_5VH2APDY&i=psd&t=344041c5f&q={searchTerms}
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://search.v9.com/web/?type=ds&ts=1402602198&from=tugs&uid=ST9320423AS_5VH2APDY&i=psd&t=344041c5f&q={searchTerms}
Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://search.v9.com/web/?type=ds&ts=1402602198&from=tugs&uid=ST9320423AS_5VH2APDY&i=psd&t=344041c5f&q={searchTerms}
Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.v9.com/?type=hp&ts=1402602198&from=tugs&uid=ST9320423AS_5VH2APDY&i=psd&t=344041c5f
Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.v9.com/?type=hp&ts=1402602198&from=tugs&uid=ST9320423AS_5VH2APDY&i=psd&t=344041c5f
Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://search.v9.com/web/?type=ds&ts=1402602198&from=tugs&uid=ST9320423AS_5VH2APDY&i=psd&t=344041c5f&q={searchTerms}
-\\ Mozilla Firefox v
[ File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ud4bjk33.default\prefs.js ]

-\\ Google Chrome v
[ File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Found [Search Provider] : hxxp://start.sweetpacks.com?src=6&q={searchTerms}&barid={CA14121C-E2C7-11E2-97CC-7EE4004739A0}&crg=3.5000006.10045&st=23
Found [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Found [Search Provider] : hxxp://search.v9.com/web/?type=ds&ts=1402602198&from=tugs&uid=ST9320423AS_5VH2APDY&i=psd&t=344041c5f&q={searchTerms}
Found [Startup_urls] : hxxp://www.v9.com/?type=hp&ts=1402602198&from=tugs&uid=ST9320423AS_5VH2APDY&i=psd&t=344041c5f
Found [Homepage] : hxxp://www.v9.com/?type=hp&ts=1402602198&from=tugs&uid=ST9320423AS_5VH2APDY&i=psd&t=344041c5f
Found [Extension] : cjpglkicenollcignonpgiafdgfeehoj
Found [Extension] : pelmeidfhdlhlbjimpabfcbnnojbboma
*************************
AdwCleaner[R0].txt - [8550 octets] - [17/06/2014 20:02:25]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [8610 octets] ##########
 
Here are the results from FRST.txt:
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-06-2014
Ran by Owner (administrator) on DEBBIESGIFT on 17-06-2014 20:37:29
Running from C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HKXJGB93
Platform: Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(Webroot) C:\Program Files\Webroot\WRSA.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
( ) C:\Windows\System32\dlcxcoms.exe
(DeviceVM, Inc.) C:\SPLASH.SYS\config\DVMExportService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(MediaMall Technologies, Inc.) C:\Program Files (x86)\MediaMall\MediaMallServer.exe
(Webroot) C:\Program Files\Webroot\WRSA.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
() C:\Program Files (x86)\Dell Photo AIO Printer 926\dlcxmon.exe
() C:\Program Files (x86)\Dell Photo AIO Printer 926\memcard.exe
(COLLABERA) C:\Program Files (x86)\Verizon\FiOS\ihs\IHANotify.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(SupportSoft, Inc.) C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(SupportSoft, Inc.) C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe
(Dropbox, Inc.) C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe
(SupportSoft, Inc.) C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
() C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Online Backup\MOBK755backup.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Online Backup\MOBK755backup.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSM\McSmtFwk.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(RealNetworks, Inc.) C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_13_0_0_214_ActiveX.exe

==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [318464 2009-05-14] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610872 2009-08-25] ()
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2009-08-25] (IDT, Inc.)
HKLM\...\Run: [dlcxmon.exe] => C:\Program Files (x86)\Dell Photo AIO Printer 926\dlcxmon.exe [292336 2007-01-12] ()
HKLM\...\Run: [MemoryCardManager] => C:\Program Files (x86)\Dell Photo AIO Printer 926\memcard.exe [304008 2006-11-03] ()
HKLM-x32\...\Run: [WirelessAssistant] => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard)
HKLM-x32\...\Run: [VERIZONDM] => C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe [206120 2010-09-02] (SupportSoft, Inc.)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537512 2013-09-24] (McAfee, Inc.)
HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [323640 2010-02-25] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [763512 2014-06-13] (Webroot)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537512 2013-09-24] (McAfee, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [TkBellExe] => c:\program files (x86)\real\realplayer\Update\realsched.exe [296520 2014-04-02] (RealNetworks, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM-x32\...\Run: [PC HealthFix] => "C:\ProgramData\PC HealthFix\PCHealthFix.exe" /runscan
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\.DEFAULT\...\Policies\system: [DisableCMD] 0
HKU\.DEFAULT\...\Policies\system: [NoDispAppearancePage] 0
HKU\.DEFAULT\...\Policies\system: [NoDispBackgroundPage] 0
HKU\.DEFAULT\...\Policies\system: [NoDispSettingsPage] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\.DEFAULT\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\.DEFAULT\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\.DEFAULT\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\.DEFAULT\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoFile] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoDFSTab] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoResolveSearch] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoSaveSettings] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoHardwareTab] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-3310681274-4223651530-2455718018-1000\...\Run: [ihanotify] => C:\Program Files (x86)\Verizon\FiOS\ihs\IHANotify.exe [237568 2010-09-02] (COLLABERA)
HKU\S-1-5-21-3310681274-4223651530-2455718018-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6591800 2012-02-22] (Yahoo! Inc.)
HKU\S-1-5-21-3310681274-4223651530-2455718018-1000\...\Run: [Google Update] => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-05-31] (Google Inc.)
HKU\S-1-5-21-3310681274-4223651530-2455718018-1000\...\Run: [iLivid] => "C:\Users\Owner\AppData\Local\iLivid\iLivid.exe" -autorun
HKU\S-1-5-21-3310681274-4223651530-2455718018-1000\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-3310681274-4223651530-2455718018-1000\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-3310681274-4223651530-2455718018-1000\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-3310681274-4223651530-2455718018-1000\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-3310681274-4223651530-2455718018-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-21-3310681274-4223651530-2455718018-1000\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-3310681274-4223651530-2455718018-1000\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-3310681274-4223651530-2455718018-1000\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-3310681274-4223651530-2455718018-1000\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-3310681274-4223651530-2455718018-1000\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-3310681274-4223651530-2455718018-1000\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-3310681274-4223651530-2455718018-1000\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-3310681274-4223651530-2455718018-1000\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-3310681274-4223651530-2455718018-1000\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-3310681274-4223651530-2455718018-1000\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-3310681274-4223651530-2455718018-1000\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-3310681274-4223651530-2455718018-1000\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-3310681274-4223651530-2455718018-1000\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-3310681274-4223651530-2455718018-1000\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-3310681274-4223651530-2455718018-1000\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-3310681274-4223651530-2455718018-1000\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-3310681274-4223651530-2455718018-1000\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-3310681274-4223651530-2455718018-1000\...\Policies\Explorer: [NoStartMenuSubFolders] 0
AppInit_DLLs: C:\PROGRA~2\SupTab\SEARCH~2.DLL => C:\PROGRA~2\SupTab\SEARCH~2.DLL File Not Found
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk
ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (RealNetworks, Inc.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.v9.com/web/?type=ds&ts=1402602198&from=tugs&uid=ST9320423AS_5VH2APDY&i=psd&t=344041c5f&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.v9.com/web/?type=ds&ts=1402602198&from=tugs&uid=ST9320423AS_5VH2APDY&i=psd&t=344041c5f&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?type=hp&ts=1402602198&from=tugs&uid=ST9320423AS_5VH2APDY&i=psd&t=344041c5f
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.v9.com/?type=hp&ts=1402602198&from=tugs&uid=ST9320423AS_5VH2APDY&i=psd&t=344041c5f
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.v9.com/web/?type=ds&ts=1402602198&from=tugs&uid=ST9320423AS_5VH2APDY&i=psd&t=344041c5f&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://search.v9.com/web/?type=ds&ts=1402602198&from=tugs&uid=ST9320423AS_5VH2APDY&i=psd&t=344041c5f&q={searchTerms}
URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.v9.com/web/?type=ds&ts=1402602198&from=tugs&uid=ST9320423AS_5VH2APDY&i=psd&t=344041c5f&q={searchTerms}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.v9.com/web/?type=ds&ts=1402602198&from=tugs&uid=ST9320423AS_5VH2APDY&i=psd&t=344041c5f&q={searchTerms}
SearchScopes: HKLM - {F0A680F6-A92F-4E56-B97C-689B1FBE051E} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10045&barid={CA14121C-E2C7-11E2-97CC-7EE4004739A0}
SearchScopes: HKLM-x32 - {F0A680F6-A92F-4E56-B97C-689B1FBE051E} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKCU - DefaultScope {F793CC96-CCED-4457-AA21-548A4C67F8FE} URL = http://search.yahoo.com/search?fr=mcafee&type=A011US755&p={SearchTerms}
SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpacks.com?src=6&q={searchTerms}&barid={CA14121C-E2C7-11E2-97CC-7EE4004739A0}&crg=3.5000006.10045&st=23
SearchScopes: HKCU - {F0A680F6-A92F-4E56-B97C-689B1FBE051E} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKCU - {F189D17D-88DF-4F05-A215-1F9002E8DCCF} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {F793CC96-CCED-4457-AA21-548A4C67F8FE} URL = http://search.yahoo.com/search?fr=mcafee&type=A011US755&p={SearchTerms}
BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL No File
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader)
BHO: No Name - {56bc31de-97ab-4563-8599-ad5d4e9800f9} -  No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: PlayOn - {9A87E478-A2BD-44C4-9F8C-D3989A5271B1} - C:\Program Files (x86)\MediaMall\toolbar\pobho64.dll (MediaMall Technologies, Inc.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Webroot Filtering Extension - {C9C42510-9B41-42c1-9DCD-7282A2D07C61} - C:\Program Files\Webroot\WRData\PKG\Vistax64\wrflt.dll (Webroot)
BHO-x32: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - C:\Program Files\McAfee\MSK\mskapbho.dll ()
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: No Name - {56bc31de-97ab-4563-8599-ad5d4e9800f9} -  No File
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: PlayOn - {9A87E478-A2BD-44C4-9F8C-D3989A5271B1} - C:\Program Files (x86)\MediaMall\toolbar\pobho.dll (MediaMall Technologies, Inc.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Webroot Filtering Extension - {C9C42510-9B41-42c1-9DCD-7282A2D07C61} - C:\Program Files\Webroot\WRData\PKG\Vistax86\wrflt.dll (Webroot)
BHO-x32: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - PlayOn - {9A87E478-A2BD-44C4-9F8C-D3989A5271B1} - C:\Program Files (x86)\MediaMall\toolbar\pobho64.dll (MediaMall Technologies, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
Toolbar: HKLM-x32 - PlayOn - {9A87E478-A2BD-44C4-9F8C-D3989A5271B1} - C:\Program Files (x86)\MediaMall\toolbar\pobho.dll (MediaMall Technologies, Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://amsaevents.webex.com/client/WBXclient-T28L10NSP12_CP1-16851/nbr/ieatgpc1.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @ei.TelevisionFanatic.com/Plugin - C:\Program Files (x86)\TelevisionFanaticEI\Installr\1.bin\NP64EISB.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF - C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @nitropdf.com/NitroPDF.PrevVerNPR - C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @playon.tv/PlayOnToolbar - C:\Program Files (x86)\MediaMall\toolbar\npVT.dll (MediaMall Technologies, Inc.)
FF Plugin-x32: @real.com/nppl3260;version=17.0.8.22 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=17.0.8 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.8 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=17.0.8 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.8.22 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @hulu.com/Hulu Desktop - C:\Users\Owner\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll (Hulu LLC)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Owner\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Owner\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}] - C:\Program Files\Updater By SweetPacks\Firefox
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009-11-05]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2011-11-25]
FF HKLM-x32\...\Firefox\Extensions: [{0FAA5C82-A094-4541-8811-D3361F972A81}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2011-11-25]
Chrome:
=======
CHR HomePage: hxxp://www.v9.com/?type=hp&ts=1402602198&from=tugs&uid=ST9320423AS_5VH2APDY&i=psd&t=344041c5f
CHR StartupUrls: "hxxp://www.v9.com/?type=hp&ts=1402602198&from=tugs&uid=ST9320423AS_5VH2APDY&i=psd&t=344041c5f"
CHR DefaultSearchKeyword: v9
CHR DefaultSearchProvider: v9
CHR DefaultSearchURL: http://search.v9.com/web/?type=ds&ts=1402602198&from=tugs&uid=ST9320423AS_5VH2APDY&i=psd&t=344041c5f&q={searchTerms}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Owner\AppData\Local\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Owner\AppData\Local\Google\Chrome\Application\35.0.1916.153\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Owner\AppData\Local\Google\Chrome\Application\35.0.1916.153\gcswf32.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (TelevisionFanatic Installer Plugin Stub) - C:\Program Files (x86)\TelevisionFanaticEI\Installr\1.bin\NP64EISB.dll No File
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Hulu Desktop) - C:\Users\Owner\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll (Hulu LLC)
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll ()
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-12]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-05-31]
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-05-31]
CHR Extension: (SiteAdvisor) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2012-05-31]
CHR Extension: (RealPlayer Downloader) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-11-08]
CHR Extension: (PlayOn) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ienaefcpghbmccojmklhdffdobkbencj [2013-11-18]
CHR Extension: (Webroot Filtering Extension) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjeghcllfecehndceplomkocgfbklffd [2014-03-26]
CHR Extension: (FastestFox for Chrome) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm [2013-07-01]
CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-12]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-05-31]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-06-12]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2014-03-15]
CHR HKLM-x32\...\Chrome\Extension: [ienaefcpghbmccojmklhdffdobkbencj] - C:\Program Files (x86)\MediaMall\toolbar\ce.crx [2013-11-05]
CHR HKLM-x32\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd] - C:\ProgramData\WRData\PKG\CHROME\CHROME_1.0.0.26.crx [2014-01-30]
CHR StartMenuInternet: Google Chrome - C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-07-11] (SUPERAntiSpyware.com) [File not signed]
R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
R2 dlcx_device; C:\Windows\system32\dlcxcoms.exe [561152 2006-10-11] ( )
R2 dlcx_device; C:\Windows\SysWOW64\dlcxcoms.exe [532480 2006-10-11] ( ) [File not signed]
R2 DvmMDES; C:\SPLASH.SYS\config\DVMExportService.exe [323584 2009-07-08] (DeviceVM, Inc.) [File not signed]
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-08-20] (Hewlett-Packard Company) [File not signed]
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178048 2013-09-24] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [227232 2010-09-02] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 MediaMall Server; C:\Program Files (x86)\MediaMall\MediaMallServer.exe [5454640 2014-03-28] (MediaMall Technologies, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1017016 2013-09-20] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-09-24] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-09-24] (McAfee, Inc.)
R2 MOBK755backup; C:\Program Files (x86)\McAfee Online Backup\MOBK755backup.exe [207672 2010-09-20] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2013-10-25] (Nitro PDF Software)
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-03-26] (Nitro PDF Software)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-03-15] ()
R2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-04-02] (RealNetworks, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-03-20] () [File not signed]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-06] ()
R2 sprtsvc_verizondm; C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe [206120 2010-09-02] (SupportSoft, Inc.)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe [247808 2010-03-23] (IDT, Inc.)
R2 tgsrvc_verizondm; C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe [185640 2010-09-02] (SupportSoft, Inc.)
R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [763512 2014-06-13] (Webroot)
S2 GSRestartSvc; "C:\ProgramData\Geek Squad\Customizer\GSRestartSvc.exe" [X]
==================== Drivers (Whitelisted) ====================
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-09-24] (McAfee, Inc.)
R1 DVMIO; C:\SPLASH.SYS\config\dvmio.sys [21624 2009-09-27] (DeviceVM, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179664 2013-09-24] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [310224 2013-09-24] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [519192 2013-09-24] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [781312 2013-09-24] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [390552 2013-09-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [95984 2013-09-20] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [343568 2013-09-24] (McAfee, Inc.)
R1 MOBK755Filter; C:\Windows\System32\DRIVERS\MOBK755.sys [66040 2010-09-20] (Mozy, Inc.)
R3 msvad_simple; C:\Windows\System32\drivers\povrtdev.sys [28528 2012-11-02] (MediaMall Technologies, Inc.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [114176 2014-06-13] (Webroot)
U4 eabfiltr;
U0 SR;
U2 srservice;
==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========
2014-06-17 20:02 - 2014-06-17 20:03 - 00000000 ____D () C:\AdwCleaner
2014-06-17 20:02 - 2014-06-17 20:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-06-17 20:00 - 2014-06-17 20:37 - 00000000 ____D () C:\FRST
2014-06-17 00:50 - 2014-06-17 00:50 - 00000000 ____D () C:\Windows\system32\SPReview
2014-06-13 13:16 - 2014-06-13 13:16 - 00002975 _____ () C:\Users\Owner\Desktop\HiJackThis.lnk
2014-06-13 13:16 - 2014-06-13 13:16 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2014-06-13 13:16 - 2014-06-13 13:16 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
2014-06-12 22:52 - 2014-06-12 22:52 - 00009707 _____ () C:\Users\Owner\Desktop\attach.txt
2014-06-12 22:52 - 2014-06-12 22:51 - 00027411 _____ () C:\Users\Owner\Desktop\dds.txt
2014-06-12 22:37 - 2014-06-17 20:00 - 00004144 _____ () C:\Windows\setupact.log
2014-06-12 22:37 - 2014-06-12 22:37 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-12 22:35 - 2014-06-12 22:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-12 22:35 - 2014-06-12 22:34 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-06-12 22:35 - 2014-06-12 22:34 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-06-12 22:35 - 2014-06-12 22:34 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-06-12 22:35 - 2014-06-12 22:34 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-06-12 14:27 - 2014-06-12 14:28 - 04748896 _____ (Piriform Ltd) C:\Users\Owner\Downloads\ccsetup414.exe
2014-06-12 14:20 - 2014-06-12 14:20 - 00003158 _____ () C:\Windows\System32\Tasks\{62989CDC-2D61-4C07-AD9E-B5793B304797}
2014-06-12 14:11 - 2014-06-17 15:50 - 00003346 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3310681274-4223651530-2455718018-1000
2014-06-12 14:11 - 2014-06-17 15:50 - 00003212 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3310681274-4223651530-2455718018-1000
2014-06-12 13:01 - 2014-06-12 13:01 - 00000000 ____D () C:\Program Files (x86)\predm
2014-06-12 12:48 - 2014-06-12 18:53 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-06-12 12:48 - 2014-06-12 12:48 - 00000000 ____D () C:\Users\Owner\AppData\Local\globalUpdate
2014-06-12 12:46 - 2014-06-12 12:46 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\SupTab
2014-06-12 12:44 - 2014-06-12 12:44 - 00000706 _____ () C:\Windows\PCHealthFix.INI
2014-06-12 12:40 - 2014-06-12 14:18 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-06-12 12:38 - 2014-06-12 12:38 - 00003260 _____ () C:\Windows\System32\Tasks\{0209FAF9-6E4E-4905-912E-6576F24DDDF8}
2014-06-10 13:36 - 2014-06-10 13:36 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-06-10 13:36 - 2014-06-10 13:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-06-10 13:33 - 2014-06-10 13:36 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-06-10 13:33 - 2014-06-10 13:36 - 00000000 ____D () C:\Program Files\iTunes
2014-06-10 13:33 - 2014-06-10 13:36 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-06-10 13:33 - 2014-06-10 13:33 - 00000000 ____D () C:\Program Files\iPod
==================== One Month Modified Files and Folders =======
2014-06-17 20:39 - 2010-05-29 21:16 - 00000000 ____D () C:\Users\Owner\AppData\Local\Temp
2014-06-17 20:37 - 2014-06-17 20:00 - 00000000 ____D () C:\FRST
2014-06-17 20:24 - 2012-05-31 21:58 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3310681274-4223651530-2455718018-1000UA.job
2014-06-17 20:15 - 2012-04-05 22:20 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-17 20:03 - 2014-06-17 20:02 - 00000000 ____D () C:\AdwCleaner
2014-06-17 20:02 - 2014-06-17 20:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-06-17 20:02 - 2013-01-11 01:05 - 00000000 ____D () C:\ProgramData\WRData
2014-06-17 20:00 - 2014-06-12 22:37 - 00004144 _____ () C:\Windows\setupact.log
2014-06-17 19:52 - 2011-12-26 18:20 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-17 19:28 - 2010-04-26 17:44 - 01179808 _____ () C:\Windows\WindowsUpdate.log
2014-06-17 16:00 - 2010-04-26 18:19 - 00000177 ____H () C:\dvmexp.idx
2014-06-17 15:59 - 2009-07-13 21:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-17 15:59 - 2009-07-13 21:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-17 15:52 - 2012-12-05 00:02 - 00000000 ____D () C:\ProgramData\MediaMall
2014-06-17 15:52 - 2012-03-14 22:26 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Dropbox
2014-06-17 15:51 - 2014-05-15 15:20 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\DropboxMaster
2014-06-17 15:51 - 2012-03-14 22:30 - 00000000 ___RD () C:\Users\Owner\Dropbox
2014-06-17 15:50 - 2014-06-12 14:11 - 00003346 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3310681274-4223651530-2455718018-1000
2014-06-17 15:50 - 2014-06-12 14:11 - 00003212 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3310681274-4223651530-2455718018-1000
2014-06-17 15:50 - 2011-12-26 18:20 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-17 15:49 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-17 00:50 - 2014-06-17 00:50 - 00000000 ____D () C:\Windows\system32\SPReview
2014-06-16 22:36 - 2012-05-31 21:58 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3310681274-4223651530-2455718018-1000Core.job
2014-06-16 14:48 - 2014-04-11 12:22 - 00000000 ____D () C:\Users\Owner\Documents\My Kindle Content
2014-06-13 23:07 - 2013-10-21 20:03 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForOwner
2014-06-13 23:07 - 2013-10-21 20:03 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForOwner.job
2014-06-13 13:16 - 2014-06-13 13:16 - 00002975 _____ () C:\Users\Owner\Desktop\HiJackThis.lnk
2014-06-13 13:16 - 2014-06-13 13:16 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2014-06-13 13:16 - 2014-06-13 13:16 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
2014-06-13 11:34 - 2013-02-16 17:51 - 00103816 _____ (Webroot) C:\Windows\system32\WRusr.dll
2014-06-13 11:34 - 2013-01-28 01:01 - 00153256 _____ (Webroot) C:\Windows\SysWOW64\WRusr.dll
2014-06-13 11:34 - 2013-01-28 01:01 - 00114176 _____ (Webroot) C:\Windows\system32\Drivers\WRkrn.sys
2014-06-12 22:52 - 2014-06-12 22:52 - 00009707 _____ () C:\Users\Owner\Desktop\attach.txt
2014-06-12 22:51 - 2014-06-12 22:52 - 00027411 _____ () C:\Users\Owner\Desktop\dds.txt
2014-06-12 22:37 - 2014-06-12 22:37 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-12 22:35 - 2014-06-12 22:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-12 22:35 - 2013-10-20 06:37 - 00000000 ____D () C:\ProgramData\Oracle
2014-06-12 22:34 - 2014-06-12 22:35 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-06-12 22:34 - 2014-06-12 22:35 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-06-12 22:34 - 2014-06-12 22:35 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-06-12 22:34 - 2014-06-12 22:35 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-06-12 18:53 - 2014-06-12 12:48 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-06-12 14:30 - 2012-10-02 21:39 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-06-12 14:28 - 2014-06-12 14:27 - 04748896 _____ (Piriform Ltd) C:\Users\Owner\Downloads\ccsetup414.exe
2014-06-12 14:28 - 2012-10-02 21:19 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-06-12 14:28 - 2012-10-02 21:19 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-12 14:24 - 2010-05-29 21:22 - 00000000 ___RD () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-06-12 14:21 - 2011-12-25 23:50 - 00001383 _____ () C:\Users\Owner\Desktop\Internet Explorer (64-bit).lnk
2014-06-12 14:21 - 2010-05-29 21:22 - 00001447 _____ () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-06-12 14:21 - 2010-05-29 21:22 - 00001413 _____ () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-06-12 14:20 - 2014-06-12 14:20 - 00003158 _____ () C:\Windows\System32\Tasks\{62989CDC-2D61-4C07-AD9E-B5793B304797}
2014-06-12 14:18 - 2014-06-12 12:40 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-06-12 13:01 - 2014-06-12 13:01 - 00000000 ____D () C:\Program Files (x86)\predm
2014-06-12 12:48 - 2014-06-12 12:48 - 00000000 ____D () C:\Users\Owner\AppData\Local\globalUpdate
2014-06-12 12:46 - 2014-06-12 12:46 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\SupTab
2014-06-12 12:44 - 2014-06-12 12:44 - 00000706 _____ () C:\Windows\PCHealthFix.INI
2014-06-12 12:40 - 2009-07-13 20:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-06-12 12:40 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-06-12 12:38 - 2014-06-12 12:38 - 00003260 _____ () C:\Windows\System32\Tasks\{0209FAF9-6E4E-4905-912E-6576F24DDDF8}
2014-06-12 00:34 - 2013-07-13 20:31 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-12 00:31 - 2010-05-30 11:19 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-10 13:36 - 2014-06-10 13:36 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-06-10 13:36 - 2014-06-10 13:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-06-10 13:36 - 2014-06-10 13:33 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-06-10 13:36 - 2014-06-10 13:33 - 00000000 ____D () C:\Program Files\iTunes
2014-06-10 13:36 - 2014-06-10 13:33 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-06-10 13:33 - 2014-06-10 13:33 - 00000000 ____D () C:\Program Files\iPod
2014-06-03 13:40 - 2013-02-08 20:20 - 00000000 ____D () C:\Users\Owner\Documents\Michaeljobstuff
2014-05-24 10:02 - 2012-03-14 22:30 - 00001020 _____ () C:\Users\Owner\Desktop\Dropbox.lnk
2014-05-24 10:02 - 2012-03-14 22:27 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-21 13:33 - 2014-03-21 21:20 - 00000000 ____D () C:\Users\Owner\Documents\MoveToAmendstuff
Files to move or delete:
====================
C:\ProgramData\uninstaller.exe

Some content of TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\2040-2082_re-markit.exe
C:\Users\Owner\AppData\Local\Temp\BackupSetup.exe
C:\Users\Owner\AppData\Local\Temp\cloud_backup_setup.exe
C:\Users\Owner\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpwrpre_.dll
C:\Users\Owner\AppData\Local\Temp\setup-silent-advert.exe
C:\Users\Owner\AppData\Local\Temp\vopackage.exe

==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-06-08 19:44
==================== End Of Log ============================
 
I don't know how to attach files here, but here are the contents from addition.txt:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-06-2014
Ran by Owner at 2014-06-17 20:40:00
Running from C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HKXJGB93
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Webroot SecureAnywhere (Enabled - Up to date) {66A6FE14-08CB-F415-3742-517201416109}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Webroot SecureAnywhere (Enabled - Up to date) {DDC71FF0-2EF1-FB9B-0DF2-6A007AC62BB4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Disabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM-x32\...\{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}) (Version: 11.0 - Adobe Systems, Inc.)
Alps Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version:  - ALPS ELECTRIC CO., LTD.)
Amazon Kindle (HKCU\...\Amazon Kindle) (Version:  - Amazon)
AMD USB Filter Driver (x32 Version: 1.0.11.86 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASPCA Reminder by We-Care.com v4.1.22.1 (HKLM-x32\...\{DB9BF6DA-8030-4A21-9FF4-8856A7556FCF}) (Version: 4.1.22.1 - We-Care.com)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)
ATI Catalyst Install Manager (HKLM\...\{FAD2A992-14E4-4B85-2882-FAB8A81495B3}) (Version: 3.0.732.0 - ATI Technologies, Inc.)
Audacity 1.3.14 (Unicode) (HKLM-x32\...\Audacity 1.3 Beta (Unicode)_is1) (Version:  - Audacity Team)
Best Buy pc app (HKCU\...\48e4cff94f039634) (Version: 3.1.0.0 - Best Buy)
Best Buy pc app (Version: 3.0.1.2 - Best Buy) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (x32 Version: 2009.0804.2223.38385 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2009.0804.2223.38385 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2009.0804.2223.38385 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2009.0804.2223.38385 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2009.0804.2223.38385 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2009.0804.2223.38385 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2009.0804.2223.38385 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2009.0804.2223.38385 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2009.0804.2222.38385 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2009.0804.2222.38385 - ATI) Hidden
CCC Help Czech (x32 Version: 2009.0804.2222.38385 - ATI) Hidden
CCC Help Danish (x32 Version: 2009.0804.2222.38385 - ATI) Hidden
CCC Help Dutch (x32 Version: 2009.0804.2222.38385 - ATI) Hidden
CCC Help English (x32 Version: 2009.0804.2222.38385 - ATI) Hidden
CCC Help Finnish (x32 Version: 2009.0804.2222.38385 - ATI) Hidden
CCC Help French (x32 Version: 2009.0804.2222.38385 - ATI) Hidden
CCC Help German (x32 Version: 2009.0804.2222.38385 - ATI) Hidden
CCC Help Greek (x32 Version: 2009.0804.2222.38385 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2009.0804.2222.38385 - ATI) Hidden
CCC Help Italian (x32 Version: 2009.0804.2222.38385 - ATI) Hidden
CCC Help Japanese (x32 Version: 2009.0804.2222.38385 - ATI) Hidden
CCC Help Korean (x32 Version: 2009.0804.2222.38385 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2009.0804.2222.38385 - ATI) Hidden
CCC Help Polish (x32 Version: 2009.0804.2222.38385 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2009.0804.2222.38385 - ATI) Hidden
CCC Help Russian (x32 Version: 2009.0804.2222.38385 - ATI) Hidden
CCC Help Spanish (x32 Version: 2009.0804.2222.38385 - ATI) Hidden
CCC Help Swedish (x32 Version: 2009.0804.2222.38385 - ATI) Hidden
CCC Help Thai (x32 Version: 2009.0804.2222.38385 - ATI) Hidden
CCC Help Turkish (x32 Version: 2009.0804.2222.38385 - ATI) Hidden
ccc-core-static (x32 Version: 2009.0804.2223.38385 - ATI) Hidden
ccc-utility64 (Version: 2009.0804.2223.38385 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2111 - CyberLink Corp.)
CyberLink DVD Suite (x32 Version: 7.0.2111 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Photo AIO Printer 926 (HKLM\...\Dell Photo AIO Printer 926) (Version:  - Dell, Inc.)
Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 3.1.3224 - Hewlett-Packard)
DVD Menu Pack for HP MediaSmart Video (x32 Version: 3.1.3224 - Hewlett-Packard) Hidden
ENE CIR Receiver Driver (HKLM\...\5F4DD0919B4763856B77AD385DEEEFCDF01784A8) (Version: 2.7.3.519 - ENE)
Google Chrome (HKCU\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
HP 3D DriveGuard (HKLM\...\{85A42FF0-F0D0-44A3-B226-C124D6E8B1D5}) (Version: 4.0.3.1 - Hewlett-Packard)
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.3.9512.3162 - Hewlett-Packard)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 3.1.3402 - Hewlett-Packard)
HP MediaSmart DVD (x32 Version: 3.1.3402 - Hewlett-Packard) Hidden
HP MediaSmart Internet TV (HKLM-x32\...\InstallShield_{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}) (Version: 3.1.2125 - Hewlett-Packard)
HP MediaSmart Internet TV (x32 Version: 3.1.2125 - Hewlett-Packard) Hidden
HP MediaSmart Live TV (HKLM-x32\...\InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}) (Version: 3.1.2206 - Hewlett-Packard)
HP MediaSmart Live TV (x32 Version: 3.1.2206 - Hewlett-Packard) Hidden
HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 3.1.3405 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (x32 Version: 3.1.3405 - Hewlett-Packard) Hidden
HP MediaSmart SlingPlayer (HKLM-x32\...\{1747DF05-6890-440B-B094-2146F5DC50E0}) (Version: 3.0.1.64 - Sling Media, Inc.)
HP MediaSmart SmartMenu (HKLM\...\{88E60521-1E4E-4785-B9F1-1798A4BD0C30}) (Version: 3.1.0.1 - Hewlett-Packard)
HP MediaSmart Software Notebook Demo (HKLM-x32\...\{82A213BD-B6AA-4281-A2D3-59D51893CC56}) (Version: 1.00.0000 - Hewlett-Packard)
HP MediaSmart Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.2207 - Hewlett-Packard)
HP MediaSmart Webcam (x32 Version: 3.1.2207 - Hewlett-Packard) Hidden
HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{3CD3B705-467B-408D-A09D-5BF61A59F088}) (Version: 1.0.1.0 - Hewlett-Packard)
HP Quick Launch Buttons (HKLM-x32\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.16.1 - Hewlett-Packard Company)
HP QuickWeb (HKLM-x32\...\{21FFAF37-E51A-41AB-8749-ACD1F9CF8E37}) (Version: 1.1.2.1 - DeviceVM, Inc.)
HP Setup (HKLM-x32\...\{17B4760F-334B-475D-829F-1A3E94A6A4E6}) (Version: 1.2.3560.3170 - Hewlett-Packard)
HP Smart Web Printing (HKLM-x32\...\HP Smart Web Printing) (Version: 131.1.35898 - Hewlett-Packard)
HP Smart Web Printing (x32 Version: 131.1.35898 - Hewlett-Packard) Hidden
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{D46D081B-F60E-467E-A7C4-117B70D76731}) (Version: 5.001.000.014 - Hewlett-Packard)
HP User Guides 0146 (HKLM-x32\...\{45E5D641-3C82-4F95-92FB-AE5459DF2988}) (Version: 1.02.0002 - Hewlett-Packard)
HP Wireless Assistant (HKLM-x32\...\{54CC7901-804D-4155-B353-21F0CC9112AB}) (Version: 3.50.9.1 - Hewlett-Packard)
Hulu Desktop (HKCU\...\HuluDesktop) (Version: 0.9.14 - Hulu LLC)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6233.0 - IDT)
iLivid (HKLM-x32\...\iLivid) (Version: 5.0.0.4002 - Bandoo Media Inc) <==== ATTENTION
iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (x32 Version: 2.1.60.19 - Oracle, Inc.) Hidden
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.31.3 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2111 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2111 - CyberLink Corp.) Hidden
LightScribe System Software (HKLM-x32\...\{CC8E94A2-55C7-4460-953C-2A790180578C}) (Version: 1.18.8.1 - LightScribe)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
MathGV 4.1 (HKLM-x32\...\{D30F78E6-2A82-48E5-94A9-D295D64501BF}) (Version: 4.1.0 - MathGV)
McAfee Internet Security (HKLM-x32\...\MSC) (Version: 12.8.856 - McAfee, Inc.)
McAfee Online Backup (Version: 1.16.6.1 - McAfee, Inc.) Hidden
McAfee Online Backup (x32 Version:  - McAfee, Inc.) Hidden
McAfee Security Scan Plus (HKLM-x32\...\McAfee Security Scan) (Version: 2.1.121.2 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Live Search Toolbar (HKLM-x32\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.566.0 - Microsoft Live Search Toolbar)
Microsoft Live Search Toolbar (x32 Version: 3.0.566.0 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 3.1.3310 - Hewlett-Packard)
Movie Theme Pack for HP MediaSmart Video (x32 Version: 3.1.3310 - Hewlett-Packard) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 and SOAP Toolkit 3.0 (x32 Version: 1.0.0.0 - Webroot Software, Inc.) Hidden
Nitro Pro 9 (HKLM-x32\...\{64dedc6d-57a3-44c8-a211-4079e38ac141}) (Version: 9.0.3.2 - Nitro)
Nitro Pro 9 (Version: 9.0.3.2 - Nitro) Hidden
Nitro Reader 3 (HKLM\...\{4436B9BD-CA66-4D69-9091-2D2EB62F09AD}) (Version: 3.5.2.10 - Nitro)
Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.2.20.0 - Symantec)
OpenOffice 4.1.0 (HKLM-x32\...\{C87EF11D-36E9-479D-9898-7541EA1E8A6A}) (Version: 4.10.9764 - Apache Software Foundation)
PlayOn (HKLM-x32\...\{9A813011-3B2D-42FE-8B9E-BB55553FBFD4}) (Version: 3.8.5 - MediaMall Technologies, Inc.)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3311 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.3311 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3311 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.3311 - CyberLink Corp.) Hidden
PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
QLBCASL (x32 Version: 6.40.17.2 - Hewlett-Packard) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RealDownloader (x32 Version: 17.0.8 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer Cloud (HKLM-x32\...\RealPlayer 17.0) (Version: 17.0.8 - RealNetworks)
Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0005 - Realtek)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Recovery Manager (x32 Version: 5.5.2214 - CyberLink Corp.) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.5.1022 - SUPERAntiSpyware.com)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
Verizon Download Manager (HKLM-x32\...\{F54E5D65-CB60-4A31-A71B-BCFB0FA0076D}) (Version: 1.0.0 - Verizon)
Vz In Home Agent (HKLM-x32\...\{2746B4DE-A2EE-4B33-A7CE-B33BAD5EF6FE}) (Version: 7.08.22 - Verizon)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - Yahoo! Inc.)

==================== Restore Points  =========================

15-06-2014 07:38:36 Windows 7 Service Pack 1
16-06-2014 07:25:17 Windows Update
17-06-2014 07:48:08 Windows Update

==================== Hosts content: ==========================

2009-07-13 19:34 - 2012-11-27 22:31 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {09F309EF-524F-4C1C-BBA8-1E64EDD29DDE} - System32\Tasks\HPCeeScheduleForOwner => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {0AA0E62F-49AF-4E08-9690-90D4479440BA} - System32\Tasks\CapSchedInst => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CapSchedInst.exe [2009-10-06] (CL)
Task: {0B5CC35B-358A-49EA-83F4-1448FB2CFEA8} - System32\Tasks\CapUninst => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CapUninst.exe [2009-10-06] (CL)
Task: {11C380EA-FA08-4EC6-864F-0093CF2E718D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3310681274-4223651530-2455718018-1000UA => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-31] (Google Inc.)
Task: {1D10A0E6-1BCC-46AD-A964-B08DA5CB000C} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3310681274-4223651530-2455718018-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2014-03-15] (RealNetworks, Inc.)
Task: {1D7958FB-8CBA-4465-9A2D-5C481148BBE5} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2009-10-05] (CyberLink)
Task: {34110246-9E25-4744-9482-FFEBC1A00740} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-21] (Hewlett-Packard)
Task: {493DEA46-B0C4-4FDA-9799-BA2CFB445FD9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-26] (Google Inc.)
Task: {580521EC-031D-42D1-9F42-2AF7895DFC7D} - System32\Tasks\DVDAgent => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
Task: {5D7C1C20-25AD-425A-9185-7201FDB8CDA1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-26] (Google Inc.)
Task: {63F71CE6-1E1C-47FA-BDD7-AF048F045B4E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3310681274-4223651530-2455718018-1000Core => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-31] (Google Inc.)
Task: {667DBDA2-72AF-4CB3-B7F5-A020EB768EE4} - System32\Tasks\CapSvcInst => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CapSvcInst.exe [2009-10-06] (CL)
Task: {6BC0799C-F887-49C8-820A-8883F2F12DA9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {81657BD3-EACC-45D0-B2ED-701F379FFBFF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {84827A0B-7189-4278-AF78-CBE45B5DE8E8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {8B3AA994-6D13-4EC9-B40D-03964B105C5F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2013-07-23] (Microsoft)
Task: {8E8729D7-E468-40E9-B842-28AA5B6C473C} - System32\Tasks\TVAgent => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe [2009-10-06] (CyberLink Corp.)
Task: {9DE11B62-65C2-461B-A1D1-C972217BA83A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-09-05] (Hewlett-Packard Company)
Task: {AB4439BC-BD3F-47CC-BFE0-2337DC084F55} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3310681274-4223651530-2455718018-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-03-20] (RealNetworks, Inc.)
Task: {B33E8173-A827-4CBF-A4A7-1015E2FEE52B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: {C93CBC4D-AF4B-4CA8-BF1C-6021D911B39A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-13] (Adobe Systems Incorporated)
Task: {D508F816-3097-4386-B40C-D5BF138405AB} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3310681274-4223651530-2455718018-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-03-20] (RealNetworks, Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3310681274-4223651530-2455718018-1000Core.job => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3310681274-4223651530-2455718018-1000UA.job => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForOwner.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2013-11-12 22:29 - 2011-02-28 15:37 - 00095008 _____ () C:\Windows\System32\Primomonnt.dll
2013-06-04 22:46 - 2006-10-20 00:39 - 00144896 _____ () C:\Windows\system32\spool\PRTPROCS\x64\dlcxdrpp.dll
2013-06-04 21:51 - 2006-10-20 00:38 - 00195072 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\dlcxdr.dll
2013-06-04 21:51 - 2006-10-20 00:41 - 00134656 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\dlcxdrui.dll
2013-06-04 21:51 - 2006-10-20 20:31 - 00126464 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\dlcxPRPR.DLL
2013-06-04 21:51 - 2006-09-06 05:13 - 00064000 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\dlcxCFG.DLL
2013-06-04 21:51 - 2006-04-28 18:14 - 00729600 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\dlcxHPEC.DLL
2013-06-04 21:51 - 2006-04-28 18:13 - 00165888 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\dlcxflib.dll
2009-08-25 09:48 - 2009-08-25 09:48 - 00610872 _____ () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
2013-06-04 22:03 - 2007-01-12 11:57 - 00292336 _____ () C:\Program Files (x86)\Dell Photo AIO Printer 926\dlcxmon.exe
2013-06-04 22:03 - 2006-11-03 17:04 - 00304008 _____ () C:\Program Files (x86)\Dell Photo AIO Printer 926\memcard.exe
2014-03-15 03:18 - 2014-03-15 03:18 - 00039568 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2014-03-20 21:13 - 2014-03-20 21:13 - 00023552 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
2009-11-05 19:40 - 2009-07-06 12:20 - 00247152 _____ () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2013-06-04 21:51 - 2006-08-08 15:21 - 00732160 _____ () C:\Windows\system32\dlcxdrs.dll
2013-06-04 22:00 - 2006-09-06 05:13 - 00064000 _____ () C:\Windows\system32\dlcxcfg.dll
2013-06-04 21:51 - 2006-09-22 06:43 - 00024576 _____ () C:\Windows\system32\dlcxcaps.dll
2013-06-04 21:51 - 2006-03-19 19:03 - 00054784 _____ () C:\Windows\system32\dlcxcnv4.dll
2009-07-01 16:44 - 2009-07-01 16:44 - 00632888 _____ () C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
2010-09-20 04:27 - 2010-09-20 04:27 - 00078136 _____ () C:\Program Files (x86)\McAfee Online Backup\librs2.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-03-05 20:25 - 2013-03-05 20:25 - 00335872 _____ () C:\Program Files (x86)\MediaMall\lua51a.dll
2013-06-04 22:03 - 2006-08-08 14:54 - 00278528 _____ () C:\Program Files (x86)\Dell Photo AIO Printer 926\dlcxscw.dll
2013-06-04 22:02 - 2006-09-06 05:13 - 00073728 _____ () C:\Program Files (x86)\Dell Photo AIO Printer 926\dlcxcfg.dll
2013-06-04 22:03 - 2006-03-14 16:38 - 00143360 _____ () C:\Program Files (x86)\Dell Photo AIO Printer 926\dlcxdrec.dll
2014-04-02 21:07 - 2014-04-02 21:07 - 00869976 _____ () c:\program files (x86)\real\realplayer\RPDS\Plugins\cldplin.dll
2014-06-17 15:51 - 2014-06-17 15:51 - 00043008 _____ () c:\users\owner\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpwrpre_.dll
2013-08-23 12:01 - 2013-08-23 12:01 - 25100288 _____ () C:\Users\Owner\AppData\Roaming\Dropbox\bin\libcef.dll
2009-10-05 23:08 - 2009-10-05 23:08 - 00931112 _____ () c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
2009-10-06 22:57 - 2009-10-06 22:57 - 00120232 _____ () c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CLSchMgr.dll
2009-10-06 22:57 - 2009-10-06 22:57 - 00279976 _____ () c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CLCapEngine.dll
2009-10-06 22:57 - 2009-10-06 22:57 - 00464168 _____ () c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CLTinyDB.dll
2012-03-20 23:31 - 2012-02-22 20:49 - 00921600 _____ () C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
2014-04-02 21:07 - 2014-04-02 21:07 - 00571992 _____ () c:\program files (x86)\real\realplayer\RPDS\Lib\r1api.dll
2011-11-25 17:04 - 2011-03-11 16:33 - 00238056 _____ () C:\Program Files\McAfee\MSK\mskapbho.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"

==================== EXE Association (whitelisted) =============

HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-21-3310681274-4223651530-2455718018-1000\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-21-3310681274-4223651530-2455718018-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION!

==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\startupreg: HPADVISOR => "C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" view=DOCKVIEW
MSCONFIG\startupreg: SUPERAntiSpyware => "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (06/17/2014 03:53:46 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {200fb5b2-80e1-41c8-a83b-1c2c2651ec9e}

Error: (06/16/2014 10:36:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GoogleUpdate.exe, version: 1.3.21.103, time stamp: 0x4f3c6d6c
Faulting module name: ntdll.dll, version: 6.1.7600.16915, time stamp: 0x4ec49d10
Exception code: 0xc0000005
Fault offset: 0x00022360
Faulting process id: 0xe4c
Faulting application start time: 0xGoogleUpdate.exe0
Faulting application path: GoogleUpdate.exe1
Faulting module path: GoogleUpdate.exe2
Report Id: GoogleUpdate.exe3

Error: (06/16/2014 08:12:29 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (06/16/2014 02:29:30 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {9e1f334e-f6c4-4222-91d7-f605f73a954c}

Error: (06/15/2014 09:38:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GoogleUpdate.exe, version: 1.3.21.103, time stamp: 0x4f3c6d6c
Faulting module name: ntdll.dll, version: 6.1.7600.16915, time stamp: 0x4ec49d10
Exception code: 0xc0000005
Fault offset: 0x00022360
Faulting process id: 0x21a4
Faulting application start time: 0xGoogleUpdate.exe0
Faulting application path: GoogleUpdate.exe1
Faulting module path: GoogleUpdate.exe2
Report Id: GoogleUpdate.exe3

Error: (06/15/2014 04:48:26 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (06/15/2014 09:30:00 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {3335b563-e363-4cfc-b3c3-9b4e484e4e0b}

Error: (06/14/2014 06:43:59 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (06/14/2014 01:01:57 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {4f5a532d-96af-4583-8824-f9fdb35b29d9}

Error: (06/13/2014 11:56:36 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

System errors:
=============
Error: (06/17/2014 03:50:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The GSRestartSvc service failed to start due to the following error:
%%2

Error: (06/17/2014 03:49:53 PM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (06/17/2014 00:53:06 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200d: Windows 7 Service Pack 1 for x64-based Systems (KB976932).

Error: (06/16/2014 02:26:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The GSRestartSvc service failed to start due to the following error:
%%2

Error: (06/16/2014 02:26:25 PM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (06/16/2014 00:30:36 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200d: Windows 7 Service Pack 1 for x64-based Systems (KB976932).

Error: (06/15/2014 03:21:37 PM) (Source: BROWSER) (EventID: 8032) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{6AE25851-2F02-4F8C-989E-381725231F81}.
The backup browser is stopping.

Error: (06/15/2014 02:06:57 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NlaSvc service.

Error: (06/15/2014 09:26:09 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The GSRestartSvc service failed to start due to the following error:
%%2

Error: (06/15/2014 09:25:59 AM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter

Microsoft Office Sessions:
=========================
Error: (06/17/2014 03:53:46 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {200fb5b2-80e1-41c8-a83b-1c2c2651ec9e}

Error: (06/16/2014 10:36:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: GoogleUpdate.exe1.3.21.1034f3c6d6cntdll.dll6.1.7600.169154ec49d10c000000500022360e4c01cf89ec10f6941dC:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exeC:\Windows\SysWOW64\ntdll.dll4b7f4fa5-f5e1-11e3-adef-705ab6a41036

Error: (06/16/2014 08:12:29 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (06/16/2014 02:29:30 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {9e1f334e-f6c4-4222-91d7-f605f73a954c}

Error: (06/15/2014 09:38:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: GoogleUpdate.exe1.3.21.1034f3c6d6cntdll.dll6.1.7600.169154ec49d10c00000050002236021a401cf891afd371c3dC:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exeC:\Windows\SysWOW64\ntdll.dll0480aab1-f510-11e3-9414-705ab6a41036

Error: (06/15/2014 04:48:26 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (06/15/2014 09:30:00 AM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {3335b563-e363-4cfc-b3c3-9b4e484e4e0b}

Error: (06/14/2014 06:43:59 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (06/14/2014 01:01:57 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {4f5a532d-96af-4583-8824-f9fdb35b29d9}

Error: (06/13/2014 11:56:36 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,458 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:35 AM

Posted 18 June 2014 - 08:54 AM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start
HKLM-x32\...\Run: [PC HealthFix] => "C:\ProgramData\PC HealthFix\PCHealthFix.exe" /runscan
HKU\S-1-5-21-3310681274-4223651530-2455718018-1000\...\Run: [iLivid] => "C:\Users\Owner\AppData\Local\iLivid\iLivid.exe" -autorun
AppInit_DLLs: C:\PROGRA~2\SupTab\SEARCH~2.DLL => C:\PROGRA~2\SupTab\SEARCH~2.DLL File Not Found
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.v9.com/web/?type=ds&ts=1402602198&from=tugs&uid=ST9320423AS_5VH2APDY&i=psd&t=344041c5f&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.v9.com/web/?type=ds&ts=1402602198&from=tugs&uid=ST9320423AS_5VH2APDY&i=psd&t=344041c5f&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?type=hp&ts=1402602198&from=tugs&uid=ST9320423AS_5VH2APDY&i=psd&t=344041c5f
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.v9.com/?type=hp&ts=1402602198&from=tugs&uid=ST9320423AS_5VH2APDY&i=psd&t=344041c5f
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.v9.com/web/?type=ds&ts=1402602198&from=tugs&uid=ST9320423AS_5VH2APDY&i=psd&t=344041c5f&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://search.v9.com/web/?type=ds&ts=1402602198&from=tugs&uid=ST9320423AS_5VH2APDY&i=psd&t=344041c5f&q={searchTerms}
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.v9.com/web/?type=ds&ts=1402602198&from=tugs&uid=ST9320423AS_5VH2APDY&i=psd&t=344041c5f&q={searchTerms}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.v9.com/web/?type=ds&ts=1402602198&from=tugs&uid=ST9320423AS_5VH2APDY&i=psd&t=344041c5f&q={searchTerms}
SearchScopes: HKLM - {F0A680F6-A92F-4E56-B97C-689B1FBE051E} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10045&barid={CA14121C-E2C7-11E2-97CC-7EE4004739A0}
SearchScopes: HKLM-x32 - {F0A680F6-A92F-4E56-B97C-689B1FBE051E} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpacks.com?src=6&q={searchTerms}&barid={CA14121C-E2C7-11E2-97CC-7EE4004739A0}&crg=3.5000006.10045&st=23
SearchScopes: HKCU - {F0A680F6-A92F-4E56-B97C-689B1FBE051E} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL No File
BHO: No Name - {56bc31de-97ab-4563-8599-ad5d4e9800f9} -  No File
BHO-x32: No Name - {56bc31de-97ab-4563-8599-ad5d4e9800f9} -  No File
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
FF Plugin-x32: @ei.TelevisionFanatic.com/Plugin - C:\Program Files (x86)\TelevisionFanaticEI\Installr\1.bin\NP64EISB.dll No File
FF HKLM\...\Firefox\Extensions: [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}] - C:\Program Files\Updater By SweetPacks\Firefox
CHR HomePage: hxxp://www.v9.com/?type=hp&ts=1402602198&from=tugs&uid=ST9320423AS_5VH2APDY&i=psd&t=344041c5f
CHR StartupUrls: "hxxp://www.v9.com/?type=hp&ts=1402602198&from=tugs&uid=ST9320423AS_5VH2APDY&i=psd&t=344041c5f"
CHR DefaultSearchKeyword: v9
CHR DefaultSearchProvider: v9
CHR DefaultSearchURL: http://search.v9.com/web/?type=ds&ts=1402602198&from=tugs&uid=ST9320423AS_5VH2APDY&i=psd&t=344041c5f&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Users\Owner\AppData\Local\Google\Chrome\Application\35.0.1916.153\gcswf32.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Java Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (TelevisionFanatic Installer Plugin Stub) - C:\Program Files (x86)\TelevisionFanaticEI\Installr\1.bin\NP64EISB.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S2 GSRestartSvc; "C:\ProgramData\Geek Squad\Customizer\GSRestartSvc.exe" [X]
U4 eabfiltr;
U2 srservice;
C:\Users\Owner\AppData\Local\Temp\2040-2082_re-markit.exe
C:\Users\Owner\AppData\Local\Temp\BackupSetup.exe
C:\Users\Owner\AppData\Local\Temp\cloud_backup_setup.exe
C:\Users\Owner\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpwrpre_.dll
C:\Users\Owner\AppData\Local\Temp\setup-silent-advert.exe
C:\Users\Owner\AppData\Local\Temp\vopackage.ex
HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-21-3310681274-4223651530-2455718018-1000\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-21-3310681274-4223651530-2455718018-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION!

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.

===

If not already done please run the AdwCleaner tool and clean everything that is found.

===

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.
===

Please let me know of any remaining issues with this computer.

#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,458 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:35 AM

Posted 24 June 2014 - 08:42 AM

Are you still with me?

#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,458 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:35 AM

Posted 30 June 2014 - 08:20 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users