Solved Spy Alert

[John Gilbert]

Spy Alert appears to be malware. No idea where it came from, and have not been able to remove it. Running windows 8, now running very slow, with multiple popup adds. Also seems to be affecting Excel

 

[Broni]

Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

 

[John Gilbert]

Thanks - ran a full Scan this morning using Windows Defender (ran it a week ago also),took a little over 3 hours. Now will download MBAM and proceed with bullet points 1-11

 

[John Gilbert]

Ran MBAM: Spy Alert is now gone from the menu bar. Tried to download and run DDS, but got the message "DDS is not meant to run in compatibility mode. This program will now exit".
Report follows: Oops - report "too long to be processed. Please shorten it". Cut the middle out
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.03.12.10

Windows 8 x64 NTFS
Internet Explorer 11.0.9600.16518
John :: JOHNSCOMPUTER [administrator]

Protection: Enabled

3/12/2014 1:02:22 PM
mbam-log-2014-03-12 (13-02-22).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 313665
Time elapsed: 9 minute(s), 50 second(s)

Memory Processes Detected: 4
C:\ProgramData\RHelpers\ChromeHelper\ChromeHelper.exe (PUP.Optional.SearchDonkey.A) -> 4748 -> Delete on reboot.
C:\ProgramData\RHelpers\FirefoxHelper\FirefoxHelper.exe (PUP.Optional.SearchDonkey.A) -> 4488 -> Delete on reboot.
C:\ProgramData\RHelpers\IeHelper\IeHelper.exe (PUP.Optional.SearchDonkey.A) -> 4952 -> Delete on reboot.
C:\ProgramData\Updater\updater.exe (Trojan.Agent) -> 5020 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 18
HKLM\SYSTEM\CurrentControlSet\Services\CltMngSvc (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457} (PUP.Optional.SearchToolbar) -> Quarantined and deleted successfully.
HKCR\SearchToolbarLib.CSearchToolbarImpl.1 (PUP.Optional.SearchToolbar) -> Quarantined and deleted successfully.
HKCR\SearchToolbarLib.CSearchToolbarImpl (PUP.Optional.SearchToolbar) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457} (PUP.Optional.SearchToolbar) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D425283-D487-4337-BAB6-AB8354A81457} (PUP.Optional.SearchToolbar) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D425283-D487-4337-BAB6-AB8354A81457} (PUP.Optional.SearchToolbar) -> Quarantined and deleted successfully.
HKCR\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6} (PUP.Optional.DynConIE.A) -> Quarantined and deleted successfully.
HKCR\Typelib\{F126C9FC-9299-40F2-BD42-C59023AD1E7F} (PUP.Optional.GetNow.A) -> Quarantined and deleted successfully.
HKCR\Interface\{237FDFDB-3722-470E-8BA8-90196DABE967} (PUP.Optional.GetNow.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47a3-BD87-1E41684E07BB} (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
HKCU\Software\AppDataLow\Software\PriceGong (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
HKCU\Software\Conduit\FF (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
HKCU\Software\Conduit\ValueApps (PUP.Optional.ValueApps.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Linksicle (PUP.Optional.Linksicle.A) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\LSNFD (PUP.Optional.Linksicle) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VisualBee for Microsoft PowerPoint (PUP.Optional.Visualbee) -> Quarantined and deleted successfully.

Registry Values Detected: 7
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{9D425283-D487-4337-BAB6-AB8354A81457} (PUP.Optional.SearchToolbar) -> Data: ƒRB‡Ô7Cº¶«ƒT¨W -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{9D425283-D487-4337-BAB6-AB8354A81457} (PUP.Optional.SearchToolbar) -> Data: Search Toolbar -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{9D425283-D487-4337-BAB6-AB8354A81457} (PUP.Optional.SearchToolbar) -> Data: -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{9D425283-D487-4337-BAB6-AB8354A81457} (PUP.Optional.SearchToolbar) -> Data: -> Quarantined and deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Updater (Trojan.Agent) -> Data: C:\ProgramData\Updater\updater.exe -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Updater (Trojan.Agent) -> Data: C:\ProgramData\Updater\Updater.exe -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\lsnfd|ImagePath (PUP.Optional.Linksicle) -> Data: system32\drivers\lsnfd.sys -> Quarantined and deleted successfully.

Registry Data Items Detected: 2
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs (PUP.Optional.Conduit.A) -> Bad: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll) Good: () -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.Conduit.A) -> Bad: (http://search.conduit.com/?ctid=ct3...=SP436F0080-782F-47F5-8A01-29C952F56258&SSPV=) Good: (http://www.google.com) -> Quarantined and repaired successfully.

Folders Detected: 1053
C:\Program Files (x86)\SEARCHPROTECT (PUP.Optional.SearchProtect.A) -> Delete on reboot.
C:\Program Files (x86)\SEARCHPROTECT\Main (PUP.Optional.SearchProtect.A) -> Delete on reboot.

PDEDNNCAFHEN\10.26.400.4_0\tb\lib\JQUERY.ALERTS\jquery.alerts.js (PUP.Optional.MixiDJ.A) -> Quarantined and deleted successfully.
C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\FDKEDNNGFJMPNLJKOLBAPDEDNNCAFHEN\10.26.400.4_0\tb\lib\JQUERY.ALERTS\images\help.gif (PUP.Optional.MixiDJ.A) -> Quarantined and deleted successfully.
C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\FDKEDNNGFJMPNLJKOLBAPDEDNNCAFHEN\10.26.400.4_0\tb\lib\JQUERY.ALERTS\images\important.gif (PUP.Optional.MixiDJ.A) -> Quarantined and deleted successfully.
C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\FDKEDNNGFJMPNLJKOLBAPDEDNNCAFHEN\10.26.400.4_0\tb\lib\JQUERY.ALERTS\images\info.gif (PUP.Optional.MixiDJ.A) -> Quarantined and deleted successfully.
C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\FDKEDNNGFJMPNLJKOLBAPDEDNNCAFHEN\10.26.400.4_0\tb\lib\JQUERY.ALERTS\images\title.gif (PUP.Optional.MixiDJ.A) -> Quarantined and deleted successfully.
C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\FDKEDNNGFJMPNLJKOLBAPDEDNNCAFHEN\10.26.400.4_0\tb\lib\JQUERY.JSCROLLPANE\jquery.jscrollpane.css (PUP.Optional.MixiDJ.A) -> Quarantined and deleted successfully.
C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\FDKEDNNGFJMPNLJKOLBAPDEDNNCAFHEN\10.26.400.4_0\tb\lib\JQUERY.JSCROLLPANE\jquery.jscrollpane.min.js (PUP.Optional.MixiDJ.A) -> Quarantined and deleted successfully.
C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\FDKEDNNGFJMPNLJKOLBAPDEDNNCAFHEN\10.26.400.4_0\tb\sl\serviceLayer.js (PUP.Optional.MixiDJ.A) -> Quarantined and deleted successfully.
C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\FDKEDNNGFJMPNLJKOLBAPDEDNNCAFHEN\10.26.400.4_0\_locales\en\messages.json (PUP.Optional.MixiDJ.A) -> Quarantined and deleted successfully.

(end)

 

[Broni]

DDS won't run under Windows 8.1.
I didn't know what exact Windows version you're using.

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on adwcleaner.exe to run the tool.
• Click on Scan button.
• When the scan has finished click on Clean button.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the contents of that logfile with your next reply.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.

 

[John Gilbert]

Downloaded and ran AdwCleaner & Junkware Removal Tool - files attached. Will download Farber Recovery Scan Tool next

 

[Broni]

Please observe forum rules.
All logs have to be PASTED not attached.

 

[John Gilbert]

Sorry - missed that, but pasting makes the post undeliverable because of length.
Here are the FRST.txt & Addiution.txt logs
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by John (administrator) on JOHNSCOMPUTER on 13-03-2014 16:56:54
Running from C:\Users\John\Downloads
Windows 8.1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: https://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html
Download link for 64-Bit Version: https://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST:

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Binary Fortress Software) d:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe
(Microsoft Corporation) C:\WINDOWS\system32\dashost.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Lexmark International, Inc.) C:\Windows\system32\spool\DRIVERS\x64\3\lxebserv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Microsoft Corporation) C:\WINDOWS\system32\mqsvc.exe
(NETGEAR) D:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files (x86)\View-Password-soft\ViewPassword_wd.exe
() C:\Program Files (x86)\Lexmark Pro200-S500 Series\ezprint.exe
() C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
( ) C:\WINDOWS\SysWOW64\lxebcoms.exe
(Binary Fortress Software) D:\Program Files (x86)\DisplayFusion\DisplayFusion.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Binary Fortress Software) D:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6032.exe
(Safer Networking Limited) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
() D:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe
(Binary Fortress Software) D:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6064.exe
(TomTom) D:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
(CyberLink Corp.) D:\Program Files (x86)\CyberLink\Power2Go\Power2Go\Power2GoExpress.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe
() D:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe
(Microsoft Corporation) C:\WINDOWS\splwow64.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
(BillP Studios) D:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
(Apple Inc.) D:\Program Files (x86)\iTunes\iTunesHelper.exe
(Seagate LLC) D:\Program Files (x86)\FreeAgent Status\stxmenumgr.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(CyberLink) D:\Program Files (x86)\CyberLink\Power2Go\Power2Go\CLMLSvc.exe
(Apple Inc.) D:\Program Files (x86)\iPod\bin\iPodService.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
(Microsoft Corporation) C:\Windows\System32\skydrive.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) c:\windows\system32\inetsrv\w3wp.exe
() C:\Program Files (x86)\View-Password-soft\ViewPassword157.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe\LiveComm.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [EzPrint] - C:\Program Files (x86)\Lexmark Pro200-S500 Series\ezprint.exe [150264 2013-01-23] ()
HKLM\...\Run: [lxebmon.exe] - C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe [772712 2013-01-23] ()
HKLM\...\Run: [CmPCIaudio] - C:\Windows\Syswow64\CMICNFG3.dll [8151040 2009-10-22] (C-Media Corporation)
HKLM\...\Run: [itype] - C:\Program Files\Microsoft IntelliType Pro\itype.exe [2342800 2009-06-01] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [BYR_AGENT] - C:\ProgramData\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe [396416 2012-09-13] (LG Electronics)
HKLM-x32\...\Run: [WinampAgent] - C:\Program Files (x86)\Winamp\winampa.exe [74752 2011-10-26] (Nullsoft, Inc.)
HKLM-x32\...\Run: [WinPatrol] - D:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [320832 2009-10-10] (BillP Studios)
HKLM-x32\...\Run: [iTunesHelper] - D:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [MaxMenuMgr] - D:\Program Files (x86)\FreeAgent Status\StxMenuMgr.exe [185640 2009-05-01] (Seagate LLC)
HKLM-x32\...\Run: [ArcSoft Connection Service] - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [CLMLServer] - D:\Program Files (x86)\CyberLink\Power2Go\Power2Go\CLMLSvc.exe [107816 2010-08-20] (CyberLink)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] - rmdir /s /q "\SearchProtect"
HKU\S-1-5-21-121211220-2923198933-675527051-1001\...\Run: [DisplayFusion] - d:\Program Files (x86)\DisplayFusion\DisplayFusion.exe [7952224 2013-11-27] (Binary Fortress Software)
HKU\S-1-5-21-121211220-2923198933-675527051-1001\...\Run: [GarminExpressTrayApp] - C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1095000 2013-12-30] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-121211220-2923198933-675527051-1001\...\Run: [SpybotSD TeaTimer] - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2144088 2009-01-26] (Safer Networking Limited)
HKU\S-1-5-21-121211220-2923198933-675527051-1001\...\Run: [NETGEARGenie] - D:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [1044224 2013-04-07] ()
HKU\S-1-5-21-121211220-2923198933-675527051-1001\...\Run: [TomTomHOME.exe] - D:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [247728 2011-04-22] (TomTom)
HKU\S-1-5-21-121211220-2923198933-675527051-1001\...\Run: [Power2GoExpress] - D:\Program Files (x86)\CyberLink\Power2Go\Power2Go\Power2GoExpress.exe [2639144 2010-10-27] (CyberLink Corp.)
AppInit_DLLs: C:\PROGRA~2\Optimizer => C:\PROGRA~2\Optimizer File Not Found
AppInit_DLLs-x32: c:\progra~2\optimizer => "c:\progra~2\optimizer" File Not Found
Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yahoo! Widgets.lnk
ShortcutTarget: Yahoo! Widgets.lnk -> C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.)
SSODL: EldosMountNotificator - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\Windows\system32\SSCbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\Windows\SysWOW64\SSCbFsMntNtf3.dll (EldoS Corporation)

==================== Internet (Whitelisted) ====================

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:13828
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
Quarantine.exe
C:\Users\John\AppData\Local\Temp\RegClean6.exe
C:\Users\John\AppData\Local\Temp\sqlite3.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-02 10:13

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by John at 2014-03-13 16:57:47
Running from C:\Users\John\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
ABBYY FineReader 6.0 Sprint (HKLM-x32\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.2146.41621 - ABBYY Software House)
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.0.0.0 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 2.0.0 - Adobe Systems Incorporated) Hidden
Address Book (HKLM-x32\...\ST6UNST #1) (Version: - )
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Amazon Kindle For PC (HKCU\...\Amazon Kindle For PC) (Version: - Amazon)
AMD Accelerated Video Transcoding (Version: 2.00.0001 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.898.1 - Advanced Micro Devices Inc.) Hidden
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.70214.2220 - Advanced Micro Devices, Inc.) Hidden
AnswerWorks 5.0 English Runtime (HKLM-x32\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}) (Version: 5.0.7 - Vantage Software Technologies)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft Magic-I Visual Effects 2 (HKLM-x32\...\{41B44041-D45D-41EB-A1EF-A12BB5C6996B}) (Version: 2.0.11.116 - ArcSoft)
ArcSoft ShowBiz (HKLM-x32\...\{E92E462A-700D-4949-B24B-789AEDDA3B88}) (Version: 3.5.0.64 - ArcSoft)
ArcSoft WebCam Companion 3 (HKLM-x32\...\{FFEFD86B-5D4F-4A2D-8D4E-ECD7D9AD925E}) (Version: 3.0.41.373 - ArcSoft)
BetterInvesting Portfolio Manager 5 (Demo) (HKLM-x32\...\{48F8D07F-83A8-46BE-BCD1-8D5578495CD5}) (Version: 5.0.0000 - QUANT IX Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center (x32 Version: 2012.0214.2218.39913 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0214.2218.39913 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.0214.2218.39913 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0214.2218.39913 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.0214.2217.39913 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.0214.2217.39913 - Advanced Micro Devices, Inc.) Hidden

Error: (03/13/2014 04:30:56 PM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <4, 0x80070002, Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects>.

Error: (03/13/2014 04:29:53 PM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <4, 0x80070002, Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects>.


System errors:
=============
Error: (03/13/2014 04:57:56 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 156 time(s).

Error: (03/13/2014 04:57:56 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated with the following error:
%%2

Error: (03/13/2014 04:56:56 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 155 time(s).

Error: (03/13/2014 04:56:56 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated with the following error:
%%2

Error: (03/13/2014 04:56:21 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 154 time(s).

Error: (03/13/2014 04:56:21 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated with the following error:
%%2

Error: (03/13/2014 04:55:37 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 153 time(s).

Error: (03/13/2014 04:55:37 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated with the following error:
%%2

Error: (03/13/2014 04:55:32 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 152 time(s).

Error: (03/13/2014 04:55:32 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated with the following error:
%%2


Microsoft Office Sessions:
=========================
Error: (03/13/2014 04:35:54 PM) (Source: Windows Search Service)(User: )
Description: 40x80070002Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects

Error: (03/13/2014 04:34:52 PM) (Source: Windows Search Service)(User: )
Description: 40x80070002Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects

Error: (03/13/2014 04:33:54 PM) (Source: Windows Search Service)(User: )
Description: 40x80070002Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects

Error: (03/13/2014 04:32:53 PM) (Source: Windows Search Service)(User: )
Description: 40x80070002Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects

Error: (03/13/2014 04:32:46 PM) (Source: Windows Search Service)(User: )
Description: 40x80070002Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects

Error: (03/13/2014 04:32:09 PM) (Source: Windows Search Service)(User: )
Description: 40x80070002Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects

Error: (03/13/2014 04:31:52 PM) (Source: Windows Search Service)(User: )
Description: 40x80070002Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects

Error: (03/13/2014 04:31:27 PM) (Source: Windows Search Service)(User: )
Description: 40x80070002Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects

Error: (03/13/2014 04:30:56 PM) (Source: Windows Search Service)(User: )
Description: 40x80070002Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects

Error: (03/13/2014 04:29:53 PM) (Source: Windows Search Service)(User: )
Description: 40x80070002Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects


CodeIntegrity Errors:
===================================
Date: 2014-03-13 16:10:53.882
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-03-13 16:10:53.851
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-03-13 14:31:34.316
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-03-13 14:31:34.265
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-03-12 12:39:43.559
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-03-12 12:39:43.534
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-03-12 12:39:43.505
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-03-12 12:39:43.479
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-03-12 12:39:43.452
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-03-12 12:39:43.428
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Percentage of memory in use: 32%
Total physical RAM: 8191.11 MB
Available physical RAM: 5549.53 MB
Total Pagefile: 17405.11 MB
Available Pagefile: 13915.91 MB
Total Virtual: 131072 MB
Available Virtual: 131071.77 MB

==================== Drives ================================

Drive c: (C Drive) (Fixed) (Total:596.16 GB) (Free:495.33 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (New Volume) (Fixed) (Total:931.51 GB) (Free:898.79 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: A3A2A3A2)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 932 GB) (Disk ID: A3F4A3F4)

Partition: GPT Partition Type.

========================================================
Disk: 3 (Size: 1863 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================

 

[Broni]

I still need you to paste two previous logs.
Split them into couple of replies if they don't fit into one (as explained in our preliminaries).

 

[John Gilbert]

OK, but it will take many more than a couple:
# AdwCleaner v3.021 - Report created 13/03/2014 at 15:02:09
# Updated 10/03/2014 by Xplode
# Operating System : Windows 8.1 (64 bits)
# Username : John - JOHNSCOMPUTER
# Running from : C:\Users\John\Downloads\adwcleaner(1).exe
# Option : Clean

***** [ Services ] *****

Service Deleted : 70e6ca8c
[#] Service Deleted : BackupStack
Service Deleted : pcsuservice
Service Deleted : SProtection

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\ProgramData\Systweak
Folder Deleted : C:\ProgramData\VisualBee
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro v3.2
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\pc speed up
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
Folder Deleted : C:\Program Files (x86)\Advanced System Protector
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\FunWebProducts
Folder Deleted : C:\Program Files (x86)\Iminent
Folder Deleted : C:\Program Files (x86)\IminentToolbar
Folder Deleted : C:\Program Files (x86)\MyPC Backup
Folder Deleted : C:\Program Files (x86)\Mysearchdial
Folder Deleted : C:\Program Files (x86)\Optimizer Pro
Folder Deleted : C:\Program Files (x86)\pc speed up
Folder Deleted : C:\Program Files (x86)\PCFixSpeed
Folder Deleted : C:\Program Files (x86)\RegClean Pro
Folder Deleted : C:\Program Files (x86)\Search Toolbar
Folder Deleted : C:\Program Files (x86)\hdtotal1.2
Folder Deleted : C:\Program Files (x86)\Common Files\Software Update Utility
Folder Deleted : C:\Program Files (x86)\Common Files\Umbrella
Folder Deleted : C:\WINDOWS\SysWOW64\SearchProtect
[!] Folder Deleted : C:\Users\John\Inbox
Folder Deleted : C:\Users\John\AppData\Local\Conduit
Folder Deleted : C:\Users\John\AppData\Local\emaze
Folder Deleted : C:\Users\John\AppData\Local\Linkury
Folder Deleted : C:\Users\John\AppData\Local\NativeMessaging
Folder Deleted : C:\Users\John\AppData\Local\SearchProtect
Folder Deleted : C:\Users\John\AppData\Local\Temp\Iminent
Folder Deleted : C:\Users\John\AppData\Local\Temp\TempDir
Folder Deleted : C:\Users\John\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\John\AppData\LocalLow\IminentToolbar
Folder Deleted : C:\Users\John\AppData\LocalLow\myfreezetoolbar
Folder Deleted : C:\Users\John\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\John\AppData\Roaming\IminentToolbar
Folder Deleted : C:\Users\John\AppData\Roaming\Mysearchdial
Folder Deleted : C:\Users\John\AppData\Roaming\Optimizer Pro
Folder Deleted : C:\Users\John\AppData\Roaming\pccustubinstaller
Folder Deleted : C:\Users\John\AppData\Roaming\Systweak
Folder Deleted : C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
Folder Deleted : C:\Users\John\Documents\Optimizer Pro
Folder Deleted : C:\Users\John\Documents\PCSpeedUp
Folder Deleted : C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\egihcegngbfhhhnfjfamognnonckdklg
Folder Deleted : C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpkgnchjblgnciiopegmabnakdoapgkj
[!] Folder Deleted : C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpkgnchjblgnciiopegmabnakdoapgkj
[!] Folder Deleted : C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpkgnchjblgnciiopegmabnakdoapgkj
[!] Folder Deleted : C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpkgnchjblgnciiopegmabnakdoapgkj
[!] Folder Deleted : C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpkgnchjblgnciiopegmabnakdoapgkj
[!] Folder Deleted : C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpkgnchjblgnciiopegmabnakdoapgkj
[!] Folder Deleted : C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpkgnchjblgnciiopegmabnakdoapgkj
[!] Folder Deleted : C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpkgnchjblgnciiopegmabnakdoapgkj
[!] Folder Deleted : C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpkgnchjblgnciiopegmabnakdoapgkj
[!] Folder Deleted : C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpkgnchjblgnciiopegmabnakdoapgkj
[!] Folder Deleted : C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpkgnchjblgnciiopegmabnakdoapgkj
[!] Folder Deleted : C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpkgnchjblgnciiopegmabnakdoapgkj
[!] Folder Deleted : C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpkgnchjblgnciiopegmabnakdoapgkj
[!] Folder Deleted : C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpkgnchjblgnciiopegmabnakdoapgkj
[!] Folder Deleted : C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpkgnchjblgnciiopegmabnakdoapgkj
File Deleted : C:\END
File Deleted : C:\Users\Public\Desktop\Advanced System Protector.lnk
File Deleted : C:\Users\Public\Desktop\RegClean Pro.lnk
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk
File Deleted : C:\WINDOWS\System32\roboot64.exe
File Deleted : C:\Users\John\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Users\John\Desktop\MyPC Backup.lnk
File Deleted : C:\Users\John\Desktop\Optimizer Pro.lnk
File Deleted : C:\Users\John\Desktop\PC Speed Up.lnk
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.xpt
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.xpt
File Deleted : C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\lkh98i4d.default-1393020949885\searchplugins\iminent.xml
File Deleted : C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\lkh98i4d.default-1393020949885\searchplugins\Mysearchdial.xml
File Deleted : C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\lkh98i4d.default-1393020949885\user.js
File Deleted : C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pflphaooapbgpeakohlggbpidpppgdff_0.localstorage
File Deleted : C:\WINDOWS\System32\Tasks\Advanced System Protector_startup
File Deleted : C:\WINDOWS\System32\Tasks\BackgroundContainer Startup Task
File Deleted : C:\WINDOWS\Tasks\MySearchDial.job
File Deleted : C:\WINDOWS\System32\Tasks\MySearchDial
File Deleted : C:\WINDOWS\Tasks\PC SpeedUp Service Deactivator.job
File Deleted : C:\WINDOWS\System32\Tasks\PC SpeedUp Service Deactivator
File Deleted : C:\WINDOWS\System32\Tasks\RegClean Pro
File Deleted : C:\WINDOWS\Tasks\RegClean Pro_DEFAULT.job
File Deleted : C:\WINDOWS\System32\Tasks\RegClean Pro_DEFAULT
File Deleted : C:\WINDOWS\Tasks\RegClean Pro_UPDATES.job
File Deleted : C:\WINDOWS\System32\Tasks\RegClean Pro_UPDATES
File Deleted : C:\WINDOWS\Tasks\hdtotal1.2-chromeinstaller.job
File Deleted : C:\WINDOWS\System32\Tasks\hdtotal1.2-chromeinstaller
File Deleted : C:\WINDOWS\Tasks\hdtotal1.2-codedownloader.job
File Deleted : C:\WINDOWS\System32\Tasks\hdtotal1.2-codedownloader
File Deleted : C:\WINDOWS\Tasks\hdtotal1.2-enabler.job
File Deleted : C:\WINDOWS\System32\Tasks\hdtotal1.2-enabler
File Deleted : C:\WINDOWS\Tasks\hdtotal1.2-firefoxinstaller.job
File Deleted : C:\WINDOWS\System32\Tasks\hdtotal1.2-firefoxinstaller
File Deleted : C:\WINDOWS\Tasks\hdtotal1.2-updater.job
File Deleted : C:\WINDOWS\System32\Tasks\hdtotal1.2-updater

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Google\Chrome\Extensions\fdkednngfjmpnljkolbapdednncafhen
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\fdkednngfjmpnljkolbapdednncafhen
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl
Key Deleted : HKCU\Software\Google\Chrome\Extensions\jpkgnchjblgnciiopegmabnakdoapgkj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jpkgnchjblgnciiopegmabnakdoapgkj
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\conduit.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduitapps.com
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BHO.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Iminent.WebBooster.InternetExplorer.DLL
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.iminentESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.iminentESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\I
Key Deleted : HKLM\SOFTWARE\Classes\Iminent
Key Deleted : HKLM\SOFTWARE\Classes\iminent.iminentappCore
Key Deleted : HKLM\SOFTWARE\Classes\iminent.iminentappCore.1
Key Deleted : HKLM\SOFTWARE\Classes\iminent.iminentdskBnd
Key Deleted : HKLM\SOFTWARE\Classes\iminent.iminentdskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\iminent.iminentHlpr
Key Deleted : HKLM\SOFTWARE\Classes\iminent.iminentHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject.1
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender.1
Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialappCore
Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialappCore.1
Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialdskBnd
Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialdskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialHlpr
Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialHlpr.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0052922.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0052922.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0052922.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0052922.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3287811
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3298566
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{8E9F2D02-6B06-4EBA-92C2-68438EADED28}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0BD6F992-62AD-47F7-ACA6-299729BE4E2B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{112BA211-334C-4A90-90EC-2AD1CDAB287C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1FAFD711-ABF9-4F6A-8130-5166C7371427}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3004627E-F8E9-4E8B-909D-316753CBA923}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4C836512-BB70-11D2-A5A7-00105A9C91C6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4ED063C9-4A0B-4B44-A9DC-23AFF424A0D3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99E71BF1-5F51-4AF9-830B-67015D59640D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9FD0C1D9-180B-4834-B80B-4B7325AF90E1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A2CC3C46-143B-4142-9D5A-B8543F0A6F55}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B89F5C49-51DB-4974-AB5A-E25901AA339C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C26CD490-5F01-41E3-B150-EB29F19DA056}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C358B3D0-B911-41E3-A276-E7D43A6BA56D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DB797690-40E0-11D2-9BD5-0060082AE372}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E9B5B0D2-D08A-49FC-8B5C-159B60BAA268}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511291122}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522292222}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555295522}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566296622}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{5563BEFE-3B03-43B1-8041-64A9745DAA56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8E9F2D02-6B06-4EBA-92C2-68438EADED28}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB797681-40E0-11D2-9BD5-0060082AE372}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544294422}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{112BA211-334C-4A90-90EC-2AD1CDAB287C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C26CD490-5F01-41E3-B150-EB29F19DA056}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511291122}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0BD6F992-62AD-47F7-ACA6-299729BE4E2B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{112BA211-334C-4A90-90EC-2AD1CDAB287C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1FAFD711-ABF9-4F6A-8130-5166C7371427}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C26CD490-5F01-41E3-B150-EB29F19DA056}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110511291122}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{112BA211-334C-4A90-90EC-2AD1CDAB287C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1FAFD711-ABF9-4F6A-8130-5166C7371427}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C26CD490-5F01-41E3-B150-EB29F19DA056}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{208D4124-3895-4974-B293-A159BD306078}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{219046AE-358F-4CF1-B1FD-2B4DE83642A8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{006f3bfe-89c0-4634-ac5a-4a09fb6f2d15}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{750f4bce-a4e0-49c7-98c5-788182cf0ef6}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{1FAFD711-ABF9-4F6A-8130-5166C7371427}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{3004627E-F8E9-4E8B-909D-316753CBA923}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{84FF7BD6-B47F-46F8-9130-01B2696B36CB}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511291122}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522292222}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555295522}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566296622}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511291122}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{006f3bfe-89c0-4634-ac5a-4a09fb6f2d15}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{750f4bce-a4e0-49c7-98c5-788182cf0ef6}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Iminent
Key Deleted : HKCU\Software\IminentToolbar
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\installedbrowserextensions
Key Deleted : HKCU\Software\mysearchdial
Key Deleted : HKCU\Software\mysearchdial.com
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\visualbee
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\DynConIE
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\hdtotal1.2
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\Software\IminentToolbar
Key Deleted : HKLM\Software\InstallCore
Key Deleted : HKLM\Software\installedbrowserextensions
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\Speedchecker Limited
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\Software\Umbrella
Key Deleted : HKLM\Software\Uniblue
Key Deleted : HKLM\Software\visualbee
Key Deleted : HKLM\Software\hdtotal1.2
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mysearchdial
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegClean Pro_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\hdtotal1.2
Key Deleted : [x64] HKLM\SOFTWARE\Iminent
Key Deleted : [x64] HKLM\SOFTWARE\installedbrowserextensions
Key Deleted : [x64] HKLM\SOFTWARE\Speedchecker Limited
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - pro\optprocrash.dll
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - Pro\OptProCrash_x64.dll

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16518

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v16.0.2 (en-US)

[ File : C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\lkh98i4d.default-1393020949885\prefs.js ]

Line Deleted : user_pref("browser.startup.homepage", "hxxp://start.mysearchdial.com/?f=1&a=ir_14_11_ch&cd=2XzuyEtN2Y1L1QzutDtDtC0DyCtDtAtA0DtDtAtDyDyDzz0FtN0D0Tzu0SzztDtAtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1[...]
Line Deleted : user_pref("extensions.crossrider.bic", "144bcf5dc6d9bf68c75aa34a98e42567");
Line Deleted : user_pref("extensions.iminent.admin", false);
Line Deleted : user_pref("extensions.iminent.aflt", "orgnl");
Line Deleted : user_pref("extensions.iminent.appId", "{0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}");
Line Deleted : user_pref("extensions.iminent.autoRvrt", "false");
Line Deleted : user_pref("extensions.iminent.dfltLng", "");
Line Deleted : user_pref("extensions.iminent.excTlbr", false);
Line Deleted : user_pref("extensions.iminent.ffxUnstlRst", false);
Line Deleted : user_pref("extensions.iminent.id", "2c93558f0000000000000015af28d689");
Line Deleted : user_pref("extensions.iminent.instlDay", "16142");
Line Deleted : user_pref("extensions.iminent.instlRef", "");
Line Deleted : user_pref("extensions.iminent.newTab", false);
Line Deleted : user_pref("extensions.iminent.prdct", "iminent");
Line Deleted : user_pref("extensions.iminent.prtnrId", "iminent");
Line Deleted : user_pref("extensions.iminent.rvrt", "false");
Line Deleted : user_pref("extensions.iminent.smplGrp", "none");
Line Deleted : user_pref("extensions.iminent.tlbrId", "YBCPCSTIPO");
Line Deleted : user_pref("extensions.iminent.tlbrSrchUrl", "hxxp://start.iminent.com/?ref=toolbarm#q=");
Line Deleted : user_pref("extensions.iminent.vrsn", "1.8.28.3");
Line Deleted : user_pref("extensions.iminent.vrsnTs", "1.8.28.313:59:30");
Line Deleted : user_pref("extensions.iminent.vrsni", "1.8.28.3");
Line Deleted : user_pref("extensions.mysearchdial.AL", 2);
Line Deleted : user_pref("extensions.mysearchdial.aflt", "ir_14_11_ch");
Line Deleted : user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
Line Deleted : user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1QzutDtDtC0DyCtDtAtA0DtDtAtDyDyDzz0FtN0D0Tzu0SzztDtAtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StBtByByByE0AtAtDtGtCtDtA0[...]
Line Deleted : user_pref("extensions.mysearchdial.cr", "95967964");
Line Deleted : user_pref("extensions.mysearchdial.dfltLng", "");
Line Deleted : user_pref("extensions.mysearchdial.dfltSrch", true);
Line Deleted : user_pref("extensions.mysearchdial.dnsErr", true);
Line Deleted : user_pref("extensions.mysearchdial.excTlbr", false);
Line Deleted : user_pref("extensions.mysearchdial.hmpg", true);
Line Deleted : user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=ir_14_11_ch&cd=2XzuyEtN2Y1L1QzutDtDtC0DyCtDtAtA0DtDtAtDyDyDzz0FtN0D0Tzu0SzztDtAtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtD[...]
Line Deleted : user_pref("extensions.mysearchdial.id", "001D6033D030558F");
Line Deleted : user_pref("extensions.mysearchdial.instlDay", "16142");
Line Deleted : user_pref("extensions.mysearchdial.instlRef", "140305_a");
Line Deleted : user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=ir_14_11_ch&cd=2XzuyEtN2Y1L1QzutDtDtC0DyCtDtAtA0DtDtAtDyDyDzz0FtN0D0Tzu0SzztDtAtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyE[...]
Line Deleted : user_pref("extensions.mysearchdial.prdct", "mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.tlbrId", "base");
Line Deleted : user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=ir_14_11_ch&cd=2XzuyEtN2Y1L1QzutDtDtC0DyCtDtAtA0DtDtAtDyDyDzz0FtN0D0Tzu0SzztDtAtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutC[...]
Line Deleted : user_pref("extensions.mysearchdial.vrsn", "1.8.29.0");
Line Deleted : user_pref("extensions.mysearchdial.vrsni", "1.8.29.0");
Line Deleted : user_pref("extensions.mysearchdial_i.newTab", false);
Line Deleted : user_pref("extensions.mysearchdial_i.smplGrp", "none");
Line Deleted : user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.29.014:27:59");
Line Deleted : user_pref("iminent.LayoutId", "1");
Line Deleted : user_pref("iminent.adapters", "{\"iminent\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":1,\"expireTime\":\"13947396351791814400\"},\"mysearchdial\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Statu[...]
Line Deleted : user_pref("iminent.enabledAds", "false");
Line Deleted : user_pref("iminent.externalScripts", "{\"value\":[{\"addonUid\":\"10bb6277-6b2b-413e-8d82-ad9398543254\",\"name\":\"Dealply\",\"addonId\":1,\"url\":\"//I.iminentjs.info/imitin/javascript.js\",\"queryS[...]
Line Deleted : user_pref("iminent.newtabredirect", "true");
Line Deleted : user_pref("iminent.nomsi", "true");
Line Deleted : user_pref("iminent.registerToolbarEvent102", "1394739673717");
Line Deleted : user_pref("iminent.searchindex", "1");
Line Deleted : user_pref("iminent.trackingInfo", "{\"state\":0,\"samplingRate\":0}");
Line Deleted : user_pref("iminent.version", "8.10.2.1");
Line Deleted : user_pref("iminent.versioning", "{\"CurrentVersion\":\"8.10.2.1\",\"InstallEventCTime\":1394740561939,\"InstallEvent\":\"True\"}");

-\\ Google Chrome v33.0.1750.146

[ File : C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage
Deleted : search_url
Deleted : suggest_url
Deleted : keyword

*************************

AdwCleaner[R0].txt - [36581 octets] - [13/03/2014 15:01:49]
AdwCleaner[S0].txt - [31420 octets] - [13/03/2014 15:02:09]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [31481 octets] ##########

 

[John Gilbert]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 8.1 x64
Ran by John on Thu 03/13/2014 at 16:22:45.95
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{FA2A874E-CAB9-402A-8780-32171659E361}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\John\appdata\local\cre"
Failed to delete: [Folder] "C:\Program Files (x86)\coupons"
Successfully deleted: [Empty Folder] C:\Users\John\appdata\local\{1D3F2F8F-285A-44C6-A7CE-1FD3314C1DBE}
Successfully deleted: [Empty Folder] C:\Users\John\appdata\local\{321E13B9-3FE5-4B25-9917-44067ACCCC96}
Successfully deleted: [Empty Folder] C:\Users\John\appdata\local\{431E23F8-2947-4EA4-AB9D-F967C4BC92F9}
Successfully deleted: [Empty Folder] C:\Users\John\appdata\local\{451570B5-C430-46C7-8ED3-AEA7B8955C62}
Successfully deleted: [Empty Folder] C:\Users\John\appdata\local\{4BA26E71-A0C0-4374-9DCA-937D0D85C2A2}
Successfully deleted: [Empty Folder] C:\Users\John\appdata\local\{544D1C42-307C-412E-8A7C-5967EF4DC66C}
Successfully deleted: [Empty Folder] C:\Users\John\appdata\local\{5C0738C8-A84E-4EDF-AA38-D9EEDFE379E8}
Successfully deleted: [Empty Folder] C:\Users\John\appdata\local\{688E7D33-964F-4965-9692-1EA6D57FE9BF}
Successfully deleted: [Empty Folder] C:\Users\John\appdata\local\{6A2E276C-E08D-4504-BF00-BB0947E72413}
Successfully deleted: [Empty Folder] C:\Users\John\appdata\local\{77EF5CB4-6DA1-45CA-A74F-05CCFF12EF0F}
Successfully deleted: [Empty Folder] C:\Users\John\appdata\local\{8655303D-A2AE-4AF2-A8C0-D44EEACD19EA}
Successfully deleted: [Empty Folder] C:\Users\John\appdata\local\{874FFE92-EE23-424D-975E-3054F6FEDAFF}
Successfully deleted: [Empty Folder] C:\Users\John\appdata\local\{8ED26B59-8DA8-4475-984D-5086D9D4B155}
Successfully deleted: [Empty Folder] C:\Users\John\appdata\local\{95E2067F-1380-44C4-AC1B-CCC75A29F1C6}
Successfully deleted: [Empty Folder] C:\Users\John\appdata\local\{A4039551-6723-4C09-8051-4653FF068BCF}
Successfully deleted: [Empty Folder] C:\Users\John\appdata\local\{B372B50D-000A-4901-B6B1-02AAA2363F79}
Successfully deleted: [Empty Folder] C:\Users\John\appdata\local\{B4FFDE5B-3FE4-4666-A8AC-B7CBD3F2C5AE}
Successfully deleted: [Empty Folder] C:\Users\John\appdata\local\{C59FE4D8-95C6-4FD3-AFEB-C1DBD2E0AC0C}
Successfully deleted: [Empty Folder] C:\Users\John\appdata\local\{C812FEE1-FA81-4747-A6FE-B1B2124C1C4E}
Successfully deleted: [Empty Folder] C:\Users\John\appdata\local\{D08C68DB-9F7D-42F9-9F16-F3ABC4B87D52}
Successfully deleted: [Empty Folder] C:\Users\John\appdata\local\{D377779B-1266-4054-8C66-CBFA59C6AB68}
Successfully deleted: [Empty Folder] C:\Users\John\appdata\local\{D8318F4B-F6C0-4301-8170-01584EA81C7E}
Successfully deleted: [Empty Folder] C:\Users\John\appdata\local\{D91568A2-158F-4667-8784-7F47A9C867E1}
Successfully deleted: [Empty Folder] C:\Users\John\appdata\local\{DAE92C05-7742-4C0E-8CEA-3C03F77293CC}
Successfully deleted: [Empty Folder] C:\Users\John\appdata\local\{E2F035F6-2B4E-4399-AD09-E992A9B131E8}
Successfully deleted: [Empty Folder] C:\Users\John\appdata\local\{E47BE690-24EF-4FD0-84F9-538F76FDE156}
Successfully deleted: [Empty Folder] C:\Users\John\appdata\local\{E4D7A185-B00D-4D41-A13D-2E4E949DEB95}
Successfully deleted: [Empty Folder] C:\Users\John\appdata\local\{E9DBB17B-EB2E-4706-A35D-954433A4C22A}
Successfully deleted: [Empty Folder] C:\Users\John\appdata\local\{F9E75ADC-7741-45DA-80F3-6DDB7D1B18C3}
Successfully deleted: [Empty Folder] C:\Users\John\appdata\local\{FF2D0A4E-6792-4146-BAD2-0735759D8D80}



~~~ FireFox

Emptied folder: C:\Users\John\AppData\Roaming\mozilla\firefox\profiles\lkh98i4d.default-1393020949885\minidumps [2 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 03/13/2014 at 16:27:36.32
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

[Broni]

Both FRST logs are incomplete.
Please post complete logs.

Also...

Are you required to use proxies?

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:13828

 

[John Gilbert]

Ran AdwCleaner, JRT & FRT again. Here are the logfiles:
AdwCleaner:
# AdwCleaner v3.022 - Report created 15/03/2014 at 11:39:50
# Updated 13/03/2014 by Xplode
# Operating System : Windows 8.1 (64 bits)
# Username : John - JOHNSCOMPUTER
# Running from : C:\Users\John\Downloads\adwcleaner (7).exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16518


-\\ Mozilla Firefox v16.0.2 (en-US)

[ File : C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\lkh98i4d.default-1393020949885\prefs.js ]


-\\ Google Chrome v33.0.1750.154

[ File : C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage
Deleted : search_url
Deleted : suggest_url
Deleted : keyword

*************************

AdwCleaner[R0].txt - [36581 octets] - [13/03/2014 15:01:49]
AdwCleaner[R1].txt - [1250 octets] - [15/03/2014 11:38:56]
AdwCleaner[R2].txt - [1250 octets] - [15/03/2014 11:38:56]
AdwCleaner[S0].txt - [31674 octets] - [13/03/2014 15:03:49]
AdwCleaner[S1].txt - [1083 octets] - [15/03/2014 11:39:50]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1143 octets] ##########

 

[John Gilbert]

JRT:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 8.1 x64
Ran by John on Sat 03/15/2014 at 11:51:33.38
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Failed to delete: [Folder] "C:\Program Files (x86)\coupons"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 03/15/2014 at 11:57:04.07
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

[John Gilbert]

FRST , Part 1
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by John (administrator) on JOHNSCOMPUTER on 15-03-2014 12:00:02
Running from C:\Users\John\Downloads
Windows 8.1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: https://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html
Download link for 64-Bit Version: https://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST:

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\WINDOWS\system32\dashost.exe
(Binary Fortress Software) d:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Lexmark International, Inc.) C:\Windows\system32\spool\DRIVERS\x64\3\lxebserv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Microsoft Corporation) C:\WINDOWS\system32\mqsvc.exe
(NETGEAR) D:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
() C:\Program Files (x86)\View-Password-soft\ViewPassword157.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files (x86)\View-Password-soft\ViewPassword_wd.exe
() C:\Program Files (x86)\Lexmark Pro200-S500 Series\ezprint.exe
() C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
( ) C:\WINDOWS\SysWOW64\lxebcoms.exe
(Binary Fortress Software) D:\Program Files (x86)\DisplayFusion\DisplayFusion.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Safer Networking Limited) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
() D:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe
(TomTom) D:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
(CyberLink Corp.) D:\Program Files (x86)\CyberLink\Power2Go\Power2Go\Power2GoExpress.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe
() D:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe
(Microsoft Corporation) C:\WINDOWS\splwow64.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
(BillP Studios) D:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
(Apple Inc.) D:\Program Files (x86)\iTunes\iTunesHelper.exe
(Seagate LLC) D:\Program Files (x86)\FreeAgent Status\stxmenumgr.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(CyberLink) D:\Program Files (x86)\CyberLink\Power2Go\Power2Go\CLMLSvc.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
(Apple Inc.) D:\Program Files (x86)\iPod\bin\iPodService.exe
(Binary Fortress Software) D:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6032.exe
(Binary Fortress Software) D:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6064.exe
(Microsoft Corporation) C:\Windows\System32\skydrive.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) c:\windows\system32\inetsrv\w3wp.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe\LiveComm.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\John\Downloads\FRST64 (1).exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [EzPrint] - C:\Program Files (x86)\Lexmark Pro200-S500 Series\ezprint.exe [150264 2013-01-23] ()
HKLM\...\Run: [lxebmon.exe] - C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe [772712 2013-01-23] ()
HKLM\...\Run: [CmPCIaudio] - C:\Windows\Syswow64\CMICNFG3.dll [8151040 2009-10-22] (C-Media Corporation)
HKLM\...\Run: [itype] - C:\Program Files\Microsoft IntelliType Pro\itype.exe [2342800 2009-06-01] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [BYR_AGENT] - C:\ProgramData\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe [396416 2012-09-13] (LG Electronics)
HKLM-x32\...\Run: [WinampAgent] - C:\Program Files (x86)\Winamp\winampa.exe [74752 2011-10-26] (Nullsoft, Inc.)
HKLM-x32\...\Run: [WinPatrol] - D:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [320832 2009-10-10] (BillP Studios)
HKLM-x32\...\Run: [iTunesHelper] - D:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [MaxMenuMgr] - D:\Program Files (x86)\FreeAgent Status\StxMenuMgr.exe [185640 2009-05-01] (Seagate LLC)
HKLM-x32\...\Run: [ArcSoft Connection Service] - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [CLMLServer] - D:\Program Files (x86)\CyberLink\Power2Go\Power2Go\CLMLSvc.exe [107816 2010-08-20] (CyberLink)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] - rmdir /s /q "\SearchProtect"
HKU\S-1-5-21-121211220-2923198933-675527051-1001\...\Run: [DisplayFusion] - d:\Program Files (x86)\DisplayFusion\DisplayFusion.exe [7952224 2013-11-27] (Binary Fortress Software)
HKU\S-1-5-21-121211220-2923198933-675527051-1001\...\Run: [GarminExpressTrayApp] - C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1095000 2013-12-30] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-121211220-2923198933-675527051-1001\...\Run: [SpybotSD TeaTimer] - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2144088 2009-01-26] (Safer Networking Limited)
HKU\S-1-5-21-121211220-2923198933-675527051-1001\...\Run: [NETGEARGenie] - D:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [1044224 2013-04-07] ()
HKU\S-1-5-21-121211220-2923198933-675527051-1001\...\Run: [TomTomHOME.exe] - D:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [247728 2011-04-22] (TomTom)
HKU\S-1-5-21-121211220-2923198933-675527051-1001\...\Run: [Power2GoExpress] - D:\Program Files (x86)\CyberLink\Power2Go\Power2Go\Power2GoExpress.exe [2639144 2010-10-27] (CyberLink Corp.)
AppInit_DLLs: C:\PROGRA~2\Optimizer => C:\PROGRA~2\Optimizer File Not Found
AppInit_DLLs-x32: c:\progra~2\optimizer => "c:\progra~2\optimizer" File Not Found
Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yahoo! Widgets.lnk
ShortcutTarget: Yahoo! Widgets.lnk -> C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.)
SSODL: EldosMountNotificator - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\Windows\system32\SSCbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\Windows\SysWOW64\SSCbFsMntNtf3.dll (EldoS Corporation)

==================== Internet (Whitelisted) ====================

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:13828
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC364417F1D97CB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.foxnews.com/
BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 9\DLLx64\SnagitBHO64.dll (TechSmith Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitBHO.dll (TechSmith Corporation)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: No Name - {CC3C8D60-29D6-4880-B9D8-443C4CBA2BEC} - No File
BHO-x32: Lexmark Printable Web - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
Toolbar: HKLM-x32 - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation)
Toolbar: HKCU - No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
Toolbar: HKCU - No Name - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - No File
DPF: HKLM-x32 {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
DPF: HKLM-x32 {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} http://www.ritzpix.com/net/Uploader/LPUploader57.cab
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\lkh98i4d.default-1393020949885
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @garmin.com/GpsControl - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @java.com/DTPlugin,version=10.7.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.7.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @garmin.com/GpsControl - C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll No File
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 - C:\Program Files (x86)\Mozilla Firefox\plugins\npyaxmpb.dll (Yahoo! Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeploytk.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npnul32.dll (mozilla.org)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npyaxmpb.dll (Yahoo! Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\John\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\answers.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\creativecommons.xml
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [2010-02-05]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2012-01-31]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2012-01-31]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2012-01-31]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2012-01-31]
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\
FF HKCU\...\Firefox\Extensions: [{58bf8d19-cd2b-47b3-b133-4041a825ec39}] - C:\Program Files (x86)\View-Password-soft\157.xpi
FF Extension: View Password - C:\Program Files (x86)\View-Password-soft\157.xpi [2014-03-13]
FF StartMenuInternet: FIREFOX.EXE - D:\Program Files (x86)\Mozilla Firefox\firefox.exe

Chrome:
=======
CHR HomePage: hxxp://search.conduit.com/?ctid=CT3322283&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP436F0080-782F-47F5-8A01-29C952F56258&SSPV=
CHR DefaultSearchKeyword: conduit.search
CHR DefaultSearchProvider: Conduit Search
CHR DefaultSearchURL: http://search.conduit.com/Results.a...-47F5-8A01-29C952F56258&q={searchTerms}&SSPV=
CHR DefaultNewTabURL:
CHR Extension: (Google Docs) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-22]
CHR Extension: (Google Drive) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-22]
CHR Extension: (YouTube) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-22]
CHR Extension: (Google Search) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-22]
CHR Extension: (hdtotal1.2) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\egihcegngbfhhhnfjfamognnonckdklg [2014-03-13]
CHR Extension: (Google Wallet) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Gmail) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-22]

==================== Services (Whitelisted) =================

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 DisplayFusionService; d:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [1375600 2013-11-27] (Binary Fortress Software)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [250712 2013-12-30] (Garmin Ltd or its subsidiaries)
R3 iPod Service; D:\Program Files (x86)\iPod\bin\iPodService.exe [641352 2013-11-02] (Apple Inc.)
R2 lxebCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxebserv.exe [45736 2010-04-14] (Lexmark International, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [234776 2012-09-05] (McAfee, Inc.)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [25600 2013-10-22] (Microsoft Corporation)
R2 NETGEARGenieDaemon; D:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [232192 2013-04-07] (NETGEAR)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-11-02] (Microsoft Corporation)
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 ViewPassword; C:\Program Files (x86)\View-Password-soft\ViewPassword157.exe [195072 2014-03-13] ()
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-10-22] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [546304 2013-10-22] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
S2 WinkHandler; C:\Program Files (x86)\Iminent\WinkHandler.exe [X]

==================== Drivers (Whitelisted) ====================

 

[John Gilbert]

FRST, part 2
==================== Drivers (Whitelisted) ====================

S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-12] (Windows (R) Win 7 DDK provider)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-09] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-10] (Microsoft Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [173568 2013-10-22] (Microsoft Corporation)
R3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
R2 NPF; C:\WINDOWS\system32\drivers\npf.sys [35344 2013-11-04] (CACE Technologies, Inc.)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-25] (Microsoft Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
S3 yukonw8; C:\Windows\system32\DRIVERS\yk63x64.sys [295216 2013-06-18] (Marvell)
U3 idsvc;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-15 12:00 - 2014-03-15 12:00 - 00024663 _____ () C:\Users\John\Downloads\FRST.txt
2014-03-15 11:59 - 2014-03-15 11:59 - 02157056 _____ (Farbar) C:\Users\John\Downloads\FRST64 (1).exe
2014-03-15 11:57 - 2014-03-15 11:57 - 00000684 _____ () C:\Users\John\Desktop\JRT.txt
2014-03-15 11:50 - 2014-03-15 11:51 - 01037734 _____ (Thisisu) C:\Users\John\Downloads\JRT (3).exe
2014-03-15 11:50 - 2014-03-15 11:51 - 01037734 _____ (Thisisu) C:\Users\John\Downloads\JRT (2).exe
2014-03-15 11:50 - 2014-03-15 11:50 - 01037734 _____ (Thisisu) C:\Users\John\Downloads\JRT (4).exe
2014-03-15 11:36 - 2014-03-15 11:36 - 01950720 _____ () C:\Users\John\Downloads\adwcleaner (7).exe
2014-03-13 16:57 - 2014-03-13 16:58 - 00067330 _____ () C:\Users\John\Downloads\Addition.txt
2014-03-13 16:56 - 2014-03-13 16:58 - 00000000 ____D () C:\FRST
2014-03-13 16:55 - 2014-03-13 16:55 - 02157056 _____ (Farbar) C:\Users\John\Downloads\FRST64.exe
2014-03-13 16:22 - 2014-03-13 16:22 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-03-13 16:21 - 2014-03-13 16:22 - 01037734 _____ (Thisisu) C:\Users\John\Downloads\JRT (1).exe
2014-03-13 16:14 - 2014-03-13 16:14 - 00921512 _____ (Oracle Corporation) C:\Users\John\Downloads\JavaSetup7u51 (1).exe
2014-03-13 16:13 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-03-13 16:13 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-03-13 16:13 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-03-13 16:11 - 2014-03-13 16:11 - 00000000 ____D () C:\Users\John\AppData\Roaming\Oracle
2014-03-13 15:57 - 2014-03-13 15:57 - 00005175 _____ () C:\WINDOWS\SysWOW64\jupdate-1.7.0_51-b13.log
2014-03-13 15:57 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-03-13 15:55 - 2014-03-13 15:55 - 00921512 _____ (Oracle Corporation) C:\Users\John\Downloads\JavaSetup7u51.exe
2014-03-13 15:54 - 2014-03-13 15:54 - 00300856 _____ (Appsinstaller) C:\Users\John\Downloads\Setup(7).exe
2014-03-13 15:41 - 2014-03-13 15:41 - 00107736 _____ () C:\Users\John\Downloads\Java(1).exe
2014-03-13 15:40 - 2014-03-13 15:40 - 00300856 _____ (Appsinstaller) C:\Users\John\Downloads\Setup(6).exe
2014-03-13 15:40 - 2014-03-13 15:40 - 00300856 _____ (Appsinstaller) C:\Users\John\Downloads\Setup(5).exe
2014-03-13 15:39 - 2014-03-13 15:39 - 00300856 _____ (Appsinstaller) C:\Users\John\Downloads\Setup(4).exe
2014-03-13 15:39 - 2014-03-13 15:39 - 00107744 _____ () C:\Users\John\Downloads\Java.exe
2014-03-13 15:38 - 2014-03-13 15:38 - 01037734 _____ (Thisisu) C:\Users\John\Downloads\JRT(1).exe
2014-03-13 15:36 - 2014-03-13 15:36 - 00300856 _____ (Appsinstaller) C:\Users\John\Downloads\Setup(3).exe
2014-03-13 15:34 - 2014-03-13 15:34 - 01037734 _____ (Thisisu) C:\Users\John\Downloads\JRT.exe
2014-03-13 15:00 - 2014-03-15 11:58 - 00000000 ____D () C:\AdwCleaner
2014-03-13 14:43 - 2014-03-13 14:43 - 01949184 _____ () C:\Users\John\Downloads\adwcleaner(1).exe
2014-03-13 14:43 - 2014-03-13 14:43 - 00294568 _____ (VLCPlayer) C:\Users\John\Downloads\HD_Player__CD5MTCD11541_w5pj99jhz260z3083438_0_0_0_0.exe
2014-03-13 14:35 - 2014-03-13 14:35 - 01949184 _____ () C:\Users\John\Downloads\adwcleaner (3).exe
2014-03-13 14:30 - 2014-03-13 14:30 - 01949184 _____ () C:\Users\John\Downloads\Unconfirmed 819906.crdownload
2014-03-13 14:30 - 2014-03-13 14:30 - 01949184 _____ () C:\Users\John\Downloads\Unconfirmed 43438.crdownload
2014-03-13 14:28 - 2014-03-13 14:28 - 00000044 _____ () C:\Users\John\AppData\Roaming\WB.CFG
2014-03-13 14:27 - 2014-03-13 14:27 - 01085542 _____ () C:\Users\John\Downloads\adwcleaner-3-012-es-en-br-fr-de-win.exe
2014-03-13 14:25 - 2014-03-13 14:25 - 00228640 _____ (Fusion Install ) C:\Users\John\Downloads\Player-Chrome.exe
2014-03-13 14:24 - 2014-03-13 14:26 - 00683008 _____ ( ) C:\Users\John\Downloads\adwcleaner-3-012-52716-en-setup.exe
2014-03-13 14:04 - 2014-03-13 14:04 - 00012366 _____ () C:\AdwCleaner[R1].txt
2014-03-13 14:00 - 2014-03-13 14:00 - 00581957 _____ () C:\Users\John\Downloads\adwcleaner-1.606-en.exe
2014-03-13 14:00 - 2012-07-25 12:03 - 00016896 _____ () C:\WINDOWS\system32\sasnative64.exe
2014-03-13 13:59 - 2014-03-13 13:59 - 00001992 _____ () C:\Users\John\Desktop\Sync Folder.lnk
2014-03-13 13:58 - 2014-03-15 11:48 - 00000434 _____ () C:\WINDOWS\Tasks\View Password Update.job
2014-03-13 13:58 - 2014-03-15 11:45 - 00000438 _____ () C:\WINDOWS\Tasks\View Password_wd.job
2014-03-13 13:58 - 2014-03-13 13:58 - 00003072 _____ () C:\WINDOWS\System32\Tasks\View Password Update
2014-03-13 13:58 - 2014-03-13 13:58 - 00003016 _____ () C:\WINDOWS\System32\Tasks\View Password_wd
2014-03-13 13:58 - 2014-03-13 13:58 - 00000000 ____D () C:\Program Files (x86)\View-Password-soft
2014-03-13 13:54 - 2014-03-13 13:55 - 00300264 _____ (Appsinstaller) C:\Users\John\Downloads\AdwCleaner.exe
2014-03-12 15:03 - 2014-03-12 15:03 - 00688992 _____ (Swearware) C:\Users\John\Downloads\dds (1).com
2014-03-12 15:01 - 2014-03-12 15:01 - 00688992 _____ (Swearware) C:\Users\John\Downloads\dds.com
2014-03-12 13:01 - 2014-03-12 13:01 - 00000000 ____D () C:\Users\John\AppData\Roaming\Malwarebytes
2014-03-12 13:00 - 2014-03-12 13:00 - 00001146 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-12 13:00 - 2014-03-12 13:00 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-12 13:00 - 2014-03-12 13:00 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-12 13:00 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-03-12 12:53 - 2014-03-12 12:53 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\John\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-28 14:26 - 2014-02-28 14:26 - 00001911 _____ () C:\Users\Public\Desktop\Garmin Express.lnk
2014-02-25 16:54 - 2014-02-25 16:54 - 00000000 ____D () C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JustCad 10.0
2014-02-25 16:52 - 2014-02-25 16:52 - 00253952 ____N (Microsoft Corporation) C:\WINDOWS\Setup1.exe
2014-02-25 16:52 - 2014-02-25 16:52 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\ST6UNST.EXE
2014-02-25 16:48 - 2014-02-25 16:48 - 02875392 _____ () C:\Users\John\Downloads\jc9setup.exe
2014-02-22 15:05 - 2014-02-17 16:00 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-02-22 15:05 - 2014-02-17 16:00 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-21 17:15 - 2014-02-21 17:15 - 00000000 ____D () C:\Users\John\Desktop\Old Firefox Data
2014-02-19 17:56 - 2014-02-19 17:56 - 00000000 ____D () C:\Users\John\AppData\Roaming\ MOTOROLA DIGITAL CORDLESS PHONE-MD7091 user guide
2014-02-18 16:45 - 2014-02-18 16:45 - 04721920 _____ (Piriform Ltd) C:\Users\John\Downloads\ccsetup410(1).exe
2014-02-18 16:45 - 2014-02-18 16:45 - 00002770 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2014-02-18 16:44 - 2014-02-18 16:45 - 04721920 _____ (Piriform Ltd) C:\Users\John\Downloads\ccsetup410.exe
2014-02-18 15:32 - 2014-02-18 15:32 - 00000000 ____D () C:\ProgramData\SpyAlert
2014-02-15 00:47 - 2013-12-08 19:34 - 01227264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2014-02-15 00:47 - 2013-12-08 19:04 - 00980480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2014-02-15 00:47 - 2013-11-27 10:34 - 03210528 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2014-02-15 00:47 - 2013-11-27 10:27 - 00809872 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2014-02-15 00:47 - 2013-11-27 09:00 - 00663680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2014-02-15 00:47 - 2013-11-27 08:47 - 02804528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2014-02-15 00:47 - 2013-11-27 07:02 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ipnat.sys
2014-02-15 00:47 - 2013-11-27 05:54 - 00461824 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll
2014-02-15 00:47 - 2013-11-27 05:24 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\system32\msieftp.dll
2014-02-15 00:47 - 2013-11-27 05:08 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsGdiConverter.dll
2014-02-15 00:47 - 2013-11-27 04:46 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msieftp.dll
2014-02-15 00:47 - 2013-11-27 04:41 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2014-02-15 00:47 - 2013-11-27 04:17 - 00263168 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2014-02-15 00:47 - 2013-11-27 04:10 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.dll
2014-02-15 00:47 - 2013-11-27 03:58 - 01503232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2014-02-15 00:47 - 2013-11-27 03:56 - 00218112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.dll
2014-02-15 00:47 - 2013-11-26 23:01 - 00385614 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-02-15 00:47 - 2013-11-26 08:22 - 01928144 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2014-02-15 00:47 - 2013-11-26 08:20 - 02131120 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2014-02-15 00:47 - 2013-11-26 08:20 - 01399176 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2014-02-15 00:47 - 2013-11-26 08:20 - 01374384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2014-02-15 00:47 - 2013-11-26 06:50 - 01371312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2014-02-15 00:47 - 2013-11-26 06:44 - 02142936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2014-02-15 00:47 - 2013-11-26 06:44 - 01204968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2014-02-15 00:47 - 2013-11-26 05:13 - 04191232 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-02-15 00:47 - 2013-11-26 04:21 - 18577920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-02-15 00:47 - 2013-11-26 03:28 - 13925888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-02-15 00:47 - 2013-11-24 20:45 - 00142680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2014-02-15 00:47 - 2013-11-24 20:32 - 01119064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2014-02-15 00:47 - 2013-11-24 18:30 - 00513536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2014-02-15 00:47 - 2013-11-24 18:28 - 00589824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2014-02-15 00:47 - 2013-11-23 07:47 - 00032088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ploptin.dll
2014-02-15 00:47 - 2013-11-23 06:49 - 21196664 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-02-15 00:47 - 2013-11-23 03:19 - 18642504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-02-15 00:47 - 2013-11-23 02:13 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\system32\bi.dll
2014-02-15 00:47 - 2013-11-23 02:13 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BtaMPM.sys
2014-02-15 00:47 - 2013-11-23 02:08 - 00403456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2014-02-15 00:47 - 2013-11-22 23:50 - 00282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2014-02-15 00:47 - 2013-11-22 22:57 - 00637952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2014-02-15 00:47 - 2013-11-22 22:48 - 00479744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2014-02-15 00:47 - 2013-11-22 22:25 - 00744448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2014-02-15 00:47 - 2013-11-22 22:25 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2014-02-15 00:47 - 2013-11-22 22:19 - 02617344 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-02-15 00:47 - 2013-11-22 22:15 - 02295808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-02-15 00:47 - 2013-11-21 01:58 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceregistration.dll
2014-02-15 00:47 - 2013-11-21 01:26 - 01415680 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-02-15 00:47 - 2013-11-16 00:11 - 00764856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2014-02-15 00:47 - 2013-11-15 13:19 - 00669344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2014-02-15 00:47 - 2013-11-15 09:59 - 00470016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2014-02-15 00:47 - 2013-11-15 09:25 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2014-02-15 00:47 - 2013-11-15 09:08 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2014-02-15 00:47 - 2013-11-15 08:24 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2014-02-15 00:47 - 2013-11-05 15:12 - 02551128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-02-15 00:47 - 2013-10-30 19:29 - 00745336 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2014-02-15 00:47 - 2013-10-30 18:41 - 00552624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2014-02-13 04:55 - 2013-12-08 19:19 - 00570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdrm.dll
2014-02-13 04:55 - 2013-12-08 18:55 - 00444928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdrm.dll
2014-02-13 04:54 - 2014-02-06 07:16 - 23170048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-02-13 04:54 - 2014-02-06 06:30 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-02-13 04:54 - 2014-02-06 06:30 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll
2014-02-13 04:54 - 2014-02-06 06:12 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-02-13 04:54 - 2014-02-06 06:07 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-02-13 04:54 - 2014-02-06 06:06 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2014-02-13 04:54 - 2014-02-06 05:57 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-02-13 04:54 - 2014-02-06 05:56 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-02-13 04:54 - 2014-02-06 05:49 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-02-13 04:54 - 2014-02-06 05:48 - 00708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-02-13 04:54 - 2014-02-06 05:48 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-02-13 04:54 - 2014-02-06 05:38 - 17103872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-02-13 04:54 - 2014-02-06 05:32 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-02-13 04:54 - 2014-02-06 05:20 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-02-13 04:54 - 2014-02-06 05:17 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-02-13 04:54 - 2014-02-06 05:11 - 05768704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-02-13 04:54 - 2014-02-06 05:01 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-02-13 04:54 - 2014-02-06 05:00 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2014-02-13 04:54 - 2014-02-06 04:57 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-02-13 04:54 - 2014-02-06 04:57 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-02-13 04:54 - 2014-02-06 04:52 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-02-13 04:54 - 2014-02-06 04:52 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-02-13 04:54 - 2014-02-06 04:50 - 02041856 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-02-13 04:54 - 2014-02-06 04:47 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2014-02-13 04:54 - 2014-02-06 04:46 - 00553472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-02-13 04:54 - 2014-02-06 04:25 - 04244480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-02-13 04:54 - 2014-02-06 04:25 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-02-13 04:54 - 2014-02-06 04:24 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-02-13 04:54 - 2014-02-06 04:22 - 13051392 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-02-13 04:54 - 2014-02-06 04:13 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-02-13 04:54 - 2014-02-06 04:09 - 01964032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-02-13 04:54 - 2014-02-06 04:03 - 11266048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-02-13 04:54 - 2014-02-06 03:55 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-02-13 04:54 - 2014-02-06 03:41 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-02-13 04:54 - 2014-02-06 03:40 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-02-13 04:54 - 2014-02-06 03:36 - 01156096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-02-13 04:54 - 2014-02-06 03:34 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-02-13 04:54 - 2014-01-07 00:00 - 02397184 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2014-02-13 04:54 - 2014-01-06 23:30 - 02071552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2014-02-13 04:54 - 2013-12-08 19:27 - 02152448 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2014-02-13 04:54 - 2013-12-08 18:54 - 01317376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2014-02-13 04:54 - 2013-11-21 01:42 - 04604416 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2014-02-13 04:54 - 2013-11-21 00:44 - 03936256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2014-02-13 04:53 - 2014-01-09 03:25 - 02804224 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2014-02-13 04:53 - 2014-01-09 02:59 - 01020928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2014-02-13 04:53 - 2014-01-09 02:59 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2014-02-13 04:53 - 2014-01-09 02:49 - 00919040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-02-13 04:53 - 2014-01-09 02:44 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2014-02-13 04:53 - 2014-01-09 02:43 - 00121344 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll
2014-02-13 04:53 - 2014-01-09 02:29 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SkyDriveShell.dll
2014-02-13 04:53 - 2014-01-09 02:28 - 04217344 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-02-13 04:53 - 2014-01-09 02:28 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2014-02-13 04:53 - 2014-01-09 02:18 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2014-02-13 04:53 - 2014-01-07 02:03 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaui.exe
2014-02-13 04:53 - 2014-01-07 00:59 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pcaui.exe
2014-02-13 04:53 - 2014-01-04 15:50 - 01462216 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2014-02-13 04:53 - 2014-01-04 14:22 - 01202888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2014-02-13 04:53 - 2014-01-04 09:30 - 13209088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-02-13 04:53 - 2014-01-04 09:23 - 11702272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-02-13 04:53 - 2014-01-04 08:42 - 01105408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2014-02-13 04:53 - 2014-01-04 08:40 - 07416832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2014-02-13 04:53 - 2014-01-04 08:36 - 00830976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2014-02-13 04:53 - 2014-01-04 08:28 - 04961792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2014-02-13 04:53 - 2013-12-20 21:10 - 00009701 _____ () C:\WINDOWS\SysWOW64\connectedsearch-results.searchconnector-ms
2014-02-13 04:53 - 2013-12-20 21:10 - 00009701 _____ () C:\WINDOWS\system32\connectedsearch-results.searchconnector-ms
2014-02-13 04:53 - 2013-12-20 05:10 - 01113040 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2014-02-13 04:53 - 2013-12-20 01:13 - 00835584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2014-02-13 04:53 - 2013-12-08 21:57 - 00548864 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-02-13 04:53 - 2013-12-08 20:51 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll

==================== One Month Modified Files and Folders =======

2014-03-15 12:00 - 2014-03-15 12:00 - 00024663 _____ () C:\Users\John\Downloads\FRST.txt
2014-03-15 12:00 - 2014-03-13 16:56 - 00000000 ____D () C:\FRST
2014-03-15 12:00 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-03-15 11:59 - 2014-03-15 11:59 - 02157056 _____ (Farbar) C:\Users\John\Downloads\FRST64 (1).exe
2014-03-15 11:58 - 2014-03-13 15:00 - 00000000 ____D () C:\AdwCleaner
2014-03-15 11:57 - 2014-03-15 11:57 - 00000684 _____ () C:\Users\John\Desktop\JRT.txt
2014-03-15 11:57 - 2013-10-13 22:00 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-121211220-2923198933-675527051-1001
2014-03-15 11:56 - 2013-10-21 23:05 - 01050290 _____ () C:\WINDOWS\WindowsUpdate.log
2014-03-15 11:56 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-03-15 11:51 - 2014-03-15 11:50 - 01037734 _____ (Thisisu) C:\Users\John\Downloads\JRT (3).exe
2014-03-15 11:51 - 2014-03-15 11:50 - 01037734 _____ (Thisisu) C:\Users\John\Downloads\JRT (2).exe
2014-03-15 11:50 - 2014-03-15 11:50 - 01037734 _____ (Thisisu) C:\Users\John\Downloads\JRT (4).exe
2014-03-15 11:48 - 2014-03-13 13:58 - 00000434 _____ () C:\WINDOWS\Tasks\View Password Update.job
2014-03-15 11:48 - 2013-09-29 23:04 - 00999374 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-03-15 11:47 - 2013-11-04 18:12 - 00003798 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{6EF00C26-F692-4F1C-9F30-76294C1911EA}
2014-03-15 11:46 - 2013-12-22 15:17 - 00002212 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-15 11:46 - 2013-10-22 08:14 - 00000000 __RDO () C:\Users\John\SkyDrive
2014-03-15 11:45 - 2014-03-13 13:58 - 00000438 _____ () C:\WINDOWS\Tasks\View Password_wd.job
2014-03-15 11:45 - 2013-12-02 13:48 - 00000456 _____ () C:\WINDOWS\Tasks\AVG-Secure-Search-Update_1013b_rmv.job
2014-03-15 11:45 - 2013-12-02 13:48 - 00000406 _____ () C:\WINDOWS\Tasks\AVG-Secure-Search-Update_1013b_rel.job
2014-03-15 11:45 - 2011-01-05 13:45 - 00008690 _____ () C:\ProgramData\lxeb.log
2014-03-15 11:45 - 2011-01-05 13:00 - 00115564 _____ () C:\ProgramData\lxebscan.log
2014-03-15 11:45 - 2010-02-09 10:35 - 00000890 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-15 11:41 - 2013-10-21 23:05 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-03-15 11:41 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-03-15 11:40 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-03-15 11:36 - 2014-03-15 11:36 - 01950720 _____ () C:\Users\John\Downloads\adwcleaner (7).exe
2014-03-15 11:35 - 2010-02-09 10:35 - 00000894 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-15 11:12 - 2012-04-05 12:12 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-03-15 11:03 - 2011-01-05 14:14 - 01288854 _____ () C:\ProgramData\lxebJSW.log
2014-03-15 11:03 - 2011-01-05 13:44 - 00000000 ____D () C:\ProgramData\Lx_cats
2014-03-13 16:58 - 2014-03-13 16:57 - 00067330 _____ () C:\Users\John\Downloads\Addition.txt
2014-03-13 16:55 - 2014-03-13 16:55 - 02157056 _____ (Farbar) C:\Users\John\Downloads\FRST64.exe
2014-03-13 16:22 - 2014-03-13 16:22 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-03-13 16:22 - 2014-03-13 16:21 - 01037734 _____ (Thisisu) C:\Users\John\Downloads\JRT (1).exe
2014-03-13 16:14 - 2014-03-13 16:14 - 00921512 _____ (Oracle Corporation) C:\Users\John\Downloads\JavaSetup7u51 (1).exe
2014-03-13 16:11 - 2014-03-13 16:11 - 00000000 ____D () C:\Users\John\AppData\Roaming\Oracle
2014-03-13 16:10 - 2013-11-21 15:09 - 00000000 ____D () C:\ProgramData\Oracle
2014-03-13 15:57 - 2014-03-13 15:57 - 00005175 _____ () C:\WINDOWS\SysWOW64\jupdate-1.7.0_51-b13.log
2014-03-13 15:57 - 2010-02-05 21:53 - 00000000 ____D () C:\Program Files (x86)\Java
2014-03-13 15:55 - 2014-03-13 15:55 - 00921512 _____ (Oracle Corporation) C:\Users\John\Downloads\JavaSetup7u51.exe
2014-03-13 15:54 - 2014-03-13 15:54 - 00300856 _____ (Appsinstaller) C:\Users\John\Downloads\Setup(7).exe
2014-03-13 15:41 - 2014-03-13 15:41 - 00107736 _____ () C:\Users\John\Downloads\Java(1).exe
2014-03-13 15:40 - 2014-03-13 15:40 - 00300856 _____ (Appsinstaller) C:\Users\John\Downloads\Setup(6).exe
2014-03-13 15:40 - 2014-03-13 15:40 - 00300856 _____ (Appsinstaller) C:\Users\John\Downloads\Setup(5).exe
2014-03-13 15:39 - 2014-03-13 15:39 - 00300856 _____ (Appsinstaller) C:\Users\John\Downloads\Setup(4).exe
2014-03-13 15:39 - 2014-03-13 15:39 - 00107744 _____ () C:\Users\John\Downloads\Java.exe
2014-03-13 15:38 - 2014-03-13 15:38 - 01037734 _____ (Thisisu) C:\Users\John\Downloads\JRT(1).exe
2014-03-13 15:36 - 2014-03-13 15:36 - 00300856 _____ (Appsinstaller) C:\Users\John\Downloads\Setup(3).exe
2014-03-13 15:34 - 2014-03-13 15:34 - 01037734 _____ (Thisisu) C:\Users\John\Downloads\JRT.exe
2014-03-13 15:07 - 2013-10-21 23:10 - 00000000 ____D () C:\Users\John
2014-03-13 15:07 - 2013-09-29 22:55 - 03725492 _____ () C:\WINDOWS\PFRO.log
2014-03-13 14:43 - 2014-03-13 14:43 - 01949184 _____ () C:\Users\John\Downloads\adwcleaner(1).exe
2014-03-13 14:43 - 2014-03-13 14:43 - 00294568 _____ (VLCPlayer) C:\Users\John\Downloads\HD_Player__CD5MTCD11541_w5pj99jhz260z3083438_0_0_0_0.exe
2014-03-13 14:35 - 2014-03-13 14:35 - 01949184 _____ () C:\Users\John\Downloads\adwcleaner (3).exe
2014-03-13 14:30 - 2014-03-13 14:30 - 01949184 _____ () C:\Users\John\Downloads\Unconfirmed 819906.crdownload
2014-03-13 14:30 - 2014-03-13 14:30 - 01949184 _____ () C:\Users\John\Downloads\Unconfirmed 43438.crdownload
2014-03-13 14:28 - 2014-03-13 14:28 - 00000044 _____ () C:\Users\John\AppData\Roaming\WB.CFG
2014-03-13 14:27 - 2014-03-13 14:27 - 01085542 _____ () C:\Users\John\Downloads\adwcleaner-3-012-es-en-br-fr-de-win.exe
2014-03-13 14:26 - 2014-03-13 14:24 - 00683008 _____ ( ) C:\Users\John\Downloads\adwcleaner-3-012-52716-en-setup.exe
2014-03-13 14:25 - 2014-03-13 14:25 - 00228640 _____ (Fusion Install ) C:\Users\John\Downloads\Player-Chrome.exe
2014-03-13 14:20 - 2010-01-07 22:39 - 00000000 ___RD () C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-13 14:04 - 2014-03-13 14:04 - 00012366 _____ () C:\AdwCleaner[R1].txt
2014-03-13 14:00 - 2014-03-13 14:00 - 00581957 _____ () C:\Users\John\Downloads\adwcleaner-1.606-en.exe
2014-03-13 13:59 - 2014-03-13 13:59 - 00001992 _____ () C:\Users\John\Desktop\Sync Folder.lnk
2014-03-13 13:58 - 2014-03-13 13:58 - 00003072 _____ () C:\WINDOWS\System32\Tasks\View Password Update
2014-03-13 13:58 - 2014-03-13 13:58 - 00003016 _____ () C:\WINDOWS\System32\Tasks\View Password_wd
2014-03-13 13:58 - 2014-03-13 13:58 - 00000000 ____D () C:\Program Files (x86)\View-Password-soft
2014-03-13 13:55 - 2014-03-13 13:54 - 00300264 _____ (Appsinstaller) C:\Users\John\Downloads\AdwCleaner.exe
2014-03-13 10:42 - 2010-03-07 14:08 - 00000000 ____D () C:\Users\John\AppData\Local\CrashDumps
2014-03-12 15:33 - 2010-01-07 22:46 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Games
2014-03-12 15:03 - 2014-03-12 15:03 - 00688992 _____ (Swearware) C:\Users\John\Downloads\dds (1).com
2014-03-12 15:01 - 2014-03-12 15:01 - 00688992 _____ (Swearware) C:\Users\John\Downloads\dds.com
2014-03-12 14:43 - 2013-10-19 17:00 - 00000000 ____D () C:\ProgramData\Updater
2014-03-12 13:01 - 2014-03-12 13:01 - 00000000 ____D () C:\Users\John\AppData\Roaming\Malwarebytes
2014-03-12 13:00 - 2014-03-12 13:00 - 00001146 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-12 13:00 - 2014-03-12 13:00 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-12 13:00 - 2014-03-12 13:00 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-12 12:53 - 2014-03-12 12:53 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\John\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-12 10:36 - 2013-10-13 21:52 - 00000000 ____D () C:\Users\John\AppData\Local\Packages
2014-03-11 13:12 - 2012-04-05 12:12 - 00003742 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-03-11 07:33 - 2010-04-03 12:39 - 00000000 ____D () C:\ProgramData\Apple
2014-03-11 07:32 - 2013-07-02 09:42 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-03-09 16:52 - 2011-09-06 11:28 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-28 14:26 - 2014-02-28 14:26 - 00001911 _____ () C:\Users\Public\Desktop\Garmin Express.lnk
2014-02-28 14:26 - 2013-06-10 10:51 - 00000000 ____D () C:\ProgramData\Garmin
2014-02-28 14:26 - 2013-06-10 10:50 - 00000000 ____D () C:\ProgramData\Package Cache
2014-02-28 14:25 - 2013-06-10 10:51 - 00000000 ____D () C:\Program Files (x86)\Garmin
2014-02-25 16:54 - 2014-02-25 16:54 - 00000000 ____D () C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JustCad 10.0
2014-02-25 16:52 - 2014-02-25 16:52 - 00253952 ____N (Microsoft Corporation) C:\WINDOWS\Setup1.exe
2014-02-25 16:52 - 2014-02-25 16:52 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\ST6UNST.EXE
2014-02-25 16:48 - 2014-02-25 16:48 - 02875392 _____ () C:\Users\John\Downloads\jc9setup.exe
2014-02-21 17:15 - 2014-02-21 17:15 - 00000000 ____D () C:\Users\John\Desktop\Old Firefox Data
2014-02-19 18:38 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-02-19 17:56 - 2014-02-19 17:56 - 00000000 ____D () C:\Users\John\AppData\Roaming\ MOTOROLA DIGITAL CORDLESS PHONE-MD7091 user guide
2014-02-18 16:45 - 2014-02-18 16:45 - 04721920 _____ (Piriform Ltd) C:\Users\John\Downloads\ccsetup410(1).exe
2014-02-18 16:45 - 2014-02-18 16:45 - 00002770 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2014-02-18 16:45 - 2014-02-18 16:44 - 04721920 _____ (Piriform Ltd) C:\Users\John\Downloads\ccsetup410.exe
2014-02-18 16:45 - 2012-03-17 16:46 - 00000841 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-02-18 16:45 - 2012-03-17 16:45 - 00000000 ____D () C:\Program Files\CCleaner
2014-02-18 15:32 - 2014-02-18 15:32 - 00000000 ____D () C:\ProgramData\SpyAlert
2014-02-18 13:43 - 2010-01-07 22:39 - 00000000 ___RD () C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-02-18 10:08 - 2013-08-22 09:44 - 00502944 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-02-18 10:06 - 2013-08-22 10:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-02-18 10:06 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-02-18 10:06 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2014-02-18 10:06 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\FileManager
2014-02-18 10:06 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\Camera
2014-02-18 10:06 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Dism
2014-02-18 10:06 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\Dism
2014-02-17 16:00 - 2014-02-22 15:05 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-02-17 16:00 - 2014-02-22 15:05 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-15 04:58 - 2009-07-13 21:34 - 00000513 _____ () C:\WINDOWS\win.ini
2014-02-15 04:57 - 2013-07-14 13:48 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-02-15 04:55 - 2010-01-09 19:20 - 88567024 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-02-13 21:29 - 2010-02-09 10:35 - 00003866 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-13 21:29 - 2010-02-09 10:35 - 00003630 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore

Files to move or delete:
====================
C:\Users\John\msgFilterRules.dat
C:\Users\John\popstate.dat


Some content of TEMP:
====================
C:\Users\John\AppData\Local\Temp\BackupSetup.exe
C:\Users\John\AppData\Local\Temp\ICReinstall_adwcleaner-3-012-52716-en-setup.exe
C:\Users\John\AppData\Local\Temp\Quarantine.exe
C:\Users\John\AppData\Local\Temp\RegClean6.exe
C:\Users\John\AppData\Local\Temp\sqlite3.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-02 10:13

==================== End Of Log ============================

 

[Broni]

1. You didn't answer my question about proxies.

2. I still need 2nd log from FRST. Re-run FRST make sure Addition.txt box is checkmarked and post just that log (Addition.txt).

 

[John Gilbert]

Addition.txt is over 50,000 characters. Here is Addition log up to but not including Scheduled Tasks (whitelisted)
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by John at 2014-03-17 11:44:00
Running from C:\Users\John\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
ABBYY FineReader 6.0 Sprint (HKLM-x32\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.2146.41621 - ABBYY Software House)
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.0.0.0 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 2.0.0 - Adobe Systems Incorporated) Hidden
Address Book (HKLM-x32\...\ST6UNST #1) (Version: - )
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Amazon Kindle For PC (HKCU\...\Amazon Kindle For PC) (Version: - Amazon)
AMD Accelerated Video Transcoding (Version: 2.00.0001 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.898.1 - Advanced Micro Devices Inc.) Hidden
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.70214.2220 - Advanced Micro Devices, Inc.) Hidden
AnswerWorks 5.0 English Runtime (HKLM-x32\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}) (Version: 5.0.7 - Vantage Software Technologies)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft Magic-I Visual Effects 2 (HKLM-x32\...\{41B44041-D45D-41EB-A1EF-A12BB5C6996B}) (Version: 2.0.11.116 - ArcSoft)
ArcSoft ShowBiz (HKLM-x32\...\{E92E462A-700D-4949-B24B-789AEDDA3B88}) (Version: 3.5.0.64 - ArcSoft)
ArcSoft WebCam Companion 3 (HKLM-x32\...\{FFEFD86B-5D4F-4A2D-8D4E-ECD7D9AD925E}) (Version: 3.0.41.373 - ArcSoft)
BetterInvesting Portfolio Manager 5 (Demo) (HKLM-x32\...\{48F8D07F-83A8-46BE-BCD1-8D5578495CD5}) (Version: 5.0.0000 - QUANT IX Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center (x32 Version: 2012.0214.2218.39913 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0214.2218.39913 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.0214.2218.39913 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0214.2218.39913 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.0214.2217.39913 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.0214.2217.39913 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.0214.2217.39913 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.0214.2217.39913 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.0214.2217.39913 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.0214.2217.39913 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.0214.2217.39913 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.0214.2217.39913 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.0214.2217.39913 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.0214.2217.39913 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.0214.2217.39913 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.0214.2217.39913 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.0214.2217.39913 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.0214.2217.39913 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.0214.2217.39913 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.0214.2217.39913 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.0214.2217.39913 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.0214.2217.39913 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.0214.2217.39913 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.0214.2217.39913 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.0214.2217.39913 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.0214.2217.39913 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.0214.2218.39913 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform)
C-Media PCI Audio Device (HKLM\...\C-Media PCI Audio Driver) (Version: - )
CodeBlocks (HKCU\...\CodeBlocks) (Version: 9.02-wiley1 - The Code::Blocks Team)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Computerized Investing's Spreadsheet Collection (HKLM-x32\...\{1F7C28C7-ED0C-4D9B-8A09-D6532F6C8C0E}) (Version: - )
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.0) (Version: 5.0.0.0 - Coupons.com Incorporated) <==== ATTENTION
Crystal Reports Basic Runtime for Visual Studio 2008 (HKLM-x32\...\{CE26F10F-C80F-4377-908B-1B7882AE2CE3}) (Version: 10.5.0.0 - Business Objects)
Crystal Reports Basic Runtime for Visual Studio 2008 (x64) (HKLM\...\{2BFA9B05-7418-4EDE-A6FC-620427BAAAA3}) (Version: 10.5.2.0 - Business Objects)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.1027 - CyberLink Corp.)
CyberLink Power2Go (x32 Version: 7.0.0.1027 - CyberLink Corp.) Hidden
CyberLink WaveEditor (HKLM-x32\...\InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}) (Version: 1.0.1.2011 - CyberLink Corp.)
CyberLink WaveEditor (x32 Version: 1.0.1.2011 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{81FB7C60-565A-4869-9D90-3BE1D270E8B7}) (Version: - Microsoft)
DisplayFusion 5.1.1 (HKLM-x32\...\B076073A-5527-4f4f-B46B-B10692277DA2_is1) (Version: 5.1.1.0 - Binary Fortress Software)
Driver Fusion (HKLM-x32\...\{100C8F3B-82D6-4B14-BB7A-5E8C3FF810C8}_is1) (Version: 1.2.0 - Treexy)
Elevated Installer (x32 Version: 2.3.18.0 - Garmin Ltd or its subsidiaries) Hidden
Fidelity Active Trader Pro® (HKLM-x32\...\{D9CFB50F-FCFB-4825-A5C5-E389B75B31EF}) (Version: 9.9.344.0 - Fidelity Investments)
FOREXTraderPro (HKCU\...\1df0cdb088182ccc) (Version: 3.0.0.53 - FOREXTraderPro)
Garmin City Navigator North America NT 2014.30 Update (HKLM-x32\...\{6D30B301-7D44-4D64-9369-638E0101F922}) (Version: 17.30.0.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin (HKLM-x32\...\{032A13FF-D26D-4844-9597-7EF698627985}) (Version: 4.1.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (HKLM\...\{AFA301E1-B410-4F1B-B1C0-2E92FDCD94AD}) (Version: 4.1.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{0904cc72-1b29-426a-b0f0-228d2744a4f6}) (Version: 2.3.18.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 2.3.18.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 2.3.18.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google SketchUp 8 (HKLM-x32\...\{B700113B-24A8-4D4C-8484-0CC944F764C8}) (Version: 3.0.3117 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
GoToMeeting 5.1.0.880 (HKCU\...\GoToMeeting) (Version: 5.1.0.880 - CitrixOnline)
High Growth Stock Investor (HKLM-x32\...\High Growth Stock Investor) (Version: - )
Home Budget (HKLM-x32\...\{4473A7CA-4C21-4D16-A793-636E15B7520E}) (Version: 4.0.7 - SoftPerfection)
Host OpenAL (ADI) (HKLM-x32\...\Host OpenAL (ADI)) (Version: - )
HP Update (HKLM-x32\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
HP Webcam User's Guide (HKLM-x32\...\{3BB33344-3179-49A4-B6EB-22D2A390764D}) (Version: - Hewlett-Packard)
iCloud (HKLM\...\{EAFB2AD8-D92B-464C-8D97-B9CB94703C4A}) (Version: 3.0.2.163 - Apple Inc.)
InfraRecorder (HKLM-x32\...\InfraRecorder) (Version: - )
Investment Account Manager 2 (HKLM-x32\...\{D5CB2462-B8BD-46D7-9C12-9C505090A418}) (Version: 2.0.0000 - QUANT IX Software)
iPod for Windows 2005-10-12 (HKLM-x32\...\InstallShield_{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A}) (Version: 4.3.0 - Apple Computer, Inc.)
iPod for Windows 2005-10-12 (x32 Version: 4.3.0 - Apple Computer, Inc.) Hidden
iTunes (HKLM\...\{A04DCB25-7040-4935-A30D-8E0A893ABF2D}) (Version: 11.1.2.32 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java 7 Update 7 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417007FF}) (Version: 7.0.70 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JustCad 10.0 (HKLM-x32\...\ST6UNST #2) (Version: - )
KeyTweak - Keyboard Remapper (remove only) (HKLM-x32\...\KeyTweak) (Version: - )
Lexmark Printable Web (HKLM-x32\...\{D2C5E510-BE6D-42CC-9F61-E4F939078474}) (Version: 1.0.0.0 - )
Lexmark Pro200-S500 Series (HKLM\...\Lexmark Pro200-S500 Series) (Version: - Lexmark International, Inc.)
Lexmark Tools for Office (HKLM-x32\...\{10812DE7-2E57-4740-B226-6B3BE34AF9D7}) (Version: 1.29.0.0 - )
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM-x32\...\McAfee Security Scan) (Version: 3.0.285.6 - McAfee, Inc.)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft IntelliType Pro 7.0 (HKLM\...\{850C7AF6-7376-464D-A69C-E8419EC7ACA7}) (Version: 7.0.260.0 - Microsoft)
Microsoft Office 365 Home Premium - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4551.1011 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 17.0.2003.1112 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 ENU (HKLM-x32\...\{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}) (Version: 3.5.5386.0 - Microsoft Corporation)
Microsoft VC9 runtime libraries (x32 Version: 2.0.0 - AOL Inc.) Hidden
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox (3.5.8) (HKLM-x32\...\Mozilla Firefox (3.5.8)) (Version: 3.5.8 (en-US) - Mozilla)
Mozilla Firefox 16.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 16.0.2 (x86 en-US)) (Version: 16.0.2 - Mozilla)
Mozilla Firefox 27.0.1 (x86 en-US) (HKCU\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.1.1 - Mozilla)
Mozilla Thunderbird 24.1.1 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 24.1.1 (x86 en-US)) (Version: 24.1.1 - Mozilla)
MP3Boss (HKLM-x32\...\MP3Boss) (Version: - )
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyGains 3.0.3 (HKLM-x32\...\{608C5339-3561-4542-AD17-8D4CC6D0A6F7}_is1) (Version: - Dhana Software Inc.)
NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.2.28.24.exe - NETGEAR Inc.)
NVIDIA 3D Vision Controller Driver 306.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 306.23 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Control Panel 327.23 (Version: 327.23 - NVIDIA Corporation) Hidden
NVIDIA Endless City demo (HKLM-x32\...\Endless City) (Version: 1.0 - NVIDIA Corporation)
NVIDIA Graphics Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.12.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0604 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1106 - NVIDIA Corporation) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4551.1011 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4551.1011 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4551.1011 - Microsoft Corporation) Hidden
OpenOffice.org 3.3 (HKLM-x32\...\{3E171899-0175-47CC-84C4-562ACDD4C021}) (Version: 3.3.9567 - OpenOffice.org)
PC Speed Up (HKLM\...\PCSU-SL_is1) (Version: 3.4.1.0 - Speedchecker Limited)
PC Study Bible (remove only) (HKLM-x32\...\PC Study Bible) (Version: - )
Pdf Editor (HKLM-x32\...\{739126B3-1B80-4F1F-8D59-312A19633E1A}_is1) (Version: - )
PDF Pro 10 (HKLM-x32\...\{FC279721-37A6-4777-AFD8-7A56681EBA14}) (Version: 10.4.0000 - PDF Pro Software)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Quotes Plus (HKLM-x32\...\Quotes Plus) (Version: - HighGrowthStock Investor)
Research Wizard 4.0 (HKLM-x32\...\{D47B71EA-3842-45FC-89B4-15A18CD689F1}) (Version: - )
Seagate Manager Installer (HKLM-x32\...\InstallShield_{E6F019F1-DFB6-4853-A87D-6E31624755A9}) (Version: 2.02.0109 - Seagate)
Seagate Manager Installer (x32 Version: 2.02.0109 - Seagate) Hidden
Search Toolbar (HKLM-x32\...\Search Toolbar) (Version: 1.2 - Zugo Ltd)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden
SimplyZip (HKLM-x32\...\{0ED72299-E4E4-4A60-B528-890B2ABCE443}) (Version: 3.03 - )
SMF_USA_users (HKLM-x32\...\{11CB640E-166F-4A9F-96A2-1FDA448303F8}) (Version: 1.00.0000 - Old School Value)
SnagIt 8 (HKLM-x32\...\{DA0BF7AB-88EB-4675-8FA1-531EAD938821}) (Version: 8.2.3 - TechSmith Corporation)
Snagit 9.1.3 (HKLM-x32\...\{5C47C8B6-77FF-4FC7-A388-66FCF9CFC24C}) (Version: 9.1.3.19 - TechSmith Corporation)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Stock Investor Professional (HKLM-x32\...\{6BA8FF81-C7E9-11D1-B885-444553540000}) (Version: 3.5 - AAII)
SugarSync (HKLM-x32\...\SugarSync) (Version: 2.0.1.108651 - SugarSync, Inc.)
System Checkup 3.0 (HKLM-x32\...\{4AC7B4E7-59B7-4E48-A60D-263C486FC33A}_is1) (Version: 3.0.7.19 - iolo technologies, LLC)
TomTom HOME 2.8.2.2264 (HKLM-x32\...\TomTom HOME) (Version: 2.8.2.2264 - TomTom)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Ulead Photo Explorer 8.5 Trial (HKLM-x32\...\{025C3792-E9C6-432A-92C1-661F99D021CA}) (Version: - Ulead Systems, Inc.)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{001E8BF3-EDC3-4D5E-9C11-1D0E599B6497}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{001E8BF3-EDC3-4D5E-9C11-1D0E599B6497}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2837583) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{E21274CE-CA0C-49FA-93F4-DC292A052264}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{B5C70C99-B109-42FD-B219-FF12CA543F19}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{DA2F7ECE-6629-4A80-9CDE-EC95261B75E2}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{80F56E3F-1D47-4E45-B6E0-FEF4E919F4F9}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version: - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{E78E2B68-8FD1-42EE-BB74-99A4D9E6222D}) (Version: - Microsoft)
Updater (HKLM-x32\...\{D54E3D9F-FEB8-4D2D-A138-B69A5C80080B}) (Version: 2.6.43 - Long Mile Solutions, LLC) <==== ATTENTION
View Password (HKLM-x32\...\a38b4005-754d-40fd-b36d-32174dca6483) (Version: - View Password)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VueScan (HKLM-x32\...\VueScan) (Version: - )
Wealth-Lab Pro 6.4 (64-bit) (HKLM\...\{04CA4B4E-8166-43BA-82CC-FA3E00D3FED5}) (Version: 6.4.52 - Fidelity Investments)
WebEx (HKCU\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Winamp (HKLM-x32\...\Winamp) (Version: 5.622 - Nullsoft, Inc)
Winamp Detector Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinPatrol 2009 (HKLM-x32\...\WinPatrol) (Version: 17.0.2010.0 - BillP Studios)
XLQ (HKLM\...\33555412-5137-4E9C-A1EC-7F48E48B9F1F_is1) (Version: XLQ 64bit Excel Add-in Version 4.72 - QMatix)
XLQ (HKLM-x32\...\33555412-5137-4E9C-A1EC-7F48E48B9F1F_is1) (Version: - QMatix)
Yahoo! Widgets (HKLM-x32\...\Yahoo! Widget Engine) (Version: 4.5.2.0 - Yahoo! Inc.)

==================== Restore Points =========================

25-12-2013 18:12:50 Garmin Express
16-01-2014 09:21:28 Windows Update
24-01-2014 05:45:14 Windows Update
06-02-2014 04:05:43 Windows Update
15-02-2014 09:54:11 Windows Update
22-02-2014 20:04:32 Windows Update
28-02-2014 19:25:28 Garmin Express
13-03-2014 20:56:35 Installed Java 7 Update 51

==================== Hosts content: ==========================

2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============


==================== End Of Log Part 1 ============================

 

[John Gilbert]

Addition.txt Part 2
Scheduled Tasks (whitelisted) =============

Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {05AD20C0-614B-404F-9B5C-B2115FBF5015} - System32\Tasks\{6E6E4A12-EF1C-4632-80D7-B3BBE53534C5} => C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE
Task: {0B00339C-D8F2-4D0C-AC9E-D9B10050EF6B} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {0EA2C888-30FD-4E58-8F15-3DF44CBC55FC} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe
Task: {0FBF23B1-7CE0-49C3-8899-B6D1F95DD130} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {193ACD68-447C-4063-A52E-17DA6CC86147} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {1AA309D9-63AB-4F79-88FF-8049AB463955} - System32\Tasks\{2E4426CD-43CC-4FE2-B3C0-5AC4A7308F2F} => D:\Program Files (x86)\DisplayFusion\DisplayFusion.exe [2013-11-27] (Binary Fortress Software)
Task: {1AB51375-C031-4C5D-B4DB-6B214AF62066} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => C:\Program Files\Microsoft IntelliType Pro\IType.exe [2009-06-01] (Microsoft Corporation)
Task: {1D3A6BC4-CB27-4C5B-992E-013D8770AA69} - \MySearchDial No Task File
Task: {1EB78641-802C-4C65-A606-55795922A442} - \hdtotal1.2-codedownloader No Task File
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2170ED24-ABBD-4C1E-B714-6484202BA08C} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\SymErr.exe
Task: {2878460D-904A-4F06-98A7-18EC534BCFAD} - System32\Tasks\{2AAD9675-8AEA-42C1-9A7D-FBEE3B964AED} => D:\Program Files\CMMFS 2007\CMMFS.exe
Task: {28862337-BCD4-4DBB-AC17-ECDE6CE6F3C2} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-11-02] (Microsoft Corporation)
Task: {294C4E87-3A32-4E24-BD28-34782F9E4AD4} - System32\Tasks\View Password Update => C:\Program Files (x86)\View-Password-soft\View-.exe [2014-03-13] ()
Task: {29BBA0E1-65B2-41B7-9ECC-DEAD739E2BD0} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-02-15] (Microsoft Corporation)
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {2E2068C4-C9D0-42C7-A815-61D958EDD42B} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {2E31DBAA-4653-4A87-A2BF-88BE1887BF86} - System32\Tasks\View Password_wd => C:\Program Files (x86)\View-Password-soft\ViewPassword_wd.exe [2014-03-13] ()
Task: {313F9A87-C54F-4116-ADC0-0B8637B4C7CF} - System32\Tasks\{66F4955C-9507-4EED-86EA-FF0146011571} => D:\Program Files (x86)\DisplayFusion\DisplayFusion.exe [2013-11-27] (Binary Fortress Software)
Task: {32D5BF7C-35A2-4BEE-B72B-41CFE18A2E3E} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {37A78369-EFE0-4B1B-BD62-A9E4D53949C1} - \RegClean Pro No Task File
Task: {386F9585-BC38-48B7-9A1B-D87EC05C6CDE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {3C419721-B4E9-450B-9C60-FCAC38ED794A} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {40E8A5EF-8A39-4D64-BF73-DBB5434DF795} - System32\Tasks\AVG-Secure-Search-Update_1013b_rel => C:\Program Files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_1013b.exe
Task: {426E6B76-AC00-44A4-9DB3-FFF05F25DBF5} - \hdtotal1.2-enabler No Task File
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {49F8D43A-4795-4667-A89F-08A2432EE210} - System32\Tasks\{B349F284-0346-4926-815C-A7D1A20851A5} => C:\Program Files (x86)\Skype\\Phone\Skype.exe
Task: {4A66326D-08B8-4D13-BE87-728F720D560B} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {5189D76A-A3F8-442A-BC62-1AC982C55F99} - System32\Tasks\{ADD6D313-FC5E-4F31-982A-5329409C8C64} => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
Task: {51EAF4FC-E31F-4F96-91E6-960359AAB667} - System32\Tasks\{5FD4C3C4-2A9B-4A35-AB4C-77B409F30126} => C:\Program Files (x86)\MagicRotation\MagicPvt.exe
Task: {5AC38143-56CD-4567-84DF-1BEDF1E9FD6A} - System32\Tasks\{FE680FCD-5245-4032-872F-DC1509CC12D9} => D:\Program Files\CMMFS 2007\CMMFS.exe
Task: {5B75627B-EA90-40AA-B267-630DD2973759} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {5C3ABBD9-81AC-4920-A417-E7B35D11A8B3} - System32\Tasks\{4FF6A95A-2D60-4BB3-9949-500BA5711288} => C:\Program Files (x86)\MagicRotation\MagicPvt.exe
Task: {69717CFA-3D9A-41E5-AF73-D07396FA8485} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6AD98064-4B9F-461B-B77C-E4079E60FEF2} - System32\Tasks\{3B7978EE-2156-4CEF-BCB0-C5EC6BACDD32} => C:\Program Files (x86)\MagicRotation\MagicPvt.exe
Task: {6C4B032E-0D1B-46EA-931C-0977DAF47EB3} - \hdtotal1.2-updater No Task File
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {712428B4-0088-4353-9629-11C0FAE1F59E} - \Advanced System Protector_startup No Task File
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {78FCC86B-6E8F-4D9C-AB46-A342A5D2A10F} - System32\Tasks\{56D2388C-1F82-4528-B254-44D3938472AD} => Firefox.exe
Task: {7923722B-1413-4B46-A18F-63F5B5A32B7B} - \BackgroundContainer Startup Task No Task File
Task: {7BB5AF8F-9A4A-4447-8DD7-87E18B2FEB2E} - \RegClean Pro_UPDATES No Task File
Task: {7DDA9069-BA52-4B11-8619-A399A3BA14E6} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {7F838B58-7011-4848-82E7-51745B7D2EDD} - System32\Tasks\{04B02C27-DFE6-4420-B3FF-7801FE399D1C} => C:\Program Files (x86)\MagicRotation\MagicPvt.exe
Task: {82D3CDE0-EA72-4700-B2B3-0955824271CB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-02-09] (Google Inc.)
Task: {84295653-8CF6-4801-B4EB-9ED02639742C} - \PC SpeedUp Service Deactivator No Task File
Task: {84837222-5628-4FDA-BDE0-5428064721BC} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {88E0AF37-F45B-41CE-98D7-E768A1F114B1} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {918501E8-E592-4A9F-98F3-99E1EAD39BEA} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\SymErr.exe
Task: {98436F65-44E8-42AE-8654-A99635A9525B} - System32\Tasks\{59DB3763-6C2A-4D66-8584-8FDDE89D3111} => D:\Program Files\CMMFS 2007\CMMFS.exe
Task: {9C48A44B-E048-44DE-B86B-BC986871357E} - System32\Tasks\AVG-Secure-Search-Update_1013b_rmv => C:\Program Files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_1013b.exe
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A164C0E0-3144-4A39-8AFF-7FEC5C2F5719} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {A41A0483-6579-45E9-8264-BCBD1BB9C703} - \hdtotal1.2-chromeinstaller No Task File
Task: {B0D419E5-A27D-4146-BA9F-D287097DA6A7} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {B3A76349-4178-4D8A-A2AB-FBB638E2C02D} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {B625706C-A1AE-44F2-8F90-04F15D4EDB7C} - \hdtotal1.2-firefoxinstaller No Task File
Task: {B66D6DEA-703F-4EE5-A5F8-4801F17F4D5E} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {BB458411-0B6C-4ABA-AB93-09F40FC160D7} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {BC1AE803-DAA1-4E5F-A7A3-10F4BB01B6D7} - System32\Tasks\{6D41781B-F9F3-4740-9947-45D720EB9D7A} => Firefox.exe
Task: {BF5655B5-8CF1-4598-A241-4795B567B413} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-11] (Adobe Systems Incorporated)
Task: {C1F6FE59-655D-48B9-85E3-5AAA386836C9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {C3642A49-BA6A-457D-A874-F0CD42942F45} - System32\Tasks\{E1242E87-2AD0-4FF6-8DAE-6EA44C5A113E} => C:\Program Files (x86)\MagicRotation\MagicPvt.exe
Task: {CB722F37-663A-4091-AC9B-38189BC87B4F} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D0683D30-4D67-4A90-A4C2-759AAB665E7F} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {D8053927-1A0C-4F26-954F-B26588384090} - \RegClean Pro_DEFAULT No Task File
Task: {D85FBFA9-C19A-4DE3-94FC-6C38787A6B3A} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DEB681B9-6312-49C8-B114-5D6AEDA0EDA1} - System32\Tasks\{5BCC5997-C07A-4CDE-9ED7-A809C89BBE24} => D:\Program Files (x86)\DisplayFusion\DisplayFusion.exe [2013-11-27] (Binary Fortress Software)
Task: {DED9D9E1-8C74-4839-8BC4-172D2FBD19D6} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {E2BBFF63-971B-4D06-9B4C-CF8BDD0751B2} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {F44EBE1B-17B1-41F4-AB2E-82F193B71D3F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-02-09] (Google Inc.)
Task: {F4DA0340-5407-4E6C-A2E5-BF42142F14B2} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2013-12-13] (Microsoft Corporation)
Task: {F747EE5B-D74E-4770-9CC3-7A5D26137151} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {F77E0A58-8BA5-4ECD-9865-C9AA0F3C68E9} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {FFA892C5-24AF-46BD-BBFA-DD9110448883} - System32\Tasks\{8329B1A1-A6F5-4181-AA94-7EB4F532A6AE} => C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AVG-Secure-Search-Update_1013b_rel.job => C:\Program Files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_1013b.exe
Task: C:\WINDOWS\Tasks\AVG-Secure-Search-Update_1013b_rmv.job => C:\Program Files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_1013b.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\View Password Update.job => C:\Program Files (x86)\View-Password-soft\View-.exe
Task: C:\WINDOWS\Tasks\View Password_wd.job => C:\Program Files (x86)\View-Password-soft\ViewPassword_wd.exe

==================== Loaded Modules (whitelisted) =============

2011-01-05 12:59 - 2009-12-31 01:17 - 00053760 _____ () C:\WINDOWS\System32\LXEBPMON.DLL
2011-01-05 12:59 - 2009-01-13 08:15 - 04485120 _____ () C:\WINDOWS\System32\LXEBOEM.DLL
2011-01-05 13:01 - 2009-11-04 08:17 - 00189440 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\lxebdrpp.dll
2012-07-31 10:21 - 2009-02-20 03:48 - 00381440 _____ () C:\WINDOWS\System32\lxebsm.dll
2012-07-31 10:21 - 2009-02-20 03:48 - 00023552 _____ () C:\WINDOWS\System32\lxebsmr.dll
2013-12-21 22:16 - 2013-11-02 01:49 - 00377000 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2rui.dll
2013-12-21 22:16 - 2013-11-02 01:48 - 00520872 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2r64.dll
2013-12-21 22:16 - 2013-11-02 01:49 - 00618152 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2014-03-13 13:58 - 2014-03-13 13:58 - 00195072 _____ () C:\Program Files (x86)\View-Password-soft\ViewPassword157.exe
2014-03-13 13:58 - 2014-03-13 13:58 - 00093184 _____ () C:\Program Files (x86)\View-Password-soft\ViewPassword_wd.exe
2012-07-31 10:20 - 2013-01-23 13:29 - 00150264 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\ezprint.exe
2012-07-31 10:20 - 2013-01-23 13:29 - 00772712 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe
2013-04-07 06:38 - 2013-04-07 06:38 - 01044224 _____ () D:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe
2012-07-31 10:21 - 2009-11-04 08:17 - 00280576 _____ () C:\WINDOWS\system32\spool\DRIVERS\x64\3\lxebdr.dll
2012-07-31 10:21 - 2009-05-18 08:32 - 01416192 _____ () C:\WINDOWS\system32\spool\DRIVERS\x64\3\lxebptpc.dll
2012-07-31 10:21 - 2009-11-04 08:19 - 00198656 _____ () C:\WINDOWS\system32\spool\DRIVERS\x64\3\lxebdrui.dll
2012-07-31 10:21 - 2009-11-09 03:36 - 00142336 _____ () C:\WINDOWS\system32\spool\DRIVERS\x64\3\lxebPRPR.DLL
2013-12-13 07:28 - 2013-12-13 07:28 - 08866472 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-04-07 06:42 - 2013-04-07 06:42 - 00123136 _____ () D:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-07-31 10:20 - 2010-04-05 05:56 - 00716954 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\Epwizard.DLL
2012-07-31 10:20 - 2010-04-05 05:55 - 00159890 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\customui.dll
2012-07-31 10:20 - 2010-04-05 05:54 - 00123033 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\Eputil.DLL
2012-07-31 10:20 - 2010-04-05 05:55 - 00061604 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\Epfunct.DLL
2012-07-31 10:20 - 2010-04-05 05:54 - 00143502 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\Imagutil.DLL
2012-07-31 10:20 - 2010-04-05 05:56 - 02203803 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\EPWizRes.dll
2012-07-31 10:20 - 2010-04-05 05:56 - 00045221 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\epstring.dll
2012-07-31 10:20 - 2010-04-05 05:56 - 00094359 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\EPOEMDll.dll
2012-07-31 10:20 - 2009-04-07 14:25 - 00409600 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\iptk.dll
2012-07-31 10:20 - 2009-03-02 09:25 - 00151552 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebptp.dll
2012-07-31 10:20 - 2010-04-01 12:23 - 00389120 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebscw.dll
2012-07-31 10:20 - 2009-05-27 07:16 - 00192512 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebdatr.dll
2012-07-31 10:20 - 2009-05-27 07:13 - 00081920 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebcats.dll
2012-07-31 10:20 - 2010-04-01 12:24 - 01159168 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebDRS.dll
2012-07-31 10:20 - 2009-03-10 00:43 - 00155648 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebcaps.dll
2012-07-31 10:21 - 2009-02-20 03:48 - 00381440 _____ () C:\WINDOWS\SYSTEM32\lxebsm.dll
2012-07-31 10:21 - 2009-02-20 03:48 - 00023552 _____ () C:\WINDOWS\system32\lxebsmr.dll
2013-02-19 01:46 - 2013-02-19 01:46 - 00011362 _____ () D:\Program Files (x86)\NETGEAR Genie\bin\mingwm10.dll
2013-02-19 01:46 - 2013-02-19 01:46 - 00043008 _____ () D:\Program Files (x86)\NETGEAR Genie\bin\libgcc_s_dw2-1.dll
2013-02-19 01:46 - 2013-02-19 01:46 - 02537472 _____ () D:\Program Files (x86)\NETGEAR Genie\bin\QtCore4.dll
2013-02-19 01:46 - 2013-02-19 01:46 - 09814016 _____ () D:\Program Files (x86)\NETGEAR Genie\bin\QtGui4.dll
2013-06-04 20:22 - 2013-06-04 20:22 - 00481280 _____ () D:\Program Files (x86)\NETGEAR Genie\bin\Genie.dll
2013-03-27 03:42 - 2013-03-27 03:42 - 01553920 _____ () D:\Program Files (x86)\NETGEAR Genie\bin\SvtNetworkTool.dll
2013-02-19 01:46 - 2013-02-19 01:46 - 00399360 _____ () D:\Program Files (x86)\NETGEAR Genie\bin\QtXml4.dll
2013-02-19 01:46 - 2013-02-19 01:46 - 01140224 _____ () D:\Program Files (x86)\NETGEAR Genie\bin\QtNetwork4.dll
2013-05-09 22:12 - 2013-05-09 22:12 - 00229888 _____ () D:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Airprint.dll
2013-03-27 03:43 - 2013-03-27 03:43 - 01067520 _____ () D:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Internet.dll
2013-05-28 01:21 - 2013-05-28 01:21 - 04334592 _____ () D:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Map.dll
2013-03-27 03:52 - 2013-03-27 03:52 - 00500736 _____ () D:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_NetworkProblem.dll
2013-03-27 03:50 - 2013-03-27 03:50 - 00186368 _____ () D:\Program Files (x86)\NETGEAR Genie\bin\DragonNetTool.dll
2013-03-27 03:51 - 2013-03-27 03:51 - 01198080 _____ () D:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_ParentalControl.dll
2013-05-14 21:56 - 2013-05-14 21:56 - 08432128 _____ () D:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Resource.dll
2013-04-28 01:25 - 2013-04-28 01:25 - 01205760 _____ () D:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_RouterConfiguration.dll
2013-03-27 03:42 - 2013-03-27 03:42 - 00088064 _____ () D:\Program Files (x86)\NETGEAR Genie\bin\QRCode.dll
2013-03-27 03:51 - 2013-03-27 03:51 - 00641536 _____ () D:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Statistics.dll
2013-05-14 00:18 - 2013-05-14 00:18 - 00931840 _____ () D:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Ui.dll
2013-03-27 03:49 - 2013-03-27 03:49 - 00438272 _____ () D:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Wireless.dll
2013-02-19 01:46 - 2013-02-19 01:46 - 00083456 _____ () D:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qgif4.dll
2013-02-19 01:46 - 2013-02-19 01:46 - 00083456 _____ () D:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qico4.dll
2013-02-19 01:46 - 2013-02-19 01:46 - 00287232 _____ () D:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qjpeg4.dll
2013-03-27 03:42 - 2013-03-27 03:42 - 00137728 _____ () D:\Program Files (x86)\NETGEAR Genie\bin\DiagnosePlugin.dll
2013-03-26 21:58 - 2013-03-26 21:58 - 00139264 _____ () D:\Program Files (x86)\NETGEAR Genie\bin\DiagnoseDll.dll
2012-11-29 04:56 - 2012-11-29 04:56 - 03332720 _____ () D:\Program Files (x86)\NETGEAR Genie\bin\drivers\libntgr_api.dll
2013-03-26 21:58 - 2013-03-26 21:58 - 00072192 _____ () D:\Program Files (x86)\NETGEAR Genie\bin\SVTUtils.DLL
2013-03-26 21:58 - 2013-03-26 21:58 - 00074752 _____ () D:\Program Files (x86)\NETGEAR Genie\bin\NetcardApi.dll
2013-03-26 21:58 - 2013-03-26 21:58 - 00136704 _____ () D:\Program Files (x86)\NETGEAR Genie\bin\airprintdll.dll
2013-03-27 03:51 - 2013-03-27 03:51 - 00714240 _____ () D:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_Update.dll
2013-03-27 03:49 - 2013-03-27 03:49 - 00485376 _____ () D:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_WirelessExport.dll
2013-03-27 03:49 - 2013-03-27 03:49 - 00116224 _____ () D:\Program Files (x86)\NETGEAR Genie\bin\WSetupApiPlugin.dll
2013-03-26 21:58 - 2013-03-26 21:58 - 00066560 _____ () D:\Program Files (x86)\NETGEAR Genie\bin\WSetupDll.dll
2010-10-11 18:15 - 2010-10-11 18:15 - 01840424 _____ () D:\Program Files (x86)\CyberLink\Power2Go\Power2Go\Language\ENU\P2GRC.dll
2010-08-20 09:57 - 2010-08-20 09:57 - 01670952 _____ () D:\Program Files (x86)\CyberLink\Power2Go\Power2Go\runtime\authoring\AuroraU.dll
2010-08-20 09:57 - 2010-08-20 09:57 - 00671016 _____ () D:\Program Files (x86)\CyberLink\Power2Go\Power2Go\runtime\mediacache\MediaObj.dll
2010-08-20 09:58 - 2010-08-20 09:58 - 00070952 _____ () D:\Program Files (x86)\CyberLink\Power2Go\Power2Go\runtime\CES\ImageWrapper.dll
2010-08-20 09:57 - 2010-08-20 09:57 - 00144680 _____ () D:\Program Files (x86)\CyberLink\Power2Go\Power2Go\CLVistaAudioMixer.dll
2010-08-20 09:57 - 2010-08-20 09:57 - 00313128 _____ () D:\Program Files (x86)\CyberLink\Power2Go\Power2Go\runtime\authoring\EditingMgrWrapperU.dll
2010-08-20 09:57 - 2010-08-20 09:57 - 00188712 _____ () D:\Program Files (x86)\CyberLink\Power2Go\Power2Go\runtime\authoring\AuthorBAT.dll
2010-08-20 09:57 - 2010-08-20 09:57 - 00292224 _____ () D:\Program Files (x86)\CyberLink\Power2Go\Power2Go\runtime\authoring\CLTranscoder.dll
2013-12-13 07:20 - 2013-12-13 07:20 - 00316584 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2013-12-13 07:20 - 2013-12-13 07:20 - 00359592 _____ () C:\Program Files\Microsoft Office 15\root\office15\c2r32.dll
2008-01-08 17:50 - 2008-01-08 17:50 - 00349147 _____ () C:\Program Files (x86)\Yahoo!\Widgets\sqlite3.dll
2008-03-18 19:21 - 2008-03-18 19:21 - 00512000 _____ () C:\Program Files (x86)\Yahoo!\Widgets\js32.dll
2008-03-18 19:21 - 2008-03-18 19:21 - 00094208 _____ () C:\Program Files (x86)\Yahoo!\Widgets\jsd.dll
2010-03-01 09:38 - 2009-09-14 17:36 - 00506711 ____N () D:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll
2010-08-20 09:57 - 2010-08-20 09:57 - 00619816 _____ () D:\Program Files (x86)\CyberLink\Power2Go\Power2Go\CLMediaLibrary.dll
2010-08-20 09:57 - 2010-08-20 09:57 - 00013096 _____ () D:\Program Files (x86)\CyberLink\Power2Go\Power2Go\CLMLSvcPS.dll
2014-03-15 06:36 - 2014-03-14 19:50 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll
2014-03-15 06:36 - 2014-03-14 19:50 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libglesv2.dll
2014-03-15 06:36 - 2014-03-14 19:50 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libegl.dll
2014-03-15 06:36 - 2014-03-14 19:50 - 04061000 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll
2014-03-15 06:36 - 2014-03-14 19:50 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
2014-03-15 06:36 - 2014-03-14 19:50 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll
2014-03-15 06:36 - 2014-03-14 19:50 - 13637448 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\ProgramData\TEMP:792D4CF1
AlternateDataStreams: C:\ProgramData\TEMP:A8ADE5D8
AlternateDataStreams: C:\ProgramData\TEMP287FACF
AlternateDataStreams: C:\ProgramData\TEMP3A96964
AlternateDataStreams: C:\ProgramData\TEMPFC5A2B2
AlternateDataStreams: C:\Users\John\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: EzPrint => "C:\Program Files (x86)\Lexmark Pro200-S500 Series\ezprint.exe"
MSCONFIG\startupreg: iTunesHelper => "D:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: vspdfprsrv.exe => d:\Program Files (x86)\PDF Pro Software\PDF Pro 10\vspdfprsrv.exe --background

==================== Faulty Device Manager Devices =============

Name: Multimedia Audio Controller
Description: Multimedia Audio Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller
Description: Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Marvell
Service: yukonw8
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/17/2014 10:52:36 AM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <4, 0x80070002, Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects>.

Error: (03/17/2014 10:51:47 AM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <4, 0x80070002, Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects>.

Error: (03/17/2014 10:51:19 AM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <4, 0x80070002, Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects>.

Error: (03/17/2014 10:50:52 AM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <4, 0x80070002, Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects>.

Error: (03/17/2014 10:50:23 AM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <4, 0x80070002, Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects>.

Error: (03/17/2014 10:50:18 AM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <4, 0x80070002, Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects>.

Error: (03/17/2014 10:49:26 AM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <4, 0x80070002, Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects>.

Error: (03/17/2014 10:48:23 AM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <4, 0x80070002, Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects>.

Error: (03/17/2014 10:48:17 AM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <4, 0x80070002, Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects>.

Error: (03/17/2014 10:47:23 AM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <4, 0x80070002, Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects>.


System errors:
=============
Error: (03/17/2014 11:51:24 AM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 5180 time(s).

Error: (03/17/2014 11:51:24 AM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated with the following error:
%%2

Error: (03/17/2014 11:51:18 AM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 5179 time(s).

Error: (03/17/2014 11:51:18 AM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated with the following error:
%%2

Error: (03/17/2014 11:50:23 AM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 5178 time(s).

Error: (03/17/2014 11:50:23 AM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated with the following error:
%%2

Error: (03/17/2014 11:50:18 AM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 5177 time(s).

Error: (03/17/2014 11:50:18 AM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated with the following error:
%%2

Error: (03/17/2014 11:49:24 AM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 5176 time(s).

Error: (03/17/2014 11:49:24 AM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated with the following error:
%%2


Microsoft Office Sessions:
=========================
Error: (03/17/2014 10:52:36 AM) (Source: Windows Search Service)(User: )
Description: 40x80070002Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects

Error: (03/17/2014 10:51:47 AM) (Source: Windows Search Service)(User: )
Description: 40x80070002Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects

Error: (03/17/2014 10:51:19 AM) (Source: Windows Search Service)(User: )
Description: 40x80070002Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects

Error: (03/17/2014 10:50:52 AM) (Source: Windows Search Service)(User: )
Description: 40x80070002Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects

Error: (03/17/2014 10:50:23 AM) (Source: Windows Search Service)(User: )
Description: 40x80070002Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects

Error: (03/17/2014 10:50:18 AM) (Source: Windows Search Service)(User: )
Description: 40x80070002Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects

Error: (03/17/2014 10:49:26 AM) (Source: Windows Search Service)(User: )
Description: 40x80070002Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects

Error: (03/17/2014 10:48:23 AM) (Source: Windows Search Service)(User: )
Description: 40x80070002Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects

Error: (03/17/2014 10:48:17 AM) (Source: Windows Search Service)(User: )
Description: 40x80070002Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects

Error: (03/17/2014 10:47:23 AM) (Source: Windows Search Service)(User: )
Description: 40x80070002Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects


CodeIntegrity Errors:
===================================
Date: 2014-03-13 16:10:53.882
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-03-13 16:10:53.851
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-03-13 14:31:34.316
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-03-13 14:31:34.265
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-03-12 12:39:43.559
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-03-12 12:39:43.534
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-03-12 12:39:43.505
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-03-12 12:39:43.479
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-03-12 12:39:43.452
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-03-12 12:39:43.428
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Percentage of memory in use: 36%
Total physical RAM: 8191.11 MB
Available physical RAM: 5191.43 MB
Total Pagefile: 17405.11 MB
Available Pagefile: 10582.17 MB
Total Virtual: 131072 MB
Available Virtual: 131071.82 MB

==================== Drives ================================

Drive c: (C Drive) (Fixed) (Total:596.16 GB) (Free:494.31 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (New Volume) (Fixed) (Total:931.51 GB) (Free:898.79 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: A3A2A3A2)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 932 GB) (Disk ID: A3F4A3F4)

Partition: GPT Partition Type.

========================================================
Disk: 2 (Size: 1863 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================

 

[Broni]

Here is Addition log up to but not including Scheduled Tasks (whitelisted)

I need complete log.

For the third time...
You didn't answer my question about proxies.

 

[John Gilbert]

Apparently you are not receiving my responses sent through gmail. For the third time,As to proxies, sorry, but no idea. What are proxies?

Which log is incomplete?

 

[Broni]

You said:

Here is Addition log up to but not including Scheduled Tasks (whitelisted)

However I can see that Tasks list is actually included so we can proceed.
Hold on there...

 

[Broni]

Uninstall:
- Coupon Printer for Windows
- Updater

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

[Broni]

Still with me?

 

[John Gilbert]

Yes - sorry! Got involved with taxes and was out of the loop for awhile. Will now proceed