Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirects, slow


  • This topic is locked This topic is locked
4 replies to this topic

#1 harperdvi

harperdvi

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:07 AM

Posted 27 December 2014 - 03:56 PM

Sometimes when I click a link in a google search, I get redirected to a spam page. Computer is running slow for all users, but some users are extra slow. Also of note, the flash uploader on this page causes firefox to lock up.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17496  BrowserJavaVersion: 10.71.2
Run by The Eichins at 15:38:56 on 2014-12-27
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.1847.791 [GMT -5:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Sophos Anti-Virus *Enabled/Updated* {65FBD860-96D8-75EF-C7ED-7BE27E6C498A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Sophos Anti-Virus *Enabled/Updated* {DE9A3984-B0E2-7A61-FD5D-409005EB0337}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe
C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\CompatTel\QueryAppBlock.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\CompatTel\QueryAppBlock.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\CompatTel\QueryAppBlock.exe
C:\Windows\system32\CompatTel\QueryAppBlock.exe
C:\ProgramData\Sophos\AutoUpdate\cache\sophos_autoupdate1.dir\alupdate.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\WinUtilities\ToolMemoryOptimizer.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\AlarmClock.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mURLSearchHooks: {ea6905c1-afe7-44a8-b5cf-5a41c3fdf685} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
mRun: [Sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-001055-0002-0055-ABCDEFFEDCBC} - <orphaned>
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} - hxxp://download.gigabyte.com.tw/object/Dldrv.ocx
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect125.cab
DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - hxxp://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 65.32.5.111 65.32.5.112 192.168.1.1
TCP: Interfaces\{93CDA7D7-8A6B-47A1-B91E-F80C9CF36FDA} : DHCPNameServer = 65.32.5.111 65.32.5.112 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Notify: SDWinLogon - SDWinLogon.dll
AppInit_DLLs= C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL
SSODL: WebCheck - <orphaned>
SEH: {1869181A-9F50-4FCF-8BFF-1B8588ECB85C} - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
Hosts: 127.0.0.1    www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\The Eichins\AppData\Roaming\Mozilla\Firefox\Profiles\k6bwqenn.default\
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrlui.dll
FF - plugin: C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMSS.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\The Eichins\AppData\Roaming\Mozilla\Firefox\Profiles\k6bwqenn.default\extensions\{1B9B9C44-7E38-4680-B7F9-5482F4950E71}\plugins\npagentplus.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll
FF - ExtSQL: !HIDDEN! 2010-06-20 21:43; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;C:\Windows\System32\drivers\Lbd.sys [2010-7-31 69152]
R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2010-5-12 21544]
R1 SAVOnAccess;SAVOnAccess;C:\Windows\System32\drivers\savonaccess.sys [2013-10-23 154952]
R2 DES2 Service;DES2 Service for Energy Saving.;C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2010-6-12 68136]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2010-6-18 72216]
R3 EST_BusEnum;Network USB Device Bus;C:\Windows\System32\drivers\GenBus.sys [2009-10-6 29696]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-16 56344]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-8-23 317440]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-2-19 349800]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\System32\drivers\ssadadb.sys [2011-2-5 36328]
S3 AODDriver;AODDriver;C:\Program Files (x86)\GIGABYTE\ET6\amd64\AODDriver.sys [2009-2-22 52280]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2011-6-2 17864]
S3 DrvAgent64;DrvAgent64;C:\Windows\SysWOW64\drivers\DrvAgent64.SYS [2012-2-19 21712]
S3 EST_Server;Network USB Device;C:\Windows\System32\drivers\GenHC.sys [2009-10-6 199168]
S3 etdrv;etdrv;C:\Windows\etdrv.sys [2010-5-12 25640]
S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2010-5-12 30528]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-12-9 114688]
S3 ks2avs;Kontrol S2 WDM Audio;C:\Windows\System32\drivers\ks2avs.sys [2011-9-6 357968]
S3 ks2usb_svc;Traktor Kontrol S2;C:\Windows\System32\drivers\ks2usb.sys [2011-9-6 80976]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2010-7-12 1737728]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2010-8-14 17152]
S3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\System32\drivers\LVPr2M64.sys [2010-5-7 30304]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]
S3 LVUVC64;Logitech HD Webcam C310(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [2014-1-15 289256]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-12-20 19456]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2011-2-5 125416]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2011-2-5 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2011-2-5 159208]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-4-6 56832]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-3-31 61976]
S4 RsFx0105;RsFx0105 Driver;C:\Windows\System32\drivers\RsFx0105.sys [2011-9-22 311144]
S4 SophosBootDriver;SophosBootDriver;C:\Windows\System32\drivers\SophosBootDriver.sys [2013-10-23 25608]
.
=============== Created Last 30 ================
.
2014-12-17 18:10:22    115712    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2014-12-17 18:10:21    144384    ----a-w-    C:\Windows\System32\ieUnatt.exe
2014-12-10 08:33:37    --------    d-----w-    C:\Windows\System32\appraiser
2014-12-10 08:04:55    55808    ----a-w-    C:\Windows\System32\rrinstaller.exe
2014-12-10 08:04:55    50176    ----a-w-    C:\Windows\SysWow64\rrinstaller.exe
2014-12-10 08:04:55    24576    ----a-w-    C:\Windows\System32\mfpmp.exe
2014-12-10 08:04:55    23040    ----a-w-    C:\Windows\SysWow64\mfpmp.exe
2014-12-10 08:04:55    2048    ----a-w-    C:\Windows\SysWow64\mferror.dll
2014-12-10 08:04:55    2048    ----a-w-    C:\Windows\System32\mferror.dll
2014-12-10 08:04:54    4121600    ----a-w-    C:\Windows\System32\mf.dll
2014-12-10 08:04:54    3209728    ----a-w-    C:\Windows\SysWow64\mf.dll
2014-12-10 08:04:54    206848    ----a-w-    C:\Windows\System32\mfps.dll
2014-12-10 08:04:54    103424    ----a-w-    C:\Windows\SysWow64\mfps.dll
2014-12-10 01:37:04    830976    ----a-w-    C:\Windows\System32\appraiser.dll
2014-12-10 01:37:04    192000    ----a-w-    C:\Windows\System32\aepic.dll
2014-12-10 01:37:04    1232040    ----a-w-    C:\Windows\System32\aitstatic.exe
2014-12-10 01:37:04    1083392    ----a-w-    C:\Windows\System32\aeinv.dll
2014-12-10 01:37:03    741376    ----a-w-    C:\Windows\System32\invagent.dll
2014-12-10 01:37:03    413184    ----a-w-    C:\Windows\System32\generaltel.dll
2014-12-10 01:37:03    396800    ----a-w-    C:\Windows\System32\devinv.dll
2014-12-10 01:37:02    227328    ----a-w-    C:\Windows\System32\aepdu.dll
2014-12-03 06:31:20    227048    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2014-12-03 06:31:20    227048    ----a-w-    C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
==================== Find3M  ====================
.
2014-12-13 08:05:59    25640    ----a-w-    C:\Windows\gdrv.sys
2014-12-09 21:08:04    71344    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-12-09 21:08:04    701104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-11-26 01:43:51    129752    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-11-25 20:35:56    98216    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-11-22 03:06:23    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-11-22 03:06:11    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2014-11-22 02:50:39    66560    ----a-w-    C:\Windows\System32\iesetup.dll
2014-11-22 02:50:10    580096    ----a-w-    C:\Windows\System32\vbscript.dll
2014-11-22 02:49:54    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2014-11-22 02:48:20    88064    ----a-w-    C:\Windows\System32\MshtmlDac.dll
2014-11-22 02:35:29    114688    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2014-11-22 02:34:51    814080    ----a-w-    C:\Windows\System32\jscript9diag.dll
2014-11-22 02:34:07    6039552    ----a-w-    C:\Windows\System32\jscript9.dll
2014-11-22 02:26:31    968704    ----a-w-    C:\Windows\System32\MsSpellCheckingFacility.exe
2014-11-22 02:20:44    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-11-22 02:14:16    77824    ----a-w-    C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-11-22 02:07:43    501248    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2014-11-22 02:07:17    62464    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2014-11-22 02:06:32    47616    ----a-w-    C:\Windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05:02    64000    ----a-w-    C:\Windows\SysWow64\MshtmlDac.dll
2014-11-22 01:54:30    620032    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2014-11-22 01:47:10    1359360    ----a-w-    C:\Windows\System32\mshtmlmedia.dll
2014-11-22 01:46:58    2125312    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-11-22 01:40:04    60416    ----a-w-    C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29:26    4299264    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-11-22 01:28:21    2358272    ----a-w-    C:\Windows\System32\wininet.dll
2014-11-22 01:22:49    2052096    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-11-22 01:21:57    1155072    ----a-w-    C:\Windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:00:20    1888256    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-11-19 09:26:34    1614504    ----a-w-    C:\Windows\System32\FM20.DLL
2014-11-11 03:09:06    1424384    ----a-w-    C:\Windows\System32\WindowsCodecs.dll
2014-11-11 03:08:52    241152    ----a-w-    C:\Windows\System32\pku2u.dll
2014-11-11 03:08:48    728064    ----a-w-    C:\Windows\System32\kerberos.dll
2014-11-11 02:44:45    1230336    ----a-w-    C:\Windows\SysWow64\WindowsCodecs.dll
2014-11-11 02:44:32    186880    ----a-w-    C:\Windows\SysWow64\pku2u.dll
2014-11-11 02:44:25    550912    ----a-w-    C:\Windows\SysWow64\kerberos.dll
2014-11-11 01:46:26    119296    ----a-w-    C:\Windows\System32\drivers\tdx.sys
2014-11-08 03:16:08    2048    ----a-w-    C:\Windows\System32\tzres.dll
2014-11-08 02:45:09    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2014-10-30 02:03:43    165888    ----a-w-    C:\Windows\System32\charmap.exe
2014-10-30 01:45:43    155136    ----a-w-    C:\Windows\SysWow64\charmap.exe
2014-10-25 01:57:59    77824    ----a-w-    C:\Windows\System32\packager.dll
2014-10-25 01:32:37    67584    ----a-w-    C:\Windows\SysWow64\packager.dll
2014-10-18 02:05:23    861696    ----a-w-    C:\Windows\System32\oleaut32.dll
2014-10-18 01:33:18    571904    ----a-w-    C:\Windows\SysWow64\oleaut32.dll
2014-10-14 02:16:37    155064    ----a-w-    C:\Windows\System32\drivers\ksecpkg.sys
2014-10-14 02:13:06    683520    ----a-w-    C:\Windows\System32\termsrv.dll
2014-10-14 02:13:00    3241984    ----a-w-    C:\Windows\System32\msi.dll
2014-10-14 02:12:57    1460736    ----a-w-    C:\Windows\System32\lsasrv.dll
2014-10-14 02:09:31    146432    ----a-w-    C:\Windows\System32\msaudite.dll
2014-10-14 02:07:31    681984    ----a-w-    C:\Windows\System32\adtschema.dll
2014-10-14 01:50:47    22016    ----a-w-    C:\Windows\SysWow64\secur32.dll
2014-10-14 01:50:41    2363904    ----a-w-    C:\Windows\SysWow64\msi.dll
2014-10-14 01:49:38    96768    ----a-w-    C:\Windows\SysWow64\sspicli.dll
2014-10-14 01:47:30    146432    ----a-w-    C:\Windows\SysWow64\msaudite.dll
2014-10-14 01:46:02    681984    ----a-w-    C:\Windows\SysWow64\adtschema.dll
2014-10-10 00:57:42    3198976    ----a-w-    C:\Windows\System32\win32k.sys
2014-10-03 02:12:23    310272    ----a-w-    C:\Windows\System32\WsmWmiPl.dll
2014-10-03 02:12:23    2020352    ----a-w-    C:\Windows\System32\WsmSvc.dll
2014-10-03 02:12:22    346624    ----a-w-    C:\Windows\System32\WSManMigrationPlugin.dll
2014-10-03 02:12:22    181248    ----a-w-    C:\Windows\System32\WsmAuto.dll
2014-10-03 02:12:00    500224    ----a-w-    C:\Windows\System32\AUDIOKSE.dll
2014-10-03 02:11:54    284672    ----a-w-    C:\Windows\System32\EncDump.dll
2014-10-03 02:11:51    680960    ----a-w-    C:\Windows\System32\audiosrv.dll
2014-10-03 02:11:51    440832    ----a-w-    C:\Windows\System32\AudioEng.dll
2014-10-03 02:11:51    296448    ----a-w-    C:\Windows\System32\AudioSes.dll
2014-10-03 02:11:49    266240    ----a-w-    C:\Windows\System32\WSManHTTPConfig.exe
2014-10-03 01:45:03    248832    ----a-w-    C:\Windows\SysWow64\WSManMigrationPlugin.dll
2014-10-03 01:45:03    214016    ----a-w-    C:\Windows\SysWow64\WsmWmiPl.dll
2014-10-03 01:45:03    145920    ----a-w-    C:\Windows\SysWow64\WsmAuto.dll
2014-10-03 01:45:03    1177088    ----a-w-    C:\Windows\SysWow64\WsmSvc.dll
2014-10-03 01:44:42    442880    ----a-w-    C:\Windows\SysWow64\AUDIOKSE.dll
2014-10-03 01:44:26    374784    ----a-w-    C:\Windows\SysWow64\AudioEng.dll
2014-10-03 01:44:26    195584    ----a-w-    C:\Windows\SysWow64\AudioSes.dll
2014-10-03 01:44:25    198656    ----a-w-    C:\Windows\SysWow64\WSManHTTPConfig.exe
2014-10-01 16:11:26    63704    ----a-w-    C:\Windows\System32\drivers\mwac.sys
2014-10-01 16:11:16    93400    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2014-10-01 16:11:12    25816    ----a-w-    C:\Windows\System32\drivers\mbam.sys
.
============= FINISH: 15:41:47.27 ===============
 



BC AdBot (Login to Remove)

 


#2 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:03:07 AM

Posted 29 December 2014 - 01:18 PM

hi harperdvi,

 

If you still need some help you can get these two downloads, post the logs and we will go from there:

 

1)   Please download Adwcleaner and save to your desktop.
 
    Right-click on adwcleaner.exe and select Run as Administrator to launch the application.
    Now click on the Scan tab >> once the scan is complete click on the Clean tab and follow the prompts.
    Allow the system to reboot. You will then be presented with the report at restart. Copy & Paste this report on your next reply.
 
    http://www.bleepingcomputer.com/download/adwcleaner/
 
    Note: The log can also be located in your root drive, C:>AdwCleaner >AdwCleaner[S0].txt

 

 

2)  Please download Farbar Recovery Scan Tool and save it to your Desktop.
 
    http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/
 
   Note: You need to run the version compatible with your system. If you are not sure which version applies to your   system,  download both of them and try to run them. Only one of them will run on your system, that will be the right version. Looks like you can run the 64bit version.
 
    Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
    When the tool opens
    click Yes to disclaimer.
    Press the Scan button.
    When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
    Please copy and paste the log in your next reply.
 
The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.

 

How Can I Reduce My Risk to Malware?


#3 harperdvi

harperdvi
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:07 AM

Posted 29 December 2014 - 03:12 PM

AdwClean

# AdwCleaner v4.106 - Report created 29/12/2014 at 14:19:36
# Updated 21/12/2014 by Xplode
# Database : 2014-12-28.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Cara - DESKTOP
# Running from : C:\Users\Cara\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Uniblue
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Common Files\Software Update Utility
Folder Deleted : C:\Users\Cara\AppData\Local\Temp\AskSearch
Folder Deleted : C:\Users\Cara\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Cara\AppData\LocalLow\HPAppData
Folder Deleted : C:\Users\Cara\AppData\Roaming\HPAppData
Folder Deleted : C:\Users\Corey\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Corey\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Corey\AppData\LocalLow\HPAppData
Folder Deleted : C:\Users\Donna\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Donna\AppData\LocalLow\HPAppData
Folder Deleted : C:\Users\Kyle\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Kyle\AppData\LocalLow\HPAppData
Folder Deleted : C:\Users\The Eichins\AppData\Local\eSupport.com
Folder Deleted : C:\Users\The Eichins\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\The Eichins\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\The Eichins\AppData\LocalLow\HPAppData
Folder Deleted : C:\Users\Cara\AppData\Roaming\Mozilla\Firefox\Profiles\lwd91t71.default\Extensions\engine@conduit.com
File Deleted : C:\Users\Cara\AppData\Roaming\Mozilla\Firefox\Profiles\lwd91t71.default\invalidprefs.js
File Deleted : C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\qxal2hj1.default\invalidprefs.js
File Deleted : C:\Users\Cara\AppData\Roaming\Mozilla\Firefox\Profiles\lwd91t71.default\user.js

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\loaalbhdjmjgdckmmeflpmbacffgnmme
Key Deleted : HKLM\SOFTWARE\Classes\driverscanner
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{1791C1B5-FFD0-4D4B-ABCD-7A7DF6EAA89C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{26249267-15F4-4DA3-8247-C5A78E4FA918}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{697cdd4c-a910-407a-8f6f-30f9b872a95c}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7D0CD611-EBC0-43E0-AB26-3B95A1660F46}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Uniblue

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496

-\\ Mozilla Firefox v33.1.1 (x86 en-US)

[lwd91t71.default\prefs.js] - Line Deleted : user_pref("valueApps.CT1572363.mam_gk_currentVersion", "312E31332E302E3137");
[lwd91t71.default\prefs.js] - Line Deleted : user_pref("valueApps.CT1572363.mam_gk_currentVersion.storedInFile", false);
[lwd91t71.default\prefs.js] - Line Deleted : user_pref("valueApps.CT1572363.mam_gk_migrated_from_ls", "31");
[lwd91t71.default\prefs.js] - Line Deleted : user_pref("valueApps.CT1572363.mam_gk_migrated_from_ls.storedInFile", false);
[lwd91t71.default\prefs.js] - Line Deleted : user_pref("valueApps.CT1572363.mam_gk_userBornDate", "4E2F41");
[lwd91t71.default\prefs.js] - Line Deleted : user_pref("valueApps.CT1572363.mam_gk_userBornDate.storedInFile", false);
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.addressbar", "");
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.addressbarenhanced", "");
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.ba43);
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.can_run_bg_code", true);
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.certdomaininstaller", "");
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.changeprevious", false);
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.463ern Standard Time)");
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.cookie.InstallationTime.value", "1356257936");
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.cookie._GPL_aoi.value", "1356257936");
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.cookie._GPL_country_code.expiration", "Sat Dec 28 2013 13:45:35 GMT-0500 (Eastern Standard Time)");
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.cookie._GPL_country_code.value", "%22US%22");
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.cookie._GPL_crr.value", "1388092291");
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.cookie._GPL_currenttime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.cookie._GPL_currenttime.value", "%221386683838%22");
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.cookie._GPL_hotfix20111102645.value", "%221%22");
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.cookie._GPL_ib_delay.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.cookie._GPL_ib_delay.value", "24");
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.cookie._GPL_ib_disclosure.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.cookie._GPL_ib_disclosure.value", "1387651544");
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.cookie._GPL_ib_list.expiration", "Thu Dec 26 2013 22:10:31 GMT-0500 (Eastern Standard Time)");
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.cookie._GPL_ib_list.value", "%7B%22f7610cf2b37067876b694a05c56f32e2%22%3A%7B%22p%22%3A%22/%22%7D%2C%22d763717b4b2e0a17a877cc642fb80ee4%22%3A%7B%22p%22%3A%2[...]
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.cookie._GPL_installer_params.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.cookie._GPL_installer_params.value", "%7B%22source_id%22%3A%220%22%2C%22sub_id%22%3A%220%22%2C%22uzid%22%3A%220%22%7D");
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.cookie._GPL_installtime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.cookie._GPL_installtime.value", "%221363714919%22");
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.cookie._GPL_parent_zoneid.value", "%2214019%22");
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.cookie._GPL_pc_20120828.value", "1364300022486");
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.cookie._GPL_product_id.value", "%221180%22");
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.cookie._GPL_zoneid.value", "%22122964%22");
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.cookie.dbtest.value", "1364299768683");
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.cookie.lastrequest.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.cookie.lastrequest.value", "%7B%22path%22%3A%22/%22%2C%22host%22%3A%22www.jossandmain.com%22%2C%22scheme%22%3A%22hxxps%22%7D");
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.description", "Deals Plugin");
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.domain", "");
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.enablesearch", false);
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.fbremoteurl", "");
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.group", 0);
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.homepage", "");
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.iframe", false);
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.internaldb.InstallerParamsCache.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.internaldb.Resources_appVer.value", "92");
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.internaldb.Resources_lastVersion.value", "0");
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.internaldb.Resources_meta.value", "%7B%7D");
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.internaldb.Resources_nextCheck.expiration", "Thu Dec 26 2013 22:10:16 GMT-0500 (Eastern Standard Time)");
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.internaldb.Resources_nextCheck.value", "true");
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.internaldb.Resources_queue.value", "%7B%7D");
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.internaldb.Resources_remote_resources.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.internaldb.Resources_remote_resources.value", "%7B%22remoteId%22%3A0%7D");
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GPL_=function(){_GPL_PLUGIN.started_GPL_PLUGIN.prepare({pid:1180,baseCDN:\"contentcache-a.akamaihd.n[...]
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.manifesturl", "");
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.name", "Deals Plugin");
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4er_pref("extensions.crossriderapp4637.4637.plugins.plugin_1.code", "appAPI._cr_config={appID:function(){var a=appAPI.appInfo;if(a){return appAPI.appInfo.id;}el[...]
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.plugins.plugin_1.name", "base");
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.plugins.plugin_1.ver", 8);
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.plugins.plugin_1000014.code", "Array.prototype.indexOf(Array.prototype.indexOf=function(B){if(void 0===thisnull===this)throw new TypeError;var c=Object[...]
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.plugins.plugin_1000014.name", "GPL Plugin (Loader)");
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.plugins.plugin_1000014.ver", 16);
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.plugins.plugin_1000015.code", "var a=appAPI.db.getList(),cf_ran=!1,_GPL_BG={vars:{},rules:{},started:!1,allowed:!1,log:function(B){console.log(B)},factor:1[...]
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.plugins.plugin_1000015.name", "GPL Background (BG)");
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.plugins.plugin_1000015.ver", 39);
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.plugins.plugin_13.code", "(function(a){a.selectedText=function(e,c){function d(){if(window.getSelection){return window.getSelection();}else{if(document.get[...]
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.plugins.plugin_13.name", "CrossriderAppUtils");
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.plugins.plugin_13.ver", 7);
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefined\"){appAPI={};}var CR__bIsIEWindow=false;if(typeof window!==\"undefined\"&&typeof window.navigator[...]
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.plugins.plugin_14.name", "CrossriderUtils");
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.plugins.plugin_14.ver", 10);
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.plugins.plugin_16.code", "if((typeof isBackground===\"undefined\"isBackground!==true)&&(typeof _firefoxVersion!==\"undefined\"&&_firefoxVersion>14)&&type[...]
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.plugins.plugin_16.name", "FFAppAPIWrapper");
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.plugins.plugin_16.ver", 15);
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.plugins.plugin_17.code", "if(typeof window!==\"undefined\"){\n/*!\n * jQuery JavaScript Library v1.4.2\n * hxxp://jquery.com/\n *\n * Copyright 2010, John [...]
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.plugins.plugin_17.name", "jQuery");
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.plugins.plugin_17.ver", 4);
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.plugins.plugin_177.code", "(function(){if(!(appAPI.isMatchPages&&appAPI.isMatchPages(\"*crossrider.com/extension_dashboard/dashboard.html\"))){return;}func[...]
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.plugins.plugin_177.name", "crossriderDashboard");
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.plugins.plugin_177.ver", 1);
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.plugins.plugin_182.code", "(function(){if(typeof $jquery_171===\"undefined\"){return;}var c={DUMMY_PAGE_URL:\"hxxp://page.our-app.net/blank/resource.html\"[...]
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.plugins.plugin_182.name", "openUrl");
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.plugins.plugin_182.ver", 2);
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.plugins.plugin_183.code", "(function(){if(typeof $jquery_171===\"undefined\"){return;}var a={SCOPE:{BACKGROUND:0,PAGE:1,POPUP:5,OPEN_URL:6}};if(!appAPI.uti[...]
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.plugins.plugin_183.name", "tabsWrapper");
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.plugins.plugin_183.ver", 2);
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.plugins.plugin_21.code", "var CrossriderDebugManager=(function(h){var f={appId:appAPI._cr_config.appID(),url:appAPI._cr_config.debug_app};return h.Class.ex[...]
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.plugins.plugin_21.name", "debug");
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.plugins.plugin_21.ver", 5);
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.plugins.plugin_22.code", "(function(a){appAPI.queueManager={queue:[],register:function(B){this.queue.push(B);}};appAPI.ready=function(c,B){a.when.apply(nul[...]
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.plugins.plugin_22.name", "resources");
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.plugins.plugin_22.ver", 5);
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.plugins.plugin_28.code", "var CrossriderInitializerPlugin=(function(e){var c={appId:appAPI._cr_config.appID()},b,g=new e.Deferred(),f;return e.Class.extend[...]
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.plugins.plugin_28.name", "initializer");
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.plugins.plugin_28.ver", 4);
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.plugins.plugin_4.code", "var jQuery = $jquery_171 = $jquery = null;\n\nif (document && typeof document.getElementById !== \"undefined\") {\n\n/*! jQuery v1[...]
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.plugins.plugin_4.name", "jquery_1_7_1");
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.plugins.plugin_4.ver", 4);
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.plugins.plugin_47.code", "(function(){appAPI.ready=function(a){appAPI.resources.isReady(a);};}());var CrossRiderResourcesManager=(function(){var C={appId:([...]
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.plugins.plugin_47.name", "resources_background");
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.plugins.plugin_47.ver", 3);
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.plugins.plugin_64.code", "(function(){var j=\"__CR_EMPTY_CHANNEL__\";var d=function(e){return(typeof e===\"object\"&&e!==null);};var b=function(e){return(![...]
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.plugins.plugin_64.name", "appApiMessage");
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.plugins.plugin_64.ver", 3);
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.plugins.plugin_72.code", "if(appAPI.__should_activate_validation__===true){(function(){var e={WRONG_STRICT_VALUE:\"Parameter %PARAM_NAME% value is not supp[...]
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.plugins.plugin_72.name", "appApiValidation");
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.plugins.plugin_72.ver", 4);
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.plugins.plugin_78.code", "if(typeof jQuery!==\"undefined\"&&(jQuery)&&typeof window.navigator!==\"undefined\"&&typeof window.navigator.userAgent!==\"undefi[...]
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.plugins.plugin_78.name", "CrossriderInfo");
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.plugins.plugin_78.ver", 5);
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.plugins.plugin_98.code", "(function(){var b={DUMMY_PAGE_URL:\"hxxp://page.our-app.net/blank/resource.html\"};var c=\"cr_\"+appAPI.appID+\"internalMessage\"[...]
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.plugins.plugin_98.name", "omniCommands");
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.plugins.plugin_98.ver", 3);
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.plugins_lists.plugins_0", "4,14,78,16,64,183,47,182,72,98,1000015");
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.plugins_lists.plugins_1", "17,14,78,13,16,64,4,1,21,22,182,183,72,98,1000014,177,28");
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.plugins_lists.plugins_5", "4,14,78,13,16,64,47,182,72");
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.pluginsurl", "hxxps://w9u6a2p6.ssl.hwcdn.net/plugin/apps/4637/plugins/091/ff/plugins.json");
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.pluginsversion", 71);
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.publisher", "Innovative Apps");
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.searchstatus", 0);
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.setnewtab", false);
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.settingsurl", "");
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.thankyou", "");
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.updateinterval", 360);
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.4637.ver", 92);
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.adsOldValue", -1);
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.apps", "4637");
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.bic", "13bc745c3e18ee7ec791239878671eb3");
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.cid", 4637);
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.firstrun", false);
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.hadappinstalled", true);
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.installationdate", 1356257936);
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.lastcheck", 23134870);
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.lastcheckitem", 23134893);
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.modetype", "production");
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.crossriderapp4637.statsDailyCounter", 3);
[oflkqu20.default\prefs.js] - Line Deleted : user_pref("extensions.enabledAddons", "crossriderapp4637%40crossrider.com:0.91.77,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0");
[k6bwqenn.default\prefs.js] - Line Deleted : user_pref("extensions.enabledItems", "{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24,{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442,{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26,{CAFEEFAC-0016-0000-[...]

-\\ Google Chrome v

[C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationType=bu10aiminstabie7

*************************

AdwCleaner[R0].txt - [26104 octets] - [29/12/2014 13:24:27]
AdwCleaner[S0].txt - [27263 octets] - [29/12/2014 14:19:36]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [27324 octets] ##########

 

FRST

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-12-2014
Ran by Cara (administrator) on DESKTOP on 29-12-2014 15:05:05
Running from C:\Users\Cara\Desktop
Loaded Profile: Cara (Available profiles: The Eichins & Donna & Kyle & Corey & Cara)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Gigabyte Technology CO., LTD.) C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Gigabyte Technology CO., LTD.) C:\Program Files (x86)\GIGABYTE\smart6\timelock\AlarmClock.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9642528 2009-12-08] (Realtek Semiconductor)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] => C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [929272 2013-01-11] (Sophos Limited)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3697172734-1336641488-1064551242-1006\...\Run: [ISUSPM Startup] => c:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2005-02-17] (InstallShield Software Corporation)
HKU\S-1-5-21-3697172734-1336641488-1064551242-1006\...\Run: [Aim] => "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US
AppInit_DLLs: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll [217160 2014-11-27] (Sophos Limited)
AppInit_DLLs-x32: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll [275352 2014-11-27] (Sophos Limited)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
BootExecute: autocheck autochk * lsdeletesdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-3697172734-1336641488-1064551242-1006\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
URLSearchHook: HKLM-x32 - (No Name) - {ea6905c1-afe7-44a8-b5cf-5a41c3fdf685} - No File
URLSearchHook: HKU\S-1-5-21-3697172734-1336641488-1064551242-1006 - (No Name) - {ea6905c1-afe7-44a8-b5cf-5a41c3fdf685} - No File
URLSearchHook: HKU\S-1-5-21-3697172734-1336641488-1064551242-1006 - (No Name) - {e5a1e26f-0d1d-4307-868f-fbd9a374ab54} - No File
URLSearchHook: HKU\S-1-5-21-3697172734-1336641488-1064551242-1006 - (No Name) - {c54049e9-0f7e-4cff-a837-667940fd1fbf} - No File
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3697172734-1336641488-1064551242-1006 -> DefaultScope {39E7FACA-F9B5-4FA5-BB24-D5C3EBB204FE} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=
SearchScopes: HKU\S-1-5-21-3697172734-1336641488-1064551242-1006 -> {39E7FACA-F9B5-4FA5-BB24-D5C3EBB204FE} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKU\S-1-5-21-3697172734-1336641488-1064551242-1006 -> No Name - {C54049E9-0F7E-4CFF-A837-667940FD1FBF} -  No File
DPF: HKLM-x32 {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} http://download.gigabyte.com.tw/object/Dldrv.ocx
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect125.cab
DPF: HKLM-x32 {77E32299-629F-43C6-AB77-6A1E6D7663F6} http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks-x32:  - {1869181A-9F50-4FCF-8BFF-1B8588ECB85C} -  No File [ ]
Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [89592] (Sophos Limited)
Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [89592] (Sophos Limited)
Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [89592] (Sophos Limited)
Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [89592] (Sophos Limited)
Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [89592] (Sophos Limited)
Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [89592] (Sophos Limited)
Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [89592] (Sophos Limited)
Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [89592] (Sophos Limited)
Winsock: Catalog9 19 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [89592] (Sophos Limited)
Winsock: Catalog9-x64 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132904] (Sophos Limited)
Winsock: Catalog9-x64 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132904] (Sophos Limited)
Winsock: Catalog9-x64 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132904] (Sophos Limited)
Winsock: Catalog9-x64 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132904] (Sophos Limited)
Winsock: Catalog9-x64 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132904] (Sophos Limited)
Winsock: Catalog9-x64 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132904] (Sophos Limited)
Winsock: Catalog9-x64 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132904] (Sophos Limited)
Winsock: Catalog9-x64 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132904] (Sophos Limited)
Winsock: Catalog9-x64 19 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132904] (Sophos Limited)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 65.32.5.111 65.32.5.112 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Cara\AppData\Roaming\Mozilla\Firefox\Profiles\lwd91t71.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3697172734-1336641488-1064551242-1006: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll (Catalina Marketing Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPcol500.dll (Catalina Marketing Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Cara\AppData\Roaming\Mozilla\Firefox\Profiles\lwd91t71.default\searchplugins\AOL Search.xml
FF Extension: ooVoo Video Chat  - C:\Users\Cara\AppData\Roaming\Mozilla\Firefox\Profiles\lwd91t71.default\Extensions\{e5a1e26f-0d1d-4307-868f-fbd9a374ab54} [2014-01-22]
FF Extension: ShopToWin18 - C:\Users\Cara\AppData\Roaming\Mozilla\Firefox\Profiles\lwd91t71.default\Extensions\{fb320179-bf62-4606-9d75-5e82785ed1bf} [2013-08-02]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} [2014-11-23]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-11-23]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-03-10]
FF HKU\S-1-5-21-3697172734-1336641488-1064551242-1006\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR Profile: C:\Users\Cara\AppData\Local\Google\Chrome\User Data\Default

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 DES2 Service; C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [68136 2009-06-17] ()
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-23] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-23] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
S3 Lavasoft Ad-Aware Service; C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [1737728 2012-09-20] (Lavasoft Limited                                                  ) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-15] (McAfee, Inc.)
R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [58387104 2014-07-12] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [5739008 2011-12-05] (Native Instruments GmbH) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [290296 2013-05-17] (Sophos Limited)
R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [206328 2013-05-17] (Sophos Limited)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 Smart TimeLock; C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [114688 2009-10-13] (Gigabyte Technology CO., LTD.) [File not signed]
R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [237048 2013-01-11] (Sophos Limited)
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [441504 2014-07-12] (Microsoft Corporation)
R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [3109880 2013-09-17] (Sophos Limited)
S2 swi_update_64; C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [2012152 2013-05-17] (Sophos Limited)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AODDriver; C:\Program Files (x86)\GIGABYTE\ET6\amd64\AODDriver.sys [52280 2011-03-05] (Advanced Micro Devices)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21544 2010-04-22] ()
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
R3 EST_BusEnum; C:\Windows\System32\DRIVERS\GenBus.sys [29696 2009-10-06] ( )
S3 EST_Server; C:\Windows\System32\DRIVERS\GenHC.sys [199168 2009-10-06] ( )
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2011-03-05] ()
S3 ks2avs; C:\Windows\System32\Drivers\ks2avs.sys [357968 2011-09-06] (Native Instruments GmbH)
S3 ks2usb_svc; C:\Windows\System32\Drivers\ks2usb.sys [80976 2011-09-06] (Native Instruments GmbH)
S3 Lavasoft Kernexplorer; C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [17152 2011-06-05] ()
R0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [69152 2010-07-12] (Lavasoft AB)
S4 LMIRfsClientNP; No ImagePath
S3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [154952 2013-05-17] (Sophos Limited)
S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [25608 2011-10-23] (Sophos Plc)
S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]
S3 vpnva; system32\DRIVERS\vpnva64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-29 15:05 - 2014-12-29 15:06 - 00021958 _____ () C:\Users\Cara\Desktop\FRST.txt
2014-12-29 15:04 - 2014-12-29 15:05 - 00000000 ____D () C:\FRST
2014-12-29 15:02 - 2014-12-29 15:02 - 02123264 _____ (Farbar) C:\Users\Cara\Desktop\FRST64.exe
2014-12-29 14:24 - 2014-12-29 14:24 - 00027421 _____ () C:\Users\Cara\Desktop\AdwCleaner[S0].txt
2014-12-29 13:23 - 2014-12-29 14:20 - 00000000 ____D () C:\AdwCleaner
2014-12-29 13:23 - 2014-12-29 13:23 - 02173952 _____ () C:\Users\Cara\Desktop\AdwCleaner.exe
2014-12-29 13:22 - 2014-12-29 13:22 - 02173952 _____ () C:\Users\Cara\Downloads\AdwCleaner.exe
2014-12-28 16:30 - 2014-12-28 16:31 - 00000000 ____D () C:\Users\Cara\AppData\Local\WinZip
2014-12-28 16:30 - 2014-12-28 16:30 - 05827673 _____ () C:\Users\Cara\Downloads\ccsetup501.zip
2014-12-28 08:24 - 2014-12-28 08:24 - 00410144 _____ (www.patchmypc.net) C:\Users\Cara\Downloads\PatchMyPC.exe
2014-12-27 15:43 - 2014-12-27 15:43 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-27 15:41 - 2014-12-27 15:42 - 00023504 _____ () C:\Users\The Eichins\Desktop\dds.txt
2014-12-27 15:41 - 2014-12-27 15:42 - 00018510 _____ () C:\Users\The Eichins\Desktop\attach.txt
2014-12-27 15:37 - 2014-12-27 15:37 - 00688992 ____R (Swearware) C:\Users\The Eichins\Desktop\dds.com
2014-12-17 13:10 - 2014-12-13 00:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-17 13:10 - 2014-12-12 22:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-15 07:38 - 2014-12-15 07:38 - 00000000 __SHD () C:\Users\Cara\AppData\Local\EmieBrowserModeList
2014-12-12 12:21 - 2014-12-28 16:32 - 07394584 _____ (Piriform Ltd) C:\Users\Cara\Desktop\CCleaner64.exe
2014-12-10 03:33 - 2014-12-10 03:33 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-10 03:04 - 2014-10-17 21:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-10 03:04 - 2014-10-17 20:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-10 03:04 - 2014-07-06 21:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-12-10 03:04 - 2014-07-06 21:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-12-10 03:04 - 2014-07-06 21:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-12-10 03:04 - 2014-07-06 21:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-12-10 03:04 - 2014-07-06 20:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-12-10 03:04 - 2014-07-06 20:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-12-10 03:04 - 2014-07-06 20:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-12-10 03:04 - 2014-07-06 20:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-12-09 20:37 - 2014-12-03 21:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-09 20:37 - 2014-12-03 21:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-09 20:37 - 2014-12-03 21:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-09 20:37 - 2014-12-03 21:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-09 20:37 - 2014-12-03 21:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-09 20:37 - 2014-12-03 21:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-09 20:37 - 2014-12-03 21:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-09 20:37 - 2014-12-01 18:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-09 20:36 - 2014-11-26 20:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-09 20:36 - 2014-11-26 20:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-09 20:36 - 2014-11-21 22:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-09 20:36 - 2014-11-21 22:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-09 20:36 - 2014-11-21 22:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-09 20:36 - 2014-11-21 21:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-09 20:36 - 2014-11-21 21:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-09 20:36 - 2014-11-21 21:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-09 20:36 - 2014-11-21 21:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-09 20:36 - 2014-11-21 21:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-09 20:36 - 2014-11-21 21:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-09 20:36 - 2014-11-21 21:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-09 20:36 - 2014-11-21 21:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-09 20:36 - 2014-11-21 21:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-09 20:36 - 2014-11-21 21:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-09 20:36 - 2014-11-21 21:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-09 20:36 - 2014-11-21 21:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-09 20:36 - 2014-11-21 21:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-09 20:36 - 2014-11-21 21:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-09 20:36 - 2014-11-21 21:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-09 20:36 - 2014-11-21 21:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-09 20:36 - 2014-11-21 21:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-09 20:36 - 2014-11-21 21:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-09 20:36 - 2014-11-21 21:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-09 20:36 - 2014-11-21 21:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-09 20:36 - 2014-11-21 21:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-09 20:36 - 2014-11-21 21:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-09 20:36 - 2014-11-21 21:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-09 20:36 - 2014-11-21 21:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-09 20:36 - 2014-11-21 20:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-09 20:36 - 2014-11-21 20:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-09 20:36 - 2014-11-21 20:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-09 20:36 - 2014-11-21 20:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-09 20:36 - 2014-11-21 20:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-09 20:36 - 2014-11-21 20:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-09 20:36 - 2014-11-21 20:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-09 20:36 - 2014-11-21 20:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-09 20:36 - 2014-11-21 20:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-09 20:36 - 2014-11-21 20:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-09 20:36 - 2014-11-21 20:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-09 20:36 - 2014-11-21 20:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-09 20:36 - 2014-11-21 20:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-09 20:36 - 2014-11-21 20:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-09 20:36 - 2014-11-21 20:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-09 20:36 - 2014-11-21 20:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-09 20:36 - 2014-11-21 20:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-09 20:36 - 2014-11-21 20:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-09 20:36 - 2014-11-21 20:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-09 20:36 - 2014-11-21 20:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-09 20:36 - 2014-11-21 20:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-09 20:36 - 2014-11-21 20:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-09 20:36 - 2014-11-21 20:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-09 20:36 - 2014-11-21 19:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-09 20:36 - 2014-11-21 19:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-09 20:36 - 2014-11-10 22:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-09 20:36 - 2014-11-10 21:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-09 20:36 - 2014-11-10 20:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-09 20:36 - 2014-11-07 22:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-09 20:36 - 2014-11-07 21:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-09 20:36 - 2014-10-29 21:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-09 20:36 - 2014-10-29 20:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-09 20:36 - 2014-10-02 21:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-09 20:36 - 2014-10-02 21:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-09 20:36 - 2014-10-02 21:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-09 20:36 - 2014-10-02 21:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-09 20:36 - 2014-10-02 21:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-09 20:36 - 2014-10-02 20:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-09 20:36 - 2014-10-02 20:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-09 20:36 - 2014-10-02 20:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-09 20:36 - 2014-10-02 20:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-09 20:36 - 2014-10-02 20:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-29 15:05 - 2010-05-12 11:26 - 01771874 _____ () C:\Windows\WindowsUpdate.log
2014-12-29 14:38 - 2012-03-31 15:44 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-29 14:31 - 2009-07-13 23:45 - 00015120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-29 14:31 - 2009-07-13 23:45 - 00015120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-29 14:23 - 2011-12-22 08:00 - 00000370 _____ () C:\Windows\Tasks\MemOptimizer-02BB2F56CB964deb8996194DE7EB5275.job
2014-12-29 14:23 - 2011-10-02 07:28 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-29 14:23 - 2010-06-12 11:00 - 00025640 _____ (Windows ® Server 2003 DDK provider) C:\Windows\gdrv.sys
2014-12-29 14:22 - 2014-04-04 06:29 - 00152486 _____ () C:\Windows\PFRO.log
2014-12-29 14:22 - 2014-04-04 06:29 - 00006070 _____ () C:\Windows\setupact.log
2014-12-29 14:22 - 2010-08-03 02:18 - 00127287 _____ () C:\aaw7boot.log
2014-12-29 14:22 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-29 03:00 - 2014-04-06 15:19 - 00200650 _____ () C:\Windows\msxml4-KB954430-enu.LOG
2014-12-28 19:36 - 2014-11-23 16:12 - 00000000 ____D () C:\Users\The Eichins\Desktop\Hirens
2014-12-28 19:33 - 2014-11-23 16:16 - 00000000 ____D () C:\MyBootCD
2014-12-28 15:48 - 2012-08-31 11:49 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3697172734-1336641488-1064551242-1004Core.job
2014-12-28 08:19 - 2014-09-02 10:49 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-28 08:14 - 2014-09-02 10:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-28 08:14 - 2014-09-02 10:49 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-28 08:14 - 2011-12-28 20:51 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-27 17:38 - 2011-06-05 10:05 - 00000064 _____ () C:\Windows\SysWOW64\rp_stats.dat
2014-12-27 17:38 - 2011-06-05 10:05 - 00000044 _____ () C:\Windows\SysWOW64\rp_rules.dat
2014-12-27 17:38 - 2010-07-31 17:15 - 00003622 _____ () C:\Windows\System32\Tasks\Ad-Aware Update (Weekly)
2014-12-27 16:07 - 2012-05-14 12:27 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-12-27 16:07 - 2012-05-14 12:27 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-12-27 15:32 - 2013-03-03 14:59 - 00000047 _____ () C:\Windows\SysWOW64\_WKERNEL.SYL
2014-12-27 15:23 - 2010-05-21 18:24 - 00110152 _____ () C:\Users\Cara\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-16 07:56 - 2014-11-23 13:28 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-14 03:02 - 2012-05-14 12:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-12-13 04:07 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-12-10 03:33 - 2014-05-06 02:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-10 03:33 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-10 03:33 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-10 03:14 - 2013-08-15 02:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-10 03:08 - 2010-05-12 20:16 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-10 03:08 - 2010-05-12 19:52 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-09 16:08 - 2012-03-31 15:44 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-09 16:08 - 2012-03-31 15:44 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-09 16:08 - 2011-05-20 17:08 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-30 17:01 - 2010-06-20 14:20 - 346407936 _____ () C:\Users\The Eichins\Documents\Mark's Email Archive.pst
2014-11-30 17:01 - 2010-06-20 10:59 - 00000000 ____D () C:\Users\The Eichins\Documents\Outlook Files
2014-11-30 16:35 - 2010-05-12 19:59 - 00110152 _____ () C:\Users\The Eichins\AppData\Local\GDIPFONTCACHEV1.DAT

Some content of TEMP:
====================
C:\Users\Cara\AppData\Local\Temp\business.exe
C:\Users\Cara\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\Cara\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Cara\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Cara\AppData\Local\Temp\PR_OoVoO.exe
C:\Users\Cara\AppData\Local\Temp\Quarantine.exe
C:\Users\Cara\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Cara\AppData\Local\Temp\sqlite3.dll
C:\Users\Corey\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Corey\AppData\Local\Temp\Launcher2.0.exe
C:\Users\Corey\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Corey\AppData\Local\Temp\WZ9334_OEM_Bunndle_20110706_wrapped.exe
C:\Users\The Eichins\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-12-25 00:57

==================== End Of Log ============================

 

Addition

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-12-2014
Ran by Cara at 2014-12-29 15:06:22
Running from C:\Users\Cara\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Lavasoft Ad-Watch Live! Anti-Virus (Disabled - Up to date) {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Sophos Anti-Virus (Enabled - Up to date) {65FBD860-96D8-75EF-C7ED-7BE27E6C498A}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: Sophos Anti-Virus (Enabled - Up to date) {DE9A3984-B0E2-7A61-FD5D-409005EB0337}
AS: Lavasoft Ad-Watch Live! (Disabled - Up to date) {24938260-56EE-C1E5-047B-DC2BDD234BAB}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

@BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.20 - GIGABYTE)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
8500A909_eDocs (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
8500A909_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
8500A909g (x32 Version: 50.0.165.000 - Hewlett-Packard) Hidden
Ad-Aware (HKLM-x32\...\Ad-Aware) (Version:  - Lavasoft)
Ad-Aware (x32 Version: 8.3.0 - Lavasoft) Hidden
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Advanced Video FX Engine (HKLM-x32\...\Advanced Video FX Engine) (Version:  - )
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 1.2.6 (HKLM-x32\...\Audacity_is1) (Version:  - )
Auslogics Duplicate File Finder (HKLM-x32\...\{6845255F-15CC-4DD1-94D5-D38F370118B3}_is1) (Version: 2.5 - Auslogics Software Pty Ltd)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BPD_DSWizards (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (x32 Version: 50.0.165.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.26 - Piriform)
Company of Heroes (HKLM-x32\...\Steam App 4560) (Version:  - Relic)
Creative Live! Cam Center (HKLM-x32\...\Creative Live! Cam Center) (Version: 1.00 - Creative Technology Limited)
Defraggler (HKLM\...\Defraggler) (Version: 2.09 - Piriform)
DES 2.0 (HKLM-x32\...\{675F86A8-E093-4002-87D5-915CC2C45571}) (Version: 1.00.0000 - Gigabyte)
Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
DMIView B8.0717.01 (HKLM-x32\...\{3EE1008C-11A1-4F4F-8DB7-27573924DE78}) (Version: 1.4 - Gigabyte)
DocMgr (x32 Version: 130.0.000.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Easy Tune 6 B09.1120.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)
Easy Tune 6 B09.1120.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Evernote v. 4.5.6 (HKLM-x32\...\{D1F7C704-99F2-11E1-9C74-984BE15F174E}) (Version: 4.5.6.6884 - Evernote Corp.)
Face_Wizard B09.1119.01 (HKLM-x32\...\{E76FCE6B-9999-4250-8C75-B2DA4AD41268}) (Version: 1.00.0000 - Gigabyte)
Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden
Free Window Registry Repair (HKLM-x32\...\Free Window Registry Repair) (Version:  - )
GDR 5520 for SQL Server 2008 (KB2977321) (64-bit) (HKLM\...\KB2977321) (Version: 10.3.5520.0 - Microsoft Corporation)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Hewlett-Packard ACLM.NET v1.1.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Officejet 6500 E710n-z Basic Device Software (HKLM\...\{ADDF4B84-5D28-4EAE-8511-EF808C8BC81C}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Officejet 6500 E710n-z Help (HKLM-x32\...\{130E5108-547F-4482-91EE-F45C784E08C7}) (Version: 140.0.2.2 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
HP Product Detection (HKLM-x32\...\{AF5D2519-C6B4-4AFD-9A8D-FBF74DD4F0A0}) (Version: 11.15.0004 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
iCloud (HKLM\...\{D0CB24F4-084F-40DE-B6B9-A03626E682F0}) (Version: 2.1.1.3 - Apple Inc.)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.0.1006 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2622 - Intel Corporation)
iTunes (HKLM\...\{0225AD21-F3E2-4916-BFF3-65D3F9052582}) (Version: 11.0.2.26 - Apple Inc.)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
Live 8.2.2 (HKLM-x32\...\Live 8.2.2) (Version:  - )
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.141.11 - McAfee, Inc.)
MFP and Storage Server (HKLM-x32\...\InstallShield_{5B13ECF5-5B59-45B7-83A4-BC27F33F39BA}) (Version: 0.09.1006.0049 - TP-LINK)
MFP and Storage Server (Version: 0.09.1006.0049 - TP-LINK) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft SQL Server 2008 (64-bit) (HKLM\...\Microsoft SQL Server 10 Release) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 Browser (HKLM-x32\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{2738C4AA-420E-4E13-ADEF-B5AB250E3EF1}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{393CA5BF-0362-42FD-ABC2-BA9D22EF925E}) (Version: 10.3.5520.0 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{0826F9E4-787E-481D-83E0-BC6A57B056D5}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 33.1.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.1.1 (x86 en-US)) (Version: 33.1.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MPM (HKLM-x32\...\{CD8C5C7F-7C58-4F85-8977-A6C08C087912}) (Version: 1.00.0000 - Hewlett-Packard)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version:  - Native Instruments)
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version:  - Native Instruments)
Native Instruments Traktor 2 (HKLM-x32\...\Native Instruments Traktor 2) (Version:  - Native Instruments)
Native Instruments Traktor Audio 10 (HKLM-x32\...\Native Instruments Traktor Audio 10) (Version:  - Native Instruments)
Native Instruments Traktor Audio 6 (HKLM-x32\...\Native Instruments Traktor Audio 6) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol S2 (HKLM-x32\...\Native Instruments Traktor Kontrol S2) (Version:  - Native Instruments)
Network64 (Version: 130.0.579.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
Officejet Pro 8500 A909 Series (HKLM\...\{D850BEF5-67AF-4071-9538-FA9AC725D62C}) (Version: 13.0 - HP)
ON_OFF Charge B10.0422.2 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
Open Text HostExplorer 14 x64 (HKLM\...\{73BB3FB7-5BD1-4CF0-93B0-78B2113099A5}) (Version: 14.0.0 - Open Text Corporation)
Oryte_Games_1.13 Toolbar (HKLM-x32\...\Oryte_Games_1.13 Toolbar) (Version:  - )
ProductContext (x32 Version: 50.0.165.000 - Hewlett-Packard) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.27.920.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5998 - Realtek Semiconductor Corp.)
Reason 5.0 (HKLM-x32\...\Reason5_is1) (Version: 5.0 - Propellerhead Software AB)
ReCycle 2.1.2 (HKLM-x32\...\ReCycle_is1) (Version: 2.1.2 - Propellerhead Software AB)
Revo Uninstaller 1.94 (HKLM-x32\...\Revo Uninstaller) (Version: 1.94 - VS Revo Group)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.450.0 - SAMSUNG Electronics Co., Ltd.)
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
Secure Download Manager (HKLM-x32\...\{4A5667B2-5D13-46C2-85B5-9D46A6096F61}) (Version: 3.1.0 - Kivuto Solutions Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
Service Pack 3 for SQL Server 2008 (KB2546951) (64-bit) (HKLM\...\KB2546951) (Version: 10.3.5500.0 - Microsoft Corporation)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Smart 6 B9.1211.1 (HKLM-x32\...\{3B35725F-C623-4A1E-B5CC-99C0868679E3}) (Version: 1.00.0000 - GIGABYTE)
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Sophos Anti-Virus (HKLM-x32\...\{4320988A-7DE0-478D-A38B-CE9509BCE320}) (Version: 10.3.1 - Sophos Limited)
Sophos AutoUpdate (HKLM-x32\...\{15C418EB-7675-42be-B2B3-281952DA014D}) (Version: 2.9.0.344 - Sophos Limited)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Sql Server Customer Experience Improvement Program (Version: 10.3.5500.0 - Microsoft Corporation) Hidden
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
System Requirements Lab for Intel (HKLM-x32\...\{EFE3D683-903C-4B58-AB8F-C68C69F33758}) (Version: 4.5.3.0 - Husdawg, LLC)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
Ultra Defragmenter (HKLM-x32\...\UltraDefrag) (Version: 5.1.2 - UltraDefrag Development Team)
Update Manager B09.1008.1 (HKLM-x32\...\InstallShield_{4E25C468-7745-4051-8B37-4A2C6635BA8B}) (Version: 1.00.0000 - GIGABYTE)
Update Manager B09.1008.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM-x32\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
Vuze (HKLM-x32\...\8461-7759-5462-8226) (Version: 4.7 - Vuze Inc.)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinRAR 4.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
WinUtilities 10.55 Free Edition (HKLM-x32\...\{FC274982-5AAD-4C20-848D-4424A5043010}_is1) (Version:  - YL Computing, Inc)
WinZip 15.0 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240C0}) (Version: 15.0.9334 - WinZip Computing, S.L. )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points  =========================

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2014-11-25 15:40 - 00450892 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 www.123fporn.info
127.0.0.1 123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com

There are 1000 more lines.

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {04656160-8AC9-48DB-8CE0-9D0AD3A0BDB5} - System32\Tasks\{EED3D2B4-42AB-41D2-969D-549D91DACDEF} => pcalua.exe -a "C:\Users\The Eichins\Desktop\Adaware_Installer(1).exe" -d "C:\Users\The Eichins\Desktop"
Task: {04B1762D-7939-4F8F-9AAB-BA80BD7A34C1} - System32\Tasks\MemOptimizer-02BB2F56CB964deb8996194DE7EB5275 => C:\Program Files (x86)\WinUtilities\ToolMemoryOptimizer.exe [2013-01-04] (YL Software)
Task: {062D5CDA-2FD5-44F9-9F88-7C37A472C7B6} - System32\Tasks\{1FD85FFF-C340-49DF-85BD-B3B08881F6F1} => pcalua.exe -a "C:\Program Files (x86)\Vuze\uninstall.exe"
Task: {0C656AD3-8D05-42F1-B213-6F13A6CD9AC3} - System32\Tasks\Microsoft\Windows\SmartRecovery\SRCreate => Rundll32.exe CommCmd.dll,RunScript "%ProgramFiles%\GIGABYTE\Smart6\Recovery\SrCmdCLR.exe" -c 1
Task: {0EEE986C-5AF6-41A4-B8C2-4D1B25D33A68} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {12747889-6E9D-48EB-BFBB-8518DA7CD313} - System32\Tasks\{83FB147A-2308-43C0-8664-CC732DC8FAEB} => pcalua.exe -a "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe" -d "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller"
Task: {128CA789-E6E7-4E55-990D-B0B23105091B} - System32\Tasks\Microsoft\Windows\SmartRecovery\SRFilter => Rundll32.exe CommCmd.dll,RunScript "%ProgramFiles%\GIGABYTE\Smart6\Recovery\SRFilter.exe" /GBSMART6 -kdl
Task: {2320573B-F546-4C96-8DF7-ABE275F7D53F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {33F6906C-7902-4519-972E-D4EFA7F93AD9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-10] (Google Inc.)
Task: {3BE3A036-32F6-4963-916A-F1BAFE729132} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {47425B7A-1B43-44CC-93B1-D9C286EBE1E4} - System32\Tasks\{7B9F016D-85EB-4997-B5DF-1D65F3A0D054} => pcalua.exe -a C:\Users\Corey\Downloads\Vuze_Installer.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {4FD85854-603A-4957-97DD-8AACED989DC9} - System32\Tasks\{D81A65F6-CCDC-4E15-AC38-8860B6C73248} => Firefox.exe http://ui.skype.com/ui/0/5.1.0.112/en/abandoninstall?page=tsMain&amp;installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:notoffered;alreadyoffered
Task: {64CCE39D-D312-44E7-953C-0F4AA14B86C4} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {6EC71F78-B3CE-4982-92D3-EB803F96ECE7} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-09-01] (Lavasoft Limited                                                      )
Task: {72A4EB5B-9930-42EB-9CB4-474B720EA6A8} - System32\Tasks\{9DB3C0A2-20E5-47A7-AD6E-25608602A113} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {7583E9E6-E1FC-45BF-A9EE-23AC2278483F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3697172734-1336641488-1064551242-1004Core => C:\Users\Kyle\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-31] (Google Inc.)
Task: {9CCD8465-5C2D-472D-93E6-FDFC8979FA36} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3697172734-1336641488-1064551242-1004UA => C:\Users\Kyle\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-31] (Google Inc.)
Task: {B4DDAD59-E0D0-40D3-AA75-6064B44E356B} - System32\Tasks\{AE838406-17F6-4BD8-B7C3-68F6A2BB6D43} => pcalua.exe -a "C:\Program Files (x86)\CA\CA Internet Security Suite\caunst.exe"
Task: {D3ED74FB-1AF9-4379-B736-BF9A647DDD25} - System32\Tasks\{5BD4C2BD-3BAE-4108-8A9D-112683ED1D59} => pcalua.exe -a "C:\Users\The Eichins\Desktop\Adaware_Installer.exe" -d "C:\Users\The Eichins\Desktop"
Task: {D69D5B4B-1510-4D73-9C27-CA69B857BAEE} - System32\Tasks\{D63F31AB-26B8-4A5B-B438-0C6D47401DE9} => pcalua.exe -a C:\PROGRA~2\ORYTE_~1.13\UNWISE.EXE -c   /U C:\PROGRA~2\ORYTE_~1.13\INSTALL.LOG
Task: {E02B7751-83D3-4536-8CDF-4867F8E59159} - System32\Tasks\{15D44E60-933D-4B7D-83C4-82377D03CB87} => pcalua.exe -a "C:\Users\The Eichins\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6VGQ6JYU\motherboard_utility_onoffchargesetup[1].exe" -d "C:\Users\The Eichins\Desktop"
Task: {E1C918EE-D9F3-460B-9FF0-0DB39DA970DA} - System32\Tasks\elbyExecuteWithUAC => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ExecuteWithUAC.exe
Task: {E505A4C0-BE19-4EA0-B10C-4C548379B844} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {E8FB2169-7FB9-4044-A354-BCE91961197D} - System32\Tasks\{AD773398-74A4-4307-96EC-ABB1634F34FA} => pcalua.exe -a "C:\Users\The Eichins\Desktop\iss_en_32.exe" -d "C:\Users\The Eichins\Desktop"
Task: {F16F0A6F-0015-407B-9AED-244264ABB5DF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-09] (Adobe Systems Incorporated)
Task: {F2FDE677-6DF8-4175-B4EE-1168C8D9A97D} - System32\Tasks\{9A82CDDB-C806-4E76-BABF-146680455E99} => pcalua.exe -a "C:\Users\The Eichins\Desktop\motherboard_utility_onoffchargesetup.exe" -d "C:\Users\The Eichins\Desktop"
Task: {F8C91BE4-ABC3-4848-9D3B-CB0C86E08965} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-12-19] (Piriform Ltd)
Task: {F9120D3A-AA1D-4F47-A9D9-22E1B55AB866} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {FDEE2D19-1C3C-4F0D-AF81-69D9BF5044E7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-10] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3697172734-1336641488-1064551242-1004Core.job => C:\Users\Kyle\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3697172734-1336641488-1064551242-1004UA.job => C:\Users\Kyle\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\MemOptimizer-02BB2F56CB964deb8996194DE7EB5275.job => C:\Program Files (x86)\WinUtilities\ToolMemoryOptimizer.exe

==================== Loaded Modules (whitelisted) =============

2010-06-12 10:59 - 2009-06-17 15:13 - 00068136 _____ () C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:23 - 2010-10-20 14:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2011-12-21 13:18 - 2011-05-28 22:05 - 00164864 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2012-12-17 17:14 - 2012-12-17 17:14 - 00954848 _____ () C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll
2011-08-31 19:13 - 2011-08-31 19:13 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-06-12 10:59 - 2009-05-04 16:56 - 00102400 _____ () C:\Program Files (x86)\GIGABYTE\EnergySaver2\ycc.dll
2014-11-23 14:12 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-11-23 14:12 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-11-23 14:12 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-11-23 14:12 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-11-23 14:12 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:A8ADE5D8
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2
AlternateDataStreams: C:\Users\Kyle\.DS_Store:AFP_AfpInfo

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Lavasoft Ad-Aware Service => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAVService => ""="service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: ISUSScheduler => "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start

========================= Accounts: ==========================

Administrator (S-1-5-21-3697172734-1336641488-1064551242-500 - Administrator - Disabled)
Cara (S-1-5-21-3697172734-1336641488-1064551242-1006 - Administrator - Enabled) => C:\Users\Cara
Corey (S-1-5-21-3697172734-1336641488-1064551242-1005 - Administrator - Enabled) => C:\Users\Corey
Donna (S-1-5-21-3697172734-1336641488-1064551242-1003 - Administrator - Enabled) => C:\Users\Donna
Guest (S-1-5-21-3697172734-1336641488-1064551242-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3697172734-1336641488-1064551242-1002 - Limited - Enabled)
Kyle (S-1-5-21-3697172734-1336641488-1064551242-1004 - Administrator - Enabled) => C:\Users\Kyle
SophosSAUDESKTOP0 (S-1-5-21-3697172734-1336641488-1064551242-1016 - Limited - Enabled)
The Eichins (S-1-5-21-3697172734-1336641488-1064551242-1000 - Administrator - Enabled) => C:\Users\The Eichins

==================== Faulty Device Manager Devices =============

Name: LogMeIn Kernel Information Provider
Description: LogMeIn Kernel Information Provider
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: LMIInfo
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Officejet Pro 8500 A909g
Description: Officejet Pro 8500 A909g
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Officejet 6500 E710n-z
Description: Officejet 6500 E710n-z
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (12/29/2014 02:12:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: swi_update_64.exe, version: 3.2.203.0, time stamp: 0x51420f20
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000374
Fault offset: 0x00000000000c4102
Faulting process id: 0xf7d0
Faulting application start time: 0xswi_update_64.exe0
Faulting application path: swi_update_64.exe1
Faulting module path: swi_update_64.exe2
Report Id: swi_update_64.exe3

Error: (12/29/2014 01:12:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: swi_update_64.exe, version: 3.2.203.0, time stamp: 0x51420f20
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000374
Fault offset: 0x00000000000c4102
Faulting process id: 0xef20
Faulting application start time: 0xswi_update_64.exe0
Faulting application path: swi_update_64.exe1
Faulting module path: swi_update_64.exe2
Report Id: swi_update_64.exe3

Error: (12/29/2014 00:12:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: swi_update_64.exe, version: 3.2.203.0, time stamp: 0x51420f20
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000374
Fault offset: 0x00000000000c4102
Faulting process id: 0xe7c4
Faulting application start time: 0xswi_update_64.exe0
Faulting application path: swi_update_64.exe1
Faulting module path: swi_update_64.exe2
Report Id: swi_update_64.exe3

Error: (12/29/2014 11:12:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: swi_update_64.exe, version: 3.2.203.0, time stamp: 0x51420f20
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000374
Fault offset: 0x00000000000c4102
Faulting process id: 0xd8ec
Faulting application start time: 0xswi_update_64.exe0
Faulting application path: swi_update_64.exe1
Faulting module path: swi_update_64.exe2
Report Id: swi_update_64.exe3

Error: (12/29/2014 10:11:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: swi_update_64.exe, version: 3.2.203.0, time stamp: 0x51420f20
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000374
Fault offset: 0x00000000000c4102
Faulting process id: 0xd764
Faulting application start time: 0xswi_update_64.exe0
Faulting application path: swi_update_64.exe1
Faulting module path: swi_update_64.exe2
Report Id: swi_update_64.exe3

Error: (12/29/2014 09:11:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: swi_update_64.exe, version: 3.2.203.0, time stamp: 0x51420f20
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000374
Fault offset: 0x00000000000c4102
Faulting process id: 0xcf9c
Faulting application start time: 0xswi_update_64.exe0
Faulting application path: swi_update_64.exe1
Faulting module path: swi_update_64.exe2
Report Id: swi_update_64.exe3

Error: (12/29/2014 08:11:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: swi_update_64.exe, version: 3.2.203.0, time stamp: 0x51420f20
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000374
Fault offset: 0x00000000000c4102
Faulting process id: 0xc0c8
Faulting application start time: 0xswi_update_64.exe0
Faulting application path: swi_update_64.exe1
Faulting module path: swi_update_64.exe2
Report Id: swi_update_64.exe3

Error: (12/29/2014 07:11:53 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: swi_update_64.exe, version: 3.2.203.0, time stamp: 0x51420f20
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000374
Fault offset: 0x00000000000c4102
Faulting process id: 0xbd00
Faulting application start time: 0xswi_update_64.exe0
Faulting application path: swi_update_64.exe1
Faulting module path: swi_update_64.exe2
Report Id: swi_update_64.exe3

Error: (12/29/2014 06:11:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: swi_update_64.exe, version: 3.2.203.0, time stamp: 0x51420f20
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000374
Fault offset: 0x00000000000c4102
Faulting process id: 0xb23c
Faulting application start time: 0xswi_update_64.exe0
Faulting application path: swi_update_64.exe1
Faulting module path: swi_update_64.exe2
Report Id: swi_update_64.exe3

Error: (12/29/2014 05:11:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: swi_update_64.exe, version: 3.2.203.0, time stamp: 0x51420f20
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000374
Fault offset: 0x00000000000c4102
Faulting process id: 0xade8
Faulting application start time: 0xswi_update_64.exe0
Faulting application path: swi_update_64.exe1
Faulting module path: swi_update_64.exe2
Report Id: swi_update_64.exe3

System errors:
=============
Error: (12/29/2014 02:24:14 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (12/29/2014 02:23:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
%%1053

Error: (12/29/2014 02:23:54 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.

Error: (12/29/2014 02:23:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error:
%%3

Error: (12/29/2014 02:21:19 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (12/29/2014 02:21:14 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Spybot-S&D 2 Scanner Service service, but this action failed with the following error:
%%1056

Error: (12/29/2014 02:20:40 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056

Error: (12/29/2014 02:20:25 PM) (Source: SAVOnAccess) (EventID: 85) (User: )
Description: File [...\Device\HarddiskVolume2\Windows\SysWOW64\stdole2.tlb]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process SAVAdminServic, (start check timestamp [ 1d0239c7f6b54ad]).

Error: (12/29/2014 02:20:25 PM) (Source: SAVOnAccess) (EventID: 85) (User: )
Description: File [...\Device\HarddiskVolume2\Windows\SysWOW64\stdole2.tlb]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process SAVAdminServic, (start check timestamp [ 1d0239c7f61cf2c]).

Error: (12/29/2014 02:20:25 PM) (Source: SAVOnAccess) (EventID: 85) (User: )
Description: File [...ram Files (x86)\Sophos\Sophos Anti-Virus\ComponentManager.dll]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process SAVAdminServic, (start check timestamp [ 1d0239c7f51258a]).

Microsoft Office Sessions:
=========================
Error: (12/29/2014 02:12:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: swi_update_64.exe3.2.203.051420f20ntdll.dll6.1.7601.18247521eaf24c000037400000000000c4102f7d001d0239b5732ad92C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_update_64.exeC:\Windows\SYSTEM32\ntdll.dll95cd420e-8f8e-11e4-ba82-6cf04970ba46

Error: (12/29/2014 01:12:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: swi_update_64.exe3.2.203.051420f20ntdll.dll6.1.7601.18247521eaf24c000037400000000000c4102ef2001d02392f34b007cC:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_update_64.exeC:\Windows\SYSTEM32\ntdll.dll31aa1291-8f86-11e4-ba82-6cf04970ba46

Error: (12/29/2014 00:12:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: swi_update_64.exe3.2.203.051420f20ntdll.dll6.1.7601.18247521eaf24c000037400000000000c4102e7c401d0238a9050bb3aC:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_update_64.exeC:\Windows\SYSTEM32\ntdll.dllceb952d0-8f7d-11e4-ba82-6cf04970ba46

Error: (12/29/2014 11:12:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: swi_update_64.exe3.2.203.051420f20ntdll.dll6.1.7601.18247521eaf24c000037400000000000c4102d8ec01d023822d5675f8C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_update_64.exeC:\Windows\SYSTEM32\ntdll.dll6bbf0d8e-8f75-11e4-ba82-6cf04970ba46

Error: (12/29/2014 10:11:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: swi_update_64.exe3.2.203.051420f20ntdll.dll6.1.7601.18247521eaf24c000037400000000000c4102d76401d02379ca65b637C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_update_64.exeC:\Windows\SYSTEM32\ntdll.dll08c98b0c-8f6d-11e4-ba82-6cf04970ba46

Error: (12/29/2014 09:11:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: swi_update_64.exe3.2.203.051420f20ntdll.dll6.1.7601.18247521eaf24c000037400000000000c4102cf9c01d0237167729515C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_update_64.exeC:\Windows\SYSTEM32\ntdll.dlla5d669ea-8f64-11e4-ba82-6cf04970ba46

Error: (12/29/2014 08:11:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: swi_update_64.exe3.2.203.051420f20ntdll.dll6.1.7601.18247521eaf24c000037400000000000c4102c0c801d023690475ee72C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_update_64.exeC:\Windows\SYSTEM32\ntdll.dll42e348c9-8f5c-11e4-ba82-6cf04970ba46

Error: (12/29/2014 07:11:53 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: swi_update_64.exe3.2.203.051420f20ntdll.dll6.1.7601.18247521eaf24c000037400000000000c4102bd0001d02360a182cd51C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_update_64.exeC:\Windows\SYSTEM32\ntdll.dlldfe90387-8f53-11e4-ba82-6cf04970ba46

Error: (12/29/2014 06:11:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: swi_update_64.exe3.2.203.051420f20ntdll.dll6.1.7601.18247521eaf24c000037400000000000c4102b23c01d023583e8ae96fC:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_update_64.exeC:\Windows\SYSTEM32\ntdll.dll7cf5e265-8f4b-11e4-ba82-6cf04970ba46

Error: (12/29/2014 05:11:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: swi_update_64.exe3.2.203.051420f20ntdll.dll6.1.7601.18247521eaf24c000037400000000000c4102ade801d0234fdb9eec6eC:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_update_64.exeC:\Windows\SYSTEM32\ntdll.dll1a005fe3-8f43-11e4-ba82-6cf04970ba46

CodeIntegrity Errors:
===================================
  Date: 2011-12-04 17:45:03.461
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CTAFX64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2011-12-04 17:38:51.922
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CTAFX64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2011-11-30 21:04:00.816
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CTAFX64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2011-11-30 21:03:29.744
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CTAFX64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2011-11-27 20:55:27.552
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CTAFX64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2011-11-27 20:54:34.843
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CTAFX64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2011-11-27 19:15:40.261
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CTAFX64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2011-11-27 19:09:40.977
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CTAFX64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2011-11-27 19:08:40.977
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CTAFX64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2011-11-27 19:07:18.837
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CTAFX64.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core™ i3 CPU 530 @ 2.93GHz
Percentage of memory in use: 57%
Total physical RAM: 1847.49 MB
Available physical RAM: 792.38 MB
Total Pagefile: 3694.98 MB
Available Pagefile: 2024.79 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:631.68 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: DF5A58BF)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#4 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:03:07 AM

Posted 29 December 2014 - 04:54 PM

OK thanks for the logs, so now we will use FRST to delete some items:

 

1)  Open notepad. Please copy/paste the contents of the code box below into the open notepad and save it to your desktop as fixlist.txt

URLSearchHook: HKLM-x32 - (No Name) - {ea6905c1-afe7-44a8-b5cf-5a41c3fdf685} - No File
URLSearchHook: HKU\S-1-5-21-3697172734-1336641488-1064551242-1006 - (No Name) - {ea6905c1-afe7-44a8-b5cf-5a41c3fdf685} - No File
URLSearchHook: HKU\S-1-5-21-3697172734-1336641488-1064551242-1006 - (No Name) - {e5a1e26f-0d1d-4307-868f-fbd9a374ab54} - No File
URLSearchHook: HKU\S-1-5-21-3697172734-1336641488-1064551242-1006 - (No Name) - {c54049e9-0f7e-4cff-a837-667940fd1fbf} - No File
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKU\S-1-5-21-3697172734-1336641488-1064551242-1006 -> No Name - {C54049E9-0F7E-4CFF-A837-667940FD1FBF} -  No File

2) Run FRST.exe/FRST64.exe like before except this time press the Fix button once and wait.

    If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run

    When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply.

 

Looks like you have two antivirus installed, Sophos Anti-Virus and Lavasoft Ad-Watch Live! Anti-Virus. Only need one active AV per machine. Unless you use one as a on demand scanner and both arent active/running at the same time then thats ok. Having two running is a drag on system resources and one should be uninstalled via the add/remove programs panel. Two isnt better than one with antivirus.

 

You can also get another download which will target adware similair to Adwcleaner:

 

Please download Junkware Removal Tool to your desktop.
 
     http://thisisudax.org/downloads/JRT.exe

    Double click the icon or Right click for Vista/W7,8 and select Run as administrator
    The tool will open and start scanning.
    Please be patient as this can take a while to complete.
    On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    Post the contents of JRT.txt into your next message

 


How Can I Reduce My Risk to Malware?


#5 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:03:07 AM

Posted 04 January 2015 - 10:06 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

How Can I Reduce My Risk to Malware?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users