Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I think I have the Trovi!


  • This topic is locked This topic is locked
39 replies to this topic

#1 sgm67

sgm67

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Virginia Beach, VA
  • Local time:06:23 PM

Posted 11 October 2014 - 08:25 PM

I have uninstalled that which I erroneously downloaded, yet trovi remains.  I've removed it from IE and Chrome, and yet it persists.  I know without a doubt that the good folks at bleeping computer can help . . .



BC AdBot (Login to Remove)

 


#2 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:23 PM

Posted 12 October 2014 - 06:17 AM

Hello and welcome to Bleeping Computer! My nickname is Pystryker :) , and I will be helping you with your issue today.


Before we get started, I have a few things I need to go over with you
  • If you are receiving help for this issue at another forum, please let me know so I can close this thread.
  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
  • Please do not attach your logs or put them inside code/quote tags. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
  • At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
  • If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.
  • Please read through my instructions carefully and completely before executing them. I will lay the instructions out in a step by step order to make them easy to follow.
  • Please make sure that all the programs I ask you to download are downloaded to and run from your Desktop.
  • Please make sure you (if you are able) to print out these instructions so that you will be able to refer to them while working on your machine. Part of the solution(s) to your problem may involve us working in Safe Mode and you will need them to go by.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
  • Please make sure you reply within 3 days to my responses, if there is no reply within 3 days, the topic will be closed and you will need to request the topic be reopened.
  • Before we get started, please remember we will do our best to get your machine repaired. However, there are some cases where the only solution is a reformat and reinstall of the operating system. This is a worst case scenario though.
  • It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
  • If possible, please have your original Windows installation disks handy, just in case.
  • If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
  • If you are unsure of an instruction I give you, or if something unexepected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
  • Please remember, the fixes are for your machine and your machine ONLY! Do not use these fixes on any other machine, each fix is tailor made for your system only. Using a fix on another machine can and will cause serious damage.
  • Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future
  • Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way. :)
Now, let's get started, shall we? :thumbsup:


Hello, let's get a look at your system and see what's going on. :)


Step 1: Scan with Farbar's Recovery Scan Tool (FRST)


Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Place a check in the box marked Addition.txt

    farbarmainpanel_zps77bf9e25.jpg
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
Step 2: Scan with aswMBR
  • Please download aswMBR.exe to your desktop.
  • Double click the file to run it.
  • It will ask if you want to download the latest Avast! virus definitions, please answer yes.
aswmbrscan_zpsdc05b0f9.jpg
  • Click the Scan button to begin the scan.
If your computer supports Virtualization Technology, select Yes to use it for rootkit detection.


aswmbrsavelog_zps1aeef48e.jpg
  • Once the scan has finished, click on Save Log, save it to your desktop as asw.txt, and please post it in your next reply.
  • Click Exit
Things I need to see in your next post:


FRST Log

Addition.txt Log

aswMBR Log

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#3 sgm67

sgm67
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Virginia Beach, VA
  • Local time:06:23 PM

Posted 12 October 2014 - 07:18 AM

FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-10-2014
Ran by McDonnell (administrator) on LIVINGROOM-HP on 12-10-2014 08:14:49
Running from C:\Users\McDonnell\Desktop
Loaded Profile: McDonnell (Available profiles: McDonnell & Administrator)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
() C:\Windows\SysWOW64\ScsiAccess.EXE
(TorchMedia Inc.) C:\Users\McDonnell\AppData\Local\Torch\Update\TorchCrashHandler.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(PlumChoice, Inc.) C:\Program Files (x86)\Cox, Inc\Cox PC HealthCheck\PCMonitoringService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe
() C:\Program Files (x86)\Search Extensions\Client.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AWS Convergence Technologies, Inc.) C:\Program Files (x86)\AWS\WeatherBug\Weather.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Dropbox, Inc.) C:\Users\McDonnell\AppData\Roaming\Dropbox\bin\Dropbox.exe
() C:\Users\McDonnell\AppData\Local\I. d. l. e . C. r. a. w. l. e. r\I. C. Runner.exe
(PlumChoice, Inc.) C:\Program Files (x86)\Cox, Inc\Cox PC HealthCheck\DesktopClient.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_15_0_0_167_ActiveX.exe
(The Chromium Authors) C:\Users\McDonnell\AppData\Local\I. d. l. e . C. r. a. w. l. e. r\Chrome-bin\chrome.exe
(The Chromium Authors) C:\Users\McDonnell\AppData\Local\I. d. l. e . C. r. a. w. l. e. r\Chrome-bin\chrome.exe
(The Chromium Authors) C:\Users\McDonnell\AppData\Local\I. d. l. e . C. r. a. w. l. e. r\Chrome-bin\chrome.exe
(The Chromium Authors) C:\Users\McDonnell\AppData\Local\I. d. l. e . C. r. a. w. l. e. r\Chrome-bin\chrome.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [106496 2014-01-22] (LeapFrog Enterprises, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM-x32\...\Run: [ospd_us_161] => [X]
HKLM-x32\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
HKLM-x32\...\Run: [GoPCPro] => C:\Program Files (x86)\GoPCPro\GoPcPro.exe
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-10-07] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3226330815-2963902264-1849304025-1000\...\Run: [GoogleChromeAutoLaunch_2A66E79AC0E9BE89F766F121EAADD709] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [852808 2014-09-23] (Google Inc.)
HKU\S-1-5-21-3226330815-2963902264-1849304025-1000\...\Run: [Weather] => C:\Program Files (x86)\AWS\WeatherBug\Weather.exe [1653760 2013-06-05] (AWS Convergence Technologies, Inc.)
HKU\S-1-5-21-3226330815-2963902264-1849304025-1000\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
HKU\S-1-5-21-3226330815-2963902264-1849304025-1000\...\RunOnce: [Uninstall C:\Users\McDonnell\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\McDonnell\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64"
HKU\S-1-5-18\...\Run: [GoogleChromeAutoLaunch_2A66E79AC0E9BE89F766F121EAADD709] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [852808 2014-09-23] (Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\McDonnell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\McDonnell\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL =
SearchScopes: HKLM - {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://www-search.net/search.aspx?s=EA7zamodu08779,cc596faa-2e76-4ee8-9e0a-8acd5b70f337,&q={searchTerms}
SearchScopes: HKLM - {CE46F9DF-0210-400A-995C-5D305321F0CD} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {CE46F9DF-0210-400A-995C-5D305321F0CD} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {1851174C-97BD-4217-A0CC-E908F60D5B7A} https://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect1262.cab
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\15\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: TorchVLC -> C:\Users\McDonnell\AppData\Local\Torch\Plugins\Video\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\McDonnell\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\McDonnell\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.msn.com/
CHR StartupUrls: Default -> "hxxp://www.msn.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\McDonnell\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\McDonnell\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-30]
CHR Extension: (Google Drive) - C:\Users\McDonnell\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-30]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\McDonnell\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-21]
CHR Extension: (YouTube) - C:\Users\McDonnell\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-15]
CHR Extension: (Google Search) - C:\Users\McDonnell\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-15]
CHR Extension: (Pin It Button) - C:\Users\McDonnell\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2014-07-13]
CHR Extension: (Google Wallet) - C:\Users\McDonnell\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-13]
CHR Extension: (Gmail) - C:\Users\McDonnell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-15]

==================== Services (Whitelisted) =================


Addition.txt:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-10-2014
Ran by McDonnell at 2014-10-12 08:16:20
Running from C:\Users\McDonnell\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1210 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.9.0.1210 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
aspi (x32 Version: 3.00.0008.0000 - Eastman Kodak Company) Hidden
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blio (HKLM-x32\...\{AEDA8713-5521-4600-9AC2-81674A9EDC4F}) (Version: 2.2.7689 - K-NFB Reading Technology, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
CCHelp (x32 Version: 3.00.0010.0000 - Easlman Kodak Company) Hidden
CCScore (x32 Version: 3.00.0020.0001 - Eastman Kodak) Hidden
Centipede with Pong (HKLM-x32\...\Centipede with Pong) (Version: 1.0.0.0 - Atari)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cox PC HealthCheck (HKLM-x32\...\{D2B13DDA-5AAC-4426-96C8-11CE4E8C3656}) (Version: 5.5.19.0 - PlumChoice, Inc)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{650DE870-ECA3-4E63-8D77-778512BE5D4C}) (Version:  - Microsoft)
Diner Dash 2 (HKLM-x32\...\Diner Dash 2) (Version:  - PlayFirst, Inc.)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
ESSAdpt (x32 Version: 3.00.0011.0000 - Eastman Kodak Company) Hidden
ESSANUP (x32 Version: 3.00.0004.0000 - Eastman Kodak Company) Hidden
ESSCAM (x32 Version: 3.00.0010.0000 - Eastman Kodak Company) Hidden
ESSCDBK (x32 Version: 3.00.0012.0000 - Eastman Kodak Company) Hidden
ESScore (x32 Version: 3.00.0019.0000 - Eastman Kodak) Hidden
ESSgui (x32 Version: 3.00.0017.0000 - Eastman Kodak) Hidden
ESShelp (x32 Version: 3.00.0011.0000 - Eastman Kodak Company) Hidden
ESSini (x32 Version: 3.00.0017.0001 - Eastman Kodak) Hidden
ESSPCD (x32 Version: 3.00.0020.0001 - Eastman Kodak Company) Hidden
ESSvpaht (x32 Version: 3.00.0017.0000 - Eastman Kodak) Hidden
ESSvpot (x32 Version: 3.00.0017.0002 - Eastman Kodak) Hidden
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) Hidden
Google Chrome (HKCU\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
GradeQuick Web Plugin (HKLM-x32\...\{0EB768CD-EF48-4C66-8BCB-2DA8166B2654}) (Version: 1.00.0000 - Edline)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hoyle Board Games 4 (HKLM-x32\...\Hoyle Board Games 4) (Version:  - )
HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) Hidden
HP Client Services (Version: 1.1.12938.3539 - Hewlett-Packard) Hidden
HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden
HP Deskjet 1050 J410 series Basic Device Software (HKLM\...\{F294770E-F869-400F-81C3-614B5F13CA54}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet 1050 J410 series Help (HKLM-x32\...\{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}) (Version: 140.0.66.66 - Hewlett Packard)
HP Deskjet 1050 J410 series Product Improvement Study (HKLM\...\{D638A23C-5C5F-4B71-A354-EC78B2BDD320}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.4 - WildTangent)
HP LinkUp (HKLM-x32\...\{DB3147AB-4024-4773-8EC0-A1FE5B44933D}) (Version: 2.01.028 - Hewlett-Packard)
HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{BB760C1D-98F4-4E38-8CC4-3B67329AA981}) (Version: 1.0.6.0 - Hewlett-Packard)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard)
HP MovieStore (x32 Version: 1.0.045 - Hewlett-Packard) Hidden
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Product Detection (HKLM-x32\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
HP Setup (HKLM-x32\...\{210A03F5-B2ED-4947-B27E-516F50CBB292}) (Version: 8.6.4530.3651 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13253.3682 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{C43602FE-988C-47BA-9F9F-B95FDDAFB624}) (Version: 11.50.0031 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.5.0.0 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
I. d. l. e . C. r. a. w. l. e. r (HKLM-x32\...\I. d. l. e . C. r. a. w. l. e. r) (Version: 98.0.0.445 - SADDLEBACK PROC LTD)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Inkjet Printer/Scanner Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version:  - )
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2119 - Intel Corporation)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version:  - )
iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)
Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
JumpStart World Presents Pet Playground (HKLM-x32\...\JumpStart World Presents Pet Playground) (Version:  - )
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kobo (HKLM-x32\...\Kobo) (Version: 1.6 - Kobo Inc.)
Kodak EasyShare software (HKLM-x32\...\{D32470A1-B10C-4059-BA53-CF0486F68EBC}) (Version:  - Eastman Kodak Company)
KODAK Share Button App (HKLM-x32\...\{C3F0CF4C-0A8C-42F1-A585-2EF7886D6039}) (Version: 4.03.0000.0000 - Eastman Kodak Company)
KSU (x32 Version: 612.7.0008.0000 - Eastman Kodak Compnay) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3609 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.3609 - CyberLink Corp.) Hidden
LeadTool (x32 Version: 3.00.0001.0000 - Eastman Kodak Company) Hidden
LeapFrog Connect (HKLM-x32\...\UPCShell) (Version: 5.3.0.18537 - LeapFrog)
LeapFrog Connect (x32 Version: 5.3.0.18537 - LeapFrog) Hidden
LeapFrog LeapPad Explorer Plugin (x32 Version: 5.2.1.18456 - LeapFrog) Hidden
LightScribe System Software (HKLM-x32\...\{FD7F0DB8-0E96-4D64-AD4D-9B5A936AF2A8}) (Version: 1.18.20.1 - LightScribe)
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Mall Tycoon (HKLM-x32\...\Mall Tycoon) (Version:  - )
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Picture It! Express 2000 (HKLM-x32\...\{A586D09E-1D2C-11D3-9A6B-00105A98B681}) (Version: 4.0.0.0 - Microsoft)
Microsoft Security Client (Version: 4.6.0305.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 17.0.2015.0811 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0 - Microsoft Corp.) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery P.I. - Stolen in San Francisco (x32 Version: 2.2.0.95 - WildTangent) Hidden
Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.1.0 - Nikon)
Nikon Movie Editor (HKLM-x32\...\{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}) (Version: 2.5.0 - Nikon)
Norton Security Scan (HKLM-x32\...\NSS) (Version: 4.1.0.28 - Symantec Corporation)
Notifier (x32 Version: 3.00.0006.0000 - Eastman Kodak Company) Hidden
OTtBP (x32 Version: 3.00.0007.0000 - Eastman Kodak Company) Hidden
P@H-Protocol (HKLM-x32\...\{CF594DB8-CFB0-45B4-86DA-8BB4AC0941F8}) (Version: 3.0.7.0 - Valassis)
PCDADDIN (x32 Version: 3.00.0001.0008 - Eastman Kodak Company) Hidden
PCDHELP (x32 Version: 3.00.0001.0000 - Eastman Kodak Company) Hidden
PCDLNCH (x32 Version: 3.00.0001.0002 - Eastman Kodak Company) Hidden
PCDrdsho (x32 Version: 3.00.0001.0001 - Eastman Kodak Company) Hidden
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.35 - PDF Complete, Inc)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Picture Control Utility x64 (HKLM\...\{11953C65-BB4E-4CA4-B0F0-2600A4B20040}) (Version: 1.4.9 - Nikon)
Pirate101 (HKLM-x32\...\{662140BE-138C-4DC1-B4CD-B62C6C855A25}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4817 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4817 - CyberLink Corp.) Hidden
PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-132318649765}) (Version: 5.10.1217.0 -  NewspaperDirect Inc.)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6463 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.3621 - CyberLink Corp.) Hidden
Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RocketTab (HKLM-x32\...\RocketTab) (Version:  - RocketTab) <==== ATTENTION
RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.103 - RoxioNow)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
SFR (x32 Version: 3.01.0002.0001 - Eastman Kodak Company) Hidden
SFR2 (x32 Version: 3.00.0004.0000 - Eastman Kodak Company) Hidden
Slingo Supreme (x32 Version: 2.2.0.95 - WildTangent) Hidden
Spotify (HKCU\...\Spotify) (Version: 0.8.3.222.g317ab79d - Spotify AB)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Torch (HKCU\...\Torch) (Version: 33.0.0.7723 - Torch Media, Inc) <==== ATTENTION
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2889836) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9179FC17-97A8-4D98-9E09-05720AF5D44E}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
USB MassStorage CardReader (HKLM-x32\...\040a_5005) (Version:  - )
Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapPad Explorer Plugin) (HKLM-x32\...\LeapPadExplorerPlugin) (Version:  - LeapFrog)
ViewNX 2 (HKLM\...\{635BE602-BB9C-4C59-8CC5-93F9366E8A21}) (Version: 2.5.1 - Nikon)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
WeatherBug (HKLM-x32\...\{DAFA6315-EAE5-4B9E-9D18-0DC51D1DB0F0}) (Version: 7.0.0.12 - Earth Networks, Inc.)
Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games App for HP (x32 Version: 4.0.11.2 - WildTangent) Hidden
Windows 7 Upgrade Advisor (HKLM-x32\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Driver Package - Eastman Kodak KODAK Digital Camera (01/29/2010 1.4.1.0) (HKLM\...\3D970B9F930E7AAE23C06D39A1AC98548C90B442) (Version: 01/29/2010 1.4.1.0 - Eastman Kodak)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Wizard101 (HKLM-x32\...\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)
WMI Tools (HKLM-x32\...\{25A13826-8E4A-4FBF-AD2B-776447FE9646}) (Version: 1.50.1131.0001 - Microsoft Corporation)
WolfQuest (HKLM-x32\...\{9E6AD6CF-1EFF-43E4-86C4-5C00254C3D8E}) (Version: 2.5.1 - eduweb)
Zinio Reader 4 (HKLM-x32\...\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1) (Version: 4.0.3184 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.0.3184 - Zinio LLC) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3226330815-2963902264-1849304025-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\McDonnell\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3226330815-2963902264-1849304025-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\McDonnell\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3226330815-2963902264-1849304025-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\McDonnell\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3226330815-2963902264-1849304025-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\McDonnell\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3226330815-2963902264-1849304025-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\McDonnell\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3226330815-2963902264-1849304025-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\McDonnell\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3226330815-2963902264-1849304025-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\McDonnell\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3226330815-2963902264-1849304025-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\McDonnell\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3226330815-2963902264-1849304025-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\McDonnell\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3226330815-2963902264-1849304025-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\McDonnell\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3226330815-2963902264-1849304025-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\McDonnell\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3226330815-2963902264-1849304025-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\McDonnell\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3226330815-2963902264-1849304025-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\McDonnell\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3226330815-2963902264-1849304025-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\McDonnell\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3226330815-2963902264-1849304025-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\McDonnell\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3226330815-2963902264-1849304025-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\McDonnell\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3226330815-2963902264-1849304025-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\McDonnell\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3226330815-2963902264-1849304025-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\McDonnell\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points  =========================

27-09-2014 18:37:54 Windows Update
30-09-2014 23:10:09 Windows Update
01-10-2014 01:38:05 Windows Update
04-10-2014 11:10:56 Windows Update
07-10-2014 20:17:05 Windows Update
10-10-2014 00:06:58 Revo Uninstaller's restore point - GoPCPro
10-10-2014 01:45:49 Revo Uninstaller's restore point - YTDownloader
11-10-2014 00:52:50 Windows Update
11-10-2014 20:06:18 Revo Uninstaller's restore point - Search module

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0059A75B-01E3-4D1B-BED3-194A635EBF31} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-23] (Adobe Systems Incorporated)
Task: {11E05191-6407-4654-B394-46A73ACA8EDB} - System32\Tasks\Smp => C:\Program Files\Common Files\Goobzo\GBUpdate\smp.exe <==== ATTENTION
Task: {16F10C87-C3F0-48CA-B7F6-B7E3443AD286} - System32\Tasks\{10EF5062-FADE-4238-95E4-4EA61663B88F}-Kodak Share Button App Camera detect => C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe [2012-06-26] (Eastman Kodak Company)
Task: {1D43277D-9CFF-48F1-9F4B-699E6CE05D77} - System32\Tasks\IC Running Procedure => %LOCALAPPDATA%\I. d. l. e . C. r. a. w. l. e. r\I. C. Runner.exe
Task: {31079AC1-1BC7-407B-9E55-4C531F9F9441} - System32\Tasks\HPCeeScheduleForLIVINGROOM-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {37B58F5F-CCB8-4549-B921-76B9A90A2E4A} - System32\Tasks\YTDownloader => C:\Program Files (x86)\YTDownloader\YTDownloader.exe <==== ATTENTION
Task: {4024709B-5EF1-4832-A5C4-BCCD517C6936} - System32\Tasks\HPCeeScheduleForMcDonnell => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {4B29065A-2D52-491A-833A-9577D44AC26F} - System32\Tasks\HPCeeScheduleForAdministrator => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {5043A13F-1343-4536-8FA6-A7A24F9033B6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-30] (Google Inc.)
Task: {5958415F-5B2C-4938-A5B3-57BE91B435D1} - System32\Tasks\HPCustParticipation HP Deskjet 1050 J410 series => C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2012-10-02] (Hewlett-Packard Co.)
Task: {5A82F9BD-2228-4537-8553-47BFB814E800} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {70023AF5-6AAF-4ED7-A066-10F381BEDCB9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {75C06538-B48E-4587-B2F1-EEDE29087FF7} - System32\Tasks\Microsoft\Windows\Maintenance\IC Update Procedure => %LOCALAPPDATA%\I. d. l. e . C. r. a. w. l. e. r\I. C. Runner.exe
Task: {75D984A7-C235-4D00-8B44-BD01CDD33A03} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION
Task: {7958EA1B-FE5E-4D8A-A583-CA11F7F0F449} - System32\Tasks\RMCreator => C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe [2010-12-21] (CyberLink)
Task: {84B8EDBB-10F1-4727-9C11-BAAC34FE485F} - System32\Tasks\BuzzSocialPoints_DNS_Checker => C:\Windows\BuzzSocialPointsChecker\BSP_li.exe <==== ATTENTION
Task: {88DA23AC-CBA2-4449-9D6B-DDAA2779AFCF} - System32\Tasks\PastaQuotes => C:\Program Files (x86)\pastaleads\ScheduledTask.exe
Task: {8F1A5CAA-72FD-4297-9ACE-26BCA89B0E79} - System32\Tasks\Norton Security Scan for McDonnell => C:\Program Files (x86)\Norton Security Scan\Engine\4.1.0.28\Nss.exe [2014-08-21] (Symantec Corporation)
Task: {90301FCC-035A-4A95-8524-E50C9B9CCBAF} - System32\Tasks\SMW_UpdateTask_Time_343033373338393130302d555b373434412d45325a5b6c => Wscript.exe //B "C:\ProgramData\SearchModule\smhe.js" smu.exe /invoke /f:check_services /l:0 <==== ATTENTION
Task: {9C474BD1-AA2A-4B91-953E-9AC2579D0FBD} - System32\Tasks\ASP => C:\Program Files (x86)\RCP\systweakasp.exe
Task: {9FC73113-B587-4316-98DA-1C3EB2C69B35} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3226330815-2963902264-1849304025-1000Core => C:\Users\McDonnell\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-09] (Google Inc.)
Task: {A6F40511-0E0C-4BC9-98FF-9CDA8FAEB9C5} - System32\Tasks\hpUrlLauncher.exe_{BE1D4001-DC11-4A2A-837E-FDAD574255EA} => C:\Program Files\hp\HP Deskjet 1050 J410 series\Bin\utils\hpUrlLauncher.exe [2012-10-02] (Hewlett-Packard Co.)
Task: {B5450543-AEA6-43FB-AC1D-76EDCE3F5A10} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-09-22] (Hewlett-Packard)
Task: {B73EEAF8-301F-441F-AB8E-F7245DA72A87} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {BA115C37-1617-4B27-8AA5-B00BF1C44910} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {CA1704AD-1C2C-4755-8CD9-C86F9FC59BBB} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION
Task: {CED9695F-2B48-40DF-B102-5752C5594181} - System32\Tasks\RocketTab => C:\Windows\system32\cmd.exe [2010-11-20] (Microsoft Corporation) <==== ATTENTION
Task: {D24B04E6-FB51-4BBB-9016-6595B18F7665} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3226330815-2963902264-1849304025-1000UA => C:\Users\McDonnell\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-09] (Google Inc.)
Task: {D590D307-FED6-45C5-866E-B50648F3796D} - System32\Tasks\RocketTab Update Task => C:\Program Files (x86)\Search Extensions\uninstall.exe [2014-09-24] () <==== ATTENTION
Task: {DF2AD028-955E-4B80-AAAB-13C78F90A676} - System32\Tasks\SMupdate1 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update1 <==== ATTENTION
Task: {F8AABA96-160C-4505-8709-63E733444447} - System32\Tasks\YTDownloaderUpd => C:\Program Files (x86)\YTDownloader\updater.exe <==== ATTENTION
Task: {FC5A96B2-9FF4-4A22-86CD-E913D355E51D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-30] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3226330815-2963902264-1849304025-1000Core.job => C:\Users\McDonnell\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3226330815-2963902264-1849304025-1000UA.job => C:\Users\McDonnell\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForAdministrator.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForLIVINGROOM-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForMcDonnell.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\Norton Security Scan for McDonnell.job => C:\PROGRA~2\NORTON~2\Engine\410~1.28\Nss.exe

==================== Loaded Modules (whitelisted) =============

2011-10-12 22:08 - 2008-01-22 13:35 - 00103808 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2003-02-04 08:22 - 2003-02-04 08:22 - 00181312 _____ () C:\Windows\SysWOW64\ScsiAccess.EXE
2014-09-24 14:11 - 2014-09-24 14:11 - 01423080 _____ () C:\Program Files (x86)\Search Extensions\Client.exe
2014-10-03 05:10 - 2014-10-03 05:10 - 00133216 _____ () C:\Users\McDonnell\AppData\Local\I. d. l. e . C. r. a. w. l. e. r\I. C. Runner.exe
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-10-28 20:35 - 2012-10-28 20:35 - 00155648 _____ () C:\Program Files (x86)\Cox, Inc\Cox PC HealthCheck\SmartDisk.dll
2014-09-24 18:46 - 2014-09-23 00:06 - 01098056 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\libglesv2.dll
2014-09-24 18:46 - 2014-09-23 00:06 - 00174408 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\libegl.dll
2014-09-24 18:46 - 2014-09-23 00:07 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\pdf.dll
2014-09-24 18:46 - 2014-09-23 00:07 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll
2014-09-24 18:46 - 2014-09-23 00:06 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ffmpegsumo.dll
2014-10-11 21:12 - 2014-10-11 21:12 - 00043008 _____ () c:\Users\McDonnell\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmptb9zoo.dll
2013-08-23 15:01 - 2013-08-23 15:01 - 25100288 _____ () C:\Users\McDonnell\AppData\Roaming\Dropbox\bin\libcef.dll
2014-10-03 05:11 - 2014-10-03 05:11 - 00104032 _____ () C:\Users\McDonnell\AppData\Local\I. d. l. e . C. r. a. w. l. e. r\Modules\ManXec.dll
2014-10-03 05:11 - 2014-10-03 05:11 - 00074848 _____ () C:\Users\McDonnell\AppData\Local\I. d. l. e . C. r. a. w. l. e. r\Modules\CmdProc.dll
2014-10-03 05:12 - 2014-10-03 05:12 - 00048224 _____ () C:\Users\McDonnell\AppData\Local\I. d. l. e . C. r. a. w. l. e. r\Modules\PrfIns.dll
2014-10-03 05:12 - 2014-10-03 05:12 - 00056928 _____ () C:\Users\McDonnell\AppData\Local\I. d. l. e . C. r. a. w. l. e. r\Modules\WbSes.dll
2014-10-03 05:12 - 2014-10-03 05:12 - 00146016 _____ () C:\Users\McDonnell\AppData\Local\I. d. l. e . C. r. a. w. l. e. r\Modules\WdcMan.dll
2014-10-03 05:12 - 2014-10-03 05:12 - 00121952 _____ () C:\Users\McDonnell\AppData\Local\I. d. l. e . C. r. a. w. l. e. r\Modules\WblSupp.dll
2014-10-03 05:11 - 2014-10-03 05:11 - 00111200 _____ () C:\Users\McDonnell\AppData\Local\I. d. l. e . C. r. a. w. l. e. r\Modules\CmnUtls.dll
2012-10-31 14:29 - 2012-10-31 14:29 - 00221184 _____ () C:\Program Files (x86)\Cox, Inc\Cox PC HealthCheck\AgentBase.XmlSerializers.dll
2014-10-07 17:06 - 2014-07-21 05:38 - 00393728 _____ () C:\Users\McDonnell\AppData\Local\I. d. l. e . C. r. a. w. l. e. r\Chrome-bin\ppGoogleNaClPluginChrome.dll
2014-10-07 17:06 - 2014-07-21 05:38 - 00788480 _____ () C:\Users\McDonnell\AppData\Local\I. d. l. e . C. r. a. w. l. e. r\Chrome-bin\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:80E965A3
AlternateDataStreams: C:\Users\McDonnell\Downloads\DoulCi iCloud Activator__8779_il1002.exe:typelib

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk => C:\Windows\pss\Kodak EasyShare software.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^KODAK Software Updater.lnk => C:\Windows\pss\KODAK Software Updater.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: CanonSolutionMenu => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon
MSCONFIG\startupreg: Google Update => "C:\Users\McDonnell\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: HP Software Update => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: hpsysdrv => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KGShareApp => C:\Program Files (x86)\Kodak\KODAK Share Button App\KGShare_App.exe
MSCONFIG\startupreg: MobileDocuments => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
MSCONFIG\startupreg: Monitor => "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: Nikon Message Center 2 => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
MSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
MSCONFIG\startupreg: PDF Complete => C:\Program Files (x86)\PDF Complete\pdfsty.exe
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: ShopAtHomeWatcher => C:\Users\McDonnell\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe
MSCONFIG\startupreg: Spotify => "C:\Users\McDonnell\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\McDonnell\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SweetIM => C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
MSCONFIG\startupreg: Sweetpacks Communicator => C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe

========================= Accounts: ==========================

Administrator (S-1-5-21-3226330815-2963902264-1849304025-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-3226330815-2963902264-1849304025-501 - Limited - Disabled)
McDonnell (S-1-5-21-3226330815-2963902264-1849304025-1000 - Administrator - Enabled) => C:\Users\McDonnell

==================== Faulty Device Manager Devices =============

Name: SBMNTR
Description: SBMNTR
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: sbmntr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Microsoft Teredo Tunneling Adapter
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (10/11/2014 11:54:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8378

Error: (10/11/2014 11:54:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8378

Error: (10/11/2014 11:54:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/11/2014 11:54:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7379

Error: (10/11/2014 11:54:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7379

Error: (10/11/2014 11:54:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/11/2014 11:54:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6381

Error: (10/11/2014 11:54:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6381

Error: (10/11/2014 11:54:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/11/2014 11:54:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5382

System errors:
=============
Error: (10/12/2014 07:20:27 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (10/12/2014 07:20:23 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (10/12/2014 07:20:21 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (10/12/2014 07:20:21 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (10/12/2014 07:20:21 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (10/11/2014 09:19:39 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 70. The internal error state is 105.

Error: (10/11/2014 09:19:39 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 New Signature Version:

 Previous Signature Version: 1.185.2872.0

 Update Source: %NT AUTHORITY59

 Update Stage: 4.6.0305.00

 Source Path: 4.6.0305.01

 Signature Type: %NT AUTHORITY602

 Update Type: %NT AUTHORITY604

 User: NT AUTHORITY\SYSTEM

 Current Engine Version: %NT AUTHORITY605

 Previous Engine Version: %NT AUTHORITY606

 Error code: %NT AUTHORITY607

 Error description: %NT AUTHORITY608

Error: (10/11/2014 09:11:02 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (10/11/2014 09:10:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Search Module Update service failed to start due to the following error:
%%2

Error: (10/11/2014 09:10:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The sbmntr service failed to start due to the following error:
%%3

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2013-08-02 23:03:02.219
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-08-02 23:03:02.157
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-08-02 23:03:02.063
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-08-02 23:03:02.016
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-07-29 11:24:13.014
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-07-29 11:24:12.967
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Pentium® Dual-Core CPU E5800 @ 3.20GHz
Percentage of memory in use: 40%
Total physical RAM: 4061.24 MB
Available physical RAM: 2403.31 MB
Total Pagefile: 9059.42 MB
Available Pagefile: 6555.05 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:687.47 GB) (Free:452.85 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:11.06 GB) (Free:1.35 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: AC1B384A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=687.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.1 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#4 sgm67

sgm67
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Virginia Beach, VA
  • Local time:06:23 PM

Posted 12 October 2014 - 07:52 AM

aswMBR.log:

 

aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-10-12 08:20:32
-----------------------------
08:20:32.384    OS Version: Windows x64 6.1.7601 Service Pack 1
08:20:32.384    Number of processors: 2 586 0x170A
08:20:32.385    ComputerName: LIVINGROOM-HP  UserName: McDonnell
08:20:37.070    Initialize success
08:20:37.211    VM: initialized successfully
08:20:37.229    VM: Intel CPU BiosDisabled
08:20:48.393    VM: supported disk I/O ataport.SYS
08:21:33.615    AVAST engine defs: 14101200
08:21:43.643    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
08:21:43.647    Disk 0 Vendor: ST3750528AS HP40 Size: 715404MB BusType: 3
08:21:43.784    Disk 0 MBR read successfully
08:21:43.788    Disk 0 MBR scan
08:21:43.842    Disk 0 unknown MBR code
08:21:43.848    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
08:21:43.856    Disk 0 default boot code
08:21:43.882    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       703972 MB offset 206848
08:21:43.926    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        11330 MB offset 1441941504
08:21:44.007    Disk 0 scanning C:\Windows\system32\drivers
08:21:58.895    Service scanning
08:22:26.809    Modules scanning
08:22:26.809    Disk 0 trace - called modules:
08:22:26.840    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys
08:22:26.856    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c09680]
08:22:26.856    3 CLASSPNP.SYS[fffff880018ae43f] -> nt!IofCallDriver -> [0xfffffa8004ac9520]
08:22:26.871    5 ACPI.sys[fffff88000ee97a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa8004730060]
08:22:31.894    AVAST engine scan C:\Windows
08:22:36.319    AVAST engine scan C:\Windows\system32
08:27:52.270    AVAST engine scan C:\Windows\system32\drivers
08:28:29.859    AVAST engine scan C:\Users\McDonnell
08:34:19.255    File: C:\Users\McDonnell\AppData\Local\I. d. l. e . C. r. a. w. l. e. r\uninstall.exe  **INFECTED** Win32:Adware-gen [Adw]
08:35:03.211    Disk 0 MBR has been saved successfully to "C:\Users\McDonnell\Desktop\MBR.dat"
08:35:03.274    The log file has been saved successfully to "C:\Users\McDonnell\Desktop\aswMBR.txt"

 



#5 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:23 PM

Posted 12 October 2014 - 03:15 PM

Hi :)

You appear to have combined the FRST.txt log and the Addition.txt log into one log and into one post and they are incomplete. Please repost the FRST.txt log and Addition.txt.

Please post each log in a separate response to this thread and we'll get to work. :thumbsup2:

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#6 sgm67

sgm67
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Virginia Beach, VA
  • Local time:06:23 PM

Posted 12 October 2014 - 03:20 PM

FRST

 

can result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-10-2014
Ran by McDonnell (administrator) on LIVINGROOM-HP on 12-10-2014 08:14:49
Running from C:\Users\McDonnell\Desktop
Loaded Profile: McDonnell (Available profiles: McDonnell & Administrator)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
() C:\Windows\SysWOW64\ScsiAccess.EXE
(TorchMedia Inc.) C:\Users\McDonnell\AppData\Local\Torch\Update\TorchCrashHandler.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(PlumChoice, Inc.) C:\Program Files (x86)\Cox, Inc\Cox PC HealthCheck\PCMonitoringService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe
() C:\Program Files (x86)\Search Extensions\Client.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AWS Convergence Technologies, Inc.) C:\Program Files (x86)\AWS\WeatherBug\Weather.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Dropbox, Inc.) C:\Users\McDonnell\AppData\Roaming\Dropbox\bin\Dropbox.exe
() C:\Users\McDonnell\AppData\Local\I. d. l. e . C. r. a. w. l. e. r\I. C. Runner.exe
(PlumChoice, Inc.) C:\Program Files (x86)\Cox, Inc\Cox PC HealthCheck\DesktopClient.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_15_0_0_167_ActiveX.exe
(The Chromium Authors) C:\Users\McDonnell\AppData\Local\I. d. l. e . C. r. a. w. l. e. r\Chrome-bin\chrome.exe
(The Chromium Authors) C:\Users\McDonnell\AppData\Local\I. d. l. e . C. r. a. w. l. e. r\Chrome-bin\chrome.exe
(The Chromium Authors) C:\Users\McDonnell\AppData\Local\I. d. l. e . C. r. a. w. l. e. r\Chrome-bin\chrome.exe
(The Chromium Authors) C:\Users\McDonnell\AppData\Local\I. d. l. e . C. r. a. w. l. e. r\Chrome-bin\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [106496 2014-01-22] (LeapFrog Enterprises, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM-x32\...\Run: [ospd_us_161] => [X]
HKLM-x32\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
HKLM-x32\...\Run: [GoPCPro] => C:\Program Files (x86)\GoPCPro\GoPcPro.exe
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-10-07] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3226330815-2963902264-1849304025-1000\...\Run: [GoogleChromeAutoLaunch_2A66E79AC0E9BE89F766F121EAADD709] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [852808 2014-09-23] (Google Inc.)
HKU\S-1-5-21-3226330815-2963902264-1849304025-1000\...\Run: [Weather] => C:\Program Files (x86)\AWS\WeatherBug\Weather.exe [1653760 2013-06-05] (AWS Convergence Technologies, Inc.)
HKU\S-1-5-21-3226330815-2963902264-1849304025-1000\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
HKU\S-1-5-21-3226330815-2963902264-1849304025-1000\...\RunOnce: [Uninstall C:\Users\McDonnell\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\McDonnell\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64"
HKU\S-1-5-18\...\Run: [GoogleChromeAutoLaunch_2A66E79AC0E9BE89F766F121EAADD709] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [852808 2014-09-23] (Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\McDonnell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\McDonnell\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = 
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = 
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {1851174C-97BD-4217-A0CC-E908F60D5B7A} https://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect1262.cab
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\15\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: TorchVLC -> C:\Users\McDonnell\AppData\Local\Torch\Plugins\Video\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\McDonnell\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\McDonnell\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.msn.com/
CHR StartupUrls: Default -> "hxxp://www.msn.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\McDonnell\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\McDonnell\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-30]
CHR Extension: (Google Drive) - C:\Users\McDonnell\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-30]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\McDonnell\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-21]
CHR Extension: (YouTube) - C:\Users\McDonnell\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-15]
CHR Extension: (Google Search) - C:\Users\McDonnell\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-15]
CHR Extension: (Pin It Button) - C:\Users\McDonnell\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2014-07-13]
CHR Extension: (Google Wallet) - C:\Users\McDonnell\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-13]
CHR Extension: (Gmail) - C:\Users\McDonnell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-15]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 COX CommunicationsMonitoringService; C:\Program Files (x86)\Cox, Inc\Cox PC HealthCheck\PCMonitoringService.exe [15104 2012-10-31] (PlumChoice, Inc.)
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-05-13] (WildTangent)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 HPSLPSVC; C:\Users\McDonnell\AppData\Local\Temp\7zS19C2\hpslpsvc64.dll [1039360 2013-07-19] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [72992 2014-07-07] (Hewlett-Packard Company)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [103808 2008-01-22] ()
R2 LeapFrog Connect Device Service; C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe [7393280 2014-01-22] (LeapFrog Enterprises, Inc.) [File not signed]
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-11-22] (Hewlett-Packard Company) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1127448 2011-02-01] (PDF Complete Inc)
R2 ScsiAccess; C:\Windows\SysWOW64\ScsiAccess.EXE [181312 2003-02-04] () [File not signed]
R2 TorchCrashHandler; C:\Users\McDonnell\AppData\Local\Torch\Update\TorchCrashHandler.exe [1217032 2014-08-27] (TorchMedia Inc.) <==== ATTENTION
S2 SMUpd; C:\Program Files\Common Files\Goobzo\GBUpdate\smu.exe /service [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 A2DDA; C:\EEK\RUN\a2ddax64.sys [26176 2013-07-27] (Emsisoft GmbH)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 cleanhlp; C:\EEK\Run\cleanhlp64.sys [57032 2013-07-27] (Emsisoft GmbH)
S3 CpqDfw; C:\Windows\System32\drivers\CpqDfw.sys [27456 2012-05-29] (Windows ® Codename Longhorn DDK provider)
S3 cqcpu; C:\Windows\System32\drivers\cqcpu.sys [24376 2010-03-01] ()
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-09-10] (Symantec Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S2 sbmntr; \??\C:\PROGRA~2\YTDOWN~1\sbmntr.sys [X]
S3 SMUpdd; \??\C:\Program Files\Common Files\Goobzo\GBUpdate\smw.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-12 08:14 - 2014-10-12 08:15 - 00019043 _____ () C:\Users\McDonnell\Desktop\FRST.txt
2014-10-12 08:14 - 2014-10-12 08:14 - 00000000 ____D () C:\FRST
2014-10-12 08:12 - 2014-10-12 08:12 - 02109952 _____ (Farbar) C:\Users\McDonnell\Desktop\FRST64.exe
2014-10-09 20:05 - 2014-10-09 20:05 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\McDonnell\Downloads\revosetup.exe
2014-10-09 20:05 - 2014-10-09 20:05 - 00001270 _____ () C:\Users\McDonnell\Desktop\Revo Uninstaller.lnk
2014-10-09 20:01 - 2014-10-09 20:01 - 00854436 _____ () C:\Users\McDonnell\Downloads\SecurityCheck.exe
2014-10-08 17:17 - 2014-10-08 17:17 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieUserList
2014-10-08 17:17 - 2014-10-08 17:17 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieSiteList
2014-10-08 17:05 - 2014-10-08 17:41 - 00000364 _____ () C:\Windows\Tasks\HPCeeScheduleForAdministrator.job
2014-10-08 17:05 - 2014-10-08 17:05 - 00003234 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForAdministrator
2014-10-08 17:03 - 2014-10-08 17:03 - 00000000 ____D () C:\Users\Administrator\Documents\WolfQuest2
2014-10-08 17:03 - 2014-10-08 17:03 - 00000000 ____D () C:\Users\Administrator\Documents\WolfQuest
2014-10-08 17:01 - 2014-10-08 17:01 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Apple Computer
2014-10-08 06:36 - 2014-10-09 20:00 - 00001270 _____ () C:\Users\McDonnell\.swfinfo
2014-10-07 17:07 - 2014-10-07 17:07 - 00003112 _____ () C:\Windows\System32\Tasks\{62C75A16-8551-4699-BE53-46EE55A02DC6}
2014-10-07 17:03 - 2014-10-07 17:03 - 00203511 _____ () C:\Users\McDonnell\Downloads\DoulCi Bypass Server - [ OFFICIAL ].rar
2014-10-07 16:50 - 2014-10-07 17:06 - 00000000 ____D () C:\Users\McDonnell\AppData\Local\I. d. l. e . C. r. a. w. l. e. r
2014-10-07 16:50 - 2014-10-07 16:50 - 00004636 _____ () C:\Windows\System32\Tasks\IC Running Procedure
2014-10-07 16:49 - 2014-10-07 17:09 - 00000000 ____D () C:\Program Files (x86)\ShopSave Toolbar
2014-10-07 16:49 - 2014-10-07 16:49 - 00004266 _____ () C:\Windows\System32\Tasks\SMW_UpdateTask_Time_343033373338393130302d555b373434412d45325a5b6c
2014-10-07 16:49 - 2014-10-07 16:49 - 00003854 _____ () C:\Windows\System32\Tasks\Smp
2014-10-07 16:49 - 2014-10-07 16:49 - 00003740 _____ () C:\Windows\System32\Tasks\SMupdate1
2014-10-07 16:49 - 2014-10-07 16:49 - 00003600 _____ () C:\Windows\System32\Tasks\YTDownloader
2014-10-07 16:49 - 2014-10-07 16:49 - 00003590 _____ () C:\Windows\System32\Tasks\YTDownloaderUpd
2014-10-07 16:47 - 2014-10-11 11:56 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-10-07 16:47 - 2014-10-07 16:47 - 00000000 ____D () C:\Users\McDonnell\AppData\Local\globalUpdate
2014-10-07 16:45 - 2014-10-07 16:46 - 00400464 _____ () C:\Users\McDonnell\Downloads\DoulCi iCloud Activator__8779_il1002.exe
2014-10-05 12:27 - 2014-10-05 12:27 - 00000000 ____D () C:\Users\McDonnell\AppData\Local\{9083C860-B1F0-4995-906F-E5895FC86E6F}
2014-09-30 18:05 - 2014-09-30 18:05 - 00000000 ____D () C:\Users\McDonnell\AppData\Local\{4E88FC8F-566A-4D41-98B3-DDEB81602634}
2014-09-30 14:02 - 2014-09-24 22:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-09-30 14:02 - 2014-09-24 21:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-30 06:26 - 2014-09-30 06:26 - 00000000 ____D () C:\Users\McDonnell\AppData\Local\{11E4C829-2EB7-4970-B0F9-EFF834F3A6D2}
2014-09-30 05:53 - 2014-10-11 21:15 - 00003210 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForMcDonnell
2014-09-28 16:53 - 2014-09-28 16:53 - 00000000 ____D () C:\Users\McDonnell\AppData\Local\{ECA6B450-F390-445F-83FE-BFB005059A61}
2014-09-27 19:49 - 2014-09-27 19:49 - 00000000 ____D () C:\Users\McDonnell\AppData\Local\{B86DADB6-D7CA-41CB-B650-952BB731AFCB}
2014-09-26 21:13 - 2014-09-26 21:56 - 00000000 ____D () C:\Users\McDonnell\Documents\Ball Field Directions
2014-09-24 15:12 - 2014-09-24 15:12 - 00000000 ____D () C:\Program Files (x86)\predm
2014-09-24 15:05 - 2014-10-11 21:15 - 00000348 _____ () C:\Windows\Tasks\HPCeeScheduleForMcDonnell.job
2014-09-24 14:15 - 2014-09-24 14:15 - 00000687 _____ () C:\awhE80D.tmp
2014-09-24 14:12 - 2014-10-11 17:35 - 00000000 ____D () C:\ProgramData\SearchModule
2014-09-24 14:12 - 2014-10-07 16:49 - 00000000 ____D () C:\Program Files\Common Files\Goobzo
2014-09-24 14:11 - 2014-09-24 15:16 - 00000000 ____D () C:\Users\McDonnell\AppData\Roaming\OAS
2014-09-24 14:11 - 2014-09-24 14:11 - 00004174 _____ () C:\Windows\System32\Tasks\RocketTab Update Task
2014-09-24 14:11 - 2014-09-24 14:11 - 00003402 _____ () C:\Windows\System32\Tasks\PastaQuotes
2014-09-24 14:11 - 2014-09-24 14:11 - 00003388 _____ () C:\Windows\System32\Tasks\RocketTab
2014-09-24 14:11 - 2014-09-24 14:11 - 00000000 ____D () C:\Users\McDonnell\AppData\Local\CrashRpt
2014-09-24 14:11 - 2014-09-24 14:11 - 00000000 ____D () C:\Program Files (x86)\Search Extensions
2014-09-24 14:10 - 2014-09-24 14:17 - 00000000 ____D () C:\ProgramData\pastaleads
2014-09-24 14:10 - 2014-09-24 14:10 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstr_01009.Wdf
2014-09-24 14:09 - 2014-09-24 14:09 - 00362496 _____ () C:\Users\McDonnell\Downloads\IOS7ActivationTool__6858_il1049556.exe
2014-09-24 13:54 - 2014-09-24 14:00 - 00000000 ____D () C:\Users\McDonnell\AppData\Roaming\Systweak
2014-09-24 13:54 - 2014-09-24 13:54 - 24489269 _____ () C:\Users\McDonnell\Downloads\setup_free.exe
2014-09-24 13:54 - 2014-09-24 13:54 - 00793240 _____ ( ) C:\Users\McDonnell\Downloads\Free_Download_Setup (1).exe
2014-09-24 13:54 - 2014-09-24 13:54 - 00003328 _____ () C:\Windows\System32\Tasks\ASP
2014-09-24 13:54 - 2014-08-29 17:02 - 00020296 _____ () C:\Windows\system32\roboot64.exe
2014-09-24 13:53 - 2014-09-24 13:53 - 00793240 _____ ( ) C:\Users\McDonnell\Downloads\Free_Download_Setup.exe
2014-09-24 13:45 - 2014-09-24 13:45 - 00263544 _____ (Software Installer ) C:\Users\McDonnell\Downloads\Setup.exe
2014-09-24 10:39 - 2014-09-24 10:39 - 00111104 _____ () C:\Windows\SysWOW64\installd.exe
2014-09-23 16:56 - 2014-09-09 18:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-23 16:56 - 2014-09-09 17:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-21 08:31 - 2014-09-21 08:31 - 04991400 _____ (Adobe Systems Inc.) C:\Users\McDonnell\Downloads\Shockwave_Installer_Slim (1).exe
2014-09-16 17:26 - 2014-09-16 17:27 - 00000000 ____D () C:\Users\McDonnell\AppData\Local\{51C883AD-09AC-46B5-89F1-F3E7B9F08DA1}
2014-09-13 20:27 - 2014-09-13 20:27 - 00010756 _____ () C:\Users\McDonnell\Downloads\14u National Sunday Bracket2.xlsx
2014-09-13 20:18 - 2014-09-13 20:18 - 00000000 ____D () C:\Users\McDonnell\AppData\Local\{209DD16B-F976-45EC-AE39-92698ABCA874}
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-12 07:42 - 2014-04-30 06:19 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-12 07:41 - 2013-11-12 18:56 - 00000924 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3226330815-2963902264-1849304025-1000UA.job
2014-10-12 07:31 - 2011-08-04 14:36 - 01295000 _____ () C:\Windows\WindowsUpdate.log
2014-10-12 07:24 - 2012-10-28 20:35 - 00048534 _____ () C:\Users\Public\Documents\Cox PC HealthCheck Report.log
2014-10-12 07:20 - 2012-04-07 07:55 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-11 21:18 - 2009-07-14 00:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-11 21:18 - 2009-07-14 00:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-11 21:13 - 2013-10-12 10:05 - 00000000 ___RD () C:\Users\McDonnell\Dropbox
2014-10-11 21:12 - 2013-10-12 10:03 - 00000000 ____D () C:\Users\McDonnell\AppData\Roaming\Dropbox
2014-10-11 21:12 - 2013-09-30 16:55 - 00000000 ____D () C:\ProgramData\TorchCrashHandler
2014-10-11 21:11 - 2014-04-30 06:19 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-11 21:11 - 2011-06-13 16:58 - 00000000 ____D () C:\ProgramData\PDFC
2014-10-11 21:10 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-11 21:10 - 2009-07-14 00:51 - 00161587 _____ () C:\Windows\setupact.log
2014-10-11 17:38 - 2010-11-20 23:47 - 00694136 _____ () C:\Windows\PFRO.log
2014-10-11 15:59 - 2013-11-30 07:36 - 00000414 ____H () C:\Windows\Tasks\Norton Security Scan for McDonnell.job
2014-10-11 14:12 - 2011-12-03 09:36 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-10-11 14:12 - 2011-08-06 17:47 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-10-11 07:58 - 2011-11-30 19:46 - 00001585 _____ () C:\Users\McDonnell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-10-10 06:53 - 2013-11-12 18:56 - 00000872 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3226330815-2963902264-1849304025-1000Core.job
2014-10-09 22:15 - 2011-08-17 16:04 - 00000000 ____D () C:\Users\McDonnell\AppData\Local\CrashDumps
2014-10-09 20:05 - 2013-07-11 09:13 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-10-09 06:30 - 2013-06-18 11:02 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-10-08 17:05 - 2014-07-23 06:44 - 00000000 ____D () C:\Users\Administrator
2014-10-08 17:02 - 2012-02-10 18:17 - 00000000 ____D () C:\Program Files (x86)\WolfQuest_Data
2014-10-08 17:01 - 2014-07-23 06:46 - 00091648 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-08 17:01 - 2014-07-23 06:46 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Apple Computer
2014-10-08 06:36 - 2011-08-04 14:36 - 00000000 ____D () C:\Users\McDonnell
2014-10-08 05:29 - 2014-04-30 06:20 - 00002351 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-07 16:49 - 2009-07-13 23:20 - 00000000 ____D () C:\Program Files\Common Files\System
2014-10-07 08:09 - 2011-08-04 15:09 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-07 07:02 - 2011-08-04 14:40 - 00091648 _____ () C:\Users\McDonnell\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-07 05:29 - 2009-07-14 00:45 - 00358536 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-05 20:22 - 2013-07-07 21:09 - 00000000 ____D () C:\Users\McDonnell\Documents\Recipes
2014-10-02 08:27 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-25 17:43 - 2012-12-04 05:58 - 00003228 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForLIVINGROOM-HP$
2014-09-25 17:43 - 2012-12-04 05:58 - 00000352 _____ () C:\Windows\Tasks\HPCeeScheduleForLIVINGROOM-HP$.job
2014-09-24 06:15 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-09-23 20:29 - 2011-08-30 19:45 - 00000000 ____D () C:\Users\McDonnell\AppData\Local\GQWeb
2014-09-23 16:41 - 2012-04-07 07:55 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-23 16:41 - 2012-04-07 07:55 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-23 16:41 - 2011-08-12 08:19 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-23 05:26 - 2009-07-14 01:08 - 00032582 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-22 02:42 - 2010-11-20 23:27 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-18 06:55 - 2013-10-12 10:05 - 00000993 _____ () C:\Users\McDonnell\Desktop\Dropbox.lnk
2014-09-18 06:55 - 2013-10-12 10:03 - 00000000 ____D () C:\Users\McDonnell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-09-15 19:37 - 2014-07-18 09:23 - 00000000 ____D () C:\Users\McDonnell\Documents\Mike
2014-09-15 16:49 - 2011-08-04 14:46 - 00000000 ____D () C:\Users\McDonnell\AppData\Roaming\Adobe
2014-09-13 18:43 - 2013-11-30 07:36 - 00003590 _____ () C:\Windows\System32\Tasks\Norton Security Scan for McDonnell
 
Some content of TEMP:
====================
C:\Users\McDonnell\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmptb9zoo.dll
C:\Users\McDonnell\AppData\Local\Temp\Extract.exe
C:\Users\McDonnell\AppData\Local\Temp\HPPSdr.exe
C:\Users\McDonnell\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\McDonnell\AppData\Local\Temp\post1.exe
C:\Users\McDonnell\AppData\Local\Temp\post2.dll
C:\Users\McDonnell\AppData\Local\Temp\post2.exe
C:\Users\McDonnell\AppData\Local\Temp\secuniasi8377559161128212856.dll
C:\Users\McDonnell\AppData\Local\Temp\sp64126.exe
C:\Users\McDonnell\AppData\Local\Temp\SP66193.exe
C:\Users\McDonnell\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\McDonnell\AppData\Local\Temp\System.Data.SQLite10672.dll
C:\Users\McDonnell\AppData\Local\Temp\System.Data.SQLite12515.dll
C:\Users\McDonnell\AppData\Local\Temp\System.Data.SQLite12667.dll
C:\Users\McDonnell\AppData\Local\Temp\System.Data.SQLite13204.dll
C:\Users\McDonnell\AppData\Local\Temp\System.Data.SQLite13545.dll
C:\Users\McDonnell\AppData\Local\Temp\System.Data.SQLite13643.dll
C:\Users\McDonnell\AppData\Local\Temp\System.Data.SQLite18091.dll
C:\Users\McDonnell\AppData\Local\Temp\System.Data.SQLite21746.dll
C:\Users\McDonnell\AppData\Local\Temp\System.Data.SQLite22151.dll
C:\Users\McDonnell\AppData\Local\Temp\System.Data.SQLite23643.dll
C:\Users\McDonnell\AppData\Local\Temp\System.Data.SQLite23818.dll
C:\Users\McDonnell\AppData\Local\Temp\System.Data.SQLite24706.dll
C:\Users\McDonnell\AppData\Local\Temp\System.Data.SQLite24797.dll
C:\Users\McDonnell\AppData\Local\Temp\System.Data.SQLite25085.dll
C:\Users\McDonnell\AppData\Local\Temp\System.Data.SQLite25397.dll
C:\Users\McDonnell\AppData\Local\Temp\System.Data.SQLite25556.dll
C:\Users\McDonnell\AppData\Local\Temp\System.Data.SQLite27472.dll
C:\Users\McDonnell\AppData\Local\Temp\System.Data.SQLite27759.dll
C:\Users\McDonnell\AppData\Local\Temp\System.Data.SQLite28868.dll
C:\Users\McDonnell\AppData\Local\Temp\System.Data.SQLite29145.dll
C:\Users\McDonnell\AppData\Local\Temp\System.Data.SQLite29254.dll
C:\Users\McDonnell\AppData\Local\Temp\System.Data.SQLite29374.dll
C:\Users\McDonnell\AppData\Local\Temp\System.Data.SQLite29466.dll
C:\Users\McDonnell\AppData\Local\Temp\System.Data.SQLite29543.dll
C:\Users\McDonnell\AppData\Local\Temp\System.Data.SQLite31026.dll
C:\Users\McDonnell\AppData\Local\Temp\System.Data.SQLite31161.dll
C:\Users\McDonnell\AppData\Local\Temp\System.Data.SQLite31798.dll
C:\Users\McDonnell\AppData\Local\Temp\System.Data.SQLite32348.dll
C:\Users\McDonnell\AppData\Local\Temp\System.Data.SQLite32675.dll
C:\Users\McDonnell\AppData\Local\Temp\System.Data.SQLite33395.dll
C:\Users\McDonnell\AppData\Local\Temp\System.Data.SQLite36588.dll
C:\Users\McDonnell\AppData\Local\Temp\System.Data.SQLite37204.dll
C:\Users\McDonnell\AppData\Local\Temp\System.Data.SQLite37451.dll
C:\Users\McDonnell\AppData\Local\Temp\System.Data.SQLite37638.dll
C:\Users\McDonnell\AppData\Local\Temp\System.Data.SQLite37977.dll
C:\Users\McDonnell\AppData\Local\Temp\System.Data.SQLite39159.dll
C:\Users\McDonnell\AppData\Local\Temp\System.Data.SQLite45332.dll
C:\Users\McDonnell\AppData\Local\Temp\System.Data.SQLite46904.dll
C:\Users\McDonnell\AppData\Local\Temp\System.Data.SQLite47968.dll
C:\Users\McDonnell\AppData\Local\Temp\System.Data.SQLite49186.dll
C:\Users\McDonnell\AppData\Local\Temp\System.Data.SQLite49190.dll
C:\Users\McDonnell\AppData\Local\Temp\System.Data.SQLite50685.dll
C:\Users\McDonnell\AppData\Local\Temp\System.Data.SQLite51093.dll
C:\Users\McDonnell\AppData\Local\Temp\System.Data.SQLite51323.dll
C:\Users\McDonnell\AppData\Local\Temp\System.Data.SQLite52241.dll
C:\Users\McDonnell\AppData\Local\Temp\System.Data.SQLite52747.dll
C:\Users\McDonnell\AppData\Local\Temp\System.Data.SQLite54258.dll
C:\Users\McDonnell\AppData\Local\Temp\System.Data.SQLite55862.dll
C:\Users\McDonnell\AppData\Local\Temp\System.Data.SQLite59922.dll
C:\Users\McDonnell\AppData\Local\Temp\System.Data.SQLite62036.dll
C:\Users\McDonnell\AppData\Local\Temp\System.Data.SQLite63881.dll
C:\Users\McDonnell\AppData\Local\Temp\System.Data.SQLite64347.dll
C:\Users\McDonnell\AppData\Local\Temp\System.Data.SQLite64958.dll
C:\Users\McDonnell\AppData\Local\Temp\System.Data.SQLite65673.dll
C:\Users\McDonnell\AppData\Local\Temp\System.Data.SQLite66470.dll
C:\Users\McDonnell\AppData\Local\Temp\System.Data.SQLite68623.dll
C:\Users\McDonnell\AppData\Local\Temp\System.Data.SQLite69095.dll
C:\Users\McDonnell\AppData\Local\Temp\System.Data.SQLite69738.dll
C:\Users\McDonnell\AppData\Local\Temp\System.Data.SQLite69897.dll
C:\Users\McDonnell\AppData\Local\Temp\System.Data.SQLite71457.dll
C:\Users\McDonnell\AppData\Local\Temp\System.Data.SQLite72935.dll
C:\Users\McDonnell\AppData\Local\Temp\System.Data.SQLite73930.dll
C:\Users\McDonnell\AppData\Local\Temp\System.Data.SQLite77600.dll
C:\Users\McDonnell\AppData\Local\Temp\System.Data.SQLite81093.dll
C:\Users\McDonnell\AppData\Local\Temp\System.Data.SQLite82537.dll
C:\Users\McDonnell\AppData\Local\Temp\System.Data.SQLite85803.dll
C:\Users\McDonnell\AppData\Local\Temp\System.Data.SQLite86836.dll
C:\Users\McDonnell\AppData\Local\Temp\System.Data.SQLite87050.dll
C:\Users\McDonnell\AppData\Local\Temp\System.Data.SQLite88715.dll
C:\Users\McDonnell\AppData\Local\Temp\System.Data.SQLite89259.dll
C:\Users\McDonnell\AppData\Local\Temp\System.Data.SQLite89645.dll
C:\Users\McDonnell\AppData\Local\Temp\System.Data.SQLite90334.dll
C:\Users\McDonnell\AppData\Local\Temp\System.Data.SQLite90430.dll
C:\Users\McDonnell\AppData\Local\Temp\System.Data.SQLite90448.dll
C:\Users\McDonnell\AppData\Local\Temp\System.Data.SQLite90856.dll
C:\Users\McDonnell\AppData\Local\Temp\System.Data.SQLite92980.dll
C:\Users\McDonnell\AppData\Local\Temp\System.Data.SQLite93956.dll
C:\Users\McDonnell\AppData\Local\Temp\System.Data.SQLite94113.dll
C:\Users\McDonnell\AppData\Local\Temp\System.Data.SQLite94528.dll
C:\Users\McDonnell\AppData\Local\Temp\System.Data.SQLite94796.dll
C:\Users\McDonnell\AppData\Local\Temp\System.Data.SQLite96454.dll
C:\Users\McDonnell\AppData\Local\Temp\System.Data.SQLite97079.dll
C:\Users\McDonnell\AppData\Local\Temp\System.Data.SQLite98694.dll
C:\Users\McDonnell\AppData\Local\Temp\tu17p84.exe
C:\Users\McDonnell\AppData\Local\Temp\UninstallHPSA.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-10-06 07:48
 
==================== End Of Log ============================


#7 sgm67

sgm67
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Virginia Beach, VA
  • Local time:06:23 PM

Posted 12 October 2014 - 03:21 PM

Addition:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-10-2014
Ran by McDonnell at 2014-10-12 08:16:20
Running from C:\Users\McDonnell\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1210 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.9.0.1210 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
aspi (x32 Version: 3.00.0008.0000 - Eastman Kodak Company) Hidden
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blio (HKLM-x32\...\{AEDA8713-5521-4600-9AC2-81674A9EDC4F}) (Version: 2.2.7689 - K-NFB Reading Technology, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
CCHelp (x32 Version: 3.00.0010.0000 - Easlman Kodak Company) Hidden
CCScore (x32 Version: 3.00.0020.0001 - Eastman Kodak) Hidden
Centipede with Pong (HKLM-x32\...\Centipede with Pong) (Version: 1.0.0.0 - Atari)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cox PC HealthCheck (HKLM-x32\...\{D2B13DDA-5AAC-4426-96C8-11CE4E8C3656}) (Version: 5.5.19.0 - PlumChoice, Inc)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{650DE870-ECA3-4E63-8D77-778512BE5D4C}) (Version:  - Microsoft)
Diner Dash 2 (HKLM-x32\...\Diner Dash 2) (Version:  - PlayFirst, Inc.)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
ESSAdpt (x32 Version: 3.00.0011.0000 - Eastman Kodak Company) Hidden
ESSANUP (x32 Version: 3.00.0004.0000 - Eastman Kodak Company) Hidden
ESSCAM (x32 Version: 3.00.0010.0000 - Eastman Kodak Company) Hidden
ESSCDBK (x32 Version: 3.00.0012.0000 - Eastman Kodak Company) Hidden
ESScore (x32 Version: 3.00.0019.0000 - Eastman Kodak) Hidden
ESSgui (x32 Version: 3.00.0017.0000 - Eastman Kodak) Hidden
ESShelp (x32 Version: 3.00.0011.0000 - Eastman Kodak Company) Hidden
ESSini (x32 Version: 3.00.0017.0001 - Eastman Kodak) Hidden
ESSPCD (x32 Version: 3.00.0020.0001 - Eastman Kodak Company) Hidden
ESSvpaht (x32 Version: 3.00.0017.0000 - Eastman Kodak) Hidden
ESSvpot (x32 Version: 3.00.0017.0002 - Eastman Kodak) Hidden
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) Hidden
Google Chrome (HKCU\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
GradeQuick Web Plugin (HKLM-x32\...\{0EB768CD-EF48-4C66-8BCB-2DA8166B2654}) (Version: 1.00.0000 - Edline)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hoyle Board Games 4 (HKLM-x32\...\Hoyle Board Games 4) (Version:  - )
HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) Hidden
HP Client Services (Version: 1.1.12938.3539 - Hewlett-Packard) Hidden
HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden
HP Deskjet 1050 J410 series Basic Device Software (HKLM\...\{F294770E-F869-400F-81C3-614B5F13CA54}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet 1050 J410 series Help (HKLM-x32\...\{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}) (Version: 140.0.66.66 - Hewlett Packard)
HP Deskjet 1050 J410 series Product Improvement Study (HKLM\...\{D638A23C-5C5F-4B71-A354-EC78B2BDD320}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.4 - WildTangent)
HP LinkUp (HKLM-x32\...\{DB3147AB-4024-4773-8EC0-A1FE5B44933D}) (Version: 2.01.028 - Hewlett-Packard)
HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{BB760C1D-98F4-4E38-8CC4-3B67329AA981}) (Version: 1.0.6.0 - Hewlett-Packard)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard)
HP MovieStore (x32 Version: 1.0.045 - Hewlett-Packard) Hidden
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Product Detection (HKLM-x32\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
HP Setup (HKLM-x32\...\{210A03F5-B2ED-4947-B27E-516F50CBB292}) (Version: 8.6.4530.3651 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13253.3682 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{C43602FE-988C-47BA-9F9F-B95FDDAFB624}) (Version: 11.50.0031 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.5.0.0 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
I. d. l. e . C. r. a. w. l. e. r (HKLM-x32\...\I. d. l. e . C. r. a. w. l. e. r) (Version: 98.0.0.445 - SADDLEBACK PROC LTD)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Inkjet Printer/Scanner Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version:  - )
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2119 - Intel Corporation)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version:  - )
iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)
Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
JumpStart World Presents Pet Playground (HKLM-x32\...\JumpStart World Presents Pet Playground) (Version:  - )
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kobo (HKLM-x32\...\Kobo) (Version: 1.6 - Kobo Inc.)
Kodak EasyShare software (HKLM-x32\...\{D32470A1-B10C-4059-BA53-CF0486F68EBC}) (Version:  - Eastman Kodak Company)
KODAK Share Button App (HKLM-x32\...\{C3F0CF4C-0A8C-42F1-A585-2EF7886D6039}) (Version: 4.03.0000.0000 - Eastman Kodak Company)
KSU (x32 Version: 612.7.0008.0000 - Eastman Kodak Compnay) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3609 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.3609 - CyberLink Corp.) Hidden
LeadTool (x32 Version: 3.00.0001.0000 - Eastman Kodak Company) Hidden
LeapFrog Connect (HKLM-x32\...\UPCShell) (Version: 5.3.0.18537 - LeapFrog)
LeapFrog Connect (x32 Version: 5.3.0.18537 - LeapFrog) Hidden
LeapFrog LeapPad Explorer Plugin (x32 Version: 5.2.1.18456 - LeapFrog) Hidden
LightScribe System Software (HKLM-x32\...\{FD7F0DB8-0E96-4D64-AD4D-9B5A936AF2A8}) (Version: 1.18.20.1 - LightScribe)
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Mall Tycoon (HKLM-x32\...\Mall Tycoon) (Version:  - )
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Picture It! Express 2000 (HKLM-x32\...\{A586D09E-1D2C-11D3-9A6B-00105A98B681}) (Version: 4.0.0.0 - Microsoft)
Microsoft Security Client (Version: 4.6.0305.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 17.0.2015.0811 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0 - Microsoft Corp.) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery P.I. - Stolen in San Francisco (x32 Version: 2.2.0.95 - WildTangent) Hidden
Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.1.0 - Nikon)
Nikon Movie Editor (HKLM-x32\...\{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}) (Version: 2.5.0 - Nikon)
Norton Security Scan (HKLM-x32\...\NSS) (Version: 4.1.0.28 - Symantec Corporation)
Notifier (x32 Version: 3.00.0006.0000 - Eastman Kodak Company) Hidden
OTtBP (x32 Version: 3.00.0007.0000 - Eastman Kodak Company) Hidden
P@H-Protocol (HKLM-x32\...\{CF594DB8-CFB0-45B4-86DA-8BB4AC0941F8}) (Version: 3.0.7.0 - Valassis)
PCDADDIN (x32 Version: 3.00.0001.0008 - Eastman Kodak Company) Hidden
PCDHELP (x32 Version: 3.00.0001.0000 - Eastman Kodak Company) Hidden
PCDLNCH (x32 Version: 3.00.0001.0002 - Eastman Kodak Company) Hidden
PCDrdsho (x32 Version: 3.00.0001.0001 - Eastman Kodak Company) Hidden
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.35 - PDF Complete, Inc)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Picture Control Utility x64 (HKLM\...\{11953C65-BB4E-4CA4-B0F0-2600A4B20040}) (Version: 1.4.9 - Nikon)
Pirate101 (HKLM-x32\...\{662140BE-138C-4DC1-B4CD-B62C6C855A25}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4817 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4817 - CyberLink Corp.) Hidden
PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-132318649765}) (Version: 5.10.1217.0 -  NewspaperDirect Inc.)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6463 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.3621 - CyberLink Corp.) Hidden
Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RocketTab (HKLM-x32\...\RocketTab) (Version:  - RocketTab) <==== ATTENTION
RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.103 - RoxioNow)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
SFR (x32 Version: 3.01.0002.0001 - Eastman Kodak Company) Hidden
SFR2 (x32 Version: 3.00.0004.0000 - Eastman Kodak Company) Hidden
Slingo Supreme (x32 Version: 2.2.0.95 - WildTangent) Hidden
Spotify (HKCU\...\Spotify) (Version: 0.8.3.222.g317ab79d - Spotify AB)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Torch (HKCU\...\Torch) (Version: 33.0.0.7723 - Torch Media, Inc) <==== ATTENTION
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2889836) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9179FC17-97A8-4D98-9E09-05720AF5D44E}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
USB MassStorage CardReader (HKLM-x32\...\040a_5005) (Version:  - )
Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapPad Explorer Plugin) (HKLM-x32\...\LeapPadExplorerPlugin) (Version:  - LeapFrog)
ViewNX 2 (HKLM\...\{635BE602-BB9C-4C59-8CC5-93F9366E8A21}) (Version: 2.5.1 - Nikon)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
WeatherBug (HKLM-x32\...\{DAFA6315-EAE5-4B9E-9D18-0DC51D1DB0F0}) (Version: 7.0.0.12 - Earth Networks, Inc.)
Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games App for HP (x32 Version: 4.0.11.2 - WildTangent) Hidden
Windows 7 Upgrade Advisor (HKLM-x32\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Driver Package - Eastman Kodak KODAK Digital Camera (01/29/2010 1.4.1.0) (HKLM\...\3D970B9F930E7AAE23C06D39A1AC98548C90B442) (Version: 01/29/2010 1.4.1.0 - Eastman Kodak)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Wizard101 (HKLM-x32\...\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)
WMI Tools (HKLM-x32\...\{25A13826-8E4A-4FBF-AD2B-776447FE9646}) (Version: 1.50.1131.0001 - Microsoft Corporation)
WolfQuest (HKLM-x32\...\{9E6AD6CF-1EFF-43E4-86C4-5C00254C3D8E}) (Version: 2.5.1 - eduweb)
Zinio Reader 4 (HKLM-x32\...\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1) (Version: 4.0.3184 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.0.3184 - Zinio LLC) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-3226330815-2963902264-1849304025-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\McDonnell\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3226330815-2963902264-1849304025-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\McDonnell\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3226330815-2963902264-1849304025-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\McDonnell\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3226330815-2963902264-1849304025-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\McDonnell\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3226330815-2963902264-1849304025-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\McDonnell\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3226330815-2963902264-1849304025-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\McDonnell\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3226330815-2963902264-1849304025-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\McDonnell\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3226330815-2963902264-1849304025-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\McDonnell\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3226330815-2963902264-1849304025-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\McDonnell\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3226330815-2963902264-1849304025-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\McDonnell\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3226330815-2963902264-1849304025-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\McDonnell\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3226330815-2963902264-1849304025-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\McDonnell\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3226330815-2963902264-1849304025-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\McDonnell\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3226330815-2963902264-1849304025-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\McDonnell\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3226330815-2963902264-1849304025-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\McDonnell\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3226330815-2963902264-1849304025-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\McDonnell\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3226330815-2963902264-1849304025-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\McDonnell\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3226330815-2963902264-1849304025-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\McDonnell\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
 
==================== Restore Points  =========================
 
27-09-2014 18:37:54 Windows Update
30-09-2014 23:10:09 Windows Update
01-10-2014 01:38:05 Windows Update
04-10-2014 11:10:56 Windows Update
07-10-2014 20:17:05 Windows Update
10-10-2014 00:06:58 Revo Uninstaller's restore point - GoPCPro
10-10-2014 01:45:49 Revo Uninstaller's restore point - YTDownloader
11-10-2014 00:52:50 Windows Update
11-10-2014 20:06:18 Revo Uninstaller's restore point - Search module
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0059A75B-01E3-4D1B-BED3-194A635EBF31} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-23] (Adobe Systems Incorporated)
Task: {11E05191-6407-4654-B394-46A73ACA8EDB} - System32\Tasks\Smp => C:\Program Files\Common Files\Goobzo\GBUpdate\smp.exe <==== ATTENTION
Task: {16F10C87-C3F0-48CA-B7F6-B7E3443AD286} - System32\Tasks\{10EF5062-FADE-4238-95E4-4EA61663B88F}-Kodak Share Button App Camera detect => C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe [2012-06-26] (Eastman Kodak Company)
Task: {1D43277D-9CFF-48F1-9F4B-699E6CE05D77} - System32\Tasks\IC Running Procedure => %LOCALAPPDATA%\I. d. l. e . C. r. a. w. l. e. r\I. C. Runner.exe
Task: {31079AC1-1BC7-407B-9E55-4C531F9F9441} - System32\Tasks\HPCeeScheduleForLIVINGROOM-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {37B58F5F-CCB8-4549-B921-76B9A90A2E4A} - System32\Tasks\YTDownloader => C:\Program Files (x86)\YTDownloader\YTDownloader.exe <==== ATTENTION
Task: {4024709B-5EF1-4832-A5C4-BCCD517C6936} - System32\Tasks\HPCeeScheduleForMcDonnell => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {4B29065A-2D52-491A-833A-9577D44AC26F} - System32\Tasks\HPCeeScheduleForAdministrator => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {5043A13F-1343-4536-8FA6-A7A24F9033B6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-30] (Google Inc.)
Task: {5958415F-5B2C-4938-A5B3-57BE91B435D1} - System32\Tasks\HPCustParticipation HP Deskjet 1050 J410 series => C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2012-10-02] (Hewlett-Packard Co.)
Task: {5A82F9BD-2228-4537-8553-47BFB814E800} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {70023AF5-6AAF-4ED7-A066-10F381BEDCB9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {75C06538-B48E-4587-B2F1-EEDE29087FF7} - System32\Tasks\Microsoft\Windows\Maintenance\IC Update Procedure => %LOCALAPPDATA%\I. d. l. e . C. r. a. w. l. e. r\I. C. Runner.exe
Task: {75D984A7-C235-4D00-8B44-BD01CDD33A03} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION
Task: {7958EA1B-FE5E-4D8A-A583-CA11F7F0F449} - System32\Tasks\RMCreator => C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe [2010-12-21] (CyberLink)
Task: {84B8EDBB-10F1-4727-9C11-BAAC34FE485F} - System32\Tasks\BuzzSocialPoints_DNS_Checker => C:\Windows\BuzzSocialPointsChecker\BSP_li.exe <==== ATTENTION
Task: {88DA23AC-CBA2-4449-9D6B-DDAA2779AFCF} - System32\Tasks\PastaQuotes => C:\Program Files (x86)\pastaleads\ScheduledTask.exe
Task: {8F1A5CAA-72FD-4297-9ACE-26BCA89B0E79} - System32\Tasks\Norton Security Scan for McDonnell => C:\Program Files (x86)\Norton Security Scan\Engine\4.1.0.28\Nss.exe [2014-08-21] (Symantec Corporation)
Task: {90301FCC-035A-4A95-8524-E50C9B9CCBAF} - System32\Tasks\SMW_UpdateTask_Time_343033373338393130302d555b373434412d45325a5b6c => Wscript.exe //B "C:\ProgramData\SearchModule\smhe.js" smu.exe /invoke /f:check_services /l:0 <==== ATTENTION
Task: {9C474BD1-AA2A-4B91-953E-9AC2579D0FBD} - System32\Tasks\ASP => C:\Program Files (x86)\RCP\systweakasp.exe
Task: {9FC73113-B587-4316-98DA-1C3EB2C69B35} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3226330815-2963902264-1849304025-1000Core => C:\Users\McDonnell\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-09] (Google Inc.)
Task: {A6F40511-0E0C-4BC9-98FF-9CDA8FAEB9C5} - System32\Tasks\hpUrlLauncher.exe_{BE1D4001-DC11-4A2A-837E-FDAD574255EA} => C:\Program Files\hp\HP Deskjet 1050 J410 series\Bin\utils\hpUrlLauncher.exe [2012-10-02] (Hewlett-Packard Co.)
Task: {B5450543-AEA6-43FB-AC1D-76EDCE3F5A10} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-09-22] (Hewlett-Packard)
Task: {B73EEAF8-301F-441F-AB8E-F7245DA72A87} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {BA115C37-1617-4B27-8AA5-B00BF1C44910} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {CA1704AD-1C2C-4755-8CD9-C86F9FC59BBB} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION
Task: {CED9695F-2B48-40DF-B102-5752C5594181} - System32\Tasks\RocketTab => C:\Windows\system32\cmd.exe [2010-11-20] (Microsoft Corporation) <==== ATTENTION
Task: {D24B04E6-FB51-4BBB-9016-6595B18F7665} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3226330815-2963902264-1849304025-1000UA => C:\Users\McDonnell\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-09] (Google Inc.)
Task: {D590D307-FED6-45C5-866E-B50648F3796D} - System32\Tasks\RocketTab Update Task => C:\Program Files (x86)\Search Extensions\uninstall.exe [2014-09-24] () <==== ATTENTION
Task: {DF2AD028-955E-4B80-AAAB-13C78F90A676} - System32\Tasks\SMupdate1 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update1 <==== ATTENTION
Task: {F8AABA96-160C-4505-8709-63E733444447} - System32\Tasks\YTDownloaderUpd => C:\Program Files (x86)\YTDownloader\updater.exe <==== ATTENTION
Task: {FC5A96B2-9FF4-4A22-86CD-E913D355E51D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-30] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3226330815-2963902264-1849304025-1000Core.job => C:\Users\McDonnell\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3226330815-2963902264-1849304025-1000UA.job => C:\Users\McDonnell\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForAdministrator.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForLIVINGROOM-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForMcDonnell.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\Norton Security Scan for McDonnell.job => C:\PROGRA~2\NORTON~2\Engine\410~1.28\Nss.exe
 
==================== Loaded Modules (whitelisted) =============
 
2011-10-12 22:08 - 2008-01-22 13:35 - 00103808 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2003-02-04 08:22 - 2003-02-04 08:22 - 00181312 _____ () C:\Windows\SysWOW64\ScsiAccess.EXE
2014-09-24 14:11 - 2014-09-24 14:11 - 01423080 _____ () C:\Program Files (x86)\Search Extensions\Client.exe
2014-10-03 05:10 - 2014-10-03 05:10 - 00133216 _____ () C:\Users\McDonnell\AppData\Local\I. d. l. e . C. r. a. w. l. e. r\I. C. Runner.exe
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-10-28 20:35 - 2012-10-28 20:35 - 00155648 _____ () C:\Program Files (x86)\Cox, Inc\Cox PC HealthCheck\SmartDisk.dll
2014-09-24 18:46 - 2014-09-23 00:06 - 01098056 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\libglesv2.dll
2014-09-24 18:46 - 2014-09-23 00:06 - 00174408 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\libegl.dll
2014-09-24 18:46 - 2014-09-23 00:07 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\pdf.dll
2014-09-24 18:46 - 2014-09-23 00:07 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll
2014-09-24 18:46 - 2014-09-23 00:06 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ffmpegsumo.dll
2014-10-11 21:12 - 2014-10-11 21:12 - 00043008 _____ () c:\Users\McDonnell\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmptb9zoo.dll
2013-08-23 15:01 - 2013-08-23 15:01 - 25100288 _____ () C:\Users\McDonnell\AppData\Roaming\Dropbox\bin\libcef.dll
2014-10-03 05:11 - 2014-10-03 05:11 - 00104032 _____ () C:\Users\McDonnell\AppData\Local\I. d. l. e . C. r. a. w. l. e. r\Modules\ManXec.dll
2014-10-03 05:11 - 2014-10-03 05:11 - 00074848 _____ () C:\Users\McDonnell\AppData\Local\I. d. l. e . C. r. a. w. l. e. r\Modules\CmdProc.dll
2014-10-03 05:12 - 2014-10-03 05:12 - 00048224 _____ () C:\Users\McDonnell\AppData\Local\I. d. l. e . C. r. a. w. l. e. r\Modules\PrfIns.dll
2014-10-03 05:12 - 2014-10-03 05:12 - 00056928 _____ () C:\Users\McDonnell\AppData\Local\I. d. l. e . C. r. a. w. l. e. r\Modules\WbSes.dll
2014-10-03 05:12 - 2014-10-03 05:12 - 00146016 _____ () C:\Users\McDonnell\AppData\Local\I. d. l. e . C. r. a. w. l. e. r\Modules\WdcMan.dll
2014-10-03 05:12 - 2014-10-03 05:12 - 00121952 _____ () C:\Users\McDonnell\AppData\Local\I. d. l. e . C. r. a. w. l. e. r\Modules\WblSupp.dll
2014-10-03 05:11 - 2014-10-03 05:11 - 00111200 _____ () C:\Users\McDonnell\AppData\Local\I. d. l. e . C. r. a. w. l. e. r\Modules\CmnUtls.dll
2012-10-31 14:29 - 2012-10-31 14:29 - 00221184 _____ () C:\Program Files (x86)\Cox, Inc\Cox PC HealthCheck\AgentBase.XmlSerializers.dll
2014-10-07 17:06 - 2014-07-21 05:38 - 00393728 _____ () C:\Users\McDonnell\AppData\Local\I. d. l. e . C. r. a. w. l. e. r\Chrome-bin\ppGoogleNaClPluginChrome.dll
2014-10-07 17:06 - 2014-07-21 05:38 - 00788480 _____ () C:\Users\McDonnell\AppData\Local\I. d. l. e . C. r. a. w. l. e. r\Chrome-bin\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\Temp:80E965A3
AlternateDataStreams: C:\Users\McDonnell\Downloads\DoulCi iCloud Activator__8779_il1002.exe:typelib
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk => C:\Windows\pss\Kodak EasyShare software.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^KODAK Software Updater.lnk => C:\Windows\pss\KODAK Software Updater.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: CanonSolutionMenu => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon
MSCONFIG\startupreg: Google Update => "C:\Users\McDonnell\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: HP Software Update => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: hpsysdrv => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KGShareApp => C:\Program Files (x86)\Kodak\KODAK Share Button App\KGShare_App.exe
MSCONFIG\startupreg: MobileDocuments => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
MSCONFIG\startupreg: Monitor => "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: Nikon Message Center 2 => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
MSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
MSCONFIG\startupreg: PDF Complete => C:\Program Files (x86)\PDF Complete\pdfsty.exe
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: ShopAtHomeWatcher => C:\Users\McDonnell\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe
MSCONFIG\startupreg: Spotify => "C:\Users\McDonnell\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\McDonnell\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SweetIM => C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
MSCONFIG\startupreg: Sweetpacks Communicator => C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-3226330815-2963902264-1849304025-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-3226330815-2963902264-1849304025-501 - Limited - Disabled)
McDonnell (S-1-5-21-3226330815-2963902264-1849304025-1000 - Administrator - Enabled) => C:\Users\McDonnell
 
==================== Faulty Device Manager Devices =============
 
Name: SBMNTR
Description: SBMNTR
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: sbmntr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Microsoft Teredo Tunneling Adapter
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/11/2014 11:54:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8378
 
Error: (10/11/2014 11:54:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8378
 
Error: (10/11/2014 11:54:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (10/11/2014 11:54:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7379
 
Error: (10/11/2014 11:54:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7379
 
Error: (10/11/2014 11:54:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (10/11/2014 11:54:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6381
 
Error: (10/11/2014 11:54:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6381
 
Error: (10/11/2014 11:54:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (10/11/2014 11:54:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5382
 
 
System errors:
=============
Error: (10/12/2014 07:20:27 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (10/12/2014 07:20:23 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (10/12/2014 07:20:21 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (10/12/2014 07:20:21 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (10/12/2014 07:20:21 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (10/11/2014 09:19:39 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 70. The internal error state is 105.
 
Error: (10/11/2014 09:19:39 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.185.2872.0
 
Update Source: %NT AUTHORITY59
 
Update Stage: 4.6.0305.00
 
Source Path: 4.6.0305.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (10/11/2014 09:11:02 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (10/11/2014 09:10:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Search Module Update service failed to start due to the following error: 
%%2
 
Error: (10/11/2014 09:10:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The sbmntr service failed to start due to the following error: 
%%3
 
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2013-08-02 23:03:02.219
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-08-02 23:03:02.157
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-08-02 23:03:02.063
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-08-02 23:03:02.016
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-07-29 11:24:13.014
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-07-29 11:24:12.967
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Pentium® Dual-Core CPU E5800 @ 3.20GHz
Percentage of memory in use: 40%
Total physical RAM: 4061.24 MB
Available physical RAM: 2403.31 MB
Total Pagefile: 9059.42 MB
Available Pagefile: 6555.05 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:687.47 GB) (Free:452.85 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:11.06 GB) (Free:1.35 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: AC1B384A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=687.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.1 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#8 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:23 PM

Posted 12 October 2014 - 03:43 PM

Excellent, let's get started. :)

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Program Uninstalls


Please uninstall the following programs from your machine as they are all adware/malware related programs.

If one of the programs doesn't appear in the Add/Remove programs section, don't worry about it, move on to the next one.
  • Torch
  • YT Downloader
  • GoPCPro
  • I. d. l. e . C. r. a. w. l. e. r
  • RocketTab
Step 2: Fix with Farbar's Recovery Scan Tool
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the desktop as fixlist.txt

Start
(TorchMedia Inc.) C:\Users\McDonnell\AppData\Local\Torch\Update\TorchCrashHandler.exe
C:\Users\McDonnell\AppData\Local\Torch
() C:\Program Files (x86)\Search Extensions\Client.exe
C:\Program Files (x86)\Search Extensions
() C:\Users\McDonnell\AppData\Local\I. d. l. e . C. r. a. w. l. e. r\I. C. Runner.exe
C:\Users\McDonnell\AppData\Local\I. d. l. e . C. r. a. w. l. e. r
(The Chromium Authors) C:\Users\McDonnell\AppData\Local\I. d. l. e . C. r. a. w. l. e. r\Chrome-bin\chrome.exe
(The Chromium Authors) C:\Users\McDonnell\AppData\Local\I. d. l. e . C. r. a. w. l. e. r\Chrome-bin\chrome.exe
(The Chromium Authors) C:\Users\McDonnell\AppData\Local\I. d. l. e . C. r. a. w. l. e. r\Chrome-bin\chrome.exe
(The Chromium Authors) C:\Users\McDonnell\AppData\Local\I. d. l. e . C. r. a. w. l. e. r\Chrome-bin\chrome.exe
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ospd_us_161] => [X]
HKLM-x32\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
C:\Program Files (x86)\YTDownloader
HKU\S-1-5-21-3226330815-2963902264-1849304025-1000\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
SearchScopes: HKLM - {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL =
SearchScopes: HKLM - {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://www-search.net/search.aspx?s=EA7zamodu08779,cc596faa-2e76-4ee8-9e0a-8acd5b70f337,&q={searchTerms}
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
FF Plugin-x32: TorchVLC -> C:\Users\McDonnell\AppData\Local\Torch\Plugins\Video\VLC\npvlc.dll (VideoLAN)
Task: {11E05191-6407-4654-B394-46A73ACA8EDB} - System32\Tasks\Smp => C:\Program Files\Common Files\Goobzo\GBUpdate\smp.exe <==== ATTENTION
Task: {37B58F5F-CCB8-4549-B921-76B9A90A2E4A} - System32\Tasks\YTDownloader => C:\Program Files (x86)\YTDownloader\YTDownloader.exe <==== ATTENTION
R2 TorchCrashHandler; C:\Users\McDonnell\AppData\Local\Torch\Update\TorchCrashHandler.exe [1217032 2014-08-27] (TorchMedia Inc.) <==== ATTENTION
S2 SMUpd; C:\Program Files\Common Files\Goobzo\GBUpdate\smu.exe /service [X]
C:\Program Files\Common Files\Goobzo
S2 sbmntr; \??\C:\PROGRA~2\YTDOWN~1\sbmntr.sys [X]
S3 SMUpdd; \??\C:\Program Files\Common Files\Goobzo\GBUpdate\smw.sys [X]
2014-10-07 16:49 - 2014-10-07 17:09 - 00000000 ____D () C:\Program Files (x86)\ShopSave Toolbar
2014-10-07 16:49 - 2014-10-07 16:49 - 00003600 _____ () C:\Windows\System32\Tasks\YTDownloader
2014-10-07 16:49 - 2014-10-07 16:49 - 00003590 _____ () C:\Windows\System32\Tasks\YTDownloaderUpd
2014-09-24 14:11 - 2014-09-24 14:11 - 00004174 _____ () C:\Windows\System32\Tasks\RocketTab Update Task
2014-09-24 14:11 - 2014-09-24 14:11 - 00003402 _____ () C:\Windows\System32\Tasks\PastaQuotes
2014-09-24 14:11 - 2014-09-24 14:11 - 00003388 _____ () C:\Windows\System32\Tasks\RocketTab
Task: {75C06538-B48E-4587-B2F1-EEDE29087FF7} - System32\Tasks\Microsoft\Windows\Maintenance\IC Update Procedure => %LOCALAPPDATA%\I. d. l. e . C. r. a. w. l. e. r\I. C. Runner.exe
Task: {75D984A7-C235-4D00-8B44-BD01CDD33A03} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION
Task: {84B8EDBB-10F1-4727-9C11-BAAC34FE485F} - System32\Tasks\BuzzSocialPoints_DNS_Checker => C:\Windows\BuzzSocialPointsChecker\BSP_li.exe <==== ATTENTION
Task: {90301FCC-035A-4A95-8524-E50C9B9CCBAF} - System32\Tasks\SMW_UpdateTask_Time_343033373338393130302d555b373434412d45325a5b6c => Wscript.exe //B "C:\ProgramData\SearchModule\smhe.js" smu.exe /invoke /f:check_services /l:0 <==== ATTENTION
Task: {CA1704AD-1C2C-4755-8CD9-C86F9FC59BBB} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION
Task: {CED9695F-2B48-40DF-B102-5752C5594181} - System32\Tasks\RocketTab => C:\Windows\system32\cmd.exe [2010-11-20] (Microsoft Corporation) <==== ATTENTION
Task: {D590D307-FED6-45C5-866E-B50648F3796D} - System32\Tasks\RocketTab Update Task => C:\Program Files (x86)\Search Extensions\uninstall.exe [2014-09-24] () <==== ATTENTION
Task: {DF2AD028-955E-4B80-AAAB-13C78F90A676} - System32\Tasks\SMupdate1 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update1 <==== ATTENTION
Task: {F8AABA96-160C-4505-8709-63E733444447} - System32\Tasks\YTDownloaderUpd => C:\Program Files (x86)\YTDownloader\updater.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:80E965A3
Hosts:
Emptytemp:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.


Step 3: Junkware Removal Tool


thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: AdwCleaner


Download ADWcleaner by clicking here. Please save it to your Desktop


adwcleaner2_zps680e0e15.jpg
  • Double click (Vista and 7 Users)right click the adwcleaner.exe file and click Run as Adminstrator and accept the UAC prompt to run AdwCleaner
  • Close any open windows or browsers.
  • Pause your Anti-Virus program if it is running.
  • Once it starts, click on the Scan button.
  • Let the scan complete itself. This may take a few minutes.
  • Once the scan has finished, it will say "Pending, uncheck elements you don't want to remove.", don't worry about unchecking anything and then click the Clean button. When finished, it will ask to reboot. Please reboot.
  • When the machine has rebooted, a log will be produced. Please copy/paste that in your next reply. Here's how:
    • Click the Report button and the log will open. Copy and Paste the contents of the log file into your next reply.
    This report is also saved at C:\AdwCleaner[R0].txt
Step 5: Fresh Farbar's Recovery Scan Tool
  • Start Farbar's Recovery Scan Tool and press the Scan button.
  • FRST will scan your system and produce one log this time. Please post it in your next reply.
Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.


Fixlog.txt Log

Junkware Removal Tool Log

AdwCleaner Log

Fresh FRST.txt Log

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#9 sgm67

sgm67
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Virginia Beach, VA
  • Local time:06:23 PM

Posted 12 October 2014 - 09:05 PM

Is this why I am getting the "unable to connect to proxy server" messages?

#10 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:23 PM

Posted 12 October 2014 - 09:09 PM

Is this why I am getting the "unable to connect to proxy server" messages?


I'm not certain, I'll need to see the logs before I can make a determination. One of the infections may have set a proxy on your machine. Please post the logs when completed and we'll proceed. :thumbsup2:

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#11 sgm67

sgm67
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Virginia Beach, VA
  • Local time:06:23 PM

Posted 12 October 2014 - 09:25 PM

That is the problem, I cant connect to the internet to post the logs. I am replying to you via my tablet.

#12 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:23 PM

Posted 12 October 2014 - 09:41 PM

What browser are you using?

If you are using FireFox, follow these instructions to check and see if it's set to use a proxy.

1.) Click Tools and then click Tools

2.) Select the Network tab and then under Connections click Settings and make sure No Proxy is selected. Select Ok once it's checked.


Internet Explorer Instructions

1.) Click the Tools button, and then click Internet Options.

2.) Click the Connections tab, and then click LAN settings.

3.) Under the Proxy Server make sure the box is Unchecked


Please check these and let me know. :)

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#13 sgm67

sgm67
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Virginia Beach, VA
  • Local time:06:23 PM

Posted 13 October 2014 - 05:28 AM

I got the proxy server problem fixed.  Mew problem is that the FRST keeps stopping. I think it ran partially the first time I tried because there is a fixlog:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-10-2014 02
Ran by McDonnell at 2014-10-13 06:24:20 Run:5
Running from C:\Users\McDonnell\Desktop
Loaded Profile: McDonnell (Available profiles: McDonnell & Administrator)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
Start
(TorchMedia Inc.) C:\Users\McDonnell\AppData\Local\Torch\Update\TorchCrashHandler.exe
C:\Users\McDonnell\AppData\Local\Torch
() C:\Program Files (x86)\Search Extensions\Client.exe
C:\Program Files (x86)\Search Extensions
() C:\Users\McDonnell\AppData\Local\I. d. l. e . C. r. a. w. l. e. r\I. C. Runner.exe
C:\Users\McDonnell\AppData\Local\I. d. l. e . C. r. a. w. l. e. r
(The Chromium Authors) C:\Users\McDonnell\AppData\Local\I. d. l. e . C. r. a. w. l. e. r\Chrome-bin\chrome.exe
(The Chromium Authors) C:\Users\McDonnell\AppData\Local\I. d. l. e . C. r. a. w. l. e. r\Chrome-bin\chrome.exe
(The Chromium Authors) C:\Users\McDonnell\AppData\Local\I. d. l. e . C. r. a. w. l. e. r\Chrome-bin\chrome.exe
(The Chromium Authors) C:\Users\McDonnell\AppData\Local\I. d. l. e . C. r. a. w. l. e. r\Chrome-bin\chrome.exe
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ospd_us_161] => [X]
HKLM-x32\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
C:\Program Files (x86)\YTDownloader
HKU\S-1-5-21-3226330815-2963902264-1849304025-1000\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
SearchScopes: HKLM - {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL =
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
FF Plugin-x32: TorchVLC -> C:\Users\McDonnell\AppData\Local\Torch\Plugins\Video\VLC\npvlc.dll (VideoLAN)
Task: {11E05191-6407-4654-B394-46A73ACA8EDB} - System32\Tasks\Smp => C:\Program Files\Common Files\Goobzo\GBUpdate\smp.exe <==== ATTENTION
Task: {37B58F5F-CCB8-4549-B921-76B9A90A2E4A} - System32\Tasks\YTDownloader => C:\Program Files (x86)\YTDownloader\YTDownloader.exe <==== ATTENTION
R2 TorchCrashHandler; C:\Users\McDonnell\AppData\Local\Torch\Update\TorchCrashHandler.exe [1217032 2014-08-27] (TorchMedia Inc.) <==== ATTENTION
S2 SMUpd; C:\Program Files\Common Files\Goobzo\GBUpdate\smu.exe /service [X]
C:\Program Files\Common Files\Goobzo
S2 sbmntr; \??\C:\PROGRA~2\YTDOWN~1\sbmntr.sys [X]
S3 SMUpdd; \??\C:\Program Files\Common Files\Goobzo\GBUpdate\smw.sys [X]
2014-10-07 16:49 - 2014-10-07 17:09 - 00000000 ____D () C:\Program Files (x86)\ShopSave Toolbar
2014-10-07 16:49 - 2014-10-07 16:49 - 00003600 _____ () C:\Windows\System32\Tasks\YTDownloader
2014-10-07 16:49 - 2014-10-07 16:49 - 00003590 _____ () C:\Windows\System32\Tasks\YTDownloaderUpd
2014-09-24 14:11 - 2014-09-24 14:11 - 00004174 _____ () C:\Windows\System32\Tasks\RocketTab Update Task
2014-09-24 14:11 - 2014-09-24 14:11 - 00003402 _____ () C:\Windows\System32\Tasks\PastaQuotes
2014-09-24 14:11 - 2014-09-24 14:11 - 00003388 _____ () C:\Windows\System32\Tasks\RocketTab
Task: {75C06538-B48E-4587-B2F1-EEDE29087FF7} - System32\Tasks\Microsoft\Windows\Maintenance\IC Update Procedure => %LOCALAPPDATA%\I. d. l. e . C. r. a. w. l. e. r\I. C. Runner.exe
Task: {75D984A7-C235-4D00-8B44-BD01CDD33A03} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION
Task: {84B8EDBB-10F1-4727-9C11-BAAC34FE485F} - System32\Tasks\BuzzSocialPoints_DNS_Checker => C:\Windows\BuzzSocialPointsChecker\BSP_li.exe <==== ATTENTION
Task: {90301FCC-035A-4A95-8524-E50C9B9CCBAF} - System32\Tasks\SMW_UpdateTask_Time_343033373338393130302d555b373434412d45325a5b6c => Wscript.exe //B "C:\ProgramData\SearchModule\smhe.js" smu.exe /invoke /f:check_services /l:0 <==== ATTENTION
Task: {CA1704AD-1C2C-4755-8CD9-C86F9FC59BBB} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION
Task: {CED9695F-2B48-40DF-B102-5752C5594181} - System32\Tasks\RocketTab => C:\Windows\system32\cmd.exe [2010-11-20] (Microsoft Corporation) <==== ATTENTION
Task: {D590D307-FED6-45C5-866E-B50648F3796D} - System32\Tasks\RocketTab Update Task => C:\Program Files (x86)\Search Extensions\uninstall.exe [2014-09-24] () <==== ATTENTION
Task: {DF2AD028-955E-4B80-AAAB-13C78F90A676} - System32\Tasks\SMupdate1 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update1 <==== ATTENTION
Task: {F8AABA96-160C-4505-8709-63E733444447} - System32\Tasks\YTDownloaderUpd => C:\Program Files (x86)\YTDownloader\updater.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:80E965A3
Hosts:
Emptytemp:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
End
 
*****************
 
C:\Users\McDonnell\AppData\Local\Torch\Update\TorchCrashHandler.exe => No running process found
"C:\Users\McDonnell\AppData\Local\Torch" => File/Directory not found.
C:\Program Files (x86)\Search Extensions\Client.exe => No running process found
"C:\Program Files (x86)\Search Extensions" => File/Directory not found.
C:\Users\McDonnell\AppData\Local\I. d. l. e . C. r. a. w. l. e. r\I. C. Runner.exe => No running process found
"C:\Users\McDonnell\AppData\Local\I. d. l. e . C. r. a. w. l. e. r" => File/Directory not found.
C:\Users\McDonnell\AppData\Local\I. d. l. e . C. r. a. w. l. e. r\Chrome-bin\chrome.exe => No running process found
C:\Users\McDonnell\AppData\Local\I. d. l. e . C. r. a. w. l. e. r\Chrome-bin\chrome.exe => No running process found
C:\Users\McDonnell\AppData\Local\I. d. l. e . C. r. a. w. l. e. r\Chrome-bin\chrome.exe => No running process found
C:\Users\McDonnell\AppData\Local\I. d. l. e . C. r. a. w. l. e. r\Chrome-bin\chrome.exe => No running process found
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ospd_us_161 => Value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\YTDownloader => Value not found.
"C:\Program Files (x86)\YTDownloader" => File/Directory not found.
HKU\S-1-5-21-3226330815-2963902264-1849304025-1000\Software\Microsoft\Windows\CurrentVersion\Run\\YTDownloader => Value not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}" => Key not found.
"HKCR\CLSID\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}" => Key not found.
"HKCR\CLSID\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Value not found.
"HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => Key not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\TorchVLC" => Key not found.
C:\Users\McDonnell\AppData\Local\Torch\Plugins\Video\VLC\npvlc.dll not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{11E05191-6407-4654-B394-46A73ACA8EDB}" => Key not found.
C:\Windows\System32\Tasks\Smp not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Smp" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{37B58F5F-CCB8-4549-B921-76B9A90A2E4A}" => Key not found.
C:\Windows\System32\Tasks\YTDownloader not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YTDownloader" => Key not found.
TorchCrashHandler => Service not found.
SMUpd => Service not found.
"C:\Program Files\Common Files\Goobzo" => File/Directory not found.
sbmntr => Service not found.
SMUpdd => Service not found.
"C:\Program Files (x86)\ShopSave Toolbar" => File/Directory not found.
"C:\Windows\System32\Tasks\YTDownloader" => File/Directory not found.
"C:\Windows\System32\Tasks\YTDownloaderUpd" => File/Directory not found.
"C:\Windows\System32\Tasks\RocketTab Update Task" => File/Directory not found.
"C:\Windows\System32\Tasks\PastaQuotes" => File/Directory not found.
"C:\Windows\System32\Tasks\RocketTab" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{75C06538-B48E-4587-B2F1-EEDE29087FF7}" => Key not found.
C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance\IC Update Procedure not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Maintenance\IC Update Procedure" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{75D984A7-C235-4D00-8B44-BD01CDD33A03}" => Key not found.
C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Multimedia\SMupdate3" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{84B8EDBB-10F1-4727-9C11-BAAC34FE485F}" => Key not found.
C:\Windows\System32\Tasks\BuzzSocialPoints_DNS_Checker not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BuzzSocialPoints_DNS_Checker" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{90301FCC-035A-4A95-8524-E50C9B9CCBAF}" => Key not found.
C:\Windows\System32\Tasks\SMW_UpdateTask_Time_343033373338393130302d555b373434412d45325a5b6c not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SMW_UpdateTask_Time_343033373338393130302d555b373434412d45325a5b6c" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CA1704AD-1C2C-4755-8CD9-C86F9FC59BBB}" => Key not found.
C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Maintenance\SMupdate2" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CED9695F-2B48-40DF-B102-5752C5594181}" => Key not found.
C:\Windows\System32\Tasks\RocketTab not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RocketTab" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D590D307-FED6-45C5-866E-B50648F3796D}" => Key not found.
C:\Windows\System32\Tasks\RocketTab Update Task not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RocketTab Update Task" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DF2AD028-955E-4B80-AAAB-13C78F90A676}" => Key not found.
C:\Windows\System32\Tasks\SMupdate1 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SMupdate1" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F8AABA96-160C-4505-8709-63E733444447}" => Key not found.
C:\Windows\System32\Tasks\YTDownloaderUpd not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YTDownloaderUpd" => Key not found.
"C:\ProgramData\Temp" => ":80E965A3" ADS not found.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
 
=========  netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
=========  netsh advfirewall set allprofiles state on =========
 
Ok.


#14 sgm67

sgm67
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Virginia Beach, VA
  • Local time:06:23 PM

Posted 13 October 2014 - 05:34 AM

Junkware Removal Tool:

 

Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.2 (10.09.2014:1)
OS: Windows 7 Home Premium x64
Ran by McDonnell on Mon 10/13/2014 at  6:28:53.84
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-3226330815-2963902264-1849304025-1000\Software\Microsoft\Internet Explorer\Main\\Start Page
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ApnStub_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ApnStub_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iLividSetup[1]_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iLividSetup[1]_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\PricePeepInstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\PricePeepInstaller_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ApnStub_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ApnStub_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\iLividSetup[1]_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\iLividSetup[1]_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\PricePeepInstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\PricePeepInstaller_RASMANCS
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\Users\McDonnell\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage"
Successfully deleted: [File] "C:\Users\McDonnell\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage-journal"
Successfully deleted: [File] "C:\Users\McDonnell\appdata\local\google\chrome\user data\default\local storage\http_www.zabasearch.com_0.localstorage"
Successfully deleted: [File] "C:\Users\McDonnell\appdata\local\google\chrome\user data\default\local storage\http_www.zabasearch.com_0.localstorage-journal"
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\searchmodule"
Successfully deleted: [Folder] "C:\Users\McDonnell\AppData\Roaming\pccustubinstaller"
Successfully deleted: [Folder] "C:\Users\McDonnell\AppData\Roaming\systweak"
Successfully deleted: [Folder] "C:\Users\McDonnell\appdata\local\cre"
Successfully deleted: [Folder] "C:\Users\McDonnell\appdata\local\globalupdate"
Successfully deleted: [Folder] "C:\Users\McDonnell\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\globalupdate"
Successfully deleted: [Folder] "C:\Program Files (x86)\predm"
Successfully deleted: [Folder] "C:\Windows\buzzsocialpointschecker"
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{009EA09B-53ED-4BB2-B947-143142C8883B}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{01B42FBB-BD54-426D-AA61-6A5DA0F6872A}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{02FD4DB1-2955-4CD0-A748-F36D96F0A7C6}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{039D5E24-8959-43DB-BA52-81ECE4644CCF}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{03BBC8ED-6F4B-41D3-B2C4-72EA40E66545}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{0500D016-63DA-470C-9A36-E068B1B3B1E7}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{05575ABD-2FF7-4219-82E3-A3075A76B0F1}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{061D7007-ABF0-4B5E-A4AC-428226F9DF45}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{08980F04-23C5-4628-B362-3D764500DFB0}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{0B2EFD6F-BEFE-466D-827E-B6BB4C8C7C4D}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{0B6CD025-42EF-4701-8820-0561457EA774}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{0B9A4FCD-CEA3-4871-8ED6-BC07694758C2}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{0B9A5971-5C00-49DE-BED1-E508B63EC2D8}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{0BF876C9-110D-4934-BB7E-5ABC57AA6870}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{0C471239-047D-4EE4-9154-6AE47DE622C1}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{0ECA28AB-970B-4CA7-9C2F-59A3F180622B}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{0F5B032C-285F-48C8-B807-9A99A12E5CC1}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{10CE4D93-29AA-4AF9-BA03-ADCA4E0613F0}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{11390CF4-EEC1-44CC-A33D-265409F88594}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{114CF967-F454-4BAA-A198-326FDCFDF2F2}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{11E4C829-2EB7-4970-B0F9-EFF834F3A6D2}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{11F28B7C-980B-41D3-A8DC-9B6B32D939AC}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{1315A6A8-968C-4559-861A-C165E6C73710}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{139303F4-398E-46FD-A7EC-AABD16AAE81B}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{13C1FC90-2F07-4B2C-A951-4651532ED626}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{155FD6F5-39A9-4DDC-A1A2-F733521A563F}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{160F2238-416D-48BA-ADE7-67310B1A353D}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{163FADF2-8611-4829-BB46-5954AA415BAA}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{19131529-EB85-4668-B353-367541BB9754}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{199D23EF-6A5C-4FE6-8523-EE2AC91862E4}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{1A204C0F-0CB2-437C-AE33-8E5A1586846E}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{1BC8F2B7-8E2A-425A-9BD6-3F1C816B1D9A}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{1C808561-F58C-4D76-999F-6F65B7A75FF2}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{1CB7CA32-D5B6-4A47-8D01-18C502CBE3DC}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{1CF4E0BA-1313-43B9-857A-44816819871B}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{1E536694-880A-44DC-B656-FC3919B89E68}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{1EBD7B52-53F9-405B-9E4D-9235065F4F9E}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{209DD16B-F976-45EC-AE39-92698ABCA874}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{2124065E-CD30-4D0E-9DD9-6D371B175A40}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{2454A8EE-4DE0-427C-9420-CAB2ECE9CFEB}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{24E7B657-0195-4C1B-B1FC-F9B54B08F996}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{25D64B04-152C-4BB6-9C2F-33380196A32E}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{2644676D-26D5-43DB-AFB3-8F83CD9F9F2A}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{26D2C0A7-46CC-46C1-BFC8-FB03FBD26EC1}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{26F0D361-C219-4E3E-B571-14510A077F6E}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{27931E76-5630-4F2E-8EC4-243E44598B34}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{29ADFA0C-7AB9-4786-8207-43492056F319}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{29B26042-FFC6-45D0-900D-5EBCF6690FAA}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{2A41DDF0-E3B5-4109-B498-E7BD27F51142}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{2CABAD40-E39E-4641-99D9-676DBAB65109}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{2D73D4AC-DF19-46C4-BD9A-EEF88CB9F1F5}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{2E22927D-0A9D-459B-B455-FA30735781C4}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{2ED728E9-4B40-4774-9D17-B198FE9A924C}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{2F021A4B-362F-47BB-9BE7-F6A5C8EB1536}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{2F8395F1-664C-4EE4-8405-EA9811CCB744}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{30688171-7A31-4EC1-9EEA-8980108A389A}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{31ED4FAF-481E-43B4-805F-EE3E7C801443}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{3596A752-C962-49B9-8567-3D2AEC14095E}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{360EF4ED-E3D0-4240-B918-1206B3C61A18}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{36B8791E-9105-4825-9F7D-A24E0AB54AAE}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{38A30199-8613-4A62-9B39-3C3C0927079D}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{38C3AD4B-C4C9-4BBF-96AB-D77955AB357A}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{3A310B80-1D5F-4CD1-ADAD-4D6921FB71D6}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{3A7A59D7-15F6-4EBB-B4E7-E9B705C36221}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{3AC78C91-139C-46F5-A2CB-236D6A387E8A}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{3C25B41A-E2C4-49E5-A2C8-BBF760AF401B}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{3CB7A813-8D08-49F0-BD78-BCC30D943F88}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{3D101601-BC7E-4017-8DE0-C99187534340}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{3D2DF4B3-09F5-4A31-915E-B7AA7E2E95AC}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{3D760C74-2F90-4D7C-96B0-5A1809686DBA}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{3E19DE46-0538-4285-9447-2FF17D987C67}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{3E41CBD8-BA28-45C8-A44D-7E6AFF0C7CF5}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{42AFE18A-8E2A-421E-9EF4-E39DFB3BFB63}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{4387389A-CFB5-4E62-B743-811D97EE95C4}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{43C9DC23-5A72-4141-9015-BCF92CEEFA35}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{455763C4-EA2F-47F5-8CD1-7A8DE9B3913D}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{45FAEE61-9EA5-4C09-B0F9-92C7BC4124FF}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{464743A1-2CC3-4395-89BD-CBFB689C0C2A}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{468F532F-5246-4C8A-B84F-474142C129F1}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{48BD58A3-B471-4080-8E99-FCEC475F8CBE}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{49369805-3540-4BE3-9BB2-0850F8915F23}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{4942E077-71DC-4E7C-8912-0E1C1DDA8B58}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{4A8049A2-8863-4162-BE2F-1A8FD08E7897}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{4AEFC0E5-E3F9-4A34-B04D-78C7DC627BA4}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{4B59F65A-CCF1-4BC4-A34C-3C119853FCD8}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{4C7CC83F-841E-4528-A2B5-CE534C4D53DA}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{4CA41269-56F2-4B08-B2CE-8B0DFC3FD747}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{4E88FC8F-566A-4D41-98B3-DDEB81602634}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{4F9D0C3C-8478-4C21-A89E-DEB7510A8197}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{51A183EC-3CD4-4468-98D5-43D1DD24B0B6}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{51C883AD-09AC-46B5-89F1-F3E7B9F08DA1}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{5241B0CB-FB31-49E0-82E7-0733FF35D4F6}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{535A06D6-D47B-4C02-803D-6E7688D2EF49}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{537371B7-9984-4397-95D7-571313A6CA13}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{5A30FFB3-0E35-403A-9969-DB0389848265}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{5BC73B20-7A09-404A-BA0D-AA0E64C3DE51}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{5BF36A30-5727-40B5-8C78-61A5830527F9}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{63200E84-1FA4-4DDF-AAF8-C75188DB06F0}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{64DEE9D4-5BE9-4952-A637-F5AD86CFB5A2}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{6529F0E8-39E6-47E4-B68D-D801303BA3C8}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{661FC70E-B9BE-45D0-9407-72FBD51E8513}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{66AE7948-E9F7-4276-83BE-C8602DF69739}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{67258BA1-128B-4EE4-BC13-4F928B9BD374}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{69ED3CA4-964A-406B-8A37-8CA47F335CF4}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{6A81B8D2-FD96-4FD0-BA73-E3A4167FF965}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{6CCF79EF-C4F0-4C24-86C8-5E6739622A4B}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{6F095A71-7B38-488A-9488-D62BAB916A64}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{71C36580-7C04-41BE-A86E-D90F2B4826EA}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{7233E119-81E4-4D62-8DF7-93CDA57F6D5E}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{733FA2F6-8803-4526-9E0C-9380F89B64F3}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{737FFEEB-6229-4F2B-AB3B-404BA9E339AF}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{73B31B8E-932F-4FC5-BD68-D229847F01B9}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{7569A051-6D01-43B9-81C4-07AEA00E5670}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{79EC9C80-D0E2-494A-8602-EEB6A90400AD}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{7ABE9D74-3372-48DF-8BE9-7AB3E055E4A9}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{7B6E417D-D7EA-4187-8800-F8CC8D5F0BB7}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{7B99A17E-AF8A-49D7-AACE-05A3BECB08D8}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{7BD178B9-28F8-4D93-A53C-715705A28D65}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{7D394587-1231-4556-B280-5CA216F0D4CE}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{7F711874-BBCA-4FA5-8A0C-3C9EAE77275F}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{80445774-3B20-4FD3-A9E7-EB33C8C04ED7}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{80D392D9-126B-49E0-A090-D715ECEE7738}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{81514127-4E02-4DB5-8E88-D3E924517605}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{84A09C91-0C62-406F-923C-A031A1DC5803}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{850D8336-4447-4C66-B791-2E28F57FFA63}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{8588EB39-3553-4206-BCE0-C23765B343D6}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{85C8336B-24CD-425B-AC6A-2C127507880E}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{85D7CFE4-6A5D-4A7C-8D4E-F6A1F905F43F}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{878C80E4-5FA3-4E73-8F59-8FF268573305}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{8882DE42-402B-4F79-AB5A-C7CA0BD63E7C}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{899A0372-361A-4148-9414-81737EF91FAE}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{8B7B310F-E0CB-4CCE-B5A8-9AC12D113569}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{8E339022-1F30-427C-A380-85C487CC262B}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{8EA6F626-7956-48E8-B496-5B8C639A816E}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{8F32B384-1281-4CB3-BB36-C4AA1DB73F90}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{9083C860-B1F0-4995-906F-E5895FC86E6F}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{9346E086-5F38-48EC-952B-BC51A96D10B6}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{939535D8-4876-4823-A0CF-D7FCCD49BCAE}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{94EB8035-6254-4840-ABE4-C4789F9E34CE}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{95B7714A-9BE9-48C8-A138-3D5115E79DD4}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{96BE540D-617C-4330-B678-0E55477D0711}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{97B941C2-4C17-4F32-98B7-8EE01506D01F}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{97C3BC54-11BE-450C-BA13-EE488F5F7E9C}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{98C333CD-DBBE-4422-A614-F7A0DB8F2C49}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{9CD6C5A4-26AC-4C42-A9E7-57BFB4C6FBEE}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{9CFDE3EC-AE62-4DA7-AE63-84A1D854D1BA}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{A158C87E-6E55-4E85-A4F9-B32B9024EA3B}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{A23F3F98-545F-4958-A7E5-632703D56261}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{A5277327-813B-45BE-9456-1DBBA5BD03E4}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{A81E3575-A577-4F4F-8263-1780F5FA39C3}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{A8756DE2-9DA3-49F4-8349-8B3E63D64CF7}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{A8B4F308-F599-4A6A-91C7-BC9E1DF7C92E}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{A8CD59A0-524A-46D2-8949-3388F1A5E013}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{AA2BD440-08B9-4E26-B558-1B6AB2DB6ABF}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{AA53E3C6-F1F8-47BE-9E60-A0920DBF7AC2}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{AAA5223F-9290-489F-B72A-B575FAFBB00E}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{AB2FE6B2-8E54-47CC-A0A2-9ACA3777E119}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{ABFEE189-27FD-4F9D-85A6-6540EB52BEEE}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{ADFC03D0-A115-47D6-8E43-46DE6A7C5141}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{AEE47E8C-52AA-47C4-B922-7157C999A147}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{AEFEE81D-F956-41EC-9055-17883D02329D}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{B239214C-2FD8-4FF2-AB31-A3BDE5024771}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{B2964835-FD34-443C-AE42-E54D4798BB3B}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{B3ED1023-D75A-40A6-ABA4-1682A06DA3CD}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{B4106F22-4720-4121-AE1A-B76E7C2FCC61}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{B4A136A8-2EDC-4681-A3CF-6E685C03B0B2}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{B4AE0CE4-DD36-4812-99E0-F36AD93D9540}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{B720518D-8ECB-4FCB-BE79-7EC17BB7AAAD}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{B7A31010-26D3-4C15-A0F7-787518E253C0}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{B8680486-951B-4AE8-A6A1-A15C04A1F9D7}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{B86DADB6-D7CA-41CB-B650-952BB731AFCB}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{B8A1D27D-C4CC-48B0-B231-4C7B10B6F4EE}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{B8C963CF-9D19-45A1-92AA-F8AFC13FA689}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{B9E3BF7E-7670-4947-88F8-B604E5A478CC}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{B9EAFB96-BC47-47D2-A83C-370EC6DB2540}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{BAB34324-09BA-45C3-9FF0-6062AD6CB801}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{BDB1B085-6A1D-46FE-8E99-691D585E2D19}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{BF33534A-C764-475C-8658-35C266655034}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{C163B527-44B5-460B-A7E0-B0CEF0EAA554}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{C28CE98A-8299-45DB-B987-0F753CE51360}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{C343F2C4-2423-4270-8D5B-15681E9E448C}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{C64116F3-3F54-4E09-AF90-146B1C990E1A}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{C6C5DEC5-779A-4DAE-8F4C-04E7B37697BD}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{C7601FF3-7F7E-43FD-98A6-82C43F71F333}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{C7982A33-AB14-4CEE-BE6E-3138998220D3}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{C7D25A8D-83D6-480E-B598-074829A76198}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{C97D51D0-2BF2-43B7-95A8-C87F7BD21B8D}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{C9A7FA76-2FB6-42C2-A40F-493EB0387FA0}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{CA1E8A9D-2C60-43FA-BEB6-14723B35768C}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{CA7C15B4-5930-4BFE-8DC6-9899CCE467BA}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{CB78AF63-7631-4763-A3F5-0CFEDB16FF18}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{CB7B641A-D93E-407F-B6BF-E4320F5D6651}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{CBAFC87C-2883-4C66-858C-6910BF78C313}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{CBB11812-4A2F-4FB4-AB03-BDE71B9F4993}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{CC2A2F6A-ED30-4C62-A4C7-2FAB4CC1A6E8}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{CC8D67AC-4EB3-4F63-BE94-FC45E15EEFAA}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{CE054BB7-E322-419F-8FB8-B04D377B5EA7}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{CE0D4CAC-730C-4B91-AB94-DCD275C02B0E}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{CEE4E628-8513-4F96-BEEA-A375465E67B4}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{CF0F5A7C-E4D5-4726-BC56-0F533294B8BE}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{CF620237-E5EF-4DC1-9415-5F91DF0BC220}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{CFE6C03E-F064-4243-A34D-3504D5FCC357}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{D0A12BAC-FB3C-421F-B301-6DB064E374F1}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{D1AA05E8-C189-4F1A-B327-986567101BA5}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{D2FCD616-D677-4420-8AA0-66AAF8A34D77}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{D5F58543-E22E-4E86-B335-3BFB2A3871D1}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{D71989A2-08E9-4931-B17A-60D501AD8B06}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{D7C1FACA-C622-4EA7-88D8-08E59D5E8765}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{D8BBF071-494A-48AD-B670-C24A1D6DFDF3}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{DA994483-0C0D-4844-9757-A361567E05A9}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{DAA52540-CF58-428C-A84F-2BC1BC8FD1A3}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{DBFD2EF7-1A94-40C3-AA85-55FDC236D127}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{DD398501-BFB2-4396-B8EC-0F2240ED3F93}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{DDA483A9-72F6-4803-AB02-834AD4E72DF9}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{DEAD6CC6-6609-4FC8-A2DD-831E4EA27102}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{E074B0FA-F5D8-41DF-975E-7FBB9906825E}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{E1A9CB38-7DC5-4CCE-ADF9-3E020CCF8E78}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{E24608D6-C7B8-4937-9919-BFF833622F55}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{E34268D0-CD2B-423B-8671-F8DD19DD4150}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{E44A330E-2372-4D60-B120-B6DB0F782014}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{E6E18067-2FE2-4A32-908A-39A3702226EE}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{E7DC1EAD-6480-4C24-8967-119EBC8DC3A6}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{E9397D7C-66FB-498D-8304-4A02D1715F2C}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{EA1568DF-541E-4509-917E-D21AD8379369}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{EB20ED12-13CD-4A19-ACD4-57DEEB03C013}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{EC0C5076-BAF1-4E43-AE83-83F5922EAD26}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{ECA6B450-F390-445F-83FE-BFB005059A61}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{EEB03F00-5CAD-4E7F-AB59-A89FA5C94BE9}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{EFE59D7F-92B9-45C8-9BB2-D0CEA7FEDC0E}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{F1ABE1F2-FDF4-4F64-BB28-3B89C470FE61}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{F26C7E25-3911-4A43-810F-284EF5A46755}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{F33C07A7-5203-4F73-AE79-4B0520BC4B6A}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{F6395FB8-8E7C-40AB-84EC-F3D9A2883739}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{F6F2B026-2BB2-4100-9BB4-6F086A36EB83}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{FD563C61-0085-48E5-8417-D1E008762257}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{FD6541CB-AC09-4F82-9198-303E0B27E08C}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{FD9509B8-5EB5-48B2-8785-5EAF359AF022}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{FEFC47BC-F8C4-4027-8904-65D07C044547}
Successfully deleted: [Empty Folder] C:\Users\McDonnell\appdata\local\{FFBF29E3-3E1D-42AB-BE8E-6D868D89A91B}
 
 
 
~~~ Chrome
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Google\Chrome\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 10/13/2014 at  6:31:56.56
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#15 sgm67

sgm67
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Virginia Beach, VA
  • Local time:06:23 PM

Posted 13 October 2014 - 05:37 AM

Just an FYI-Neither the Junkware or the Adw gave me the option of saving to desktop.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users