Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Fake Rogue Chrome Processes (Gtlpdhntqzuc.exe*32) - Can't remove


  • This topic is locked This topic is locked
16 replies to this topic

#1 subdadx4

subdadx4

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia
  • Local time:05:18 PM

Posted 29 October 2014 - 09:25 PM

Similar to many other posts, I have been infected with malware that is running multiple (6-10) "Google Chrome" processes in the background, eating memory and processing. I believe I was recently infected. Files for the process are dated 10/25.  I don't know how to remove the files. When stopping as a process, they regenerate.  They do not run when in Safe Mode. It is not detected by MalwareBytes or SpyHunter.

 

Log files attached below.

 

Thank you in advance for your help in resolving this issue.

Attached Files



BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:01:18 AM

Posted 01 November 2014 - 03:21 AM

Hello! Welcome to BleepingComputer Forums! :welcome:
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

 

Please download the latest version of Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

 

Regards,

Georgi


cXfZ4wS.png


#3 subdadx4

subdadx4
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia
  • Local time:05:18 PM

Posted 01 November 2014 - 08:26 AM

Georgi, 

 

Results below.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-11-2014
Ran by Chris (administrator) on HOME-HP on 01-11-2014 09:09:44
Running from C:\Users\Chris\Desktop
Loaded Profiles: Chris &  (Available profiles: Chris & Anne & Hannah)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(CyberLink) C:\Program Files (x86)\Cyberlink\YouCam\YCMMirage.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NDS Technologies) C:\Users\Chris\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
(Dropbox, Inc.) C:\Users\Chris\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR_HIDList.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(RealNetworks, Inc.) C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
(Intuit Inc.) C:\Program Files (x86)\Quicken\qw.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\outlook.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\excel.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
() C:\Users\Chris\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunes.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\ATH.exe
(Google Inc.) C:\Users\Chris\AppData\LocalLow\DTV\Mmtpyiy\equpupswk\Gtlpdhntqzuc.exe
(Google Inc.) C:\Users\Chris\AppData\LocalLow\DTV\Mmtpyiy\equpupswk\Gtlpdhntqzuc.exe
(Google Inc.) C:\Users\Chris\AppData\LocalLow\DTV\Mmtpyiy\equpupswk\Gtlpdhntqzuc.exe
(Google Inc.) C:\Users\Chris\AppData\LocalLow\DTV\Mmtpyiy\equpupswk\Gtlpdhntqzuc.exe
(Google Inc.) C:\Users\Chris\AppData\LocalLow\DTV\Mmtpyiy\equpupswk\Gtlpdhntqzuc.exe
(Google Inc.) C:\Users\Chris\AppData\LocalLow\DTV\Mmtpyiy\equpupswk\Gtlpdhntqzuc.exe
(Google Inc.) C:\Users\Chris\AppData\LocalLow\DTV\Mmtpyiy\equpupswk\Gtlpdhntqzuc.exe
(Google Inc.) C:\Users\Chris\AppData\LocalLow\DTV\Mmtpyiy\equpupswk\Gtlpdhntqzuc.exe
(Google Inc.) C:\Users\Chris\AppData\LocalLow\DTV\Mmtpyiy\equpupswk\Gtlpdhntqzuc.exe
(Google Inc.) C:\Users\Chris\AppData\LocalLow\DTV\Mmtpyiy\equpupswk\Gtlpdhntqzuc.exe
(Google Inc.) C:\Users\Chris\AppData\LocalLow\DTV\Mmtpyiy\equpupswk\Gtlpdhntqzuc.exe
(Google Inc.) C:\Users\Chris\AppData\LocalLow\DTV\Mmtpyiy\equpupswk\Gtlpdhntqzuc.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11046504 2010-07-13] (Realtek Semiconductor)
HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2780776 2011-07-19] (CANON INC.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-01-13] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [BATINDICATOR] => C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR.exe [2095616 2010-07-20] (Hewlett-Packard)
HKLM-x32\...\Run: [BATINDICATORHL] => C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR_HIDList.exe [557056 2010-07-23] (Hewlett-Packard)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [656920 2011-02-01] (PDF Complete Inc)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1637496 2011-08-04] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [468112 2011-07-25] (CANON INC.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [296520 2014-08-06] (RealNetworks, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-10-21] (Hewlett-Packard)
HKU\S-1-5-21-1599699772-3987543433-2460038584-1000\...\Run: [MobileDocuments] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
HKU\S-1-5-21-1599699772-3987543433-2460038584-1000\...\Run: [PCShowServer] => C:\Users\Chris\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe [351888 2012-04-02] (NDS Technologies)
HKU\S-1-5-21-1599699772-3987543433-2460038584-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-1599699772-3987543433-2460038584-1000\...\Run: [qksqrsly] => regsvr32.exe /s "C:\Users\Chris\AppData\Local\ATI\qksqrsly.dll" <===== ATTENTION
HKU\S-1-5-21-1599699772-3987543433-2460038584-1000\...\MountPoints2: {709e32cf-af10-11e3-b519-e89a8f36ed4b} - F:\LaunchU3.exe -a
HKU\S-1-5-21-1599699772-3987543433-2460038584-1000\...\MountPoints2: {80e4bd77-6dbc-11e3-9512-e89a8f36ed4b} - F:\HPLauncher.exe
HKU\S-1-5-21-1599699772-3987543433-2460038584-1000\...\MountPoints2: {86e7470e-0485-11e2-99cc-e89a8f36ed4b} - F:\LaunchU3.exe -a
HKU\S-1-5-21-1599699772-3987543433-2460038584-1000\...\MountPoints2: {86e7471a-0485-11e2-99cc-e89a8f36ed4b} - F:\LaunchU3.exe -a
HKU\S-1-5-21-1599699772-3987543433-2460038584-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [MobileDocuments] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
HKU\S-1-5-21-1599699772-3987543433-2460038584-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [PCShowServer] => C:\Users\Chris\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe [351888 2012-04-02] (NDS Technologies)
HKU\S-1-5-21-1599699772-3987543433-2460038584-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-1599699772-3987543433-2460038584-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [qksqrsly] => regsvr32.exe /s "C:\Users\Chris\AppData\Local\ATI\qksqrsly.dll" <===== ATTENTION
HKU\S-1-5-21-1599699772-3987543433-2460038584-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {709e32cf-af10-11e3-b519-e89a8f36ed4b} - F:\LaunchU3.exe -a
HKU\S-1-5-21-1599699772-3987543433-2460038584-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {80e4bd77-6dbc-11e3-9512-e89a8f36ed4b} - F:\HPLauncher.exe
HKU\S-1-5-21-1599699772-3987543433-2460038584-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {86e7470e-0485-11e2-99cc-e89a8f36ed4b} - F:\LaunchU3.exe -a
HKU\S-1-5-21-1599699772-3987543433-2460038584-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {86e7471a-0485-11e2-99cc-e89a8f36ed4b} - F:\LaunchU3.exe -a
HKU\S-1-5-21-1599699772-3987543433-2460038584-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_15_0_0_152_Plugin.exe [854192 2014-09-09] (Adobe Systems Incorporated)
HKU\S-1-5-21-1599699772-3987543433-2460038584-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {709e32cf-af10-11e3-b519-e89a8f36ed4b} - F:\LaunchU3.exe -a
HKU\S-1-5-21-1599699772-3987543433-2460038584-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {86e7470e-0485-11e2-99cc-e89a8f36ed4b} - F:\LaunchU3.exe -a
HKU\S-1-5-21-1599699772-3987543433-2460038584-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {86e7471a-0485-11e2-99cc-e89a8f36ed4b} - F:\LaunchU3.exe -a
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk
ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (RealNetworks, Inc.)
Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Chris\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.usaa.net/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie/button/search.html
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.earthlink.net/partner/more/msie/button/search.html
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.earthlink.net/partner/more/msie/button/search.html
HKCU\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.refdesk.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/yme/*http://www.yahoo.com/ext/search/search.html
URLSearchHook: HKCU - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM - {0B4A10D1-FBD6-451d-BFDA-F03252B05984} URL = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&query={searchTerms}&invocationType=tb50trie7
SearchScopes: HKLM - {1F4739F6-D0B7-4283-A227-5B761036AAA3} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 - {1F4739F6-D0B7-4283-A227-5B761036AAA3} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKCU - {1F4739F6-D0B7-4283-A227-5B761036AAA3} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKCU - {8297F4B0-2083-4090-A155-8999CBDE1E5C} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3209604
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKCU - {E383902E-1108-4590-B850-E905BD898531} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\6sfi8jhm.default
FF Homepage: hxxp://www.refdesk.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Windows\SysWOW64\npdeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=17.0.11.0 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=17.0.11 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.11 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=17.0.11 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.11.0 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\5\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @hulu.com/Hulu Desktop -> C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll (Hulu LLC)
FF Plugin HKCU: @nds.com/PCShowPlugin -> C:\Users\Chris\AppData\Local\DIRECTV Player\npPCShowPlugin.dll (NDS)
FF Plugin HKCU: @nds.com/PlayerPlugin -> C:\Users\Chris\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (NDS)
FF Plugin HKCU: NDS.com/PlayerPlugin -> C:\Users\Chris\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (NDS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPCltInst11.dll (iLinc Communications, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll (RealPlayer Cloud)
FF Extension: CouponAmazing - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\6sfi8jhm.default\Extensions\couponamazing@jetpack [2013-01-06]
FF Extension: YouTube Center - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\6sfi8jhm.default\Extensions\jid1-cwbvBTE216jjpg@jetpack.xpi [2013-11-22]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-05-18]
FF HKLM-x32\...\Firefox\Extensions: [{1DD9AC48-0855-4AE7-9934-159B4377FFA2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-08-06]
FF Extension: No Name - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\6sfi8jhm.default\extensions\crossriderapp21058@crossrider.com [Not Found]

Chrome:
=======
CHR Profile: C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-02-20]
CHR Extension: (Google Drive) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-02-20]
CHR Extension: (YouTube) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-02-20]
CHR Extension: (Google Search) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-02-20]
CHR Extension: (RealDownloader) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-02-20]
CHR Extension: (Gmail) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-02-20]
CHR HKLM-x32\...\Chrome\Extension: [gkchbifjjnafgoolbibfmgkibbngknkk] - C:\Users\Chris\AppData\Local\Savings Explorer\Chrome\Savings Explorer.crx []
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2014-06-10]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2436280 2014-09-25] (Microsoft Corporation)
S2 CLKMSVC10_38F51D56; c:\Program Files (x86)\Cyberlink\PowerDVD10\NavFilter\kmsvc.exe [241648 2011-01-25] (CyberLink)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1127448 2011-02-01] (PDF Complete Inc)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-06-10] ()
R2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-08-06] (RealNetworks, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-06-10] () [File not signed]
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1025408 2014-01-09] (Enigma Software Group USA, LLC.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [14872 2014-01-07] ()
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2012-06-22] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-01] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-01 09:09 - 2014-11-01 09:12 - 00032799 _____ () C:\Users\Chris\Desktop\FRST.txt
2014-11-01 09:09 - 2014-11-01 09:09 - 00000000 ____D () C:\FRST
2014-11-01 09:05 - 2014-11-01 09:05 - 02114048 _____ (Farbar) C:\Users\Chris\Desktop\FRST64.exe
2014-10-29 22:09 - 2014-10-29 22:11 - 00030510 _____ () C:\Users\Chris\Desktop\dds.txt
2014-10-29 22:09 - 2014-10-29 22:11 - 00019271 _____ () C:\Users\Chris\Desktop\attach.txt
2014-10-29 22:07 - 2014-10-29 22:07 - 00688992 ____R (Swearware) C:\Users\Chris\Desktop\dds.com
2014-10-29 22:06 - 2014-10-29 22:06 - 00688992 _____ (Swearware) C:\Users\Chris\Downloads\dds.com
2014-10-28 06:04 - 2014-11-01 09:02 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-28 06:04 - 2014-10-28 06:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-28 06:04 - 2014-10-28 06:04 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-28 06:04 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-28 06:04 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-27 21:52 - 2014-10-27 21:52 - 00000000 _____ () C:\autoexec.bat
2014-10-27 21:51 - 2014-10-27 21:51 - 00003324 _____ () C:\Windows\System32\Tasks\SpyHunter4Startup
2014-10-27 21:51 - 2014-10-27 21:51 - 00002260 _____ () C:\Users\Chris\Desktop\SpyHunter.lnk
2014-10-27 21:51 - 2014-10-27 21:51 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2014-10-27 21:51 - 2014-10-27 21:51 - 00000000 ____D () C:\sh4ldr
2014-10-27 21:51 - 2014-10-27 21:51 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-10-27 21:51 - 2012-06-22 11:01 - 00022704 _____ () C:\Windows\system32\Drivers\EsgScanner.sys
2014-10-27 21:48 - 2014-10-27 21:51 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-10-17 16:51 - 2014-10-17 16:51 - 00001785 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-10-17 16:51 - 2014-10-17 16:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-10-17 16:50 - 2014-10-17 16:51 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-10-17 16:50 - 2014-10-17 16:51 - 00000000 ____D () C:\Program Files\iTunes
2014-10-17 16:50 - 2014-10-17 16:51 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-10-17 16:50 - 2014-10-17 16:50 - 00000000 ____D () C:\Program Files\iPod
2014-10-14 19:05 - 2014-10-06 22:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-14 19:05 - 2014-10-06 22:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-14 19:05 - 2014-09-28 20:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-14 19:05 - 2014-09-25 18:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-14 19:05 - 2014-09-25 18:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-14 19:05 - 2014-09-25 18:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-14 19:05 - 2014-09-25 18:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-14 19:05 - 2014-09-25 18:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-14 19:05 - 2014-09-25 18:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-14 19:05 - 2014-09-25 18:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-14 19:05 - 2014-09-18 22:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-14 19:05 - 2014-09-18 21:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-14 19:05 - 2014-09-18 21:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-14 19:05 - 2014-09-18 21:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-14 19:05 - 2014-09-18 21:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-14 19:05 - 2014-09-18 21:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-14 19:05 - 2014-09-18 21:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-14 19:05 - 2014-09-18 21:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-14 19:05 - 2014-09-18 21:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-14 19:05 - 2014-09-18 21:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-14 19:05 - 2014-09-18 21:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-14 19:05 - 2014-09-18 21:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-14 19:05 - 2014-09-18 21:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-14 19:05 - 2014-09-18 21:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-14 19:05 - 2014-09-18 21:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-14 19:05 - 2014-09-18 21:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-14 19:05 - 2014-09-18 21:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-14 19:05 - 2014-09-18 21:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-14 19:05 - 2014-09-18 21:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-14 19:05 - 2014-09-18 21:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-14 19:05 - 2014-09-18 21:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-14 19:05 - 2014-09-18 21:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-14 19:05 - 2014-09-18 21:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-14 19:05 - 2014-09-18 21:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-14 19:05 - 2014-09-18 21:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-14 19:05 - 2014-09-18 21:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-14 19:05 - 2014-09-18 20:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-14 19:05 - 2014-09-18 20:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-14 19:05 - 2014-09-18 20:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-14 19:05 - 2014-09-18 20:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-14 19:05 - 2014-09-18 20:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-14 19:05 - 2014-09-18 20:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-14 19:05 - 2014-09-18 20:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-14 19:05 - 2014-09-18 20:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-14 19:05 - 2014-09-18 20:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-14 19:05 - 2014-09-18 20:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-14 19:05 - 2014-09-18 20:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-14 19:05 - 2014-09-18 20:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-14 19:05 - 2014-09-18 20:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-14 19:05 - 2014-09-18 20:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-14 19:05 - 2014-09-18 20:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-14 19:05 - 2014-09-18 20:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-14 19:05 - 2014-09-18 20:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-14 19:05 - 2014-09-18 19:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-14 19:05 - 2014-09-18 19:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-14 19:05 - 2014-09-18 19:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-14 19:05 - 2014-09-18 19:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-14 19:05 - 2014-08-18 23:11 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-10-14 19:05 - 2014-08-18 23:10 - 00616352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2014-10-14 19:05 - 2014-08-18 23:08 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-10-14 19:05 - 2014-08-18 23:08 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-14 19:05 - 2014-08-18 23:08 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2014-10-14 19:05 - 2014-08-18 23:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2014-10-14 19:05 - 2014-08-18 23:07 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2014-10-14 19:05 - 2014-08-18 23:07 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-14 19:05 - 2014-08-18 23:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-14 19:05 - 2014-08-18 23:07 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-10-14 19:05 - 2014-08-18 22:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2014-10-14 19:05 - 2014-08-18 22:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2014-10-14 19:05 - 2014-08-18 22:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-14 19:05 - 2014-07-06 22:07 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-10-14 19:05 - 2014-07-06 22:07 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-14 19:05 - 2014-07-06 22:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-14 19:05 - 2014-07-06 22:06 - 05551032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-14 19:05 - 2014-07-06 22:06 - 04120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-14 19:05 - 2014-07-06 22:06 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-14 19:05 - 2014-07-06 22:06 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-14 19:05 - 2014-07-06 22:06 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-14 19:05 - 2014-07-06 22:06 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-14 19:05 - 2014-07-06 22:06 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-14 19:05 - 2014-07-06 22:06 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-14 19:05 - 2014-07-06 22:06 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-14 19:05 - 2014-07-06 22:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-14 19:05 - 2014-07-06 22:06 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-10-14 19:05 - 2014-07-06 22:06 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-14 19:05 - 2014-07-06 22:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-10-14 19:05 - 2014-07-06 22:06 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-14 19:05 - 2014-07-06 22:06 - 00368128 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-14 19:05 - 2014-07-06 22:06 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-14 19:05 - 2014-07-06 22:06 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-10-14 19:05 - 2014-07-06 22:06 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-10-14 19:05 - 2014-07-06 22:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-14 19:05 - 2014-07-06 22:06 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-14 19:05 - 2014-07-06 22:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-14 19:05 - 2014-07-06 22:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-14 19:05 - 2014-07-06 22:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-14 19:05 - 2014-07-06 22:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-14 19:05 - 2014-07-06 22:06 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-10-14 19:05 - 2014-07-06 22:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-10-14 19:05 - 2014-07-06 22:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-10-14 19:05 - 2014-07-06 22:05 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-10-14 19:05 - 2014-07-06 22:05 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-10-14 19:05 - 2014-07-06 22:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-14 19:05 - 2014-07-06 21:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-14 19:05 - 2014-07-06 21:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-10-14 19:05 - 2014-07-06 21:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-10-14 19:05 - 2014-07-06 21:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2014-10-14 19:05 - 2014-07-06 21:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-10-14 19:05 - 2014-07-06 21:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2014-10-14 19:05 - 2014-07-06 21:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2014-10-14 19:05 - 2014-07-06 21:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2014-10-14 19:05 - 2014-07-06 21:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2014-10-14 19:05 - 2014-07-06 21:40 - 00516096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-10-14 19:05 - 2014-07-06 21:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2014-10-14 19:05 - 2014-07-06 21:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2014-10-14 19:05 - 2014-07-06 21:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-10-14 19:05 - 2014-07-06 21:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2014-10-14 19:05 - 2014-07-06 21:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-10-14 19:05 - 2014-07-06 21:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2014-10-14 19:05 - 2014-07-06 21:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2014-10-14 19:05 - 2014-07-06 21:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-10-14 19:05 - 2014-07-06 21:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-10-14 19:05 - 2014-07-06 21:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-10-14 19:05 - 2014-07-06 21:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-10-14 19:05 - 2014-07-06 21:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2014-10-14 19:05 - 2014-07-06 21:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2014-10-14 19:05 - 2014-07-06 21:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2014-10-14 19:05 - 2014-07-06 21:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2014-10-14 19:05 - 2014-07-06 21:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-10-14 19:05 - 2014-07-06 21:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-10-14 19:05 - 2014-07-06 21:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-10-14 19:05 - 2014-07-06 21:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-10-14 19:05 - 2014-07-06 21:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-10-14 19:05 - 2014-07-06 21:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-10-14 19:05 - 2014-06-27 20:21 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-14 19:05 - 2014-06-27 20:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-14 19:05 - 2014-06-27 20:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-14 19:05 - 2014-06-18 18:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-14 19:05 - 2014-06-18 18:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-14 19:05 - 2014-06-18 18:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-14 19:05 - 2014-06-18 18:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-14 19:05 - 2014-06-18 18:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-14 19:05 - 2014-06-18 18:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-14 19:03 - 2014-09-12 21:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-14 19:03 - 2014-09-12 21:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-14 19:03 - 2014-09-04 01:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-14 19:03 - 2014-09-04 01:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-14 19:03 - 2014-07-16 22:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-14 19:03 - 2014-07-16 22:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-14 19:03 - 2014-07-16 22:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-14 19:03 - 2014-07-16 22:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-14 19:03 - 2014-07-16 22:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-14 19:03 - 2014-07-16 22:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-14 19:03 - 2014-07-16 22:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-14 19:03 - 2014-07-16 22:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-14 19:03 - 2014-07-16 21:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-14 19:03 - 2014-07-16 21:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-14 19:03 - 2014-07-16 21:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-14 19:03 - 2014-07-16 21:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-14 19:03 - 2014-07-16 21:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-14 19:03 - 2014-07-16 21:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-14 19:03 - 2014-07-16 21:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-14 19:03 - 2014-07-16 21:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-14 19:03 - 2014-05-30 04:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-10-14 19:03 - 2014-05-30 04:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-10-14 19:03 - 2014-05-30 04:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-10-14 19:03 - 2014-05-30 04:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-10-14 19:03 - 2014-05-30 03:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-10-14 19:03 - 2014-05-30 03:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-10-14 19:03 - 2014-05-30 03:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-10-14 19:03 - 2014-05-30 03:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-10-12 15:19 - 2014-10-27 21:23 - 00003338 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1599699772-3987543433-2460038584-1000
2014-10-12 15:19 - 2014-10-27 21:23 - 00003204 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1599699772-3987543433-2460038584-1000
2014-10-08 23:16 - 2014-10-08 23:16 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Oracle
2014-10-08 23:16 - 2014-10-08 23:13 - 00880040 _____ (Oracle Corporation) C:\Windows\SysWOW64\npdeployJava1.dll
2014-10-08 23:16 - 2014-10-08 23:13 - 00802728 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2014-10-08 23:13 - 2014-10-08 23:13 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-10-08 23:13 - 2014-10-08 23:13 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-01 09:02 - 2012-04-03 18:38 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-01 09:02 - 2011-08-02 17:30 - 01807615 _____ () C:\Windows\WindowsUpdate.log
2014-10-31 10:57 - 2012-11-19 21:30 - 00000000 ___RD () C:\Users\Chris\Dropbox
2014-10-31 04:16 - 2009-07-14 00:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-31 04:16 - 2009-07-14 00:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-30 20:35 - 2014-07-09 18:16 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForChris
2014-10-30 20:35 - 2014-07-09 18:16 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForChris.job
2014-10-30 07:25 - 2010-11-20 23:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-29 23:04 - 2011-08-06 18:35 - 00000000 ____D () C:\Users\Chris\AppData\Local\CrashDumps
2014-10-29 21:30 - 2014-04-13 11:48 - 00003360 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1599699772-3987543433-2460038584-1000
2014-10-29 21:30 - 2014-04-13 11:48 - 00003226 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1599699772-3987543433-2460038584-1000
2014-10-29 21:29 - 2012-11-19 21:29 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Dropbox
2014-10-29 21:27 - 2011-12-01 16:03 - 00024326 _____ () C:\Windows\setupact.log
2014-10-29 21:27 - 2011-07-22 22:36 - 00000000 ____D () C:\ProgramData\PDFC
2014-10-29 21:27 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-29 20:51 - 2010-11-20 23:47 - 00894614 _____ () C:\Windows\PFRO.log
2014-10-29 13:57 - 2011-08-10 18:55 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\HP Support Assistant
2014-10-29 13:57 - 2011-08-03 21:35 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\HpUpdate
2014-10-28 07:00 - 2012-11-29 20:04 - 00000000 ____D () C:\Windows\Sun
2014-10-28 06:58 - 2013-01-21 12:12 - 00000000 ____D () C:\Program Files (x86)\Produtools_Manuals_2.1
2014-10-28 06:04 - 2013-12-09 00:01 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Malwarebytes
2014-10-28 06:04 - 2013-12-09 00:01 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-27 22:08 - 2011-10-29 12:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nancy Drew
2014-10-27 22:08 - 2011-10-29 12:09 - 00000000 ____D () C:\Program Files (x86)\Nancy Drew
2014-10-27 22:02 - 2009-07-14 01:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-10-27 21:12 - 2014-08-28 07:32 - 00000000 ____D () C:\Program Files\Google
2014-10-27 21:12 - 2012-12-12 19:13 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-27 21:00 - 2014-08-28 07:32 - 00000000 ____D () C:\ProgramData\Google
2014-10-27 21:00 - 2012-12-12 19:13 - 00000000 ____D () C:\Users\Chris\AppData\Local\Google
2014-10-27 19:12 - 2011-08-04 14:34 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-27 19:09 - 2014-05-01 22:38 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-10-26 21:19 - 2013-03-16 13:52 - 00000000 ____D () C:\Users\Chris\Documents\Elder
2014-10-25 10:11 - 2011-08-02 19:10 - 00000000 ____D () C:\Users\Chris\AppData\Local\ATI
2014-10-24 18:21 - 2004-12-31 17:09 - 00000000 ____D () C:\Users\Chris\Documents\TurboTax
2014-10-23 07:14 - 2013-10-24 18:33 - 00000000 ____D () C:\Users\Chris\.epaysol
2014-10-22 20:35 - 2011-11-16 14:05 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-10-22 20:35 - 2011-08-10 18:55 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-10-22 07:05 - 2007-12-28 23:40 - 00039424 _____ () C:\Users\Chris\Documents\Weight.xls
2014-10-17 16:50 - 2014-09-21 18:47 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-10-17 16:50 - 2011-08-23 09:35 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-10-16 08:16 - 2009-07-14 01:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-10-16 08:15 - 2009-07-14 00:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-10-15 04:22 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-10-15 03:45 - 2009-07-14 00:45 - 00450128 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-15 03:43 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-10-15 03:43 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-10-15 03:25 - 2009-07-14 01:13 - 00796864 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-15 03:15 - 2013-08-10 03:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-15 03:01 - 2011-08-02 19:33 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-12 15:13 - 2009-07-14 01:08 - 00032548 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-10 17:36 - 2008-06-19 18:24 - 00000000 ____D () C:\Users\Chris\Documents\Medical
2014-10-08 23:16 - 2011-08-07 13:49 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-08 23:15 - 2013-12-24 11:27 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-08 23:13 - 2012-10-29 18:22 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-10-08 23:13 - 2012-10-29 18:22 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-10-07 18:58 - 2011-08-04 12:55 - 00000000 ____D () C:\Users\Chris\Documents\Quicken

Files to move or delete:
====================
C:\Users\Hold\Its Deductible 2002 - se020398.exe
C:\Users\Hold\qwpatch.exe
C:\Users\Hold\update85.exe

Some content of TEMP:
====================
C:\Users\Anne\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\Anne\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Anne\AppData\Local\Temp\Setup.exe
C:\Users\Chris\AppData\Local\Temp\anypia32.exe
C:\Users\Chris\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpu0t2tu.dll
C:\Users\Chris\AppData\Local\Temp\HPHelpUpdater.exe
C:\Users\Chris\AppData\Local\Temp\jacob-1.14.3-x86.dll
C:\Users\Chris\AppData\Local\Temp\lowproc.exe
C:\Users\Chris\AppData\Local\Temp\nativeUtils-x86.dll
C:\Users\Chris\AppData\Local\Temp\Resource.exe
C:\Users\Chris\AppData\Local\Temp\sbwcrv.exe
C:\Users\Chris\AppData\Local\Temp\SHSetup.exe
C:\Users\Chris\AppData\Local\Temp\sp58915.exe
C:\Users\Chris\AppData\Local\Temp\stubhelper.dll
C:\Users\Chris\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\Chris\AppData\Local\Temp\vcredist_x86.exe
C:\Users\Hannah\AppData\Local\Temp\COMAP.EXE
C:\Users\Hannah\AppData\Local\Temp\setup-gp4-updater.exe
C:\Users\Hannah\AppData\Local\Temp\setup-gp5-updater.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-10-16 04:46

==================== End Of Log ============================

Attached Files



#4 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:01:18 AM

Posted 02 November 2014 - 10:49 AM

Hi,

 

Go ahead and uninstall the following programs from the Control Panel:

 

couponamazing

Produtools Manuals 2.1 Toolbar

Savings Bond Wizard

 

Please download the following file => and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

Regards,

Georgi


cXfZ4wS.png


#5 subdadx4

subdadx4
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia
  • Local time:05:18 PM

Posted 02 November 2014 - 01:32 PM

Georgi,

 

I deleted couponamazing and Savings Bond Wizard. I was unable to delete Produtools Manuals 2.1 Toolbar. The system would not respond. I restarted and tried again with no luck.  I ran FSRT and as directed restarted the machine. It started to shutdown and then locked up with a black screen. The cursor still could be seen but nothing else. I was unable to get any display or get task manager to start by using CTRL-Alt-Del.  After waiting about 5 minutes with nothing happening, I forced shutdown with the power key. I subsequently restarted with and selected start up normally when the startup noted an abnormal shutdown.

 

I tried to remove Produtools Manuals 2.1 Toolbar again and received a pop-up message saying I did not have sufficient access to uninstall and to contact the system administrator. That is me and I believe I have administrator rights under this sign-on.  Since restarting, the fake Chrome processes have not been running.

 

The fixlog is below.

 

Thanks,

Chris

 

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-11-2014
Ran by Chris at 2014-11-02 12:42:25 Run:1
Running from C:\Users\Chris\Desktop
Loaded Profile: Chris (Available profiles: Chris & Anne & Hannah)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CloseProcesses:
Folder: C:\Users\Chris\AppData\LocalLow\DTV\Mmtpyiy
C:\Users\Chris\AppData\LocalLow\DTV\Mmtpyiy
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1599699772-3987543433-2460038584-1000\...\Run: [qksqrsly] => regsvr32.exe /s "C:\Users\Chris\AppData\Local\ATI\qksqrsly.dll" <===== ATTENTION
Folder: C:\Users\Chris\AppData\Local\ATI
C:\Users\Chris\AppData\Local\ATI\qksqrsly.dll
HKU\S-1-5-21-1599699772-3987543433-2460038584-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [qksqrsly] => regsvr32.exe /s "C:\Users\Chris\AppData\Local\ATI\qksqrsly.dll" <===== ATTENTION
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
FF Extension: CouponAmazing - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\6sfi8jhm.default\Extensions\couponamazing@jetpack [2013-01-06]
FF Extension: No Name - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\6sfi8jhm.default\extensions\crossriderapp21058@crossrider.com [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [gkchbifjjnafgoolbibfmgkibbngknkk] - C:\Users\Chris\AppData\Local\Savings Explorer\Chrome\Savings Explorer.crx []
Task: {DE54B078-E1C0-4471-83B4-2C958CEB3969} - \BackgroundContainer Startup Task No Task File <==== ATTENTION
end
*****************

Processes closed successfully.

========================= Folder: C:\Users\Chris\AppData\LocalLow\DTV\Mmtpyiy ========================

2014-10-25 09:12 - 2014-11-02 12:36 - 0000004 _____ () C:\Users\Chris\AppData\LocalLow\DTV\Mmtpyiy\gbnmkea
2014-10-25 09:11 - 2014-11-02 12:33 - 0000004 _____ () C:\Users\Chris\AppData\LocalLow\DTV\Mmtpyiy\Ltnlulvfnc
2014-10-25 09:11 - 2014-10-25 09:11 - 45844575 _____ () C:\Users\Chris\AppData\LocalLow\DTV\Mmtpyiy\Ojofqzhrxgup
2014-10-25 09:12 - 2014-11-02 12:42 - 0000004 _____ () C:\Users\Chris\AppData\LocalLow\DTV\Mmtpyiy\Tuoogya
2014-10-25 09:11 - 2014-11-02 12:42 - 0000004 _____ () C:\Users\Chris\AppData\LocalLow\DTV\Mmtpyiy\xcrgowut
2014-10-25 09:12 - 2014-11-02 12:42 - 0000004 _____ () C:\Users\Chris\AppData\LocalLow\DTV\Mmtpyiy\Yaoceevsjx
2014-10-25 09:11 - 2014-10-28 02:31 - 0000000 ____D () C:\Users\Chris\AppData\LocalLow\DTV\Mmtpyiy\equpupswk
2014-10-26 05:04 - 2014-10-26 05:04 - 0000121 _____ () C:\Users\Chris\AppData\LocalLow\DTV\Mmtpyiy\equpupswk\debug.log
2014-10-25 09:11 - 2014-10-25 09:11 - 0860488 _____ (Google Inc.) C:\Users\Chris\AppData\LocalLow\DTV\Mmtpyiy\equpupswk\Gtlpdhntqzuc.exe
2014-10-25 09:11 - 2014-10-25 09:11 - 0033280 _____ (Microsoft Corporation) C:\Users\Chris\AppData\LocalLow\DTV\Mmtpyiy\equpupswk\rundll32.exe
2014-10-25 09:11 - 2014-10-25 09:11 - 0000399 _____ () C:\Users\Chris\AppData\LocalLow\DTV\Mmtpyiy\equpupswk\VisualElementsManifest.xml
2014-10-25 09:11 - 2014-10-25 09:11 - 0000000 ____D () C:\Users\Chris\AppData\LocalLow\DTV\Mmtpyiy\equpupswk\36.0.1985.143
2014-10-25 09:11 - 2014-10-25 09:11 - 0000224 _____ () C:\Users\Chris\AppData\LocalLow\DTV\Mmtpyiy\equpupswk\36.0.1985.143\36.0.1985.143.manifest
2014-10-25 09:11 - 2014-10-25 09:11 - 30104904 _____ (Google Inc.) C:\Users\Chris\AppData\LocalLow\DTV\Mmtpyiy\equpupswk\36.0.1985.143\chrome.dll
2014-10-25 09:11 - 2014-10-25 09:11 - 1174209 _____ () C:\Users\Chris\AppData\LocalLow\DTV\Mmtpyiy\equpupswk\36.0.1985.143\chrome_100_percent.pak
2014-10-25 09:11 - 2014-10-25 09:11 - 1699827 _____ () C:\Users\Chris\AppData\LocalLow\DTV\Mmtpyiy\equpupswk\36.0.1985.143\chrome_200_percent.pak
2014-10-25 09:11 - 2014-10-25 09:11 - 33836360 _____ (Google Inc.) C:\Users\Chris\AppData\LocalLow\DTV\Mmtpyiy\equpupswk\36.0.1985.143\chrome_child.dll
2014-10-25 09:11 - 2014-10-25 09:11 - 0131912 _____ (Google Inc.) C:\Users\Chris\AppData\LocalLow\DTV\Mmtpyiy\equpupswk\36.0.1985.143\chrome_elf.dll
2014-10-25 09:11 - 2014-10-25 09:11 - 2106216 _____ (Microsoft Corporation) C:\Users\Chris\AppData\LocalLow\DTV\Mmtpyiy\equpupswk\36.0.1985.143\d3dcompiler_43.dll
2014-10-25 09:11 - 2014-10-25 09:11 - 3231688 _____ (Microsoft Corporation) C:\Users\Chris\AppData\LocalLow\DTV\Mmtpyiy\equpupswk\36.0.1985.143\d3dcompiler_46.dll
2014-10-25 09:11 - 2014-10-25 09:11 - 1912136 _____ (Google Inc.) C:\Users\Chris\AppData\LocalLow\DTV\Mmtpyiy\equpupswk\36.0.1985.143\delegate_execute.exe
2014-10-25 09:11 - 2014-10-25 09:11 - 1732936 _____ () C:\Users\Chris\AppData\LocalLow\DTV\Mmtpyiy\equpupswk\36.0.1985.143\ffmpegsumo.dll
2014-10-25 09:11 - 2014-10-25 09:11 - 9980368 _____ () C:\Users\Chris\AppData\LocalLow\DTV\Mmtpyiy\equpupswk\36.0.1985.143\icudtl.dat
2014-10-25 09:11 - 2014-10-25 09:11 - 0126280 _____ () C:\Users\Chris\AppData\LocalLow\DTV\Mmtpyiy\equpupswk\36.0.1985.143\libegl.dll
2014-10-25 09:11 - 2014-10-25 09:11 - 0310088 _____ () C:\Users\Chris\AppData\LocalLow\DTV\Mmtpyiy\equpupswk\36.0.1985.143\libexif.dll
2014-10-25 09:11 - 2014-10-25 09:11 - 0718152 _____ () C:\Users\Chris\AppData\LocalLow\DTV\Mmtpyiy\equpupswk\36.0.1985.143\libglesv2.dll
2014-10-25 09:11 - 2014-10-25 09:11 - 2401096 _____ (Google Inc.) C:\Users\Chris\AppData\LocalLow\DTV\Mmtpyiy\equpupswk\36.0.1985.143\libpeerconnection.dll
2014-10-25 09:11 - 2014-10-25 09:11 - 0491336 _____ (Google Inc.) C:\Users\Chris\AppData\LocalLow\DTV\Mmtpyiy\equpupswk\36.0.1985.143\metro_driver.dll
2014-10-25 09:11 - 2014-10-25 09:11 - 0000751 _____ () C:\Users\Chris\AppData\LocalLow\DTV\Mmtpyiy\equpupswk\36.0.1985.143\mksnapshot.ia32.exe.assert.manifest
2014-10-25 09:11 - 2014-10-25 09:11 - 4916360 _____ () C:\Users\Chris\AppData\LocalLow\DTV\Mmtpyiy\equpupswk\36.0.1985.143\nacl_irt_x86_32.nexe
2014-10-25 09:11 - 2014-10-25 09:11 - 3709704 _____ () C:\Users\Chris\AppData\LocalLow\DTV\Mmtpyiy\equpupswk\36.0.1985.143\nacl_irt_x86_64.nexe
2014-10-25 09:11 - 2014-10-25 09:11 - 1936712 _____ (Google Inc.) C:\Users\Chris\AppData\LocalLow\DTV\Mmtpyiy\equpupswk\36.0.1985.143\nacl64.exe
2014-10-25 09:11 - 2014-10-25 09:11 - 8537928 _____ () C:\Users\Chris\AppData\LocalLow\DTV\Mmtpyiy\equpupswk\36.0.1985.143\pdf.dll
2014-10-25 09:11 - 2014-10-25 09:11 - 0353096 _____ () C:\Users\Chris\AppData\LocalLow\DTV\Mmtpyiy\equpupswk\36.0.1985.143\ppgooglenaclpluginchrome.dll
2014-10-25 09:11 - 2014-10-25 09:11 - 12197143 _____ () C:\Users\Chris\AppData\LocalLow\DTV\Mmtpyiy\equpupswk\36.0.1985.143\resources.pak
2014-10-25 09:11 - 2014-10-25 09:11 - 0000637 _____ () C:\Users\Chris\AppData\LocalLow\DTV\Mmtpyiy\equpupswk\36.0.1985.143\secondarytile.png
2014-10-25 09:11 - 2014-10-25 09:11 - 0132424 _____ () C:\Users\Chris\AppData\LocalLow\DTV\Mmtpyiy\equpupswk\36.0.1985.143\widevinecdmadapter.dll
2014-10-25 09:11 - 2014-10-25 09:11 - 0081768 _____ (Microsoft Corporation) C:\Users\Chris\AppData\LocalLow\DTV\Mmtpyiy\equpupswk\36.0.1985.143\xinput1_3.dll
2014-10-25 09:11 - 2014-10-25 09:11 - 0000000 ____D () C:\Users\Chris\AppData\LocalLow\DTV\Mmtpyiy\equpupswk\36.0.1985.143\default_apps
2014-10-25 09:11 - 2014-10-25 09:11 - 0004578 _____ () C:\Users\Chris\AppData\LocalLow\DTV\Mmtpyiy\equpupswk\36.0.1985.143\default_apps\docs.crx
2014-10-25 09:11 - 2014-10-25 09:11 - 0025561 _____ () C:\Users\Chris\AppData\LocalLow\DTV\Mmtpyiy\equpupswk\36.0.1985.143\default_apps\drive.crx
2014-10-25 09:11 - 2014-10-25 09:11 - 0000982 _____ () C:\Users\Chris\AppData\LocalLow\DTV\Mmtpyiy\equpupswk\36.0.1985.143\default_apps\external_extensions.json
2014-10-25 09:11 - 2014-10-25 09:11 - 0024040 _____ () C:\Users\Chris\AppData\LocalLow\DTV\Mmtpyiy\equpupswk\36.0.1985.143\default_apps\gmail.crx
2014-10-25 09:11 - 2014-10-25 09:11 - 0026392 _____ () C:\Users\Chris\AppData\LocalLow\DTV\Mmtpyiy\equpupswk\36.0.1985.143\default_apps\search.crx
2014-10-25 09:11 - 2014-10-25 09:11 - 0023668 _____ () C:\Users\Chris\AppData\LocalLow\DTV\Mmtpyiy\equpupswk\36.0.1985.143\default_apps\youtube.crx
2014-10-25 09:11 - 2014-10-25 09:11 - 0000000 ____D () C:\Users\Chris\AppData\LocalLow\DTV\Mmtpyiy\equpupswk\36.0.1985.143\Extensions
2014-10-25 09:11 - 2014-10-25 09:11 - 0000099 _____ () C:\Users\Chris\AppData\LocalLow\DTV\Mmtpyiy\equpupswk\36.0.1985.143\Extensions\external_extensions.json
2014-10-25 09:11 - 2014-10-25 09:11 - 0000000 ____D () C:\Users\Chris\AppData\LocalLow\DTV\Mmtpyiy\equpupswk\36.0.1985.143\Locales
2014-10-25 09:11 - 2014-10-25 09:11 - 0232020 _____ () C:\Users\Chris\AppData\LocalLow\DTV\Mmtpyiy\equpupswk\36.0.1985.143\Locales\en-GB.pak
2014-10-25 09:11 - 2014-10-25 09:11 - 0231965 _____ () C:\Users\Chris\AppData\LocalLow\DTV\Mmtpyiy\equpupswk\36.0.1985.143\Locales\en-US.pak
2014-10-25 09:11 - 2014-10-25 09:11 - 0000000 ____D () C:\Users\Chris\AppData\LocalLow\DTV\Mmtpyiy\equpupswk\36.0.1985.143\PepperFlash
2014-10-25 09:11 - 2014-10-25 09:11 - 0002047 _____ () C:\Users\Chris\AppData\LocalLow\DTV\Mmtpyiy\equpupswk\36.0.1985.143\PepperFlash\manifest.json
2014-10-25 09:11 - 2014-10-25 09:11 - 14669128 _____ () C:\Users\Chris\AppData\LocalLow\DTV\Mmtpyiy\equpupswk\36.0.1985.143\PepperFlash\pepflashplayer.dll
2014-10-25 09:11 - 2014-10-25 09:11 - 0000000 ____D () C:\Users\Chris\AppData\LocalLow\DTV\Mmtpyiy\equpupswk\36.0.1985.143\VisualElements
2014-10-25 09:11 - 2014-10-25 09:11 - 0003970 _____ () C:\Users\Chris\AppData\LocalLow\DTV\Mmtpyiy\equpupswk\36.0.1985.143\VisualElements\logo.png
2014-10-25 09:11 - 2014-10-25 09:11 - 0009285 _____ () C:\Users\Chris\AppData\LocalLow\DTV\Mmtpyiy\equpupswk\36.0.1985.143\VisualElements\smalllogo.png
2014-10-25 09:11 - 2014-10-25 09:11 - 0010185 _____ () C:\Users\Chris\AppData\LocalLow\DTV\Mmtpyiy\equpupswk\36.0.1985.143\VisualElements\splash-620x300.png
2014-10-28 02:31 - 2014-10-28 02:31 - 0000000 ____D () C:\Users\Chris\AppData\LocalLow\DTV\Mmtpyiy\equpupswk\Dictionaries
2014-10-28 02:31 - 2014-10-28 02:31 - 0440949 _____ () C:\Users\Chris\AppData\LocalLow\DTV\Mmtpyiy\equpupswk\Dictionaries\en-US-3-0.bdic
2014-10-25 09:12 - 2014-10-25 09:12 - 0000000 ____D () C:\Users\Chris\AppData\LocalLow\DTV\Mmtpyiy\Jwrvwbifn
2014-10-25 09:12 - 2014-11-02 12:36 - 0000196 _____ () C:\Users\Chris\AppData\LocalLow\DTV\Mmtpyiy\Jwrvwbifn\manifest.json
2014-10-25 09:12 - 2014-11-02 12:36 - 0005680 _____ () C:\Users\Chris\AppData\LocalLow\DTV\Mmtpyiy\Jwrvwbifn\utzybbigp.js
2014-10-25 09:11 - 2014-10-25 09:11 - 0000000 ____D () C:\Users\Chris\AppData\LocalLow\DTV\Mmtpyiy\Oxowrbg
2014-10-25 09:11 - 2014-11-02 12:42 - 0000194 _____ () C:\Users\Chris\AppData\LocalLow\DTV\Mmtpyiy\Oxowrbg\manifest.json
2014-10-25 09:11 - 2014-11-02 12:42 - 0005680 _____ () C:\Users\Chris\AppData\LocalLow\DTV\Mmtpyiy\Oxowrbg\Xfakcua.js
2014-10-25 09:12 - 2014-10-25 09:12 - 0000000 ____D () C:\Users\Chris\AppData\LocalLow\DTV\Mmtpyiy\rdgkdwzuilqs
2014-10-25 09:12 - 2014-11-02 12:41 - 0000198 _____ () C:\Users\Chris\AppData\LocalLow\DTV\Mmtpyiy\rdgkdwzuilqs\manifest.json
2014-10-25 09:12 - 2014-11-02 12:41 - 0005680 _____ () C:\Users\Chris\AppData\LocalLow\DTV\Mmtpyiy\rdgkdwzuilqs\Qhhsdbtslah.js

====== End of Folder: ======

C:\Users\Chris\AppData\LocalLow\DTV\Mmtpyiy => Moved successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKU\S-1-5-21-1599699772-3987543433-2460038584-1000\Software\Microsoft\Windows\CurrentVersion\Run\\qksqrsly => value deleted successfully.

========================= Folder: C:\Users\Chris\AppData\Local\ATI ========================

2014-10-25 09:11 - 2014-10-25 09:11 - 0279040 _____ (Borland Software Corporation) C:\Users\Chris\AppData\Local\ATI\qksqrsly.dll
2011-08-02 18:10 - 2011-08-02 18:10 - 0000000 ____D () C:\Users\Chris\AppData\Local\ATI\ACE
2011-08-02 18:10 - 2014-11-02 12:32 - 0026671 _____ () C:\Users\Chris\AppData\Local\ATI\ACE\Manifest.Bin
2011-08-02 18:10 - 2014-11-02 12:32 - 0021085 _____ () C:\Users\Chris\AppData\Local\ATI\ACE\Manifest.xml
2011-08-02 18:10 - 2014-11-02 12:32 - 0012994 _____ () C:\Users\Chris\AppData\Local\ATI\ACE\Profiles.xml

====== End of Folder: ======

C:\Users\Chris\AppData\Local\ATI\qksqrsly.dll => Moved successfully.
HKU\S-1-5-21-1599699772-3987543433-2460038584-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run\\qksqrsly => Value not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => Key deleted successfully.
"HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => Key deleted successfully.
"HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}" => Key not found.
C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\6sfi8jhm.default\Extensions\couponamazing@jetpack not found.
C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\6sfi8jhm.default\extensions\crossriderapp21058@crossrider.com not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gkchbifjjnafgoolbibfmgkibbngknkk" => Key deleted successfully.
"C:\Users\Chris\AppData\Local\Savings Explorer\Chrome\Savings Explorer.crx" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DE54B078-E1C0-4471-83B4-2C958CEB3969}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DE54B078-E1C0-4471-83B4-2C958CEB3969}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BackgroundContainer Startup Task" => Key deleted successfully.

The system needed a reboot.

==== End of Fixlog ====



#6 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:01:18 AM

Posted 02 November 2014 - 02:38 PM

Hi,

 

Please download and install Revo Uninstaller 1.95.
Then please run Revo Uninstaller and select Produtools Manuals 2.1 Toolbar
Please click Uninstall icon to uninstall the selected program.
Please choose Advanced.
Then click Next and follow the prompts.
Please click Select All and Delete to delete all registry items, folders and files listed by Revo.
If asked to restart the computer, please do so.
Let me know about the results.

 

 

Also please rerun FRST (make sure that Addition.txt is checked before you press the Scan button) and post both logs - FRST.txt and Addition.txt in your next reply.

 

 

Regards,

Georgi


cXfZ4wS.png


#7 subdadx4

subdadx4
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia
  • Local time:05:18 PM

Posted 02 November 2014 - 07:43 PM

Georgi,

 

I was able to successfully remove the Produtools Manuals 2.1 Toolbar.

 

The text files are below.

 

Thanks,

Chris

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-11-2014
Ran by Chris (administrator) on HOME-HP on 02-11-2014 19:34:52
Running from C:\Users\Chris\Desktop
Loaded Profile: Chris (Available profiles: Chris & Anne & Hannah)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NDS Technologies) C:\Users\Chris\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
(Dropbox, Inc.) C:\Users\Chris\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR_HIDList.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE
(CyberLink) C:\Program Files (x86)\Cyberlink\YouCam\YCMMirage.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(RealNetworks, Inc.) C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\outlook.exe
() C:\Users\Chris\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
(VS Revo Group) C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11046504 2010-07-13] (Realtek Semiconductor)
HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2780776 2011-07-19] (CANON INC.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-01-12] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [BATINDICATOR] => C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR.exe [2095616 2010-07-20] (Hewlett-Packard)
HKLM-x32\...\Run: [BATINDICATORHL] => C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR_HIDList.exe [557056 2010-07-23] (Hewlett-Packard)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [656920 2011-02-01] (PDF Complete Inc)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1637496 2011-08-04] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [468112 2011-07-25] (CANON INC.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [296520 2014-08-06] (RealNetworks, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-10-21] (Hewlett-Packard)
HKU\S-1-5-21-1599699772-3987543433-2460038584-1000\...\Run: [MobileDocuments] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
HKU\S-1-5-21-1599699772-3987543433-2460038584-1000\...\Run: [PCShowServer] => C:\Users\Chris\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe [351888 2012-04-02] (NDS Technologies)
HKU\S-1-5-21-1599699772-3987543433-2460038584-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-1599699772-3987543433-2460038584-1000\...\MountPoints2: {709e32cf-af10-11e3-b519-e89a8f36ed4b} - F:\LaunchU3.exe -a
HKU\S-1-5-21-1599699772-3987543433-2460038584-1000\...\MountPoints2: {80e4bd77-6dbc-11e3-9512-e89a8f36ed4b} - F:\HPLauncher.exe
HKU\S-1-5-21-1599699772-3987543433-2460038584-1000\...\MountPoints2: {86e7470e-0485-11e2-99cc-e89a8f36ed4b} - F:\LaunchU3.exe -a
HKU\S-1-5-21-1599699772-3987543433-2460038584-1000\...\MountPoints2: {86e7471a-0485-11e2-99cc-e89a8f36ed4b} - F:\LaunchU3.exe -a
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk
ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (RealNetworks, Inc.)
Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Chris\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.usaa.net/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie/button/search.html
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.earthlink.net/partner/more/msie/button/search.html
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.earthlink.net/partner/more/msie/button/search.html
HKCU\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.refdesk.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/yme/*http://www.yahoo.com/ext/search/search.html
URLSearchHook: HKCU - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM - {0B4A10D1-FBD6-451d-BFDA-F03252B05984} URL = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&query={searchTerms}&invocationType=tb50trie7
SearchScopes: HKLM - {1F4739F6-D0B7-4283-A227-5B761036AAA3} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 - {1F4739F6-D0B7-4283-A227-5B761036AAA3} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKCU - {1F4739F6-D0B7-4283-A227-5B761036AAA3} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKCU - {8297F4B0-2083-4090-A155-8999CBDE1E5C} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3209604
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKCU - {E383902E-1108-4590-B850-E905BD898531} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\6sfi8jhm.default
FF Homepage: hxxp://www.refdesk.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Windows\SysWOW64\npdeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=17.0.11.0 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=17.0.11 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.11 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=17.0.11 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.11.0 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\5\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @hulu.com/Hulu Desktop -> C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll (Hulu LLC)
FF Plugin HKCU: @nds.com/PCShowPlugin -> C:\Users\Chris\AppData\Local\DIRECTV Player\npPCShowPlugin.dll (NDS)
FF Plugin HKCU: @nds.com/PlayerPlugin -> C:\Users\Chris\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (NDS)
FF Plugin HKCU: NDS.com/PlayerPlugin -> C:\Users\Chris\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (NDS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPCltInst11.dll (iLinc Communications, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll (RealPlayer Cloud)
FF Extension: YouTube Center - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\6sfi8jhm.default\Extensions\jid1-cwbvBTE216jjpg@jetpack.xpi [2013-11-22]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-05-18]
FF HKLM-x32\...\Firefox\Extensions: [{1DD9AC48-0855-4AE7-9934-159B4377FFA2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-08-06]
FF Extension: No Name - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\6sfi8jhm.default\extensions\crossriderapp21058@crossrider.com [Not Found]

Chrome:
=======
CHR Profile: C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-02-20]
CHR Extension: (Google Drive) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-02-20]
CHR Extension: (YouTube) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-02-20]
CHR Extension: (Google Search) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-02-20]
CHR Extension: (RealDownloader) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-02-20]
CHR Extension: (Gmail) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-02-20]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2014-06-10]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2436280 2014-09-25] (Microsoft Corporation)
S2 CLKMSVC10_38F51D56; c:\Program Files (x86)\Cyberlink\PowerDVD10\NavFilter\kmsvc.exe [241648 2011-01-25] (CyberLink)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1127448 2011-02-01] (PDF Complete Inc)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-06-10] ()
R2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-08-06] (RealNetworks, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-06-10] () [File not signed]
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1025408 2014-01-09] (Enigma Software Group USA, LLC.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [14872 2014-01-07] ()
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2012-06-22] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-02] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-02 19:26 - 2014-11-02 19:26 - 00001270 _____ () C:\Users\Chris\Desktop\Revo Uninstaller.lnk
2014-11-02 19:26 - 2014-11-02 19:26 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-11-02 12:41 - 2014-11-02 12:41 - 00000000 ____D () C:\Users\Chris\Desktop\FRST-OlderVersion
2014-11-01 08:13 - 2014-11-01 08:15 - 00041262 _____ () C:\Users\Chris\Desktop\Addition.txt
2014-11-01 08:09 - 2014-11-02 19:35 - 00028097 _____ () C:\Users\Chris\Desktop\FRST.txt
2014-11-01 08:09 - 2014-11-02 19:34 - 00000000 ____D () C:\FRST
2014-11-01 08:05 - 2014-11-02 12:41 - 02114560 _____ (Farbar) C:\Users\Chris\Desktop\FRST64.exe
2014-10-29 21:09 - 2014-10-29 21:11 - 00030510 _____ () C:\Users\Chris\Desktop\dds.txt
2014-10-29 21:09 - 2014-10-29 21:11 - 00019271 _____ () C:\Users\Chris\Desktop\attach.txt
2014-10-29 21:07 - 2014-10-29 21:07 - 00688992 ____R (Swearware) C:\Users\Chris\Desktop\dds.com
2014-10-29 21:06 - 2014-10-29 21:06 - 00688992 _____ (Swearware) C:\Users\Chris\Downloads\dds.com
2014-10-28 05:04 - 2014-11-02 19:23 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-28 05:04 - 2014-10-28 05:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-28 05:04 - 2014-10-28 05:04 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-28 05:04 - 2014-10-01 10:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-28 05:04 - 2014-10-01 10:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-27 20:52 - 2014-10-27 20:52 - 00000000 _____ () C:\autoexec.bat
2014-10-27 20:51 - 2014-10-27 20:51 - 00003324 _____ () C:\Windows\System32\Tasks\SpyHunter4Startup
2014-10-27 20:51 - 2014-10-27 20:51 - 00002260 _____ () C:\Users\Chris\Desktop\SpyHunter.lnk
2014-10-27 20:51 - 2014-10-27 20:51 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2014-10-27 20:51 - 2014-10-27 20:51 - 00000000 ____D () C:\sh4ldr
2014-10-27 20:51 - 2014-10-27 20:51 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-10-27 20:51 - 2012-06-22 10:01 - 00022704 _____ () C:\Windows\system32\Drivers\EsgScanner.sys
2014-10-27 20:48 - 2014-10-27 20:51 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-10-17 15:51 - 2014-10-17 15:51 - 00001785 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-10-17 15:51 - 2014-10-17 15:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-10-17 15:50 - 2014-10-17 15:51 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-10-17 15:50 - 2014-10-17 15:51 - 00000000 ____D () C:\Program Files\iTunes
2014-10-17 15:50 - 2014-10-17 15:51 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-10-17 15:50 - 2014-10-17 15:50 - 00000000 ____D () C:\Program Files\iPod
2014-10-14 18:05 - 2014-10-06 21:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-14 18:05 - 2014-10-06 21:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-14 18:05 - 2014-09-28 19:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-14 18:05 - 2014-09-25 17:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-14 18:05 - 2014-09-25 17:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-14 18:05 - 2014-09-25 17:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-14 18:05 - 2014-09-25 17:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-14 18:05 - 2014-09-25 17:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-14 18:05 - 2014-09-25 17:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-14 18:05 - 2014-09-25 17:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-14 18:05 - 2014-09-18 21:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-14 18:05 - 2014-09-18 20:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-14 18:05 - 2014-09-18 20:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-14 18:05 - 2014-09-18 20:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-14 18:05 - 2014-09-18 20:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-14 18:05 - 2014-09-18 20:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-14 18:05 - 2014-09-18 20:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-14 18:05 - 2014-09-18 20:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-14 18:05 - 2014-09-18 20:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-14 18:05 - 2014-09-18 20:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-14 18:05 - 2014-09-18 20:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-14 18:05 - 2014-09-18 20:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-14 18:05 - 2014-09-18 20:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-14 18:05 - 2014-09-18 20:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-14 18:05 - 2014-09-18 20:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-14 18:05 - 2014-09-18 20:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-14 18:05 - 2014-09-18 20:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-14 18:05 - 2014-09-18 20:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-14 18:05 - 2014-09-18 20:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-14 18:05 - 2014-09-18 20:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-14 18:05 - 2014-09-18 20:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-14 18:05 - 2014-09-18 20:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-14 18:05 - 2014-09-18 20:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-14 18:05 - 2014-09-18 20:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-14 18:05 - 2014-09-18 20:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-14 18:05 - 2014-09-18 20:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-14 18:05 - 2014-09-18 19:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-14 18:05 - 2014-09-18 19:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-14 18:05 - 2014-09-18 19:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-14 18:05 - 2014-09-18 19:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-14 18:05 - 2014-09-18 19:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-14 18:05 - 2014-09-18 19:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-14 18:05 - 2014-09-18 19:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-14 18:05 - 2014-09-18 19:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-14 18:05 - 2014-09-18 19:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-14 18:05 - 2014-09-18 19:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-14 18:05 - 2014-09-18 19:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-14 18:05 - 2014-09-18 19:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-14 18:05 - 2014-09-18 19:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-14 18:05 - 2014-09-18 19:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-14 18:05 - 2014-09-18 19:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-14 18:05 - 2014-09-18 19:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-14 18:05 - 2014-09-18 19:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-14 18:05 - 2014-09-18 18:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-14 18:05 - 2014-09-18 18:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-14 18:05 - 2014-09-18 18:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-14 18:05 - 2014-09-18 18:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-14 18:05 - 2014-08-18 22:11 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-10-14 18:05 - 2014-08-18 22:10 - 00616352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2014-10-14 18:05 - 2014-08-18 22:08 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-10-14 18:05 - 2014-08-18 22:08 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-14 18:05 - 2014-08-18 22:08 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2014-10-14 18:05 - 2014-08-18 22:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2014-10-14 18:05 - 2014-08-18 22:07 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2014-10-14 18:05 - 2014-08-18 22:07 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-14 18:05 - 2014-08-18 22:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-14 18:05 - 2014-08-18 22:07 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-10-14 18:05 - 2014-08-18 21:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2014-10-14 18:05 - 2014-08-18 21:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2014-10-14 18:05 - 2014-08-18 21:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-14 18:05 - 2014-07-06 21:07 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-10-14 18:05 - 2014-07-06 21:07 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-14 18:05 - 2014-07-06 21:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-14 18:05 - 2014-07-06 21:06 - 05551032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-14 18:05 - 2014-07-06 21:06 - 04120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-14 18:05 - 2014-07-06 21:06 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-14 18:05 - 2014-07-06 21:06 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-14 18:05 - 2014-07-06 21:06 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-14 18:05 - 2014-07-06 21:06 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-14 18:05 - 2014-07-06 21:06 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-14 18:05 - 2014-07-06 21:06 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-14 18:05 - 2014-07-06 21:06 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-14 18:05 - 2014-07-06 21:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-14 18:05 - 2014-07-06 21:06 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-10-14 18:05 - 2014-07-06 21:06 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-14 18:05 - 2014-07-06 21:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-10-14 18:05 - 2014-07-06 21:06 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-14 18:05 - 2014-07-06 21:06 - 00368128 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-14 18:05 - 2014-07-06 21:06 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-14 18:05 - 2014-07-06 21:06 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-10-14 18:05 - 2014-07-06 21:06 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-10-14 18:05 - 2014-07-06 21:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-14 18:05 - 2014-07-06 21:06 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-14 18:05 - 2014-07-06 21:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-14 18:05 - 2014-07-06 21:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-14 18:05 - 2014-07-06 21:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-14 18:05 - 2014-07-06 21:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-14 18:05 - 2014-07-06 21:06 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-10-14 18:05 - 2014-07-06 21:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-10-14 18:05 - 2014-07-06 21:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-10-14 18:05 - 2014-07-06 21:05 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-10-14 18:05 - 2014-07-06 21:05 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-10-14 18:05 - 2014-07-06 21:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-14 18:05 - 2014-07-06 20:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-14 18:05 - 2014-07-06 20:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-10-14 18:05 - 2014-07-06 20:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-10-14 18:05 - 2014-07-06 20:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2014-10-14 18:05 - 2014-07-06 20:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-10-14 18:05 - 2014-07-06 20:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2014-10-14 18:05 - 2014-07-06 20:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2014-10-14 18:05 - 2014-07-06 20:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2014-10-14 18:05 - 2014-07-06 20:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2014-10-14 18:05 - 2014-07-06 20:40 - 00516096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-10-14 18:05 - 2014-07-06 20:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2014-10-14 18:05 - 2014-07-06 20:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2014-10-14 18:05 - 2014-07-06 20:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-10-14 18:05 - 2014-07-06 20:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2014-10-14 18:05 - 2014-07-06 20:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-10-14 18:05 - 2014-07-06 20:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2014-10-14 18:05 - 2014-07-06 20:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2014-10-14 18:05 - 2014-07-06 20:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-10-14 18:05 - 2014-07-06 20:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-10-14 18:05 - 2014-07-06 20:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-10-14 18:05 - 2014-07-06 20:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-10-14 18:05 - 2014-07-06 20:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2014-10-14 18:05 - 2014-07-06 20:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2014-10-14 18:05 - 2014-07-06 20:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2014-10-14 18:05 - 2014-07-06 20:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2014-10-14 18:05 - 2014-07-06 20:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-10-14 18:05 - 2014-07-06 20:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-10-14 18:05 - 2014-07-06 20:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-10-14 18:05 - 2014-07-06 20:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-10-14 18:05 - 2014-07-06 20:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-10-14 18:05 - 2014-07-06 20:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-10-14 18:05 - 2014-06-27 19:21 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-14 18:05 - 2014-06-27 19:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-14 18:05 - 2014-06-27 19:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-14 18:05 - 2014-06-18 17:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-14 18:05 - 2014-06-18 17:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-14 18:05 - 2014-06-18 17:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-14 18:05 - 2014-06-18 17:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-14 18:05 - 2014-06-18 17:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-14 18:05 - 2014-06-18 17:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-14 18:03 - 2014-09-12 20:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-14 18:03 - 2014-09-12 20:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-14 18:03 - 2014-09-04 00:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-14 18:03 - 2014-09-04 00:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-14 18:03 - 2014-07-16 21:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-14 18:03 - 2014-07-16 21:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-14 18:03 - 2014-07-16 21:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-14 18:03 - 2014-07-16 21:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-14 18:03 - 2014-07-16 21:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-14 18:03 - 2014-07-16 21:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-14 18:03 - 2014-07-16 21:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-14 18:03 - 2014-07-16 21:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-14 18:03 - 2014-07-16 20:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-14 18:03 - 2014-07-16 20:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-14 18:03 - 2014-07-16 20:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-14 18:03 - 2014-07-16 20:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-14 18:03 - 2014-07-16 20:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-14 18:03 - 2014-07-16 20:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-14 18:03 - 2014-07-16 20:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-14 18:03 - 2014-07-16 20:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-14 18:03 - 2014-05-30 03:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-10-14 18:03 - 2014-05-30 03:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-10-14 18:03 - 2014-05-30 03:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-10-14 18:03 - 2014-05-30 03:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-10-14 18:03 - 2014-05-30 02:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-10-14 18:03 - 2014-05-30 02:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-10-14 18:03 - 2014-05-30 02:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-10-14 18:03 - 2014-05-30 02:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-10-12 14:19 - 2014-11-02 12:55 - 00003338 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1599699772-3987543433-2460038584-1000
2014-10-12 14:19 - 2014-11-02 12:55 - 00003204 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1599699772-3987543433-2460038584-1000
2014-10-08 22:16 - 2014-10-08 22:16 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Oracle
2014-10-08 22:16 - 2014-10-08 22:13 - 00880040 _____ (Oracle Corporation) C:\Windows\SysWOW64\npdeployJava1.dll
2014-10-08 22:16 - 2014-10-08 22:13 - 00802728 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2014-10-08 22:13 - 2014-10-08 22:13 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-10-08 22:13 - 2014-10-08 22:13 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-02 19:23 - 2012-04-03 17:38 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-02 14:13 - 2011-08-02 16:30 - 01958363 _____ () C:\Windows\WindowsUpdate.log
2014-11-02 13:02 - 2009-07-13 23:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-02 13:02 - 2009-07-13 23:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-02 12:58 - 2009-07-14 00:13 - 00782986 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-02 12:55 - 2012-11-19 20:30 - 00000000 ___RD () C:\Users\Chris\Dropbox
2014-11-02 12:55 - 2012-11-19 20:29 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Dropbox
2014-11-02 12:53 - 2011-07-22 21:36 - 00000000 ____D () C:\ProgramData\PDFC
2014-11-02 12:52 - 2011-12-01 15:03 - 00026026 _____ () C:\Windows\setupact.log
2014-11-02 12:52 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-02 12:42 - 2011-08-02 18:10 - 00000000 ____D () C:\Users\Chris\AppData\Local\ATI
2014-11-02 12:31 - 2014-04-13 10:48 - 00003360 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1599699772-3987543433-2460038584-1000
2014-11-02 12:31 - 2014-04-13 10:48 - 00003226 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1599699772-3987543433-2460038584-1000
2014-11-02 12:28 - 2010-11-20 22:47 - 00894908 _____ () C:\Windows\PFRO.log
2014-11-02 12:26 - 2011-08-06 17:35 - 00000000 ____D () C:\Users\Chris\AppData\Local\CrashDumps
2014-11-01 12:42 - 2013-03-16 12:52 - 00000000 ____D () C:\Users\Chris\Documents\Elder
2014-10-30 19:35 - 2014-07-09 17:16 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForChris
2014-10-30 19:35 - 2014-07-09 17:16 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForChris.job
2014-10-30 06:25 - 2010-11-20 22:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-29 12:57 - 2011-08-10 17:55 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\HP Support Assistant
2014-10-29 12:57 - 2011-08-03 20:35 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\HpUpdate
2014-10-28 06:00 - 2012-11-29 19:04 - 00000000 ____D () C:\Windows\Sun
2014-10-28 05:04 - 2013-12-08 23:01 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Malwarebytes
2014-10-28 05:04 - 2013-12-08 23:01 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-27 21:08 - 2011-10-29 11:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nancy Drew
2014-10-27 21:08 - 2011-10-29 11:09 - 00000000 ____D () C:\Program Files (x86)\Nancy Drew
2014-10-27 21:02 - 2009-07-14 00:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-10-27 20:12 - 2014-08-28 06:32 - 00000000 ____D () C:\Program Files\Google
2014-10-27 20:12 - 2012-12-12 18:13 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-27 20:00 - 2014-08-28 06:32 - 00000000 ____D () C:\ProgramData\Google
2014-10-27 20:00 - 2012-12-12 18:13 - 00000000 ____D () C:\Users\Chris\AppData\Local\Google
2014-10-27 18:12 - 2011-08-04 13:34 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-27 18:09 - 2014-05-01 21:38 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-10-24 17:21 - 2004-12-31 16:09 - 00000000 ____D () C:\Users\Chris\Documents\TurboTax
2014-10-23 06:14 - 2013-10-24 17:33 - 00000000 ____D () C:\Users\Chris\.epaysol
2014-10-22 19:35 - 2011-11-16 13:05 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-10-22 19:35 - 2011-08-10 17:55 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-10-22 06:05 - 2007-12-28 22:40 - 00039424 _____ () C:\Users\Chris\Documents\Weight.xls
2014-10-17 15:50 - 2014-09-21 17:47 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-10-17 15:50 - 2011-08-23 08:35 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-10-16 07:16 - 2009-07-14 00:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-10-16 07:15 - 2009-07-13 23:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-10-15 03:22 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-10-15 02:45 - 2009-07-13 23:45 - 00450128 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-15 02:43 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-10-15 02:43 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-10-15 02:15 - 2013-08-10 02:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-15 02:01 - 2011-08-02 18:33 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-12 14:13 - 2009-07-14 00:08 - 00032548 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-10 16:36 - 2008-06-19 17:24 - 00000000 ____D () C:\Users\Chris\Documents\Medical
2014-10-08 22:16 - 2011-08-07 12:49 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-08 22:15 - 2013-12-24 10:27 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-08 22:13 - 2012-10-29 17:22 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-10-08 22:13 - 2012-10-29 17:22 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-10-07 17:58 - 2011-08-04 11:55 - 00000000 ____D () C:\Users\Chris\Documents\Quicken

Files to move or delete:
====================
C:\Users\Hold\Its Deductible 2002 - se020398.exe
C:\Users\Hold\qwpatch.exe
C:\Users\Hold\update85.exe

Some content of TEMP:
====================
C:\Users\Anne\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\Anne\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Anne\AppData\Local\Temp\Setup.exe
C:\Users\Chris\AppData\Local\Temp\anypia32.exe
C:\Users\Chris\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmplin5yw.dll
C:\Users\Chris\AppData\Local\Temp\HPHelpUpdater.exe
C:\Users\Chris\AppData\Local\Temp\jacob-1.14.3-x86.dll
C:\Users\Chris\AppData\Local\Temp\lowproc.exe
C:\Users\Chris\AppData\Local\Temp\nativeUtils-x86.dll
C:\Users\Chris\AppData\Local\Temp\Resource.exe
C:\Users\Chris\AppData\Local\Temp\sbwcrv.exe
C:\Users\Chris\AppData\Local\Temp\SHSetup.exe
C:\Users\Chris\AppData\Local\Temp\sp58915.exe
C:\Users\Chris\AppData\Local\Temp\stubhelper.dll
C:\Users\Chris\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\Chris\AppData\Local\Temp\vcredist_x86.exe
C:\Users\Hannah\AppData\Local\Temp\COMAP.EXE
C:\Users\Hannah\AppData\Local\Temp\setup-gp4-updater.exe
C:\Users\Hannah\AppData\Local\Temp\setup-gp5-updater.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-10-16 03:46

==================== End Of Log ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-11-2014
Ran by Chris at 2014-11-02 19:35:39
Running from C:\Users\Chris\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
AnswerWorks 4.0 Runtime - English (HKLM-x32\...\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}) (Version: 4.0.101 - Vantage Software Technologies)
AnswerWorks 5.0 English Runtime (HKLM-x32\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}) (Version: 5.0.7 - Vantage Software Technologies)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{73AC89D8-5AFD-72F4-5266-03327E392C85}) (Version: 3.0.812.0 - ATI Technologies, Inc.)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blio (HKLM-x32\...\{9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}) (Version: 2.2.6699 - K-NFB Reading Technology, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version:  - )
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version:  - )
Canon MP Navigator EX 5.1 (HKLM-x32\...\MP Navigator EX 5.1) (Version:  - )
Canon MX890 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX890_series) (Version:  - )
Canon MX890 series On-screen Manual (HKLM-x32\...\Canon MX890 series On-screen Manual) (Version:  - )
Canon MX890 series User Registration (HKLM-x32\...\Canon MX890 series User Registration) (Version:  - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version:  - )
Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version:  - )
ccc-core-static (x32 Version: 2011.0112.2151.39168 - ATI) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
CollegeSuccess (HKLM-x32\...\com.headroomlearning.success.E906FDB8037C0EF6FFEB8EA592E89D1E073818BC.1) (Version: 1.2 - Headroom Learning Strategies)
CollegeSuccess (x32 Version: 1.2 - Headroom Learning Strategies) Hidden
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.1.2615 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.2.0.3511 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
DIRECTV Player (HKLM-x32\...\{5F3783B7-F809-45A7-8A92-A44B441FDA7C}) (Version: 4.00 - DIRECTV)
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) Hidden
GoToMeeting 4.8.0.723 (HKCU\...\GoToMeeting) (Version: 4.8.0.723 - CitrixOnline)
GP5 Web Conferencing (HKLM-x32\...\omniview) (Version:  - )
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.4 - WildTangent)
HP Keyboard (HKLM-x32\...\{B40D7926-AE5F-41EA-8AC6-56C0E2F00E9D}) (Version: 1.5.0.3 - Hewlett-Packard)
HP LinkUp (HKLM-x32\...\{C1AD9241-3ADD-483F-914D-071F3E50855A}) (Version: 2.01.026 - Hewlett-Packard)
HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{BB760C1D-98F4-4E38-8CC4-3B67329AA981}) (Version: 1.0.6.0 - Hewlett-Packard)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{210A03F5-B2ED-4947-B27E-516F50CBB292}) (Version: 8.6.4530.3651 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13253.3682 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.5.0.0 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
Hulu Desktop (HKCU\...\HuluDesktop) (Version: 0.9.13 - Hulu LLC)
HydraVision (x32 Version: 4.2.184.0 - ATI Technologies Inc.) Hidden
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
iLinc 11 Client (HKLM-x32\...\iLincClient.11) (Version:  - )
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intuit Entitlement Client v8 (HKLM-x32\...\{4C5B3CFD-DF38-49E2-82D9-5A933F36242F}) (Version: 8.0.24 - Intuit Inc.)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.52.4 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kobo (HKLM-x32\...\Kobo) (Version: 1.6 - Kobo Inc.)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3609 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.3609 - CyberLink Corp.) Hidden
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4659.1001 - Microsoft Corporation)
Microsoft Office Ultimate 2007 (HKLM-x32\...\ULTIMATER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM-x32\...\{95140000-0137-0409-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)
Mozilla Firefox 29.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery P.I. - Stolen in San Francisco (x32 Version: 2.2.0.95 - WildTangent) Hidden
Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
Nancy Drew: Alibi in Ashes (HKLM-x32\...\{37CD3467-F747-4D95-BAD3-C8BD8B2CB1BD}) (Version: 8.0.0.30162 - Her Interactive, Inc.)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4659.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4659.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4659.1001 - Microsoft Corporation) Hidden
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.35 - PDF Complete, Inc)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4817 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4817 - CyberLink Corp.) Hidden
PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-132318649765}) (Version: 5.10.1217.0 -  NewspaperDirect Inc.)
ProSeries Basic Edition 2012 (HKLM-x32\...\ProSeries Basic Edition 2012) (Version:  - Intuit Inc.)
Quicken 2011 (HKLM-x32\...\{5FE545A1-D215-4216-9189-E7B39C9D1CC1}) (Version: 20.1.8.6 - Intuit)
Quicken 2013 (HKLM-x32\...\{034DD4BB-F0D6-4ECF-B064-8E39E3EF7076}) (Version: 22.1.12.7 - Intuit)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RealDownloader (x32 Version: 17.0.11 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer Cloud (HKLM-x32\...\RealPlayer 17.0) (Version: 17.0.10 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6156 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Recovery Manager (x32 Version: 5.5.3621 - CyberLink Corp.) Hidden
Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard)
Research Wizard 4.0 (HKLM-x32\...\{D47B71EA-3842-45FC-89B4-15A18CD689F1}) (Version:  - )
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.103 - RoxioNow)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Slingo Supreme (x32 Version: 2.2.0.95 - WildTangent) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
SpyHunter (HKLM\...\{ACF5FE1B-3772-4068-8B87-2D2A6EFD0A05}) (Version: 4.17.6.4336 - Enigma Software Group USA, LLC)
SSA Benefit Calculator (HKLM-x32\...\{340D61BB-350A-40F4-8CFD-4F860E12066E}) (Version: 1.13.0001 - Social Security Administration)
Success (HKLM-x32\...\com.headroomlearning.success) (Version: 1.1 - Headroom Learning)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TurboTax 2009 (HKLM-x32\...\TurboTax 2009) (Version:  - Intuit, Inc)
TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games App (HP Games) (x32 Version: 4.0.5.31 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - )
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1599699772-3987543433-2460038584-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Chris\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1599699772-3987543433-2460038584-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\723\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-1599699772-3987543433-2460038584-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1599699772-3987543433-2460038584-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1599699772-3987543433-2460038584-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1599699772-3987543433-2460038584-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1599699772-3987543433-2460038584-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1599699772-3987543433-2460038584-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1599699772-3987543433-2460038584-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1599699772-3987543433-2460038584-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

23-10-2014 22:53:03 Windows Update
27-10-2014 08:42:56 Windows Update
28-10-2014 01:17:02 Removed Bible Mapper 4
28-10-2014 01:51:27 Installed SpyHunter
28-10-2014 01:57:06 Removed iSEEK AnswerWorks English Runtime
28-10-2014 01:57:30 Removed Nancy Drew: Tomb of the Lost Queen
31-10-2014 01:38:35 Windows Update
03-11-2014 00:27:31 Revo Uninstaller's restore point - Produtools Manuals 2.1 Toolbar

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2011-12-15 10:30 - 00437983 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com

There are 1000 more lines.

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {001BB664-AFC8-4995-B52A-DDA5DE8F7DC4} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2014-01-09] (Enigma Software Group USA, LLC.)
Task: {01D0FA6E-6527-4FEF-BE54-8B8399D9F067} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(Yes) => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe [2014-01-14] (Hewlett-Packard)
Task: {0585B783-DC3E-4EDA-BCB9-80A6F5FD5068} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-09-22] (Hewlett-Packard)
Task: {11B7D641-6688-42EC-A6A6-428119856699} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {13D7E5FD-DD16-482E-BF89-D1EC4309A1A3} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1599699772-3987543433-2460038584-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-06-10] (RealNetworks, Inc.)
Task: {234B2041-CF58-4E97-821E-2AEFB5CC5775} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1599699772-3987543433-2460038584-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-06-10] (RealNetworks, Inc.)
Task: {4ACAEF0D-8A32-451B-ACC3-64612C558F6C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-08-26] (Microsoft Corporation)
Task: {4B582AE7-69D9-4FF7-9A85-6A119EDD02D1} - System32\Tasks\MirageAgent => c:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2010-11-12] (CyberLink)
Task: {544122CC-2CDB-4EC4-8498-F5C9F52DF000} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-09-22] (Hewlett-Packard)
Task: {61490BF1-5EBF-48E2-818F-BA2711143F2C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {647DF386-5E80-44B1-A143-43A937092549} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {6C2591C5-27D9-4A6C-A01D-27BAEA45F14F} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-09-25] (Microsoft Corporation)
Task: {71515FC9-6DEE-46CE-9D48-9AF6730B96B0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-08-26] (Microsoft Corporation)
Task: {784FC814-E8EA-42E2-B37C-22414FCFBBAC} - System32\Tasks\HPCeeScheduleForChris => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {794342E7-DF03-4759-84C3-E17BEBBA261F} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1599699772-3987543433-2460038584-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-06-10] (RealNetworks, Inc.)
Task: {7D7882FD-004C-4F2C-B7AF-FD03827998C1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {8271DABA-E488-4AE3-A9CC-6674D293E163} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(No) => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe [2014-01-14] (Hewlett-Packard)
Task: {91043C5B-F1BC-4A0F-8F41-D70531CD136D} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1599699772-3987543433-2460038584-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-06-10] (RealNetworks, Inc.)
Task: {A99E0EA8-1A21-44E2-B4AB-5AE1A9EC1635} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-23] (Adobe Systems Incorporated)
Task: {C1BBA000-70AE-40BF-8CF5-FE71BF27401B} - System32\Tasks\RMCreator => C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe [2010-12-21] (CyberLink)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\HPCeeScheduleForChris.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2014-05-01 21:38 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-06-10 16:50 - 2014-06-10 16:50 - 00039568 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2014-06-10 21:03 - 2014-06-10 21:03 - 00023552 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
2014-09-19 21:55 - 2014-09-09 09:59 - 08896160 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2011-01-12 23:49 - 2011-01-12 23:49 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2010-04-12 17:59 - 2010-04-12 17:59 - 00098304 ____R () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-12-22 11:54 - 2010-12-22 11:54 - 00028672 _____ () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\BrandingResources.dll
2012-04-02 15:49 - 2012-04-02 15:49 - 00686208 _____ () C:\Users\Chris\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
2014-02-06 00:52 - 2014-02-06 00:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-08-06 20:00 - 2014-08-06 20:00 - 00861784 _____ () c:\program files (x86)\real\realplayer\RPDS\Plugins\cldplin.dll
2014-09-19 21:55 - 2014-09-09 08:12 - 08896160 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2014-11-02 12:55 - 2014-11-02 12:55 - 00043008 _____ () c:\users\chris\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmplin5yw.dll
2013-08-23 14:01 - 2013-08-23 14:01 - 25100288 _____ () C:\Users\Chris\AppData\Roaming\Dropbox\bin\libcef.dll
2012-03-31 10:54 - 2012-03-31 10:54 - 00854016 _____ () C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll
2012-03-31 10:54 - 2012-03-31 10:54 - 00471040 _____ () C:\Windows\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
2014-08-06 20:00 - 2014-08-06 20:00 - 00573528 _____ () c:\program files (x86)\real\realplayer\RPDS\Lib\r1api.dll
2014-09-19 21:52 - 2014-09-19 21:53 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2014-10-24 06:04 - 2014-10-24 06:04 - 01754296 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\tmpod.dll
2014-09-19 21:53 - 2014-09-09 08:12 - 01032352 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\ADDINS\UmOutlookAddin.dll
2014-09-19 21:55 - 2014-09-09 08:12 - 08896160 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\1033\GrooveIntlResource.dll
2012-04-02 15:50 - 2012-04-02 15:50 - 00273528 _____ () C:\Users\Chris\AppData\Local\DIRECTV Player\ndsLogStore.dll
2012-04-02 15:50 - 2012-04-02 15:50 - 02721920 _____ () C:\Users\Chris\AppData\Local\DIRECTV Player\PCShowServerDll.dll
2012-04-02 15:50 - 2012-04-02 15:50 - 02049152 _____ () C:\Users\Chris\AppData\Local\DIRECTV Player\XferManagerDll.dll
2012-04-02 15:50 - 2012-04-02 15:50 - 01945704 _____ () C:\Users\Chris\AppData\Local\DIRECTV Player\TSB.dll
2012-04-02 15:50 - 2012-04-02 15:50 - 00051864 _____ () C:\Users\Chris\AppData\Local\DIRECTV Player\boost_thread-vc90-mt-1_39.dll
2012-04-02 15:49 - 2012-04-02 15:49 - 01988216 _____ () C:\Users\Chris\AppData\Local\DIRECTV Player\DrmSingleton.dll
2012-04-02 15:49 - 2012-04-02 15:49 - 01226872 _____ () C:\Users\Chris\AppData\Local\DIRECTV Player\CatalogDll.dll
2012-04-02 15:50 - 2012-04-02 15:50 - 06809720 _____ () C:\Users\Chris\AppData\Local\DIRECTV Player\gsttspplugin.dll
2012-04-02 15:51 - 2012-04-02 15:51 - 00688264 _____ () C:\Users\Chris\AppData\Local\DIRECTV Player\libgstreamer-0.10.dll
2012-04-02 15:51 - 2012-04-02 15:51 - 01402488 _____ () C:\Users\Chris\AppData\Local\DIRECTV Player\libxml2-2.dll
2012-04-02 15:52 - 2012-04-02 15:52 - 00091240 _____ () C:\Users\Chris\AppData\Local\DIRECTV Player\z.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Hold\IBC Men's Retreat.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-1599699772-3987543433-2460038584-500 - Administrator - Disabled)
Anne (S-1-5-21-1599699772-3987543433-2460038584-1003 - Administrator - Enabled) => C:\Users\Anne
Chris (S-1-5-21-1599699772-3987543433-2460038584-1000 - Administrator - Enabled) => C:\Users\Chris
Guest (S-1-5-21-1599699772-3987543433-2460038584-501 - Limited - Disabled)
Hannah (S-1-5-21-1599699772-3987543433-2460038584-1004 - Administrator - Enabled) => C:\Users\Hannah
HomeGroupUser$ (S-1-5-21-1599699772-3987543433-2460038584-1005 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: Realtek PCIe GBE Family Controller
Description: Realtek PCIe GBE Family Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8167
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (11/02/2014 07:23:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 17122342

Error: (11/02/2014 07:23:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 17122342

Error: (11/02/2014 07:23:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/02/2014 07:23:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 17121344

Error: (11/02/2014 07:23:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 17121344

Error: (11/02/2014 07:23:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/02/2014 07:23:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 17120329

Error: (11/02/2014 07:23:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 17120329

Error: (11/02/2014 07:23:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/02/2014 07:23:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 17119284

System errors:
=============
Error: (11/02/2014 02:38:04 PM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
Description: The platform firmware has corrupted memory across the previous system power transition.  Please check for updated firmware for your system.

Error: (11/02/2014 00:53:59 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (11/02/2014 00:52:21 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 12:48:51 PM on ‎11/‎2/‎2014 was unexpected.

Error: (11/02/2014 00:42:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Office ClickToRun Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (11/02/2014 00:42:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Bonjour Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (11/02/2014 00:42:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Apple Mobile Device service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (11/02/2014 00:42:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Andrea RT Filters Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (11/02/2014 00:42:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (11/02/2014 00:42:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (11/02/2014 00:42:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The AMD External Events Utility service terminated unexpectedly.  It has done this 1 time(s).

Microsoft Office Sessions:
=========================
Error: (06/14/2012 09:08:25 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1 seconds with 0 seconds of active time.  This session ended with a crash.

CodeIntegrity Errors:
===================================
  Date: 2011-12-20 13:11:14.218
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2011-12-20 12:45:19.394
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2011-12-20 12:38:31.035
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2011-12-20 12:06:42.428
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2011-12-20 11:44:01.998
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2011-12-20 10:28:05.967
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2011-12-20 10:22:56.725
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2011-12-20 10:15:19.386
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2011-12-20 09:57:49.816
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2011-12-20 09:39:37.517
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core™ i5 CPU 760 @ 2.80GHz
Percentage of memory in use: 31%
Total physical RAM: 8151.11 MB
Available physical RAM: 5592.46 MB
Total Pagefile: 16300.41 MB
Available Pagefile: 12113.64 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:1385.45 GB) (Free:1272.4 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:11.72 GB) (Free:1.3 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 1397.3 GB) (Disk ID: 4F656814)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1385.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#8 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:01:18 AM

Posted 03 November 2014 - 01:17 PM

Hi,

 

The infection seems to be removed but if you don't mind, I want to make sure there is nothing lurking on the system so just in case I want you to go through these steps:

 

The most of them should take no more than 5 minutes each (but the time they take to complete can vary depending on the size of your hard and the speed of your computer).

 

 

 

STEP 1

 

 

  • Please download RKill by Grinler from the link below and save it to your desktop.

    Rkill
  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply.
  • A log pops up at the end of the run. This log file is located at C:\rkill.log.
  • Please post the log in your next reply.

 

 

STEP 2

 

 

  • Please download RogueKillerX64.exe and save to the desktop.
  • Close all windows and browsers
  • Right-click the program and select 'Run as Administrator'
  • Wait for the prescan to complete and then press the Scan button.
  • When done press the Report button.
  • Please copy and past the results in your next reply.

 

 

STEP 3
 

 

Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
     
  • Put a checkmark beside loaded modules.
    Sbf88.png
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
     
  • Click the Start Scan button.
     
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
     
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and past the results at pastebin.com and post the link to the log in your next reply.

 

 

STEP 4

 

 

Please download Malwarebytes Anti-Malware 2.0.3.1025 Final to your desktop.
 

  • Double-click mbam-setup-2.0.3.1025.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Settings tab > Detection and Protection subtab, Detection Options, tick the box 'Scan for rootkits'.
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • With some infections, you may see this message box.
    • 'Could not load DDA driver'
  • Click 'Yes' to this message, to allow the driver to load after a restart.
  • Allow the computer to restart. Continue with the rest of these instructions.
  • When the scan is complete, click Apply Actions.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

 

STEP 5

 

 

1.Please download HitmanPro.

  • For 32-bit Operating System - dEMD6.gif.
  • This is the mirror - dEMD6.gif
  • For 64-bit Operating System - dEMD6.gif
  • This is the mirror - dEMD6.gif

2.Launch the program by double clicking on the 5vo5F.jpg icon. (Windows Vista/7 users right click on the HitmanPro icon and select run as administrator).

Note: If the program won't run please then open the program while holding down the left CTRL key until the program is loaded.

3.Click on the next button. You must agree with the terms of EULA. (if asked)

4.Check the box beside "No, I only want to perform a one-time scan to check this computer".

5.Click on the next button.

6.The program will start to scan the computer. The scan will typically take no more than 2-3 minutes.

7.When the scan is done click on drop-down menu of the found entries (if any) and choose - Apply to all => Ignore <= IMPORTANT!!!
 
8.Click on the next button.

9.Click on the "Save Log" button.

10.Save that file to your desktop and post the content of that file in your next reply.
 
Note: if there isn't a dropdown menu when the scan is done then please don't delete anything and close HitmanPro

Navigate to C:\ProgramData\HitmanPro\Logs open the report and copy and paste it to your next reply.

 

 

 

STEP 6

 

 

Download Security Check by screen317 from here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

and then if there aren't any issues left I'll give you my final recommendations. :)

 

 

Regards,

Georgi


cXfZ4wS.png


#9 subdadx4

subdadx4
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia
  • Local time:05:18 PM

Posted 03 November 2014 - 09:52 PM

Georgi,

Thanks for your help. Here is first of many posts. A single one is too long

Chris


Rkill 2.6.8 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 11/03/2014 07:27:07 PM in x64 mode.

Malwarebytes Anti-Malware
www.malwarebytes.org


Update, 11/3/2014 7:00:12 PM, SYSTEM, HOME-HP, Scheduler, Malware Database, 2014.11.3.2, 2014.11.3.11,
Protection, 11/3/2014 7:00:12 PM, SYSTEM, HOME-HP, Protection, Refresh, Starting,
Protection, 11/3/2014 7:00:12 PM, SYSTEM, HOME-HP, Protection, Malicious Website Protection, Stopping,
Protection, 11/3/2014 7:00:15 PM, SYSTEM, HOME-HP, Protection, Malicious Website Protection, Stopped,
Protection, 11/3/2014 7:00:20 PM, SYSTEM, HOME-HP, Protection, Refresh, Success,
Protection, 11/3/2014 7:00:20 PM, SYSTEM, HOME-HP, Protection, Malicious Website Protection, Starting,
Protection, 11/3/2014 7:00:21 PM, SYSTEM, HOME-HP, Protection, Malicious Website Protection, Started,
Protection, 11/3/2014 7:06:12 PM, SYSTEM, HOME-HP, Protection, Malware Protection, Stopping,
Protection, 11/3/2014 7:06:12 PM, SYSTEM, HOME-HP, Protection, Malware Protection, Stopped,
Protection, 11/3/2014 8:01:05 PM, SYSTEM, HOME-HP, Protection, Malware Protection, Starting,
Protection, 11/3/2014 8:01:05 PM, SYSTEM, HOME-HP, Protection, Malware Protection, Started,
Protection, 11/3/2014 8:01:05 PM, SYSTEM, HOME-HP, Protection, Malicious Website Protection, Starting,
Protection, 11/3/2014 8:01:16 PM, SYSTEM, HOME-HP, Protection, Malicious Website Protection, Started,

(end)
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com

20 out of 15083 HOSTS entries shown.
Please review HOSTS file for further entries.

Program finished at: 11/03/2014 07:27:30 PM
Execution time: 0 hours(s), 0 minute(s), and 23 seconds(s)


RogueKiller V10.0.4.0 (x64) [Oct 29 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Chris [Administrator]
Mode : Scan -- Date : 11/03/2014 21:12:59

¤¤¤ Processes : 3 ¤¤¤
[Tr.Zeus] mbam.exe -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[7] -> Killed [TermProc]
[Suspicious.Path] PCShowServerPMWrapper.exe -- C:\Users\Chris\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe[7] -> Killed [TermProc]
[Suspicious.Path] NDSPCShowServer.exe -- C:\Users\Chris\AppData\Local\DIRECTV Player\NDSPCShowServer.exe[7] -> Killed [TermThr]

¤¤¤ Registry : 22 ¤¤¤
[PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} -> Found
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} -> Found
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-1599699772-3987543433-2460038584-1000\Software\Microsoft\Windows\CurrentVersion\Run | PCShowServer : "C:\Users\Chris\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe" -> Found
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-1599699772-3987543433-2460038584-1000\Software\Microsoft\Windows\CurrentVersion\Run | PCShowServer : "C:\Users\Chris\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe" -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1599699772-3987543433-2460038584-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.refdesk.com/ -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1599699772-3987543433-2460038584-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.refdesk.com/ -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1599699772-3987543433-2460038584-1003\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.refdesk.com/ -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1599699772-3987543433-2460038584-1003\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.refdesk.com/ -> Found
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-1599699772-3987543433-2460038584-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.earthlink.net/partner/more/msie/button/search.html -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-1599699772-3987543433-2460038584-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.earthlink.net/partner/more/msie/button/search.html -> Found
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Found
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1599699772-3987543433-2460038584-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyMusic : 0 -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1599699772-3987543433-2460038584-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyPics : 0 -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1599699772-3987543433-2460038584-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 2 -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1599699772-3987543433-2460038584-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyMusic : 0 -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1599699772-3987543433-2460038584-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyPics : 0 -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1599699772-3987543433-2460038584-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 2 -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 [Too big!] ¤¤¤

¤¤¤ Antirootkit : 5 (Driver: Loaded) ¤¤¤
[IAT:Addr] (iexplore.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoGetClassObject : C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll @ 0x5f408e40
[IAT:Addr] (iexplore.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoGetClassObject : C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll @ 0x5f408e40
[IAT:Addr] (iexplore.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoGetClassObject : C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll @ 0x5f408e40
[IAT:Addr] (iexplore.exe @ Flash32_15_0_0_167.ocx) USER32.dll - TrackPopupMenu : C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll @ 0x5f3f2780
[IAT:Addr] (iexplore.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoGetClassObject : C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll @ 0x5f408e40

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] 6sfi8jhm.default : user_pref("browser.startup.homepage", "http://www.refdesk.com/"); -> Found

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD15EARS-60MVWB0 +++++
--- User ---
[MBR] 012402b50e6220688b4d40036d92a274
[BSP] 4372007f676861a0307977f0a44fe342 : Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 1418699 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): -1389264896 | Size: 11998 MB
User = LL1 ... OK
User = LL2 ... OK


============================================

#10 subdadx4

subdadx4
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia
  • Local time:05:18 PM

Posted 03 November 2014 - 09:57 PM

Georgi,

Attaching two files that are too long to post and the security check.

Chris

Results of screen317's Security Check version 0.99.89
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Spybot - Search & Destroy
Java 7 Update 67
Adobe Flash Player 15.0.0.152
Adobe Reader 10.1.12 Adobe Reader out of Date!
Mozilla Firefox 29.0.1 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbam.exe
Spybot Teatimer.exe is disabled!
Malwarebytes Anti-Malware mbamscheduler.exe
Symantec Norton Online Backup NOBuAgent.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````

Attached Files



#11 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:01:18 AM

Posted 04 November 2014 - 02:32 PM

Hi Chris,

 

You forgot to post the log from TDSSKiller. Please zip the log and upload it at http://zippyshare.com/ and then post the link to the log in your next reply.

 

Also you posted the wrong log from MBAM. Please open MBAM and click on the History tab > Application Logs => open the latest Scan log (not Protection log), click on the Copy to Clipboard and then paste the log in your next reply.

 

Next please download the following file => and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

 

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application.

  • Download the latest version of Java SE 7.
  • Click the Java SE 7u72 "Download JRE" button to the right.
  • Select your Platform, Register and check the box that says: "I agree to the Java SE Runtime Environment 7 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-7u72-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel > Programs, click on Uninstall a program and remove all older versions of Java:
     Java™ 7 Update 67
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version. (Vista/Windows 7 users, right click on the jre-7u72-windows-i586.exe and select "Run as an Administrator.")

 

Next please run JavaRa.

 

  • Please download JavaRa 2.6 and unzip it to your desktop.
  • Double-click on JavaRa.exe to start the program.
  • Choose Remove JRE and since you already uninstalled JAVA skip step 1 and click on the next button.
  • Now click on Perform Removal Routine to remove the older versions of Java installed on your computer.
  • When that's successfully done, please click OK to close the message.
  • Click on Next and skip the downloading process. Click Next and now click on Close this wizard and click Finish.
  • From the main menu please choose Additional tasks
  • Place a checkmark beside Remove startup entry, Remove Outdated JRE Firefox Extentions and Clean JRE Temp Files and click Run. The browsers should be closed before running this task.
  • When that's succesfully done you will see a message at the top saying: "Selected tasks completed successfully".
  • A log file should be created in the same directory as JavaRa.
  • Please attach the log to your next reply.
  • Close JavaRa by clicking the red cross button.

 

You can choose between 2 variants:

 

1. If you have applications that require Java to be installed on the computer then uninstall the old version of Java and then run JavaRa to remove all remnants and then go ahead and download & install the latest version of Java (Java SE 7 update 72) as described above.

 

2. If you want to be on the safe side then go ahead and uninstall the old version of Java, then run JavaRa to remove all remnants and then remove all applications that require Java (time to learn to live without Java and find alternatives to the applications that require Java)... Check this article.

 

It's your call. smile.png

 

 

Your Adobe Flash Player is out of date!

Older versions may have vulnerabilities that malware can use to infect your system.

 

software.gif Please download and instal: Adobe Flash Player 15.0.0.189 Final for (Internet Explorer)

software.gif Please download and instal: Adobe Flash Player 15.0.0.189 Final for (Mozilla Firefox)

 

 

Your Adobe Reader is out of date.
Older versions may have vulnerabilities that malware can use to infect your system.
Please download Adobe Reader 11.0.09 to your PC's desktop.
 

  • Uninstall Adobe Reader 10.1.12 via Start => Control Panel > Uninstall a program
  • Install the new downloaded updated software.

Note that the McAfee Security scan is prechecked. You may wish to uncheck it before downloading.

 

 

Your Mozilla Firefox is out of date!
Download and install the latest version Mozilla Firefox 33.0.2 Final for Windows
Do a backup of your existing profile using Mozbackup or FEBE before you proceed with the update (just in case).

 

 

  • It is possible for other programs on your computer to have security vulnerability that can allow malware to infect you.
  • Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities.
  • You can check these by visiting Secunia Software Inspector or you can use the following application for this purpose PatchMyPC

 

 
Visit Microsoft's Windows Update Site Frequently

 

  • It is important that you visit Windows Update regularly.
  • This will ensure your computer has always the latest security updates available installed on your computer.
  • If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

 

 

Finally please post a fresh log from SecurityCheck. :)

 

 

Regards,

Georgi


cXfZ4wS.png


#12 subdadx4

subdadx4
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia
  • Local time:05:18 PM

Posted 06 November 2014 - 02:16 AM

Georgi,

 

I am on travel and will not be able to address your comments for 3 days until I get back to my home computer.

 

Chris



#13 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:01:18 AM

Posted 06 November 2014 - 03:19 AM

Hi Chris,

 

No worries and thank you for letting me know! :)

 

 

Regards,

Georgi


cXfZ4wS.png


#14 subdadx4

subdadx4
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia
  • Local time:05:18 PM

Posted 09 November 2014 - 08:03 PM

Georgi,

Zipped TDSKiller Link. http://www49.zippyshare.com/v/47136785/file.html


MBAM Scan Log

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/2/2014
Scan Time: 3:33:14 AM
Logfile:
Administrator: Yes

Version: 0.00.0.0000
Malware Database: v2014.11.02.03
Rootkit Database: v2014.11.01.02
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Chris

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 445683
Time Elapsed: 33 min, 39 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

FixLog
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-11-2014 01
Ran by Chris at 2014-11-09 19:50:37 Run:3
Running from C:\Users\Chris\Desktop\Security Programs
Loaded Profile: Chris (Available profiles: Chris & Anne & Hannah)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
C:\Program Files (x86)\Conduit
C:\Users\Chris\AppData\Local\Conduit
C:\Users\Chris\AppData\LocalLow\Conduit
DeleteKey: HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
DeleteKey: HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}
DeleteKey: HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}
DeleteKey: HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}
DeleteKey: HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}
DeleteKey: HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Conduit
DeleteKey: HKU\S-1-5-21-1599699772-3987543433-2460038584-1000\Software\AppDataLow\Software\Conduit
DeleteKey: HKU\S-1-5-21-1599699772-3987543433-2460038584-1000\Software\AppDataLow\Software\Smartbar
DeleteKey: HKU\S-1-5-21-1599699772-3987543433-2460038584-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\SnapDo.exe
DeleteKey: HKU\S-1-5-21-1599699772-3987543433-2460038584-1000\Software\Microsoft\Internet Explorer\SearchScopes\{8297F4B0-2083-4090-A155-8999CBDE1E5C}
DeleteKey: HKEY_CLASSES_ROOT\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
DeleteKey: HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
end
*****************

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 => Moved successfully.
"C:\Program Files (x86)\Conduit" => File/Directory not found.
"C:\Users\Chris\AppData\Local\Conduit" => File/Directory not found.
"C:\Users\Chris\AppData\LocalLow\Conduit" => File/Directory not found.
HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} => Key not found.
HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2} => Key not found.
HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6} => Key not found.
HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E} => Key not found.
HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24} => Key not found.
HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9} => Key not found.
HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467 => Key not found.
HKLM\SOFTWARE\Wow6432Node\Conduit => Key not found.
HKU\S-1-5-21-1599699772-3987543433-2460038584-1000\Software\AppDataLow\Software\Conduit => Key not found.
HKU\S-1-5-21-1599699772-3987543433-2460038584-1000\Software\AppDataLow\Software\Smartbar => Key not found.
HKU\S-1-5-21-1599699772-3987543433-2460038584-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\SnapDo.exe => Key not found.
HKU\S-1-5-21-1599699772-3987543433-2460038584-1000\Software\Microsoft\Internet Explorer\SearchScopes\{8297F4B0-2083-4090-A155-8999CBDE1E5C} => Key not found.
HKEY_CLASSES_ROOT\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} => Key not found.
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} => Key not found.

==== End of Fixlog ====

Updating the other files.

Chris

#15 subdadx4

subdadx4
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia
  • Local time:05:18 PM

Posted 09 November 2014 - 08:30 PM

Georgi,

Forgot to post the JavaRa log file.

User initialised redundant data purge.
......................

Removed registry subkey: java.exe
Removed registry subkey: javaw.exe
Removed registry subkey tree: JavaPlugin.FamilyVersionSupport
Removed registry subkey tree: JavaPlugin
Removed registry subkey tree: JavaWebStart.isInstalled.1.6.0.0
Removed registry subkey: {08B0E5C0-4FCB-11CF-AAA5-00401C608500}
Removed registry subkey tree: JavaSoft
Removed registry subkey: {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
Removed registry subkey tree: {5852F5ED-8BF4-11D4-A245-0080C6F74284}
Removed registry subkey: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
Removed registry subkey: {DBC80044-A445-435b-BC74-9C25C1C588A9}
Removed registry subkey: F60730A4A66673047777F5728467D401
Removed registry subkey tree: F60730A4A66673047777F5728467D401
Removed registry subkey: 6C5ADB75C34456D42B338232391207FF
Removed registry subkey: A5CCAAC40F5B69B47777ACF82566467C
Removed registry subkey tree: {5852F5EC-8BF4-11D4-A245-0080C6F74284}
Removed registry subkey: application/java-deployment-toolkit
Removed registry subkey: application/x-java-applet
Removed registry subkey: application/x-java-jnlp-file
Removed registry subkey tree: {5852F5E0-8BF4-11D4-A245-0080C6F74284}
Removed registry subkey: .jar
Removed registry subkey: .jnlp
Removed registry subkey tree: jarfile
Removed registry subkey tree: JavaWebStart.isInstalled
Removed registry subkey tree: JavaWebStart.isInstalled.1.7.0.0
Removed registry subkey tree: JNLPFile
Removed registry subkey: {5852F5ED-8BF4-11D4-A245-0080C6F74284}
Removed registry subkey: javaws.exe
Removed registry subkey tree: Browser Helper Objects
Removed registry subkey: 6C5ADB75C34456D42B338232391207FF
Removed registry subkey: A5CCAAC40F5B69B47777ACF82566467C
Removed registry subkey: 225FA5D4CDB0C57489E7F511C11D0182
Removed registry subkey: 225FC5D4ADB0C57489E7F511C11D0182
Removed registry subkey: 225FC5D4BDB0C57489E7F511C11D0182
Removed registry subkey: 225FC5D4CDB0C57489E7F511C11D0182
Removed registry subkey: 52AAFD69654C07446983ADA1256FC7A9
Removed registry subkey: AD9BB15F1AC776D49B768EDF5A02B896
Removed registry subkey: E1215CC4312C58A4A8F9D630115FB457
Removed registry subkey tree: F60730A4A66673047777F5728467D401
Exception encountered in module [JavaRa]
Message: Cannot delete a subkey tree because the subkey does not exist.
at Microsoft.Win32.RegistryKey.DeleteSubKeyTreeInternal(String subkey)
at Microsoft.Win32.RegistryKey.DeleteSubKeyTree(String subkey)
at JavaRa.routines_registry.delete_key(String key)

Removed registry subkey: Oracle_JavaAccessBridge
Removed registry subkey tree: JavaSoft
Removed registry subkey: JreMetrics
Removal routine completed successfully. 42 items have been deleted.
== Cleaning JRE temporary files ==
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\lastAccessed
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-20992904
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-20992904.idx
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-42382f60.idx
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-72d45d9c.idx
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\security\blacklist.cache
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\lastAccessed
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host\12006d6d-16591e71.hst
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host\1490c1d7-2a327b63.hst
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host\18bddfbd-7c5c0009.hst
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host\1fcaa760-17e9d258.hst
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host\212d7e66-54c4b0d3.hst
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host\237587b7-2171290b.hst
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host\28564d8f-3cefebd1.hst
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host\2a720f0a-523365fd.hst
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host\303146ea-6b40089b.hst
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host\38589a23-12d9836b.hst
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host\390671bf-6e2f2a6b.hst
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host\3a8945cf-5f8c73a1.hst
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host\414aca1d-31e4df82.hst
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host\4a61a14d-3882f0c3.hst
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host\4b1b0dcb-6935f743.hst
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host\583cf8ea-2bbf9f2e.hst
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host\593d98a-1c2df746.hst
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host\60fbfab3-3ae15069.hst
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host\61fb8b37-3b98121b.hst
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host\64b39161-38e9a50e.hst
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host\6938717f-6a154d7d.hst
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host\6b196699-3d062a41.hst
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host\6ebc365d-1f520f89.hst
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host\74d6ddfc-20f8354a.hst
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host\74fc1d02-79635889.hst
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host\79e77644-635396f6.hst
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host\a824756-1c968696.hst
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host\e234694-57ca1311.hst
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\4dc88189-36276fcd
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\4dc88189-36276fcd.idx
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\2bbaaf87-2fe725e2
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\2bbaaf87-2fe725e2.idx
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\2bbaaf87-e2e4c8970372d2fb4193a7ef29d16f6c3f08527947fcb9208b3a0e48820369fd-6.0.lap
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\578d3c07-7a2ce75f
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\578d3c07-7a2ce75f.idx
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\784cbd07-74f071b4
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\784cbd07-74f071b4.idx
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\11e917be-78d6c965c95c9913f2c68111cee568c3c4468ba664652f952968b8dc0d87988c-6.0.lap
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\11dd5f3d-5701bcce
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\11dd5f3d-5701bcce.idx
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\23b014bc-3a510002
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\23b014bc-3a510002.idx
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\5bd0d8fc-18b53fb7
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\5bd0d8fc-18b53fb7.idx
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\83913bc-5ac6a0a4
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\83913bc-5ac6a0a4.idx
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\5d138486-27615c38-9.1.0.3-
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\5d138486-27615c38-9.1.0.3-.idx
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\31b19ba-6ee98a52
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\31b19ba-6ee98a52.idx
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\6b09378-3f49b551
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\6b09378-3f49b551.idx
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\3f57d777-30d5a2fd.idx
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\554b42b5-6a8f68cf
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\554b42b5-6a8f68cf.idx
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\1d7baf4-764bcfbc
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\1d7baf4-764bcfbc.idx
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\33bf0df4-47617a5f
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\33bf0df4-47617a5f.idx
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\10598af2-1b543780
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\10598af2-1b543780.idx
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\32ec34f2-65d090d7.idx
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\793f39f2-19d3bdad
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\793f39f2-19d3bdad.idx
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\44b1eff0-4b1a171b
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\44b1eff0-4b1a171b.idx
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\403ee8af-75947cd4
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\403ee8af-75947cd4.idx
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\64b04a6f-7b519a5b
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\64b04a6f-7b519a5b.idx
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\51cbf66e-37c22a2c
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\51cbf66e-37c22a2c.idx
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\3755826d-6541114f
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\3755826d-6541114f.idx
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\4169a76d-7dcf8a20
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\4169a76d-7dcf8a20.idx
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\7e60542d-6d8ed57c
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\7e60542d-6d8ed57c.idx
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\2b26496c-2e02fe78
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\2b26496c-2e02fe78.idx
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\4ae6662c-2e2d1bcd
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\4ae6662c-2e2d1bcd.idx
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\72448b2b-1c49286f
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\72448b2b-1c49286f.idx
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\4fbd8b6a-328e9e6c
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\4fbd8b6a-328e9e6c.idx
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\7479fbaa-3c0a0b6d
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\7479fbaa-3c0a0b6d.idx
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\6552aee9-7bfd4890
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\6552aee9-7bfd4890.idx
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\677a7ca9-4705a8b1
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\677a7ca9-4705a8b1.idx
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\6db996e8-2ceb79e9
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\6db996e8-2ceb79e9.idx
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\7a25e804-4db31aa2
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\7a25e804-4db31aa2.idx
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\63f895e7-1d9cd2f0
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\63f895e7-1d9cd2f0.idx
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\126b9426-2268bcf8
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\126b9426-2268bcf8.idx
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\4bdbfb66-131be9f0
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\4bdbfb66-131be9f0.idx
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\e4ae9a6-3bc0e87b.idx
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\e4ae9a6-6075b542.idx
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\1a630e24-3035bdda
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\1a630e24-3035bdda.idx
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\56fa2763-42fbc91f
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\56fa2763-42fbc91f.idx
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\6c827d23-64eda8af
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\6c827d23-64eda8af.idx
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\2a4db322-5f1cc7e0
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\2a4db322-5f1cc7e0.idx
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\575b63e2-1b2e52e6
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\575b63e2-1b2e52e6.idx
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\51dc21a1-5b5de798
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\51dc21a1-5b5de798.idx
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\1f2ee69f-576d4366
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\1f2ee69f-576d4366.idx
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\3cf8409f-1b588571
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\3cf8409f-1b588571.idx
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\72b934df-2f0c0b98
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\72b934df-2f0c0b98.idx
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\1dbd555e-674b8974
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\1dbd555e-674b8974.idx
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\216ff71e-6d39d24d
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\216ff71e-6d39d24d.idx
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\3b9098de-4c498a2d
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\3b9098de-4c498a2d.idx
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\1440599d-55b0a75f
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\1440599d-55b0a75f.idx
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\223724db-5c8f93de
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\223724db-5c8f93de.idx
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\589b0c19-10ba36d5.idx
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\7dd6ea98-511243c8
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\7dd6ea98-511243c8.idx
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\1b828656-2264167e
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\1b828656-2264167e.idx
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\1dfede16-1c80d745
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\1dfede16-1c80d745.idx
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\761b18d6-4b1f9584
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\761b18d6-4b1f9584.idx
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\1e260595-31cb0292
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\1e260595-31cb0292.idx
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\33954695-2f2942a2
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\33954695-2f2942a2.idx
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\33cd4255-288c6046
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\33cd4255-288c6046.idx
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\759452d4-68bb12f3
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\759452d4-68bb12f3.idx
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\549a1002-6102044e
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\549a1002-6102044e.idx
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\665ad493-6738f9d5
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\665ad493-6738f9d5.idx
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\7bc7e293-7f3a98e4
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\7bc7e293-7f3a98e4.idx
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\775f012-12f1687d
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\775f012-12f1687d.idx
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\42c13411-41bc0374
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\42c13411-41bc0374.idx
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\4825f910-1e6b5f34
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\4825f910-1e6b5f34.idx
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\5a854d0-783dcd6b
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\5a854d0-783dcd6b.idx
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\30d5ebcf-d35fdeec0581fc7335bbe3863988c237bbdd5ec9376512d0ed127027be173fc9-6.0.lap
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\425dcecf-6273c89c
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\425dcecf-6273c89c.idx
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\41f60c8e-6c43fb0d
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\41f60c8e-6c43fb0d.idx
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\65b1114e-674624eb.idx
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\65ca58cc-30315073
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\65ca58cc-30315073.idx
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\6df9608b-1b0f4009
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\6df9608b-1b0f4009.idx
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\19930d0a-228705db
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\19930d0a-228705db.idx
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\2c081fc1-7c6ee761
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\2c081fc1-7c6ee761.idx

== Cleaning JRE temporary files ==
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\lastAccessed
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-20992904
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-20992904.idx
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-42382f60.idx
Deleted file: C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-72d45d9c.idx

Thanks,
Chris




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users