Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Blank DDS log


  • This topic is locked This topic is locked
29 replies to this topic

#1 RSer11

RSer11

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:21 AM

Posted 02 August 2014 - 10:32 PM

Hello, I'm trying to get my wife's pc squared away, and have to the best of my knowledge followed the steps here http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/ exactly as they are lined out. I've simply removed any sort of virus protection she has tried up to this point, (malwarebytes,spybot) in an attempt to see if they were conflicting with dds as disabling them did not produce a log and still have had no such luck. Windows 7 ultimate 64 bit. I've disabled the windows firewall as well, and I'm at a loss. I still get an empty attachment for DDS. By empty it mean it shows the headers (image file execution options,installed programs) but nothing else. Is there something I'm missing? Thanks in advance.

BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,622 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:21 AM

Posted 07 August 2014 - 10:35 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/543154 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:21 AM

Posted 10 August 2014 - 06:12 PM

Greetings RSer11 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. While I review our situation please attempt to do this.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop <<< Important
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 RSer11

RSer11
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:21 AM

Posted 10 August 2014 - 06:50 PM

Thanks for the help Gary. My name is Rich. I'll do the best I can with what I have to work with here. It seems I'm being bombarded with outbound requests.
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-08-2014 01
Ran by Colene (administrator) on COLENE-PC on 10-08-2014 18:39:06
Running from C:\Users\Colene\Desktop
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(ENC) C:\Program Files (x86)\eBLVD\ebhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Gigabyte Technology CO., LTD.) C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 6520 series\Bin\ScanToPCActivationApp.exe
(Intuit, Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ENC) C:\Program Files (x86)\eBLVD\ebhost.exe
(Gigabyte Technology CO., LTD.) C:\Program Files (x86)\GIGABYTE\smart6\timelock\AlarmClock.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPNetworkCommunicator.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11858536 2011-06-07] (Realtek Semiconductor)
HKLM-x32\...\Run: [Conime] => %windir%\system32\conime.exe
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
HKLM-x32\...\Run: [AnyProtect Tray] => C:\Program Files (x86)\AnyProtectScanner\AnyProtectTray.exe /scanner
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\RunOnce: [SpybotDeletingE6525] => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Users\Colene\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\NPK9L7JY\expansemedia.thesyndicationserver.co.uk\SyndPlugins\flowplayer.unlimited-3.2.16_thesyndicationserver.co.uk.swf\org.flowplayer.sol"
HKLM-x32\...\RunOnce: [SpybotDeletingE8613] => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Users\Colene\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\NPK9L7JY\foodplanet.thesyndicationserver.co.uk\SyndPlugins\flowplayer.unlimited-3.2.16_thesyndicationserver.co.uk.swf\org.flowplayer.sol"
HKLM-x32\...\RunOnce: [SpybotDeletingE7144] => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Users\Colene\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\NPK9L7JY\split.thesyndicationserver.co.uk\SyndPlugins\flowplayer.unlimited-3.2.16_thesyndicationserver.co.uk.swf\org.flowplayer.sol"
HKLM-x32\...\RunOnce: [SpybotDeletingE4808] => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Users\Colene\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\NPK9L7JY\vidtur.thesyndicationserver.co.uk\SyndPlugins\flowplayer.unlimited-3.2.16_thesyndicationserver.co.uk.swf\org.flowplayer.sol"
HKLM-x32\...\RunOnce: [SpybotDeletingE8590] => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Users\Colene\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\NPK9L7JY\expansemedia.thesyndicationserver.co.uk\SyndPlugins\flowplayer.unlimited-3.2.16_thesyndicationserver.co.uk.swf\org.flowplayer.sol"
HKLM-x32\...\RunOnce: [SpybotDeletingE6596] => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Users\Colene\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\NPK9L7JY\foodplanet.thesyndicationserver.co.uk\SyndPlugins\flowplayer.unlimited-3.2.16_thesyndicationserver.co.uk.swf\org.flowplayer.sol"
HKLM-x32\...\RunOnce: [SpybotDeletingE564] => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Users\Colene\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\NPK9L7JY\split.thesyndicationserver.co.uk\SyndPlugins\flowplayer.unlimited-3.2.16_thesyndicationserver.co.uk.swf\org.flowplayer.sol"
HKLM-x32\...\RunOnce: [SpybotDeletingE6520] => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Users\Colene\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\NPK9L7JY\theuppercut.thesyndicationserver.co.uk\SyndPlugins\flowplayer.unlimited-3.2.16_thesyndicationserver.co.uk.swf\org.flowplayer.sol"
HKLM-x32\...\RunOnce: [SpybotDeletingE9709] => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Users\Colene\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\NPK9L7JY\unblocker.thesyndicationserver.co.uk\SyndPlugins\flowplayer.unlimited-3.2.16_thesyndicationserver.co.uk.swf\org.flowplayer.sol"
HKLM-x32\...\RunOnce: [SpybotDeletingE1032] => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Users\Colene\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\NPK9L7JY\vidtur.thesyndicationserver.co.uk\SyndPlugins\flowplayer.unlimited-3.2.16_thesyndicationserver.co.uk.swf\org.flowplayer.sol"
HKLM-x32\...\RunOnce: [SpybotDeletingE7298] => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Users\Colene\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\NPK9L7JY\expansemedia.thesyndicationserver.co.uk\SyndPlugins\flowplayer.unlimited-3.2.16_thesyndicationserver.co.uk.swf\org.flowplayer.sol"
HKLM-x32\...\RunOnce: [SpybotDeletingE6472] => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Users\Colene\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\NPK9L7JY\foodplanet.thesyndicationserver.co.uk\SyndPlugins\flowplayer.unlimited-3.2.16_thesyndicationserver.co.uk.swf\org.flowplayer.sol"
HKLM-x32\...\RunOnce: [SpybotDeletingE4429] => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Users\Colene\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\NPK9L7JY\split.thesyndicationserver.co.uk\SyndPlugins\flowplayer.unlimited-3.2.16_thesyndicationserver.co.uk.swf\org.flowplayer.sol"
HKLM-x32\...\RunOnce: [SpybotDeletingE9776] => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Users\Colene\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\NPK9L7JY\theuppercut.thesyndicationserver.co.uk\SyndPlugins\flowplayer.unlimited-3.2.16_thesyndicationserver.co.uk.swf\org.flowplayer.sol"
HKLM-x32\...\RunOnce: [SpybotDeletingE3552] => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Users\Colene\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\NPK9L7JY\unblocker.thesyndicationserver.co.uk\SyndPlugins\flowplayer.unlimited-3.2.16_thesyndicationserver.co.uk.swf\org.flowplayer.sol"
HKLM-x32\...\RunOnce: [SpybotDeletingE8479] => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Users\Colene\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\NPK9L7JY\vidtur.thesyndicationserver.co.uk\SyndPlugins\flowplayer.unlimited-3.2.16_thesyndicationserver.co.uk.swf\org.flowplayer.sol"
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\.DEFAULT\...\RunOnce: [KodakHomeCenter] => "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe"
HKU\S-1-5-21-313417324-2386856272-1699060966-1000\...\Run: [HP Photosmart 6520 series (NET)] => C:\Program Files\HP\HP Photosmart 6520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-313417324-2386856272-1699060966-1000\...\RunOnce: [SpybotDeletingF4608] => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Users\Colene\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\NPK9L7JY\expansemedia.thesyndicationserver.co.uk\SyndPlugins\ (the data entry has 78 more characters).
HKU\S-1-5-21-313417324-2386856272-1699060966-1000\...\RunOnce: [SpybotDeletingF8100] => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Users\Colene\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\NPK9L7JY\foodplanet.thesyndicationserver.co.uk\SyndPlugins\fl (the data entry has 76 more characters).
HKU\S-1-5-21-313417324-2386856272-1699060966-1000\...\RunOnce: [SpybotDeletingF37] => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Users\Colene\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\NPK9L7JY\split.thesyndicationserver.co.uk\SyndPlugins\flowpla (the data entry has 71 more characters).
HKU\S-1-5-21-313417324-2386856272-1699060966-1000\...\RunOnce: [SpybotDeletingF1424] => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Users\Colene\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\NPK9L7JY\vidtur.thesyndicationserver.co.uk\SyndPlugins\flowpl (the data entry has 72 more characters).
HKU\S-1-5-21-313417324-2386856272-1699060966-1000\...\RunOnce: [SpybotDeletingF3201] => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Users\Colene\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\NPK9L7JY\expansemedia.thesyndicationserver.co.uk\SyndPlugins\ (the data entry has 78 more characters).
HKU\S-1-5-21-313417324-2386856272-1699060966-1000\...\RunOnce: [SpybotDeletingF5187] => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Users\Colene\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\NPK9L7JY\foodplanet.thesyndicationserver.co.uk\SyndPlugins\fl (the data entry has 76 more characters).
HKU\S-1-5-21-313417324-2386856272-1699060966-1000\...\RunOnce: [SpybotDeletingF4810] => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Users\Colene\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\NPK9L7JY\split.thesyndicationserver.co.uk\SyndPlugins\flowpla (the data entry has 71 more characters).
HKU\S-1-5-21-313417324-2386856272-1699060966-1000\...\RunOnce: [SpybotDeletingF9233] => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Users\Colene\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\NPK9L7JY\theuppercut.thesyndicationserver.co.uk\SyndPlugins\f (the data entry has 77 more characters).
HKU\S-1-5-21-313417324-2386856272-1699060966-1000\...\RunOnce: [SpybotDeletingF1757] => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Users\Colene\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\NPK9L7JY\unblocker.thesyndicationserver.co.uk\SyndPlugins\flo (the data entry has 75 more characters).
HKU\S-1-5-21-313417324-2386856272-1699060966-1000\...\RunOnce: [SpybotDeletingF6933] => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Users\Colene\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\NPK9L7JY\vidtur.thesyndicationserver.co.uk\SyndPlugins\flowpl (the data entry has 72 more characters).
HKU\S-1-5-21-313417324-2386856272-1699060966-1000\...\RunOnce: [SpybotDeletingF8506] => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Users\Colene\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\NPK9L7JY\expansemedia.thesyndicationserver.co.uk\SyndPlugins\ (the data entry has 78 more characters).
HKU\S-1-5-21-313417324-2386856272-1699060966-1000\...\RunOnce: [SpybotDeletingF3773] => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Users\Colene\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\NPK9L7JY\foodplanet.thesyndicationserver.co.uk\SyndPlugins\fl (the data entry has 76 more characters).
HKU\S-1-5-21-313417324-2386856272-1699060966-1000\...\RunOnce: [SpybotDeletingF7164] => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Users\Colene\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\NPK9L7JY\split.thesyndicationserver.co.uk\SyndPlugins\flowpla (the data entry has 71 more characters).
HKU\S-1-5-21-313417324-2386856272-1699060966-1000\...\RunOnce: [SpybotDeletingF8069] => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Users\Colene\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\NPK9L7JY\theuppercut.thesyndicationserver.co.uk\SyndPlugins\f (the data entry has 77 more characters).
HKU\S-1-5-21-313417324-2386856272-1699060966-1000\...\RunOnce: [SpybotDeletingF6960] => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Users\Colene\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\NPK9L7JY\unblocker.thesyndicationserver.co.uk\SyndPlugins\flo (the data entry has 75 more characters).
HKU\S-1-5-21-313417324-2386856272-1699060966-1000\...\RunOnce: [SpybotDeletingF9172] => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Users\Colene\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\NPK9L7JY\vidtur.thesyndicationserver.co.uk\SyndPlugins\flowpl (the data entry has 72 more characters).
HKU\S-1-5-21-313417324-2386856272-1699060966-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-313417324-2386856272-1699060966-1000\...\Policies\system: [DisableChangePassword] 0
HKU\S-1-5-21-313417324-2386856272-1699060966-1000\...\MountPoints2: {115ddaf3-8126-11e2-bec5-50e54943a13f} - E:\LaunchU3.exe -a
HKU\S-1-5-21-313417324-2386856272-1699060966-1000\...\MountPoints2: {53309279-35cd-11e2-b14b-50e54943a13f} - F:\MotorolaDeviceManagerSetup.exe -a
HKU\S-1-5-21-313417324-2386856272-1699060966-1000\...\MountPoints2: {973bda01-053e-11e3-ab1c-50e54943a13f} - G:\LGAutoRun.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
SearchScopes: HKLM-x32 - DefaultScope {499B63FE-CCAE-4196-8F0F-8AA9624DCDB6} URL =
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL = http://dts.search-results.com/sr?src=ieb&appid=590&systemid=1&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10042&barid={2FD9A19F-D7A6-11E2-A6FD-50E54943A13F}
SearchScopes: HKCU - DefaultScope {499B63FE-CCAE-4196-8F0F-8AA9624DCDB6} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3298573&CUI=UN42452248515992321&UM=2
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=E4C450E54943A13F&affID=119351&tsp=4951
SearchScopes: HKCU - {499B63FE-CCAE-4196-8F0F-8AA9624DCDB6} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3298573&CUI=UN42452248515992321&UM=2
SearchScopes: HKCU - {64A1DC1C-CA4B-49C1-9427-5B117D96DBD6} URL = http://search.conduit.com/Results.aspx?ctid=CT3300039&SearchSource=45&q={searchTerms}
SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpacks.com?src=6&q={searchTerms}&barid={2FD9A19F-D7A6-11E2-A6FD-50E54943A13F}&crg=3.5000006.10042&st=23
BHO: GBHO.BHO -> {45d30484-7ded-43d9-957a-d2fd1f046511} -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Yontoo Layers -> {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} -> C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll No File
Toolbar: HKLM - Smart Recovery 2 - {1d09c093-f71e-43c3-b948-19316cbd695e} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM - No Name - !{78ba36c9-6036-482b-b48d-ecca6f964b84} -  No File
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - No Name - !{78ba36c9-6036-482b-b48d-ecca6f964b84} -  No File
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
DPF: HKLM-x32 {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl-esd.sun.com/update/1.7.0/jinstall-7u4-windows-i586.cab
DPF: HKLM-x32 {C6A47FBB-2ECA-430E-8466-5523772CA4FA} http://ems.amsreo.com/ScriptsLocation/Uploader8.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} -  No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Colene\AppData\Roaming\Mozilla\Firefox\Profiles\ev6m480z.default
FF NewTab: about:blank
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @mozilla.zeniko.ch/PDFlite_Browser_Plugin -> C:\Program Files (x86)\PDFlite\npPdfViewer.dll No File
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll ( )
FF Plugin-x32: @RadioRage_4j.com/Plugin -> C:\Program Files (x86)\RadioRage_4j\bar\1.bin\NP4jStub.dll No File
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\Colene\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @mozilla.zeniko.ch/PDFlite_Browser_Plugin -> C:\Program Files (x86)\PDFlite\npPdfViewer.dll No File
FF Plugin HKCU: @nsroblox.roblox.com/launcher -> C:\Program Files (x86)\Roblox\Versions\version-c5357fcf5b544474\\NPRobloxProxy.dll ( ROBLOX Corporation)
FF user.js: detected! => C:\Users\Colene\AppData\Roaming\Mozilla\Firefox\Profiles\ev6m480z.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Colene\AppData\Roaming\Mozilla\Firefox\Profiles\ev6m480z.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\Colene\AppData\Roaming\Mozilla\Firefox\Profiles\ev6m480z.default\searchplugins\babylon.xml
FF SearchPlugin: C:\Users\Colene\AppData\Roaming\Mozilla\Firefox\Profiles\ev6m480z.default\searchplugins\bingp.xml
FF SearchPlugin: C:\Users\Colene\AppData\Roaming\Mozilla\Firefox\Profiles\ev6m480z.default\searchplugins\conduit.xml
FF SearchPlugin: C:\Users\Colene\AppData\Roaming\Mozilla\Firefox\Profiles\ev6m480z.default\searchplugins\delta.xml
FF SearchPlugin: C:\Users\Colene\AppData\Roaming\Mozilla\Firefox\Profiles\ev6m480z.default\searchplugins\funmoods.xml
FF SearchPlugin: C:\Users\Colene\AppData\Roaming\Mozilla\Firefox\Profiles\ev6m480z.default\searchplugins\my-web-search.xml
FF SearchPlugin: C:\Users\Colene\AppData\Roaming\Mozilla\Firefox\Profiles\ev6m480z.default\searchplugins\Search_Results.xml
FF SearchPlugin: C:\Users\Colene\AppData\Roaming\Mozilla\Firefox\Profiles\ev6m480z.default\searchplugins\web-search.xml
FF Extension: LyricsDroid - C:\Users\Colene\AppData\Roaming\Mozilla\Firefox\Profiles\ev6m480z.default\Extensions\125 [2013-07-23]
FF Extension: I Want This - C:\Users\Colene\AppData\Roaming\Mozilla\Firefox\Profiles\ev6m480z.default\Extensions\crossriderapp2258@crossrider.com [2014-07-10]
FF Extension: Garmin Communicator - C:\Users\Colene\AppData\Roaming\Mozilla\Firefox\Profiles\ev6m480z.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2013-11-19]
FF Extension: MixiDJ V37  - C:\Users\Colene\AppData\Roaming\Mozilla\Firefox\Profiles\ev6m480z.default\Extensions\{eef3855c-fc2d-41e6-8d91-d368f51b3055} [2013-12-12]
FF Extension: SweetPacks Toolbar for Firefox - C:\Users\Colene\AppData\Roaming\Mozilla\Firefox\Profiles\ev6m480z.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi [2013-06-17]
FF HKLM-x32\...\Firefox\Extensions: [4jffxtbr@RadioRage_4j.com] - C:\Program Files (x86)\RadioRage_4j\bar\1.bin
FF Extension: RadioRage - C:\Program Files (x86)\RadioRage_4j\bar\1.bin [2012-07-25]
FF HKCU\...\Firefox\Extensions: [Tubesaver@istqt.co] - C:\Program Files (x86)\TubeSaver\125.xpi

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [lkojdlfbcgjhhjmdgdbbbbbnfjpepbcj] - C:\Program Files (x86)\TubeSaver\125.crx []

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 eBLVD; C:\Program Files (x86)\eBLVD\ebhost.exe [590376 2013-01-03] (ENC)
R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)
R2 NitroReaderDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [343032 2012-02-09] (Nitro PDF Software)
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
R2 Smart TimeLock; C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [114688 2009-10-13] (Gigabyte Technology CO., LTD.) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [29184 2012-07-03] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [36352 2012-07-03] (LG Electronics Inc.)
S3 andnetndis; C:\Windows\System32\DRIVERS\lgandnetndis64.sys [93184 2012-07-04] (LG Electronics Inc.)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21104 2011-01-10] ()
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2011-12-25] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-10] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 motmodem; system32\DRIVERS\motmodem.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-10 18:39 - 2014-08-10 18:39 - 00030493 _____ () C:\Users\Colene\Desktop\FRST.txt
2014-08-10 18:38 - 2014-08-10 18:39 - 00000000 ____D () C:\FRST
2014-08-10 18:38 - 2014-08-10 18:38 - 02099712 _____ (Farbar) C:\Users\Colene\Desktop\FRST64.exe
2014-08-10 18:30 - 2014-08-10 18:30 - 368337533 _____ () C:\Windows\MEMORY.DMP
2014-08-10 18:30 - 2014-08-10 18:30 - 00279200 _____ () C:\Windows\Minidump\081014-15163-01.dmp
2014-08-10 18:30 - 2014-08-10 18:30 - 00000000 ____D () C:\Windows\Minidump
2014-08-09 14:53 - 2014-08-09 14:53 - 00327372 _____ () C:\Users\Colene\Desktop\Task 17  Loan  1016531.zip
2014-08-09 14:46 - 2014-08-09 14:52 - 00000000 ____D () C:\Users\Colene\Desktop\Task 17  Loan  1016531
2014-08-08 16:46 - 2014-08-08 16:47 - 00000000 ____D () C:\Users\Colene\Desktop\0808
2014-08-07 19:47 - 2014-08-08 16:47 - 00000000 ____D () C:\Users\Colene\Desktop\3824 Nebraksa St
2014-08-07 19:47 - 2014-08-07 19:49 - 00000000 ____D () C:\Users\Colene\Desktop\0807 lawns
2014-08-05 20:35 - 2014-08-05 20:50 - 00000000 ____D () C:\Users\Colene\Desktop\113 Myers
2014-08-05 20:08 - 2014-08-05 20:10 - 00000000 ____D () C:\Users\Colene\Desktop\0805 nowata lawns
2014-08-03 22:18 - 2014-08-03 22:20 - 00000000 ____D () C:\Users\Colene\Desktop\08-03 Barnsdall & Pawhuska Lawn
2014-08-03 01:53 - 2013-12-21 04:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-03 01:53 - 2013-12-21 03:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-03 01:49 - 2014-08-03 01:49 - 00264914 _____ () C:\Windows\msxml4-KB2758694-enu.LOG
2014-08-02 23:31 - 2014-08-04 18:32 - 00000000 ____D () C:\Users\Colene\Desktop\615 N Cherokee
2014-08-02 23:31 - 2014-06-05 09:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-08-02 23:31 - 2014-06-05 09:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-08-02 23:31 - 2014-06-05 09:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-08-02 23:31 - 2014-04-11 21:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-08-02 23:31 - 2014-04-11 21:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-08-02 23:31 - 2014-04-11 21:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-08-02 23:31 - 2014-04-11 21:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-08-02 23:31 - 2014-04-11 21:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-08-02 23:31 - 2014-04-11 21:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-08-02 23:31 - 2014-03-26 09:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-08-02 23:31 - 2014-03-26 09:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-08-02 23:31 - 2014-03-26 09:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-08-02 23:31 - 2014-03-26 09:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-08-02 23:31 - 2014-03-26 09:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-08-02 23:31 - 2014-03-26 09:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-08-02 23:31 - 2014-03-26 09:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-08-02 23:31 - 2014-03-26 09:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-08-02 23:31 - 2014-03-04 04:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-08-02 23:31 - 2014-03-04 04:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-08-02 23:31 - 2014-03-04 04:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-08-02 23:31 - 2014-03-04 04:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-08-02 23:31 - 2014-03-04 04:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-08-02 23:31 - 2014-03-04 04:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-08-02 23:31 - 2014-03-04 04:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-08-02 23:31 - 2014-03-04 04:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-08-02 23:31 - 2014-03-04 04:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-08-02 23:31 - 2014-03-04 04:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-08-02 23:31 - 2014-03-04 04:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-08-02 23:31 - 2014-03-04 04:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-08-02 23:31 - 2013-09-24 21:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-08-02 23:31 - 2013-09-24 20:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-08-02 23:31 - 2013-07-04 07:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-08-02 23:31 - 2013-05-13 00:51 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-08-02 23:31 - 2013-05-13 00:51 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-08-02 23:31 - 2013-05-13 00:51 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2014-08-02 23:31 - 2013-05-13 00:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2014-08-02 23:31 - 2013-05-12 23:45 - 01160192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-08-02 23:31 - 2013-05-12 23:45 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-08-02 23:31 - 2013-05-12 23:45 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2014-08-02 23:31 - 2013-05-12 22:43 - 01192448 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2014-08-02 23:31 - 2013-05-12 22:08 - 00903168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2014-08-02 23:31 - 2013-05-12 22:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2014-08-02 23:30 - 2013-10-11 21:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2014-08-02 23:30 - 2013-10-11 21:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2014-08-02 23:30 - 2013-10-11 21:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2014-08-02 23:30 - 2013-10-11 21:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2014-08-02 23:30 - 2013-10-11 21:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2014-08-02 23:30 - 2013-10-11 21:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2014-08-02 23:30 - 2013-10-11 21:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2014-08-02 23:30 - 2013-10-11 21:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2014-08-02 23:30 - 2013-10-11 21:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2014-08-02 23:30 - 2013-10-11 20:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2014-08-02 23:30 - 2013-10-11 20:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2014-08-02 23:30 - 2013-10-11 20:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2014-08-02 23:30 - 2013-10-11 20:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2014-08-02 23:30 - 2013-10-02 21:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-02 23:30 - 2013-10-02 21:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-02 23:30 - 2013-08-01 07:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-02 23:30 - 2013-07-20 05:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-08-02 23:30 - 2013-07-20 05:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2014-08-02 23:30 - 2013-04-10 01:01 - 00265064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2014-08-02 23:30 - 2013-04-09 18:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2014-08-02 23:30 - 2013-04-02 17:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2014-08-02 23:30 - 2012-07-04 17:16 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\netapi32.dll
2014-08-02 23:30 - 2012-07-04 17:13 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\browser.dll
2014-08-02 23:30 - 2012-07-04 17:13 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\browcli.dll
2014-08-02 23:30 - 2012-07-04 16:16 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2014-08-02 23:30 - 2012-07-04 16:14 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2014-08-02 23:30 - 2012-06-06 01:02 - 01133568 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2014-08-02 23:30 - 2012-06-06 00:03 - 00805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2014-08-02 23:30 - 2012-05-14 00:26 - 00956928 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-08-02 23:30 - 2011-02-03 06:25 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-08-02 22:49 - 2014-05-14 11:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-02 22:49 - 2014-05-14 11:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-02 22:49 - 2014-05-14 11:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-02 22:49 - 2014-05-14 11:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-02 22:48 - 2014-05-14 11:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-02 22:48 - 2014-05-14 11:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-02 22:48 - 2014-05-14 11:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-02 22:48 - 2014-05-14 11:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-02 22:48 - 2014-05-14 11:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-02 22:48 - 2014-05-14 11:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-02 22:48 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-02 22:48 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-02 22:48 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-02 22:48 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-02 22:46 - 2014-08-10 18:34 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-02 22:45 - 2014-08-02 22:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-02 22:45 - 2014-08-02 22:45 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-02 22:45 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-02 22:45 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-02 22:44 - 2014-08-02 22:45 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-02 22:44 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-02 22:14 - 2014-08-10 18:30 - 00001064 _____ () C:\Windows\setupact.log
2014-08-02 22:06 - 2014-08-02 22:29 - 00000158 _____ () C:\Users\Colene\Desktop\attach.txt
2014-08-02 21:05 - 2014-08-02 21:05 - 00688992 ____R (Swearware) C:\Users\Colene\Desktop\dds.com
2014-08-02 00:04 - 2014-08-02 00:12 - 00000000 ____D () C:\Users\Colene\Desktop\Property Vendors
2014-07-29 22:49 - 2014-07-29 22:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-29 11:24 - 2014-07-29 11:24 - 00135168 _____ () C:\Users\Colene\AppData\Local\fnqfttkt.exe
2014-07-11 17:46 - 2014-07-11 17:46 - 00003556 _____ () C:\Windows\System32\Tasks\HP AR Program Upload - e03fece426354a73b6977cfbd8b2499345724ab90e064a7d821ed20d5452ce0d

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-10 18:39 - 2014-08-10 18:39 - 00030493 _____ () C:\Users\Colene\Desktop\FRST.txt
2014-08-10 18:39 - 2014-08-10 18:38 - 00000000 ____D () C:\FRST
2014-08-10 18:39 - 2009-07-13 23:45 - 00014336 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-10 18:39 - 2009-07-13 23:45 - 00014336 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-10 18:38 - 2014-08-10 18:38 - 02099712 _____ (Farbar) C:\Users\Colene\Desktop\FRST64.exe
2014-08-10 18:35 - 2011-12-25 09:23 - 01685872 _____ () C:\Windows\WindowsUpdate.log
2014-08-10 18:34 - 2014-08-02 22:46 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-10 18:30 - 2014-08-10 18:30 - 368337533 _____ () C:\Windows\MEMORY.DMP
2014-08-10 18:30 - 2014-08-10 18:30 - 00279200 _____ () C:\Windows\Minidump\081014-15163-01.dmp
2014-08-10 18:30 - 2014-08-10 18:30 - 00000000 ____D () C:\Windows\Minidump
2014-08-10 18:30 - 2014-08-02 22:14 - 00001064 _____ () C:\Windows\setupact.log
2014-08-10 18:30 - 2013-09-04 16:25 - 00000294 _____ () C:\Windows\Tasks\Dealply.job
2014-08-10 18:30 - 2013-03-03 17:38 - 00000302 _____ () C:\Windows\Tasks\AXBUE.job
2014-08-10 18:30 - 2013-01-04 17:42 - 00000000 ____D () C:\Temp
2014-08-10 18:30 - 2012-06-10 15:12 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-10 18:30 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-10 18:24 - 2012-12-13 18:20 - 00000340 _____ () C:\Windows\Tasks\HP Photo Creations Communicator.job
2014-08-10 17:56 - 2012-06-12 22:07 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-10 17:46 - 2014-02-26 22:00 - 00000540 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-313417324-2386856272-1699060966-1000.job
2014-08-10 17:45 - 2014-02-02 01:45 - 00000296 _____ () C:\Windows\Tasks\Digital Sites.job
2014-08-10 17:45 - 2013-06-01 20:06 - 00000290 _____ () C:\Windows\Tasks\DSite.job
2014-08-10 17:18 - 2012-06-10 15:12 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-10 00:07 - 2012-06-08 23:47 - 00000000 ____D () C:\Users\Colene\AppData\Roaming\EurekaLog
2014-08-09 14:53 - 2014-08-09 14:53 - 00327372 _____ () C:\Users\Colene\Desktop\Task 17  Loan  1016531.zip
2014-08-09 14:52 - 2014-08-09 14:46 - 00000000 ____D () C:\Users\Colene\Desktop\Task 17  Loan  1016531
2014-08-08 16:47 - 2014-08-08 16:46 - 00000000 ____D () C:\Users\Colene\Desktop\0808
2014-08-08 16:47 - 2014-08-07 19:47 - 00000000 ____D () C:\Users\Colene\Desktop\3824 Nebraksa St
2014-08-07 19:49 - 2014-08-07 19:47 - 00000000 ____D () C:\Users\Colene\Desktop\0807 lawns
2014-08-05 20:50 - 2014-08-05 20:35 - 00000000 ____D () C:\Users\Colene\Desktop\113 Myers
2014-08-05 20:10 - 2014-08-05 20:08 - 00000000 ____D () C:\Users\Colene\Desktop\0805 nowata lawns
2014-08-05 10:14 - 2011-12-25 12:47 - 00325196 _____ () C:\Windows\PFRO.log
2014-08-04 18:32 - 2014-08-02 23:31 - 00000000 ____D () C:\Users\Colene\Desktop\615 N Cherokee
2014-08-04 18:21 - 2011-12-25 09:25 - 00000000 ____D () C:\Users\Colene\AppData\Roaming\Splashtop
2014-08-04 18:21 - 2011-12-25 09:25 - 00000000 ____D () C:\Program Files (x86)\Splashtop
2014-08-04 18:20 - 2011-12-25 09:30 - 00000000 ____D () C:\ProgramData\Splashtop
2014-08-03 23:23 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-08-03 22:20 - 2014-08-03 22:18 - 00000000 ____D () C:\Users\Colene\Desktop\08-03 Barnsdall & Pawhuska Lawn
2014-08-03 19:18 - 2013-09-04 15:45 - 00000884 __RSH () C:\Users\Colene\ntuser.pol
2014-08-03 19:18 - 2011-12-25 09:21 - 00000000 ____D () C:\Users\Colene
2014-08-03 19:16 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-03 01:56 - 2012-05-24 19:19 - 00776710 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-08-03 01:56 - 2009-07-14 00:13 - 00776710 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-03 01:54 - 2012-07-31 21:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-08-03 01:54 - 2012-07-31 21:41 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-08-03 01:54 - 2012-07-31 21:41 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-08-03 01:51 - 2012-02-03 01:08 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-03 01:49 - 2014-08-03 01:49 - 00264914 _____ () C:\Windows\msxml4-KB2758694-enu.LOG
2014-08-02 22:45 - 2014-08-02 22:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-02 22:45 - 2014-08-02 22:45 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-02 22:45 - 2014-08-02 22:44 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-02 22:45 - 2012-06-12 22:10 - 00000000 ____D () C:\Users\Colene\AppData\Roaming\Malwarebytes
2014-08-02 22:45 - 2012-06-12 22:10 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-08-02 22:29 - 2014-08-02 22:06 - 00000158 _____ () C:\Users\Colene\Desktop\attach.txt
2014-08-02 22:02 - 2013-06-18 21:23 - 00065095 _____ () C:\Windows\wininit.ini
2014-08-02 21:57 - 2013-03-04 18:15 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-08-02 21:05 - 2014-08-02 21:05 - 00688992 ____R (Swearware) C:\Users\Colene\Desktop\dds.com
2014-08-02 00:12 - 2014-08-02 00:04 - 00000000 ____D () C:\Users\Colene\Desktop\Property Vendors
2014-08-02 00:12 - 2014-01-17 22:28 - 00000000 ____D () C:\Users\Colene\Desktop\Property Photos
2014-08-02 00:12 - 2011-12-26 20:28 - 00000000 ____D () C:\Users\Colene\Desktop\colene
2014-08-01 23:36 - 2012-08-22 21:08 - 00000000 ____D () C:\Users\Public\TOS
2014-08-01 23:36 - 2012-08-22 21:08 - 00000000 ____D () C:\Users\Public\mysql
2014-08-01 23:36 - 2012-08-22 21:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOS
2014-07-31 21:08 - 2011-12-26 11:49 - 00110664 _____ () C:\Users\Colene\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-30 23:43 - 2012-04-25 10:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-30 23:43 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Speech
2014-07-30 23:42 - 2014-02-02 01:45 - 00000000 ____D () C:\Users\Colene\AppData\Roaming\DigitalSites
2014-07-30 23:19 - 2012-06-12 22:10 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-30 15:45 - 2013-07-26 15:10 - 00000063 _____ () C:\Users\Colene\AppData\Roaming\WB.CFG
2014-07-29 22:52 - 2014-07-29 22:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-29 11:24 - 2014-07-29 11:24 - 00135168 _____ () C:\Users\Colene\AppData\Local\fnqfttkt.exe
2014-07-29 08:31 - 2009-07-13 23:45 - 00432416 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-27 10:07 - 2012-02-12 16:08 - 00000000 ____D () C:\Users\Colene\AppData\Local\Free File Opener
2014-07-12 22:17 - 2014-02-26 22:00 - 00003574 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-313417324-2386856272-1699060966-1000
2014-07-11 17:46 - 2014-07-11 17:46 - 00003556 _____ () C:\Windows\System32\Tasks\HP AR Program Upload - e03fece426354a73b6977cfbd8b2499345724ab90e064a7d821ed20d5452ce0d

Files to move or delete:
====================
C:\Users\Colene\lametritonus_en.dll
C:\Users\Colene\lame_enc_en.dll


Some content of TEMP:
====================
C:\Users\Colene\AppData\Local\Temp\ose00000.exe
C:\Users\Colene\AppData\Local\Temp\_is1D11.exe
C:\Users\Colene\AppData\Local\Temp\_is2694.exe
C:\Users\Colene\AppData\Local\Temp\_is3E14.exe
C:\Users\Colene\AppData\Local\Temp\_is52CC.exe
C:\Users\Colene\AppData\Local\Temp\_is647C.exe
C:\Users\Colene\AppData\Local\Temp\_is65B4.exe
C:\Users\Colene\AppData\Local\Temp\_is710A.exe
C:\Users\Colene\AppData\Local\Temp\_is75BB.exe
C:\Users\Colene\AppData\Local\Temp\_is9BE1.exe
C:\Users\Colene\AppData\Local\Temp\_isA5FE.exe
C:\Users\Colene\AppData\Local\Temp\_isC1A9.exe
C:\Users\Colene\AppData\Local\Temp\_isCC62.exe
C:\Users\Colene\AppData\Local\Temp\_isF095.exe
C:\Users\Colene\AppData\Local\Temp\_isFE2C.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-07 16:19

==================== End Of Log ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-08-2014 01
Ran by Colene at 2014-08-10 18:40:31
Running from C:\Users\Colene\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

@BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.12 - GIGABYTE)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}) (Version: 2.1.7 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AutoGreen B10.1021.1 (HKLM-x32\...\InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}) (Version: 1.00.0000 - GIGABYTE)
AutoGreen B10.1021.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Citrix Online Launcher (HKLM-x32\...\{AC7E7905-8C59-4806-A96D-30936A2B1FC5}) (Version: 1.0.168 - Citrix)
Cityside Photo Application (HKLM-x32\...\{00D7C4CE-8EDA-491C-85E9-D367E61D1DE6}) (Version: 1.10.0.0 - Cityside)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.8 - DivX, LLC)
Easy Tune 6 B11.0630.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)
Easy Tune 6 B11.0630.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
eBLVD Host Software 7.6 (HKLM-x32\...\eBLVD) (Version:  - )
Free File Opener (HKLM-x32\...\Free File Opener) (Version: 2011.8.0.0 - Free File Opener, LLC)
Free Picture Resize Starter 4.5 (HKLM-x32\...\Picture Resize_is1) (Version: 5.5.18 - Bidgood Svcs)
Garmin BaseCamp (HKLM-x32\...\{22613FA5-4D3B-4EE5-8E4A-39EBE649324E}) (Version: 3.3.3 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
GoToMeeting 6.3.0.1468 (HKCU\...\GoToMeeting) (Version: 6.3.0.1468 - CitrixOnline)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.11182 - HP)
HP Photosmart 6520 series Basic Device Software (HKLM\...\{1151BCF8-3246-4E34-9C17-22E66318C41C}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photosmart 6520 series Help (HKLM-x32\...\{D3293275-1002-41F5-BC37-099B4251FF5B}) (Version: 28.0.0 - Hewlett Packard)
HP Photosmart 6520 series Product Improvement Study (HKLM\...\{F144E07C-4019-4092-BE25-B57819C97D2F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
INSPI2 Image Sizer (HKLM-x32\...\{175A618D-8A56-4033-AB5E-B2DE419ED2CF}) (Version: 1.3.0002 - Safeguard Properties)
INSPI2 PC (HKLM-x32\...\{B4A95D63-6D4D-46CF-AC31-70CBA017FC66}) (Version: 2.1.0.0000 - Safeguard Properties, Inc.)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2418 - Intel Corporation)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JavaFX 2.1.0 (HKLM-x32\...\{1111706F-666A-4037-7777-210328764D10}) (Version: 2.1.0 - Oracle Corporation)
KaraFun Player (HKLM-x32\...\KaraFun Player_is1) (Version: 1.20.86.771 - Recisio)
LG United Mobile Drivers (HKLM-x32\...\{5DB849D6-9392-4FB7-9ABB-87ED433152E5}) (Version: 3.8.1 - LG Electronics)
Linksys Compact Wireless-G USB Adapter Driver - WUSB54GC (HKLM-x32\...\{F855C3AE-992D-4B84-A09D-07103CDCDAC2}) (Version: 1.0 - Linksys, A Division of Cisco Systems, Inc.)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MARS Browser 1.1 (HKCU\...\faab200e0cea6a96) (Version: 1.1.350.0 - Five Brothers)
MARS Browser Helper (HKLM-x32\...\{DEC487E0-9796-49CE-BD81-6F302AFFBC02}) (Version: 1.0.0.0 - Intelliblocks Software)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Access database engine 2010 (English) (HKLM-x32\...\{90140000-00D1-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office 2000 SR-1 Small Business (HKLM-x32\...\{00030409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.3821 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.4.5 - Motorola Mobility)
Motorola Device Software Update (x32 Version: 13.09.3001 - Motorola Mobility) Hidden
Motorola Mobile Drivers Installation 6.3.0 (HKLM\...\{759E6A2F-1F01-45EF-A0C4-22F1B56CB975}) (Version: 6.3.0 - Motorola Mobility LLC)
Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MySQL Connector/ODBC 3.51 (HKLM-x32\...\{40928C54-F8EE-420D-BD80-07F2F78CFB0D}) (Version: 3.51.27 - MySQL AB)
Nitro Reader 2 (HKLM\...\{3A92A8D7-60F4-4BC0-892B-3AAE4481359D}) (Version: 2.2.1.14 - Nitro PDF Software)
ON_OFF Charge B11.0110.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
PreReq (x32 Version: 6.2.4.0 - Eastman Kodak Company) Hidden
PrimoPDF (HKLM-x32\...\PrimoPDF4.1.0.9) (Version: 4.1.0.9 - activePDF)
PVPlus (HKLM-x32\...\{94B4A961-5F4D-485D-9564-C05FA9647DFF}) (Version: 0.1 - admin)
QuickBooks Pro Edition 2004 (HKLM-x32\...\{2b02f822-a9b9-458c-80e5-3ea8c0de8471}) (Version:  - )
QuickTime (HKLM-x32\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.45.516.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6387 - Realtek Semiconductor Corp.)
ROBLOX Player (HKLM-x32\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
RollerCoaster Tycoon 2 (HKLM-x32\...\{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}) (Version:  - )
RollerCoaster Tycoon 3 Platinum (HKLM-x32\...\{907B4640-266B-4A21-92FB-CD1A86CD0F63}) (Version: 1.00.000 - Atari)
Smart 6 B11.0512.1 (HKLM-x32\...\{3B35725F-C623-4A1E-B5CC-99C0868679E3}) (Version: 1.00.0000 - GIGABYTE)
TOS_Version14.0.190 (HKLM-x32\...\TOS_Version14.0.190_is1) (Version:  - Trakscape)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2825642) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{9492511E-2CE0-4904-9400-203F44E1DC0D}) (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Vendor Vision (HKCU\...\3e9ea841fcc00bba) (Version: 1.7.2.0 - Pacific Field Service)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)
Zephyr (HKCU\...\bc05b1a1239b7465) (Version: 2.5.0.16 - Five Brothers)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-313417324-2386856272-1699060966-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Colene\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File
CustomCLSID: HKU\S-1-5-21-313417324-2386856272-1699060966-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\1350\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)

==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2014-07-30 00:00 - 00444830 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    www.10sek.com
127.0.0.1    10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    www.123fporn.info
127.0.0.1    123fporn.info
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123haustiereundmehr.com
127.0.0.1    123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0A6206E8-2D73-4AFD-84AA-6FFE2B5240F1} - \Dealply No Task File <==== ATTENTION
Task: {0B94FB70-60C4-4B17-A2C4-5B41CF161161} - System32\Tasks\HP AR Program Upload - 48fd3876c9e645f7a2d1069266624da5693ebdaa1aa046a5bc41fed35c4bffc1 => C:\Program Files\HP\HP Photosmart 6520 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {10090324-FCFD-4B78-9A7E-F83B9D66C253} - System32\Tasks\HPCustParticipation HP Photosmart 6520 series => C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {2FE8251F-1E3E-4D89-9E37-7772AD63E77C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated)
Task: {3CD462B0-335D-45FD-809B-7A065E9F22C0} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2011-01-22] ()
Task: {6BB314A9-E3D3-40C8-BAD5-1B240CEEA944} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-06-10] (Google Inc.)
Task: {737CFE12-5139-477E-A6F5-F1DCD23627A1} - System32\Tasks\{F85FFB67-152A-4BAA-9A5E-A069A4FA7453} => C:\Users\Public\TOS\TOS.exe
Task: {78FCEED5-8C52-44DC-865B-1935B5C28FD6} - System32\Tasks\HP AR Program Upload - bb97fc2f6e3d4e39858f90873907f34ccfaee56283f34633a06dbdc933b50d0a => C:\Program Files\HP\HP Photosmart 6520 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {8103A6A6-F93B-4053-8D03-9E749771BBD4} - System32\Tasks\HP AR Program Upload - d9da0f74fb1647e7b6366e1b8a40073b039c2d04f005477ba903cab415a2c180 => C:\Program Files\HP\HP Photosmart 6520 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {82AA6EA6-431E-4F20-9BE5-CAF773286260} - System32\Tasks\HP AR Program Upload - 6801b07ecb4148b09cb80cac1db88d7280312937822044a0861295a2ba855b6f => C:\Program Files\HP\HP Photosmart 6520 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {84A3575B-0284-4F8A-B10C-924AE95DE4A2} - System32\Tasks\Digital Sites => C:\Users\Colene\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {8D025D52-98BE-4B1D-80C9-59154D3B0763} - System32\Tasks\HP AR Program Upload - 0b6b3d4ffeb642b2abcba5a56f693568bc32606640fa4bce83bbf8b05e93576f => C:\Program Files\HP\HP Photosmart 6520 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {926D6683-02D0-4D61-963F-908982B0867C} - System32\Tasks\{AF625822-7C50-4F47-B7D6-294B2C2B461A} => C:\Users\Public\TOS\TOS.exe
Task: {983A8F30-6025-444F-8BE6-26E011328C91} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-06-10] (Google Inc.)
Task: {9A1A152C-96D8-4C2B-A000-9A525E80B1BC} - System32\Tasks\G2MUpdateTask-S-1-5-21-313417324-2386856272-1699060966-1000 => C:\Program Files (x86)\Citrix\GoToMeeting\1468\g2mupdate.exe [2014-07-12] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {A43FE6F2-0078-4B87-9529-17C71BE55D06} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {B06FF4FC-982C-46BE-A268-C9DE54F59AC9} - System32\Tasks\HP AR Program Upload - 1d68a26a5ab2415bb734fe745a15eb0fd760298640b1454789a05ec8d25a0f79 => C:\Program Files\HP\HP Photosmart 6520 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {B207931C-7D52-42C0-AD10-6BDF0E4AC89C} - System32\Tasks\HP AR Program Upload - e03fece426354a73b6977cfbd8b2499345724ab90e064a7d821ed20d5452ce0d => C:\Program Files\HP\HP Photosmart 6520 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {BD02432A-A0C5-4087-922E-7E4798CE6F48} - System32\Tasks\DSite => C:\Users\Colene\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {CA4C3BB8-5F29-4308-BB62-F9CAD69EFEE4} - System32\Tasks\HP AR Program Upload - 17004bcf13c24e0e8a0887106e151926d9150f0bf47c4ad4a17b736de42348cf => C:\Program Files\HP\HP Photosmart 6520 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {D2E39659-CD70-4A8E-A95E-94969C94742B} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {DA1829DF-E66C-4889-98F5-BCD1018EADCC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {DFE7EEB3-6D64-482D-954C-C0EFFA4A55DA} - System32\Tasks\HP AR Program Upload - a3261392a7fe4f13be75f6c9085155795d1882eef07b414a802592ae781741c7 => C:\Program Files\HP\HP Photosmart 6520 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {E0F7E55D-B72C-4B41-B555-7291B4379E21} - System32\Tasks\AXBUE => Rundll32.exe "C:\Windows\SysWOW64\WmpDuix.dll",CPMB
Task: {E97D8AD0-8BB6-4712-82D2-13E14FB52D9A} - System32\Tasks\HP AR Program Upload - 69451ce2d5094a0bb06fcbd8d430c285ced50096f0f04d46a3a9280dde37a93e => C:\Program Files\HP\HP Photosmart 6520 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {F5B5B9CA-D0C6-4963-96AB-7BE1B163ABC9} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {FB2E1DE9-2692-4ADD-880F-4478B7E34A5B} - System32\Tasks\HP AR Program Upload - 97319505fc6a4d478daacf9f3098e83c5d695bebc2f842eebe3424e22f3c695c => C:\Program Files\HP\HP Photosmart 6520 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AXBUE.job => C:\Windows\SysWOW64\WmpDuix.dll
Task: C:\Windows\Tasks\Dealply.job => C:\Users\Colene\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\Digital Sites.job => C:\Users\Colene\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\DSite.job => C:\Users\Colene\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-313417324-2386856272-1699060966-1000.job => C:\Program Files (x86)\Citrix\GoToMeeting\1468\g2mupdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe

==================== Loaded Modules (whitelisted) =============

2012-04-29 13:30 - 2006-11-06 17:55 - 00090624 _____ () C:\Windows\System32\Primomonnt.dll
2011-12-25 09:27 - 2011-06-09 21:36 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-10-31 10:05 - 2013-10-31 10:05 - 00172032 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\css_core.dll
2009-07-13 16:03 - 2009-07-13 20:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2014-07-29 22:49 - 2014-07-29 22:52 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:BE2D0492

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/10/2014 02:38:28 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/09/2014 11:48:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program KaraFunPlayer.exe version 1.20.86.771 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1ec0

Start Time: 01cfb4562ae5ea9a

Termination Time: 236

Application Path: C:\Program Files (x86)\KaraFun Player\KaraFunPlayer.exe

Report Id: 782a4b61-2049-11e4-b386-50e54943a13f

Error: (08/09/2014 11:42:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc000070a
Fault offset: 0x000000000005cf99
Faulting process id: 0x640
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (08/09/2014 03:05:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc000070a
Fault offset: 0x000000000005cf99
Faulting process id: 0x608
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (08/08/2014 05:00:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program mbam.exe version 1.0.0.532 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 95c

Start Time: 01cfb34c897cf701

Termination Time: 10

Application Path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

Report Id: 74e03f5d-1f47-11e4-a6e8-50e54943a13f

Error: (08/07/2014 04:20:23 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/06/2014 04:09:25 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/04/2014 07:49:38 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program mbam.exe version 1.0.0.532 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1c20

Start Time: 01cfb03a27dd32bb

Termination Time: 493

Application Path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

Report Id: 56e63549-1c3a-11e4-8a32-50e54943a13f

Error: (08/04/2014 07:23:26 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/04/2014 05:56:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc000070a
Fault offset: 0x000000000005cf99
Faulting process id: 0x484
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3


System errors:
=============
Error: (08/10/2014 06:30:11 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x0000000a (0xfffff8a000010370, 0x0000000000000002, 0x0000000000000001, 0xfffff800030b9dfa)C:\Windows\MEMORY.DMP081014-15163-01

Error: (08/10/2014 06:30:09 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 6:28:22 PM on ‎8/‎10/‎2014 was unexpected.

Error: (08/10/2014 01:53:20 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

Error: (08/06/2014 08:02:16 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 252.

Error: (08/06/2014 08:02:16 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 252.

Error: (08/06/2014 07:33:10 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 252.

Error: (08/06/2014 07:33:10 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 252.

Error: (08/03/2014 01:49:11 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}

Error: (08/02/2014 10:06:41 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (08/02/2014 09:00:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Spybot-S&D 2 Security Center Service service depends on the Security Center service which failed to start because of the following error:
%%1058


Microsoft Office Sessions:
=========================
Error: (04/16/2014 02:42:47 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.6514.5001. This session lasted 752 seconds with 300 seconds of active time.  This session ended with a crash.


==================== Memory info ===========================

Percentage of memory in use: 59%
Total physical RAM: 8109.18 MB
Available physical RAM: 3248.41 MB
Total Pagefile: 16218.36 MB
Available Pagefile: 10808.14 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:297.99 GB) (Free:208.04 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 2E949E96)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Attached Files


Edited by Oh My!, 16 August 2014 - 03:51 PM.


#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:21 AM

Posted 10 August 2014 - 09:01 PM

Hi Rich, nice to meet you. Thanks for your patience and posting the requested information. We have quite a bit to address in this first step.

BleepingComputer no longer recommends Spybot. I would like to remove it because of the number of registry entries that concern me.

Please do these things.

===================================================

Uninstalling Programs Using Revo Uninstaller Free

--------------------

I recommend uninstalling the below listed program(s) from your computer.

Revo Uninstaller is more thorough in deleting programs on your computer than using the Add/Remove option in Windows. Since it is a more powerful tool, please be sure to follow the instructions carefully.

Please note there is a chance when you look for this program to uninstall through Revo it might not be listed because of a previous uninstall. If that is the case simply stop and let me know.
  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on the listed program(s), or anything similar, to remove it (if it exists)
Spybot - Search & Destroy
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next.
  • Check the items in bold only on the list then click Delete. You may have to expand some folders by clicking the "+" mark.
  • When prompted click on Yes and then on Next.
  • Click on Select all then click Delete
  • When prompted select Yes then Next
  • Once done click Finish.
===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, select OK, then Run
  • Click on Scan
  • Upon completion click Report
  • Review the entries and uncheck any items you would like to keep on your computer (leaving an item checked will cause its deletion)
  • Click Clean to remove the items still checked
  • Click OK twice to reboot your computer
  • Copy and paste the contents of the text file on your desktop upon reboot in your reply
  • You can also find the logfile at C:\AdwCleaner\AdwCleaner.txt
===================================================

Junkware Removal Tool by thisisu

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 motmodem; system32\DRIVERS\motmodem.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2014-07-29 11:24 - 2014-07-29 11:24 - 00135168 _____ () C:\Users\Colene\AppData\Local\fnqfttkt.exe
C:\Users\Colene\lametritonus_en.dll
C:\Users\Colene\lame_enc_en.dll
C:\Users\Colene\AppData\Local\Temp\ose00000.exe
C:\Users\Colene\AppData\Local\Temp\_is1D11.exe
C:\Users\Colene\AppData\Local\Temp\_is2694.exe
C:\Users\Colene\AppData\Local\Temp\_is3E14.exe
C:\Users\Colene\AppData\Local\Temp\_is52CC.exe
C:\Users\Colene\AppData\Local\Temp\_is647C.exe
C:\Users\Colene\AppData\Local\Temp\_is65B4.exe
C:\Users\Colene\AppData\Local\Temp\_is710A.exe
C:\Users\Colene\AppData\Local\Temp\_is75BB.exe
C:\Users\Colene\AppData\Local\Temp\_is9BE1.exe
C:\Users\Colene\AppData\Local\Temp\_isA5FE.exe
C:\Users\Colene\AppData\Local\Temp\_isC1A9.exe
C:\Users\Colene\AppData\Local\Temp\_isCC62.exe
C:\Users\Colene\AppData\Local\Temp\_isF095.exe
C:\Users\Colene\AppData\Local\Temp\_isFE2C.exe
C:\Users\Colene\AppData\Roaming\DIGITA~1
C:\Users\Colene\AppData\Roaming\DSite
C:\Users\Colene\AppData\Roaming\Dealply
Task: {0A6206E8-2D73-4AFD-84AA-6FFE2B5240F1} - \Dealply No Task File <==== ATTENTION
Task: {84A3575B-0284-4F8A-B10C-924AE95DE4A2} - System32\Tasks\Digital Sites => C:\Users\Colene\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {BD02432A-A0C5-4087-922E-7E4798CE6F48} - System32\Tasks\DSite => C:\Users\Colene\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\Dealply.job => C:\Users\Colene\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\Digital Sites.job => C:\Users\Colene\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\DSite.job => C:\Users\Colene\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:BE2D0492
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Did Spybot uninstall?
  • AdwCleaner log
  • Junkware log
  • Fixlog
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 RSer11

RSer11
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:21 AM

Posted 11 August 2014 - 09:55 PM

I did not find spybot with revo. When I first began this process spybot had been running, but I removed it with the windows installer and I did not reinstall it. I will proceed when you tell me Gary, thanks.



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:21 AM

Posted 11 August 2014 - 10:05 PM

Thanks for the update. Go ahead and complete the remaining steps.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 RSer11

RSer11
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:21 AM

Posted 13 August 2014 - 08:08 PM

Gary, this is the adwcleaner log. I have run JRT several times and the program runs through some steps, but after it closes out, there is no log. No notepad comes up.  I stopped at that point to see how to proceed.  Thanks,

 

 

 

# AdwCleaner v3.305 - Report created 13/08/2014 at 19:49:10
# Updated 14/08/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Colene - COLENE-PC
# Running from : C:\Users\Colene\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\END
File Found : C:\Users\Colene\AppData\Local\AnyProtectScannerSetup.exe
File Found : C:\Users\Colene\AppData\Roaming\Mozilla\Firefox\Profiles\ev6m480z.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
File Found : C:\Users\Colene\AppData\Roaming\Mozilla\Firefox\Profiles\ev6m480z.default\invalidprefs.js
File Found : C:\Users\Colene\AppData\Roaming\Mozilla\Firefox\Profiles\ev6m480z.default\searchplugins\Askcom.xml
File Found : C:\Users\Colene\AppData\Roaming\Mozilla\Firefox\Profiles\ev6m480z.default\searchplugins\Babylon.xml
File Found : C:\Users\Colene\AppData\Roaming\Mozilla\Firefox\Profiles\ev6m480z.default\searchplugins\bingp.xml
File Found : C:\Users\Colene\AppData\Roaming\Mozilla\Firefox\Profiles\ev6m480z.default\searchplugins\Conduit.xml
File Found : C:\Users\Colene\AppData\Roaming\Mozilla\Firefox\Profiles\ev6m480z.default\searchplugins\delta.xml
File Found : C:\Users\Colene\AppData\Roaming\Mozilla\Firefox\Profiles\ev6m480z.default\searchplugins\funmoods.xml
File Found : C:\Users\Colene\AppData\Roaming\Mozilla\Firefox\Profiles\ev6m480z.default\searchplugins\my-web-search.xml
File Found : C:\Users\Colene\AppData\Roaming\Mozilla\Firefox\Profiles\ev6m480z.default\searchplugins\Search_Results.xml
File Found : C:\Users\Colene\AppData\Roaming\Mozilla\Firefox\Profiles\ev6m480z.default\searchplugins\web-search.xml
File Found : C:\Users\Colene\AppData\Roaming\Mozilla\Firefox\Profiles\ev6m480z.default\user.js
File Found : C:\Windows\System32\GroupPolicy\User\Registry.pol
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\MyPC Backup
Folder Found : C:\Program Files (x86)\RadioRage_4j
Folder Found : C:\Program Files (x86)\VideoSaver
Folder Found : C:\Program Files (x86)\YTKaraoke
Folder Found : C:\ProgramData\blekko toolbars
Folder Found : C:\ProgramData\InstallBrainService
Folder Found : C:\ProgramData\WeCareReminder
Folder Found : C:\Users\Colene\AppData\Local\blekkotb_031
Folder Found : C:\Users\Colene\AppData\Local\Conduit
Folder Found : C:\Users\Colene\AppData\Local\CouponAlert_2p
Folder Found : C:\Users\Colene\AppData\Local\PackageAware
Folder Found : C:\Users\Colene\AppData\Local\RadioRage_4j
Folder Found : C:\Users\Colene\AppData\LocalLow\BabylonToolbar
Folder Found : C:\Users\Colene\AppData\LocalLow\Conduit
Folder Found : C:\Users\Colene\AppData\LocalLow\CouponAlert_2p
Folder Found : C:\Users\Colene\AppData\LocalLow\DataMngr
Folder Found : C:\Users\Colene\AppData\LocalLow\Delta
Folder Found : C:\Users\Colene\AppData\LocalLow\RadioRage_4j
Folder Found : C:\Users\Colene\AppData\Roaming\DigitalSites
Folder Found : C:\Users\Colene\AppData\Roaming\DSite
Folder Found : C:\Users\Colene\AppData\Roaming\Mozilla\Firefox\Profiles\ev6m480z.default\CT3298573
Folder Found : C:\Users\Colene\AppData\Roaming\Mozilla\Firefox\Profiles\ev6m480z.default\Extensions\{eef3855c-fc2d-41e6-8d91-d368f51b3055}
Folder Found : C:\Users\Colene\AppData\Roaming\Mozilla\Firefox\Profiles\ev6m480z.default\Extensions\125
Folder Found : C:\Users\Colene\AppData\Roaming\Mozilla\Firefox\Profiles\ev6m480z.default\Extensions\crossriderapp2258@crossrider.com
Folder Found : C:\Users\Colene\AppData\Roaming\Mozilla\Firefox\Profiles\ev6m480z.default\SweetPacksToolbarData

***** [ Scheduled Tasks ] *****

Task Found : Dealply
Task Found : Digital Sites
Task Found : DSite

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\CouponAlert_2p
Key Found : HKCU\Software\AppDataLow\Software\I Want This
Key Found : HKCU\Software\AppDataLow\Software\lyricsdroid
Key Found : HKCU\Software\AppDataLow\Software\RadioRage_4j
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppDataLow\Software\TubeSaver
Key Found : HKCU\Software\BABSOLUTION
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Cr_Installer
Key Found : HKCU\Software\dsiteproducts
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\Imesh
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{78BA36C9-6036-482B-B48D-ECCA6F964B84}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8769ADCE-DBA5-48E9-AFB5-67B12CDF2E61}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{78BA36C9-6036-482B-B48D-ECCA6F964B84}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8769ADCE-DBA5-48E9-AFB5-67B12CDF2E61}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FFE66D00-A56A-4F7F-81D7-4A28C5816D6C}
Key Found : HKCU\Software\SmartBar
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\SweetIM
Key Found : HKCU\Software\WNLT
Key Found : [x64] HKCU\Software\BABSOLUTION
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\Cr_Installer
Key Found : [x64] HKCU\Software\dsiteproducts
Key Found : [x64] HKCU\Software\IM
Key Found : [x64] HKCU\Software\Imesh
Key Found : [x64] HKCU\Software\ImInstaller
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Found : [x64] HKCU\Software\SmartBar
Key Found : [x64] HKCU\Software\Softonic
Key Found : [x64] HKCU\Software\SweetIM
Key Found : [x64] HKCU\Software\WNLT
Key Found : HKLM\Software\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Found : HKLM\SOFTWARE\Classes\Applications\iMesh_V11_en_Setup.exe
Key Found : HKLM\SOFTWARE\Classes\Applications\iMeshV11.exe
Key Found : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{78BA36C9-6036-482B-B48D-ECCA6F964B84}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{8769ADCE-DBA5-48E9-AFB5-67B12CDF2E61}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9638B7D6-11F5-4406-B387-327642A11FFB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DFEB941C-8B58-4899-97C3-88FE394E1285}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E6AD866F-EA06-476A-8432-ED943683FAB1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F706E19B-6C14-4272-BA98-2F16636A898D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0F1794F2-900B-4C81-8146-9234E5CC5BE2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{21D9997E-5D2A-4737-BCBA-C958C0590295}
Key Found : HKLM\SOFTWARE\Classes\Interface\{58E64AEE-516A-4DFC-AC38-31C50E8AF0F1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5F701D7D-C869-41F0-B0E2-8136F02B539C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6BDA50D2-5597-4C68-A842-9B857FCCDA49}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6CA3D0AB-F807-462C-BA7F-E27F07F91E32}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6F99D2AE-5C90-43C2-A2FE-81DBE512E2FC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8997561D-CF0B-42C7-AAE6-78801B3ADC7F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{92580E8C-88F5-4551-9D9E-8147E7EE2C32}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A25AA6E2-1CDE-4D0F-A5D4-4898D7FB3C86}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A5C9CB1C-1C0A-45A2-81CC-1DD342D0A478}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A661D4DC-4BD8-48FC-964B-A24AB8157DE6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A786F51D-B3C7-4F52-91EF-E1A892C2A2AE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D8AF87C1-0B1E-494B-AAF0-CECC3FFEDF99}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DAFC4DAE-7794-4E16-9A98-F6001303DCD0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EAB77009-B974-48DF-8229-E70CFAA11C69}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EBAA6283-B61F-4DDD-9659-56635433A307}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EFB0C189-5077-4340-9838-AF7B8E792A54}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EFB4F034-3EB5-48D5-84DD-89BBCF9A182F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F9D45087-1CF1-452E-9649-FDFDAC578E03}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FF2EBC1C-6579-41DB-91DD-945A1C8DB2D2}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\RadioRage_4j.PseudoTransparentPlugin
Key Found : HKLM\SOFTWARE\Classes\RadioRage_4j.PseudoTransparentPlugin.1
Key Found : HKLM\SOFTWARE\Classes\RadioRage_4j.RadioSettings
Key Found : HKLM\SOFTWARE\Classes\RadioRage_4j.RadioSettings.1
Key Found : HKLM\SOFTWARE\Classes\RadioRage_4j.SettingsPlugin
Key Found : HKLM\SOFTWARE\Classes\RadioRage_4j.SettingsPlugin.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3298573
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{1ED65BE2-AE84-46CB-8EA6-1C2B86ADF768}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{5E5E0B49-1A81-4ACC-BD6B-FF5F4EFEF01A}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B872D222-3F52-4CD9-A4BE-9D69EE4F293D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C7E7FB02-C4FD-446E-8F5B-463A049935BF}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\SOFTWARE\e28ddde76dee10
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\lkojdlfbcgjhhjmdgdbbbbbnfjpepbcj
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\App24x7Help_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\App24x7Help_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BabMaint_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BabMaint_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BabylonToolbarsrv_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BabylonToolbarsrv_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\DEALPL~1_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\DEALPL~1_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iMesh_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iMesh_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iMesh_V11_en_Setup_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iMesh_V11_en_Setup_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\LyricsFinder_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\LyricsFinder_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\LyricsFinderUpdater_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\LyricsFinderUpdater_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\mconduitinstaller_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\mconduitinstaller_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyDeltaTB_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyDeltaTB_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_kaspersky-tdsskiller_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_kaspersky-tdsskiller_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\updateBrowseSmart_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\updateBrowseSmart_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\utilBrowseSmart_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\utilBrowseSmart_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\wajam_download_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\wajam_download_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dealplylive.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9638B7D6-11F5-4406-B387-327642A11FFB}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F706E19B-6C14-4272-BA98-2F16636A898D}
Key Found : HKLM\SOFTWARE\MozillaPlugins\@RadioRage_4j.com/Plugin
Key Found : HKLM\Software\RadioRage_4j
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{004EB151-885B-4A9E-A22D-CA98DD998D75}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{041278C7-DF92-486D-AE85-921BDFC75A43}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{0F1794F2-900B-4C81-8146-9234E5CC5BE2}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1116A14B-F6A3-4FD9-A00E-FF8CF270EE48}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{21D9997E-5D2A-4737-BCBA-C958C0590295}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{36A7148B-639E-423C-90BB-30B6E1A40BD7}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{56965DCF-718F-4148-BECF-5A2B466F4556}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{58E64AEE-516A-4DFC-AC38-31C50E8AF0F1}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{5F701D7D-C869-41F0-B0E2-8136F02B539C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{61DAB0AD-AD23-4E40-84AC-7C6CE64D4EB3}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{65D8E17B-312E-4E12-913B-A841A8631143}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{6BDA50D2-5597-4C68-A842-9B857FCCDA49}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{6CA3D0AB-F807-462C-BA7F-E27F07F91E32}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{6F99D2AE-5C90-43C2-A2FE-81DBE512E2FC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{860AF5D1-0735-409D-8E5F-E3E99356D7E9}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{8997561D-CF0B-42C7-AAE6-78801B3ADC7F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{92580E8C-88F5-4551-9D9E-8147E7EE2C32}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A0636D37-97D0-4DC4-95A6-93AABA07437F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A25AA6E2-1CDE-4D0F-A5D4-4898D7FB3C86}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A5C9CB1C-1C0A-45A2-81CC-1DD342D0A478}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A661D4DC-4BD8-48FC-964B-A24AB8157DE6}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A786F51D-B3C7-4F52-91EF-E1A892C2A2AE}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D244EAC5-A0F5-4859-A1F8-18ABC0AC3A00}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D8AF87C1-0B1E-494B-AAF0-CECC3FFEDF99}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC4DAE-7794-4E16-9A98-F6001303DCD0}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EAB77009-B974-48DF-8229-E70CFAA11C69}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EBAA6283-B61F-4DDD-9659-56635433A307}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EFB0C189-5077-4340-9838-AF7B8E792A54}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EFB4F034-3EB5-48D5-84DD-89BBCF9A182F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{F9D45087-1CF1-452E-9649-FDFDAC578E03}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FF2EBC1C-6579-41DB-91DD-945A1C8DB2D2}
Key Found : [x64] HKLM\SOFTWARE\DataMngr
Key Found : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar
Key Found : [x64] HKLM\SOFTWARE\Tarma Installer
Value Found : HKCU\Software\Mozilla\Firefox\Extensions [Tubesaver@istqt.co]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [4jffxtbr@RadioRage_4j.com]
Value Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v31.0 (x86 en-US)

[ File : C:\Users\Colene\AppData\Roaming\Mozilla\Firefox\Profiles\ev6m480z.default\prefs.js ]

Line Found : user_pref("CT3298573.FF19Solved", "true");
Line Found : user_pref("CT3298573.UserID", "UN19736039492730910");
Line Found : user_pref("CT3298573.browser.search.defaultthis.engineName", "true");
Line Found : user_pref("CT3298573.fullUserID", "UN19736039492730910.IN.20130904162531");
Line Found : user_pref("CT3298573.installDate", "04/09/2013 16:25:32");
Line Found : user_pref("CT3298573.installSessionId", "{247B4229-614D-4C8E-B462-F157F15B68CE}");
Line Found : user_pref("CT3298573.installSp", "TRUE");
Line Found : user_pref("CT3298573.installerVersion", "1.6.1.2");
Line Found : user_pref("CT3298573.keyword", "true");
Line Found : user_pref("CT3298573.originalHomepage", "hxxp://mysearch.avg.com/?cid={792CCC8C-58BA-4BA3-B8DC-B86ABB994C93}&mid=fcc04d54fd2347d3bbb981ac0fa748cc-565931083267f30d98ce85f7a42886a821094584&lang=en&ds=dn[...]
Line Found : user_pref("CT3298573.originalSearchAddressUrl", "");
Line Found : user_pref("CT3298573.originalSearchEngine", "");
Line Found : user_pref("CT3298573.originalSearchEngineName", "");
Line Found : user_pref("CT3298573.searchRevert", "false");
Line Found : user_pref("CT3298573.searchUserMode", "2");
Line Found : user_pref("CT3298573.smartbar.homepage", "true");
Line Found : user_pref("CT3298573.versionFromInstaller", "10.19.2.5");
Line Found : user_pref("CT3298573.xpeMode", "0");
Line Found : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3298573&octid=CT3298573&SearchSource=61&CUI=UN19736039492730910&UM=2&UP=SPF90F7089-4177-4D92-A071-0C555EFE8038");
Line Found : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Line Found : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Line Found : user_pref("browser.search.defaultengine", "Ask.com");
Line Found : user_pref("browser.search.defaultthis.engineName", "MixiDJ V37 Customized Web Search");
Line Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298573&CUI=UN19736039492730910&UM=2&SearchSource=3&q={searchTerms}");
Line Found : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Line Found : user_pref("extensions.BabylonToolbar_i.babExt", "");
Line Found : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=109935");
Line Found : user_pref("extensions.BabylonToolbar_i.hardId", "e4c4ca2a00000000000050e54943a13f");
Line Found : user_pref("extensions.BabylonToolbar_i.id", "e4c4ca2a00000000000050e54943a13f");
Line Found : user_pref("extensions.BabylonToolbar_i.instlDay", "15456");
Line Found : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Line Found : user_pref("extensions.BabylonToolbar_i.newTab", true);
Line Found : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=109935&babsrc=NT_ss&mntrId=e4c4ca2a00000000000050e54943a13f");
Line Found : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Line Found : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Line Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Line Found : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Line Found : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
Line Found : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Line Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.177:19:22");
Line Found : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Line Found : user_pref("extensions.delta.admin", false);
Line Found : user_pref("extensions.delta.aflt", "babsst");
Line Found : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Line Found : user_pref("extensions.delta.autoRvrt", "false");
Line Found : user_pref("extensions.delta.bbDpng", "26");
Line Found : user_pref("extensions.delta.cntry", "US");
Line Found : user_pref("extensions.delta.dfltLng", "en");
Line Found : user_pref("extensions.delta.excTlbr", false);
Line Found : user_pref("extensions.delta.ffxUnstlRst", true);
Line Found : user_pref("extensions.delta.hdrMd5", "F8BBB1879582C20E9777E21AD8B388D5");
Line Found : user_pref("extensions.delta.id", "e4c4ca2a00000000000050e54943a13f");
Line Found : user_pref("extensions.delta.instlDay", "15908");
Line Found : user_pref("extensions.delta.instlRef", "sst");
Line Found : user_pref("extensions.delta.lastVrsnTs", "1.8.21.518:25:29");
Line Found : user_pref("extensions.delta.newTab", false);
Line Found : user_pref("extensions.delta.prdct", "delta");
Line Found : user_pref("extensions.delta.prtnrId", "delta");
Line Found : user_pref("extensions.delta.rvrt", "false");
Line Found : user_pref("extensions.delta.sg", "azb");
Line Found : user_pref("extensions.delta.smplGrp", "none");
Line Found : user_pref("extensions.delta.tlbrId", "base");
Line Found : user_pref("extensions.delta.tlbrSrchUrl", "");
Line Found : user_pref("extensions.delta.vrsn", "1.8.21.5");
Line Found : user_pref("extensions.delta.vrsnTs", "1.8.21.518:25:29");
Line Found : user_pref("extensions.delta.vrsni", "1.8.21.5");
Line Found : user_pref("extensions.delta_i.babExt", "");
Line Found : user_pref("extensions.delta_i.babTrack", "affID=119351&tsp=4951");
Line Found : user_pref("extensions.delta_i.srcExt", "ss");
Line Found : user_pref("extensions.funmoods.admin", false);
Line Found : user_pref("extensions.funmoods.aflt", "ironto");
Line Found : user_pref("extensions.funmoods.cntry", "US");
Line Found : user_pref("extensions.funmoods.dfltLng", "");
Line Found : user_pref("extensions.funmoods.dfltSrch", true);
Line Found : user_pref("extensions.funmoods.excTlbr", false);
Line Found : user_pref("extensions.funmoods.hdrMd5", "4983B81465E58687736A04A577159340");
Line Found : user_pref("extensions.funmoods.hmpg", true);
Line Found : user_pref("extensions.funmoods.id", "e4c4ca2a00000000000050e54943a13f");
Line Found : user_pref("extensions.funmoods.instlDay", "15369");
Line Found : user_pref("extensions.funmoods.instlRef", "");
Line Found : user_pref("extensions.funmoods.lastVrsnTs", "1.5.11.119:47:20");
Line Found : user_pref("extensions.funmoods.newTab", true);
Line Found : user_pref("extensions.funmoods.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=ironto");
Line Found : user_pref("extensions.funmoods.noFFXTlbr", false);
Line Found : user_pref("extensions.funmoods.prdct", "funmoods");
Line Found : user_pref("extensions.funmoods.prtnrId", "funmoods");
Line Found : user_pref("extensions.funmoods.sg", "none");
Line Found : user_pref("extensions.funmoods.smplGrp", "none");
Line Found : user_pref("extensions.funmoods.srchPrvdr", "Search");
Line Found : user_pref("extensions.funmoods.tlbrId", "base");
Line Found : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://start.funmoods.com/results.php?f=3&a=ironto&q=");
Line Found : user_pref("extensions.funmoods.vrsn", "1.5.11.1");
Line Found : user_pref("extensions.funmoods.vrsnTs", "1.5.11.119:47:20");
Line Found : user_pref("extensions.funmoods.vrsni", "1.5.11.1");
Line Found : user_pref("extensions.funmoods.xpeStat\\xpeReportData", "29-0-2012");
Line Found : user_pref("extensions.funmoods_i.aflt", "ironto");
Line Found : user_pref("extensions.funmoods_i.dfltLng", "");
Line Found : user_pref("extensions.funmoods_i.dfltSrch", true);
Line Found : user_pref("extensions.funmoods_i.dnsErr", true);
Line Found : user_pref("extensions.funmoods_i.excTlbr", false);
Line Found : user_pref("extensions.funmoods_i.hmpg", true);
Line Found : user_pref("extensions.funmoods_i.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=ironto");
Line Found : user_pref("extensions.funmoods_i.id", "e4c4ca2a00000000000050e54943a13f");
Line Found : user_pref("extensions.funmoods_i.instlDay", "15369");
Line Found : user_pref("extensions.funmoods_i.instlRef", "");
Line Found : user_pref("extensions.funmoods_i.newTab", true);
Line Found : user_pref("extensions.funmoods_i.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=ironto");
Line Found : user_pref("extensions.funmoods_i.prdct", "funmoods");
Line Found : user_pref("extensions.funmoods_i.prtnrId", "funmoods");
Line Found : user_pref("extensions.funmoods_i.smplGrp", "none");
Line Found : user_pref("extensions.funmoods_i.srchPrvdr", "Search");
Line Found : user_pref("extensions.funmoods_i.tlbrId", "base");
Line Found : user_pref("extensions.funmoods_i.tlbrSrchUrl", "hxxp://start.funmoods.com/results.php?f=3&a=ironto&q=");
Line Found : user_pref("extensions.funmoods_i.vrsn", "1.5.11.1");
Line Found : user_pref("extensions.funmoods_i.vrsnTs", "1.5.11.119:47:20");
Line Found : user_pref("extensions.funmoods_i.vrsni", "1.5.11.1");
Line Found : user_pref("extensions.helperbar.DockingPositionDown", false);
Line Found : user_pref("extensions.helperbar.SmartbarDisabled", false);
Line Found : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Line Found : user_pref("extensions.helperbar.Visibility", false);
Line Found : user_pref("extensions.helperbar.countryiso", "us");
Line Found : user_pref("extensions.helperbar.downloadprovider", "quickobrw");
Line Found : user_pref("extensions.helperbar.installationid", "1a3ab1d9-8c97-33ae-39cf-731c7d0bf7b1");
Line Found : user_pref("extensions.helperbar.installdate", "04/09/2013");
Line Found : user_pref("extensions.helperbar.publisher", "quickobrw");
Line Found : user_pref("extensions.mywebsearch.prevDefaultEngine", "Search Results");
Line Found : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
Line Found : user_pref("extensions.mywebsearch.prevKwdURL", "hxxp://dts.search-results.com/sr?src=ffb&appid=590&systemid=1&sr=0&q=");
Line Found : user_pref("extensions.mywebsearch.prevSelectedEngine", "Search Results");
Line Found : user_pref("smartbar.addressBarOwnerCTID", "CT3298573");
Line Found : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3298573&CUI=UN19736039492730910&UM=2&SearchSource=13,hxxp://search.conduit.com/?ctid=CT3298573&octid=CT3298573&SearchSource[...]
Line Found : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298573&SearchSource=2&CUI=UN19736039492730910&UM=2&q=");
Line Found : user_pref("smartbar.defaultSearchOwnerCTID", "CT3298573");
Line Found : user_pref("smartbar.homePageOwnerCTID", "CT3298573");
Line Found : user_pref("smartbar.machineId", "6ECZLLS/WDZMHFHQYCGUJKYMHEMDOZRU9ZR+ZLFQBWRDTK8D3KU+OAZTXTTOLLDCOHXEMB/POIJEOVIWM7ARBG");
Line Found : user_pref("smartbar.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3298573&CUI=UN19736039492730910&UM=2&SearchSource=13");
Line Found : user_pref("sweetim.toolbar.RevertDialog.enable", "false");
Line Found : user_pref("sweetim.toolbar.SearchBoxLogo", "bing.png");
Line Found : user_pref("sweetim.toolbar.SearchBoxText", "Search with Bing");
Line Found : user_pref("sweetim.toolbar.UserSelectedSaveSettings", "true");
Line Found : user_pref("sweetim.toolbar.Visibility.VisibilityGuardLastUnHide", "0");
Line Found : user_pref("sweetim.toolbar.Visibility.enable", "true");
Line Found : user_pref("sweetim.toolbar.Visibility.intervaldays", "7");
Line Found : user_pref("sweetim.toolbar.cargo", "3.5000006.10042");
Line Found : user_pref("sweetim.toolbar.cda.DisableOveride.enable", "false");
Line Found : user_pref("sweetim.toolbar.cda.HideOveride.enable", "false");
Line Found : user_pref("sweetim.toolbar.cda.RemoveOveride.enable", "false");
Line Found : user_pref("sweetim.toolbar.defaultProvider", "bng");
Line Found : user_pref("sweetim.toolbar.dialogs.0.enable", "true");
Line Found : user_pref("sweetim.toolbar.dialogs.0.handler", "chrome://sim_toolbar_package/content/optionsdialog-handler.js");
Line Found : user_pref("sweetim.toolbar.dialogs.0.height", "335");
Line Found : user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog");
Line Found : user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;");
Line Found : user_pref("sweetim.toolbar.dialogs.0.url", "hxxp://www.sweetim.com/simffbar/options_remote_ff.asp?lang=$locale_id;&toolbar_version=$ITEM_VERSION;&crg=$cargo;");
Line Found : user_pref("sweetim.toolbar.dialogs.0.width", "761");
Line Found : user_pref("sweetim.toolbar.dialogs.1.enable", "true");
Line Found : user_pref("sweetim.toolbar.dialogs.1.handler", "chrome://sim_toolbar_package/content/exampledialog-handler.js");
Line Found : user_pref("sweetim.toolbar.dialogs.1.height", "300");
Line Found : user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog");
Line Found : user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog");
Line Found : user_pref("sweetim.toolbar.dialogs.1.url", "chrome://sim_toolbar_package/content/exampledialog.html");
Line Found : user_pref("sweetim.toolbar.dialogs.1.width", "500");
Line Found : user_pref("sweetim.toolbar.dialogs.2.enable", "true");
Line Found : user_pref("sweetim.toolbar.dialogs.2.handler", "chrome://sim_toolbar_package/content/cdadialog-handler.js");
Line Found : user_pref("sweetim.toolbar.dialogs.2.height", "150");
Line Found : user_pref("sweetim.toolbar.dialogs.2.id", "id_dialog_hide_disable_remove");
Line Found : user_pref("sweetim.toolbar.dialogs.2.title", "Option Dialog");
Line Found : user_pref("sweetim.toolbar.dialogs.2.url", "hxxp://www.sweetim.com/simffbar/simcdadialog.asp");
Line Found : user_pref("sweetim.toolbar.dialogs.2.width", "530");
Line Found : user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*|.*.facebook.com/.*|.*.google.com/.*|.*.google.co.in/.*|.*.google.com.br/.*|.*.google.es/.*|.*.youtube.com/.*|.*.yahoo.com/.*|.[...]
Line Found : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
Line Found : user_pref("sweetim.toolbar.keywordUrlGuard.enable", "false");
Line Found : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
Line Found : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
Line Found : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
Line Found : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
Line Found : user_pref("sweetim.toolbar.mode.debug", "false");
Line Found : user_pref("sweetim.toolbar.newtab.created", "false");
Line Found : user_pref("sweetim.toolbar.newtab.enable", "false");
Line Found : user_pref("sweetim.toolbar.newtab.url", "hxxp://start.sweetpacks.com/?src=97&barid=$toolbar_id;&crg=$cargo;");
Line Found : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://www.msn.com/?pc=U038&ocid=U038DHP&dt=061713");
Line Found : user_pref("sweetim.toolbar.rc.url", "hxxp://www.sweetim.com/simffbar/rc.html?toolbar_version=$ITEM_VERSION;&crg=$cargo;&flavour=$flavr;");
Line Found : user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true");
Line Found : user_pref("sweetim.toolbar.scripts.0.callback", "simVerification");
Line Found : user_pref("sweetim.toolbar.scripts.0.domain-blacklist", "");
Line Found : user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "hxxp://(www.|apps.)?facebook\\.com.*");
Line Found : user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb");
Line Found : user_pref("sweetim.toolbar.scripts.0.enable", "false");
Line Found : user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb");
Line Found : user_pref("sweetim.toolbar.scripts.0.url", "hxxp://sc.sweetim.com/apps/in/fb/infb.js");
Line Found : user_pref("sweetim.toolbar.scripts.1.addcontextdiv", "true");
Line Found : user_pref("sweetim.toolbar.scripts.1.callback", "simVerification");
Line Found : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Line Found : user_pref("sweetim.toolbar.scripts.1.domain-whitelist", "hxxps://(www.|apps.)?facebook\\.com.*");
Line Found : user_pref("sweetim.toolbar.scripts.1.elementid", "id_script_sim_fb");
Line Found : user_pref("sweetim.toolbar.scripts.1.enable", "false");
Line Found : user_pref("sweetim.toolbar.scripts.1.id", "id_script_fb_hxxpS");
Line Found : user_pref("sweetim.toolbar.scripts.1.url", "hxxps://sc.sweetim.com/apps/in/fb/infb.js");
Line Found : user_pref("sweetim.toolbar.scripts.2.addcontextdiv", "false");
Line Found : user_pref("sweetim.toolbar.scripts.2.callback", "");
Line Found : user_pref("sweetim.toolbar.scripts.2.domain-blacklist", ".*.google..*|.*.bing..*|.*.live..*|.*.msn..*|.*.yahoo..*|.*.youtube.com.*|.*ask.com.*|.*.sweetim.com.*");
Line Found : user_pref("sweetim.toolbar.scripts.2.domain-whitelist", "");
Line Found : user_pref("sweetim.toolbar.scripts.2.elementid", "id_predict_include_script");
Line Found : user_pref("sweetim.toolbar.scripts.2.enable", "false");
Line Found : user_pref("sweetim.toolbar.scripts.2.id", "id_script_prad");
Line Found : user_pref("sweetim.toolbar.scripts.2.url", "hxxp://cdn1.certified-apps.com/scripts/shared/enable.js?si=3104&tid=chff1");
Line Found : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engine=\"hxxp://*google.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"hxxp://search.yahoo.com/*\" param=\"[...]
Line Found : user_pref("sweetim.toolbar.search.history.capacity", "10");
Line Found : user_pref("sweetim.toolbar.searchguard.enable", "false");
Line Found : user_pref("sweetim.toolbar.searchguard.initialized_by_rc", "true");
Line Found : user_pref("sweetim.toolbar.simapp_id", "{2FD9A19F-D7A6-11E2-A6FD-50E54943A13F}");
Line Found : user_pref("sweetim.toolbar.urls.afteruninstall", "hxxp://toolbar.sweetpacks.com/uninstallbar.asp?barid=$toolbar_id;&flavour=$flavr;");
Line Found : user_pref("sweetim.toolbar.urls.contactus", "hxxp://www.perion.com/contact-us");
Line Found : user_pref("sweetim.toolbar.urls.homepage", "hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={2FD9A19F-D7A6-11E2-A6FD-50E54943A13F}");
Line Found : user_pref("sweetim.toolbar.urls.privacy", "hxxp://www.perion.com/privacy-policy");
Line Found : user_pref("sweetim.toolbar.urls.searchpage", "hxxp://start.sweetpacks.com/?barid=$toolbar_id;");
Line Found : user_pref("sweetim.toolbar.urls.uninstall", "hxxp://toolbar.sweetpacks.com/uninstall");
Line Found : user_pref("sweetim.toolbar.version", "1.13.0.1");
Line Found : user_pref("{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}.ScriptData_WSG_blackList", "form=CONTLB|babsrc=toolbar|babsrc=tb_ss|invocationType=tb50-ie-aolsoftonic-tbsbox-en-us|invocationType=tb50-ff-aolsoftonic[...]
Line Found : user_pref("{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}.ScriptData_WSG_whiteList", "{\"search.babylon.com\":\"q\",\"search.imesh.net\":\"q\",\"www.search-results.com\":\"q\",\"home.mywebsearch.com\":\"searc[...]
Line Found : user_pref("{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}.ScriptData_product_name", "Updater By SweetPacks");

-\\ Google Chrome v

*************************

AdwCleaner[R0].txt - [40559 octets] - [13/08/2014 19:49:10]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [40620 octets] ##########
 



#9 RSer11

RSer11
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:21 AM

Posted 13 August 2014 - 08:20 PM

To touch on it further Gary, the JRT program is behaving similarly to the DDS program. It runs though what appears to be 8 steps, takes about 5-10 seconds from start to finish, then closes out. It does not appear to be performing any sort of thorough scan, if that is the intention. That I am aware of, the only antivirus software being run on this pc is Malwarebytes, which I have disabled. Thanks, Rich.

#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:21 AM

Posted 13 August 2014 - 09:20 PM

Hi Rich,

Thanks for the information. Rerun AdwCleaner and select Delete to remove all the entries. Please post the log.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 RSer11

RSer11
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:21 AM

Posted 13 August 2014 - 09:29 PM

# AdwCleaner v3.305 - Report created 13/08/2014 at 21:22:41
# Updated 14/08/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Colene - COLENE-PC
# Running from : C:\Users\Colene\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v31.0 (x86 en-US)

[ File : C:\Users\Colene\AppData\Roaming\Mozilla\Firefox\Profiles\ev6m480z.default\prefs.js ]


-\\ Google Chrome v

*************************

AdwCleaner[R0].txt - [40929 octets] - [13/08/2014 19:49:10]
AdwCleaner[R1].txt - [40990 octets] - [13/08/2014 19:50:07]
AdwCleaner[R2].txt - [1018 octets] - [13/08/2014 21:22:04]
AdwCleaner[S0].txt - [41342 octets] - [13/08/2014 19:51:09]
AdwCleaner[S1].txt - [941 octets] - [13/08/2014 21:22:41]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1000 octets] ##########



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:21 AM

Posted 13 August 2014 - 10:12 PM

Hi Rich,

Please run this program next.

===================================================

Run Combofix in Vista/7

--------------------

Combofix is a very powerful tool and special attention must be taken to allow it to work properly. Please pay careful attention to the following instructions.

sUBs, the author of Combofix, recommends you to uninstall AVG or CA Internet Security before running the program. If you have either of these programs on your computer please uninstall them using AppRemover which can be downloaded here. We will be sure to reinstall the Antivirus program once we are finished using Combofix.
  • Please download ComboFix from one of these locations:

BleepingComputer
ForoSpyware

  • Save Combofix.exe to your Desktop <-- Important!!!
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts. It is important you do not mouseclick while the program is running or it may stall.
Note #1: Often times it may appear as if ComboFix has stopped working. To verify it is still running please do one of the following below. If, based on the below, you have concluded ComboFix has stopped running please stop and advise me.
  • Check your computer clock. If it is still running then so is ComboFix
  • Open Task Manager and select the Applications Tab. If the status of AutoScan is Running, then ComboFix is running
  • Open Task Manager and select the Processes Tab. Under Image Name look for files ending in .3xe. If there are fluctuating numbers under CPU and Mem Usage then ComboFix is running
Note #2: If you receive the following error "Illegal operation attempted on a registery key that has been marked for deletion" please just restart your computer to resolve this issue

If Combofix fails to run properly using the above instructions please attempt the following:
  • Right click on the Combofix icon on your desktop and select Delete
  • Download a new copy but rename it to freshcopy.exe first, then save it to your desktop
  • Now download RKill.exe (or RKill renamed as iExplore.exe if the first one doesn't work properly) and save it to your desktop
  • Restart your computer in Safe Mode
  • Right click on RKill (or iExplore) and select Run as Administrator. If you are using Windows XP simply double click the icon
  • A black DOS screen should flash and disappear. If not, try to launch the program with the second file. If neither works please stop and let me know
  • When RKill is finished running you will be presented with a text file and a copy will be saved on your desktop. Copy and paste the contents of this report in your reply
  • Do not reboot your computer
  • Double click the freshcopy.exe icon (renamed Combofix file)
  • When finished, it will produce a log. Please copy and paste the C:\Combofix.txt log information in your next reply
  • If you disabled your antivirus please enable it again. If you uninstalled it please wait for instructions to reinstall it
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Combofix log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 RSer11

RSer11
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:21 AM

Posted 13 August 2014 - 10:58 PM

I really appreciate the time you're putting in on this Gary.  Thank you.

 

ComboFix 14-08-14.01 - Colene 08/13/14  22:19:44.1.2 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.8109.6214 [GMT -5:00]
Running from: c:\users\Colene\Desktop\ComboFix.exe
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\CouponAlert_2pEI
c:\users\Colene\AppData\Local\assembly\tmp
c:\users\Colene\AppData\Local\fnqfttkt.exe
c:\users\Colene\g2mdlhlpx.exe
c:\users\Colene\karplayer.tmp
c:\users\Colene\lame_enc_en.dll
c:\users\Colene\lametritonus_en.dll
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((   Files Created from 2014-07-14 to 2014-08-14  )))))))))))))))))))))))))))))))
.
.
2014-08-14 03:23 . 2014-08-14 03:23    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-08-14 02:26 . 2014-08-14 02:26    122584    ----a-w-    c:\windows\system32\drivers\48230029.sys
2014-08-14 00:57 . 2014-08-14 00:57    --------    d-----w-    c:\windows\ERUNT
2014-08-14 00:49 . 2010-08-30 13:34    536576    ----a-w-    c:\windows\SysWow64\sqlite3.dll
2014-08-14 00:49 . 2014-08-14 02:32    --------    d-----w-    C:\AdwCleaner
2014-08-12 02:49 . 2014-08-12 02:49    --------    d-----w-    c:\program files (x86)\VS Revo Group
2014-08-10 23:38 . 2014-08-10 23:41    --------    d-----w-    C:\FRST
2014-08-03 06:53 . 2013-12-21 09:53    548864    ----a-w-    c:\windows\system32\vbscript.dll
2014-08-03 06:53 . 2013-12-21 08:56    454656    ----a-w-    c:\windows\SysWow64\vbscript.dll
2014-08-03 04:30 . 2012-07-04 22:16    73216    ----a-w-    c:\windows\system32\netapi32.dll
2014-08-03 03:49 . 2014-05-14 16:23    44512    ----a-w-    c:\windows\system32\wups2.dll
2014-08-03 03:49 . 2014-05-14 16:23    58336    ----a-w-    c:\windows\system32\wuauclt.exe
2014-08-03 03:49 . 2014-05-14 16:23    2477536    ----a-w-    c:\windows\system32\wuaueng.dll
2014-08-03 03:49 . 2014-05-14 16:21    2620928    ----a-w-    c:\windows\system32\wucltux.dll
2014-08-03 03:48 . 2014-05-14 16:23    38880    ----a-w-    c:\windows\system32\wups.dll
2014-08-03 03:48 . 2014-05-14 16:23    36320    ----a-w-    c:\windows\SysWow64\wups.dll
2014-08-03 03:48 . 2014-05-14 16:23    700384    ----a-w-    c:\windows\system32\wuapi.dll
2014-08-03 03:48 . 2014-05-14 16:23    581600    ----a-w-    c:\windows\SysWow64\wuapi.dll
2014-08-03 03:48 . 2014-05-14 16:20    97792    ----a-w-    c:\windows\system32\wudriver.dll
2014-08-03 03:48 . 2014-05-14 16:17    92672    ----a-w-    c:\windows\SysWow64\wudriver.dll
2014-08-03 03:48 . 2014-05-14 14:23    198600    ----a-w-    c:\windows\system32\wuwebv.dll
2014-08-03 03:48 . 2014-05-14 14:23    179656    ----a-w-    c:\windows\SysWow64\wuwebv.dll
2014-08-03 03:48 . 2014-05-14 14:20    36864    ----a-w-    c:\windows\system32\wuapp.exe
2014-08-03 03:48 . 2014-05-14 14:17    33792    ----a-w-    c:\windows\SysWow64\wuapp.exe
2014-08-03 03:46 . 2014-08-14 02:26    122584    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-03 03:45 . 2014-08-03 03:45    --------    d-----w-    c:\program files (x86)\Malwarebytes Anti-Malware
2014-08-03 03:45 . 2014-05-12 12:26    63704    ----a-w-    c:\windows\system32\drivers\mwac.sys
2014-08-03 03:45 . 2014-05-12 12:26    91352    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-08-03 03:44 . 2014-05-12 12:25    25816    ----a-w-    c:\windows\system32\drivers\mbam.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-09 03:56 . 2012-06-13 03:07    699056    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-07-09 03:56 . 2011-12-26 03:07    71344    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Photosmart 6520 series (NET)"="c:\program files\HP\HP Photosmart 6520 series\Bin\ScanToPCActivationApp.exe" [2012-10-17 2573416]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office\OSA9.EXE -b -l [2000-1-21 65588]
QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2014-1-9 724992]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk *\0\0sdnclean64.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\DRIVERS\lgandnetdiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetdiag64.sys [x]
R3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\DRIVERS\lgandnetmodem64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetmodem64.sys [x]
R3 andnetndis;LGE AndroidNet NDIS Ethernet Adapter;c:\windows\system32\DRIVERS\lgandnetndis64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetndis64.sys [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys;c:\windows\SYSNATIVE\DRIVERS\motfilt.sys [x]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys;c:\windows\GVTDrv64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys;c:\windows\SYSNATIVE\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys;c:\windows\SYSNATIVE\DRIVERS\motccgpfl.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys;c:\windows\SYSNATIVE\DRIVERS\Motousbnet.sys [x]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys;c:\windows\SYSNATIVE\DRIVERS\motusbdevice.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
S2 eBLVD;eBLVD;c:\program files (x86)\eBLVD\ebhost.exe;c:\program files (x86)\eBLVD\ebhost.exe [x]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe;c:\windows\SYSNATIVE\ezSharedSvcHost.exe [x]
S2 Motorola Device Manager;Motorola Device Manager Service;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [x]
S2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe;c:\program files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [x]
S2 PST Service;PST Service;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [x]
S2 Smart TimeLock;Smart TimeLock Service;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-08-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-13 03:56]
.
2014-08-14 c:\windows\Tasks\AXBUE.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
2014-08-14 c:\windows\Tasks\G2MUpdateTask-S-1-5-21-313417324-2386856272-1699060966-1000.job
- c:\program files (x86)\Citrix\GoToMeeting\1468\g2mupdate.exe [2014-07-13 03:17]
.
2014-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-10 20:12]
.
2014-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-10 20:12]
.
2014-08-14 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\programdata\HP Photo Creations\Communicator.exe [2011-01-22 10:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{45d30484-7ded-43d9-957a-d2fd1f046511}]
2010-11-05 01:57    444752    ----a-w-    c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-07 11858536]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-20 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-20 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-20 439064]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\system32\blank.htm
Trusted Zone: pl-fs.com\www
Trusted Zone: safeguardproperties.com\inspi2
TCP: DhcpNameServer = 192.168.1.254
DPF: {C6A47FBB-2ECA-430E-8466-5523772CA4FA} - hxxp://ems.amsreo.com/ScriptsLocation/Uploader8.cab
FF - ProfilePath - c:\users\Colene\AppData\Roaming\Mozilla\Firefox\Profiles\ev6m480z.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
Toolbar-!{78ba36c9-6036-482b-b48d-ecca6f964b84} - (no file)
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-Conime - c:\windows\system32\conime.exe
Wow6432Node-HKLM-Run-DivXMediaServer - c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
Wow6432Node-HKLM-Run-AnyProtect Tray - c:\program files (x86)\AnyProtectScanner\AnyProtectTray.exe
Wow6432Node-HKLM-RunOnce-SpybotDeletingE6525 - c:\program files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe
Wow6432Node-HKLM-RunOnce-SpybotDeletingE8613 - c:\program files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe
Wow6432Node-HKLM-RunOnce-SpybotDeletingE7144 - c:\program files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe
Wow6432Node-HKLM-RunOnce-SpybotDeletingE4808 - c:\program files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe
Wow6432Node-HKLM-RunOnce-SpybotDeletingE8590 - c:\program files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe
Wow6432Node-HKLM-RunOnce-SpybotDeletingE6596 - c:\program files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe
Wow6432Node-HKLM-RunOnce-SpybotDeletingE564 - c:\program files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe
Wow6432Node-HKLM-RunOnce-SpybotDeletingE6520 - c:\program files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe
Wow6432Node-HKLM-RunOnce-SpybotDeletingE9709 - c:\program files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe
Wow6432Node-HKLM-RunOnce-SpybotDeletingE1032 - c:\program files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe
Wow6432Node-HKLM-RunOnce-SpybotDeletingE7298 - c:\program files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe
Wow6432Node-HKLM-RunOnce-SpybotDeletingE6472 - c:\program files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe
Wow6432Node-HKLM-RunOnce-SpybotDeletingE4429 - c:\program files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe
Wow6432Node-HKLM-RunOnce-SpybotDeletingE9776 - c:\program files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe
Wow6432Node-HKLM-RunOnce-SpybotDeletingE3552 - c:\program files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe
Wow6432Node-HKLM-RunOnce-SpybotDeletingE8479 - c:\program files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe
Wow6432Node-HKU-Default-RunOnce-KodakHomeCenter - c:\program files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe
Toolbar-10 - (no file)
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{0E5680D1-BF44-4929-94AF-FD30D784AD1D}"=hex:51,66,7a,6c,4c,1d,38,12,bf,83,45,
   0a,76,f1,47,0c,eb,b9,be,70,d2,da,e9,09
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
   76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
   72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{8A86D350-37AB-410A-8531-7D1363F317B3}"=hex:51,66,7a,6c,4c,1d,38,12,3e,d0,95,
   8e,99,79,64,04,fa,27,3e,53,66,ad,53,a7
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}"=hex:51,66,7a,6c,4c,1d,38,12,70,05,61,
   f9,ec,d1,23,0d,da,9c,48,eb,44,0f,8e,cc
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
   2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
   fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
   b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
"{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}"=hex:51,66,7a,6c,4c,1d,3b,1b,64,9b,59,
   54,75,5c,8a,34,aa,62,82,42,ba,d5,f4,71
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-08-13  22:28:54
ComboFix-quarantined-files.txt  2014-08-14 03:28
.
Pre-Run: 241,115,271,168 bytes free
Post-Run: 246,463,270,912 bytes free
.
- - End Of File - - 8FC26803801D6E77561C02D3CBD5128F
A36C5E4F47E84449FF07ED3517B43A31
 



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:21 AM

Posted 13 August 2014 - 11:26 PM

You are welcome. I am closing up for the night and will review the log in the morning. Then we will be back at it again! Thanks for your work and attentiveness.

If you get a chance try launching the programs you have had difficulty with and let me know how it goes.

G'nite.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:21 AM

Posted 14 August 2014 - 08:28 AM

Good morning.

In reviewing our steps I see we never completed the Farbar Recovery Scan Tool fix. Please run that and post the results.

Can you tell me if these look familiar to you?

Trusted Zone: pl-fs.com\www
Trusted Zone: safeguardproperties.com\inspi2


Following the FRST fix let me know how your computer is running.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users