Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

How do I uninstall safesearch from windows 8?


  • This topic is locked This topic is locked
22 replies to this topic

#1 timpaul

timpaul

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:09 PM

Posted 23 July 2014 - 10:12 AM

I picked up safesearch somehow and it has hijacked firefox and internet explorer and now adds pop up on the top of the screen on certain websites. PLEASE help me remove this.
Thank you!!

Edit: Moved topic from Am I Infected to Virus, Trojan, Spyware, and Malware Removal Logs since FRST log has been posted.~ Queen-Evie

Edited by Queen-Evie, 23 July 2014 - 11:07 AM.


BC AdBot (Login to Remove)

 


#2 timpaul

timpaul
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:09 PM

Posted 23 July 2014 - 10:30 AM

where is this for at?

Sorry for posting in the wrong forum



#3 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:09 AM

Posted 23 July 2014 - 10:39 AM

Sorry!


Edited by Alex&Vanko, 23 July 2014 - 10:43 AM.


#4 timpaul

timpaul
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:09 PM

Posted 23 July 2014 - 10:40 AM

Ok, doing so right now, will be right back

THANK YOU SO MUCH!!



#5 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:09 PM

Posted 23 July 2014 - 10:42 AM

@Alex&Vanko) Why are you running these tools?

Please download FRST (by Farbar) from the link below and save it to your Desktop.

Download Mirror #1

If you are unsure whether you have 32-Bit or 64-Bit Windows, see here
  • Disable all anti-virus and anti-malware software to prevent them inhibiting FRST in any way. If you are unsure how to do this, see THIS.
  • Double-click FRST.exe/FRST64.exe (depending on which version you downloaded) to run it. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • When the disclaimer appears, click Yes.
  • Click Scan to start FRST.
  • When FRST finishes scanning, two logs, FRST.txt and Addition.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#6 timpaul

timpaul
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:09 PM

Posted 23 July 2014 - 10:46 AM

MiniToolBox by Farbar  Version: 21-07-2014
Ran by TNJ (administrator) on 23-07-2014 at 10:44:43
Running from "C:\Users\TNJ\Downloads"
Microsoft Windows 8.1  (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================

 

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/23/2014 09:18:46 AM) (Source: .NET Runtime) (User: )
Description: Application: CCC.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ObjectDisposedException
Stack:
   at System.Windows.Forms.Control.MarshaledInvoke(System.Windows.Forms.Control, System.Delegate, System.Object[], Boolean)
   at System.Windows.Forms.Control.Invoke(System.Delegate, System.Object[])
   at ATI.ACE.AEM.Plugin.Source.Kit.Server.Common.WindowBasedFeeler.Close()
   at ATI.ACE.AEM.Plugin.Source.Kit.Server.EEU.PI_EEUPlugin.Stop()
   at ATI.ACE.AEM.Server.ACEEventManager.Stop()
   at ATI.ACE.CLI.Component.Runtime.Runtime.Cleanup()
   at ATI.ACE.CLI.Component.Runtime.Shared.Private.RTComponent.Destroy()
   at ATI.ACE.CCC.Implementation.CCC_Main.CCCNewThreadBegin(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Threading.ThreadHelper.ThreadStart(System.Object)

Error: (07/23/2014 09:16:22 AM) (Source: Application Hang) (User: )
Description: The program LiveComm.exe version 17.5.9600.20498 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: e08

Start Time: 01cfa67ff037e5e1

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: e420e4f3-1273-11e4-bedc-a417319941e8

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (07/23/2014 08:27:31 AM) (Source: Application Hang) (User: )
Description: The program LiveComm.exe version 17.5.9600.20498 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: d88

Start Time: 01cfa67922185604

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 15c57bc9-126d-11e4-bedb-a417319941e8

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (07/23/2014 08:26:48 AM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17126, time stamp: 0x53882e30
Faulting module name: jscript9.dll, version: 11.0.9600.17207, time stamp: 0x53a217f1
Exception code: 0xc0000005
Fault offset: 0x00008737
Faulting process id: 0x4e8
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5

Error: (07/23/2014 07:51:36 AM) (Source: Microsoft-Windows-LocationProvider) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database

Error: (07/23/2014 07:39:02 AM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17126, time stamp: 0x53882e30
Faulting module name: MSHTML.dll, version: 11.0.9600.17207, time stamp: 0x53a22b71
Exception code: 0xc0000005
Fault offset: 0x000b3eab
Faulting process id: 0x43e4
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5

Error: (07/22/2014 10:56:23 PM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17126, time stamp: 0x53882e30
Faulting module name: jscript.dll, version: 5.8.9600.16384, time stamp: 0x52158806
Exception code: 0xc0000005
Fault offset: 0x00006fe2
Faulting process id: 0x2314
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5

Error: (07/22/2014 10:05:16 PM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17126, time stamp: 0x53882e30
Faulting module name: ntdll.dll, version: 6.3.9600.17031, time stamp: 0x5308893d
Exception code: 0xc0000005
Fault offset: 0x0001f0a3
Faulting process id: 0xa18
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5

Error: (07/22/2014 09:45:36 PM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17126, time stamp: 0x53882e30
Faulting module name: jscript.dll, version: 5.8.9600.16384, time stamp: 0x52158806
Exception code: 0xc0000005
Fault offset: 0x00006fe2
Faulting process id: 0x3c2c
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5

Error: (07/22/2014 06:48:55 PM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17126, time stamp: 0x53882e30
Faulting module name: jscript.dll, version: 5.8.9600.16384, time stamp: 0x52158806
Exception code: 0xc0000005
Fault offset: 0x00006fe2
Faulting process id: 0x45e4
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5

System errors:
=============
Error: (07/23/2014 09:19:26 AM) (Source: Service Control Manager) (User: )
Description: The McAfee SiteAdvisor Service service failed to start due to the following error:
%%2

Error: (07/23/2014 09:10:51 AM) (Source: Service Control Manager) (User: )
Description: The McAfee SiteAdvisor Service service failed to start due to the following error:
%%2

Error: (07/23/2014 08:22:09 AM) (Source: Service Control Manager) (User: )
Description: The McAfee SiteAdvisor Service service failed to start due to the following error:
%%2

Error: (07/23/2014 08:21:31 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IAStorDataMgrSvc service.

Error: (07/23/2014 08:11:27 AM) (Source: Service Control Manager) (User: )
Description: The BlueStacks Updater Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (07/22/2014 06:56:33 AM) (Source: DCOM) (User: HOPE)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}HopeTNJS-1-5-21-2184931612-1366121782-874108780-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (07/19/2014 11:20:19 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Error: (07/19/2014 11:20:19 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Error: (07/19/2014 11:20:19 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Error: (07/19/2014 11:20:19 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Microsoft Office Sessions:
=========================
Error: (07/23/2014 09:18:46 AM) (Source: .NET Runtime)(User: )
Description: Application: CCC.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ObjectDisposedException
Stack:
   at System.Windows.Forms.Control.MarshaledInvoke(System.Windows.Forms.Control, System.Delegate, System.Object[], Boolean)
   at System.Windows.Forms.Control.Invoke(System.Delegate, System.Object[])
   at ATI.ACE.AEM.Plugin.Source.Kit.Server.Common.WindowBasedFeeler.Close()
   at ATI.ACE.AEM.Plugin.Source.Kit.Server.EEU.PI_EEUPlugin.Stop()
   at ATI.ACE.AEM.Server.ACEEventManager.Stop()
   at ATI.ACE.CLI.Component.Runtime.Runtime.Cleanup()
   at ATI.ACE.CLI.Component.Runtime.Shared.Private.RTComponent.Destroy()
   at ATI.ACE.CCC.Implementation.CCC_Main.CCCNewThreadBegin(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Threading.ThreadHelper.ThreadStart(System.Object)

Error: (07/23/2014 09:16:22 AM) (Source: Application Hang)(User: )
Description: LiveComm.exe17.5.9600.20498e0801cfa67ff037e5e14294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\LiveComm.exee420e4f3-1273-11e4-bedc-a417319941e8microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (07/23/2014 08:27:31 AM) (Source: Application Hang)(User: )
Description: LiveComm.exe17.5.9600.20498d8801cfa679221856044294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\LiveComm.exe15c57bc9-126d-11e4-bedb-a417319941e8microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (07/23/2014 08:26:48 AM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE11.0.9600.1712653882e30jscript9.dll11.0.9600.1720753a217f1c0000005000087374e801cfa67928b2dbc6C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\WINDOWS\SYSTEM32\jscript9.dllff354177-126c-11e4-bedb-a417319941e8

Error: (07/23/2014 07:51:36 AM) (Source: Microsoft-Windows-LocationProvider)(User: NT AUTHORITY)
Description: -2147024883

Error: (07/23/2014 07:39:02 AM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE11.0.9600.1712653882e30MSHTML.dll11.0.9600.1720753a22b71c0000005000b3eab43e401cfa660b115523fC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\WINDOWS\SYSTEM32\MSHTML.dll52d2effa-1266-11e4-beda-a417319941e8

Error: (07/22/2014 10:56:23 PM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE11.0.9600.1712653882e30jscript.dll5.8.9600.1638452158806c000000500006fe2231401cfa62031397009C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\WINDOWS\SYSTEM32\jscript.dll4f9c3718-121d-11e4-beda-a417319941e8

Error: (07/22/2014 10:05:16 PM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE11.0.9600.1712653882e30ntdll.dll6.3.9600.170315308893dc00000050001f0a3a1801cfa620313ccbfbC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\WINDOWS\SYSTEM32\ntdll.dll2bac885f-1216-11e4-beda-a417319941e8

Error: (07/22/2014 09:45:36 PM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE11.0.9600.1712653882e30jscript.dll5.8.9600.1638452158806c000000500006fe23c2c01cfa5fd514e0aa2C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\WINDOWS\SYSTEM32\jscript.dll6c2f7837-1213-11e4-beda-a417319941e8

Error: (07/22/2014 06:48:55 PM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE11.0.9600.1712653882e30jscript.dll5.8.9600.1638452158806c000000500006fe245e401cfa5f80bd202e4C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\WINDOWS\SYSTEM32\jscript.dllbd1b9f10-11fa-11e4-beda-a417319941e8

CodeIntegrity Errors:
===================================
  Date: 2014-07-23 07:55:54.474
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-07-23 07:55:54.422
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-07-23 07:55:54.368
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-07-23 07:55:54.310
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-07-23 07:55:54.250
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-07-23 07:55:53.402
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-07-23 07:55:53.326
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-07-23 07:55:53.264
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-07-23 07:55:53.147
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-07-23 07:55:52.963
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

=========================== Installed Programs ============================
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.8.0.870 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.8.0.870 - Adobe Systems Incorporated) Hidden
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)
Adobe Community Help (x32 Version: 3.5.23 - Adobe Systems Incorporated.) Hidden
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Photoshop Elements 10 (HKLM-x32\...\Adobe Photoshop Elements 10) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 10 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Adobe Premiere Elements 10 (HKLM\...\PremElem100) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 10 (Version: 10.0 - Adobe Systems Incorporated) Hidden
Adobe Premiere Elements 10 Content 1 (HKLM-x32\...\Adobe Premiere Elements 10 Content 1) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 10 Content 1 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
AMD APP SDK Runtime (Version: 10.0.938.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{7EF54F6B-68AE-6B96-912A-9B66D2FC765A}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AntiLogger SDK version 1.7.6.367 (HKLM-x32\...\{4D46DE30-49FE-4043-99F7-D7E8C06175E0}_is1) (Version: 1.7.6.367 - Zemana Ltd.)
AppLow (HKLM-x32\...\AppLow) (Version: 1.32.153.0 - savingcollector)
Audio Creator 1.5 (HKLM-x32\...\AudioCreator_is1) (Version: 1.5 - Cakewalk Music Software)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - ?Canon Inc.?)
Canon MG3200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3200_series) (Version: 1.02 - Canon Inc.)
Catalyst Control Center (x32 Version: 2012.0704.2139.36919 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.0704.2139.36919 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0704.2139.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.0704.2139.36919 - Advanced Micro Devices, Inc.) Hidden
Constant Guard Protection Suite (HKLM-x32\...\ID Vault) (Version: 1.14.625.1 - Comcast)
CyberLink LabelPrint 2.5 (x32 Version: 2.5.5415a - CyberLink Corp.) Hidden
CyberLink Media Suite 10 (x32 Version: 10.0.1.1913 - CyberLink Corp.) Hidden
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.0.1904 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (x32 Version: 10.0.1.1904 - CyberLink Corp.) Hidden
CyberLink PowerDVD 10 (x32 Version: 10.0.4318.52 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.6.1.1 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.6.1.1 - Dell Inc.)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
Dropbox (HKCU\...\Dropbox) (Version: 2.8.3 - Dropbox, Inc.)
Elements 10 Organizer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
EZDownloader (HKLM-x32\...\{0F44DC3A-6E62-4961-A14B-95323C512F9B}_is1) (Version: 1.0 - EZDownloader)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
High-Definition Video Playback (x32 Version: 7.3.10000.0.0 - Nero AG) Hidden
iLivid (HKCU\...\iLivid) (Version: 5.0.0.4286 - Bandoo Media Inc)
iLivid (HKLM-x32\...\iLivid) (Version: 5.0.0.4151 - Bandoo Media Inc)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Like 1.3 (HKLM-x32\...\Like) (Version: 1.3 - Like)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Image Composer 1.5 (HKLM-x32\...\Image Composer) (Version:  - )
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4631.1002 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4041.0512 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
Multimedia Card Reader (HKLM-x32\...\InstallShield_{4B3D9AA4-B47A-4349-A64F-04D5A9226D7C}) (Version: 2.2.915.108 - Fitipower)
Multimedia Card Reader (x32 Version: 2.2.915.108 - Fitipower) Hidden
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
Nero 10 Movie ThemePack Basic (x32 Version: 10.2.10200.0.0 - Nero AG) Hidden
Nero Control Center 10 (x32 Version: 10.6.12800.0.8 - Nero AG) Hidden
Nero ControlCenter 10 Help (CHM) (x32 Version: 10.2.10800 - Nero AG) Hidden
Nero Core Components 10 (x32 Version: 2.0.20500.9.16 - Nero AG) Hidden
Nero Update (x32 Version: 11.0.11800.31.0 - Nero AG) Hidden
NpackdCL (HKLM-x32\...\{C32CA36A-DA63-4D55-9B17-87C61033137D}) (Version: 1.18.7 - Npackd)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4631.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4631.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4631.1002 - Microsoft Corporation) Hidden
PC Cleaners (HKCU\...\PC Cleaners) (Version:  - PC Cleaners)
Photo Gallery (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
PocketCloud Windows Companion (HKLM-x32\...\{EC67E1FF-4433-4096-A091-CF2828434493}) (Version: 2.5.11 - Wyse Technology)
PRE10STI64Installer (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
PSE10 STI Installer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.200 - Qualcomm Atheros Communications)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Simple 1.1 (HKLM-x32\...\Simple) (Version: 1.1 - Simple)
SmartSound Common Data (HKLM-x32\...\InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}) (Version: 1.1.0 - SmartSound Software Inc.)
SmartSound Common Data (x32 Version: 1.1.0 - SmartSound Software Inc.) Hidden
SmartSound Premiere Elements 10 x64 Plugin (HKLM\...\{3DAE9A67-DD8D-4EDB-91F7-7B5132B1864D}) (Version: 5.70.0001 - SmartSound Software Inc.)
SmartSound Sonicfire Pro 5 (HKLM-x32\...\InstallShield_{1D273D91-D7D5-4036-8B84-EB4615FF5F81}) (Version: 5.7.1 - SmartSound Software Inc.)
SmartSound Sonicfire Pro 5 (x32 Version: 5.7.1 - SmartSound Software Inc.) Hidden
SyncUP (HKLM-x32\...\{D92C9CCE-E5F0-4125-977A-0590F3225B74}) (Version: 10.2.17000 - Nero AG)
SyncUP (x32 Version: 1.12.12400.17.102 - Nero AG) Hidden
SyncUP Help (CHM) (x32 Version: 10.5.11300 - Nero AG) Hidden
System Checkup 3.4 (HKLM-x32\...\{4AC7B4E7-59B7-4E48-A60D-263C486FC33A}_is1) (Version: 3.4.0.47 - iolo technologies, LLC)
Windows Live Communications Platform (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3522.0110 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden

========================= Devices: ================================

========================= Memory info: ===================================

Percentage of memory in use: 51%
Total physical RAM: 8152.93 MB
Available physical RAM: 3972.1 MB
Total Pagefile: 16344.93 MB
Available Pagefile: 11831.05 MB
Total Virtual: 4095.88 MB
Available Virtual: 3977.63 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:919.4 GB) (Free:842.5 GB) NTFS
7 Drive i: () (Fixed) (Total:29.8 GB) (Free:2.25 GB) FAT32
8 Drive j: (ESP) (Fixed) (Total:0.48 GB) (Free:0.44 GB) FAT32
9 Drive x: () (Fixed) (Total:0.34 GB) (Free:0.06 GB) NTFS
10 Drive y: (PBR Image) (Fixed) (Total:10.62 GB) (Free:0.28 GB) NTFS

========================= Users: ========================================

User accounts for \\HOPE

Administrator            Guest                    TNJ                     

**** End of log ****



#7 timpaul

timpaul
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:09 PM

Posted 23 July 2014 - 10:50 AM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-07-2014 01
Ran by TNJ at 2014-07-23 10:49:18
Running from C:\Users\TNJ\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.8.0.870 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.8.0.870 - Adobe Systems Incorporated) Hidden
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)
Adobe Community Help (x32 Version: 3.5.23 - Adobe Systems Incorporated.) Hidden
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Photoshop Elements 10 (HKLM-x32\...\Adobe Photoshop Elements 10) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 10 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Adobe Premiere Elements 10 (HKLM\...\PremElem100) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 10 (Version: 10.0 - Adobe Systems Incorporated) Hidden
Adobe Premiere Elements 10 Content 1 (HKLM-x32\...\Adobe Premiere Elements 10 Content 1) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 10 Content 1 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
AMD APP SDK Runtime (Version: 10.0.938.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{7EF54F6B-68AE-6B96-912A-9B66D2FC765A}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AntiLogger SDK version 1.7.6.367 (HKLM-x32\...\{4D46DE30-49FE-4043-99F7-D7E8C06175E0}_is1) (Version: 1.7.6.367 - Zemana Ltd.)
AppLow (HKLM-x32\...\AppLow) (Version: 1.32.153.0 - savingcollector) <==== ATTENTION
Audio Creator 1.5 (HKLM-x32\...\AudioCreator_is1) (Version: 1.5 - Cakewalk Music Software)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - ‪Canon Inc.‬)
Canon MG3200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3200_series) (Version: 1.02 - Canon Inc.)
Catalyst Control Center (x32 Version: 2012.0704.2139.36919 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.0704.2139.36919 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0704.2139.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.0704.2138.36919 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.0704.2139.36919 - Advanced Micro Devices, Inc.) Hidden
Constant Guard Protection Suite (HKLM-x32\...\ID Vault) (Version: 1.14.625.1 - Comcast)
CyberLink LabelPrint 2.5 (x32 Version: 2.5.5415a - CyberLink Corp.) Hidden
CyberLink Media Suite 10 (x32 Version: 10.0.1.1913 - CyberLink Corp.) Hidden
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.0.1904 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (x32 Version: 10.0.1.1904 - CyberLink Corp.) Hidden
CyberLink PowerDVD 10 (x32 Version: 10.0.4318.52 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.6.1.1 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.6.1.1 - Dell Inc.)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
Dropbox (HKCU\...\Dropbox) (Version: 2.8.3 - Dropbox, Inc.)
Elements 10 Organizer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
EZDownloader (HKLM-x32\...\{0F44DC3A-6E62-4961-A14B-95323C512F9B}_is1) (Version: 1.0 - EZDownloader)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
High-Definition Video Playback (x32 Version: 7.3.10000.0.0 - Nero AG) Hidden
iLivid (HKCU\...\iLivid) (Version: 5.0.0.4286 - Bandoo Media Inc) <==== ATTENTION
iLivid (HKLM-x32\...\iLivid) (Version: 5.0.0.4151 - Bandoo Media Inc) <==== ATTENTION
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Like 1.3 (HKLM-x32\...\Like) (Version: 1.3 - Like)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Image Composer 1.5 (HKLM-x32\...\Image Composer) (Version:  - )
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4631.1002 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4041.0512 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
Multimedia Card Reader (HKLM-x32\...\InstallShield_{4B3D9AA4-B47A-4349-A64F-04D5A9226D7C}) (Version: 2.2.915.108 - Fitipower)
Multimedia Card Reader (x32 Version: 2.2.915.108 - Fitipower) Hidden
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
Nero 10 Movie ThemePack Basic (x32 Version: 10.2.10200.0.0 - Nero AG) Hidden
Nero Control Center 10 (x32 Version: 10.6.12800.0.8 - Nero AG) Hidden
Nero ControlCenter 10 Help (CHM) (x32 Version: 10.2.10800 - Nero AG) Hidden
Nero Core Components 10 (x32 Version: 2.0.20500.9.16 - Nero AG) Hidden
Nero Update (x32 Version: 11.0.11800.31.0 - Nero AG) Hidden
NpackdCL (HKLM-x32\...\{C32CA36A-DA63-4D55-9B17-87C61033137D}) (Version: 1.18.7 - Npackd)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4631.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4631.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4631.1002 - Microsoft Corporation) Hidden
PC Cleaners (HKCU\...\PC Cleaners) (Version:  - PC Cleaners) <==== ATTENTION
Photo Gallery (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
PocketCloud Windows Companion (HKLM-x32\...\{EC67E1FF-4433-4096-A091-CF2828434493}) (Version: 2.5.11 - Wyse Technology)
PRE10STI64Installer (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
PSE10 STI Installer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.200 - Qualcomm Atheros Communications)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Simple 1.1 (HKLM-x32\...\Simple) (Version: 1.1 - Simple)
SmartSound Common Data (HKLM-x32\...\InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}) (Version: 1.1.0 - SmartSound Software Inc.)
SmartSound Common Data (x32 Version: 1.1.0 - SmartSound Software Inc.) Hidden
SmartSound Premiere Elements 10 x64 Plugin (HKLM\...\{3DAE9A67-DD8D-4EDB-91F7-7B5132B1864D}) (Version: 5.70.0001 - SmartSound Software Inc.)
SmartSound Sonicfire Pro 5 (HKLM-x32\...\InstallShield_{1D273D91-D7D5-4036-8B84-EB4615FF5F81}) (Version: 5.7.1 - SmartSound Software Inc.)
SmartSound Sonicfire Pro 5 (x32 Version: 5.7.1 - SmartSound Software Inc.) Hidden
SyncUP (HKLM-x32\...\{D92C9CCE-E5F0-4125-977A-0590F3225B74}) (Version: 10.2.17000 - Nero AG)
SyncUP (x32 Version: 1.12.12400.17.102 - Nero AG) Hidden
SyncUP Help (CHM) (x32 Version: 10.5.11300 - Nero AG) Hidden
System Checkup 3.4 (HKLM-x32\...\{4AC7B4E7-59B7-4E48-A60D-263C486FC33A}_is1) (Version: 3.4.0.47 - iolo technologies, LLC)
Windows Live Communications Platform (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3522.0110 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden

==================== Custom CLSID entries: ==========================

CustomCLSID: HKU\S-1-5-21-2184931612-1366121782-874108780-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\TNJ\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2184931612-1366121782-874108780-1001_Classes\CLSID\{031E4825-7B94-4dc3-B131-E946B44C8DD5} -> Orphan?
CustomCLSID: HKU\S-1-5-21-2184931612-1366121782-874108780-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\TNJ\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2184931612-1366121782-874108780-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\TNJ\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2184931612-1366121782-874108780-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\TNJ\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2184931612-1366121782-874108780-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\TNJ\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2184931612-1366121782-874108780-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\TNJ\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

==================== Restore Points  =========================

06-07-2014 11:45:02 Scheduled Checkpoint
09-07-2014 16:21:27 Windows Update
18-07-2014 16:06:53 Scheduled Checkpoint
23-07-2014 12:48:14 Installed NpackdCL

==================== Hosts content: ==========================

2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {09336309-3B7B-4EB6-A765-72C1913B2FEB} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2184931612-1366121782-874108780-1001 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe
Task: {0B343397-261E-4EDF-8D3A-575DA9164A39} - System32\Tasks\AppLow-codedownloader => C:\Program Files (x86)\AppLow\AppLow-codedownloader.exe [2013-12-21] (savingcollector)
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {0BDF18A3-5B98-402D-9594-3FAC4C1FC537} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated)
Task: {0D8595B7-A30E-4BB8-B93D-497AFE214064} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {192C0878-15AD-4CAB-842D-2EC6F76972C9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-28] (Google Inc.)
Task: {1BB13FE2-5C15-4693-811B-6788EE9EE80C} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {286D1602-80F3-40E7-A8A6-8DFD7F5251A3} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-06-10] (Microsoft Corporation)
Task: {2A770AD4-7233-4537-B42E-F5EB79C7AE02} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {3BE98C4A-C1EF-4EF7-84F4-9FE7B58E3C25} - System32\Tasks\NSManager => C:\Users\TNJ\AppData\Local\NSManager\manager.exe [2014-04-04] ()
Task: {42A95678-F34C-4363-8980-60B41D10E21E} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {497DEBC2-562A-44A7-AFCB-592969484664} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {4E180286-DE94-471F-9B9B-0AD487F0FD1C} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {5DF97391-DA8E-4FEC-95A4-853CFBB7A02C} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {7234F3F1-A82B-4ED0-8091-EA4134773054} - System32\Tasks\PC Cleaner Pro Update Job => C:\ProgramData\PC Cleaners\PCCleaners.exe [2014-07-23] (PC Cleaners Inc.) <==== ATTENTION
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {74AA8CA2-E7B9-41A9-AC72-8E109A558009} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-28] (Google Inc.)
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {7E8DE43A-C640-4BE3-8EB1-DA85E3398B6D} - System32\Tasks\Microsoft Office 15 Sync Maintenance for HOPE-TNJ Hope => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-06-03] (Microsoft Corporation)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {87BF8872-6439-4023-B753-57A17C967509} - System32\Tasks\AppLow-chromeinstaller => C:\Program Files (x86)\AppLow\AppLow-chromeinstaller.exe [2013-12-21] (savingcollector)
Task: {8816FED2-DCBA-4FA6-8838-6A3C3F6EFE36} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-earcandycabs@hotmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-06-16] (Adobe Systems Incorporated)
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {8F95DF4D-7ED4-463C-ACEE-8B7F0B3D11F7} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {99FFF92D-A71C-4623-8A49-90CF2598677E} - System32\Tasks\AppLow-enabler => C:\Program Files (x86)\AppLow\AppLow-enabler.exe [2013-12-21] (savingcollector)
Task: {9C441B8A-E3B9-4E02-B3BE-B413D27E68C9} - System32\Tasks\AppLow-updater => C:\Program Files (x86)\AppLow\AppLow-updater.exe [2013-12-21] (savingcollector)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A55C134D-C6A6-4B78-91EA-A05EA9B3CA8D} - System32\Tasks\AdobeAAMUpdater-1.0-Hope-TNJ => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-06-16] (Adobe Systems Incorporated)
Task: {ADC76FBB-A63F-42AA-97C7-0F50BC30E7D3} - System32\Tasks\AppLow-firefoxinstaller => C:\Program Files (x86)\AppLow\AppLow-firefoxinstaller.exe [2013-12-21] (savingcollector)
Task: {B383AA0B-B5B6-44CE-A518-8171125A44E0} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-06-19] (Microsoft Corporation)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DDF15C7C-79DC-47E5-915F-8A3FF00FDE4B} - System32\Tasks\PC Cleaner Pro Optimization => C:\ProgramData\PC Cleaners\PCCleaners.exe [2014-07-23] (PC Cleaners Inc.) <==== ATTENTION
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {E9515BCD-52FE-4567-8285-7003E1B2CE45} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-31] (PC-Doctor, Inc.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppLow-chromeinstaller.job => C:\Program Files (x86)\AppLow\AppLow-chromeinstaller.exe
Task: C:\WINDOWS\Tasks\AppLow-codedownloader.job => C:\Program Files (x86)\AppLow\AppLow-codedownloader.exe
Task: C:\WINDOWS\Tasks\AppLow-enabler.job => C:\Program Files (x86)\AppLow\AppLow-enabler.exe
Task: C:\WINDOWS\Tasks\AppLow-firefoxinstaller.job => C:\Program Files (x86)\AppLow\AppLow-firefoxinstaller.exe
Task: C:\WINDOWS\Tasks\AppLow-updater.job => C:\Program Files (x86)\AppLow\AppLow-updater.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-04-04 11:47 - 2009-08-13 12:06 - 00177152 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\lxdpdrpp.dll
2014-05-13 10:08 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2012-12-20 00:34 - 2012-04-24 21:43 - 00254512 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2014-07-11 10:40 - 2014-05-20 11:19 - 08892072 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2012-07-02 20:28 - 2012-07-02 20:28 - 00384128 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ContactsApi.dll
2012-10-24 12:21 - 2012-10-24 12:21 - 00071680 _____ () C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\ServerNetworkInterface.dll
2012-10-24 12:21 - 2012-10-24 12:21 - 00078336 _____ () C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseWebServerLib.DLL
2012-06-28 16:39 - 2012-06-28 16:39 - 00262144 _____ () C:\Program Files (x86)\Multimedia Card Reader(9106)\Shwicon9106.exe
2012-10-24 12:18 - 2012-10-24 12:18 - 00188928 _____ () C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe
2012-10-24 12:21 - 2012-10-24 12:21 - 02216448 _____ () C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\AetherCommLib.dll
2013-10-14 12:07 - 2013-08-19 11:21 - 00484640 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
2013-12-21 21:51 - 2013-12-21 21:51 - 00490496 _____ () C:\program files (x86)\applow\AppLow-buttonutil64.dll
2014-05-01 06:44 - 2014-05-01 06:44 - 03530752 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.UI.Xaml\f2bf020fc6307e10194fd94e85d52a72\Windows.UI.Xaml.ni.dll
2014-05-01 06:44 - 2014-05-01 06:44 - 00228864 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Foundation\cf021988965369c551bb0987fe019862\Windows.Foundation.ni.dll
2014-07-23 09:20 - 2014-07-23 09:20 - 00043008 _____ () c:\users\tnj\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpmatmjk.dll
2014-05-30 19:39 - 2013-10-18 18:55 - 25100288 _____ () C:\Users\TNJ\AppData\Roaming\Dropbox\bin\libcef.dll
2012-12-20 00:33 - 2012-06-07 22:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 12:34 - 2012-06-08 12:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-04-10 17:43 - 2014-06-13 04:09 - 00316584 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2014-04-30 19:30 - 2014-04-30 19:30 - 00016384 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PSIClient\bccb0a1f2d36a70793a6f123ca0ef953\PSIClient.ni.dll
2012-12-20 00:28 - 2012-06-26 04:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2014-04-10 17:45 - 2014-06-13 04:10 - 00316584 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
2013-10-14 12:07 - 2013-10-11 17:21 - 01904928 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll
2013-02-21 21:05 - 2012-11-25 23:20 - 01153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll
2013-02-21 21:05 - 2012-11-25 23:20 - 00117608 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll
2014-07-23 09:29 - 2014-07-23 09:29 - 00308560 _____ () C:\ProgramData\PC1Data\av\Vipre.dll
2014-07-23 09:30 - 2014-06-20 06:08 - 00192376 _____ () C:\ProgramData\PC1Data\av\d\libBase64.dll
2014-07-23 09:30 - 2014-06-20 06:08 - 00180088 _____ () C:\ProgramData\PC1Data\av\d\libMachoUniv.dll
2012-08-21 13:48 - 2012-08-21 13:48 - 00252312 _____ () C:\Program Files (x86)\Nero\SyncUP\System.ComponentModel.Composition.dll
2012-08-21 13:48 - 2012-08-21 13:48 - 00892312 _____ () C:\Program Files (x86)\Nero\SyncUP\System.Data.SQLite.dll
2012-08-21 13:48 - 2012-08-21 13:48 - 00027032 _____ () C:\Program Files (x86)\Nero\SyncUP\AdbDetect.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\TNJ\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (whitelisted) =============

==================== MSCONFIG/TASK MANAGER disabled items =========

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (07/23/2014 09:18:46 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: CCC.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ObjectDisposedException
Stack:
   at System.Windows.Forms.Control.MarshaledInvoke(System.Windows.Forms.Control, System.Delegate, System.Object[], Boolean)
   at System.Windows.Forms.Control.Invoke(System.Delegate, System.Object[])
   at ATI.ACE.AEM.Plugin.Source.Kit.Server.Common.WindowBasedFeeler.Close()
   at ATI.ACE.AEM.Plugin.Source.Kit.Server.EEU.PI_EEUPlugin.Stop()
   at ATI.ACE.AEM.Server.ACEEventManager.Stop()
   at ATI.ACE.CLI.Component.Runtime.Runtime.Cleanup()
   at ATI.ACE.CLI.Component.Runtime.Shared.Private.RTComponent.Destroy()
   at ATI.ACE.CCC.Implementation.CCC_Main.CCCNewThreadBegin(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Threading.ThreadHelper.ThreadStart(System.Object)

Error: (07/23/2014 09:16:22 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20498 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: e08

Start Time: 01cfa67ff037e5e1

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: e420e4f3-1273-11e4-bedc-a417319941e8

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (07/23/2014 08:27:31 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20498 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: d88

Start Time: 01cfa67922185604

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 15c57bc9-126d-11e4-bedb-a417319941e8

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (07/23/2014 08:26:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17126, time stamp: 0x53882e30
Faulting module name: jscript9.dll, version: 11.0.9600.17207, time stamp: 0x53a217f1
Exception code: 0xc0000005
Fault offset: 0x00008737
Faulting process id: 0x4e8
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5

Error: (07/23/2014 07:51:36 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database

Error: (07/23/2014 07:39:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17126, time stamp: 0x53882e30
Faulting module name: MSHTML.dll, version: 11.0.9600.17207, time stamp: 0x53a22b71
Exception code: 0xc0000005
Fault offset: 0x000b3eab
Faulting process id: 0x43e4
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5

Error: (07/22/2014 10:56:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17126, time stamp: 0x53882e30
Faulting module name: jscript.dll, version: 5.8.9600.16384, time stamp: 0x52158806
Exception code: 0xc0000005
Fault offset: 0x00006fe2
Faulting process id: 0x2314
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5

Error: (07/22/2014 10:05:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17126, time stamp: 0x53882e30
Faulting module name: ntdll.dll, version: 6.3.9600.17031, time stamp: 0x5308893d
Exception code: 0xc0000005
Fault offset: 0x0001f0a3
Faulting process id: 0xa18
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5

Error: (07/22/2014 09:45:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17126, time stamp: 0x53882e30
Faulting module name: jscript.dll, version: 5.8.9600.16384, time stamp: 0x52158806
Exception code: 0xc0000005
Fault offset: 0x00006fe2
Faulting process id: 0x3c2c
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5

Error: (07/22/2014 06:48:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17126, time stamp: 0x53882e30
Faulting module name: jscript.dll, version: 5.8.9600.16384, time stamp: 0x52158806
Exception code: 0xc0000005
Fault offset: 0x00006fe2
Faulting process id: 0x45e4
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5

System errors:
=============
Error: (07/23/2014 09:19:26 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee SiteAdvisor Service service failed to start due to the following error:
%%2

Error: (07/23/2014 09:10:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee SiteAdvisor Service service failed to start due to the following error:
%%2

Error: (07/23/2014 08:22:09 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee SiteAdvisor Service service failed to start due to the following error:
%%2

Error: (07/23/2014 08:21:31 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IAStorDataMgrSvc service.

Error: (07/23/2014 08:11:27 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The BlueStacks Updater Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (07/22/2014 06:56:33 AM) (Source: DCOM) (EventID: 10016) (User: HOPE)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}HopeTNJS-1-5-21-2184931612-1366121782-874108780-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (07/19/2014 11:20:19 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Error: (07/19/2014 11:20:19 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Error: (07/19/2014 11:20:19 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Error: (07/19/2014 11:20:19 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Microsoft Office Sessions:
=========================
Error: (07/23/2014 09:18:46 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: CCC.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ObjectDisposedException
Stack:
   at System.Windows.Forms.Control.MarshaledInvoke(System.Windows.Forms.Control, System.Delegate, System.Object[], Boolean)
   at System.Windows.Forms.Control.Invoke(System.Delegate, System.Object[])
   at ATI.ACE.AEM.Plugin.Source.Kit.Server.Common.WindowBasedFeeler.Close()
   at ATI.ACE.AEM.Plugin.Source.Kit.Server.EEU.PI_EEUPlugin.Stop()
   at ATI.ACE.AEM.Server.ACEEventManager.Stop()
   at ATI.ACE.CLI.Component.Runtime.Runtime.Cleanup()
   at ATI.ACE.CLI.Component.Runtime.Shared.Private.RTComponent.Destroy()
   at ATI.ACE.CCC.Implementation.CCC_Main.CCCNewThreadBegin(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Threading.ThreadHelper.ThreadStart(System.Object)

Error: (07/23/2014 09:16:22 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20498e0801cfa67ff037e5e14294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\LiveComm.exee420e4f3-1273-11e4-bedc-a417319941e8microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (07/23/2014 08:27:31 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20498d8801cfa679221856044294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\LiveComm.exe15c57bc9-126d-11e4-bedb-a417319941e8microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (07/23/2014 08:26:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.1712653882e30jscript9.dll11.0.9600.1720753a217f1c0000005000087374e801cfa67928b2dbc6C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\WINDOWS\SYSTEM32\jscript9.dllff354177-126c-11e4-bedb-a417319941e8

Error: (07/23/2014 07:51:36 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: -2147024883

Error: (07/23/2014 07:39:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.1712653882e30MSHTML.dll11.0.9600.1720753a22b71c0000005000b3eab43e401cfa660b115523fC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\WINDOWS\SYSTEM32\MSHTML.dll52d2effa-1266-11e4-beda-a417319941e8

Error: (07/22/2014 10:56:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.1712653882e30jscript.dll5.8.9600.1638452158806c000000500006fe2231401cfa62031397009C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\WINDOWS\SYSTEM32\jscript.dll4f9c3718-121d-11e4-beda-a417319941e8

Error: (07/22/2014 10:05:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.1712653882e30ntdll.dll6.3.9600.170315308893dc00000050001f0a3a1801cfa620313ccbfbC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\WINDOWS\SYSTEM32\ntdll.dll2bac885f-1216-11e4-beda-a417319941e8

Error: (07/22/2014 09:45:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.1712653882e30jscript.dll5.8.9600.1638452158806c000000500006fe23c2c01cfa5fd514e0aa2C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\WINDOWS\SYSTEM32\jscript.dll6c2f7837-1213-11e4-beda-a417319941e8

Error: (07/22/2014 06:48:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.1712653882e30jscript.dll5.8.9600.1638452158806c000000500006fe245e401cfa5f80bd202e4C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\WINDOWS\SYSTEM32\jscript.dllbd1b9f10-11fa-11e4-beda-a417319941e8

CodeIntegrity Errors:
===================================
  Date: 2014-07-23 07:55:54.474
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-07-23 07:55:54.422
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-07-23 07:55:54.368
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-07-23 07:55:54.310
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-07-23 07:55:54.250
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-07-23 07:55:53.402
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-07-23 07:55:53.326
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-07-23 07:55:53.264
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-07-23 07:55:53.147
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-07-23 07:55:52.963
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Percentage of memory in use: 53%
Total physical RAM: 8152.93 MB
Available physical RAM: 3797.25 MB
Total Pagefile: 16344.93 MB
Available Pagefile: 11614.79 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:919.4 GB) (Free:842.5 GB) NTFS
Drive i: () (Fixed) (Total:29.8 GB) (Free:2.25 GB) FAT32
Drive j: (ESP) (Fixed) (Total:0.48 GB) (Free:0.44 GB) FAT32
Drive x: () (Fixed) (Total:0.34 GB) (Free:0.06 GB) NTFS
Drive y: (PBR Image) (Fixed) (Total:10.62 GB) (Free:0.28 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: D85AF6A8)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 30 GB) (Disk ID: 323AEDD6)
Partition 1: (Not Active) - (Size=30 GB) - (Type=0C)

==================== End Of Log ============================



#8 timpaul

timpaul
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:09 PM

Posted 23 July 2014 - 10:51 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-07-2014 01
Ran by TNJ (administrator) on HOPE on 23-07-2014 10:48:50
Running from C:\Users\TNJ\Downloads
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(White Sky, Inc.) C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
( ) C:\Windows\System32\lxdpcoms.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Qualcomm Atheros) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Wyse Technology Inc.) C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseBrowser.exe
(Akamai Technologies, Inc.) C:\Users\TNJ\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\TNJ\AppData\Local\Akamai\netsession_win.exe
(Bandoo Media Inc.) C:\Users\TNJ\AppData\Local\iLivid\iLivid.exe
(White Sky, Inc.) C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
(Dropbox, Inc.) C:\Users\TNJ\AppData\Roaming\Dropbox\bin\Dropbox.exe
() C:\Program Files (x86)\Multimedia Card Reader(9106)\Shwicon9106.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
() C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe
(Wyse Technology.) C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseRemoteAccess.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17044_x64__8wekyb3d8bbwe\glcnd.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
() C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
(PC Cleaners Inc.) C:\ProgramData\PC Cleaners\PCCleaners.exe
(Nero AG) C:\Program Files (x86)\Nero\SyncUP\SyncUP.exe
(Nero AG) C:\Program Files (x86)\Nero\SyncUP\Nero.AndroidServer.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(savingcollector) C:\Program Files (x86)\AppLow\AppLow-bg.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(PC-Doctor, Inc.) C:\Program Files\My Dell\uaclauncher.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Enigma Software Group USA, LLC.) C:\Config.Msi\4b6eee.rbf
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1212560 2012-06-13] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe [757888 2012-07-02] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [127104 2012-07-02] (Qualcomm Atheros Commnucations)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated)
HKLM\...\Run: [PocketCloud Location] => C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseBrowser.exe [933776 2012-10-24] (Wyse Technology Inc.)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642728 2012-07-05] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [277504 2012-07-09] (Intel Corporation)
HKLM-x32\...\Run: [Shwicon9106] => C:\Program Files (x86)\Multimedia Card Reader(9106)\Shwicon9106.exe [262144 2012-06-28] ()
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-04] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [143888 2012-06-01] (CyberLink Corp.)
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [NeroLauncher] => C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe [67496 2012-08-21] ()
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2184931612-1366121782-874108780-1001\...\Run: [Akamai NetSession Interface] => C:\Users\TNJ\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2184931612-1366121782-874108780-1001\...\Run: [CAHeadless] => C:\Program Files (x86)\Adobe\Elements 10 Organizer\CAHeadless\ElementsAutoAnalyzer.exe [835224 2011-09-14] (Adobe Systems Incorporated)
HKU\S-1-5-21-2184931612-1366121782-874108780-1001\...\Run: [iLivid] => C:\Users\TNJ\AppData\Local\iLivid\iLivid.exe [6827008 2013-09-08] (Bandoo Media Inc.)
HKU\S-1-5-21-2184931612-1366121782-874108780-1001\...\Run: [PC Cleaners] => C:\ProgramData\PC Cleaners\PCCleaners.exe [69345552 2014-07-23] (PC Cleaners Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Constant Guard.lnk
ShortcutTarget: Constant Guard.lnk -> C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe (White Sky, Inc.)
Startup: C:\Users\TNJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\TNJ\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\TNJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers:  SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.safesear.ch/?type=20140723-135-ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.safesear.ch/?type=20140723-135-ie-sm
SearchScopes: HKLM - DefaultScope {4CAF8252-C9F1-40C5-B150-E53E930A4523} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
SearchScopes: HKLM - {4CAF8252-C9F1-40C5-B150-E53E930A4523} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
SearchScopes: HKLM-x32 - DefaultScope {4CAF8252-C9F1-40C5-B150-E53E930A4523} URL = http://www.safesear.ch/web/?type=20140723-135-sshome-ie-df&q={searchTerms}
SearchScopes: HKLM-x32 - {4CAF8252-C9F1-40C5-B150-E53E930A4523} URL = http://www.safesear.ch/web/?type=20140723-135-sshome-ie-df&q={searchTerms}
SearchScopes: HKCU - DefaultScope {4CAF8252-C9F1-40C5-B150-E53E930A4523} URL = http://www.safesear.ch/web/?type=20140723-135-sshome-ie-df&q={searchTerms}
SearchScopes: HKCU - {4CAF8252-C9F1-40C5-B150-E53E930A4523} URL = http://www.safesear.ch/web/?type=20140723-135-sshome-ie-df&q={searchTerms}
BHO: AppLow -> {11111111-1111-1111-1111-110411531160} -> C:\Program Files (x86)\AppLow\AppLow-bho64.dll (savingcollector)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO-x32: AppLow -> {11111111-1111-1111-1111-110411531160} -> C:\Program Files (x86)\AppLow\AppLow-bho.dll (savingcollector)
BHO-x32: Like -> {2159cb25-ef9a-54c1-b43c-e30d1a4a8277} -> C:\WINDOWS\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Simple -> {886bf106-6ebf-4ef4-8676-6663caabbda4} -> C:\WINDOWS\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Constant Guard Protection Suite -> {B84CDBE7-1B46-494B-A188-01D4C52DEB61} -> C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.14.625.1\NativeBHO.dll (WhiteSky)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\TNJ\AppData\Roaming\Mozilla\Firefox\Profiles\pt64k5lw.default
FF NewTab: hxxp://www.safesear.ch/?type=20140723-135-ff-nt
FF DefaultSearchEngine: SafeSearch
FF SearchEngineOrder.1: SafeSearch
FF SelectedSearchEngine: SafeSearch
FF Homepage: hxxp://www.safesear.ch/?type=20140723-135-ff
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3522.0110 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safesearch.xml
FF Extension: AppLow - C:\Users\TNJ\AppData\Roaming\Mozilla\Firefox\Profiles\pt64k5lw.default\Extensions\c1dfde74-f2be-4d24-9833-8adc6cf3e059@53734d20-186a-4050-aeb4-42d8dba902f7.com [2014-07-12]
FF Extension: Like - C:\Users\TNJ\AppData\Roaming\Mozilla\Firefox\Profiles\pt64k5lw.default\Extensions\jid1-eFRcA0eiPxecTQ@jetpack.xpi [2014-07-23]
FF Extension: Simple - C:\Users\TNJ\AppData\Roaming\Mozilla\Firefox\Profiles\pt64k5lw.default\Extensions\jid1-vS7biDmom8YxhA@jetpack.xpi [2014-07-23]
FF HKLM-x32\...\Firefox\Extensions: [{jid1-eFRcA0eiPxecTQ@jetpack}] - C:\Users\TNJ\AppData\Roaming\Mozilla\Firefox\Profiles\pt64k5lw.default\extensions\{jid1-eFRcA0eiPxecTQ@jetpack}
FF HKLM-x32\...\Firefox\Extensions: [{jid1-vS7biDmom8YxhA@jetpack}] - C:\Users\TNJ\AppData\Roaming\Mozilla\Firefox\Profiles\pt64k5lw.default\extensions\{jid1-vS7biDmom8YxhA@jetpack}
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.safesear.ch/?type=20140723-135-ff-sm

Chrome:
=======
CHR HomePage: hxxp://www.safesear.ch/?type=20140723-135-ch
CHR RestoreOnStartup: "hxxp://www.safesear.ch/?type=20140723-135-ch"
CHR StartupUrls: "hxxp://www.safesear.ch/?type=20140723-135-ch"
CHR Extension: (Google Docs) - C:\Users\TNJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-08]
CHR Extension: (Google Drive) - C:\Users\TNJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-08]
CHR Extension: (YouTube) - C:\Users\TNJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-08]
CHR Extension: (Google Search) - C:\Users\TNJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-08]
CHR Extension: (Services) - C:\Users\TNJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\flofdhbohbadcgnolfniillmboolleoh [2014-07-23]
CHR Extension: (Tab) - C:\Users\TNJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdfjhiclilbjdpeejgcgebmmihkkofji [2014-07-23]
CHR Extension: (AppLow) - C:\Users\TNJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjfaiddfmhjabcagledbpoppaapacnp [2014-04-08]
CHR Extension: (Simple) - C:\Users\TNJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\joefoganpblmedgjeigepgjfikhhdnnj [2014-07-23]
CHR Extension: (Like) - C:\Users\TNJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdpimdkibicpfbooggieeanoolfdfhhf [2014-07-23]
CHR Extension: (Google Wallet) - C:\Users\TNJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-08]
CHR Extension: (Gmail) - C:\Users\TNJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-08]
CHR StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.safesear.ch/?type=20140723-135-ch-sm

==================== Services (Whitelisted) =================

R2 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-14] (Adobe Systems Incorporated)
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [128640 2012-07-02] (Qualcomm Atheros Commnucations)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2356408 2014-06-19] (Microsoft Corporation)
R2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-07-09] (Intel Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 lxdp_device; C:\windows\system32\lxdpcoms.exe [1039872 2007-11-19] ( )
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [1915408 2013-10-09] (SoftThinks SAS)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)
R2 WysePocketCloud; C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe [188928 2012-10-24] () [File not signed]
R2 WyseRemoteAccess; C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseRemoteAccess.exe [1436160 2012-10-24] (Wyse Technology.) [File not signed]
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [77824 2012-06-19] (Atheros) [File not signed]
S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [X]

==================== Drivers (Whitelisted) ====================

R1 AntiLog32; C:\WINDOWS\system32\drivers\AntiLog64.sys [49752 2014-07-23] (Zemana Ltd.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-03] (Advanced Micro Devices)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-07-02] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2012-08-05] (OSR Open Systems Resources, Inc.)
S3 pmxdrv; C:\WINDOWS\system32\drivers\pmxdrv.sys [31152 2014-02-01] ()
S3 SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [16152 2014-07-15] ()
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)
U4 EsgScanner; system32\DRIVERS\EsgScanner.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-07-23 10:44 - 2014-07-23 10:44 - 00031922 _____ () C:\Users\TNJ\Downloads\Result.txt
2014-07-23 10:42 - 2014-07-23 10:42 - 00401920 _____ (Farbar) C:\Users\TNJ\Downloads\MiniToolBox.exe
2014-07-23 10:26 - 2014-07-23 10:41 - 00000000 ____D () C:\WINDOWS\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-07-23 10:26 - 2014-07-23 10:26 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-07-23 10:26 - 2014-07-23 10:26 - 00000000 _____ () C:\autoexec.bat
2014-07-23 09:29 - 2014-07-23 09:35 - 00000000 ____D () C:\ProgramData\PC1Data
2014-07-23 09:29 - 2014-07-23 09:29 - 00003540 _____ () C:\WINDOWS\System32\Tasks\PC Cleaner Pro Update Job
2014-07-23 09:29 - 2014-07-23 09:29 - 00003516 _____ () C:\WINDOWS\System32\Tasks\PC Cleaner Pro Optimization
2014-07-23 09:29 - 2014-07-23 09:29 - 00000749 _____ () C:\Users\TNJ\Desktop\PC Cleaner Pro.lnk
2014-07-23 09:29 - 2014-07-23 09:29 - 00000000 ____D () C:\Users\TNJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC Cleaners
2014-07-23 09:29 - 2014-07-23 09:29 - 00000000 ____D () C:\ProgramData\PC Cleaners
2014-07-23 09:29 - 2014-07-23 09:27 - 05310224 _____ (PC Cleaners) C:\ProgramData\pclunst.exe
2014-07-23 09:28 - 2014-07-23 09:28 - 05310224 _____ (PC Cleaners) C:\Users\TNJ\Downloads\app3_Install_eng(1).exe
2014-07-23 09:27 - 2014-07-23 09:27 - 05310224 _____ (PC Cleaners) C:\Users\TNJ\Downloads\app3_Install_eng.exe
2014-07-23 09:19 - 2014-07-23 09:19 - 00000000 ___RD () C:\Users\TNJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-07-23 08:42 - 2014-07-23 09:17 - 00045658 _____ () C:\Users\TNJ\Downloads\Addition.txt
2014-07-23 08:41 - 2014-07-23 10:49 - 00022686 _____ () C:\Users\TNJ\Downloads\FRST.txt
2014-07-23 08:40 - 2014-07-23 10:48 - 00000000 ____D () C:\FRST
2014-07-23 08:38 - 2014-07-23 08:39 - 01082368 _____ (Farbar) C:\Users\TNJ\Downloads\FRST.exe
2014-07-23 08:31 - 2014-07-23 08:39 - 02091520 _____ (Farbar) C:\Users\TNJ\Downloads\FRST64.exe
2014-07-23 08:28 - 2014-07-23 09:22 - 00000000 ____D () C:\Program Files (x86)\NpackdDetected
2014-07-23 08:28 - 2014-07-23 08:28 - 00000000 ____D () C:\.Npackd
2014-07-23 07:50 - 2014-07-23 07:53 - 00000000 ____D () C:\ProgramData\BlueStacks
2014-07-23 07:49 - 2014-07-23 08:28 - 00000000 ____D () C:\Program Files (x86)\Simple
2014-07-23 07:49 - 2014-07-23 07:56 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2014-07-23 07:48 - 2014-07-23 09:22 - 00000000 ____D () C:\ProgramData\Npackd
2014-07-23 07:48 - 2014-07-23 09:19 - 00000008 __RSH () C:\Users\TNJ\ntuser.pol
2014-07-23 07:48 - 2014-07-23 08:28 - 00000000 ____D () C:\Program Files (x86)\Like
2014-07-23 07:48 - 2014-07-23 07:54 - 00000000 ____D () C:\Users\TNJ\AppData\Local\Fast Browser
2014-07-23 07:48 - 2014-07-23 07:48 - 00003214 _____ () C:\WINDOWS\System32\Tasks\NSManager
2014-07-23 07:48 - 2014-07-23 07:48 - 00002243 _____ () C:\Users\TNJ\AppData\Roaming\Microsoft\Windows\Start Menu\Search.lnk
2014-07-23 07:48 - 2014-07-23 07:48 - 00002213 _____ () C:\Users\TNJ\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.lnk
2014-07-23 07:48 - 2014-07-23 07:48 - 00002211 _____ () C:\Users\TNJ\AppData\Roaming\Microsoft\Windows\Start Menu\YouTube.lnk
2014-07-23 07:48 - 2014-07-23 07:48 - 00002209 _____ () C:\Users\TNJ\AppData\Roaming\Microsoft\Windows\Start Menu\Amazon.lnk
2014-07-23 07:48 - 2014-07-23 07:48 - 00000000 ____D () C:\Users\TNJ\AppData\Local\NSManager
2014-07-23 07:48 - 2014-07-23 07:48 - 00000000 ____D () C:\Program Files (x86)\NpackdCL
2014-07-22 22:33 - 2014-07-22 22:35 - 00000000 ____D () C:\Users\TNJ\Desktop\Daniel Johnston
2014-07-22 19:08 - 2014-07-23 06:00 - 00000000 ____D () C:\Users\TNJ\Desktop\logowork
2014-07-22 18:07 - 2014-07-22 18:08 - 00000000 ____D () C:\Users\TNJ\Desktop\Adobe Premiere Elements Preview Files
2014-07-20 19:45 - 1980-01-01 00:00 - 539426816 _____ () C:\Users\TNJ\Desktop\100_4110.MOV
2014-07-19 19:16 - 2014-07-22 05:34 - 00000000 ____D () C:\Users\TNJ\Desktop\Sasha Brusin
2014-07-19 00:02 - 2014-07-19 00:02 - 00000000 ____D () C:\Users\TNJ\Desktop\4th
2014-07-19 00:02 - 2014-07-19 00:02 - 00000000 ____D () C:\Users\TNJ\AppData\Local\Cyberlink
2014-07-18 23:02 - 2014-07-19 02:08 - 00000000 ____D () C:\Users\TNJ\Desktop\AAAlrp radio
2014-07-16 18:40 - 2014-07-16 20:00 - 00000000 ____D () C:\Users\TNJ\Desktop\ces
2014-07-16 16:47 - 2014-07-22 19:08 - 00000000 ____D () C:\Users\TNJ\Desktop\mini monitor
2014-07-13 06:17 - 2014-07-20 23:18 - 00000000 ____D () C:\Users\TNJ\Desktop\lrp
2014-07-09 17:52 - 2014-07-09 17:52 - 00201419 _____ () C:\Users\TNJ\Documents\Payment for item  EarCandy Bassomb 2x12 Bass Guitar Amp Speaker.oxps
2014-07-09 15:10 - 2014-07-09 15:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2014-07-09 15:10 - 2014-07-09 15:10 - 00000000 ____D () C:\Program Files (x86)\Canon
2014-07-09 15:10 - 2012-02-08 16:34 - 00320000 _____ (CANON INC.) C:\WINDOWS\SysWOW64\CNC_B8L.dll
2014-07-09 15:10 - 2012-01-24 16:18 - 00077568 _____ () C:\WINDOWS\SysWOW64\CNC1762D.TBL
2014-07-09 15:10 - 2012-01-16 14:21 - 00103424 _____ (CANON INC.) C:\WINDOWS\SysWOW64\CNC_B8U.dll
2014-07-09 15:10 - 2008-08-25 18:02 - 00015872 _____ (CANON INC.) C:\WINDOWS\SysWOW64\CNHMCA.dll
2014-07-09 15:09 - 2014-07-09 15:09 - 00000000 ___HD () C:\WINDOWS\system32\CanonIJ Uninstaller Information
2014-07-09 15:09 - 2014-07-09 15:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG3200 series
2014-07-09 15:08 - 2014-07-09 15:08 - 00000000 ___HD () C:\Program Files\CanonBJ
2014-07-09 15:05 - 2014-07-09 15:05 - 00558928 _____ () C:\WINDOWS\Minidump\070914-69609-01.dmp
2014-07-09 15:05 - 2014-07-09 15:05 - 00000000 ____D () C:\WINDOWS\Minidump
2014-07-09 15:04 - 2014-07-09 15:04 - 1142492698 _____ () C:\WINDOWS\MEMORY.DMP
2014-07-09 14:38 - 2014-07-09 14:38 - 14851664 _____ () C:\Users\TNJ\Downloads\xp68-win-mg3200-5_60a-ejs.exe
2014-07-09 11:23 - 2014-04-13 22:29 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2014-07-09 11:22 - 2014-07-09 11:22 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-07-09 06:25 - 2014-06-18 20:39 - 23464448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-07-09 06:25 - 2014-06-18 19:16 - 17276416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-07-09 06:25 - 2014-06-18 18:46 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-07-09 06:25 - 2014-06-18 17:57 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-07-09 06:25 - 2014-06-16 17:26 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe
2014-07-09 06:25 - 2014-06-16 17:24 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2014-07-09 06:25 - 2014-06-06 09:20 - 04190720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-07-09 06:24 - 2014-06-30 17:45 - 00688128 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-07-09 06:24 - 2014-06-28 02:48 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-07-09 06:24 - 2014-06-28 02:07 - 00385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2014-07-09 06:24 - 2014-06-18 19:48 - 02768384 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-07-09 06:24 - 2014-06-18 19:09 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-07-09 06:24 - 2014-06-18 18:51 - 05721088 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-07-09 06:24 - 2014-06-18 18:50 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-07-09 06:24 - 2014-06-18 18:48 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-07-09 06:24 - 2014-06-18 18:39 - 00608768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-07-09 06:24 - 2014-06-18 18:33 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-07-09 06:24 - 2014-06-18 18:32 - 02179072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-07-09 06:24 - 2014-06-18 18:27 - 02040832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-07-09 06:24 - 2014-06-18 18:12 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-07-09 06:24 - 2014-06-18 17:59 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-07-09 06:24 - 2014-06-18 17:58 - 02266112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-07-09 06:24 - 2014-06-18 17:58 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-07-09 06:24 - 2014-06-18 17:52 - 04254720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-07-09 06:24 - 2014-06-18 17:51 - 13527040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-07-09 06:24 - 2014-06-18 17:49 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-07-09 06:24 - 2014-06-18 17:45 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-07-09 06:24 - 2014-06-18 17:35 - 11742208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-07-09 06:24 - 2014-06-18 17:34 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-07-09 06:24 - 2014-06-18 17:15 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-07-09 06:24 - 2014-06-18 17:13 - 01791488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-07-09 06:24 - 2014-06-18 17:09 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-07-09 06:24 - 2014-06-18 17:07 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-07-09 06:24 - 2014-06-06 08:04 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2014-07-09 06:24 - 2014-06-06 07:18 - 00488960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2014-07-09 06:24 - 2014-05-31 05:07 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-07-09 06:24 - 2014-05-31 05:06 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2014-07-09 06:24 - 2014-05-30 22:40 - 13287936 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-07-09 06:24 - 2014-05-30 22:30 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-07-09 06:24 - 2014-05-30 22:12 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-09 06:24 - 2014-05-30 22:06 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-07-09 06:24 - 2014-05-30 22:03 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-07-09 06:24 - 2014-05-30 22:01 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-09 06:24 - 2014-05-30 21:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-07-09 06:24 - 2014-05-30 21:54 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-07-09 06:24 - 2014-05-30 21:48 - 03463680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-07-09 06:24 - 2014-05-30 21:37 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2014-07-09 06:24 - 2014-05-30 21:36 - 00923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-07-09 06:24 - 2014-05-30 21:35 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2014-07-09 06:24 - 2014-05-30 21:32 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-07-09 06:24 - 2014-05-29 22:03 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2014-07-09 06:24 - 2014-05-29 07:02 - 00565576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2014-07-09 06:24 - 2014-05-29 02:55 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2014-07-09 06:24 - 2014-05-29 01:40 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2014-07-09 06:24 - 2014-05-29 01:37 - 00436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2014-07-09 06:24 - 2014-05-29 00:34 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2014-07-09 06:24 - 2014-05-29 00:27 - 01417216 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-07-09 06:22 - 2014-07-09 06:22 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-07-03 12:03 - 2014-07-19 15:21 - 00000000 ____D () C:\Users\TNJ\Desktop\july
2014-07-02 15:53 - 2014-07-11 20:03 - 00000000 ____D () C:\Users\TNJ\Desktop\Legba
2014-06-29 09:38 - 2014-07-11 19:51 - 00000000 ____D () C:\Users\TNJ\Desktop\awesome post
2014-06-28 02:00 - 2014-06-30 23:56 - 00000000 ____D () C:\Users\TNJ\AppData\Local\Adobe
2014-06-28 00:33 - 2014-07-02 04:16 - 00000000 ____D () C:\Users\TNJ\AppData\Roaming\Google
2014-06-28 00:32 - 2014-07-23 10:42 - 00000902 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-28 00:32 - 2014-07-23 09:19 - 00000898 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-28 00:32 - 2014-06-28 00:37 - 00003874 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-28 00:32 - 2014-06-28 00:37 - 00003638 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-28 00:32 - 2014-06-28 00:32 - 00000000 ____D () C:\ProgramData\Google
2014-06-28 00:32 - 2014-06-28 00:32 - 00000000 ____D () C:\Program Files\Google
2014-06-23 21:36 - 2014-07-20 22:54 - 00000000 ____D () C:\Users\TNJ\Desktop\WD

==================== One Month Modified Files and Folders =======

2014-07-23 10:49 - 2014-07-23 08:41 - 00022686 _____ () C:\Users\TNJ\Downloads\FRST.txt
2014-07-23 10:48 - 2014-07-23 08:40 - 00000000 ____D () C:\FRST
2014-07-23 10:46 - 2012-12-28 16:00 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2184931612-1366121782-874108780-1001
2014-07-23 10:44 - 2014-07-23 10:44 - 00031922 _____ () C:\Users\TNJ\Downloads\Result.txt
2014-07-23 10:42 - 2014-07-23 10:42 - 00401920 _____ (Farbar) C:\Users\TNJ\Downloads\MiniToolBox.exe
2014-07-23 10:42 - 2014-06-28 00:32 - 00000902 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-23 10:41 - 2014-07-23 10:26 - 00000000 ____D () C:\WINDOWS\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-07-23 10:34 - 2014-03-03 19:10 - 00000000 ____D () C:\Program Files\SavingsBull
2014-07-23 10:32 - 2014-05-01 09:20 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-07-23 10:26 - 2014-07-23 10:26 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-07-23 10:26 - 2014-07-23 10:26 - 00000000 _____ () C:\autoexec.bat
2014-07-23 10:00 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-07-23 09:48 - 2013-11-19 11:23 - 01850654 _____ () C:\WINDOWS\WindowsUpdate.log
2014-07-23 09:42 - 2013-12-16 08:55 - 00004948 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for HOPE-TNJ Hope
2014-07-23 09:35 - 2014-07-23 09:29 - 00000000 ____D () C:\ProgramData\PC1Data
2014-07-23 09:35 - 2014-03-08 03:06 - 00000000 ____D () C:\Users\TNJ\AppData\Local\Nero
2014-07-23 09:31 - 2014-02-11 18:04 - 00000000 ____D () C:\Users\TNJ\AppData\Roaming\ID Vault
2014-07-23 09:29 - 2014-07-23 09:29 - 00003540 _____ () C:\WINDOWS\System32\Tasks\PC Cleaner Pro Update Job
2014-07-23 09:29 - 2014-07-23 09:29 - 00003516 _____ () C:\WINDOWS\System32\Tasks\PC Cleaner Pro Optimization
2014-07-23 09:29 - 2014-07-23 09:29 - 00000749 _____ () C:\Users\TNJ\Desktop\PC Cleaner Pro.lnk
2014-07-23 09:29 - 2014-07-23 09:29 - 00000000 ____D () C:\Users\TNJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC Cleaners
2014-07-23 09:29 - 2014-07-23 09:29 - 00000000 ____D () C:\ProgramData\PC Cleaners
2014-07-23 09:28 - 2014-07-23 09:28 - 05310224 _____ (PC Cleaners) C:\Users\TNJ\Downloads\app3_Install_eng(1).exe
2014-07-23 09:27 - 2014-07-23 09:29 - 05310224 _____ (PC Cleaners) C:\ProgramData\pclunst.exe
2014-07-23 09:27 - 2014-07-23 09:27 - 05310224 _____ (PC Cleaners) C:\Users\TNJ\Downloads\app3_Install_eng.exe
2014-07-23 09:27 - 2012-12-20 00:35 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2014-07-23 09:22 - 2014-07-23 08:28 - 00000000 ____D () C:\Program Files (x86)\NpackdDetected
2014-07-23 09:22 - 2014-07-23 07:48 - 00000000 ____D () C:\ProgramData\Npackd
2014-07-23 09:20 - 2014-05-30 19:40 - 00000000 ___RD () C:\Users\TNJ\Dropbox
2014-07-23 09:20 - 2014-05-30 19:39 - 00000000 ____D () C:\Users\TNJ\AppData\Roaming\DropboxMaster
2014-07-23 09:20 - 2014-05-30 19:38 - 00000000 ____D () C:\Users\TNJ\AppData\Roaming\Dropbox
2014-07-23 09:19 - 2014-07-23 09:19 - 00000000 ___RD () C:\Users\TNJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-07-23 09:19 - 2014-07-23 07:48 - 00000008 __RSH () C:\Users\TNJ\ntuser.pol
2014-07-23 09:19 - 2014-06-28 00:32 - 00000898 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-23 09:19 - 2013-12-21 21:51 - 00002050 _____ () C:\WINDOWS\Tasks\AppLow-firefoxinstaller.job
2014-07-23 09:19 - 2013-12-21 21:51 - 00001940 _____ () C:\WINDOWS\Tasks\AppLow-chromeinstaller.job
2014-07-23 09:19 - 2013-12-21 21:51 - 00001304 _____ () C:\WINDOWS\Tasks\AppLow-updater.job
2014-07-23 09:19 - 2013-12-21 21:51 - 00001206 _____ () C:\WINDOWS\Tasks\AppLow-codedownloader.job
2014-07-23 09:19 - 2013-12-21 21:51 - 00001106 _____ () C:\WINDOWS\Tasks\AppLow-enabler.job
2014-07-23 09:19 - 2013-11-19 11:31 - 00000000 __RDO () C:\Users\TNJ\SkyDrive
2014-07-23 09:19 - 2013-11-19 11:09 - 00000000 ____D () C:\Users\TNJ
2014-07-23 09:19 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-07-23 09:18 - 2013-08-22 10:36 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy
2014-07-23 09:18 - 2013-08-22 08:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2014-07-23 09:17 - 2014-07-23 08:42 - 00045658 _____ () C:\Users\TNJ\Downloads\Addition.txt
2014-07-23 09:11 - 2013-11-19 11:37 - 11795968 ___SH () C:\Users\TNJ\Desktop\Thumbs.db
2014-07-23 09:10 - 2013-09-29 22:55 - 00126564 _____ () C:\WINDOWS\PFRO.log
2014-07-23 08:39 - 2014-07-23 08:38 - 01082368 _____ (Farbar) C:\Users\TNJ\Downloads\FRST.exe
2014-07-23 08:39 - 2014-07-23 08:31 - 02091520 _____ (Farbar) C:\Users\TNJ\Downloads\FRST64.exe
2014-07-23 08:37 - 2014-01-12 03:04 - 00340992 ___SH () C:\Users\TNJ\Downloads\Thumbs.db
2014-07-23 08:28 - 2014-07-23 08:28 - 00000000 ____D () C:\.Npackd
2014-07-23 08:28 - 2014-07-23 07:49 - 00000000 ____D () C:\Program Files (x86)\Simple
2014-07-23 08:28 - 2014-07-23 07:48 - 00000000 ____D () C:\Program Files (x86)\Like
2014-07-23 08:28 - 2014-06-11 00:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-23 08:28 - 2014-04-08 11:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-23 08:28 - 2014-02-11 18:03 - 00000000 ____D () C:\Program Files (x86)\Constant Guard Protection Suite
2014-07-23 08:28 - 2013-12-22 01:56 - 00000000 ____D () C:\Users\TNJ\AppData\Local\iLivid
2014-07-23 08:28 - 2013-12-21 21:51 - 00000000 ____D () C:\Program Files (x86)\EZDownloader
2014-07-23 08:28 - 2013-06-30 12:34 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-23 08:28 - 2013-06-05 18:22 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-07-23 08:28 - 2013-05-21 12:25 - 00000000 ____D () C:\Program Files\My Dell
2014-07-23 08:28 - 2013-04-02 13:38 - 00000000 ____D () C:\Program Files (x86)\Nero
2014-07-23 08:28 - 2013-01-05 14:06 - 00000000 ____D () C:\Users\TNJ\AppData\Local\Akamai
2014-07-23 08:28 - 2012-12-28 16:49 - 00000000 ____D () C:\Program Files\Adobe
2014-07-23 08:28 - 2012-12-28 16:49 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-07-23 08:28 - 2012-12-20 00:38 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-07-23 08:28 - 2012-12-20 00:38 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2014-07-23 08:28 - 2012-12-20 00:33 - 00000000 ____D () C:\Program Files (x86)\CyberLink
2014-07-23 08:28 - 2012-12-20 00:29 - 00000000 ____D () C:\Program Files (x86)\Dell Wireless
2014-07-23 08:28 - 2012-12-20 00:28 - 00000000 ____D () C:\Program Files (x86)\Multimedia Card Reader(9106)
2014-07-23 08:28 - 2012-12-20 00:25 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2014-07-23 08:28 - 2012-12-20 00:25 - 00000000 ____D () C:\Program Files (x86)\AMD APP
2014-07-23 08:26 - 2014-02-11 18:04 - 00000000 ____D () C:\Users\TNJ\AppData\Local\ID Vault
2014-07-23 08:25 - 2014-02-11 18:03 - 00049752 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\AntiLog64.sys
2014-07-23 08:25 - 2014-02-11 18:03 - 00002215 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Constant Guard.lnk
2014-07-23 08:25 - 2014-02-11 18:03 - 00002203 _____ () C:\Users\Public\Desktop\Constant Guard.lnk
2014-07-23 08:25 - 2014-02-11 18:03 - 00000000 ____D () C:\WINDOWS\SysWOW64\ZALSDK_uninst
2014-07-23 08:14 - 2014-01-31 19:21 - 00000000 ____D () C:\Program Files (x86)\DriverUpdate
2014-07-23 08:11 - 2013-08-22 10:36 - 00000000 __RHD () C:\Users\Public\Libraries
2014-07-23 07:56 - 2014-07-23 07:49 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2014-07-23 07:54 - 2014-07-23 07:48 - 00000000 ____D () C:\Users\TNJ\AppData\Local\Fast Browser
2014-07-23 07:53 - 2014-07-23 07:50 - 00000000 ____D () C:\ProgramData\BlueStacks
2014-07-23 07:53 - 2014-02-08 07:19 - 00000000 ____D () C:\Users\TNJ\AppData\Local\VirtualStore
2014-07-23 07:48 - 2014-07-23 07:48 - 00003214 _____ () C:\WINDOWS\System32\Tasks\NSManager
2014-07-23 07:48 - 2014-07-23 07:48 - 00002243 _____ () C:\Users\TNJ\AppData\Roaming\Microsoft\Windows\Start Menu\Search.lnk
2014-07-23 07:48 - 2014-07-23 07:48 - 00002213 _____ () C:\Users\TNJ\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.lnk
2014-07-23 07:48 - 2014-07-23 07:48 - 00002211 _____ () C:\Users\TNJ\AppData\Roaming\Microsoft\Windows\Start Menu\YouTube.lnk
2014-07-23 07:48 - 2014-07-23 07:48 - 00002209 _____ () C:\Users\TNJ\AppData\Roaming\Microsoft\Windows\Start Menu\Amazon.lnk
2014-07-23 07:48 - 2014-07-23 07:48 - 00000000 ____D () C:\Users\TNJ\AppData\Local\NSManager
2014-07-23 07:48 - 2014-07-23 07:48 - 00000000 ____D () C:\Program Files (x86)\NpackdCL
2014-07-23 07:48 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\GroupPolicy
2014-07-23 07:37 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-07-23 07:32 - 2012-12-28 15:54 - 00000000 ____D () C:\Users\TNJ\AppData\Local\Packages
2014-07-23 06:00 - 2014-07-22 19:08 - 00000000 ____D () C:\Users\TNJ\Desktop\logowork
2014-07-23 05:27 - 2013-11-19 11:33 - 00003902 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{506B6F2E-0EFA-475F-A8D1-1F0E207C60B2}
2014-07-22 22:35 - 2014-07-22 22:33 - 00000000 ____D () C:\Users\TNJ\Desktop\Daniel Johnston
2014-07-22 19:08 - 2014-07-16 16:47 - 00000000 ____D () C:\Users\TNJ\Desktop\mini monitor
2014-07-22 18:08 - 2014-07-22 18:07 - 00000000 ____D () C:\Users\TNJ\Desktop\Adobe Premiere Elements Preview Files
2014-07-22 17:36 - 2014-06-03 18:56 - 00000000 ____D () C:\Users\TNJ\Desktop\t shirts
2014-07-22 05:34 - 2014-07-19 19:16 - 00000000 ____D () C:\Users\TNJ\Desktop\Sasha Brusin
2014-07-21 04:06 - 2013-09-29 23:04 - 00865408 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-07-20 23:18 - 2014-07-13 06:17 - 00000000 ____D () C:\Users\TNJ\Desktop\lrp
2014-07-20 22:54 - 2014-06-23 21:36 - 00000000 ____D () C:\Users\TNJ\Desktop\WD
2014-07-19 15:21 - 2014-07-03 12:03 - 00000000 ____D () C:\Users\TNJ\Desktop\july
2014-07-19 15:21 - 2014-06-21 10:08 - 00000000 ____D () C:\Users\TNJ\Desktop\zoom
2014-07-19 02:08 - 2014-07-18 23:02 - 00000000 ____D () C:\Users\TNJ\Desktop\AAAlrp radio
2014-07-19 00:02 - 2014-07-19 00:02 - 00000000 ____D () C:\Users\TNJ\Desktop\4th
2014-07-19 00:02 - 2014-07-19 00:02 - 00000000 ____D () C:\Users\TNJ\AppData\Local\Cyberlink
2014-07-17 22:52 - 2013-02-15 22:52 - 00000157 _____ () C:\WINDOWS\SysWOW64\SystemPreferences.xml
2014-07-17 11:12 - 2013-01-04 20:24 - 00000000 ____D () C:\Users\TNJ\AppData\Roaming\PCDr
2014-07-16 20:00 - 2014-07-16 18:40 - 00000000 ____D () C:\Users\TNJ\Desktop\ces
2014-07-15 23:21 - 2014-02-08 07:19 - 00016152 _____ () C:\WINDOWS\system32\Drivers\SWDUMon.sys
2014-07-15 23:12 - 2014-01-31 19:21 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers
2014-07-11 20:03 - 2014-07-02 15:53 - 00000000 ____D () C:\Users\TNJ\Desktop\Legba
2014-07-11 20:01 - 2014-05-22 20:29 - 00000000 ____D () C:\Users\TNJ\Desktop\Prodo Cabs
2014-07-11 19:51 - 2014-06-29 09:38 - 00000000 ____D () C:\Users\TNJ\Desktop\awesome post
2014-07-11 19:51 - 2014-05-05 14:05 - 00000000 ____D () C:\Users\TNJ\Desktop\AYA
2014-07-11 19:50 - 2014-06-21 23:04 - 00000000 ____D () C:\Users\TNJ\Desktop\st
2014-07-11 19:50 - 2014-05-25 23:23 - 00000000 ____D () C:\Users\TNJ\Desktop\10
2014-07-11 19:50 - 2014-03-11 22:25 - 00000000 ____D () C:\Users\TNJ\Desktop\march
2014-07-11 15:22 - 2013-11-19 16:28 - 00007168 ___SH () C:\Users\TNJ\Thumbs.db
2014-07-09 17:52 - 2014-07-09 17:52 - 00201419 _____ () C:\Users\TNJ\Documents\Payment for item  EarCandy Bassomb 2x12 Bass Guitar Amp Speaker.oxps
2014-07-09 15:37 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-07-09 15:10 - 2014-07-09 15:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2014-07-09 15:10 - 2014-07-09 15:10 - 00000000 ____D () C:\Program Files (x86)\Canon
2014-07-09 15:10 - 2013-08-22 10:36 - 00000000 __RSD () C:\WINDOWS\Media
2014-07-09 15:09 - 2014-07-09 15:09 - 00000000 ___HD () C:\WINDOWS\system32\CanonIJ Uninstaller Information
2014-07-09 15:09 - 2014-07-09 15:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG3200 series
2014-07-09 15:08 - 2014-07-09 15:08 - 00000000 ___HD () C:\Program Files\CanonBJ
2014-07-09 15:05 - 2014-07-09 15:05 - 00558928 _____ () C:\WINDOWS\Minidump\070914-69609-01.dmp
2014-07-09 15:05 - 2014-07-09 15:05 - 00000000 ____D () C:\WINDOWS\Minidump
2014-07-09 15:05 - 2013-08-22 09:44 - 00492280 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-07-09 15:04 - 2014-07-09 15:04 - 1142492698 _____ () C:\WINDOWS\MEMORY.DMP
2014-07-09 14:57 - 2013-08-22 10:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-07-09 14:57 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-09 14:57 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-09 14:57 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-07-09 14:38 - 2014-07-09 14:38 - 14851664 _____ () C:\Users\TNJ\Downloads\xp68-win-mg3200-5_60a-ejs.exe
2014-07-09 11:30 - 2013-08-13 19:50 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-07-09 11:30 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-07-09 11:29 - 2013-01-04 19:46 - 96441528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-07-09 11:24 - 2013-08-22 09:46 - 00300845 _____ () C:\WINDOWS\setupact.log
2014-07-09 11:24 - 2013-08-22 09:46 - 00000440 _____ () C:\WINDOWS\setuperr.log
2014-07-09 11:23 - 2013-09-29 22:51 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-09 11:22 - 2014-07-09 11:22 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-07-09 06:22 - 2014-07-09 06:22 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-07-08 12:27 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-07-08 11:32 - 2014-05-01 09:20 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-07-07 09:08 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-07-02 04:16 - 2014-06-28 00:33 - 00000000 ____D () C:\Users\TNJ\AppData\Roaming\Google
2014-06-30 23:56 - 2014-06-28 02:00 - 00000000 ____D () C:\Users\TNJ\AppData\Local\Adobe
2014-06-30 17:45 - 2014-07-09 06:24 - 00688128 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-06-28 08:55 - 2014-04-08 10:53 - 00000000 ____D () C:\Users\TNJ\AppData\Local\Google
2014-06-28 02:48 - 2014-07-09 06:24 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-06-28 02:35 - 2014-04-03 07:04 - 00000000 ____D () C:\Users\TNJ\Desktop\do npt file
2014-06-28 02:07 - 2014-07-09 06:24 - 00385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2014-06-28 00:37 - 2014-06-28 00:32 - 00003874 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-28 00:37 - 2014-06-28 00:32 - 00003638 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-28 00:32 - 2014-06-28 00:32 - 00000000 ____D () C:\ProgramData\Google
2014-06-28 00:32 - 2014-06-28 00:32 - 00000000 ____D () C:\Program Files\Google
2014-06-28 00:32 - 2014-04-08 10:53 - 00000000 ____D () C:\Program Files (x86)\Google
2014-06-26 15:55 - 2014-04-30 17:48 - 00703968 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-06-26 15:55 - 2014-04-30 17:48 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-24 19:43 - 2014-06-01 15:24 - 00000000 ____D () C:\Users\TNJ\Desktop\june
2014-06-24 12:16 - 2014-04-04 19:10 - 00000000 ____D () C:\Users\TNJ\Desktop\cats

Files to move or delete:
====================
C:\ProgramData\pclunst.exe
C:\Users\TNJ\PremiereElements_10_Content_SD1_LS15.exe

Some content of TEMP:
====================
C:\Users\TNJ\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpmatmjk.dll
C:\Users\TNJ\AppData\Local\Temp\SHSetup.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-07-23 08:53

==================== End Of Log ============================



#9 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:09 PM

Posted 23 July 2014 - 10:52 AM

Step 1: Adwarecleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1
  • Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.
Note: The log can also be found in here: C:\AdwCleaner\

Step 2: Malwarebytes

Please download Malwarebytes Anti-Malware to your desktop Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings.JPG

Go back to the Dashboard and select Scan Now

MBAMScan.JPG

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot.JPG

MBAMLog.JPG

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Attach/Post that log

Step 3: Junkware Removal Tool

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#10 timpaul

timpaul
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:09 PM

Posted 23 July 2014 - 10:57 AM

doing all this right away , will be right back, thank you so much for your time and kindness!!



#11 timpaul

timpaul
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:09 PM

Posted 23 July 2014 - 11:07 AM

# AdwCleaner v3.216 - Report created 23/07/2014 at 10:59:11
# Updated 17/07/2014 by Xplode
# Operating System : Windows 8.1  (64 bits)
# Username : TNJ - HOPE
# Running from : C:\Users\TNJ\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\QuickSet
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EZDownloader
Folder Deleted : C:\Program Files (x86)\EZDownloader
Folder Deleted : C:\Program Files (x86)\SavingsBull
Folder Deleted : C:\Program Files (x86)\AppLow
Folder Deleted : C:\Program Files\Level Quality Watcher
Folder Deleted : C:\Program Files\SavingsBull
Folder Deleted : C:\Users\TNJ\AppData\Local\iLivid
Folder Deleted : C:\Users\TNJ\AppData\Roaming\EZDownloader
Folder Deleted : C:\Users\TNJ\AppData\Roaming\Mozilla\Firefox\Profiles\pt64k5lw.default\Extensions\c1dfde74-f2be-4d24-9833-8adc6cf3e059@53734d20-186a-4050-aeb4-42d8dba902f7.com
Folder Deleted : C:\Users\TNJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjfaiddfmhjabcagledbpoppaapacnp
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk
File Deleted : C:\Users\TNJ\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\iLivid.lnk
File Deleted : C:\Users\TNJ\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.lnk
File Deleted : C:\Users\TNJ\AppData\Roaming\Microsoft\Windows\Start Menu\Search.lnk
File Deleted : C:\Users\TNJ\AppData\Roaming\Microsoft\Windows\Start Menu\Youtube.lnk
File Deleted : C:\Users\TNJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk
File Deleted : C:\Users\TNJ\Desktop\iLivid.lnk
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\safesearch.xml
File Deleted : C:\WINDOWS\Tasks\AppLow-chromeinstaller.job
File Deleted : C:\WINDOWS\System32\Tasks\AppLow-chromeinstaller
File Deleted : C:\WINDOWS\Tasks\AppLow-codedownloader.job
File Deleted : C:\WINDOWS\System32\Tasks\AppLow-codedownloader
File Deleted : C:\WINDOWS\Tasks\AppLow-enabler.job
File Deleted : C:\WINDOWS\System32\Tasks\AppLow-enabler
File Deleted : C:\WINDOWS\Tasks\AppLow-firefoxinstaller.job
File Deleted : C:\WINDOWS\System32\Tasks\AppLow-firefoxinstaller
File Deleted : C:\WINDOWS\Tasks\AppLow-updater.job
File Deleted : C:\WINDOWS\System32\Tasks\AppLow-updater

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\Classes\iLivid.torrent
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [iLivid]
Key Deleted : HKLM\SOFTWARE\Classes\Applications\Torch.exe
Key Deleted : HKLM\SOFTWARE\Classes\iLivid.torrent
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0045360.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0045360.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0045360.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0045360.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110411531160}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422532260}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550455535560}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466536660}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440444534460}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411531160}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110411531160}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110411531160}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{034b6e3c-e30c-4df1-97f2-11517780b0fc}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{20864dd8-05d2-49b6-a473-fd3ec7d99353}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a4559128-6421-457e-81ce-90541037877b}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c23bfbec-fe81-4e9f-a888-71ea2c70d73e}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{edc262a3-2fa9-42a4-9cb8-7893ef883b36}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110411531160}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422532260}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550455535560}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466536660}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411531160}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{034b6e3c-e30c-4df1-97f2-11517780b0fc}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{20864dd8-05d2-49b6-a473-fd3ec7d99353}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a4559128-6421-457e-81ce-90541037877b}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c23bfbec-fe81-4e9f-a888-71ea2c70d73e}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{edc262a3-2fa9-42a4-9cb8-7893ef883b36}
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\installedbrowserextensions
Key Deleted : HKCU\Software\torch
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\Savings Bull
Key Deleted : HKCU\Software\AppDataLow\Software\AppLow
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\Software\SavingsBullFilter
Key Deleted : HKLM\Software\torch
Key Deleted : HKLM\Software\AppLow
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\ilivid
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0F44DC3A-6E62-4961-A14B-95323C512F9B}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ilivid
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AppLow
Key Deleted : [x64] HKLM\SOFTWARE\LevelQualityWatcher

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17126

-\\ Mozilla Firefox v30.0 (en-US)

[ File : C:\Users\TNJ\AppData\Roaming\Mozilla\Firefox\Profiles\pt64k5lw.default\prefs.js ]

Line Deleted : user_pref("extensions.ac1dfde74f2be4d2498338adc6cf3e05953734d20186a4050aeb442d8dba902f7com45360.45360.InstallationThankYouPage", false);
Line Deleted : user_pref("extensions.ac1dfde74f2be4d2498338adc6cf3e05953734d20186a4050aeb442d8dba902f7com45360.45360.InstallationTime", 1387680669);
Line Deleted : user_pref("extensions.ac1dfde74f2be4d2498338adc6cf3e05953734d20186a4050aeb442d8dba902f7com45360.45360.ac1dfde74f2be4d2498338adc6cf3e05953734d20186a4050aeb442d8dba902f7com45360_dbWasSet", true);
Line Deleted : user_pref("extensions.ac1dfde74f2be4d2498338adc6cf3e05953734d20186a4050aeb442d8dba902f7com45360.45360.ac1dfde74f2be4d2498338adc6cf3e05953734d20186a4050aeb442d8dba902f7com45360_dbWasSet_FF25_FIX", true[...]
Line Deleted : user_pref("extensions.ac1dfde74f2be4d2498338adc6cf3e05953734d20186a4050aeb442d8dba902f7com45360.45360.active", true);
Line Deleted : user_pref("extensions.ac1dfde74f2be4d2498338adc6cf3e05953734d20186a4050aeb442d8dba902f7com45360.45360.addressbar", "NA");
Line Deleted : user_pref("extensions.ac1dfde74f2be4d2498338adc6cf3e05953734d20186a4050aeb442d8dba902f7com45360.45360.addressbarenhanced", "");
Line Deleted : user_pref("extensions.ac1dfde74f2be4d2498338adc6cf3e05953734d20186a4050aeb442d8dba902f7com45360.45360.asyncdb.was_copied", "true");
Line Deleted : user_pref("extensions.ac1dfde74f2be4d2498338adc6cf3e05953734d20186a4050aeb442d8dba902f7com45360.45360.asyncdb_dbWasSet", true);
Line Deleted : user_pref("extensions.ac1dfde74f2be4d2498338adc6cf3e05953734d20186a4050aeb442d8dba902f7com45360.45360.asyncdb_dbWasSet_FF25_FIX", true);
Line Deleted : user_pref("extensions.ac1dfde74f2be4d2498338adc6cf3e05953734d20186a4050aeb442d8dba902f7com45360.45360.asyncinternaldb.was_copied", "true");
Line Deleted : user_pref("extensions.ac1dfde74f2be4d2498338adc6cf3e05953734d20186a4050aeb442d8dba902f7com45360.45360.asyncinternaldb_dbWasSet", true);
Line Deleted : user_pref("extensions.ac1dfde74f2be4d2498338adc6cf3e05953734d20186a4050aeb442d8dba902f7com45360.45360.asyncinternaldb_dbWasSet_FF25_FIX", true);
Line Deleted : user_pref("extensions.ac1dfde74f2be4d2498338adc6cf3e05953734d20186a4050aeb442d8dba902f7com45360.45360.backgroundver", 1);
Line Deleted : user_pref("extensions.ac1dfde74f2be4d2498338adc6cf3e05953734d20186a4050aeb442d8dba902f7com45360.45360.certdomaininstaller", "");
Line Deleted : user_pref("extensions.ac1dfde74f2be4d2498338adc6cf3e05953734d20186a4050aeb442d8dba902f7com45360.45360.changeprevious", false);
Line Deleted : user_pref("extensions.ac1dfde74f2be4d2498338adc6cf3e05953734d20186a4050aeb442d8dba902f7com45360.45360.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Daylight Time)");
Line Deleted : user_pref("extensions.ac1dfde74f2be4d2498338adc6cf3e05953734d20186a4050aeb442d8dba902f7com45360.45360.cookie.InstallationTime.value", "%221387680669%22");
Line Deleted : user_pref("extensions.ac1dfde74f2be4d2498338adc6cf3e05953734d20186a4050aeb442d8dba902f7com45360.45360.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Daylight Time)");
Line Deleted : user_pref("extensions.ac1dfde74f2be4d2498338adc6cf3e05953734d20186a4050aeb442d8dba902f7com45360.45360.cookie.InstallerParams.value", "%7B%22source_id%22%3A%22000796%22%2C%22sub_id%22%3A%220%22%2C%22uz[...]
Line Deleted : user_pref("extensions.ac1dfde74f2be4d2498338adc6cf3e05953734d20186a4050aeb442d8dba902f7com45360.45360.description", "Get free coupons as you surf the web");
Line Deleted : user_pref("extensions.ac1dfde74f2be4d2498338adc6cf3e05953734d20186a4050aeb442d8dba902f7com45360.45360.domain", "");
Line Deleted : user_pref("extensions.ac1dfde74f2be4d2498338adc6cf3e05953734d20186a4050aeb442d8dba902f7com45360.45360.enablesearch", false);
Line Deleted : user_pref("extensions.ac1dfde74f2be4d2498338adc6cf3e05953734d20186a4050aeb442d8dba902f7com45360.45360.homepage", "");
Line Deleted : user_pref("extensions.ac1dfde74f2be4d2498338adc6cf3e05953734d20186a4050aeb442d8dba902f7com45360.45360.iframe", true);
Line Deleted : user_pref("extensions.ac1dfde74f2be4d2498338adc6cf3e05953734d20186a4050aeb442d8dba902f7com45360.45360.internaldb.InstallerIdentifiers.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Daylight [...]
Line Deleted : user_pref("extensions.ac1dfde74f2be4d2498338adc6cf3e05953734d20186a4050aeb442d8dba902f7com45360.45360.internaldb.InstallerIdentifiers.value", "%7B%22installer_bic%22%3A%22A7E3400354EF41C392977DEB4FD96[...]
Line Deleted : user_pref("extensions.ac1dfde74f2be4d2498338adc6cf3e05953734d20186a4050aeb442d8dba902f7com45360.45360.internaldb.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Daylight Time)[...]
Line Deleted : user_pref("extensions.ac1dfde74f2be4d2498338adc6cf3e05953734d20186a4050aeb442d8dba902f7com45360.45360.internaldb.InstallerParams.value", "%7B%22source_id%22%3A%22000796%22%2C%22sub_id%22%3A%220%22%2C%[...]
Line Deleted : user_pref("extensions.ac1dfde74f2be4d2498338adc6cf3e05953734d20186a4050aeb442d8dba902f7com45360.45360.internaldb.InstallerParamsCache.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Daylight [...]
Line Deleted : user_pref("extensions.ac1dfde74f2be4d2498338adc6cf3e05953734d20186a4050aeb442d8dba902f7com45360.45360.internaldb.InstallerParamsCache.value", "%7B%22source_id%22%3A%22000796%22%2C%22sub_id%22%3A%220%2[...]
Line Deleted : user_pref("extensions.ac1dfde74f2be4d2498338adc6cf3e05953734d20186a4050aeb442d8dba902f7com45360.45360.internaldb.InstallerUserIdentifiersCache.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central [...]
Line Deleted : user_pref("extensions.ac1dfde74f2be4d2498338adc6cf3e05953734d20186a4050aeb442d8dba902f7com45360.45360.internaldb.InstallerUserIdentifiersCache.value", "%7B%22installer_bic%22%3A%22A7E3400354EF41C39297[...]
Line Deleted : user_pref("extensions.ac1dfde74f2be4d2498338adc6cf3e05953734d20186a4050aeb442d8dba902f7com45360.45360.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Daylight Time[...]
Line Deleted : user_pref("extensions.ac1dfde74f2be4d2498338adc6cf3e05953734d20186a4050aeb442d8dba902f7com45360.45360.internaldb.Resources_appVer.value", "25");
Line Deleted : user_pref("extensions.ac1dfde74f2be4d2498338adc6cf3e05953734d20186a4050aeb442d8dba902f7com45360.45360.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Daylight[...]
Line Deleted : user_pref("extensions.ac1dfde74f2be4d2498338adc6cf3e05953734d20186a4050aeb442d8dba902f7com45360.45360.internaldb.Resources_lastVersion.value", "1");
Line Deleted : user_pref("extensions.ac1dfde74f2be4d2498338adc6cf3e05953734d20186a4050aeb442d8dba902f7com45360.45360.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Daylight Time)"[...]
Line Deleted : user_pref("extensions.ac1dfde74f2be4d2498338adc6cf3e05953734d20186a4050aeb442d8dba902f7com45360.45360.internaldb.Resources_meta.value", "%7B%7D");
Line Deleted : user_pref("extensions.ac1dfde74f2be4d2498338adc6cf3e05953734d20186a4050aeb442d8dba902f7com45360.45360.internaldb.Resources_nextCheck.expiration", "Wed Jul 23 2014 14:12:49 GMT-0500 (Central Standard T[...]
Line Deleted : user_pref("extensions.ac1dfde74f2be4d2498338adc6cf3e05953734d20186a4050aeb442d8dba902f7com45360.45360.internaldb.Resources_nextCheck.value", "true");
Line Deleted : user_pref("extensions.ac1dfde74f2be4d2498338adc6cf3e05953734d20186a4050aeb442d8dba902f7com45360.45360.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Daylight Time)[...]
Line Deleted : user_pref("extensions.ac1dfde74f2be4d2498338adc6cf3e05953734d20186a4050aeb442d8dba902f7com45360.45360.internaldb.Resources_queue.value", "%7B%7D");
Line Deleted : user_pref("extensions.ac1dfde74f2be4d2498338adc6cf3e05953734d20186a4050aeb442d8dba902f7com45360.45360.internaldb.Resources_remote_resources.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Day[...]
Line Deleted : user_pref("extensions.ac1dfde74f2be4d2498338adc6cf3e05953734d20186a4050aeb442d8dba902f7com45360.45360.internaldb.Resources_remote_resources.value", "%7B%22remoteId%22%3A0%7D");
Line Deleted : user_pref("extensions.ac1dfde74f2be4d2498338adc6cf3e05953734d20186a4050aeb442d8dba902f7com45360.45360.internaldb.installer.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Daylight Time)");
Line Deleted : user_pref("extensions.ac1dfde74f2be4d2498338adc6cf3e05953734d20186a4050aeb442d8dba902f7com45360.45360.internaldb.installer.value", "%7B%22InstallerIdentifiers%22%3A%7B%22installer_bic%22%3A%22A7E34003[...]
Line Deleted : user_pref("extensions.ac1dfde74f2be4d2498338adc6cf3e05953734d20186a4050aeb442d8dba902f7com45360.45360.internaldb.monetization_plugin__disable_bi_pixel_.expiration", "Fri Jul 25 2014 19:38:49 GMT-0500 [...]
Line Deleted : user_pref("extensions.ac1dfde74f2be4d2498338adc6cf3e05953734d20186a4050aeb442d8dba902f7com45360.45360.internaldb.monetization_plugin__disable_bi_pixel_.value", "true");
Line Deleted : user_pref("extensions.ac1dfde74f2be4d2498338adc6cf3e05953734d20186a4050aeb442d8dba902f7com45360.45360.internaldb.monetization_plugin_bundledUrls.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Centra[...]
Line Deleted : user_pref("extensions.ac1dfde74f2be4d2498338adc6cf3e05953734d20186a4050aeb442d8dba902f7com45360.45360.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssf[...]
Line Deleted : user_pref("extensions.ac1dfde74f2be4d2498338adc6cf3e05953734d20186a4050aeb442d8dba902f7com45360.45360.internaldb.monetization_plugin_bundledWithHash.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Ce[...]
Line Deleted : user_pref("extensions.ac1dfde74f2be4d2498338adc6cf3e05953734d20186a4050aeb442d8dba902f7com45360.45360.internaldb.monetization_plugin_bundledWithHash.value", "null");
Line Deleted : user_pref("extensions.ac1dfde74f2be4d2498338adc6cf3e05953734d20186a4050aeb442d8dba902f7com45360.45360.internaldb.monetization_plugin_last_executable_request.expiration", "Wed Jul 23 2014 21:28:42 GMT-[...]
Line Deleted : user_pref("extensions.ac1dfde74f2be4d2498338adc6cf3e05953734d20186a4050aeb442d8dba902f7com45360.45360.internaldb.monetization_plugin_last_executable_request.value", "%22hxxp%3A//pccleaner.com/app3_Ins[...]
Line Deleted : user_pref("extensions.ac1dfde74f2be4d2498338adc6cf3e05953734d20186a4050aeb442d8dba902f7com45360.45360.internaldb.monetization_plugin_notBundledArr_.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Cen[...]
Line Deleted : user_pref("extensions.ac1dfde74f2be4d2498338adc6cf3e05953734d20186a4050aeb442d8dba902f7com45360.45360.internaldb.monetization_plugin_notBundledArr_.value", "%5B%5D");
Line Deleted : user_pref("extensions.ac1dfde74f2be4d2498338adc6cf3e05953734d20186a4050aeb442d8dba902f7com45360.45360.internaldb.monetization_plugin_regBundledWithSoftware.expiration", "Fri Feb 01 2030 00:00:00 GMT-0[...]
Line Deleted : user_pref("extensions.ac1dfde74f2be4d2498338adc6cf3e05953734d20186a4050aeb442d8dba902f7com45360.45360.internaldb.monetization_plugin_regBundledWithSoftware.value", "%7B%7D");
Line Deleted : user_pref("extensions.ac1dfde74f2be4d2498338adc6cf3e05953734d20186a4050aeb442d8dba902f7com45360.45360.lastDailyReport", "1406121168914");
Line Deleted : user_pref("extensions.ac1dfde74f2be4d2498338adc6cf3e05953734d20186a4050aeb442d8dba902f7com45360.45360.lastUpdate", "1406121168455");
Line Deleted : user_pref("extensions.ac1dfde74f2be4d2498338adc6cf3e05953734d20186a4050aeb442d8dba902f7com45360.45360.manifesturl", "");
Line Deleted : user_pref("extensions.ac1dfde74f2be4d2498338adc6cf3e05953734d20186a4050aeb442d8dba902f7com45360.45360.name", "AppLow");
Line Deleted : user_pref("extensions.ac1dfde74f2be4d2498338adc6cf3e05953734d20186a4050aeb442d8dba902f7com45360.45360.newtab", "");
Line Deleted : user_pref("extensions.ac1dfde74f2be4d2498338adc6cf3e05953734d20186a4050aeb442d8dba902f7com45360.45360.opensearch", "");
Line Deleted : user_pref("extensions.ac1dfde74f2be4d2498338adc6cf3e05953734d20186a4050aeb442d8dba902f7com45360.45360.pluginsurl", "hxxp://js.geninfocloud.com/plugin/apps/45360/plugins/na/ff/plugins.json");
Line Deleted : user_pref("extensions.ac1dfde74f2be4d2498338adc6cf3e05953734d20186a4050aeb442d8dba902f7com45360.45360.pluginsversion", 16);
Line Deleted : user_pref("extensions.ac1dfde74f2be4d2498338adc6cf3e05953734d20186a4050aeb442d8dba902f7com45360.45360.publisher", "savingcollector");
Line Deleted : user_pref("extensions.ac1dfde74f2be4d2498338adc6cf3e05953734d20186a4050aeb442d8dba902f7com45360.45360.searchstatus", 0);
Line Deleted : user_pref("extensions.ac1dfde74f2be4d2498338adc6cf3e05953734d20186a4050aeb442d8dba902f7com45360.45360.setnewtab", false);
Line Deleted : user_pref("extensions.ac1dfde74f2be4d2498338adc6cf3e05953734d20186a4050aeb442d8dba902f7com45360.45360.thankyou", "");
Line Deleted : user_pref("extensions.ac1dfde74f2be4d2498338adc6cf3e05953734d20186a4050aeb442d8dba902f7com45360.45360.updateinterval", 360);
Line Deleted : user_pref("extensions.ac1dfde74f2be4d2498338adc6cf3e05953734d20186a4050aeb442d8dba902f7com45360.45360.ver", 25);
Line Deleted : user_pref("extensions.ac1dfde74f2be4d2498338adc6cf3e05953734d20186a4050aeb442d8dba902f7com45360.FilesValidatorDueTime", "1403017355053");
Line Deleted : user_pref("extensions.ac1dfde74f2be4d2498338adc6cf3e05953734d20186a4050aeb442d8dba902f7com45360.apps", "45360");
Line Deleted : user_pref("extensions.ac1dfde74f2be4d2498338adc6cf3e05953734d20186a4050aeb442d8dba902f7com45360.bic", "1454329fe3e7bc82f8aef159d34bb987");
Line Deleted : user_pref("extensions.ac1dfde74f2be4d2498338adc6cf3e05953734d20186a4050aeb442d8dba902f7com45360.cid", 45360);
Line Deleted : user_pref("extensions.ac1dfde74f2be4d2498338adc6cf3e05953734d20186a4050aeb442d8dba902f7com45360.firstrun", false);
Line Deleted : user_pref("extensions.ac1dfde74f2be4d2498338adc6cf3e05953734d20186a4050aeb442d8dba902f7com45360.hadappinstalled", true);
Line Deleted : user_pref("extensions.ac1dfde74f2be4d2498338adc6cf3e05953734d20186a4050aeb442d8dba902f7com45360.installationdate", 1396991197);
Line Deleted : user_pref("extensions.ac1dfde74f2be4d2498338adc6cf3e05953734d20186a4050aeb442d8dba902f7com45360.modetype", "production");
Line Deleted : user_pref("extensions.ac1dfde74f2be4d2498338adc6cf3e05953734d20186a4050aeb442d8dba902f7com45360.reportInstall", true);
Line Deleted : user_pref("extensions.ac1dfde74f2be4d2498338adc6cf3e05953734d20186a4050aeb442d8dba902f7com45360.statsDailyCounter", 154);
Line Deleted : user_pref("extensions.crossrider.bic", "1454329fe3e7bc82f8aef159d34bb987");

-\\ Google Chrome v

[ File : C:\Users\TNJ\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Extension] : hmjfaiddfmhjabcagledbpoppaapacnp

*************************

AdwCleaner[R0].txt - [26662 octets] - [23/07/2014 10:56:26]
AdwCleaner[R1].txt - [26723 octets] - [23/07/2014 10:58:21]
AdwCleaner[S0].txt - [23250 octets] - [23/07/2014 10:59:11]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [23311 octets] ##########



#12 timpaul

timpaul
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:09 PM

Posted 23 July 2014 - 11:23 AM

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/23/2014
Scan Time: 11:11:11 AM
Logfile: VDL.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.07.23.05
Rootkit Database: v2014.07.17.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: TNJ

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 293517
Time Elapsed: 6 min, 50 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 7
PUP.Optional.Safesear.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\FIREFOX.EXE\SHELL\OPEN\COMMAND, "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" http://www.safesear.ch/?type=20140723-135-ff-sm, Good: (firefox.exe), Bad: ("C:\Program Files (x86)\Mozilla Firefox\firefox.exe" http://www.safesear.ch/?type=20140723-135-ff-sm),Replaced,[5899fda5403bbf77753afab6b84ca957]
PUP.Optional.Safesear.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\GOOGLE CHROME\SHELL\OPEN\COMMAND, "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" http://www.safesear.ch/?type=20140723-135-ch-sm, Good: (Chrome.exe), Bad: ("C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" http://www.safesear.ch/?type=20140723-135-ch-sm),Replaced,[03ee7b27512af244d0e24b65ed17f808]
PUP.Optional.Safesear.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, "C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://www.safesear.ch/?type=20140723-135-ie-sm, Good: (iexplore.exe), Bad: ("C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://www.safesear.ch/?type=20140723-135-ie-sm),Replaced,[1fd2356d7a01f343c9e7b5fb14f01be5]
PUP.Optional.Safesear.A, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\FIREFOX.EXE\SHELL\OPEN\COMMAND, "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" http://www.safesear.ch/?type=20140723-135-ff-sm, Good: (firefox.exe), Bad: ("C:\Program Files (x86)\Mozilla Firefox\firefox.exe" http://www.safesear.ch/?type=20140723-135-ff-sm),Replaced,[c130069c6e0d043207a8228eb94b01ff]
PUP.Optional.Safesear.A, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\GOOGLE CHROME\SHELL\OPEN\COMMAND, "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" http://www.safesear.ch/?type=20140723-135-ch-sm, Good: (Chrome.exe), Bad: ("C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" http://www.safesear.ch/?type=20140723-135-ch-sm),Replaced,[d51c8c16ea9196a09f13fcb438cc3fc1]
PUP.Optional.Safesear.A, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, "C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://www.safesear.ch/?type=20140723-135-ie-sm, Good: (iexplore.exe), Bad: ("C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://www.safesear.ch/?type=20140723-135-ie-sm),Replaced,[10e1673bb1ca8caac8e8b000f60e39c7]
PUP.Optional.SafeSear.A, HKU\S-1-5-21-2184931612-1366121782-874108780-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.safesear.ch/?type=20140723-135-ie, Good: (www.google.com), Bad: (http://www.safesear.ch/?type=20140723-135-ie),Replaced,[4da45f436a11979f513deabb32d2738d]

Folders: 0
(No malicious items detected)

Files: 3
PUP.Optional.SafeSear.A, C:\Users\TNJ\AppData\Local\Google\Chrome\User Data\Default\preferences, Good: (), Bad: ( "homepage": "http://www.safesear.ch/?type=20140723-135-ch",), Replaced,[2ac7e7bb017a5bdb63240dd384803bc5]
PUP.Optional.SafeSear.A, C:\Users\TNJ\AppData\Roaming\Mozilla\Firefox\Profiles\pt64k5lw.default\prefs.js, Good: (), Bad: (user_pref("browser.newtab.url", "http://www.safesear.ch/?type=20140723-135-ff-nt");), Replaced,[1bd6762cde9d87af2a5a6878bb49fc04]
PUP.Optional.SafeSear.A, C:\Users\TNJ\AppData\Roaming\Mozilla\Firefox\Profiles\pt64k5lw.default\prefs.js, Good: (), Bad: (user_pref("browser.startup.homepage", "http://www.safesear.ch/?type=20140723-135-ff");), Replaced,[eb06eeb4cbb07bbb473e449cb64ed62a]

Physical Sectors: 0
(No malicious items detected)

(end)



#13 timpaul

timpaul
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:09 PM

Posted 23 July 2014 - 11:32 AM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Junkware Removal Tool (JRT) by Thisisu

 

Version: 6.1.4 (04.06.2014:1)

 

OS: Windows 8.1 x64

 

Ran by TNJ on Wed 07/23/2014 at 11:25:20.65

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

 

~~~ Services

 

 

 

 

~~~ Registry Values

 

 

 

 

~~~ Registry Keys

 

 

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{4CAF8252-C9F1-40C5-B150-E53E930A4523}

 

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{4CAF8252-C9F1-40C5-B150-E53E930A4523}

 

 

 

 

~~~ Files

 

 

 

 

~~~ Folders

 

 

Successfully deleted: [Folder] "C:\ProgramData\pc1data"

 

 

 

 

~~~ FireFox

 

 

Successfully deleted the following from C:\Users\TNJ\AppData\Roaming\mozilla\firefox\profiles\pt64k5lw.default\prefs.js

 

 

user_pref("browser.search.defaultenginename", "SafeSearch");

 

user_pref("browser.search.order.1", "SafeSearch");

 

user_pref("browser.search.selectedEngine", "SafeSearch");

 

Emptied folder: C:\Users\TNJ\AppData\Roaming\mozilla\firefox\profiles\pt64k5lw.default\minidumps [2 files]

 

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Scan was completed on Wed 07/23/2014 at 11:32:17.07

 

End of JRT log

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#14 timpaul

timpaul
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:09 PM

Posted 23 July 2014 - 11:34 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-07-2014 01
Ran by TNJ (administrator) on HOPE on 23-07-2014 11:33:26
Running from C:\Users\TNJ\Downloads
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(White Sky, Inc.) C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
( ) C:\Windows\System32\lxdpcoms.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Qualcomm Atheros) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Wyse Technology Inc.) C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseBrowser.exe
(Akamai Technologies, Inc.) C:\Users\TNJ\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\TNJ\AppData\Local\Akamai\netsession_win.exe
(White Sky, Inc.) C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
(Dropbox, Inc.) C:\Users\TNJ\AppData\Roaming\Dropbox\bin\Dropbox.exe
() C:\Program Files (x86)\Multimedia Card Reader(9106)\Shwicon9106.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\winword.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
() C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe
(Wyse Technology.) C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseRemoteAccess.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17044_x64__8wekyb3d8bbwe\glcnd.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
() C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
(Nero AG) C:\Program Files (x86)\Nero\SyncUP\SyncUP.exe
(Nero AG) C:\Program Files (x86)\Nero\SyncUP\Nero.AndroidServer.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Thisisu) C:\Users\TNJ\Desktop\JRT.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1212560 2012-06-13] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe [757888 2012-07-02] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [127104 2012-07-02] (Qualcomm Atheros Commnucations)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated)
HKLM\...\Run: [PocketCloud Location] => C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseBrowser.exe [933776 2012-10-24] (Wyse Technology Inc.)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642728 2012-07-05] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [277504 2012-07-09] (Intel Corporation)
HKLM-x32\...\Run: [Shwicon9106] => C:\Program Files (x86)\Multimedia Card Reader(9106)\Shwicon9106.exe [262144 2012-06-28] ()
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-04] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [143888 2012-06-01] (CyberLink Corp.)
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [NeroLauncher] => C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe [67496 2012-08-21] ()
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2184931612-1366121782-874108780-1001\...\Run: [Akamai NetSession Interface] => C:\Users\TNJ\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2184931612-1366121782-874108780-1001\...\Run: [CAHeadless] => C:\Program Files (x86)\Adobe\Elements 10 Organizer\CAHeadless\ElementsAutoAnalyzer.exe [835224 2011-09-14] (Adobe Systems Incorporated)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Constant Guard.lnk
ShortcutTarget: Constant Guard.lnk -> C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe (White Sky, Inc.)
Startup: C:\Users\TNJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\TNJ\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\TNJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers:  SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope {4CAF8252-C9F1-40C5-B150-E53E930A4523} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
SearchScopes: HKLM - {4CAF8252-C9F1-40C5-B150-E53E930A4523} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {4CAF8252-C9F1-40C5-B150-E53E930A4523} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Like -> {2159cb25-ef9a-54c1-b43c-e30d1a4a8277} -> C:\WINDOWS\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Simple -> {886bf106-6ebf-4ef4-8676-6663caabbda4} -> C:\WINDOWS\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Constant Guard Protection Suite -> {B84CDBE7-1B46-494B-A188-01D4C52DEB61} -> C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.14.625.1\NativeBHO.dll (WhiteSky)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\TNJ\AppData\Roaming\Mozilla\Firefox\Profiles\pt64k5lw.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3522.0110 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Extension: Like - C:\Users\TNJ\AppData\Roaming\Mozilla\Firefox\Profiles\pt64k5lw.default\Extensions\jid1-eFRcA0eiPxecTQ@jetpack.xpi [2014-07-23]
FF Extension: Simple - C:\Users\TNJ\AppData\Roaming\Mozilla\Firefox\Profiles\pt64k5lw.default\Extensions\jid1-vS7biDmom8YxhA@jetpack.xpi [2014-07-23]
FF HKLM-x32\...\Firefox\Extensions: [{jid1-eFRcA0eiPxecTQ@jetpack}] - C:\Users\TNJ\AppData\Roaming\Mozilla\Firefox\Profiles\pt64k5lw.default\extensions\{jid1-eFRcA0eiPxecTQ@jetpack}
FF HKLM-x32\...\Firefox\Extensions: [{jid1-vS7biDmom8YxhA@jetpack}] - C:\Users\TNJ\AppData\Roaming\Mozilla\Firefox\Profiles\pt64k5lw.default\extensions\{jid1-vS7biDmom8YxhA@jetpack}
FF StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR RestoreOnStartup: "hxxp://www.safesear.ch/?type=20140723-135-ch"
CHR StartupUrls: "hxxp://www.safesear.ch/?type=20140723-135-ch"
CHR Extension: (Google Docs) - C:\Users\TNJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-08]
CHR Extension: (Google Drive) - C:\Users\TNJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-08]
CHR Extension: (YouTube) - C:\Users\TNJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-08]
CHR Extension: (Google Search) - C:\Users\TNJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-08]
CHR Extension: (Services) - C:\Users\TNJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\flofdhbohbadcgnolfniillmboolleoh [2014-07-23]
CHR Extension: (Tab) - C:\Users\TNJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdfjhiclilbjdpeejgcgebmmihkkofji [2014-07-23]
CHR Extension: (No Name) - C:\Users\TNJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjfaiddfmhjabcagledbpoppaapacnp [2014-04-08]
CHR Extension: (Simple) - C:\Users\TNJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\joefoganpblmedgjeigepgjfikhhdnnj [2014-07-23]
CHR Extension: (Like) - C:\Users\TNJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdpimdkibicpfbooggieeanoolfdfhhf [2014-07-23]
CHR Extension: (Google Wallet) - C:\Users\TNJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-08]
CHR Extension: (Gmail) - C:\Users\TNJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-08]
CHR StartMenuInternet: Google Chrome - Chrome.exe

==================== Services (Whitelisted) =================

R2 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-14] (Adobe Systems Incorporated)
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [128640 2012-07-02] (Qualcomm Atheros Commnucations)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2356408 2014-06-19] (Microsoft Corporation)
R2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-07-09] (Intel Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 lxdp_device; C:\windows\system32\lxdpcoms.exe [1039872 2007-11-19] ( )
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [1915408 2013-10-09] (SoftThinks SAS)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)
R2 WysePocketCloud; C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe [188928 2012-10-24] () [File not signed]
R2 WyseRemoteAccess; C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseRemoteAccess.exe [1436160 2012-10-24] (Wyse Technology.) [File not signed]
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [77824 2012-06-19] (Atheros) [File not signed]
S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [X]

==================== Drivers (Whitelisted) ====================

R1 AntiLog32; C:\WINDOWS\system32\drivers\AntiLog64.sys [49752 2014-07-23] (Zemana Ltd.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-03] (Advanced Micro Devices)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-07-02] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2012-08-05] (OSR Open Systems Resources, Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-23] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
S3 pmxdrv; C:\WINDOWS\system32\drivers\pmxdrv.sys [31152 2014-02-01] ()
S3 SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [16152 2014-07-15] ()
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-07-23 11:32 - 2014-07-23 11:32 - 00001397 _____ () C:\Users\TNJ\Desktop\JRT.txt
2014-07-23 11:24 - 2014-07-23 11:24 - 01016261 _____ (Thisisu) C:\Users\TNJ\Desktop\JRT.exe
2014-07-23 11:22 - 2014-07-23 11:22 - 00004372 _____ () C:\Users\TNJ\Desktop\VDL.txt
2014-07-23 11:10 - 2014-07-23 11:11 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-07-23 11:09 - 2014-07-23 11:09 - 00001116 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-23 11:09 - 2014-07-23 11:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-23 11:09 - 2014-07-23 11:09 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-23 11:09 - 2014-07-23 11:09 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-23 11:09 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-07-23 11:09 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-07-23 11:09 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-07-23 11:07 - 2014-07-23 11:07 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\TNJ\Desktop\mbam-setup-2.0.2.1012.exe
2014-07-23 11:01 - 2014-07-23 11:01 - 00000000 ___RD () C:\Users\TNJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-07-23 10:56 - 2014-07-23 10:59 - 00000000 ____D () C:\AdwCleaner
2014-07-23 10:56 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll
2014-07-23 10:55 - 2014-07-23 10:55 - 01354223 _____ () C:\Users\TNJ\Desktop\AdwCleaner.exe
2014-07-23 10:44 - 2014-07-23 10:44 - 00031922 _____ () C:\Users\TNJ\Downloads\Result.txt
2014-07-23 10:42 - 2014-07-23 10:42 - 00401920 _____ (Farbar) C:\Users\TNJ\Downloads\MiniToolBox.exe
2014-07-23 10:26 - 2014-07-23 10:41 - 00000000 ____D () C:\WINDOWS\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-07-23 10:26 - 2014-07-23 10:26 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-07-23 10:26 - 2014-07-23 10:26 - 00000000 _____ () C:\autoexec.bat
2014-07-23 09:29 - 2014-07-23 09:27 - 05310224 _____ (PC Cleaners) C:\ProgramData\pclunst.exe
2014-07-23 09:28 - 2014-07-23 09:28 - 05310224 _____ (PC Cleaners) C:\Users\TNJ\Downloads\app3_Install_eng(1).exe
2014-07-23 09:27 - 2014-07-23 09:27 - 05310224 _____ (PC Cleaners) C:\Users\TNJ\Downloads\app3_Install_eng.exe
2014-07-23 08:42 - 2014-07-23 10:49 - 00046848 _____ () C:\Users\TNJ\Downloads\Addition.txt
2014-07-23 08:41 - 2014-07-23 11:33 - 00020766 _____ () C:\Users\TNJ\Downloads\FRST.txt
2014-07-23 08:40 - 2014-07-23 11:33 - 00000000 ____D () C:\FRST
2014-07-23 08:38 - 2014-07-23 08:39 - 01082368 _____ (Farbar) C:\Users\TNJ\Downloads\FRST.exe
2014-07-23 08:31 - 2014-07-23 08:39 - 02091520 _____ (Farbar) C:\Users\TNJ\Downloads\FRST64.exe
2014-07-23 08:28 - 2014-07-23 11:07 - 00000000 ____D () C:\Program Files (x86)\NpackdDetected
2014-07-23 08:28 - 2014-07-23 08:28 - 00000000 ____D () C:\.Npackd
2014-07-23 07:50 - 2014-07-23 07:53 - 00000000 ____D () C:\ProgramData\BlueStacks
2014-07-23 07:49 - 2014-07-23 08:28 - 00000000 ____D () C:\Program Files (x86)\Simple
2014-07-23 07:49 - 2014-07-23 07:56 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2014-07-23 07:48 - 2014-07-23 11:07 - 00000000 ____D () C:\ProgramData\Npackd
2014-07-23 07:48 - 2014-07-23 09:19 - 00000008 __RSH () C:\Users\TNJ\ntuser.pol
2014-07-23 07:48 - 2014-07-23 08:28 - 00000000 ____D () C:\Program Files (x86)\Like
2014-07-23 07:48 - 2014-07-23 07:54 - 00000000 ____D () C:\Users\TNJ\AppData\Local\Fast Browser
2014-07-23 07:48 - 2014-07-23 07:48 - 00003214 _____ () C:\WINDOWS\System32\Tasks\NSManager
2014-07-23 07:48 - 2014-07-23 07:48 - 00002209 _____ () C:\Users\TNJ\AppData\Roaming\Microsoft\Windows\Start Menu\Amazon.lnk
2014-07-23 07:48 - 2014-07-23 07:48 - 00000000 ____D () C:\Users\TNJ\AppData\Local\NSManager
2014-07-23 07:48 - 2014-07-23 07:48 - 00000000 ____D () C:\Program Files (x86)\NpackdCL
2014-07-22 22:33 - 2014-07-22 22:35 - 00000000 ____D () C:\Users\TNJ\Desktop\Daniel Johnston
2014-07-22 19:08 - 2014-07-23 06:00 - 00000000 ____D () C:\Users\TNJ\Desktop\logowork
2014-07-22 18:07 - 2014-07-22 18:08 - 00000000 ____D () C:\Users\TNJ\Desktop\Adobe Premiere Elements Preview Files
2014-07-20 19:45 - 1980-01-01 00:00 - 539426816 _____ () C:\Users\TNJ\Desktop\100_4110.MOV
2014-07-19 19:16 - 2014-07-22 05:34 - 00000000 ____D () C:\Users\TNJ\Desktop\Sasha Brusin
2014-07-19 00:02 - 2014-07-19 00:02 - 00000000 ____D () C:\Users\TNJ\Desktop\4th
2014-07-19 00:02 - 2014-07-19 00:02 - 00000000 ____D () C:\Users\TNJ\AppData\Local\Cyberlink
2014-07-18 23:02 - 2014-07-19 02:08 - 00000000 ____D () C:\Users\TNJ\Desktop\AAAlrp radio
2014-07-16 18:40 - 2014-07-16 20:00 - 00000000 ____D () C:\Users\TNJ\Desktop\ces
2014-07-16 16:47 - 2014-07-22 19:08 - 00000000 ____D () C:\Users\TNJ\Desktop\mini monitor
2014-07-13 06:17 - 2014-07-20 23:18 - 00000000 ____D () C:\Users\TNJ\Desktop\lrp
2014-07-09 17:52 - 2014-07-09 17:52 - 00201419 _____ () C:\Users\TNJ\Documents\Payment for item  EarCandy Bassomb 2x12 Bass Guitar Amp Speaker.oxps
2014-07-09 15:10 - 2014-07-09 15:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2014-07-09 15:10 - 2014-07-09 15:10 - 00000000 ____D () C:\Program Files (x86)\Canon
2014-07-09 15:10 - 2012-02-08 16:34 - 00320000 _____ (CANON INC.) C:\WINDOWS\SysWOW64\CNC_B8L.dll
2014-07-09 15:10 - 2012-01-24 16:18 - 00077568 _____ () C:\WINDOWS\SysWOW64\CNC1762D.TBL
2014-07-09 15:10 - 2012-01-16 14:21 - 00103424 _____ (CANON INC.) C:\WINDOWS\SysWOW64\CNC_B8U.dll
2014-07-09 15:10 - 2008-08-25 18:02 - 00015872 _____ (CANON INC.) C:\WINDOWS\SysWOW64\CNHMCA.dll
2014-07-09 15:09 - 2014-07-09 15:09 - 00000000 ___HD () C:\WINDOWS\system32\CanonIJ Uninstaller Information
2014-07-09 15:09 - 2014-07-09 15:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG3200 series
2014-07-09 15:08 - 2014-07-09 15:08 - 00000000 ___HD () C:\Program Files\CanonBJ
2014-07-09 15:05 - 2014-07-09 15:05 - 00558928 _____ () C:\WINDOWS\Minidump\070914-69609-01.dmp
2014-07-09 15:05 - 2014-07-09 15:05 - 00000000 ____D () C:\WINDOWS\Minidump
2014-07-09 15:04 - 2014-07-09 15:04 - 1142492698 _____ () C:\WINDOWS\MEMORY.DMP
2014-07-09 14:38 - 2014-07-09 14:38 - 14851664 _____ () C:\Users\TNJ\Downloads\xp68-win-mg3200-5_60a-ejs.exe
2014-07-09 11:23 - 2014-04-13 22:29 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2014-07-09 11:22 - 2014-07-09 11:22 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-07-09 06:25 - 2014-06-18 20:39 - 23464448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-07-09 06:25 - 2014-06-18 19:16 - 17276416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-07-09 06:25 - 2014-06-18 18:46 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-07-09 06:25 - 2014-06-18 17:57 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-07-09 06:25 - 2014-06-16 17:26 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe
2014-07-09 06:25 - 2014-06-16 17:24 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2014-07-09 06:25 - 2014-06-06 09:20 - 04190720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-07-09 06:24 - 2014-06-30 17:45 - 00688128 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-07-09 06:24 - 2014-06-28 02:48 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-07-09 06:24 - 2014-06-28 02:07 - 00385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2014-07-09 06:24 - 2014-06-18 19:48 - 02768384 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-07-09 06:24 - 2014-06-18 19:09 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-07-09 06:24 - 2014-06-18 18:51 - 05721088 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-07-09 06:24 - 2014-06-18 18:50 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-07-09 06:24 - 2014-06-18 18:48 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-07-09 06:24 - 2014-06-18 18:39 - 00608768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-07-09 06:24 - 2014-06-18 18:33 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-07-09 06:24 - 2014-06-18 18:32 - 02179072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-07-09 06:24 - 2014-06-18 18:27 - 02040832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-07-09 06:24 - 2014-06-18 18:12 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-07-09 06:24 - 2014-06-18 17:59 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-07-09 06:24 - 2014-06-18 17:58 - 02266112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-07-09 06:24 - 2014-06-18 17:58 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-07-09 06:24 - 2014-06-18 17:52 - 04254720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-07-09 06:24 - 2014-06-18 17:51 - 13527040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-07-09 06:24 - 2014-06-18 17:49 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-07-09 06:24 - 2014-06-18 17:45 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-07-09 06:24 - 2014-06-18 17:35 - 11742208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-07-09 06:24 - 2014-06-18 17:34 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-07-09 06:24 - 2014-06-18 17:15 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-07-09 06:24 - 2014-06-18 17:13 - 01791488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-07-09 06:24 - 2014-06-18 17:09 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-07-09 06:24 - 2014-06-18 17:07 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-07-09 06:24 - 2014-06-06 08:04 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2014-07-09 06:24 - 2014-06-06 07:18 - 00488960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2014-07-09 06:24 - 2014-05-31 05:07 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-07-09 06:24 - 2014-05-31 05:06 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2014-07-09 06:24 - 2014-05-30 22:40 - 13287936 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-07-09 06:24 - 2014-05-30 22:30 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-07-09 06:24 - 2014-05-30 22:12 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-09 06:24 - 2014-05-30 22:06 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-07-09 06:24 - 2014-05-30 22:03 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-07-09 06:24 - 2014-05-30 22:01 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-09 06:24 - 2014-05-30 21:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-07-09 06:24 - 2014-05-30 21:54 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-07-09 06:24 - 2014-05-30 21:48 - 03463680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-07-09 06:24 - 2014-05-30 21:37 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2014-07-09 06:24 - 2014-05-30 21:36 - 00923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-07-09 06:24 - 2014-05-30 21:35 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2014-07-09 06:24 - 2014-05-30 21:32 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-07-09 06:24 - 2014-05-29 22:03 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2014-07-09 06:24 - 2014-05-29 07:02 - 00565576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2014-07-09 06:24 - 2014-05-29 02:55 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2014-07-09 06:24 - 2014-05-29 01:40 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2014-07-09 06:24 - 2014-05-29 01:37 - 00436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2014-07-09 06:24 - 2014-05-29 00:34 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2014-07-09 06:24 - 2014-05-29 00:27 - 01417216 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-07-09 06:22 - 2014-07-09 06:22 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-07-03 12:03 - 2014-07-19 15:21 - 00000000 ____D () C:\Users\TNJ\Desktop\july
2014-07-02 15:53 - 2014-07-11 20:03 - 00000000 ____D () C:\Users\TNJ\Desktop\Legba
2014-06-29 09:38 - 2014-07-11 19:51 - 00000000 ____D () C:\Users\TNJ\Desktop\awesome post
2014-06-28 02:00 - 2014-06-30 23:56 - 00000000 ____D () C:\Users\TNJ\AppData\Local\Adobe
2014-06-28 00:33 - 2014-07-02 04:16 - 00000000 ____D () C:\Users\TNJ\AppData\Roaming\Google
2014-06-28 00:32 - 2014-07-23 11:00 - 00000898 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-28 00:32 - 2014-07-23 10:42 - 00000902 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-28 00:32 - 2014-06-28 00:37 - 00003874 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-28 00:32 - 2014-06-28 00:37 - 00003638 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-28 00:32 - 2014-06-28 00:32 - 00000000 ____D () C:\ProgramData\Google
2014-06-28 00:32 - 2014-06-28 00:32 - 00000000 ____D () C:\Program Files\Google
2014-06-23 21:36 - 2014-07-20 22:54 - 00000000 ____D () C:\Users\TNJ\Desktop\WD

==================== One Month Modified Files and Folders =======

2014-07-23 11:33 - 2014-07-23 08:41 - 00020766 _____ () C:\Users\TNJ\Downloads\FRST.txt
2014-07-23 11:33 - 2014-07-23 08:40 - 00000000 ____D () C:\FRST
2014-07-23 11:32 - 2014-07-23 11:32 - 00001397 _____ () C:\Users\TNJ\Desktop\JRT.txt
2014-07-23 11:32 - 2014-05-01 09:20 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-07-23 11:32 - 2012-12-28 16:00 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2184931612-1366121782-874108780-1001
2014-07-23 11:27 - 2013-12-16 08:55 - 00004948 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for HOPE-TNJ Hope
2014-07-23 11:24 - 2014-07-23 11:24 - 01016261 _____ (Thisisu) C:\Users\TNJ\Desktop\JRT.exe
2014-07-23 11:22 - 2014-07-23 11:22 - 00004372 _____ () C:\Users\TNJ\Desktop\VDL.txt
2014-07-23 11:22 - 2013-11-19 11:23 - 01875890 _____ () C:\WINDOWS\WindowsUpdate.log
2014-07-23 11:16 - 2014-03-08 03:06 - 00000000 ____D () C:\Users\TNJ\AppData\Local\Nero
2014-07-23 11:11 - 2014-07-23 11:10 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-07-23 11:11 - 2012-12-20 00:35 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2014-07-23 11:09 - 2014-07-23 11:09 - 00001116 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-23 11:09 - 2014-07-23 11:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-23 11:09 - 2014-07-23 11:09 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-23 11:09 - 2014-07-23 11:09 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-23 11:07 - 2014-07-23 11:07 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\TNJ\Desktop\mbam-setup-2.0.2.1012.exe
2014-07-23 11:07 - 2014-07-23 08:28 - 00000000 ____D () C:\Program Files (x86)\NpackdDetected
2014-07-23 11:07 - 2014-07-23 07:48 - 00000000 ____D () C:\ProgramData\Npackd
2014-07-23 11:05 - 2014-02-11 18:04 - 00000000 ____D () C:\Users\TNJ\AppData\Roaming\ID Vault
2014-07-23 11:01 - 2014-07-23 11:01 - 00000000 ___RD () C:\Users\TNJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-07-23 11:01 - 2014-05-30 19:40 - 00000000 ___RD () C:\Users\TNJ\Dropbox
2014-07-23 11:01 - 2014-05-30 19:39 - 00000000 ____D () C:\Users\TNJ\AppData\Roaming\DropboxMaster
2014-07-23 11:01 - 2014-05-30 19:38 - 00000000 ____D () C:\Users\TNJ\AppData\Roaming\Dropbox
2014-07-23 11:00 - 2014-06-28 00:32 - 00000898 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-23 11:00 - 2013-11-19 11:31 - 00000000 __RDO () C:\Users\TNJ\SkyDrive
2014-07-23 11:00 - 2013-09-29 22:55 - 00127300 _____ () C:\WINDOWS\PFRO.log
2014-07-23 11:00 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-07-23 11:00 - 2013-08-22 08:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2014-07-23 10:59 - 2014-07-23 10:56 - 00000000 ____D () C:\AdwCleaner
2014-07-23 10:55 - 2014-07-23 10:55 - 01354223 _____ () C:\Users\TNJ\Desktop\AdwCleaner.exe
2014-07-23 10:49 - 2014-07-23 08:42 - 00046848 _____ () C:\Users\TNJ\Downloads\Addition.txt
2014-07-23 10:44 - 2014-07-23 10:44 - 00031922 _____ () C:\Users\TNJ\Downloads\Result.txt
2014-07-23 10:42 - 2014-07-23 10:42 - 00401920 _____ (Farbar) C:\Users\TNJ\Downloads\MiniToolBox.exe
2014-07-23 10:42 - 2014-06-28 00:32 - 00000902 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-23 10:41 - 2014-07-23 10:26 - 00000000 ____D () C:\WINDOWS\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-07-23 10:26 - 2014-07-23 10:26 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-07-23 10:26 - 2014-07-23 10:26 - 00000000 _____ () C:\autoexec.bat
2014-07-23 10:00 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-07-23 09:28 - 2014-07-23 09:28 - 05310224 _____ (PC Cleaners) C:\Users\TNJ\Downloads\app3_Install_eng(1).exe
2014-07-23 09:27 - 2014-07-23 09:29 - 05310224 _____ (PC Cleaners) C:\ProgramData\pclunst.exe
2014-07-23 09:27 - 2014-07-23 09:27 - 05310224 _____ (PC Cleaners) C:\Users\TNJ\Downloads\app3_Install_eng.exe
2014-07-23 09:19 - 2014-07-23 07:48 - 00000008 __RSH () C:\Users\TNJ\ntuser.pol
2014-07-23 09:19 - 2013-11-19 11:09 - 00000000 ____D () C:\Users\TNJ
2014-07-23 09:18 - 2013-08-22 10:36 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy
2014-07-23 09:11 - 2013-11-19 11:37 - 11795968 ___SH () C:\Users\TNJ\Desktop\Thumbs.db
2014-07-23 08:39 - 2014-07-23 08:38 - 01082368 _____ (Farbar) C:\Users\TNJ\Downloads\FRST.exe
2014-07-23 08:39 - 2014-07-23 08:31 - 02091520 _____ (Farbar) C:\Users\TNJ\Downloads\FRST64.exe
2014-07-23 08:37 - 2014-01-12 03:04 - 00340992 ___SH () C:\Users\TNJ\Downloads\Thumbs.db
2014-07-23 08:28 - 2014-07-23 08:28 - 00000000 ____D () C:\.Npackd
2014-07-23 08:28 - 2014-07-23 07:49 - 00000000 ____D () C:\Program Files (x86)\Simple
2014-07-23 08:28 - 2014-07-23 07:48 - 00000000 ____D () C:\Program Files (x86)\Like
2014-07-23 08:28 - 2014-06-11 00:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-23 08:28 - 2014-04-08 11:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-23 08:28 - 2014-02-11 18:03 - 00000000 ____D () C:\Program Files (x86)\Constant Guard Protection Suite
2014-07-23 08:28 - 2013-06-30 12:34 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-23 08:28 - 2013-06-05 18:22 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-07-23 08:28 - 2013-05-21 12:25 - 00000000 ____D () C:\Program Files\My Dell
2014-07-23 08:28 - 2013-04-02 13:38 - 00000000 ____D () C:\Program Files (x86)\Nero
2014-07-23 08:28 - 2013-01-05 14:06 - 00000000 ____D () C:\Users\TNJ\AppData\Local\Akamai
2014-07-23 08:28 - 2012-12-28 16:49 - 00000000 ____D () C:\Program Files\Adobe
2014-07-23 08:28 - 2012-12-28 16:49 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-07-23 08:28 - 2012-12-20 00:38 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-07-23 08:28 - 2012-12-20 00:38 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2014-07-23 08:28 - 2012-12-20 00:33 - 00000000 ____D () C:\Program Files (x86)\CyberLink
2014-07-23 08:28 - 2012-12-20 00:29 - 00000000 ____D () C:\Program Files (x86)\Dell Wireless
2014-07-23 08:28 - 2012-12-20 00:28 - 00000000 ____D () C:\Program Files (x86)\Multimedia Card Reader(9106)
2014-07-23 08:28 - 2012-12-20 00:25 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2014-07-23 08:28 - 2012-12-20 00:25 - 00000000 ____D () C:\Program Files (x86)\AMD APP
2014-07-23 08:26 - 2014-02-11 18:04 - 00000000 ____D () C:\Users\TNJ\AppData\Local\ID Vault
2014-07-23 08:25 - 2014-02-11 18:03 - 00049752 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\AntiLog64.sys
2014-07-23 08:25 - 2014-02-11 18:03 - 00002215 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Constant Guard.lnk
2014-07-23 08:25 - 2014-02-11 18:03 - 00002203 _____ () C:\Users\Public\Desktop\Constant Guard.lnk
2014-07-23 08:25 - 2014-02-11 18:03 - 00000000 ____D () C:\WINDOWS\SysWOW64\ZALSDK_uninst
2014-07-23 08:14 - 2014-01-31 19:21 - 00000000 ____D () C:\Program Files (x86)\DriverUpdate
2014-07-23 08:11 - 2013-08-22 10:36 - 00000000 __RHD () C:\Users\Public\Libraries
2014-07-23 07:56 - 2014-07-23 07:49 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2014-07-23 07:54 - 2014-07-23 07:48 - 00000000 ____D () C:\Users\TNJ\AppData\Local\Fast Browser
2014-07-23 07:53 - 2014-07-23 07:50 - 00000000 ____D () C:\ProgramData\BlueStacks
2014-07-23 07:53 - 2014-02-08 07:19 - 00000000 ____D () C:\Users\TNJ\AppData\Local\VirtualStore
2014-07-23 07:48 - 2014-07-23 07:48 - 00003214 _____ () C:\WINDOWS\System32\Tasks\NSManager
2014-07-23 07:48 - 2014-07-23 07:48 - 00002209 _____ () C:\Users\TNJ\AppData\Roaming\Microsoft\Windows\Start Menu\Amazon.lnk
2014-07-23 07:48 - 2014-07-23 07:48 - 00000000 ____D () C:\Users\TNJ\AppData\Local\NSManager
2014-07-23 07:48 - 2014-07-23 07:48 - 00000000 ____D () C:\Program Files (x86)\NpackdCL
2014-07-23 07:48 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\GroupPolicy
2014-07-23 07:37 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-07-23 07:32 - 2012-12-28 15:54 - 00000000 ____D () C:\Users\TNJ\AppData\Local\Packages
2014-07-23 06:00 - 2014-07-22 19:08 - 00000000 ____D () C:\Users\TNJ\Desktop\logowork
2014-07-23 05:27 - 2013-11-19 11:33 - 00003902 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{506B6F2E-0EFA-475F-A8D1-1F0E207C60B2}
2014-07-22 22:35 - 2014-07-22 22:33 - 00000000 ____D () C:\Users\TNJ\Desktop\Daniel Johnston
2014-07-22 19:08 - 2014-07-16 16:47 - 00000000 ____D () C:\Users\TNJ\Desktop\mini monitor
2014-07-22 18:08 - 2014-07-22 18:07 - 00000000 ____D () C:\Users\TNJ\Desktop\Adobe Premiere Elements Preview Files
2014-07-22 17:36 - 2014-06-03 18:56 - 00000000 ____D () C:\Users\TNJ\Desktop\t shirts
2014-07-22 05:34 - 2014-07-19 19:16 - 00000000 ____D () C:\Users\TNJ\Desktop\Sasha Brusin
2014-07-21 04:06 - 2013-09-29 23:04 - 00865408 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-07-20 23:18 - 2014-07-13 06:17 - 00000000 ____D () C:\Users\TNJ\Desktop\lrp
2014-07-20 22:54 - 2014-06-23 21:36 - 00000000 ____D () C:\Users\TNJ\Desktop\WD
2014-07-19 15:21 - 2014-07-03 12:03 - 00000000 ____D () C:\Users\TNJ\Desktop\july
2014-07-19 15:21 - 2014-06-21 10:08 - 00000000 ____D () C:\Users\TNJ\Desktop\zoom
2014-07-19 02:08 - 2014-07-18 23:02 - 00000000 ____D () C:\Users\TNJ\Desktop\AAAlrp radio
2014-07-19 00:02 - 2014-07-19 00:02 - 00000000 ____D () C:\Users\TNJ\Desktop\4th
2014-07-19 00:02 - 2014-07-19 00:02 - 00000000 ____D () C:\Users\TNJ\AppData\Local\Cyberlink
2014-07-17 22:52 - 2013-02-15 22:52 - 00000157 _____ () C:\WINDOWS\SysWOW64\SystemPreferences.xml
2014-07-17 11:12 - 2013-01-04 20:24 - 00000000 ____D () C:\Users\TNJ\AppData\Roaming\PCDr
2014-07-16 20:00 - 2014-07-16 18:40 - 00000000 ____D () C:\Users\TNJ\Desktop\ces
2014-07-15 23:21 - 2014-02-08 07:19 - 00016152 _____ () C:\WINDOWS\system32\Drivers\SWDUMon.sys
2014-07-15 23:12 - 2014-01-31 19:21 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers
2014-07-11 20:03 - 2014-07-02 15:53 - 00000000 ____D () C:\Users\TNJ\Desktop\Legba
2014-07-11 20:01 - 2014-05-22 20:29 - 00000000 ____D () C:\Users\TNJ\Desktop\Prodo Cabs
2014-07-11 19:51 - 2014-06-29 09:38 - 00000000 ____D () C:\Users\TNJ\Desktop\awesome post
2014-07-11 19:51 - 2014-05-05 14:05 - 00000000 ____D () C:\Users\TNJ\Desktop\AYA
2014-07-11 19:50 - 2014-06-21 23:04 - 00000000 ____D () C:\Users\TNJ\Desktop\st
2014-07-11 19:50 - 2014-05-25 23:23 - 00000000 ____D () C:\Users\TNJ\Desktop\10
2014-07-11 19:50 - 2014-03-11 22:25 - 00000000 ____D () C:\Users\TNJ\Desktop\march
2014-07-11 15:22 - 2013-11-19 16:28 - 00007168 ___SH () C:\Users\TNJ\Thumbs.db
2014-07-09 17:52 - 2014-07-09 17:52 - 00201419 _____ () C:\Users\TNJ\Documents\Payment for item  EarCandy Bassomb 2x12 Bass Guitar Amp Speaker.oxps
2014-07-09 15:37 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-07-09 15:10 - 2014-07-09 15:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2014-07-09 15:10 - 2014-07-09 15:10 - 00000000 ____D () C:\Program Files (x86)\Canon
2014-07-09 15:10 - 2013-08-22 10:36 - 00000000 __RSD () C:\WINDOWS\Media
2014-07-09 15:09 - 2014-07-09 15:09 - 00000000 ___HD () C:\WINDOWS\system32\CanonIJ Uninstaller Information
2014-07-09 15:09 - 2014-07-09 15:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG3200 series
2014-07-09 15:08 - 2014-07-09 15:08 - 00000000 ___HD () C:\Program Files\CanonBJ
2014-07-09 15:05 - 2014-07-09 15:05 - 00558928 _____ () C:\WINDOWS\Minidump\070914-69609-01.dmp
2014-07-09 15:05 - 2014-07-09 15:05 - 00000000 ____D () C:\WINDOWS\Minidump
2014-07-09 15:05 - 2013-08-22 09:44 - 00492280 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-07-09 15:04 - 2014-07-09 15:04 - 1142492698 _____ () C:\WINDOWS\MEMORY.DMP
2014-07-09 14:57 - 2013-08-22 10:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-07-09 14:57 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-09 14:57 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-09 14:57 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-07-09 14:38 - 2014-07-09 14:38 - 14851664 _____ () C:\Users\TNJ\Downloads\xp68-win-mg3200-5_60a-ejs.exe
2014-07-09 11:30 - 2013-08-13 19:50 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-07-09 11:30 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-07-09 11:29 - 2013-01-04 19:46 - 96441528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-07-09 11:24 - 2013-08-22 09:46 - 00300845 _____ () C:\WINDOWS\setupact.log
2014-07-09 11:24 - 2013-08-22 09:46 - 00000440 _____ () C:\WINDOWS\setuperr.log
2014-07-09 11:23 - 2013-09-29 22:51 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-09 11:22 - 2014-07-09 11:22 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-07-09 06:22 - 2014-07-09 06:22 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-07-08 12:27 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-07-08 11:32 - 2014-05-01 09:20 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-07-07 09:08 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-07-02 04:16 - 2014-06-28 00:33 - 00000000 ____D () C:\Users\TNJ\AppData\Roaming\Google
2014-06-30 23:56 - 2014-06-28 02:00 - 00000000 ____D () C:\Users\TNJ\AppData\Local\Adobe
2014-06-30 17:45 - 2014-07-09 06:24 - 00688128 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-06-28 08:55 - 2014-04-08 10:53 - 00000000 ____D () C:\Users\TNJ\AppData\Local\Google
2014-06-28 02:48 - 2014-07-09 06:24 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-06-28 02:35 - 2014-04-03 07:04 - 00000000 ____D () C:\Users\TNJ\Desktop\do npt file
2014-06-28 02:07 - 2014-07-09 06:24 - 00385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2014-06-28 00:37 - 2014-06-28 00:32 - 00003874 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-28 00:37 - 2014-06-28 00:32 - 00003638 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-28 00:32 - 2014-06-28 00:32 - 00000000 ____D () C:\ProgramData\Google
2014-06-28 00:32 - 2014-06-28 00:32 - 00000000 ____D () C:\Program Files\Google
2014-06-28 00:32 - 2014-04-08 10:53 - 00000000 ____D () C:\Program Files (x86)\Google
2014-06-26 15:55 - 2014-04-30 17:48 - 00703968 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-06-26 15:55 - 2014-04-30 17:48 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-24 19:43 - 2014-06-01 15:24 - 00000000 ____D () C:\Users\TNJ\Desktop\june
2014-06-24 12:16 - 2014-04-04 19:10 - 00000000 ____D () C:\Users\TNJ\Desktop\cats

Files to move or delete:
====================
C:\ProgramData\pclunst.exe
C:\Users\TNJ\PremiereElements_10_Content_SD1_LS15.exe

Some content of TEMP:
====================
C:\Users\TNJ\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkjipnk.dll
C:\Users\TNJ\AppData\Local\Temp\SHSetup.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-07-23 08:53

==================== End Of Log ============================



#15 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:09 PM

Posted 23 July 2014 - 11:46 AM

First,
Please follow these instructions here to reset chrome.


Step 1: FRST Fix
  • Please download the attached fixlist.txt file and save it to the same location as FRST

    Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply
Step 2: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.
Step 3: ESET

Please run a free online scan with the ESET Online Scanner:

IMPORTANT: You MUST use Internet Explorer for this step!
  • Visit the ESET Online Scanner Web Page
  • Select the blue Run ESET Online Scanner button:
    ESET1_zps23a5e840.png
  • Tick the box next to YES, I accept the Terms of Use and click Start
    ESET_EULA2_zps9451f1c3.png
  • When asked, allow the ActiveX control to install.
  • Select Enable detection of potentially unwanted applications and select Advanced Settings:
    ESET2_zpsc701c045.png
  • Make sure to check the options Remove found threats and Enable Anti-Stealth technology are checked:
    ESET4_zps0afafd0d.png
  • Click Start. (This scan can take several hours, so please be patient):
    ESET3_zpsccd1657d.png
  • Once the scan is completed, select List of found threats:
    ESET5_zpsd27be299.png
  • Select Export to text file... and save the file as ESETlog.txt on your Desktop:
    ESET6_zpsc17d154e.png
  • Click the Back button.
  • Click the Finish button:
    ESET9_zps51587217.png
  • Use Notepad to open the saved log file (on your Desktop- ESET.txt)[/b]
  • Copy and paste that log as a reply to this topic.
Step 4: Question

How is your PC running?

Attached Files


~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users