aswMBR version 1.0.1.2201 Copyright© 2014 AVAST Software
Run date: 2014-11-11 14:43:44
-----------------------------
14:43:44.673 OS Version: Windows x64 6.0.6002 Service Pack 2
14:43:44.673 Number of processors: 4 586 0x203
14:43:44.673 ComputerName: CARL-PC UserName: Carl
14:43:46.473 Initialize success
14:43:46.537 VM: initialized successfully
14:43:46.538 VM: Amd CPU supported
14:44:49.645 AVAST engine defs: 14111100
14:45:03.545 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
14:45:03.548 Disk 0 Vendor: WDC_WD6400AAKS-22A7B2 01.03B01 Size: 610480MB BusType: 3
14:45:03.700 Disk 0 MBR read successfully
14:45:03.704 Disk 0 MBR scan
14:45:03.723 Disk 0 unknown MBR code
14:45:03.739 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10001 MB offset 63
14:45:03.772 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 600477 MB offset 20484096
14:45:03.797 Disk 0 scanning C:\Windows\system32\drivers
14:45:16.292 Service scanning
14:45:39.947 Modules scanning
14:45:39.956 Disk 0 trace - called modules:
14:45:39.985 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys ataport.SYS pciide.sys
14:45:39.991 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800487e060]
14:45:39.997 3 CLASSPNP.SYS[fffffa60011cfc33] -> nt!IofCallDriver -> [0xfffffa8004871580]
14:45:40.003 5 acpi.sys[fffffa6000828fde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800486c590]
14:45:41.763 AVAST engine scan C:\Windows
14:45:54.353 AVAST engine scan C:\Windows\system32
14:50:53.521 AVAST engine scan C:\Windows\system32\drivers
14:51:16.611 AVAST engine scan C:\Users\Carl
15:09:13.318 File: C:\Users\Carl\Downloads\AnySendSetup.exe **INFECTED** Win32:Dropper-gen [Drp]
15:09:19.741 File: C:\Users\Carl\Downloads\Internet_Explorer.exe **INFECTED** Win32:Malware-gen
15:11:47.831 AVAST engine scan C:\ProgramData
15:28:47.224 Disk 0 statistics 5139324/0/0 @ 1.24 MB/s
15:28:47.232 Scan finished successfully
15:43:38.575 Disk 0 MBR has been saved successfully to "C:\Users\Carl\Desktop\MBR.dat"
15:43:38.592 The log file has been saved successfully to "C:\Users\Carl\Desktop\aswMBR.txt"
Need help cleaning Malware from Desk Top
#1
Posted 11 November 2014 - 03:54 PM
Register to Remove
#2
Posted 11 November 2014 - 03:55 PM
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-11-2014
Ran by Carl (administrator) on CARL-PC on 11-11-2014 15:49:21
Running from C:\Users\Carl\Desktop
Loaded Profile: Carl (Available profiles: Carl & mlstruck & Julie & David & Katie)
Platform: Windows Vista Home Premium Service Pack 2 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\vsserv.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Agere Systems) C:\Windows\System32\agr64svc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\LVPrS64H.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
() C:\Windows\mHotkey.exe
(Realtek Semiconductor) C:\Windows\RAVCpl64.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Chicony) C:\Windows\ChiFuncExt.exe
(Creative) C:\Windows\CNYHKey.exe
(Dropbox, Inc.) C:\Users\Carl\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corp.) C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Discordia, LTD) C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
() C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Chicony) C:\Windows\ModLEDKey.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\bdagent.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Logitech, Inc.) C:\Program Files (x86)\Logitech\LWS\LU\LULnchr.exe
(Logitech, Inc.) C:\Program Files (x86)\Logitech\LWS\LU\LogitechUpdate.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RAVCpl64.exe [6495264 2008-09-18] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1833504 2008-09-18] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender\bdagent.exe [1754424 2008-08-06] (Bitdefender)
HKLM-x32\...\Run: [LchDrvKey] => C:\Windows\LchDrvKey.exe [36864 2007-03-28] ()
HKLM-x32\...\Run: [LedKey] => C:\Windows\CNYHKey.exe [339968 2008-04-23] (Creative)
HKLM-x32\...\Run: [P2Go_Menu] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [80896 2007-08-22] (Hewlett-Packard)
HKLM-x32\...\Run: [MSN Toolbar] => C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe [240992 2009-12-08] (Microsoft Corp.)
HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [288080 2009-07-17] (Microsoft Corporation)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [165208 2010-05-07] (Logitech Inc.)
HKLM-x32\...\Run: [DATAMNGR] => C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe [1115536 2011-03-02] (Discordia, LTD)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ApnUpdater] => C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1646216 2013-03-31] (Ask)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1942424 2014-10-10] (APN)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2265821247-3271303352-2493671787-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2009-05-31] (Google Inc.)
HKU\S-1-5-21-2265821247-3271303352-2493671787-1000\...\Run: [LightShot] => C:\Users\Carl\AppData\Local\Skillbrains\lightshot\Lightshot.exe [226592 2014-03-06] ()
HKU\S-1-5-21-2265821247-3271303352-2493671787-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21650016 2014-07-24] (Skype Technologies S.A.)
HKU\S-1-5-21-2265821247-3271303352-2493671787-1000\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [568400 2014-08-13] (Bitdefender)
HKU\S-1-5-21-2265821247-3271303352-2493671787-1000\...\Run: [Bitdefender Wallet] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [1002048 2014-08-13] (Bitdefender)
HKU\S-1-5-21-2265821247-3271303352-2493671787-1000\...\Run: [Bitdefender Wallet Application Agent] => C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [615256 2014-08-13] (Bitdefender)
HKU\S-1-5-21-2265821247-3271303352-2493671787-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-2265821247-3271303352-2493671787-1000\...\Run: [WMPNSCFG] => C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
HKU\S-1-5-21-2265821247-3271303352-2493671787-1000\...\MountPoints2: {92e36653-a89d-11df-b363-00226863662d} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL http://www.garmin.com/agent
HKU\S-1-5-21-2265821247-3271303352-2493671787-1000\...409d6c4515e9\InprocServer32: [Default-shell32] C:\Users\Carl\AppData\Local\Temp\snprinv\svenosp\wow64.dll ATTENTION! ====> ZeroAccess?
HKU\S-1-5-18\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [568400 2014-08-13] (Bitdefender)
HKU\S-1-5-18\...\Run: [Bitdefender Wallet] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [1002048 2014-08-13] (Bitdefender)
HKU\S-1-5-18\...\Run: [Bitdefender Wallet Application Agent] => C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [615256 2014-08-13] (Bitdefender)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries)
AppInit_DLLs: C:\PROGRA~2\WI9130~1\Datamngr\x64\datamngr.dll => C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\x64\datamngr.dll [1033112 2011-03-02] (Discordia, LTD)
AppInit_DLLs: C:\PROGRA~2\WI9130~1\Datamngr\x64\IEBHO.dll => C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\x64\IEBHO.dll [1058712 2011-03-02] (Discordia, LTD)
AppInit_DLLs-x32: c:\progra~2\wi9130~1\datamngr\datamngr.dll => c:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\datamngr.dll [727952 2011-03-02] (Discordia, LTD)
AppInit_DLLs-x32: c:\progra~2\wi9130~1\datamngr\iebho.dll => c:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\IEBHO.dll [722840 2011-03-02] (Discordia, LTD)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Carl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Carl\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Carl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [__SafeBox1] -> {152C96EB-288E-4EDC-B7C6-D21F8250ADF3} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox2] -> {342DAA0B-D796-460D-8566-901E08A1CCAD} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox3] -> {57595DAE-1AE1-4D97-A49E-67CBB53B52DF} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox4] -> {33816773-98AE-4723-ADE0-EBE54C8B5A67} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: HKLM-x32 - (No Name) - {22e03916-85c5-44b0-8dc9-1830c11238d9} - No File
URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll ()
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://www.searchqu....q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.co...ng}&rlz=1I7ACGW
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.co...ng}&rlz=1I7ACGW
SearchScopes: HKLM-x32 - {8A96AF9E-4074-43b7-BEA3-87217BDA74C8} URL = http://www.searchqu....q={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://www.searchqu....q={searchTerms}
SearchScopes: HKLM-x32 - {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = http://search.condui...&ctid=CT2856415
SearchScopes: HKCU - DefaultScope {B9E6FD3E-8BA1-4A89-A304-665EB168D404} URL = http://www.search.as...rms}&psv=&pt=tb
SearchScopes: HKCU - Moikrug URL = http://moikrug.ru/pe...ms}&submitted=1
SearchScopes: HKCU - Yandex URL = http://start.iplay.c...q={searchTerms}
SearchScopes: HKCU - {36377DD7-B3EB-42f5-986F-680BAF59BA9D} URL = http://yandex.ru/yan...t={searchTerms}
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://www.searchqu....q={searchTerms}
SearchScopes: HKCU - {B9E6FD3E-8BA1-4A89-A304-665EB168D404} URL = http://www.search.as...rms}&psv=&pt=tb
BHO: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender\pmbxie.dll (Bitdefender)
BHO: Search App by Ask -> {4F524A2D-5350-4500-76A7-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport_x64.dll (APN LLC.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: UrlHelper Class -> {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} -> C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\x64\IEBHO.dll (Discordia, LTD)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Shop to Win -> {00B48AB6-399B-4E4E-B07E-DA47C34C453A} -> C:\Program Files (x86)\Shop to Win 17\Shop to Win 17.dll (Shop To Win, LLC)
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: PE_IE_Helper Class -> {0941C58F-E461-4E03-BD7D-44C27392ADE1} -> C:\Program Files (x86)\IBM\Lotus Forms\Viewer\3.5\PEhelper.dll (IBM Corporation)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxie.dll (Bitdefender)
BHO-x32: No Name -> {22e03916-85c5-44b0-8dc9-1830c11238d9} -> No File
BHO-x32: Search App by Ask -> {4F524A2D-5350-4500-76A7-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport.dll (APN LLC.)
BHO-x32: FastestIE -> {54404F81-99CC-4FD3-9D29-92689B86C2CC} -> C:\Program Files (x86)\FastestIE\FastestIE.dll (fastestie.com)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Searchqu Toolbar -> {99079a25-328f-4bd4-be04-00955acaa0a7} -> C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
BHO-x32: UrlHelper Class -> {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} -> C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\IEBHO.dll (Discordia, LTD)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: GamesBarBHO Class -> {CB0D163C-E9F4-4236-9496-0597E24B23A5} -> C:\Program Files (x86)\GamesBar\2.0.1.82\oberontb.dll (Oberon Media Ltd.)
BHO-x32: MSN Toolbar BHO -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
BHO-x32: Ask Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll ()
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ShopAtHomeIEHelper Class -> {E8DAAA30-6CAA-4b58-9603-8E54238219E2} -> C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - Search App by Ask - {4F524A2D-5350-4500-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport_x64.dll (APN LLC.)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
Toolbar: HKLM-x32 - MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - ShopAtHome Toolbar - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome)
Toolbar: HKLM-x32 - No Name - {22e03916-85c5-44b0-8dc9-1830c11238d9} - No File
Toolbar: HKLM-x32 - No Name - {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
Toolbar: HKLM-x32 - Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
Toolbar: HKLM-x32 - GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files (x86)\GamesBar\2.0.1.82\oberontb.dll (Oberon Media Ltd.)
Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll ()
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Search App by Ask - {4F524A2D-5350-4500-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport.dll (APN LLC.)
Toolbar: HKU\S-1-5-21-2265821247-3271303352-2493671787-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-2265821247-3271303352-2493671787-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...tDetection2.cab
DPF: HKLM-x32 {74F4F118-91E6-4AFC-B8D2-04066781F239} https://www.member-d...dc/EZTwainX.cab
DPF: HKLM-x32 {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} https://kingsisle.hs...ameLauncher.CAB
DPF: HKLM-x32 {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab
DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnime...veX_Control.cab
DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicr...osoft/wrc32.ocx
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 216.177.160.61 216.177.160.60
FireFox:
========
FF ProfilePath: C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\85w9rd3l.default
FF NewTab: yafd:tabs
FF DefaultSearchEngine: Ask.com
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Ask.com
FF Keyword.URL: hxxp://www.searchqu.com/web?src=ffb&systemid=101&q=
FF Homepage: hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP|hxxp://www.searchqu.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin: @Musicnotes.com/Musicnotes Viewer -> C:\Program Files\Musicnotes\npmusicn64.dll (Musicnotes, Inc.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @gamersfirst.com/LiveLauncher -> C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpWinExt,version=4.0 -> C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @Musicnotes.com/Musicnotes Viewer -> C:\Program Files (x86)\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @Sibelius.com/Scorch Plugin -> C:\Program Files (x86)\Musicnotes\npsibelius.dll ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @unity3d.com/UnityPlayer -> C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2265821247-3271303352-2493671787-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\mfc71.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\msvcr71.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npmfv.dll (IBM Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\85w9rd3l.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\85w9rd3l.default\searchplugins\SearchResults.xml
FF SearchPlugin: C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\85w9rd3l.default\searchplugins\yandex.xml
FF SearchPlugin: C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\85w9rd3l.default\searchplugins\ybqs-yandex.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\WebSearchober476294982.xml
FF Extension: No Name - C:\Users\Carl\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com [2010-01-19]
FF Extension: Oberon GamesBar - C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\85w9rd3l.default\Extensions\gamesbar@oberon-media.com [2012-06-06]
FF Extension: Ask Toolbar Toolbar - C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\85w9rd3l.default\Extensions\toolbar@ask.com [2012-11-10]
FF Extension: Візуальныя закладкі - C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\85w9rd3l.default\Extensions\vb@yandex.ru [2013-04-24]
FF Extension: Кампанент "Элементы Яндекса" - C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\85w9rd3l.default\Extensions\yasearch@yandex.ru [2013-04-24]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\85w9rd3l.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-11-27]
FF Extension: No Name - C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\85w9rd3l.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}-trash [2010-11-27]
FF Extension: No Name - C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\85w9rd3l.default\Extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} [2011-09-03]
FF Extension: Search Assistant - C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\85w9rd3l.default\Extensions\{B3834E60-12A8-11E0-A289-939FDFD72085} [2012-05-17]
FF Extension: LoudMo Contextual Ad Assistant - C:\Program Files (x86)\Mozilla Firefox\extensions\{5befc0da-3d3d-1bde-61c9-d91915f7ddda} [2010-05-01]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011-12-23]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011-08-20]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-07-04]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-12-25]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext
FF Extension: bdToolbar - C:\Program Files\Bitdefender\Bitdefender\bdtbext [2014-03-26]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-05-31]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009-09-04]
FF HKLM-x32\...\Firefox\Extensions: [msntoolbar@msn.com] - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\Firefox
FF Extension: MSN Toolbar - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\Firefox [2010-01-19]
FF HKLM-x32\...\Firefox\Extensions: [ffpwdman@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman [2014-03-26]
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext
Chrome:
=======
CHR HomePage: Default -> hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP
CHR StartupUrls: Default -> "hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP", "hxxp://www.aol.com/"
CHR Profile: C:\Users\Carl\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Ask Toolbar) - C:\Users\Carl\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo [2012-11-13]
CHR Extension: (Entanglement Web App) - C:\Users\Carl\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2011-02-23]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Carl\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (Bitdefender Wallet) - C:\Users\Carl\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccahoghmggldkcdjiebjkidpfongdfbl [2014-03-26]
CHR Extension: (Skype Click to Call) - C:\Users\Carl\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2011-12-26]
CHR Extension: (Poppit!) - C:\Users\Carl\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2011-02-23]
CHR Extension: (Visual Bookmarks) - C:\Users\Carl\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkcpopggjcjkiicpenikeogioednjeac [2012-04-10]
CHR Extension: (Google Wallet) - C:\Users\Carl\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR HKLM-x32\...\Chrome\Extension: [aaaaojmikegpiepcfdkkjaplodkpfmlo] - C:\Users\Carl\AppData\Local\APN\GoogleCRXs\apnorjtoolbar.crx [2013-03-31]
CHR HKLM-x32\...\Chrome\Extension: [ccahoghmggldkcdjiebjkidpfongdfbl] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxcr.crx [2014-03-26]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166296 2014-10-10] (APN LLC.)
S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender\bdparentalservice.exe [77632 2014-08-13] (Bitdefender)
R2 ETService; C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe [24576 2008-06-11] () [File not signed]
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-08-07] (Garmin Ltd or its subsidiaries)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [139264 2007-11-06] (Hewlett-Packard Co.) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2008-08-19] () [File not signed]
R2 SafeBox; C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [94624 2013-07-08] (Bitdefender)
S3 scan; C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll [596776 2008-08-06] (Bitdefender)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe [67320 2014-08-13] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender\vsserv.exe [1536624 2008-08-06] (Bitdefender)
R2 yksvc; RUNDLL32.EXE ykx64coinst,serviceStartProc [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1260120 2014-08-13] (BitDefender)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82824 2013-11-04] (BitDefender SRL)
R1 BDVEDISK; C:\Windows\System32\DRIVERS\bdvedisk.sys [76944 2012-04-17] (BitDefender)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [150256 2013-08-23] (BitDefender LLC)
R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [419616 2014-08-13] (BitDefender S.R.L.)
U4 bdselfpr; No ImagePath
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
U3 aswMBR; \??\C:\Users\Carl\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\Carl\AppData\Local\Temp\aswVmm.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-11 15:49 - 2014-11-11 15:49 - 00037397 _____ () C:\Users\Carl\Desktop\FRST.txt
2014-11-11 15:46 - 2014-11-11 15:49 - 00000000 ____D () C:\FRST
2014-11-11 15:46 - 2014-11-11 15:46 - 02116096 _____ (Farbar) C:\Users\Carl\Desktop\FRST64.exe
2014-11-11 15:43 - 2014-11-11 15:43 - 00002261 _____ () C:\Users\Carl\Desktop\aswMBR.txt
2014-11-11 15:43 - 2014-11-11 15:43 - 00000512 _____ () C:\Users\Carl\Desktop\MBR.dat
2014-11-11 14:36 - 2014-11-11 14:36 - 05194752 _____ (AVAST Software) C:\Users\Carl\Desktop\aswMBR (1).exe
2014-11-11 14:33 - 2014-11-11 14:33 - 05194752 _____ (AVAST Software) C:\Users\Carl\Downloads\aswMBR.exe
2014-11-10 08:07 - 2014-11-10 08:07 - 00000000 ____D () C:\Users\Carl\.morena
2014-11-10 07:56 - 2014-11-10 07:56 - 00000000 ____D () C:\Users\Katie\Documents\My Scans
2014-11-09 16:26 - 2014-11-09 16:27 - 00000000 ____D () C:\Users\mlstruck\AppData\Local\{CDF00B65-7969-41F4-BC77-7F8EB4E65D3C}
2014-11-09 16:26 - 2014-11-09 16:26 - 00000000 ____D () C:\Users\mlstruck\AppData\Local\AskPartnerNetwork
2014-11-09 16:13 - 2014-11-09 16:13 - 00000000 ____D () C:\Users\Katie\Documents\Recipes
2014-11-09 14:09 - 2014-11-09 14:09 - 00000000 ____D () C:\Users\Katie\AppData\Local\AskPartnerNetwork
2014-11-09 14:09 - 2014-11-09 14:09 - 00000000 ____D () C:\Users\Katie\AppData\Local\{AB61E324-AB16-40EE-89A7-115B7A8F0FA3}
2014-11-09 13:39 - 2014-11-09 13:39 - 00000000 ____D () C:\Users\David\AppData\Local\AskPartnerNetwork
2014-11-09 10:00 - 2014-11-09 10:00 - 00000000 ____D () C:\ProgramData\Oracle
2014-11-09 09:51 - 2014-11-09 09:51 - 00000000 ____D () C:\Users\Carl\AppData\Local\AskPartnerNetwork
2014-11-09 09:51 - 2014-11-09 09:51 - 00000000 ____D () C:\ProgramData\AskPartnerNetwork
2014-11-09 09:51 - 2014-11-09 09:51 - 00000000 ____D () C:\Program Files (x86)\AskPartnerNetwork
2014-11-09 09:50 - 2014-11-09 09:50 - 00000000 ____D () C:\ProgramData\APN
2014-11-09 09:48 - 2014-09-26 18:42 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-11-09 09:48 - 2014-09-26 18:36 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-11-09 09:48 - 2014-09-26 18:36 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-11-09 09:48 - 2014-09-26 18:35 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-11-09 09:47 - 2014-11-09 09:48 - 00006782 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_71-b14.log
2014-11-09 09:47 - 2014-11-09 09:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-11-08 11:07 - 2014-09-17 00:57 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-08 11:07 - 2014-09-16 10:56 - 00066560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-08 11:06 - 2014-09-27 17:41 - 02782208 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-08 11:04 - 2008-03-31 20:00 - 00279040 _____ (CANON INC.) C:\Windows\system32\CNMLM9H.DLL
2014-11-08 10:57 - 2014-06-15 16:18 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-11-08 10:57 - 2014-06-15 16:18 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-11-08 10:57 - 2014-06-13 12:22 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-11-08 10:57 - 2014-06-13 12:22 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-11-08 10:57 - 2014-06-13 11:36 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-11-08 10:57 - 2014-06-13 11:36 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-11-08 10:53 - 2014-09-04 17:38 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
2014-11-08 10:52 - 2014-09-09 00:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-11-08 10:52 - 2014-09-09 00:24 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-11-08 10:36 - 2014-09-19 18:09 - 17867776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-08 10:36 - 2014-09-19 17:55 - 02339328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-08 10:36 - 2014-09-19 17:54 - 10920960 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-08 10:36 - 2014-09-19 17:50 - 01385472 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-08 10:36 - 2014-09-19 17:49 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-08 10:36 - 2014-09-19 17:48 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-08 10:36 - 2014-09-19 17:48 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-11-08 10:36 - 2014-09-19 17:48 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-08 10:36 - 2014-09-19 17:47 - 02157056 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-08 10:36 - 2014-09-19 17:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-11-08 10:36 - 2014-09-19 17:47 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-08 10:36 - 2014-09-19 17:47 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-08 10:36 - 2014-09-19 17:47 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-08 10:36 - 2014-09-19 17:46 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-08 10:36 - 2014-09-19 17:46 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-08 10:36 - 2014-09-19 17:46 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-08 10:36 - 2014-09-19 17:46 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-08 10:36 - 2014-09-19 17:46 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-11-08 10:36 - 2014-09-19 17:46 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-11-08 10:36 - 2014-09-19 17:45 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-08 10:36 - 2014-09-19 17:45 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-11-08 10:36 - 2014-09-19 16:53 - 12364288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-08 10:36 - 2014-09-19 16:44 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-08 10:36 - 2014-09-19 16:41 - 09739776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-08 10:36 - 2014-09-19 16:39 - 01138688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-08 10:36 - 2014-09-19 16:38 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-08 10:36 - 2014-09-19 16:37 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-08 10:36 - 2014-09-19 16:36 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-11-08 10:36 - 2014-09-19 16:36 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-08 10:36 - 2014-09-19 16:36 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-08 10:36 - 2014-09-19 16:35 - 01802752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-08 10:36 - 2014-09-19 16:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-11-08 10:36 - 2014-09-19 16:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-08 10:36 - 2014-09-19 16:35 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-08 10:36 - 2014-09-19 16:35 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-11-08 10:36 - 2014-09-19 16:34 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-08 10:36 - 2014-09-19 16:34 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-08 10:36 - 2014-09-19 16:34 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-08 10:36 - 2014-09-19 16:34 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-08 10:36 - 2014-09-19 16:34 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-11-08 10:36 - 2014-09-19 16:34 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-11-08 10:36 - 2014-09-19 16:33 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-07 12:43 - 2014-11-07 12:43 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-07 12:43 - 2014-11-07 12:43 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-06 15:07 - 2014-11-07 03:09 - 00000000 ____D () C:\Users\mlstruck\AppData\Local\{B49A7250-9AC9-4646-BD66-C0D0002860CE}
2014-11-04 20:06 - 2014-11-04 20:06 - 00227194 _____ () C:\Users\Katie\Documents\Jetblue Reservation scan code Apr 2015.pptx
2014-11-01 18:32 - 2014-11-01 18:32 - 00000385 _____ () C:\Users\Katie\AppData\Roaminguser_gensett.xml
2014-11-01 17:59 - 2014-11-01 17:59 - 00000000 ____D () C:\Users\Katie\AppData\Local\{D2701221-158F-4D2B-BAE6-84AEE50A127C}
2014-10-30 22:54 - 2014-10-31 22:56 - 00000000 ____D () C:\Users\mlstruck\AppData\Local\{F2F8F1C4-1E88-4056-83CF-C6855D7E6644}
2014-10-30 22:00 - 2014-10-30 22:00 - 00000000 _____ () C:\Users\David\Desktop\David Stem Cells
2014-10-30 19:50 - 2014-10-30 19:50 - 00000000 ___HD () C:\ProgramData\CanonBJ
2014-10-30 18:15 - 2014-10-30 18:15 - 00000000 ____D () C:\Users\Katie\AppData\Local\{AF51DC85-D4B3-46F1-AB2B-200D7ECAEC70}
2014-10-28 08:38 - 2014-10-30 08:43 - 00000000 ____D () C:\Users\mlstruck\AppData\Local\{92C16527-ED54-4A21-97EB-47E6AA9CAA6B}
2014-10-27 19:36 - 2014-10-27 19:36 - 00000000 ____D () C:\Users\Katie\AppData\Local\{174BD46C-ED3E-49ED-A115-DE683A6FE8A8}
2014-10-27 08:34 - 2014-10-27 20:37 - 00000000 ____D () C:\Users\mlstruck\AppData\Local\{66B3A009-F282-425C-8E94-13919D8882C9}
2014-10-26 12:51 - 2014-10-26 13:43 - 00000000 ____D () C:\Users\Katie\Downloads\Geography
2014-10-24 18:16 - 2014-11-09 16:10 - 00000000 ____D () C:\Users\Katie\Documents\French
2014-10-24 18:13 - 2014-10-24 18:13 - 00000000 ____D () C:\Users\Katie\AppData\Local\{F1F966AE-1A89-4933-9FF4-EDA420A20D8C}
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-11 15:45 - 2011-12-23 21:14 - 00000000 ____D () C:\Users\Carl\AppData\Roaming\Skype
2014-11-11 15:44 - 2006-11-02 09:22 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-11 15:44 - 2006-11-02 09:22 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-11 14:30 - 2014-07-20 16:20 - 00000000 ___RD () C:\Users\Carl\Dropbox
2014-11-11 14:30 - 2014-07-18 14:03 - 00000000 ____D () C:\Users\Carl\AppData\Roaming\Dropbox
2014-11-11 14:28 - 2014-03-30 12:33 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf4c468a09bf30.job
2014-11-11 14:28 - 2012-12-09 14:22 - 00000500 _____ () C:\Windows\Tasks\ParetoLogic Update Version3 Startup Task.job
2014-11-11 14:28 - 2010-03-17 22:13 - 00000410 _____ () C:\Windows\Tasks\FileCure Startup.job
2014-11-11 14:28 - 2009-11-06 20:30 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-11 09:37 - 2009-04-08 14:54 - 01921059 _____ () C:\Windows\WindowsUpdate.log
2014-11-10 21:31 - 2010-08-18 15:30 - 00000000 ____D () C:\Users\Katie\Tracing
2014-11-10 08:07 - 2009-05-31 20:43 - 00000000 ____D () C:\Users\Carl
2014-11-10 01:15 - 2010-11-29 18:30 - 00000000 ____D () C:\Users\mlstruck\Tracing
2014-11-09 20:47 - 2009-10-28 20:58 - 00002651 _____ () C:\Users\Katie\Desktop\Microsoft Office Word 2007.lnk
2014-11-09 18:49 - 2014-03-30 12:33 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf4c468da22830.job
2014-11-09 18:40 - 2012-04-27 13:19 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-09 18:32 - 2009-11-06 20:30 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-09 18:26 - 2009-06-08 22:30 - 00031744 _____ () C:\Users\mlstruck\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-11-09 18:00 - 2010-03-17 22:13 - 00000474 _____ () C:\Windows\Tasks\ParetoLogic Registration3.job
2014-11-09 17:14 - 2010-07-20 07:37 - 00000000 ____D () C:\Users\mlstruck\Documents\My Scans
2014-11-09 17:10 - 2012-04-10 18:06 - 00000386 _____ () C:\Windows\Tasks\update-sys.job
2014-11-09 16:26 - 2012-04-10 18:06 - 00000386 _____ () C:\Windows\Tasks\update-S-1-5-21-2265821247-3271303352-2493671787-1000.job
2014-11-09 16:25 - 2009-06-08 22:27 - 00000000 ____D () C:\Users\mlstruck
2014-11-09 15:35 - 2012-04-10 19:53 - 00000388 _____ () C:\Windows\Tasks\update-S-1-5-21-2265821247-3271303352-2493671787-1003.job
2014-11-09 14:23 - 2013-04-22 17:22 - 00000000 ____D () C:\Users\Katie\Documents\English
2014-11-09 14:14 - 2010-01-04 21:48 - 00000000 ____D () C:\Users\Katie\AppData\Roaming\Apple Computer
2014-11-09 13:42 - 2006-11-02 06:46 - 00006656 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-09 13:39 - 2010-08-15 17:47 - 00002651 _____ () C:\Users\David\Desktop\Microsoft Office Word 2007.lnk
2014-11-09 13:38 - 2013-06-30 22:11 - 00010564 _____ () C:\Windows\setupact.log
2014-11-09 09:48 - 2008-11-03 15:38 - 00000000 ____D () C:\Program Files (x86)\Java
2014-11-08 14:55 - 2006-11-02 09:42 - 00032618 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-08 12:26 - 2014-07-20 16:20 - 00000918 _____ () C:\Users\Carl\Desktop\Dropbox.lnk
2014-11-08 12:26 - 2014-07-18 14:49 - 00000000 ____D () C:\Users\Carl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-11-08 11:40 - 2012-04-27 13:19 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-08 11:40 - 2012-04-27 13:19 - 00003682 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-08 11:40 - 2011-05-14 07:00 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-08 11:05 - 2008-11-03 15:21 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-08 10:53 - 2006-11-02 07:33 - 00000000 __RSD () C:\Windows\Media
2014-11-08 10:51 - 2013-08-14 04:09 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-08 10:27 - 2012-11-07 22:19 - 00001149 _____ () C:\Windows\wininit.ini
2014-11-07 18:38 - 2006-11-02 06:33 - 01310720 _____ () C:\Windows\system32\config\default_previous
2014-11-07 18:38 - 2006-11-02 06:33 - 00262144 _____ () C:\Windows\system32\config\security_previous
2014-11-01 12:21 - 2011-12-23 21:15 - 00000000 ____D () C:\Users\David\AppData\Roaming\Skype
2014-11-01 12:05 - 2014-03-10 16:49 - 00000000 ____D () C:\Users\David\AppData\Roaming\.minecraft
2014-10-27 08:34 - 2011-04-17 21:50 - 00000000 ____D () C:\Users\mlstruck\AppData\Roaming\BitDefender
2014-10-26 17:06 - 2011-04-17 14:30 - 00000000 ____D () C:\Users\David\AppData\Roaming\BitDefender
2014-10-23 21:43 - 2014-03-25 23:23 - 00000000 ____D () C:\Users\Carl\Documents\Liza
2014-10-23 07:11 - 2011-12-23 21:13 - 00000000 ____D () C:\ProgramData\Skype
2014-10-23 01:26 - 2012-04-10 18:06 - 00001134 _____ () C:\Users\Carl\AppData\Local\UserProducts.xml
2014-10-22 22:26 - 2009-09-04 21:08 - 00000000 ____D () C:\Users\Carl\Documents\My Scans
Some content of TEMP:
====================
C:\Users\Carl\AppData\Local\Temp\APNSetup.exe
C:\Users\Carl\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpk9qrgb.dll
C:\Users\Carl\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\David\AppData\Local\Temp\contentDATs.exe
C:\Users\David\AppData\Local\Temp\SearchWithGoogleUpdate.exe
C:\Users\David\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
C:\Users\David\AppData\Local\Temp\SWFXXLRT.DLL
C:\Users\Katie\AppData\Local\Temp\SearchWithGoogleUpdate.exe
C:\Users\mlstruck\AppData\Local\Temp\FFoxPackage.exe
C:\Users\mlstruck\AppData\Local\Temp\GLFA08.tmp.ConduitEngineSetup.exe
C:\Users\mlstruck\AppData\Local\Temp\installhelper.dll
C:\Users\mlstruck\AppData\Local\Temp\NGMDll.dll
C:\Users\mlstruck\AppData\Local\Temp\NGMResource.dll
C:\Users\mlstruck\AppData\Local\Temp\NGMSetup.exe
C:\Users\mlstruck\AppData\Local\Temp\nsn527F.tmp.exe
C:\Users\mlstruck\AppData\Local\Temp\prxGLFA08.tmp.tbElf_.dll
C:\Users\mlstruck\AppData\Local\Temp\SearchWithGoogleUpdate.exe
C:\Users\mlstruck\AppData\Local\Temp\SetupDataMngr_Searchqu.exe
C:\Users\mlstruck\AppData\Local\Temp\uitools.dll
C:\Users\mlstruck\AppData\Local\Temp\unicows.dll
C:\Users\mlstruck\AppData\Local\Temp\Update.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-11-11 09:55
==================== End Of Log ============================
#3
Posted 11 November 2014 - 03:55 PM
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-11-2014
Ran by Carl at 2014-11-11 15:50:32
Running from C:\Users\Carl\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Bitdefender Antivirus (Enabled - Up to date) {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
AS: Bitdefender Antispyware (Enabled - Up to date) {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall (Enabled) {A23392FD-84B9-F933-2C71-81E751F6EF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
4500_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
AnswerWorks 5.0 English Runtime (HKLM-x32\...\{9E5A03E3-6246-4920-9630-0527D5DA9B07}) (Version: 008.000.0003 - Vantage Linguistics)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ask Toolbar (HKLM-x32\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.15.23.0 - Ask.com) <==== ATTENTION
Ask Toolbar Updater (HKU\S-1-5-21-2265821247-3271303352-2493671787-1000\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.5.36191 - Ask.com) <==== ATTENTION
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - )
Bitdefender Total Security (HKLM\...\Bitdefender) (Version: 17.26.0.1106 - Bitdefender)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BPD_HPSU (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (x32 Version: 50.0.165.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
CameraHelperMsi (x32 Version: 13.10.1217.0 - Logitech) Hidden
Combat Arms (HKLM-x32\...\Combat Arms) (Version: - )
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conduit Engine (HKLM-x32\...\conduitEngine) (Version: - Conduit Ltd.) <==== ATTENTION
CustomerResearchQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
CyberLink LabelPrint (HKLM-x32\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.0.3111 - CyberLink Corp.)
CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 4.1.2019 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.2115 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destination Component (x32 Version: 100.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 100.0.190.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
DocMgr (x32 Version: 100.0.201.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 11.0.0.0 - Hewlett-Packard) Hidden
DocProcQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
Dropbox (HKU\S-1-5-21-2265821247-3271303352-2493671787-1000\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
Elevated Installer (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
Elf_1 Toolbar (HKLM-x32\...\Elf_1 Toolbar) (Version: - )
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
eSupportQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
ExamView Assessment Suite (HKLM-x32\...\ExamView Pro) (Version: - )
EZ Fonts (HKLM-x32\...\{02F5BEE7-0AB6-4E42-9BF8-2588AAECC7F2}) (Version: 1.0.0 - EZ Fonts)
FastestIE (HKLM-x32\...\FastestIE) (Version: - )
Fax (x32 Version: 100.0.187.000 - Hewlett-Packard) Hidden
FLV Direct Player (HKLM-x32\...\FLV Direct Player) (Version: - )
GamersFirst LIVE! (HKLM-x32\...\GamersFirst LIVE!) (Version: - GamersFirst)
GamesBar 2.0.1.82 (HKLM-x32\...\GamesBar) (Version: 2.0.1.82 - Oberon Media, Inc.)
Garmin City Navigator North America NT 2015.10 (HKLM-x32\...\{FCDB42FC-A70B-4041-877F-D73E16DE4345}) (Version: 2.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{b43ffffb-1adc-4bcb-b277-7844ebff94da}) (Version: 3.2.17.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin USB Drivers (HKLM-x32\...\{510D2239-6C2E-457B-9590-485EC552D94D}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM-x32\...\{D17111CB-C992-42A9-9D56-C19395102AAA}) (Version: 2.4.2 - Garmin Ltd or its subsidiaries)
Gateway Games (HKLM-x32\...\WildTangent gateway Master Uninstall) (Version: 1.0.0.71 - WildTangent)
Gateway Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 3.1.3003 - Acer Incorporated)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
GPBaseService (x32 Version: 100.0.187.000 - Hewlett-Packard) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 10.0 (HKLM\...\HPExtendedCapabilities) (Version: 10.0 - HP)
HP Document Manager 1.0 (HKLM\...\HP Document Manager) (Version: 1.0 - HP)
HP Imaging Device Functions 10.0 (HKLM\...\HP Imaging Device Functions) (Version: 10.0 - HP)
HP Officejet J4500 Series (HKLM\...\{CD0773D5-C18E-495c-B39B-21A96415EDD5}) (Version: 1.0 - HP)
HP Photosmart Essential 2.5 (HKLM\...\HP Photosmart Essential) (Version: 2.5 - HP)
HP Smart Web Printing (HKLM\...\HP Smart Web Printing) (Version: 3.5 - HP)
HP Smart Web Printing (HKLM-x32\...\HP Smart Web Printing) (Version: 131.1.35898 - Hewlett-Packard)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
IBM Lotus Forms Viewer 3.5.1 (HKLM-x32\...\{A0BBF7AB-2F47-47DC-BB02-4C826F2BC73C}) (Version: 7.6.1.333 - IBM)
iLivid (HKLM-x32\...\iLivid) (Version: 1.92.0.112243 - Bandoo Media Inc.) <==== ATTENTION
iLivid (x32 Version: 1.92.0.112243 - Bandoo Media Inc.) Hidden <==== ATTENTION
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)
J4500 (x32 Version: 50.0.165.000 - Hewlett-Packard) Hidden
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.710 - Oracle)
Java 6 Update 33 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216033FF}) (Version: 6.0.330 - Oracle)
Java 6 Update 5 (HKLM-x32\...\{3248F0A8-6813-11D6-A77B-00B0D0160050}) (Version: 1.6.0.50 - Sun Microsystems, Inc.)
Java 7 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417000FF}) (Version: 7.0.0 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KB0817 Keyboard Driver (HKLM-x32\...\{ED5DCA6F-5FEA-47CB-83DB-210A468C298B}) (Version: 1.30.0000 - Gateway)
League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
Lightshot-5.1.2.5 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.1.2.5 - Skillbrains)
Logitech Vid HD (HKLM-x32\...\Logitech Vid) (Version: 7.2 (7259) - Logitech Inc..)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.)
LWS VideoEffects (Version: 13.00.1774.0 - Logitech) Hidden
MarketResearch (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
Marvell Miniport Driver (HKLM-x32\...\Marvell Miniport Driver) (Version: 10.63.5.3 - Marvell)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Money Essentials (HKLM-x32\...\Money2007b) (Version: 16 - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Standard 2007 (HKLM-x32\...\STANDARDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{67E03279-F703-408F-B4BF-46B5FC8D70CD}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 4.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 4.0 (x86 en-US)) (Version: 4.0 - Mozilla)
MSN Toolbar (HKLM-x32\...\{08234a0d-cf39-4dca-99f0-0c5cb496da81}) (Version: 4.0.0390.0 - Microsoft Corporation)
MSN Toolbar Platform (x32 Version: 4.0.0379.0 - Microsoft Corporation) Hidden
MSVCSetup (x32 Version: 1.00.0000 - HP) Hidden
MSXML 4.0 SP2 (KB927978) (HKLM-x32\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Musicnotes Software Suite 1.7.2 (HKLM-x32\...\Musicnotes Combined Installer_is1) (Version: 1.7.2 - Musicnotes Inc.)
Nexon Game Manager (HKLM-x32\...\{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}) (Version: - )
OCR Software by I.R.I.S. 10.0 (HKLM\...\HPOCR) (Version: 10.0 - HP)
Oregon Trail® 5 (HKLM-x32\...\Oregon Trail® 5) (Version: - )
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.8 - Pando Networks Inc.)
ParetoLogic FileCure (HKLM-x32\...\{C1C441C4-57FA-4950-BDBA-BABFBAA2AA39}) (Version: 2.0.1.0 - ParetoLogic, Inc.)
PC Optimizer Pro (HKLM\...\PC Optimizer Pro) (Version: 6.1.6.6 - PC Optimizer Pro, Inc.) <==== ATTENTION
ProductContext (x32 Version: 50.0.165.000 - Hewlett-Packard) Hidden
PSSWCORE (x32 Version: 2.02.0000 - Hewlett-Packard) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: - Realtek Semiconductor Corp.)
Sansa Updater (HKU\S-1-5-21-2265821247-3271303352-2493671787-1000\...\Sansa Updater) (Version: - )
Scan (x32 Version: 10.1.0.0 - Hewlett-Packard) Hidden
Search App by Ask (HKLM-x32\...\{4F524A2D-5350-4500-76A7-A758B70C1200}) (Version: 12.18.0.82 - APN, LLC) <==== ATTENTION
Segoe UI (x32 Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 10.0 - HP)
Shop To Win (HKLM-x32\...\{2EDEF827-E14D-400B-BB7C-C0B17DC15C6B}_is1) (Version: 1.0.25 - Shop To Win, LLC)
ShopAtHome SelectRebates (HKLM-x32\...\SelectRebatesUninstall) (Version: - ) <==== ATTENTION
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Smart Copy 3.1.1.1 (HKLM-x32\...\Smart Copy) (Version: 3.1.1.1 - I/O Interconnect)
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Spelling Dictionaries Support For Adobe Reader 8 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-800000000003}) (Version: 8.0.0 - Adobe Systems)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Status (x32 Version: 100.0.175.000 - Hewlett-Packard) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Toolbox (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
TurboTax 2008 (HKLM-x32\...\TurboTax 2008) (Version: - )
TurboTax 2009 (HKLM-x32\...\TurboTax 2009) (Version: - Intuit, Inc)
TurboTax 2010 (HKLM-x32\...\TurboTax 2010) (Version: - Intuit, Inc)
TurboTax 2011 (HKLM-x32\...\TurboTax 2011) (Version: - Intuit, Inc)
TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
Unity Web Player (HKLM-x32\...\UnityWebPlayer) (Version: 2.5.1f5_24931 - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VideoToolkit01 (x32 Version: 100.0.128.000 - Hewlett-Packard) Hidden
Vindictus (HKLM-x32\...\Vindictus) (Version: - )
VoiceOver Kit (HKLM-x32\...\{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}) (Version: 1.42.128.0 - Apple Inc.)
WebReg (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
Windows 7 Upgrade Advisor (HKLM-x32\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) (HKLM\...\49CF605F02C7954F4E139D18828DE298CD59217C) (Version: 06/03/2009 2.3.0.0 - Garmin)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows iLivid Toolbar (HKLM-x32\...\Searchqu 406 MediaBar) (Version: 3.0.0.112200 - Bandoo Media, Inc) <==== ATTENTION
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Searchqu Toolbar (HKLM-x32\...\Searchqu 101 MediaBar) (Version: 2.5.0.101919 - Bandoo Media Inc) <==== ATTENTION
WinRAR 4.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
Wizard101 (HKLM-x32\...\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version: - )
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version: - )
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Toolbar) (Version: - )
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2265821247-3271303352-2493671787-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Carl\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2265821247-3271303352-2493671787-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Carl\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2265821247-3271303352-2493671787-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Carl\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2265821247-3271303352-2493671787-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Carl\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2265821247-3271303352-2493671787-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Carl\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2265821247-3271303352-2493671787-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Carl\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2265821247-3271303352-2493671787-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Carl\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2265821247-3271303352-2493671787-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Carl\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2265821247-3271303352-2493671787-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Carl\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2265821247-3271303352-2493671787-1000_Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 -> C:\Users\Carl\AppData\Local\Temp\snprinv\svenosp\wow64.dll No File
==================== Restore Points =========================
20-09-2014 07:00:01 Scheduled Checkpoint
21-09-2014 07:00:04 Scheduled Checkpoint
23-10-2014 06:18:20 Scheduled Checkpoint
23-10-2014 10:01:19 Windows Update
23-10-2014 13:16:18 Windows Update
24-10-2014 05:22:04 Scheduled Checkpoint
26-10-2014 21:35:16 Scheduled Checkpoint
27-10-2014 16:20:50 Scheduled Checkpoint
28-10-2014 05:00:02 Scheduled Checkpoint
29-10-2014 05:00:03 Scheduled Checkpoint
30-10-2014 05:00:03 Scheduled Checkpoint
31-10-2014 01:45:50 Device Driver Package Install: Canon Imaging devices
31-10-2014 01:49:39 Device Driver Package Install: Canon Printers
01-11-2014 05:00:03 Scheduled Checkpoint
01-11-2014 19:00:56 Scheduled Checkpoint
02-11-2014 23:17:50 Scheduled Checkpoint
08-11-2014 00:26:21 Removed Ask Toolbar.
08-11-2014 16:37:05 Windows Update
09-11-2014 15:46:20 Installed Java 7 Update 71
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 06:34 - 2006-09-18 15:37 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {16401C9B-705D-4F18-AE8C-61E922B592A2} - System32\Tasks\GoogleUpdateTaskMachineCore1cf4c468a09bf30 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2008-08-06] (Google Inc.)
Task: {1FBD23B3-C6A4-4E3F-A6B4-579B682F97A6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {27F35796-52FD-4041-A722-0F45210DE47F} - System32\Tasks\MHotkey => C:\Windows\MHotKey.exe [2008-05-30] ()
Task: {28F3067B-B701-45F7-B723-1F038E969D5F} - System32\Tasks\FileCure Startup => C:\Program Files (x86)\ParetoLogic\FileCure\FileCure.exe [2010-03-28] (ParetoLogic)
Task: {2E432A43-B25C-48BC-9823-9CBF65236FF5} - System32\Tasks\update-S-1-5-21-2265821247-3271303352-2493671787-1000 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2014-03-25] ()
Task: {2FE41E8E-F272-4302-B623-81B5FDAC1C42} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2008-08-06] (Google Inc.)
Task: {3A58D843-0E63-49C1-9CC2-531CB6D342F2} - System32\Tasks\ParetoLogic Update Version3 => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2013-06-20] ()
Task: {6F4FC5DF-4464-49C9-A0F5-CE3663A8DEAD} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2014-03-25] ()
Task: {77E5A920-18A9-4FA7-B483-D51DB071A3DD} - System32\Tasks\ParetoLogic Registration3 => Rundll32.exe "C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\UUS3.dll" RunUns
Task: {8FBC437D-E0CA-400F-8B8E-BF3958401487} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2013-03-31] () <==== ATTENTION
Task: {ACD6469E-2A8E-489E-A1C8-A6011D3AE40A} - System32\Tasks\ParetoLogic Update Version3 Startup Task => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2013-06-20] ()
Task: {B4064DBF-457F-46EF-8884-ACAA4AF07010} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-08] (Adobe Systems Incorporated)
Task: {B61A20B8-87DC-45C1-BB29-EF11280BECF4} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Carl => C:\Program Files\Windows Calendar\WinCal.exe [2008-01-20] (Microsoft Corporation)
Task: {BAD3D581-CE7A-4ABD-B60C-0F4463DBB726} - System32\Tasks\FileCure Default => C:\Program Files (x86)\ParetoLogic\FileCure\FileCure.exe [2010-03-28] (ParetoLogic)
Task: {D8D335E4-0197-4ADE-BD19-8DB1BD93EBD2} - System32\Tasks\GoogleUpdateTaskMachineUA1cf4c468da22830 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2008-08-06] (Google Inc.)
Task: {DE7CB60C-8F79-4D3D-A460-B685A59D77D1} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-08-07] ()
Task: {E0465D82-723A-475D-B999-C4E25ACA34FC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2008-08-06] (Google Inc.)
Task: {E757A55D-EC85-47F9-9BD8-1F4E99A34001} - System32\Tasks\update-S-1-5-21-2265821247-3271303352-2493671787-1003 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2014-03-25] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FileCure Default.job => C:\Program Files (x86)\ParetoLogic\FileCure\FileCure.exe
Task: C:\Windows\Tasks\FileCure Startup.job => C:\Program Files (x86)\ParetoLogic\FileCure\FileCure.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf4c468a09bf30.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf4c468da22830.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ParetoLogic Registration3.job => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\UUS3.dll
Task: C:\Windows\Tasks\ParetoLogic Update Version3 Startup Task.job => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe
Task: C:\Windows\Tasks\ParetoLogic Update Version3.job => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe
Task: C:\Windows\Tasks\update-S-1-5-21-2265821247-3271303352-2493671787-1000.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\update-S-1-5-21-2265821247-3271303352-2493671787-1003.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
==================== Loaded Modules (whitelisted) =============
2014-03-26 15:19 - 2008-08-06 03:06 - 00265080 _____ () C:\Program Files\Bitdefender\Bitdefender\txmlutil.dll
2014-03-26 15:21 - 2014-08-13 03:16 - 00003072 _____ () C:\Program Files\Bitdefender\Bitdefender\UI\accessl.ui
2014-03-26 15:20 - 2011-11-14 20:17 - 00153680 _____ () C:\Program Files\Bitdefender\Bitdefender\bdfwcore.dll
2014-07-24 01:43 - 2014-07-24 01:43 - 00780592 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00047_008\ashttpbr.mdl
2014-07-24 01:43 - 2014-07-24 01:43 - 00568400 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00047_008\ashttpdsp.mdl
2014-07-24 01:43 - 2014-07-24 01:43 - 02602680 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00047_008\ashttpph.mdl
2014-07-24 01:43 - 2014-07-24 01:43 - 01323408 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00047_008\ashttprbl.mdl
2009-04-08 15:04 - 2008-06-11 12:18 - 00024576 ____N () C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe
2009-04-08 15:05 - 2009-04-08 15:05 - 00032768 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.Controller\3.0.3009.0__14bcaafdb44b5951\Framework.Model.Controller.dll
2009-04-08 15:05 - 2009-04-08 15:05 - 00009216 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3009.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll
2009-04-08 15:05 - 2009-04-08 15:05 - 00061440 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3009.0__3036420f80dd6947\Framework.Library.dll
2009-04-08 15:05 - 2009-04-08 15:05 - 00015360 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Host\3.0.3009.0__672b450de5a7e94a\Framework.Host.dll
2009-04-08 15:05 - 2009-04-08 15:05 - 00006144 _____ () C:\Windows\assembly\GAC_MSIL\Framework.PluginInterface\3.0.3009.0__9ecdf03bb2054f94\Framework.PluginInterface.dll
2009-04-08 15:05 - 2009-04-08 15:05 - 00036864 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3009.0__4df5dcab8860d239\Framework.Utility.dll
2008-11-03 15:43 - 2008-08-19 20:53 - 00244904 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2014-03-26 15:21 - 2013-03-25 16:16 - 01117920 _____ () C:\Program Files\Bitdefender\Bitdefender SafeBox\System.Data.SQLite.dll
2008-08-30 03:59 - 2008-08-30 03:59 - 00117248 _____ () C:\Windows\system32\atitmm64.dll
2011-09-03 15:52 - 2011-05-28 23:05 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2009-04-08 15:02 - 2008-05-30 11:50 - 00581120 ____N () C:\Windows\MHotKey.exe
2010-05-07 17:34 - 2010-05-07 17:34 - 00168792 ____N () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
2010-05-07 17:43 - 2010-05-07 17:43 - 00651096 ____N () C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
2014-04-23 17:05 - 2014-04-23 17:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-04-23 17:04 - 2014-04-23 17:04 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2009-08-31 22:39 - 2009-08-31 22:39 - 00755712 _____ () C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.56.0__28c9bcd4dddc48a1\System.Data.SQLite.dll
2009-08-31 22:54 - 2009-08-31 22:54 - 00471040 ____N () C:\Windows\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
2010-04-11 13:04 - 2010-04-11 13:04 - 00854016 _____ () C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll
2010-04-11 13:04 - 2010-04-11 13:04 - 00471040 _____ () C:\Windows\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
2011-02-22 08:55 - 2011-02-22 08:55 - 00476520 _____ () C:\Windows\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
2011-02-22 08:55 - 2011-02-22 08:55 - 00206184 _____ () C:\Windows\assembly\GAC_MSIL\Intuit.Spc.Esd.Core.XmlSerializers\3.1.26.0__540d4816ead86321\Intuit.Spc.Esd.Core.XmlSerializers.dll
2009-08-31 22:54 - 2009-08-31 22:54 - 00202016 _____ () C:\Windows\assembly\GAC_MSIL\Intuit.Spc.Esd.Core.XmlSerializers\2.0.145.4__540d4816ead86321\Intuit.Spc.Esd.Core.XmlSerializers.dll
2010-04-11 13:04 - 2010-04-11 13:04 - 00206112 _____ () C:\Windows\assembly\GAC_MSIL\Intuit.Spc.Esd.Core.XmlSerializers\2.0.445.0__540d4816ead86321\Intuit.Spc.Esd.Core.XmlSerializers.dll
2014-03-26 15:19 - 2008-08-06 03:05 - 00204280 _____ () C:\Program Files\Bitdefender\Bitdefender\antispam32\txmlutil.dll
2014-11-11 14:29 - 2014-11-11 14:29 - 00043008 _____ () c:\users\carl\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpk9qrgb.dll
2013-08-23 13:01 - 2013-08-23 13:01 - 25100288 _____ () C:\Users\Carl\AppData\Roaming\Dropbox\bin\libcef.dll
2010-05-07 17:35 - 2010-05-07 17:35 - 02143576 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2010-05-07 17:35 - 2010-05-07 17:35 - 07954776 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2010-05-07 17:36 - 2010-05-07 17:36 - 00340824 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2010-05-07 17:36 - 2010-05-07 17:36 - 00921944 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtNetwork4.dll
2010-05-07 17:37 - 2010-05-07 17:37 - 00027480 ____N () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2010-05-07 17:37 - 2010-05-07 17:37 - 00126808 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2010-11-12 08:23 - 2010-11-12 08:23 - 00330584 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
2008-08-06 02:50 - 2014-10-21 22:04 - 08910664 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll
2008-08-06 02:50 - 2014-10-21 22:04 - 01681224 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll
2008-08-06 02:50 - 2014-10-21 22:05 - 14902600 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\Carl\Downloads\AnySendSetup.exe:BDU
AlternateDataStreams: C:\Users\Carl\Downloads\bitdefender_tsecurity.exe:BDU
AlternateDataStreams: C:\Users\Carl\Downloads\Combatarms_VER_US_2.1206.09.exe.ftpfygb.partial:BDU
AlternateDataStreams: C:\Users\Carl\Downloads\iLividSetupV1 (1).exe:BDU
AlternateDataStreams: C:\Users\Carl\Downloads\Internet_Explorer.exe:BDU
AlternateDataStreams: C:\Users\Carl\Downloads\iTunes64Setup.exe.eti0yqo.partial:BDU
AlternateDataStreams: C:\Users\Carl\Downloads\LeagueofLegends (1).exe:BDU
AlternateDataStreams: C:\Users\Carl\Downloads\LeagueofLegends.exe:BDU
AlternateDataStreams: C:\Users\Carl\Downloads\Minecraft (4).exe:BDU
AlternateDataStreams: C:\Users\Carl\Downloads\MusicnotesSuite.exe:BDU
AlternateDataStreams: C:\Users\Carl\Downloads\setup-lightshot-2.0.1.5.exe:BDU
AlternateDataStreams: C:\Users\Carl\Downloads\Unconfirmed 48515.crdownload:BDU
AlternateDataStreams: C:\Users\David\Desktop\mcpatcher-2.4.0.exe:BDU
AlternateDataStreams: C:\Users\David\Desktop\Minecraft.exe:BDU
AlternateDataStreams: C:\Users\David\Desktop\SWTOR_setup.exe:BDU
AlternateDataStreams: C:\Users\David\Desktop\TechnicLauncher (3).exe:BDU
AlternateDataStreams: C:\Users\David\Downloads\chromeinstall-7u5.exe:BDU
AlternateDataStreams: C:\Users\David\Downloads\chromeinstall-7u9 (1).exe:BDU
AlternateDataStreams: C:\Users\David\Downloads\chromeinstall-7u9.exe:BDU
AlternateDataStreams: C:\Users\David\Downloads\GamersFirst_LIVE!_Setup_EN.exe:BDU
AlternateDataStreams: C:\Users\David\Downloads\jre-7-windows-x64.exe:BDU
AlternateDataStreams: C:\Users\David\Downloads\LeagueofLegends.exe:BDU
AlternateDataStreams: C:\Users\David\Downloads\mcpatcher-2.3.6.exe:BDU
AlternateDataStreams: C:\Users\David\Downloads\Minecraft (1).exe:BDU
AlternateDataStreams: C:\Users\David\Downloads\Minecraft.exe:BDU
AlternateDataStreams: C:\Users\David\Downloads\SkypeSetup.exe:BDU
AlternateDataStreams: C:\Users\mlstruck\Downloads\GraboidVideoInstaller-5.1.0.0.exe:BDU
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk => C:\Windows\pss\GamersFirst LIVE!.lnk.CommonStartup
MSCONFIG\startupreg: Praetorian =>
MSCONFIG\startupreg: SelectRebates => "C:\Program Files (x86)\SelectRebates\SelectRebates.exe"
MSCONFIG\startupreg: Smart Copy => "C:\Program Files (x86)\IOI\Smart Copy\ButtonMonitor.exe" -A
========================= Accounts: ==========================
Administrator (S-1-5-21-2265821247-3271303352-2493671787-500 - Administrator - Disabled)
Carl (S-1-5-21-2265821247-3271303352-2493671787-1000 - Administrator - Enabled) => C:\Users\Carl
David (S-1-5-21-2265821247-3271303352-2493671787-1003 - Limited - Enabled) => C:\Users\David
Guest (S-1-5-21-2265821247-3271303352-2493671787-501 - Limited - Disabled)
Julie (S-1-5-21-2265821247-3271303352-2493671787-1002 - Limited - Enabled) => C:\Users\Julie
Katie (S-1-5-21-2265821247-3271303352-2493671787-1004 - Limited - Enabled) => C:\Users\Katie
mlstruck (S-1-5-21-2265821247-3271303352-2493671787-1001 - Administrator - Enabled) => C:\Users\mlstruck
==================== Faulty Device Manager Devices =============
Name: Microsoft ISATAP Adapter
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
Name: Microsoft ISATAP Adapter #4
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
Name: Microsoft ISATAP Adapter #7
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
Name: BitDefender Firewall NDIS Filter Miniport
Description: BitDefender Firewall NDIS Filter Miniport
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: BitDefender
Service: Bdfndisf
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.
Name:
Description:
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (11/11/2014 02:28:38 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (11/11/2014 02:28:38 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (11/11/2014 02:28:38 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (11/11/2014 02:28:38 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (11/10/2014 08:49:47 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
Error: (11/10/2014 06:06:10 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
Error: (11/10/2014 07:57:48 AM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
Error: (11/10/2014 05:09:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application TBNotifier.exe, version 31.10.3.0, time stamp 0x542f0232, faulting module TBNotifier.exe, version 31.10.3.0, time stamp 0x542f0232, exception code 0x40000015, fault offset 0x0011486c,
process id 0x18dc, application start time 0xTBNotifier.exe0.
Error: (11/10/2014 01:15:13 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (11/10/2014 01:15:13 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
System errors:
=============
Error: (11/10/2014 06:06:37 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {66C99B38-BC12-4134-90A2-C5D6ABFC5FFE}
Error: (11/10/2014 03:32:35 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (11/10/2014 03:32:33 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (11/10/2014 03:32:31 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (11/10/2014 03:32:28 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (11/10/2014 03:32:26 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (11/10/2014 03:32:24 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (11/10/2014 03:32:22 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (11/10/2014 03:32:19 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (11/10/2014 03:32:17 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Microsoft Office Sessions:
=========================
Error: (04/01/2012 02:57:59 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 129 seconds with 120 seconds of active time. This session ended with a crash.
CodeIntegrity Errors:
===================================
Date: 2014-11-07 16:08:27.504
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-11-07 16:08:26.947
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-11-07 16:08:26.377
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-11-07 16:08:25.831
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-11-07 12:53:49.286
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-11-07 12:53:48.766
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-11-07 12:53:48.250
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-11-07 12:53:47.718
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-11-07 12:43:53.165
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-03-26 15:37:21.585
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\bdsandbox.sys because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: AMD Phenom 9150e Quad-Core Processor
Percentage of memory in use: 67%
Total physical RAM: 3838.27 MB
Available physical RAM: 1240.75 MB
Total Pagefile: 7910.96 MB
Available Pagefile: 4475.3 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:586.4 GB) (Free:364.41 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 596.2 GB) (Disk ID: 83E6D949)
Partition 1: (Not Active) - (Size=9.8 GB) - (Type=27)
Partition 2: (Active) - (Size=586.4 GB) - (Type=07 NTFS)
==================== End Of Log ============================
#4
Posted 16 November 2014 - 07:13 PM
There is a lot going on here.
Please look for the below items in your add/remove programs list, uninstall.
iLivid
PC Optimizer Pro
Search App by Ask
ShopAtHome SelectRebates
Windows iLivid Toolbar
Windows Searchqu Toolbar
~~~~~~~~~~~~~~~~~~~~~~~~~
Instructions on how to backup your Favourites/Bookmarks and other data can be found below.
- Backup Internet Explorer Favourites
- Backup Firefox Bookmarks
- Backup Chrome Bookmarks
- Backup Opera Bookmarks (scroll down)
- Internet Explorer: How to reset Internet Explorer settings
- Firefox: Reset Firefox
- Chrome: Chrome - Reset browser settings
- Opera: How to perform a clean reinstall of Opera
I'm going to attach a file for you to download to your desktop.(located at the bottom of the page.
Locate it next to
Open FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
~~~~~~~~~~~~~~~~~~~
-AdwCleaner-by Xplode
Click on this link to download : ADWCleaner
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.
Do not click on any links in the top Advertisment.
- Close all open programs and internet browsers.
- Double click on AdwCleaner.exe to run the tool.
- Click on Scan.
- After the scan is complete click on "Clean"
- Confirm each time with Ok.
- Your computer will be rebooted automatically. A text file will open after the restart.
- Please post the content of that logfile with your next answer.
- You can find the logfile at C:\AdwCleaner[S1].txt as well.
- NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.
Please download Junkware Removal Tool to your desktop.
- Shut down your protection software now to avoid potential conflicts.
- Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
- The tool will open and start scanning your system.
- Please be patient as this can take a while to complete depending on your system's specifications.
- On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
- Post the contents of JRT.txt into your next message.
please post
Fixlog.txt
C:\AdwCleaner.txt
JRT.txt
Attached Files
MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??
#5
Posted 16 November 2014 - 07:42 PM
Juliet, Thanks for responding. I replied to my own post and thought it would not get a response so I completed another entry.
I'm currently working with OCD to resolve the issues. The Title is "Malware affecting browsers and antivirus Software on Desktop." I apologize it this caused any problems. I wasn't sure how else to proceed. Thanks again,
CStruck
#6
Posted 16 November 2014 - 07:47 PM
I'll close this one.
MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users