Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92790 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Malware affecting browsers and Antivirus Software on Desktop [Solved]


  • This topic is locked This topic is locked
35 replies to this topic

#1 cstruck

cstruck

    Authentic Member

  • Authentic Member
  • PipPip
  • 80 posts

Posted 13 November 2014 - 10:05 AM

aswMBR version 1.0.1.2201 Copyright© 2014 AVAST Software
Run date: 2014-11-13 09:15:00
-----------------------------
09:15:00.672    OS Version: Windows x64 6.0.6002 Service Pack 2
09:15:00.672    Number of processors: 4 586 0x203
09:15:00.673    ComputerName: CARL-PC  UserName: Carl
09:15:02.937    Initialize success
09:15:03.118    VM: initialized successfully
09:15:03.119    VM: Amd CPU supported
09:16:42.917    AVAST engine defs: 14111300
09:16:54.927    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
09:16:54.929    Disk 0 Vendor: WDC_WD6400AAKS-22A7B2 01.03B01 Size: 610480MB BusType: 3
09:16:55.202    Disk 0 MBR read successfully
09:16:55.205    Disk 0 MBR scan
09:16:55.212    Disk 0 unknown MBR code
09:16:55.216    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        10001 MB offset 63
09:16:55.250    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       600477 MB offset 20484096
09:16:55.283    Disk 0 scanning C:\Windows\system32\drivers
09:17:09.347    Service scanning
09:17:15.139    Service BdfNdisf c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys **LOCKED** 5
09:17:15.185    Service bdftdif C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdftdif.sys **LOCKED** 5
09:17:33.818    Modules scanning
09:17:33.828    Disk 0 trace - called modules:
09:17:33.846    ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
09:17:33.852    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80057b0680]
09:17:33.857    3 CLASSPNP.SYS[fffffa6000fd1c33] -> nt!IofCallDriver -> [0xfffffa800487c600]
09:17:33.863    5 acpi.sys[fffffa600081dfde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800487d940]
09:17:35.924    AVAST engine scan C:\Windows
09:17:55.689    AVAST engine scan C:\Windows\system32
09:22:22.558    AVAST engine scan C:\Windows\system32\drivers
09:22:38.748    AVAST engine scan C:\Users\Carl
09:39:28.055    File: C:\Users\Carl\Downloads\AnySendSetup.exe  **INFECTED** Win32:Dropper-gen [Drp]
09:39:32.290    File: C:\Users\Carl\Downloads\Internet_Explorer.exe  **INFECTED** Win32:Malware-gen
09:41:23.939    AVAST engine scan C:\ProgramData
09:58:16.625    Disk 0 statistics 5032366/0/0 @ 1.23 MB/s
09:58:16.633    Scan finished successfully
09:58:49.567    Disk 0 MBR has been saved successfully to "C:\Users\Carl\Desktop\MBR.dat"
09:58:49.591    The log file has been saved successfully to "C:\Users\Carl\Desktop\aswMBR.txt"

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-11-2014
Ran by Carl (administrator) on CARL-PC on 13-11-2014 09:59:37
Running from C:\Users\Carl\Desktop
Loaded Profile: Carl (Available profiles: Carl & mlstruck & Julie & David & Katie)
Platform: Windows Vista ™ Home Premium Service Pack 2 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\vsserv.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Agere Systems) C:\Windows\System32\agr64svc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\LVPrS64H.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
() C:\Windows\mHotkey.exe
(Realtek Semiconductor) C:\Windows\RAVCpl64.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\bdagent.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Creative) C:\Windows\CNYHKey.exe
(Dropbox, Inc.) C:\Users\Carl\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Microsoft Corp.) C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Discordia, LTD) C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe
(Ask) C:\Program Files (x86)\Ask.com\Updater\Updater.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
() C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe
(Chicony) C:\Windows\ModLEDKey.exe
(Chicony) C:\Windows\ChiFuncExt.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RAVCpl64.exe [6495264 2008-09-18] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1833504 2008-09-18] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender\bdagent.exe [1754424 2008-08-06] (Bitdefender)
HKLM-x32\...\Run: [LchDrvKey] => C:\Windows\LchDrvKey.exe [36864 2007-03-28] ()
HKLM-x32\...\Run: [LedKey] => C:\Windows\CNYHKey.exe [339968 2008-04-23] (Creative)
HKLM-x32\...\Run: [P2Go_Menu] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [80896 2007-08-22] (Hewlett-Packard)
HKLM-x32\...\Run: [MSN Toolbar] => C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe [240992 2009-12-08] (Microsoft Corp.)
HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [288080 2009-07-17] (Microsoft Corporation)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [165208 2010-05-07] (Logitech Inc.)
HKLM-x32\...\Run: [DATAMNGR] => C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe [1115536 2011-03-02] (Discordia, LTD)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ApnUpdater] => C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1646216 2013-03-31] (Ask)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2265821247-3271303352-2493671787-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2009-05-31] (Google Inc.)
HKU\S-1-5-21-2265821247-3271303352-2493671787-1000\...\Run: [LightShot] => C:\Users\Carl\AppData\Local\Skillbrains\lightshot\Lightshot.exe [226592 2014-03-06] ()
HKU\S-1-5-21-2265821247-3271303352-2493671787-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21650016 2014-07-24] (Skype Technologies S.A.)
HKU\S-1-5-21-2265821247-3271303352-2493671787-1000\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [568400 2014-08-13] (Bitdefender)
HKU\S-1-5-21-2265821247-3271303352-2493671787-1000\...\Run: [Bitdefender Wallet] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [1002048 2014-08-13] (Bitdefender)
HKU\S-1-5-21-2265821247-3271303352-2493671787-1000\...\Run: [Bitdefender Wallet Application Agent] => C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [615256 2014-08-13] (Bitdefender)
HKU\S-1-5-21-2265821247-3271303352-2493671787-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-2265821247-3271303352-2493671787-1000\...\Run: [WMPNSCFG] => C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
HKU\S-1-5-21-2265821247-3271303352-2493671787-1000\...\MountPoints2: {92e36653-a89d-11df-b363-00226863662d} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL http://www.garmin.com/agent
HKU\S-1-5-21-2265821247-3271303352-2493671787-1000\...409d6c4515e9\InprocServer32: [Default-shell32] C:\Users\Carl\AppData\Local\Temp\snprinv\svenosp\wow64.dll ATTENTION! ====> ZeroAccess?
HKU\S-1-5-18\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [568400 2014-08-13] (Bitdefender)
HKU\S-1-5-18\...\Run: [Bitdefender Wallet] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [1002048 2014-08-13] (Bitdefender)
HKU\S-1-5-18\...\Run: [Bitdefender Wallet Application Agent] => C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [615256 2014-08-13] (Bitdefender)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries)
AppInit_DLLs: C:\PROGRA~2\WI9130~1\Datamngr\x64\datamngr.dll => C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\x64\datamngr.dll [1033112 2011-03-02] (Discordia, LTD)
AppInit_DLLs:  C:\PROGRA~2\WI9130~1\Datamngr\x64\IEBHO.dll => C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\x64\IEBHO.dll [1058712 2011-03-02] (Discordia, LTD)
AppInit_DLLs-x32: c:\progra~2\wi9130~1\datamngr\datamngr.dll => c:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\datamngr.dll [727952 2011-03-02] (Discordia, LTD)
AppInit_DLLs-x32:  c:\progra~2\wi9130~1\datamngr\iebho.dll => c:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\IEBHO.dll [722840 2011-03-02] (Discordia, LTD)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Carl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Carl\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Carl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [__SafeBox1] -> {152C96EB-288E-4EDC-B7C6-D21F8250ADF3} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox2] -> {342DAA0B-D796-460D-8566-901E08A1CCAD} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox3] -> {57595DAE-1AE1-4D97-A49E-67CBB53B52DF} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox4] -> {33816773-98AE-4723-ADE0-EBE54C8B5A67} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: HKLM-x32 - (No Name) - {22e03916-85c5-44b0-8dc9-1830c11238d9} - No File
URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll ()
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://www.searchqu....&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.co...ng}&rlz=1I7ACGW
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.co...ng}&rlz=1I7ACGW
SearchScopes: HKLM-x32 - {8A96AF9E-4074-43b7-BEA3-87217BDA74C8} URL = http://www.searchqu....&q={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://www.searchqu....&q={searchTerms}
SearchScopes: HKLM-x32 - {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = http://search.condui...&ctid=CT2856415
SearchScopes: HKCU - DefaultScope {36377DD7-B3EB-42f5-986F-680BAF59BA9D} URL = http://yandex.ru/yan...xt={searchTerms}
SearchScopes: HKCU - Moikrug URL = http://moikrug.ru/pe...ms}&submitted=1
SearchScopes: HKCU - Yandex URL = http://start.iplay.c...&q={searchTerms}
SearchScopes: HKCU - {36377DD7-B3EB-42f5-986F-680BAF59BA9D} URL = http://yandex.ru/yan...xt={searchTerms}
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://www.searchqu....&q={searchTerms}
SearchScopes: HKCU - {B9E6FD3E-8BA1-4A89-A304-665EB168D404} URL = http://websearch.ask...25-E03A648423C2
BHO: Bitdefender Wallet  -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender\pmbxie.dll (Bitdefender)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: UrlHelper Class -> {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} -> C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\x64\IEBHO.dll (Discordia, LTD)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll No File
BHO-x32: Shop to Win -> {00B48AB6-399B-4E4E-B07E-DA47C34C453A} -> C:\Program Files (x86)\Shop to Win 17\Shop to Win 17.dll (Shop To Win, LLC)
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: PE_IE_Helper Class -> {0941C58F-E461-4E03-BD7D-44C27392ADE1} -> C:\Program Files (x86)\IBM\Lotus Forms\Viewer\3.5\PEhelper.dll (IBM Corporation)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxie.dll (Bitdefender)
BHO-x32: No Name -> {22e03916-85c5-44b0-8dc9-1830c11238d9} ->  No File
BHO-x32: FastestIE -> {54404F81-99CC-4FD3-9D29-92689B86C2CC} -> C:\Program Files (x86)\FastestIE\FastestIE.dll (fastestie.com)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Searchqu Toolbar -> {99079a25-328f-4bd4-be04-00955acaa0a7} -> C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
BHO-x32: UrlHelper Class -> {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} -> C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\IEBHO.dll (Discordia, LTD)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: GamesBarBHO Class -> {CB0D163C-E9F4-4236-9496-0597E24B23A5} -> C:\Program Files (x86)\GamesBar\2.0.1.82\oberontb.dll (Oberon Media Ltd.)
BHO-x32: MSN Toolbar BHO -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
BHO-x32: Ask Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll ()
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ShopAtHomeIEHelper Class -> {E8DAAA30-6CAA-4b58-9603-8E54238219E2} -> C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
Toolbar: HKLM-x32 - MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - ShopAtHome Toolbar - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome)
Toolbar: HKLM-x32 - No Name - {22e03916-85c5-44b0-8dc9-1830c11238d9} -  No File
Toolbar: HKLM-x32 - No Name - {30F9B915-B755-4826-820B-08FBA6BD249D} -  No File
Toolbar: HKLM-x32 - Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
Toolbar: HKLM-x32 - GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files (x86)\GamesBar\2.0.1.82\oberontb.dll (Oberon Media Ltd.)
Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll ()
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-2265821247-3271303352-2493671787-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-2265821247-3271303352-2493671787-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...tDetection2.cab
DPF: HKLM-x32 {74F4F118-91E6-4AFC-B8D2-04066781F239} https://www.member-d...dc/EZTwainX.cab
DPF: HKLM-x32 {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} https://kingsisle.hs...ameLauncher.CAB
DPF: HKLM-x32 {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab
DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnime...veX_Control.cab
DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicr...osoft/wrc32.ocx
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 216.177.160.61 216.177.160.60

FireFox:
========
FF ProfilePath: C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\85w9rd3l.default
FF NewTab: yafd:tabs
FF DefaultSearchEngine: Ask.com
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Ask.com
FF Keyword.URL: hxxp://www.searchqu.com/web?src=ffb&systemid=101&q=
FF Homepage: hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP|hxxp://www.searchqu.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
FF Plugin: @Musicnotes.com/Musicnotes Viewer -> C:\Program Files\Musicnotes\npmusicn64.dll (Musicnotes, Inc.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @gamersfirst.com/LiveLauncher -> C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Windows\SysWOW64\npdeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpWinExt,version=4.0 -> C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @Musicnotes.com/Musicnotes Viewer -> C:\Program Files (x86)\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @Sibelius.com/Scorch Plugin -> C:\Program Files (x86)\Musicnotes\npsibelius.dll ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @unity3d.com/UnityPlayer -> C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2265821247-3271303352-2493671787-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\mfc71.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\msvcr71.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npmfv.dll (IBM Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\85w9rd3l.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\85w9rd3l.default\searchplugins\SearchResults.xml
FF SearchPlugin: C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\85w9rd3l.default\searchplugins\yandex.xml
FF SearchPlugin: C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\85w9rd3l.default\searchplugins\ybqs-yandex.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\WebSearchober476294982.xml
FF Extension: No Name - C:\Users\Carl\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com [2010-01-19]
FF Extension: Oberon GamesBar - C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\85w9rd3l.default\Extensions\gamesbar@oberon-media.com [2012-06-06]
FF Extension: Ask Toolbar Toolbar - C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\85w9rd3l.default\Extensions\toolbar@ask.com [2012-11-10]
FF Extension: Візуальныя закладкі - C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\85w9rd3l.default\Extensions\vb@yandex.ru [2013-04-24]
FF Extension: Кампанент &quot;Элементы Яндекса&quot; - C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\85w9rd3l.default\Extensions\yasearch@yandex.ru [2013-04-24]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\85w9rd3l.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-11-27]
FF Extension: No Name - C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\85w9rd3l.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}-trash [2010-11-27]
FF Extension: No Name - C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\85w9rd3l.default\Extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} [2011-09-03]
FF Extension: Search Assistant - C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\85w9rd3l.default\Extensions\{B3834E60-12A8-11E0-A289-939FDFD72085} [2012-05-17]
FF Extension: LoudMo Contextual Ad Assistant - C:\Program Files (x86)\Mozilla Firefox\extensions\{5befc0da-3d3d-1bde-61c9-d91915f7ddda} [2010-05-01]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011-12-23]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011-08-20]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-12-25]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext
FF Extension: bdToolbar - C:\Program Files\Bitdefender\Bitdefender\bdtbext [2014-03-26]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-05-31]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009-09-04]
FF HKLM-x32\...\Firefox\Extensions: [msntoolbar@msn.com] - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\Firefox
FF Extension: MSN Toolbar - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\Firefox [2010-01-19]
FF HKLM-x32\...\Firefox\Extensions: [ffpwdman@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman [2014-03-26]
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [Not Found]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP
CHR StartupUrls: Default -> "hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP", "hxxp://www.aol.com/"
CHR Profile: C:\Users\Carl\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Ask Toolbar) - C:\Users\Carl\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo [2012-11-13]
CHR Extension: (Entanglement Web App) - C:\Users\Carl\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2011-02-23]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Carl\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (Bitdefender Wallet) - C:\Users\Carl\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccahoghmggldkcdjiebjkidpfongdfbl [2014-03-26]
CHR Extension: (Skype Click to Call) - C:\Users\Carl\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2011-12-26]
CHR Extension: (Poppit!) - C:\Users\Carl\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2011-02-23]
CHR Extension: (Visual Bookmarks) - C:\Users\Carl\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkcpopggjcjkiicpenikeogioednjeac [2012-04-10]
CHR Extension: (Google Wallet) - C:\Users\Carl\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR HKLM-x32\...\Chrome\Extension: [aaaaojmikegpiepcfdkkjaplodkpfmlo] - C:\Users\Carl\AppData\Local\APN\GoogleCRXs\apnorjtoolbar.crx [2013-03-31]
CHR HKLM-x32\...\Chrome\Extension: [ccahoghmggldkcdjiebjkidpfongdfbl] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxcr.crx [2014-03-26]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender\bdparentalservice.exe [77632 2014-08-13] (Bitdefender)
R2 ETService; C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe [24576 2008-06-11] () [File not signed]
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-08-07] (Garmin Ltd or its subsidiaries)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [139264 2007-11-06] (Hewlett-Packard Co.) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2008-08-19] () [File not signed]
R2 SafeBox; C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [94624 2013-07-08] (Bitdefender)
S3 scan; C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll [596776 2008-08-06] (Bitdefender)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe [67320 2014-08-13] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender\vsserv.exe [1536624 2008-08-06] (Bitdefender)
R2 yksvc; RUNDLL32.EXE ykx64coinst,serviceStartProc [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1260120 2014-08-13] (BitDefender)
R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [93600 2014-05-22] (BitDefender LLC)
R1 bdftdif; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdftdif.sys [119888 2011-11-14] (BitDefender LLC)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82824 2013-11-04] (BitDefender SRL)
R1 BDVEDISK; C:\Windows\System32\DRIVERS\bdvedisk.sys [76944 2012-04-17] (BitDefender)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [150256 2013-08-23] (BitDefender LLC)
R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [419616 2014-08-13] (BitDefender S.R.L.)
U4 bdselfpr; No ImagePath
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
U3 aswMBR; \??\C:\Users\Carl\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\Carl\AppData\Local\Temp\aswVmm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-13 09:59 - 2014-11-13 10:00 - 00035723 _____ () C:\Users\Carl\Desktop\FRST.txt
2014-11-13 09:58 - 2014-11-13 09:58 - 00002536 _____ () C:\Users\Carl\Desktop\aswMBR.txt
2014-11-13 09:58 - 2014-11-13 09:58 - 00000512 _____ () C:\Users\Carl\Desktop\MBR.dat
2014-11-13 09:14 - 2014-11-13 09:14 - 02116096 _____ (Farbar) C:\Users\Carl\Desktop\FRST64.exe
2014-11-13 09:12 - 2014-11-13 09:12 - 05194752 _____ (AVAST Software) C:\Users\Carl\Desktop\aswMBR.exe
2014-11-13 09:05 - 2014-11-13 09:05 - 00002027 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-13 09:05 - 2014-11-13 09:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-11-13 09:04 - 2014-11-13 09:04 - 00000000 ____D () C:\Users\Carl\AppData\Local\Deployment
2014-11-13 09:04 - 2014-11-13 09:04 - 00000000 ____D () C:\Users\Carl\AppData\Local\Apps\2.0
2014-11-12 18:41 - 2014-11-12 18:43 - 00000000 ____D () C:\Users\Katie\AppData\Local\{F7B7211F-7DF3-4F52-AC66-4A184FED7C9A}
2014-11-12 18:35 - 2014-11-12 18:35 - 00000000 ____D () C:\Users\Katie\AppData\Local\Macromedia
2014-11-12 18:32 - 2014-11-12 18:32 - 00000000 ____D () C:\Users\Katie\AppData\Local\{DF1FB192-739E-41FA-8D7B-5F2E19DE2424}
2014-11-12 12:29 - 2014-11-12 12:29 - 00000000 ____D () C:\ProgramData\Dumps
2014-11-12 12:15 - 2014-11-12 12:15 - 00000000 ____D () C:\Users\Carl\{ca193454-bc05-40e6-8e1e-febbedb96b6c}
2014-11-12 11:55 - 2014-09-26 18:42 - 00883624 _____ (Oracle Corporation) C:\Windows\SysWOW64\npdeployJava1.dll
2014-11-12 11:55 - 2014-09-26 18:42 - 00806824 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2014-11-12 11:54 - 2014-11-12 11:54 - 00000000 ____D () C:\Users\Carl\AppData\Roaming\Oracle
2014-11-12 11:50 - 2014-09-26 18:42 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-11-12 11:50 - 2014-09-26 18:36 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-11-12 11:50 - 2014-09-26 18:36 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-11-12 11:50 - 2014-09-26 18:35 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-11-12 11:49 - 2014-11-12 11:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-11-12 10:54 - 2014-10-12 15:52 - 02782208 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 10:53 - 2014-09-18 16:50 - 00278528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-12 10:53 - 2014-09-18 16:45 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 10:48 - 2014-08-11 18:25 - 00729600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-12 10:48 - 2014-08-11 18:11 - 00923136 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 10:46 - 2014-10-09 17:10 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 10:46 - 2014-10-09 17:09 - 01689600 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 10:46 - 2014-10-09 17:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 10:46 - 2014-10-09 17:01 - 00077312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-12 10:46 - 2014-10-09 17:00 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-12 10:46 - 2014-10-09 15:53 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 10:46 - 2014-10-09 15:22 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-12 10:46 - 2014-06-15 14:18 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-11-12 10:46 - 2014-06-15 14:18 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-11-12 10:46 - 2014-06-13 10:22 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-11-12 10:46 - 2014-06-13 10:22 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-11-12 10:46 - 2014-06-13 09:36 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-11-12 10:46 - 2014-06-13 09:36 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-11-12 10:45 - 2014-10-17 17:08 - 00564224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-12 10:45 - 2014-10-17 16:46 - 00847360 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 10:45 - 2014-10-02 17:18 - 00274432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-12 10:45 - 2014-10-02 17:17 - 00396800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-12 10:45 - 2014-10-02 17:17 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-12 10:45 - 2014-10-02 17:03 - 00313344 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 10:45 - 2014-10-02 17:02 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 10:45 - 2014-10-02 17:01 - 00474624 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 10:45 - 2014-10-02 17:01 - 00446976 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 10:45 - 2014-10-02 15:49 - 00088576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\audiodg.exe
2014-11-12 10:29 - 2014-10-23 17:04 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-12 10:29 - 2014-10-23 16:39 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 10:29 - 2014-09-04 15:38 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
2014-11-12 10:29 - 2014-08-26 16:55 - 01249280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-12 10:29 - 2014-08-26 16:55 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-12 10:29 - 2014-08-26 16:41 - 01869824 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 10:29 - 2014-08-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 10:27 - 2014-09-08 22:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-11-12 10:27 - 2014-09-08 22:24 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-11-12 10:26 - 2014-10-27 12:13 - 02339840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-12 10:26 - 2014-10-27 12:06 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 10:26 - 2014-10-27 12:05 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 10:26 - 2014-10-27 12:04 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-11-12 10:26 - 2014-10-27 12:04 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-12 10:26 - 2014-10-27 12:04 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 10:26 - 2014-10-27 12:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-12 10:26 - 2014-10-27 12:03 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 10:26 - 2014-10-27 12:03 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-12 10:26 - 2014-10-27 12:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-12 10:26 - 2014-10-27 11:10 - 12366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-12 10:26 - 2014-10-27 11:05 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-12 10:26 - 2014-10-27 10:59 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-12 10:26 - 2014-10-27 10:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-11-12 10:26 - 2014-10-27 10:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-12 10:26 - 2014-10-27 10:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-12 10:26 - 2014-10-27 10:55 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-12 10:26 - 2014-10-27 10:55 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-12 10:26 - 2014-10-27 10:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-12 10:26 - 2014-10-27 10:54 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-12 10:25 - 2014-10-27 12:32 - 17870336 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 10:25 - 2014-10-27 12:12 - 10921472 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 10:25 - 2014-10-27 12:07 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 10:25 - 2014-10-27 12:05 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 10:25 - 2014-10-27 12:05 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-11-12 10:25 - 2014-10-27 12:04 - 02157056 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 10:25 - 2014-10-27 12:04 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 10:25 - 2014-10-27 12:04 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-12 10:25 - 2014-10-27 12:03 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-11-12 10:25 - 2014-10-27 12:03 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-11-12 10:25 - 2014-10-27 12:03 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-11-12 10:25 - 2014-10-27 11:02 - 09739776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-12 10:25 - 2014-10-27 10:59 - 01139712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-12 10:25 - 2014-10-27 10:58 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-12 10:25 - 2014-10-27 10:57 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-11-12 10:25 - 2014-10-27 10:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-12 10:25 - 2014-10-27 10:56 - 01802752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-12 10:25 - 2014-10-27 10:56 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-12 10:25 - 2014-10-27 10:56 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-12 10:25 - 2014-10-27 10:55 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-11-12 10:25 - 2014-10-27 10:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-11-12 10:25 - 2014-10-27 10:55 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-11-11 15:18 - 2014-11-11 15:18 - 00000000 ____D () C:\Users\mlstruck\AppData\Local\{28088A49-EE22-4F40-BA56-0A17D0DD823C}
2014-11-11 13:46 - 2014-11-13 09:59 - 00000000 ____D () C:\FRST
2014-11-10 05:56 - 2014-11-10 05:56 - 00000000 ____D () C:\Users\Katie\Documents\My Scans
2014-11-09 14:26 - 2014-11-09 14:27 - 00000000 ____D () C:\Users\mlstruck\AppData\Local\{CDF00B65-7969-41F4-BC77-7F8EB4E65D3C}
2014-11-09 14:13 - 2014-11-09 14:13 - 00000000 ____D () C:\Users\Katie\Documents\Recipes
2014-11-09 12:09 - 2014-11-09 12:09 - 00000000 ____D () C:\Users\Katie\AppData\Local\{AB61E324-AB16-40EE-89A7-115B7A8F0FA3}
2014-11-09 08:00 - 2014-11-12 11:50 - 00000000 ____D () C:\ProgramData\Oracle
2014-11-09 07:51 - 2014-11-09 07:51 - 00000000 ____D () C:\ProgramData\AskPartnerNetwork
2014-11-09 07:51 - 2014-11-09 07:51 - 00000000 ____D () C:\Program Files (x86)\AskPartnerNetwork
2014-11-09 07:50 - 2014-11-09 07:50 - 00000000 ____D () C:\ProgramData\APN
2014-11-09 07:47 - 2014-11-12 11:50 - 00006782 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_71-b14.log
2014-11-07 10:43 - 2014-11-07 10:43 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-07 10:43 - 2014-11-07 10:43 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-06 13:07 - 2014-11-07 01:09 - 00000000 ____D () C:\Users\mlstruck\AppData\Local\{B49A7250-9AC9-4646-BD66-C0D0002860CE}
2014-11-04 18:06 - 2014-11-04 18:06 - 00227194 _____ () C:\Users\Katie\Documents\Jetblue Reservation scan code Apr 2015.pptx
2014-11-01 16:32 - 2014-11-01 16:32 - 00000385 _____ () C:\Users\Katie\AppData\Roaminguser_gensett.xml
2014-11-01 15:59 - 2014-11-01 15:59 - 00000000 ____D () C:\Users\Katie\AppData\Local\{D2701221-158F-4D2B-BAE6-84AEE50A127C}
2014-10-30 20:54 - 2014-10-31 20:56 - 00000000 ____D () C:\Users\mlstruck\AppData\Local\{F2F8F1C4-1E88-4056-83CF-C6855D7E6644}
2014-10-30 20:00 - 2014-10-30 20:00 - 00000000 _____ () C:\Users\David\Desktop\David Stem Cells
2014-10-30 17:50 - 2014-10-30 17:50 - 00000000 ___HD () C:\ProgramData\CanonBJ
2014-10-30 16:15 - 2014-10-30 16:15 - 00000000 ____D () C:\Users\Katie\AppData\Local\{AF51DC85-D4B3-46F1-AB2B-200D7ECAEC70}
2014-10-28 06:38 - 2014-10-30 06:43 - 00000000 ____D () C:\Users\mlstruck\AppData\Local\{92C16527-ED54-4A21-97EB-47E6AA9CAA6B}
2014-10-27 17:36 - 2014-10-27 17:36 - 00000000 ____D () C:\Users\Katie\AppData\Local\{174BD46C-ED3E-49ED-A115-DE683A6FE8A8}
2014-10-27 06:34 - 2014-10-27 18:37 - 00000000 ____D () C:\Users\mlstruck\AppData\Local\{66B3A009-F282-425C-8E94-13919D8882C9}
2014-10-26 10:51 - 2014-10-26 11:43 - 00000000 ____D () C:\Users\Katie\Downloads\Geography
2014-10-24 16:16 - 2014-11-12 19:18 - 00000000 ____D () C:\Users\Katie\Documents\French
2014-10-24 16:13 - 2014-10-24 16:13 - 00000000 ____D () C:\Users\Katie\AppData\Local\{F1F966AE-1A89-4933-9FF4-EDA420A20D8C}

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-13 09:59 - 2011-12-23 19:14 - 00000000 ____D () C:\Users\Carl\AppData\Roaming\Skype
2014-11-13 09:40 - 2012-04-27 11:19 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-13 09:38 - 2014-03-30 10:33 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf4c468da22830.job
2014-11-13 09:32 - 2009-11-06 18:30 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-13 09:10 - 2012-04-10 16:06 - 00000386 _____ () C:\Windows\Tasks\update-sys.job
2014-11-13 09:05 - 2009-05-31 18:45 - 00000000 ____D () C:\Program Files (x86)\Google
2014-11-13 09:02 - 2009-06-08 20:27 - 00000000 ____D () C:\Users\mlstruck
2014-11-13 09:00 - 2014-07-20 14:20 - 00000000 ___RD () C:\Users\Carl\Dropbox
2014-11-13 09:00 - 2014-07-18 12:03 - 00000000 ____D () C:\Users\Carl\AppData\Roaming\Dropbox
2014-11-13 08:58 - 2014-03-30 10:33 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf4c468a09bf30.job
2014-11-13 08:58 - 2009-11-06 18:30 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-13 08:40 - 2006-11-02 07:22 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-13 08:40 - 2006-11-02 07:22 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-13 08:26 - 2012-04-10 16:06 - 00000386 _____ () C:\Windows\Tasks\update-S-1-5-21-2265821247-3271303352-2493671787-1000.job
2014-11-13 07:34 - 2012-04-10 17:53 - 00000388 _____ () C:\Windows\Tasks\update-S-1-5-21-2265821247-3271303352-2493671787-1003.job
2014-11-13 05:56 - 2009-04-08 12:54 - 01327929 _____ () C:\Windows\WindowsUpdate.log
2014-11-12 20:33 - 2014-03-30 10:33 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1cf4c468da22830
2014-11-12 20:33 - 2014-03-30 10:33 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1cf4c468a09bf30
2014-11-12 18:46 - 2006-11-02 04:46 - 00006656 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-12 18:41 - 2010-08-18 13:30 - 00000000 ____D () C:\Users\Katie\Tracing
2014-11-12 18:40 - 2010-10-31 04:24 - 00000000 ____D () C:\Windows\SysWOW64\logishrd
2014-11-12 18:40 - 2010-10-31 04:24 - 00000000 ____D () C:\Windows\system32\logishrd
2014-11-12 18:40 - 2009-04-08 13:05 - 00000000 _____ () C:\Windows\system32\LogConfigTemp.xml
2014-11-12 18:40 - 2006-11-02 07:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-12 18:38 - 2008-01-20 19:26 - 06104746 _____ () C:\Windows\PFRO.log
2014-11-12 18:37 - 2006-11-02 07:42 - 00032618 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-12 12:15 - 2009-05-31 18:43 - 00000000 ____D () C:\Users\Carl
2014-11-12 12:07 - 2010-03-17 20:12 - 00000000 ____D () C:\Program Files (x86)\ParetoLogic
2014-11-12 11:57 - 2011-10-07 09:18 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-11-12 11:55 - 2008-11-03 13:38 - 00000000 ____D () C:\Program Files (x86)\Java
2014-11-12 11:40 - 2012-04-27 11:19 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-12 11:40 - 2012-04-27 11:19 - 00003682 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-12 11:40 - 2011-05-14 05:00 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-12 11:32 - 2006-11-02 05:33 - 00000000 ____D () C:\Windows\rescache
2014-11-12 11:10 - 2006-11-02 07:21 - 00352808 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-12 10:51 - 2008-11-03 13:21 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-12 10:44 - 2013-08-14 02:09 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-12 10:22 - 2014-07-20 14:20 - 00000918 _____ () C:\Users\Carl\Desktop\Dropbox.lnk
2014-11-12 10:22 - 2014-07-18 12:49 - 00000000 ____D () C:\Users\Carl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-11-12 10:22 - 2012-11-07 20:19 - 00001149 _____ () C:\Windows\wininit.ini
2014-11-12 01:40 - 2006-11-02 04:33 - 01310720 _____ () C:\Windows\system32\config\default_previous
2014-11-12 01:40 - 2006-11-02 04:33 - 00262144 _____ () C:\Windows\system32\config\security_previous
2014-11-11 15:21 - 2010-01-04 21:52 - 00000000 ____D () C:\Users\mlstruck\Documents\Christmas
2014-11-11 15:17 - 2010-11-29 16:30 - 00000000 ____D () C:\Users\mlstruck\Tracing
2014-11-09 15:14 - 2010-07-20 05:37 - 00000000 ____D () C:\Users\mlstruck\Documents\My Scans
2014-11-09 12:23 - 2013-04-22 15:22 - 00000000 ____D () C:\Users\Katie\Documents\English
2014-11-09 12:14 - 2010-01-04 19:48 - 00000000 ____D () C:\Users\Katie\AppData\Roaming\Apple Computer
2014-11-01 10:21 - 2011-12-23 19:15 - 00000000 ____D () C:\Users\David\AppData\Roaming\Skype
2014-11-01 10:05 - 2014-03-10 14:49 - 00000000 ____D () C:\Users\David\AppData\Roaming\.minecraft
2014-10-31 23:26 - 2006-11-02 04:35 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-10-27 06:34 - 2011-04-17 19:50 - 00000000 ____D () C:\Users\mlstruck\AppData\Roaming\BitDefender
2014-10-26 15:06 - 2011-04-17 12:30 - 00000000 ____D () C:\Users\David\AppData\Roaming\BitDefender
2014-10-23 19:43 - 2014-03-25 21:23 - 00000000 ____D () C:\Users\Carl\Documents\Liza
2014-10-23 05:11 - 2011-12-23 19:13 - 00000000 ____D () C:\ProgramData\Skype
2014-10-22 23:26 - 2012-04-10 16:06 - 00001134 _____ () C:\Users\Carl\AppData\Local\UserProducts.xml
2014-10-22 20:26 - 2009-09-04 19:08 - 00000000 ____D () C:\Users\Carl\Documents\My Scans

Some content of TEMP:
====================
C:\Users\Carl\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbntmea.dll
C:\Users\Carl\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\David\AppData\Local\Temp\contentDATs.exe
C:\Users\David\AppData\Local\Temp\SearchWithGoogleUpdate.exe
C:\Users\David\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
C:\Users\David\AppData\Local\Temp\SWFXXLRT.DLL
C:\Users\Katie\AppData\Local\Temp\SearchWithGoogleUpdate.exe
C:\Users\mlstruck\AppData\Local\Temp\FFoxPackage.exe
C:\Users\mlstruck\AppData\Local\Temp\GLFA08.tmp.ConduitEngineSetup.exe
C:\Users\mlstruck\AppData\Local\Temp\installhelper.dll
C:\Users\mlstruck\AppData\Local\Temp\NGMDll.dll
C:\Users\mlstruck\AppData\Local\Temp\NGMResource.dll
C:\Users\mlstruck\AppData\Local\Temp\NGMSetup.exe
C:\Users\mlstruck\AppData\Local\Temp\nsn527F.tmp.exe
C:\Users\mlstruck\AppData\Local\Temp\prxGLFA08.tmp.tbElf_.dll
C:\Users\mlstruck\AppData\Local\Temp\SearchWithGoogleUpdate.exe
C:\Users\mlstruck\AppData\Local\Temp\SetupDataMngr_Searchqu.exe
C:\Users\mlstruck\AppData\Local\Temp\uitools.dll
C:\Users\mlstruck\AppData\Local\Temp\unicows.dll
C:\Users\mlstruck\AppData\Local\Temp\Update.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-11-13 06:51

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-11-2014
Ran by Carl at 2014-11-13 10:00:54
Running from C:\Users\Carl\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Bitdefender Antivirus (Enabled - Up to date) {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
AS: Bitdefender Antispyware (Enabled - Up to date) {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall (Enabled) {A23392FD-84B9-F933-2C71-81E751F6EF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4500_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
AnswerWorks 5.0 English Runtime (HKLM-x32\...\{9E5A03E3-6246-4920-9630-0527D5DA9B07}) (Version: 008.000.0003 - Vantage Linguistics)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ask Toolbar (HKLM-x32\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.15.23.0 - Ask.com) <==== ATTENTION
Ask Toolbar Updater (HKU\S-1-5-21-2265821247-3271303352-2493671787-1000\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.5.36191 - Ask.com) <==== ATTENTION
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - )
Bitdefender Total Security (HKLM\...\Bitdefender) (Version: 17.26.0.1106 - Bitdefender)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BPD_HPSU (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (x32 Version: 50.0.165.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
CameraHelperMsi (x32 Version: 13.10.1217.0 - Logitech) Hidden
Combat Arms (HKLM-x32\...\Combat Arms) (Version:  - )
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conduit Engine (HKLM-x32\...\conduitEngine) (Version:  - Conduit Ltd.) <==== ATTENTION
CustomerResearchQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
CyberLink LabelPrint (HKLM-x32\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.0.3111 - CyberLink Corp.)
CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 4.1.2019 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.2115 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destination Component (x32 Version: 100.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 100.0.190.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
DocMgr (x32 Version: 100.0.201.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 11.0.0.0 - Hewlett-Packard) Hidden
DocProcQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
Dropbox (HKU\S-1-5-21-2265821247-3271303352-2493671787-1000\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
Elevated Installer (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
Elf_1 Toolbar (HKLM-x32\...\Elf_1 Toolbar) (Version:  - )
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
eSupportQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
ExamView Assessment Suite (HKLM-x32\...\ExamView Pro) (Version:  - )
EZ Fonts (HKLM-x32\...\{02F5BEE7-0AB6-4E42-9BF8-2588AAECC7F2}) (Version: 1.0.0 - EZ Fonts)
FastestIE (HKLM-x32\...\FastestIE) (Version:  - )
Fax (x32 Version: 100.0.187.000 - Hewlett-Packard) Hidden
FLV Direct Player (HKLM-x32\...\FLV Direct Player) (Version:  - )
GamersFirst LIVE! (HKLM-x32\...\GamersFirst LIVE!) (Version:  - GamersFirst)
GamesBar 2.0.1.82 (HKLM-x32\...\GamesBar) (Version: 2.0.1.82 - Oberon Media, Inc.)
Garmin City Navigator North America NT 2015.10 (HKLM-x32\...\{FCDB42FC-A70B-4041-877F-D73E16DE4345}) (Version: 2.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{b43ffffb-1adc-4bcb-b277-7844ebff94da}) (Version: 3.2.17.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin USB Drivers (HKLM-x32\...\{510D2239-6C2E-457B-9590-485EC552D94D}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM-x32\...\{D17111CB-C992-42A9-9D56-C19395102AAA}) (Version: 2.4.2 - Garmin Ltd or its subsidiaries)
Gateway Games (HKLM-x32\...\WildTangent gateway Master Uninstall) (Version: 1.0.0.71 - WildTangent)
Gateway Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 3.1.3003 - Acer Incorporated)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.122 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GPBaseService (x32 Version: 100.0.187.000 - Hewlett-Packard) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 10.0 (HKLM\...\HPExtendedCapabilities) (Version: 10.0 - HP)
HP Document Manager 1.0 (HKLM\...\HP Document Manager) (Version: 1.0 - HP)
HP Imaging Device Functions 10.0 (HKLM\...\HP Imaging Device Functions) (Version: 10.0 - HP)
HP Officejet J4500 Series (HKLM\...\{CD0773D5-C18E-495c-B39B-21A96415EDD5}) (Version: 1.0 - HP)
HP Photosmart Essential 2.5 (HKLM\...\HP Photosmart Essential) (Version: 2.5 - HP)
HP Smart Web Printing (HKLM\...\HP Smart Web Printing) (Version: 3.5 - HP)
HP Smart Web Printing (HKLM-x32\...\HP Smart Web Printing) (Version: 131.1.35898 - Hewlett-Packard)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
IBM Lotus Forms Viewer 3.5.1 (HKLM-x32\...\{A0BBF7AB-2F47-47DC-BB02-4C826F2BC73C}) (Version: 7.6.1.333 - IBM)
iLivid (HKLM-x32\...\iLivid) (Version: 1.92.0.112243 - Bandoo Media Inc.) <==== ATTENTION
iLivid (x32 Version: 1.92.0.112243 - Bandoo Media Inc.) Hidden <==== ATTENTION
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)
J4500 (x32 Version: 50.0.165.000 - Hewlett-Packard) Hidden
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.710 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KB0817 Keyboard Driver (HKLM-x32\...\{ED5DCA6F-5FEA-47CB-83DB-210A468C298B}) (Version: 1.30.0000 - Gateway)
League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
Lightshot-5.1.2.5 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.1.2.5 - Skillbrains)
Logitech Vid HD (HKLM-x32\...\Logitech Vid) (Version: 7.2 (7259) - Logitech Inc..)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.)
LWS VideoEffects (Version: 13.00.1774.0 - Logitech) Hidden
MarketResearch (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
Marvell Miniport Driver (HKLM-x32\...\Marvell Miniport Driver) (Version: 10.63.5.3 - Marvell)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Money Essentials (HKLM-x32\...\Money2007b) (Version: 16 - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Standard 2007 (HKLM-x32\...\STANDARDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{67E03279-F703-408F-B4BF-46B5FC8D70CD}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 4.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 4.0 (x86 en-US)) (Version: 4.0 - Mozilla)
MSN Toolbar (HKLM-x32\...\{08234a0d-cf39-4dca-99f0-0c5cb496da81}) (Version: 4.0.0390.0 - Microsoft Corporation)
MSN Toolbar Platform (x32 Version: 4.0.0379.0 - Microsoft Corporation) Hidden
MSVCSetup (x32 Version: 1.00.0000 - HP) Hidden
MSXML 4.0 SP2 (KB927978) (HKLM-x32\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Musicnotes Software Suite 1.7.2 (HKLM-x32\...\Musicnotes Combined Installer_is1) (Version: 1.7.2 - Musicnotes Inc.)
Nexon Game Manager (HKLM-x32\...\{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}) (Version:  - )
OCR Software by I.R.I.S. 10.0 (HKLM\...\HPOCR) (Version: 10.0 - HP)
Oregon Trail® 5 (HKLM-x32\...\Oregon Trail® 5) (Version:  - )
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.8 - Pando Networks Inc.)
ProductContext (x32 Version: 50.0.165.000 - Hewlett-Packard) Hidden
PSSWCORE (x32 Version: 2.02.0000 - Hewlett-Packard) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version:  - Realtek Semiconductor Corp.)
Sansa Updater (HKU\S-1-5-21-2265821247-3271303352-2493671787-1000\...\Sansa Updater) (Version:  - )
Scan (x32 Version: 10.1.0.0 - Hewlett-Packard) Hidden
Segoe UI (x32 Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 10.0 - HP)
Shop To Win (HKLM-x32\...\{2EDEF827-E14D-400B-BB7C-C0B17DC15C6B}_is1) (Version: 1.0.25 - Shop To Win, LLC)
ShopAtHome SelectRebates (HKLM-x32\...\SelectRebatesUninstall) (Version:  - ) <==== ATTENTION
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Smart Copy 3.1.1.1 (HKLM-x32\...\Smart Copy) (Version: 3.1.1.1 - I/O Interconnect)
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Spelling Dictionaries Support For Adobe Reader 8 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-800000000003}) (Version: 8.0.0 - Adobe Systems)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Status (x32 Version: 100.0.175.000 - Hewlett-Packard) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Toolbox (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
TurboTax 2008 (HKLM-x32\...\TurboTax 2008) (Version:  - )
TurboTax 2009 (HKLM-x32\...\TurboTax 2009) (Version:  - Intuit, Inc)
TurboTax 2010 (HKLM-x32\...\TurboTax 2010) (Version:  - Intuit, Inc)
TurboTax 2011 (HKLM-x32\...\TurboTax 2011) (Version:  - Intuit, Inc)
TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
Unity Web Player (HKLM-x32\...\UnityWebPlayer) (Version: 2.5.1f5_24931 - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VideoToolkit01 (x32 Version: 100.0.128.000 - Hewlett-Packard) Hidden
Vindictus (HKLM-x32\...\Vindictus) (Version:  - )
VoiceOver Kit (HKLM-x32\...\{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}) (Version: 1.42.128.0 - Apple Inc.)
WebReg (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
Windows 7 Upgrade Advisor (HKLM-x32\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0) (HKLM\...\49CF605F02C7954F4E139D18828DE298CD59217C) (Version: 06/03/2009 2.3.0.0 - Garmin)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows iLivid Toolbar (HKLM-x32\...\Searchqu 406 MediaBar) (Version: 3.0.0.112200 - Bandoo Media, Inc) <==== ATTENTION
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Searchqu Toolbar (HKLM-x32\...\Searchqu 101 MediaBar) (Version: 2.5.0.101919 - Bandoo Media Inc) <==== ATTENTION
WinRAR 4.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
Wizard101 (HKLM-x32\...\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version:  - )
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - )
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Toolbar) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2265821247-3271303352-2493671787-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Carl\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2265821247-3271303352-2493671787-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Carl\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2265821247-3271303352-2493671787-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Carl\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2265821247-3271303352-2493671787-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Carl\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2265821247-3271303352-2493671787-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Carl\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2265821247-3271303352-2493671787-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Carl\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2265821247-3271303352-2493671787-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Carl\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2265821247-3271303352-2493671787-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Carl\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2265821247-3271303352-2493671787-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Carl\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2265821247-3271303352-2493671787-1000_Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 -> C:\Users\Carl\AppData\Local\Temp\snprinv\svenosp\wow64.dll No File

==================== Restore Points  =========================

26-10-2014 21:35:16 Scheduled Checkpoint
27-10-2014 16:20:50 Scheduled Checkpoint
28-10-2014 05:00:02 Scheduled Checkpoint
29-10-2014 05:00:03 Scheduled Checkpoint
30-10-2014 05:00:03 Scheduled Checkpoint
31-10-2014 01:45:50 Device Driver Package Install: Canon Imaging devices
31-10-2014 01:49:39 Device Driver Package Install: Canon Printers
01-11-2014 05:00:03 Scheduled Checkpoint
01-11-2014 19:00:56 Scheduled Checkpoint
02-11-2014 23:17:50 Scheduled Checkpoint
08-11-2014 00:26:21 Removed Ask Toolbar.
08-11-2014 16:37:05 Windows Update
09-11-2014 15:46:20 Installed Java 7 Update 71
12-11-2014 09:00:32 Windows Update
12-11-2014 18:26:17 Windows Update
12-11-2014 19:48:15 Installed Java 7 Update 71
12-11-2014 20:16:00 Device Driver Package Install: BitDefender LLC Network Service

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 04:34 - 2006-09-18 13:37 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {16401C9B-705D-4F18-AE8C-61E922B592A2} - System32\Tasks\GoogleUpdateTaskMachineCore1cf4c468a09bf30 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2008-08-06] (Google Inc.)
Task: {1FBD23B3-C6A4-4E3F-A6B4-579B682F97A6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {27F35796-52FD-4041-A722-0F45210DE47F} - System32\Tasks\MHotkey => C:\Windows\MHotKey.exe [2008-05-30] ()
Task: {2E432A43-B25C-48BC-9823-9CBF65236FF5} - System32\Tasks\update-S-1-5-21-2265821247-3271303352-2493671787-1000 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2014-03-25] ()
Task: {2FE41E8E-F272-4302-B623-81B5FDAC1C42} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2008-08-06] (Google Inc.)
Task: {417DD335-F040-40ED-953D-269AA49FE1C6} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Carl => C:\Program Files\Windows Calendar\WinCal.exe [2008-01-20] (Microsoft Corporation)
Task: {6F4FC5DF-4464-49C9-A0F5-CE3663A8DEAD} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2014-03-25] ()
Task: {8FBC437D-E0CA-400F-8B8E-BF3958401487} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2013-03-31] () <==== ATTENTION
Task: {B4064DBF-457F-46EF-8884-ACAA4AF07010} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-12] (Adobe Systems Incorporated)
Task: {D8D335E4-0197-4ADE-BD19-8DB1BD93EBD2} - System32\Tasks\GoogleUpdateTaskMachineUA1cf4c468da22830 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2008-08-06] (Google Inc.)
Task: {DE7CB60C-8F79-4D3D-A460-B685A59D77D1} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-08-07] ()
Task: {E0465D82-723A-475D-B999-C4E25ACA34FC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2008-08-06] (Google Inc.)
Task: {E757A55D-EC85-47F9-9BD8-1F4E99A34001} - System32\Tasks\update-S-1-5-21-2265821247-3271303352-2493671787-1003 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2014-03-25] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf4c468a09bf30.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf4c468da22830.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\update-S-1-5-21-2265821247-3271303352-2493671787-1000.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\update-S-1-5-21-2265821247-3271303352-2493671787-1003.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

==================== Loaded Modules (whitelisted) =============

2014-03-26 13:19 - 2008-08-06 06:37 - 00265080 _____ () C:\Program Files\Bitdefender\Bitdefender\txmlutil.dll
2014-03-26 13:21 - 2014-08-13 01:16 - 00003072 _____ () C:\Program Files\Bitdefender\Bitdefender\UI\accessl.ui
2014-03-26 13:20 - 2011-11-14 18:17 - 00153680 _____ () C:\Program Files\Bitdefender\Bitdefender\bdfwcore.dll
2014-03-26 13:21 - 2014-08-13 01:16 - 00004608 _____ () C:\Program Files\Bitdefender\Bitdefender\UI\IMSecurityAL.ui
2014-07-23 23:43 - 2014-07-23 23:43 - 00780592 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00047_008\ashttpbr.mdl
2014-07-23 23:43 - 2014-07-23 23:43 - 00568400 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00047_008\ashttpdsp.mdl
2014-07-23 23:43 - 2014-07-23 23:43 - 02602680 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00047_008\ashttpph.mdl
2014-07-23 23:43 - 2014-07-23 23:43 - 01323408 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00047_008\ashttprbl.mdl
2009-04-08 13:04 - 2008-06-11 10:18 - 00024576 ____N () C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe
2009-04-08 13:05 - 2009-04-08 13:05 - 00032768 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.Controller\3.0.3009.0__14bcaafdb44b5951\Framework.Model.Controller.dll
2009-04-08 13:05 - 2009-04-08 13:05 - 00009216 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3009.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll
2009-04-08 13:05 - 2009-04-08 13:05 - 00061440 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3009.0__3036420f80dd6947\Framework.Library.dll
2009-04-08 13:05 - 2009-04-08 13:05 - 00015360 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Host\3.0.3009.0__672b450de5a7e94a\Framework.Host.dll
2009-04-08 13:05 - 2009-04-08 13:05 - 00006144 _____ () C:\Windows\assembly\GAC_MSIL\Framework.PluginInterface\3.0.3009.0__9ecdf03bb2054f94\Framework.PluginInterface.dll
2009-04-08 13:05 - 2009-04-08 13:05 - 00036864 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3009.0__4df5dcab8860d239\Framework.Utility.dll
2008-11-03 13:43 - 2008-08-19 18:53 - 00244904 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2014-03-26 13:21 - 2013-03-25 14:16 - 01117920 _____ () C:\Program Files\Bitdefender\Bitdefender SafeBox\System.Data.SQLite.dll
2008-08-30 01:59 - 2008-08-30 01:59 - 00117248 _____ () C:\Windows\system32\atitmm64.dll
2011-09-03 13:52 - 2011-05-28 21:05 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2009-04-08 13:02 - 2008-05-30 09:50 - 00581120 ____N () C:\Windows\MHotKey.exe
2010-05-07 15:34 - 2010-05-07 15:34 - 00168792 ____N () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
2010-05-07 15:43 - 2010-05-07 15:43 - 00651096 ____N () C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
2014-04-23 15:05 - 2014-04-23 15:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-04-23 15:04 - 2014-04-23 15:04 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2009-08-31 20:39 - 2009-08-31 20:39 - 00755712 _____ () C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.56.0__28c9bcd4dddc48a1\System.Data.SQLite.dll
2009-08-31 20:54 - 2009-08-31 20:54 - 00471040 ____N () C:\Windows\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
2010-04-11 11:04 - 2010-04-11 11:04 - 00854016 _____ () C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll
2010-04-11 11:04 - 2010-04-11 11:04 - 00471040 _____ () C:\Windows\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
2011-02-22 06:55 - 2011-02-22 06:55 - 00476520 _____ () C:\Windows\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
2014-03-26 13:19 - 2008-08-06 06:37 - 00204280 _____ () C:\Program Files\Bitdefender\Bitdefender\antispam32\txmlutil.dll
2014-11-13 09:00 - 2014-11-13 09:00 - 00043008 _____ () c:\users\carl\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbntmea.dll
2013-08-23 11:01 - 2013-08-23 11:01 - 25100288 _____ () C:\Users\Carl\AppData\Roaming\Dropbox\bin\libcef.dll
2010-05-07 15:35 - 2010-05-07 15:35 - 02143576 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2010-05-07 15:35 - 2010-05-07 15:35 - 07954776 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2010-05-07 15:36 - 2010-05-07 15:36 - 00340824 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2010-05-07 15:36 - 2010-05-07 15:36 - 00921944 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtNetwork4.dll
2010-05-07 15:37 - 2010-05-07 15:37 - 00027480 ____N () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2010-05-07 15:37 - 2010-05-07 15:37 - 00126808 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2010-11-12 06:23 - 2010-11-12 06:23 - 00330584 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Carl\Downloads\AnySendSetup.exe:BDU
AlternateDataStreams: C:\Users\Carl\Downloads\bitdefender_tsecurity.exe:BDU
AlternateDataStreams: C:\Users\Carl\Downloads\Combatarms_VER_US_2.1206.09.exe.ftpfygb.partial:BDU
AlternateDataStreams: C:\Users\Carl\Downloads\iLividSetupV1 (1).exe:BDU
AlternateDataStreams: C:\Users\Carl\Downloads\Internet_Explorer.exe:BDU
AlternateDataStreams: C:\Users\Carl\Downloads\iTunes64Setup.exe.eti0yqo.partial:BDU
AlternateDataStreams: C:\Users\Carl\Downloads\LeagueofLegends (1).exe:BDU
AlternateDataStreams: C:\Users\Carl\Downloads\LeagueofLegends.exe:BDU
AlternateDataStreams: C:\Users\Carl\Downloads\Minecraft (4).exe:BDU
AlternateDataStreams: C:\Users\Carl\Downloads\MusicnotesSuite.exe:BDU
AlternateDataStreams: C:\Users\Carl\Downloads\setup-lightshot-2.0.1.5.exe:BDU
AlternateDataStreams: C:\Users\Carl\Downloads\Unconfirmed 48515.crdownload:BDU
AlternateDataStreams: C:\Users\David\Desktop\mcpatcher-2.4.0.exe:BDU
AlternateDataStreams: C:\Users\David\Desktop\Minecraft.exe:BDU
AlternateDataStreams: C:\Users\David\Desktop\SWTOR_setup.exe:BDU
AlternateDataStreams: C:\Users\David\Desktop\TechnicLauncher (3).exe:BDU
AlternateDataStreams: C:\Users\David\Downloads\chromeinstall-7u5.exe:BDU
AlternateDataStreams: C:\Users\David\Downloads\chromeinstall-7u9 (1).exe:BDU
AlternateDataStreams: C:\Users\David\Downloads\chromeinstall-7u9.exe:BDU
AlternateDataStreams: C:\Users\David\Downloads\GamersFirst_LIVE!_Setup_EN.exe:BDU
AlternateDataStreams: C:\Users\David\Downloads\jre-7-windows-x64.exe:BDU
AlternateDataStreams: C:\Users\David\Downloads\LeagueofLegends.exe:BDU
AlternateDataStreams: C:\Users\David\Downloads\mcpatcher-2.3.6.exe:BDU
AlternateDataStreams: C:\Users\David\Downloads\Minecraft (1).exe:BDU
AlternateDataStreams: C:\Users\David\Downloads\Minecraft.exe:BDU
AlternateDataStreams: C:\Users\David\Downloads\SkypeSetup.exe:BDU
AlternateDataStreams: C:\Users\mlstruck\Downloads\GraboidVideoInstaller-5.1.0.0.exe:BDU

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk => C:\Windows\pss\GamersFirst LIVE!.lnk.CommonStartup
MSCONFIG\startupreg: Praetorian =>
MSCONFIG\startupreg: SelectRebates => "C:\Program Files (x86)\SelectRebates\SelectRebates.exe"
MSCONFIG\startupreg: Smart Copy => "C:\Program Files (x86)\IOI\Smart Copy\ButtonMonitor.exe" -A

========================= Accounts: ==========================

Administrator (S-1-5-21-2265821247-3271303352-2493671787-500 - Administrator - Disabled)
Carl (S-1-5-21-2265821247-3271303352-2493671787-1000 - Administrator - Enabled) => C:\Users\Carl
David (S-1-5-21-2265821247-3271303352-2493671787-1003 - Limited - Enabled) => C:\Users\David
Guest (S-1-5-21-2265821247-3271303352-2493671787-501 - Limited - Disabled)
Julie (S-1-5-21-2265821247-3271303352-2493671787-1002 - Limited - Enabled) => C:\Users\Julie
Katie (S-1-5-21-2265821247-3271303352-2493671787-1004 - Limited - Enabled) => C:\Users\Katie
mlstruck (S-1-5-21-2265821247-3271303352-2493671787-1001 - Administrator - Enabled) => C:\Users\mlstruck

==================== Faulty Device Manager Devices =============

Name: Microsoft ISATAP Adapter
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft ISATAP Adapter #4
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft ISATAP Adapter #7
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name:
Description:
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (11/13/2014 09:02:33 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application chrome.exe, version 37.0.2062.120, time stamp 0x5407bf0e, faulting module chrome.dll, version 37.0.2062.120, time stamp 0x5407bc49, exception code 0x80000003, fault offset 0x004efc90,
process id 0x1b10, application start time 0xchrome.exe0.

Error: (11/13/2014 08:59:10 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/13/2014 08:59:10 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/13/2014 08:59:10 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/13/2014 08:59:10 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/13/2014 08:59:10 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/13/2014 08:59:10 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/13/2014 08:59:10 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/12/2014 09:04:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application chrome.exe, version 37.0.2062.120, time stamp 0x5407bf0e, faulting module chrome.dll, version 37.0.2062.120, time stamp 0x5407bc49, exception code 0x80000003, fault offset 0x004efc90,
process id 0x19fc, application start time 0xchrome.exe0.

Error: (11/12/2014 06:46:17 PM) (Source: LoadPerf) (EventID: 3011) (User: )
Description: WmiApRplWmiApRpl8

System errors:
=============
Error: (11/12/2014 06:42:48 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: HP CUE DeviceDiscovery Service

Error: (11/12/2014 06:40:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: int15%%31

Error: (11/12/2014 06:40:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Intel® PRO/1000 NDIS 6 Adapter Driver%%1058

Error: (11/12/2014 02:11:20 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (11/12/2014 02:11:18 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (11/12/2014 02:11:16 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (11/12/2014 02:11:14 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (11/12/2014 02:11:11 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (11/12/2014 02:11:09 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (11/12/2014 02:11:07 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Microsoft Office Sessions:
=========================
Error: (04/01/2012 00:57:59 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 129 seconds with 120 seconds of active time.  This session ended with a crash.

CodeIntegrity Errors:
===================================
  Date: 2014-11-07 14:08:27.504
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-07 14:08:26.947
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-07 14:08:26.377
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-07 14:08:25.831
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-07 10:53:49.286
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-07 10:53:48.766
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-07 10:53:48.250
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-07 10:53:47.718
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-07 10:43:53.165
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-26 13:37:21.585
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\bdsandbox.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: AMD Phenom™ 9150e Quad-Core Processor
Percentage of memory in use: 67%
Total physical RAM: 3838.27 MB
Available physical RAM: 1252.93 MB
Total Pagefile: 7902.96 MB
Available Pagefile: 4870.04 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:586.4 GB) (Free:367.57 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 596.2 GB) (Disk ID: 83E6D949)
Partition 1: (Not Active) - (Size=9.8 GB) - (Type=27)
Partition 2: (Active) - (Size=586.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 


    Advertisements

Register to Remove


#2 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 14 November 2014 - 10:30 AM

Hi cstruck,

My name is OCD. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • Copy and Paste logs directly into the reply window. DO NOT attach the logs unless specifically instructed to do so.
IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

Please stay with this topic until I let you know that your system appears to be "All Clear"

Important: All tools MUST be run from the Desktop.

=========================

bullseye_zpse9eaf36e.gif Security Check

Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
=========================

bullseye_zpse9eaf36e.gif AdwCleaner v3: Scan & Clean
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a log file report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that log file in your next reply.
  • A copy of that log file will also be saved in the C:\AdwCleaner folder.
=========================

bullseye_zpse9eaf36e.gif Junkware Removal Tool

Download Junkware Removal Tool to your desktop.
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Shut down your protection software now to avoid potential conflicts.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
=========================

bullseye_zpse9eaf36e.gif Reboot

=========================

bullseye_zpse9eaf36e.gif Re-run Farbar Recovery Scan Tool it should be on your desktop.
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • When the tool opens click Yes to disclaimer.
    {8}Be sure to check the Addition box
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
=========================

In your next post please provide the following:
  • checkup.txt
  • AdwCleaner[S0].txt
  • JRT.txt
  • new FRST.txt
  • new Addition.txt

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#3 cstruck

cstruck

    Authentic Member

  • Authentic Member
  • PipPip
  • 80 posts

Posted 14 November 2014 - 10:59 AM

Good Morning OCD.  Had a restart last night while my daughter was on the computer and FRST.exe and MBR.exe are both missing from desk top and Google Chrome is not working (I had uninstalled and reenstalled and it was working).  Do I need to download the programs again and run new scans to establish baseline or should I proceed with your direction above?



#4 cstruck

cstruck

    Authentic Member

  • Authentic Member
  • PipPip
  • 80 posts

Posted 14 November 2014 - 11:30 AM

Results of screen317's Security Check version 0.99.89 
 Windows Vista Service Pack 2 x64 (UAC is enabled) 
 Internet Explorer 9 
 Internet Explorer 8 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Disabled! 
Bitdefender Antivirus  
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 JavaFX 2.1.1   
 Java 7 Update 71 
 Java version out of Date!
 Adobe Flash Player  15.0.0.223 
 Adobe Reader 8 Adobe Reader out of Date!
 Adobe Reader 10.1.10 Adobe Reader out of Date! 
 Mozilla Firefox 4.0 Firefox out of Date! 
 Google Chrome 37.0.2062.103 
 Google Chrome 37.0.2062.120 
````````Process Check: objlist.exe by Laurent```````` 
 Bitdefender Bitdefender vsserv.exe 
 Bitdefender Bitdefender bdagent.exe 
 Bitdefender Bitdefender pmbxag.exe 
 Bitdefender Bitdefender antispam32 bdapppassmgr.exe
 Bitdefender Bitdefender updatesrv.exe 
 Bitdefender Bitdefender SafeBox safeboxservice.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 7 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 



#5 cstruck

cstruck

    Authentic Member

  • Authentic Member
  • PipPip
  • 80 posts

Posted 14 November 2014 - 11:43 AM

# AdwCleaner v4.101 - Report created 14/11/2014 at 11:34:34
# Updated 09/11/2014 by Xplode
# Database : 2014-11-07.1 [Local]
# Operating System : Windows ™ Vista Home Premium Service Pack 2 (64 bits)
# Username : Carl - CARL-PC
# Running from : C:\Users\Carl\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

[!] Folder Deleted : C:\ProgramData\apn
[!] Folder Deleted : C:\ProgramData\Ask
[!] Folder Deleted : C:\ProgramData\AskPartnerNetwork
[!] Folder Deleted : C:\ProgramData\FileCure
[!] Folder Deleted : C:\ProgramData\GamesBar
[!] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GamesBar
[!] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid
[!] Folder Deleted : C:\Program Files (x86)\Ask.com
[!] Folder Deleted : C:\Program Files (x86)\AskPartnerNetwork
[!] Folder Deleted : C:\Program Files (x86)\ConduitEngine
[!] Folder Deleted : C:\Program Files (x86)\Free Offers from Freeze.com
[!] Folder Deleted : C:\Program Files (x86)\GamesBar
[!] Folder Deleted : C:\Program Files (x86)\iLivid
[!] Folder Deleted : C:\Program Files (x86)\ParetoLogic
[!] Folder Deleted : C:\Program Files (x86)\PlaySushi
[!] Folder Deleted : C:\Program Files (x86)\Search Toolbar
[!] Folder Deleted : C:\Program Files (x86)\SelectRebates
[!] Folder Deleted : C:\Program Files (x86)\Shop To Win
[!] Folder Deleted : C:\Program Files (x86)\Windows iLivid Toolbar
[!] Folder Deleted : C:\Program Files (x86)\Windows Searchqu Toolbar
[!] Folder Deleted : C:\Program Files (x86)\Skillbrains
[!] Folder Deleted : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
[!] Folder Deleted : C:\Users\Carl\AppData\Local\apn
[!] Folder Deleted : C:\Users\Carl\AppData\Local\Ilivid Player
[!] Folder Deleted : C:\Users\Carl\AppData\Local\PackageAware
[!] Folder Deleted : C:\Users\Carl\AppData\Local\Skillbrains
[!] Folder Deleted : C:\Users\Carl\AppData\Local\Temp\apn
[!] Folder Deleted : C:\Users\Carl\AppData\LocalLow\AskToolbar
[!] Folder Deleted : C:\Users\Carl\AppData\LocalLow\ConduitEngine
[!] Folder Deleted : C:\Users\Carl\AppData\LocalLow\HPAppData
[!] Folder Deleted : C:\Users\Carl\AppData\LocalLow\Searchqutoolbar
[!] Folder Deleted : C:\Users\Carl\Documents\DealRunner
[!] Folder Deleted : C:\Users\David\AppData\Local\Skillbrains
[!] Folder Deleted : C:\Users\David\AppData\Local\Temp\apn
[!] Folder Deleted : C:\Users\David\AppData\LocalLow\AskToolbar
[!] Folder Deleted : C:\Users\David\AppData\LocalLow\ConduitEngine
[!] Folder Deleted : C:\Users\David\AppData\LocalLow\HPAppData
[!] Folder Deleted : C:\Users\David\AppData\LocalLow\Searchqutoolbar
[!] Folder Deleted : C:\Users\David\AppData\Roaming\Bandoo
[!] Folder Deleted : C:\Users\Julie\AppData\LocalLow\AskToolbar
[!] Folder Deleted : C:\Users\Julie\AppData\LocalLow\HPAppData
[!] Folder Deleted : C:\Users\Julie\AppData\LocalLow\Searchqutoolbar
[!] Folder Deleted : C:\Users\Katie\AppData\Local\Temp\apn
[!] Folder Deleted : C:\Users\Katie\AppData\LocalLow\AskToolbar
[!] Folder Deleted : C:\Users\Katie\AppData\LocalLow\ConduitEngine
[!] Folder Deleted : C:\Users\Katie\AppData\LocalLow\HPAppData
[!] Folder Deleted : C:\Users\Katie\AppData\LocalLow\Searchqutoolbar
[!] Folder Deleted : C:\Users\Katie\AppData\Roaming\Bandoo
[!] Folder Deleted : C:\Users\mlstruck\AppData\Local\Conduit
[!] Folder Deleted : C:\Users\mlstruck\AppData\Local\Temp\apn
[!] Folder Deleted : C:\Users\mlstruck\AppData\Local\Temp\FileCure
[!] Folder Deleted : C:\Users\mlstruck\AppData\LocalLow\AskToolbar
[!] Folder Deleted : C:\Users\mlstruck\AppData\LocalLow\ConduitEngine
[!] Folder Deleted : C:\Users\mlstruck\AppData\LocalLow\HPAppData
[!] Folder Deleted : C:\Users\mlstruck\AppData\LocalLow\Searchqutoolbar
[!] Folder Deleted : C:\Users\mlstruck\AppData\Roaming\Bandoo
[!] Folder Deleted : C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\85w9rd3l.default\Extensions\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
[!] Folder Deleted : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\de69s8aj.default\Extensions\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
[!] Folder Deleted : C:\Users\Julie\AppData\Roaming\Mozilla\Firefox\Profiles\o9beqd1t.default\Extensions\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
[!] Folder Deleted : C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\7agy3rz5.default\Extensions\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
[!] Folder Deleted : C:\Users\mlstruck\AppData\Roaming\Mozilla\Firefox\Profiles\iyuxhajz.default\Extensions\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
[!] Folder Deleted : C:\Users\mlstruck\AppData\Roaming\Mozilla\Firefox\Profiles\iyuxhajz.default\Extensions\firefox@bandoo.com
[!] Folder Deleted : C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\85w9rd3l.default\Extensions\gamesbar@oberon-media.com
[!] Folder Deleted : C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\85w9rd3l.default\Extensions\toolbar@ask.com
[!] Folder Deleted : C:\Users\Carl\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo
[!] Folder Deleted : C:\Users\Katie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo
[!] Folder Deleted : C:\Users\Carl\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
[!] Folder Deleted : C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
[!] Folder Deleted : C:\Users\Katie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
[!] Folder Deleted : C:\Users\mlstruck\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
File Deleted : C:\Users\Public\Desktop\eBay.lnk
File Deleted : C:\Users\Katie\Desktop\Free Dolphin Screensaver.lnk
File Deleted : C:\Users\mlstruck\AppData\Local\Temp\Searchqu.ini
File Deleted : C:\Users\mlstruck\AppData\Local\Temp\SetupDataMngr_Searchqu.exe
File Deleted : C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\85w9rd3l.default\searchplugins\Askcom.xml
File Deleted : C:\Users\mlstruck\AppData\Roaming\Mozilla\Firefox\Profiles\iyuxhajz.default\searchplugins\SearchquWebSearch.xml
File Deleted : C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\85w9rd3l.default\searchplugins\SearchResults.xml
File Deleted : C:\Users\mlstruck\AppData\Roaming\Mozilla\Firefox\Profiles\iyuxhajz.default\user.js
File Deleted : C:\Users\Katie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
File Deleted : C:\Users\Katie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal

***** [ Scheduled Tasks ] *****

Task Deleted : Scheduled Update for Ask Toolbar
Task Deleted : update-sys
Task Deleted : update-S-1-5-21-2265821247-3271303352-2493671787-1000
Task Deleted : update-S-1-5-21-2265821247-3271303352-2493671787-1003

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [LightShot]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BandooCore.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\PSText.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ShoppingBHO.DLL
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.BandooCore
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.BandooCore.1
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr.1
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr.1
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr.1
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\ilivid
Key Deleted : HKLM\SOFTWARE\Classes\oberontb.band
Key Deleted : HKLM\SOFTWARE\Classes\oberontb.band.1
Key Deleted : HKLM\SOFTWARE\Classes\oberontb.GamesBarBHO
Key Deleted : HKLM\SOFTWARE\Classes\oberontb.GamesBarBHO.1
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\PSText.IEButton
Key Deleted : HKLM\SOFTWARE\Classes\PSText.IEButton.1
Key Deleted : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard
Key Deleted : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]
Key Deleted : HKLM\SOFTWARE\Classes\FCSB000063449.JSOptionsImpl
Key Deleted : HKLM\SOFTWARE\Classes\FCSB000063449.JSOptionsImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\FCSB000063449.Shopping
Key Deleted : HKLM\SOFTWARE\Classes\FCSB000063449.Shopping.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{E89A07B5-BD7A-43F9-BDA4-0DAA48AC4FA5}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EB583FE1-9458-4EDA-AC68-24D24F17C70F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6F282B65-56BF-4BD1-A8B2-A4449A05863D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EBD24BD3-E272-4FA3-A8BA-C5D709757CAB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{AD76633E-E50D-4844-9E7F-4DFBC7C18467}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1A93C934-025B-4C3A-B38E-9654A7003239}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6F282B65-56BF-4BD1-A8B2-A4449A05863D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBD24BD3-E272-4FA3-A8BA-C5D709757CAB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6F282B65-56BF-4BD1-A8B2-A4449A05863D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EBD24BD3-E272-4FA3-A8BA-C5D709757CAB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{1A93C934-025B-4C3A-B38E-9654A7003239}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EBD24BD3-E272-4FA3-A8BA-C5D709757CAB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{6F282B65-56BF-4BD1-A8B2-A4449A05863D}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B9E6FD3E-8BA1-4A89-A304-665EB168D404}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA74C8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\gamesbar
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\pc optimizer pro
Key Deleted : HKCU\Software\ShopToWin
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\PlaySushi
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine
Key Deleted : HKCU\Software\AppDataLow\Software\Elf_1
Key Deleted : HKCU\Software\AppDataLow\Software\Freecause
Key Deleted : HKCU\Software\AppDataLow\Software\searchqutoolbar
Key Deleted : HKLM\SOFTWARE\APN
Key Deleted : HKLM\SOFTWARE\AskToolbar
Key Deleted : HKLM\SOFTWARE\Bandoo
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\conduitEngine
Key Deleted : HKLM\SOFTWARE\DataMngr
Key Deleted : HKLM\SOFTWARE\Elf_1
Key Deleted : HKLM\SOFTWARE\Freeze.com
Key Deleted : HKLM\SOFTWARE\gamesbar
Key Deleted : HKLM\SOFTWARE\ilivid
Key Deleted : HKLM\SOFTWARE\ParetoLogic
Key Deleted : HKLM\SOFTWARE\SearchquMediabarTb
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\gamesbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ilivid
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 101 MediaBar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 406 MediaBar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\gamesbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ilivid
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\pc optimizer pro
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PlaySushi
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu 101 MediaBar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu 406 MediaBar
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\pc optimizer pro
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\wi9130~1\datamngr\datamngr.dll
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\wi9130~1\datamngr\iebho.dll
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\WI9130~1\Datamngr\x64\datamngr.dll
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\WI9130~1\Datamngr\x64\IEBHO.dll
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16592

-\\ Mozilla Firefox v4.0 (en-US)

[85w9rd3l.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultengine", "Ask.com");
[85w9rd3l.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultenginename", "Ask.com");
[85w9rd3l.default\prefs.js] - Line Deleted : user_pref("browser.search.order.1", "Ask.com");
[85w9rd3l.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "Ask.com");
[85w9rd3l.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.InstallDir", "C:\\Program Files (x86)\\Ask.com\\");
[85w9rd3l.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.abar-war-regex", "conduit\\.com");
[85w9rd3l.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.apn_dbr", "ie_9.0.8112.16421");
[85w9rd3l.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.autofill-competitor-query-enabled", true);
[85w9rd3l.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.cbid", "TV");
[85w9rd3l.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.config-updated", true);
[85w9rd3l.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.cr-o", "");
[85w9rd3l.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.crumb", "2013.04.03+15.36.06-toolbar020iad-US-U2FuIEx1aXMgT2Jpc3BvLENBLFVuaXRlZCBTdGF0ZXM%3D");
[85w9rd3l.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://www.ask.com/web?q={query}&o={o}&l={l}&qsrc={qsrc}&gct=bar");
[85w9rd3l.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.displaybehavior", "");
[85w9rd3l.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.displaytext", "");
[85w9rd3l.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.dtid", "OSJ000YYUS");
[85w9rd3l.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", false);
[85w9rd3l.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.dyn-weather-locid-weatherWidget", "USCA1000");
[85w9rd3l.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.dyn-weather-tempunit-weatherWidget", "F");
[85w9rd3l.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.first-restart-after-config-update", true);
[85w9rd3l.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.fresh-install", false);
[85w9rd3l.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.guid", "48ECC8AE-F2A2-4584-A720-2AF6CDFBA7A6");
[85w9rd3l.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com\", \"www.facebook.com\", \"www.playsushi.com\", \"WWW.google.com\", \"hxxps://websearch.ask.com\", [...]
[85w9rd3l.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.if", "upd");
[85w9rd3l.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.keyword-toggled-in-session", false);
[85w9rd3l.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.l", "dis");
[85w9rd3l.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.last-config-req", "1381812950013");
[85w9rd3l.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.locale", "en_US");
[85w9rd3l.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.location", "San Luis Obispo,CA,United States");
[85w9rd3l.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.lstation", "");
[85w9rd3l.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.new-tab-opt-out", true);
[85w9rd3l.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.news-native-on", true);
[85w9rd3l.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.o", "100000031");
[85w9rd3l.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.oldVersion", "5.15.23.36191");
[85w9rd3l.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
[85w9rd3l.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.pstate", "");
[85w9rd3l.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.qsrc", "2871");
[85w9rd3l.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.r", "22");
[85w9rd3l.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.sa", "YES");
[85w9rd3l.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.saguid", "FC4FEF87-F8BC-4F7D-9025-E03A648423C2");
[85w9rd3l.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.search-plugin-suggestions-url", "hxxp://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms}");
[85w9rd3l.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.search-suggestions-enabled", true);
[85w9rd3l.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);
[85w9rd3l.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.socialmini-first", true);
[85w9rd3l.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.socialmini-interval", "1200000");
[85w9rd3l.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.socialmini-max-char-ticker", "33");
[85w9rd3l.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.socialmini-max-items", "30");
[85w9rd3l.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.socialmini-native-on", true);
[85w9rd3l.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.socialmini-speed", "10000");
[85w9rd3l.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.socialmini-transition-first-open", false);
[85w9rd3l.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.themeid", "");
[85w9rd3l.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.timeinstalled", "4/11/2013 11:55:02 AM");
[85w9rd3l.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.to", "");
[85w9rd3l.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.v", "3.15.23.100013");
[85w9rd3l.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.version", "5.15.23.36191");
[85w9rd3l.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.volume", "");
[85w9rd3l.default\prefs.js] - Line Deleted : \");!(null!=b&&(-1!=b.indexOf(\\\\\\\"mbl:\\\\\\\")-1!=b.indexOf(\\\\\\\"ww:\\\\\\\")-1!=b.indexOf(\\\\\\\"rltm:\\\\\\\"))null!=c&&(-1!=c.indexOf(\\\\\\\"mbl\\\\\\\")-1!=c.indexOf(\\\\\\\"isch[...]
[85w9rd3l.default\prefs.js] - Line Deleted : \"rltm:\\\\\\\"))null!=c&&(-1!=c.indexOf(\\\\\\\"mbl\\\\\\\")-1!=c.indexOf(\\\\\\\"isch\\\\\\\")))(a=!1);(b=document.getElementsByTagName(\\\\\\\"body\\\\\\\"))&&(b.length&&\\\\\\\"rtl\\\\\\\"==[...]
[85w9rd3l.default\prefs.js] - Line Deleted : user_pref("extensions.enabledAddons", "{5befc0da-3d3d-1bde-61c9-d91915f7ddda}:4.6.6.6,{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.8.0.8855,{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26,gamesbar@oberon-me[...]
[85w9rd3l.default\prefs.js] - Line Deleted : PRtuZ5Zbt7UGUBPKgghIl0xM2YKtTi5kToUTMo+QIPLt6Ii9EpiMy0wvhXFuYOISmrZMt8S7Y2WXeY65ro7kgy2ujwuZjbja16XGS5kU2Wg+ysaU2RlZZVwnKJbtmidrYjXhzeMkHdfQs2GaQ11Oo/BnWwUPXDmAGEqj7ftbcqQEtknuimlV4/YfT33Xqf/oN8v+7cbP[...]
[85w9rd3l.default\prefs.js] - Line Deleted : :\"C:\\\\Users\\\\Carl\\\\AppData\\\\Roaming\\\\Mozilla\\\\Extensions\\\\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\\\\textlinks@playsushi.com\",\"mtime\":1354829658745}}},{\"name\":\"app-profile\",\"addo[...]
[85w9rd3l.default\prefs.js] - Line Deleted : user_pref("extensions.vb@yandex.ru.description", "Keep all your favorite sites in one place with Visual Bookmarks. Simply click on the one of the mini webpages to visit a site. You can customize the n[...]
[85w9rd3l.default\prefs.js] - Line Deleted : user_pref("extensions.yasearch@yandex.ru.defender.homepage.protected", "hxxp://www.searchqu.com/");
[85w9rd3l.default\prefs.js] - Line Deleted : user_pref("keyword.URL", "hxxp://www.searchqu.com/web?src=ffb&systemid=101&q=");
[85w9rd3l.default\prefs.js] - Line Deleted : user_pref("playsushi.position.button", true);
[85w9rd3l.default\prefs.js] - Line Deleted : user_pref("yasearch.defence.homepage.protected", "hxxp://www.searchqu.com/");
[85w9rd3l.default\prefs.js] - Line Deleted : user_pref("yasearch.native_comps.hxxp://bar-widgets.yandex.ru/packages/approved/176/manifest.xml#smartbox.all.settings.searchName", "Ask.com");
[85w9rd3l.default\prefs.js] - Line Deleted : user_pref("yasearch.static.hxxp://bar-widgets.yandex.ru/packages/approved/176/manifest.xml#smartbox.all.settings.enginename", "Ask.com");
[85w9rd3l.default\prefs.js] - Line Deleted : user_pref("browser.startup.homepage", "hxxp://www.msn.com/?pc=UP97&ocid=UP97DHPhxxp://www.searchqu.com/");
[de69s8aj.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultengine", "Ask.com");
[de69s8aj.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultenginename", "Ask.com");
[de69s8aj.default\prefs.js] - Line Deleted : user_pref("browser.search.order.1", "Ask.com");
[de69s8aj.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "Ask.com");
[de69s8aj.default\prefs.js] - Line Deleted : user_pref("browser.startup.homepage", "hxxp://www.searchqu.com/");
[de69s8aj.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://www.searchqu.com/web?src=ffb&systemid=101&q=");
[de69s8aj.default\prefs.js] - Line Deleted : user_pref("extensions.assist.storage.CachedhxxpRequest.hxxp://ring-tools.info/scripts/q0.php?product_id={B3834E60-12A8-11E0-A289-939FDFD72085}&product_version=2.0.1", "\"[{\\\"type\\\":\\\"content\\\"[...]
[de69s8aj.default\prefs.js] - Line Deleted : user_pref("extensions.assist.storage.script_loader.data", "\"[{\\\"type\\\":\\\"content\\\",\\\"code\\\":\\\"\\\\/\\\\/ ==UserScript==\\\\n\\\\/\\\\/ @include *:\\\\/\\\\/www.google.*\\\\/*\\\\n\\\\/\[...]
[de69s8aj.default\prefs.js] - Line Deleted : user_pref("keyword.URL", "hxxp://www.searchqu.com/web?src=ffb&systemid=101&q=");
[o9beqd1t.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultenginename", "Ask.com");
[o9beqd1t.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "Ask.com");
[o9beqd1t.default\prefs.js] - Line Deleted : user_pref("browser.search.order.1", "Ask.com");
[o9beqd1t.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultengine", "Ask.com");
[o9beqd1t.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://www.bing.com/search?FORM=GM2TDF&PC=GM2TDF&q=");
[7agy3rz5.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultenginename", "Ask.com");
[7agy3rz5.default\prefs.js] - Line Deleted : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_uid=48ECC8AE-F2A2-4584-A720-2AF6CDFBA7A6&apn_ptnrs=TV&apn_sauid=FC4FEF87-F8BC-4F7D-9025-E03A648423C2&[...]
[7agy3rz5.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "Ask.com");
[7agy3rz5.default\prefs.js] - Line Deleted : user_pref("browser.search.order.1", "Ask.com");
[7agy3rz5.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultengine", "Ask.com");
[7agy3rz5.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://www.bing.com/search?FORM=GM2TDF&PC=GM2TDF&q=");
[iyuxhajz.default\prefs.js] - Line Deleted : user_pref("browser.startup.homepage", "hxxp://www.searchqu.com/");
[iyuxhajz.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "Ask.com");
[iyuxhajz.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultenginename", "Ask.com");
[iyuxhajz.default\prefs.js] - Line Deleted : user_pref("browser.search.order.1", "Ask.com");
[iyuxhajz.default\prefs.js] - Line Deleted : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_uid=48ECC8AE-F2A2-4584-A720-2AF6CDFBA7A6&apn_ptnrs=TV&apn_sauid=FC4FEF87-F8BC-4F7D-9025-E03A648423C2&[...]
[iyuxhajz.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultengine", "Ask.com");
[iyuxhajz.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://www.searchqu.com/web?src=ffb&systemid=101&q=");

-\\ Google Chrome v37.0.2062.120

[C:\Users\Carl\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.searchqu.com/web?src=crb&appid=101&systemid=406&sr=0&q={searchTerms}
[C:\Users\Carl\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=100000031&locale=en_US&apn_uid=48ECC8AE-F2A2-4584-A720-2AF6CDFBA7A6&apn_ptnrs=TV&apn_sauid=FC4FEF87-F8BC-4F7D-9025-E03A648423C2&apn_dtid=OSJ000YYUS&q={searchTerms}
[C:\Users\Carl\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=100000031&locale=en_US&apn_uid=48ECC8AE-F2A2-4584-A720-2AF6CDFBA7A6&apn_ptnrs=TV&apn_sauid=FC4FEF87-F8BC-4F7D-9025-E03A648423C2&apn_dtid=OSJ000YYUS&q={searchTerms}
[C:\Users\Carl\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Carl\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Katie\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Katie\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\mlstruck\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2856415
[C:\Users\mlstruck\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2856415
[C:\Users\mlstruck\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.searchqu.com/web?src=ieb&systemid=101&q={searchTerms}
[C:\Users\mlstruck\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\mlstruck\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\mlstruck\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.searchqu.com/web?src=ieb&systemid=101&q={searchTerms}

-\\ Chromium v

[C:\Users\Carl\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.searchqu.com/web?src=crb&appid=101&systemid=406&sr=0&q={searchTerms}
[C:\Users\Carl\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=100000031&locale=en_US&apn_uid=48ECC8AE-F2A2-4584-A720-2AF6CDFBA7A6&apn_ptnrs=TV&apn_sauid=FC4FEF87-F8BC-4F7D-9025-E03A648423C2&apn_dtid=OSJ000YYUS&q={searchTerms}
[C:\Users\Carl\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=100000031&locale=en_US&apn_uid=48ECC8AE-F2A2-4584-A720-2AF6CDFBA7A6&apn_ptnrs=TV&apn_sauid=FC4FEF87-F8BC-4F7D-9025-E03A648423C2&apn_dtid=OSJ000YYUS&q={searchTerms}
[C:\Users\Carl\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Carl\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Katie\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Katie\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\mlstruck\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2856415
[C:\Users\mlstruck\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2856415
[C:\Users\mlstruck\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.searchqu.com/web?src=ieb&systemid=101&q={searchTerms}
[C:\Users\mlstruck\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\mlstruck\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\mlstruck\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.searchqu.com/web?src=ieb&systemid=101&q={searchTerms}

*************************

AdwCleaner[R0].txt - [40169 octets] - [14/11/2014 11:31:49]
AdwCleaner[S0].txt - [42849 octets] - [14/11/2014 11:34:34]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [42910 octets] ##########



#6 cstruck

cstruck

    Authentic Member

  • Authentic Member
  • PipPip
  • 80 posts

Posted 14 November 2014 - 12:03 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.7 (11.08.2014:1)
OS: Windows ™ Vista Home Premium x64
Ran by Carl on Fri 11/14/2014 at 11:47:54.21
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL

 

~~~ Registry Keys

Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00B48AB6-399B-4E4E-B07E-DA47C34C453A}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22E03916-85C5-44B0-8DC9-1830C11238D9}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22e03916-85c5-44b0-8dc9-1830c11238d9}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{22e03916-85c5-44b0-8dc9-1830c11238d9}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22e03916-85c5-44b0-8dc9-1830c11238d9}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{22e03916-85c5-44b0-8dc9-1830c11238d9}

 

~~~ Files

Successfully deleted: [File] C:\Windows\prefetch\GOOGLETOOLBARUSER_32.EXE-34B1B1C5.pf
Successfully deleted: [File] "C:\Windows\wininit.ini"

 

~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\shop to win 17"
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{254B9FA5-DAE7-4D5B-86D1-D63BDD9C417B}
Successfully deleted: [Empty Folder] C:\Users\Carl\appdata\local\{AF4213E3-DB59-4CE9-AF76-2F29E4133FB5}

 

~~~ FireFox

Failed to delete: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\searchresults.xml"
Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\searchresults.xml"
Failed to delete: [Folder] "C:\Program Files (x86)\Mozilla Firefox\extensions\{1fd91a9c-410c-4090-bbcc-55d3450ef433}"
Failed to delete: [Folder] "C:\Program Files (x86)\Mozilla Firefox\extensions\{1fd91a9c-410c-4090-bbcc-55d3450ef433}"
Successfully deleted: [Folder] C:\Users\Carl\AppData\Roaming\mozilla\firefox\profiles\85w9rd3l.default\searchqutoolbar
Successfully deleted the following from C:\Users\Carl\AppData\Roaming\mozilla\firefox\profiles\85w9rd3l.default\prefs.js

user_pref("extensions.gamesbar.iplay.config.customer_support", "iVBORw0KGgoAAAANSUhEUgAAABsAAAAbCAYAAACN1PRVAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAA2ZpVFh0WE1MOmN

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 11/14/2014 at 11:52:55.85
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#7 cstruck

cstruck

    Authentic Member

  • Authentic Member
  • PipPip
  • 80 posts

Posted 14 November 2014 - 12:14 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-11-2014 02
Ran by Carl (administrator) on CARL-PC on 14-11-2014 12:09:01
Running from C:\Users\Carl\Desktop
Loaded Profile: Carl (Available profiles: Carl & mlstruck & Julie & David & Katie)
Platform: Windows Vista ™ Home Premium Service Pack 2 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\vsserv.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Agere Systems) C:\Windows\System32\agr64svc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
() C:\Windows\mHotkey.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\LVPrS64H.exe
(Realtek Semiconductor) C:\Windows\RAVCpl64.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\bdagent.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Dropbox, Inc.) C:\Users\Carl\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Creative) C:\Windows\CNYHKey.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corp.) C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Chicony) C:\Windows\ModLEDKey.exe
() C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe
(Chicony) C:\Windows\ChiFuncExt.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RAVCpl64.exe [6495264 2008-09-18] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1833504 2008-09-18] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender\bdagent.exe [1754424 2008-08-06] (Bitdefender)
HKLM-x32\...\Run: [LchDrvKey] => C:\Windows\LchDrvKey.exe [36864 2007-03-28] ()
HKLM-x32\...\Run: [LedKey] => C:\Windows\CNYHKey.exe [339968 2008-04-23] (Creative)
HKLM-x32\...\Run: [P2Go_Menu] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [80896 2007-08-22] (Hewlett-Packard)
HKLM-x32\...\Run: [MSN Toolbar] => C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe [240992 2009-12-08] (Microsoft Corp.)
HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [288080 2009-07-17] (Microsoft Corporation)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [165208 2010-05-07] (Logitech Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2265821247-3271303352-2493671787-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2009-05-31] (Google Inc.)
HKU\S-1-5-21-2265821247-3271303352-2493671787-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21650016 2014-07-24] (Skype Technologies S.A.)
HKU\S-1-5-21-2265821247-3271303352-2493671787-1000\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [568400 2014-08-13] (Bitdefender)
HKU\S-1-5-21-2265821247-3271303352-2493671787-1000\...\Run: [Bitdefender Wallet] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [1002048 2014-08-13] (Bitdefender)
HKU\S-1-5-21-2265821247-3271303352-2493671787-1000\...\Run: [Bitdefender Wallet Application Agent] => C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [615256 2014-08-13] (Bitdefender)
HKU\S-1-5-21-2265821247-3271303352-2493671787-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-2265821247-3271303352-2493671787-1000\...\Run: [WMPNSCFG] => C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
HKU\S-1-5-21-2265821247-3271303352-2493671787-1000\...\MountPoints2: {92e36653-a89d-11df-b363-00226863662d} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL http://www.garmin.com/agent
HKU\S-1-5-21-2265821247-3271303352-2493671787-1000\...409d6c4515e9\InprocServer32: [Default-shell32] C:\Users\Carl\AppData\Local\Temp\snprinv\svenosp\wow64.dll ATTENTION! ====> ZeroAccess?
HKU\S-1-5-18\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [568400 2014-08-13] (Bitdefender)
HKU\S-1-5-18\...\Run: [Bitdefender Wallet] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [1002048 2014-08-13] (Bitdefender)
HKU\S-1-5-18\...\Run: [Bitdefender Wallet Application Agent] => C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [615256 2014-08-13] (Bitdefender)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Carl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Carl\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Carl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [__SafeBox1] -> {152C96EB-288E-4EDC-B7C6-D21F8250ADF3} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox2] -> {342DAA0B-D796-460D-8566-901E08A1CCAD} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox3] -> {57595DAE-1AE1-4D97-A49E-67CBB53B52DF} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox4] -> {33816773-98AE-4723-ADE0-EBE54C8B5A67} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: HKLM-x32 - (No Name) - {22e03916-85c5-44b0-8dc9-1830c11238d9} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.co...ng}&rlz=1I7ACGW
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.co...ng}&rlz=1I7ACGW
SearchScopes: HKCU - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKCU - Moikrug URL = http://moikrug.ru/pe...ms}&submitted=1
SearchScopes: HKCU - Yandex URL = http://start.iplay.c...&q={searchTerms}
SearchScopes: HKCU - {36377DD7-B3EB-42f5-986F-680BAF59BA9D} URL = http://yandex.ru/yan...xt={searchTerms}
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Bitdefender Wallet  -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender\pmbxie.dll (Bitdefender)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll No File
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: PE_IE_Helper Class -> {0941C58F-E461-4E03-BD7D-44C27392ADE1} -> C:\Program Files (x86)\IBM\Lotus Forms\Viewer\3.5\PEhelper.dll (IBM Corporation)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxie.dll (Bitdefender)
BHO-x32: FastestIE -> {54404F81-99CC-4FD3-9D29-92689B86C2CC} -> C:\Program Files (x86)\FastestIE\FastestIE.dll (fastestie.com)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: GamesBarBHO Class -> {CB0D163C-E9F4-4236-9496-0597E24B23A5} -> C:\Program Files (x86)\GamesBar\2.0.1.82\oberontb.dll No File
BHO-x32: MSN Toolbar BHO -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - No Name - {22e03916-85c5-44b0-8dc9-1830c11238d9} -  No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-2265821247-3271303352-2493671787-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-2265821247-3271303352-2493671787-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...tDetection2.cab
DPF: HKLM-x32 {74F4F118-91E6-4AFC-B8D2-04066781F239} https://www.member-d...dc/EZTwainX.cab
DPF: HKLM-x32 {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} https://kingsisle.hs...ameLauncher.CAB
DPF: HKLM-x32 {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab
DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnime...veX_Control.cab
DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicr...osoft/wrc32.ocx
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 216.177.160.61 216.177.160.60

FireFox:
========
FF ProfilePath: C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\85w9rd3l.default
FF NewTab: yafd:tabs
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
FF Plugin: @Musicnotes.com/Musicnotes Viewer -> C:\Program Files\Musicnotes\npmusicn64.dll (Musicnotes, Inc.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @gamersfirst.com/LiveLauncher -> C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Windows\SysWOW64\npdeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpWinExt,version=4.0 -> C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @Musicnotes.com/Musicnotes Viewer -> C:\Program Files (x86)\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @Sibelius.com/Scorch Plugin -> C:\Program Files (x86)\Musicnotes\npsibelius.dll ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @unity3d.com/UnityPlayer -> C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2265821247-3271303352-2493671787-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\mfc71.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\msvcr71.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npmfv.dll (IBM Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\85w9rd3l.default\searchplugins\yandex.xml
FF SearchPlugin: C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\85w9rd3l.default\searchplugins\ybqs-yandex.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\WebSearchober476294982.xml
FF Extension: No Name - C:\Users\Carl\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com [2010-01-19]
FF Extension: Візуальныя закладкі - C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\85w9rd3l.default\Extensions\vb@yandex.ru [2013-04-24]
FF Extension: Кампанент &quot;Элементы Яндекса&quot; - C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\85w9rd3l.default\Extensions\yasearch@yandex.ru [2013-04-24]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\85w9rd3l.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-11-27]
FF Extension: No Name - C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\85w9rd3l.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}-trash [2010-11-27]
FF Extension: Search Assistant - C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\85w9rd3l.default\Extensions\{B3834E60-12A8-11E0-A289-939FDFD72085} [2012-05-17]
FF Extension: LoudMo Contextual Ad Assistant - C:\Program Files (x86)\Mozilla Firefox\extensions\{5befc0da-3d3d-1bde-61c9-d91915f7ddda} [2010-05-01]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011-12-23]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011-08-20]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-12-25]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext
FF Extension: bdToolbar - C:\Program Files\Bitdefender\Bitdefender\bdtbext [2014-03-26]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-05-31]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009-09-04]
FF HKLM-x32\...\Firefox\Extensions: [msntoolbar@msn.com] - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\Firefox
FF Extension: MSN Toolbar - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\Firefox [2010-01-19]
FF HKLM-x32\...\Firefox\Extensions: [ffpwdman@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman [2014-03-26]
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext
FF Extension: No Name - C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\85w9rd3l.default\extensions\gamesbar@oberon-media.com [Not Found]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [Not Found]
FF Extension: No Name - C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\85w9rd3l.default\extensions\toolbar@ask.com [Not Found]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP
CHR StartupUrls: Default -> "hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP", "hxxp://www.aol.com/"
CHR Profile: C:\Users\Carl\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Entanglement Web App) - C:\Users\Carl\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2011-02-23]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Carl\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (Bitdefender Wallet) - C:\Users\Carl\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccahoghmggldkcdjiebjkidpfongdfbl [2014-03-26]
CHR Extension: (Poppit!) - C:\Users\Carl\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2011-02-23]
CHR Extension: (Visual Bookmarks) - C:\Users\Carl\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkcpopggjcjkiicpenikeogioednjeac [2012-04-10]
CHR Extension: (Google Wallet) - C:\Users\Carl\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR HKLM-x32\...\Chrome\Extension: [ccahoghmggldkcdjiebjkidpfongdfbl] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxcr.crx [2014-03-26]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender\bdparentalservice.exe [77632 2014-08-13] (Bitdefender)
R2 ETService; C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe [24576 2008-06-11] () [File not signed]
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-08-07] (Garmin Ltd or its subsidiaries)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [139264 2007-11-06] (Hewlett-Packard Co.) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2008-08-19] () [File not signed]
R2 SafeBox; C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [94624 2013-07-08] (Bitdefender)
S3 scan; C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll [596776 2008-08-06] (Bitdefender)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe [67320 2014-08-13] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender\vsserv.exe [1536624 2008-08-06] (Bitdefender)
R2 yksvc; RUNDLL32.EXE ykx64coinst,serviceStartProc [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1260120 2014-08-13] (BitDefender)
R1 bdftdif; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdftdif.sys [119888 2011-11-14] (BitDefender LLC)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82824 2013-11-04] (BitDefender SRL)
R1 BDVEDISK; C:\Windows\System32\DRIVERS\bdvedisk.sys [76944 2012-04-17] (BitDefender)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [150256 2013-08-23] (BitDefender LLC)
R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [419616 2014-08-13] (BitDefender S.R.L.)
U4 bdselfpr; No ImagePath
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-14 12:09 - 2014-11-14 12:09 - 00029389 _____ () C:\Users\Carl\Desktop\FRST.txt
2014-11-14 11:52 - 2014-11-14 11:52 - 00003178 _____ () C:\Users\Carl\Desktop\JRT.txt
2014-11-14 11:47 - 2014-11-14 11:47 - 00000000 ____D () C:\Windows\ERUNT
2014-11-14 11:31 - 2014-11-14 11:35 - 00000000 ____D () C:\AdwCleaner
2014-11-14 11:30 - 2014-11-14 11:30 - 02140160 _____ () C:\Users\Carl\Desktop\AdwCleaner.exe
2014-11-14 11:28 - 2014-11-14 11:28 - 00001397 _____ () C:\Users\Carl\Desktop\checkup.txt
2014-11-14 11:21 - 2014-11-14 11:21 - 00001397 _____ () C:\Users\Carl\Documents\checkup.txt
2014-11-14 11:08 - 2014-11-14 11:09 - 02116608 _____ (Farbar) C:\Users\Carl\Desktop\FRST64.exe
2014-11-14 11:08 - 2014-11-14 11:08 - 05198336 _____ (AVAST Software) C:\Users\Carl\Desktop\aswMBR.exe
2014-11-14 11:00 - 2014-11-14 11:00 - 00854448 _____ () C:\Users\Carl\Desktop\SecurityCheck.exe
2014-11-14 10:59 - 2014-11-14 10:59 - 01706808 _____ (Thisisu) C:\Users\Carl\Desktop\JRT.exe
2014-11-13 09:04 - 2014-11-13 09:04 - 00000000 ____D () C:\Users\Carl\AppData\Local\Deployment
2014-11-13 09:04 - 2014-11-13 09:04 - 00000000 ____D () C:\Users\Carl\AppData\Local\Apps\2.0
2014-11-12 18:41 - 2014-11-12 18:43 - 00000000 ____D () C:\Users\Katie\AppData\Local\{F7B7211F-7DF3-4F52-AC66-4A184FED7C9A}
2014-11-12 18:35 - 2014-11-12 18:35 - 00000000 ____D () C:\Users\Katie\AppData\Local\Macromedia
2014-11-12 18:32 - 2014-11-12 18:32 - 00000000 ____D () C:\Users\Katie\AppData\Local\{DF1FB192-739E-41FA-8D7B-5F2E19DE2424}
2014-11-12 12:29 - 2014-11-12 12:29 - 00000000 ____D () C:\ProgramData\Dumps
2014-11-12 12:15 - 2014-11-12 12:15 - 00000000 ____D () C:\Users\Carl\{ca193454-bc05-40e6-8e1e-febbedb96b6c}
2014-11-12 11:55 - 2014-09-26 18:42 - 00883624 _____ (Oracle Corporation) C:\Windows\SysWOW64\npdeployJava1.dll
2014-11-12 11:55 - 2014-09-26 18:42 - 00806824 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2014-11-12 11:54 - 2014-11-12 11:54 - 00000000 ____D () C:\Users\Carl\AppData\Roaming\Oracle
2014-11-12 11:50 - 2014-09-26 18:42 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-11-12 11:50 - 2014-09-26 18:36 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-11-12 11:50 - 2014-09-26 18:36 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-11-12 11:50 - 2014-09-26 18:35 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-11-12 11:49 - 2014-11-12 11:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-11-12 10:54 - 2014-10-12 15:52 - 02782208 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 10:53 - 2014-09-18 16:50 - 00278528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-12 10:53 - 2014-09-18 16:45 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 10:48 - 2014-08-11 18:25 - 00729600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-12 10:48 - 2014-08-11 18:11 - 00923136 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 10:46 - 2014-10-09 17:10 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 10:46 - 2014-10-09 17:09 - 01689600 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 10:46 - 2014-10-09 17:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 10:46 - 2014-10-09 17:01 - 00077312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-12 10:46 - 2014-10-09 17:00 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-12 10:46 - 2014-10-09 15:53 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 10:46 - 2014-10-09 15:22 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-12 10:46 - 2014-06-15 14:18 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-11-12 10:46 - 2014-06-15 14:18 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-11-12 10:46 - 2014-06-13 10:22 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-11-12 10:46 - 2014-06-13 10:22 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-11-12 10:46 - 2014-06-13 09:36 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-11-12 10:46 - 2014-06-13 09:36 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-11-12 10:45 - 2014-10-17 17:08 - 00564224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-12 10:45 - 2014-10-17 16:46 - 00847360 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 10:45 - 2014-10-02 17:18 - 00274432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-12 10:45 - 2014-10-02 17:17 - 00396800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-12 10:45 - 2014-10-02 17:17 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-12 10:45 - 2014-10-02 17:03 - 00313344 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 10:45 - 2014-10-02 17:02 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 10:45 - 2014-10-02 17:01 - 00474624 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 10:45 - 2014-10-02 17:01 - 00446976 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 10:45 - 2014-10-02 15:49 - 00088576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\audiodg.exe
2014-11-12 10:29 - 2014-10-23 17:04 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-12 10:29 - 2014-10-23 16:39 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 10:29 - 2014-09-04 15:38 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
2014-11-12 10:29 - 2014-08-26 16:55 - 01249280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-12 10:29 - 2014-08-26 16:55 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-12 10:29 - 2014-08-26 16:41 - 01869824 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 10:29 - 2014-08-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 10:27 - 2014-09-08 22:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-11-12 10:27 - 2014-09-08 22:24 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-11-12 10:26 - 2014-10-27 12:13 - 02339840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-12 10:26 - 2014-10-27 12:06 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 10:26 - 2014-10-27 12:05 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 10:26 - 2014-10-27 12:04 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-11-12 10:26 - 2014-10-27 12:04 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-12 10:26 - 2014-10-27 12:04 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 10:26 - 2014-10-27 12:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-12 10:26 - 2014-10-27 12:03 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 10:26 - 2014-10-27 12:03 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-12 10:26 - 2014-10-27 12:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-12 10:26 - 2014-10-27 11:10 - 12366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-12 10:26 - 2014-10-27 11:05 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-12 10:26 - 2014-10-27 10:59 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-12 10:26 - 2014-10-27 10:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-11-12 10:26 - 2014-10-27 10:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-12 10:26 - 2014-10-27 10:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-12 10:26 - 2014-10-27 10:55 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-12 10:26 - 2014-10-27 10:55 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-12 10:26 - 2014-10-27 10:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-12 10:26 - 2014-10-27 10:54 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-12 10:25 - 2014-10-27 12:32 - 17870336 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 10:25 - 2014-10-27 12:12 - 10921472 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 10:25 - 2014-10-27 12:07 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 10:25 - 2014-10-27 12:05 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 10:25 - 2014-10-27 12:05 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-11-12 10:25 - 2014-10-27 12:04 - 02157056 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 10:25 - 2014-10-27 12:04 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 10:25 - 2014-10-27 12:04 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-12 10:25 - 2014-10-27 12:03 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-11-12 10:25 - 2014-10-27 12:03 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-11-12 10:25 - 2014-10-27 12:03 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-11-12 10:25 - 2014-10-27 11:02 - 09739776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-12 10:25 - 2014-10-27 10:59 - 01139712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-12 10:25 - 2014-10-27 10:58 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-12 10:25 - 2014-10-27 10:57 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-11-12 10:25 - 2014-10-27 10:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-12 10:25 - 2014-10-27 10:56 - 01802752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-12 10:25 - 2014-10-27 10:56 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-12 10:25 - 2014-10-27 10:56 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-12 10:25 - 2014-10-27 10:55 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-11-12 10:25 - 2014-10-27 10:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-11-12 10:25 - 2014-10-27 10:55 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-11-11 15:18 - 2014-11-11 15:18 - 00000000 ____D () C:\Users\mlstruck\AppData\Local\{28088A49-EE22-4F40-BA56-0A17D0DD823C}
2014-11-11 13:46 - 2014-11-14 12:09 - 00000000 ____D () C:\FRST
2014-11-10 05:56 - 2014-11-10 05:56 - 00000000 ____D () C:\Users\Katie\Documents\My Scans
2014-11-09 14:26 - 2014-11-09 14:27 - 00000000 ____D () C:\Users\mlstruck\AppData\Local\{CDF00B65-7969-41F4-BC77-7F8EB4E65D3C}
2014-11-09 14:13 - 2014-11-09 14:13 - 00000000 ____D () C:\Users\Katie\Documents\Recipes
2014-11-09 12:09 - 2014-11-09 12:09 - 00000000 ____D () C:\Users\Katie\AppData\Local\{AB61E324-AB16-40EE-89A7-115B7A8F0FA3}
2014-11-09 08:00 - 2014-11-12 11:50 - 00000000 ____D () C:\ProgramData\Oracle
2014-11-09 07:47 - 2014-11-12 11:50 - 00006782 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_71-b14.log
2014-11-07 10:43 - 2014-11-07 10:43 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-07 10:43 - 2014-11-07 10:43 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-06 13:07 - 2014-11-07 01:09 - 00000000 ____D () C:\Users\mlstruck\AppData\Local\{B49A7250-9AC9-4646-BD66-C0D0002860CE}
2014-11-04 18:06 - 2014-11-04 18:06 - 00227194 _____ () C:\Users\Katie\Documents\Jetblue Reservation scan code Apr 2015.pptx
2014-11-01 16:32 - 2014-11-01 16:32 - 00000385 _____ () C:\Users\Katie\AppData\Roaminguser_gensett.xml
2014-11-01 15:59 - 2014-11-01 15:59 - 00000000 ____D () C:\Users\Katie\AppData\Local\{D2701221-158F-4D2B-BAE6-84AEE50A127C}
2014-10-30 20:54 - 2014-10-31 20:56 - 00000000 ____D () C:\Users\mlstruck\AppData\Local\{F2F8F1C4-1E88-4056-83CF-C6855D7E6644}
2014-10-30 20:00 - 2014-10-30 20:00 - 00000000 _____ () C:\Users\David\Desktop\David Stem Cells
2014-10-30 17:50 - 2014-10-30 17:50 - 00000000 ___HD () C:\ProgramData\CanonBJ
2014-10-30 16:15 - 2014-10-30 16:15 - 00000000 ____D () C:\Users\Katie\AppData\Local\{AF51DC85-D4B3-46F1-AB2B-200D7ECAEC70}
2014-10-28 06:38 - 2014-10-30 06:43 - 00000000 ____D () C:\Users\mlstruck\AppData\Local\{92C16527-ED54-4A21-97EB-47E6AA9CAA6B}
2014-10-27 17:36 - 2014-10-27 17:36 - 00000000 ____D () C:\Users\Katie\AppData\Local\{174BD46C-ED3E-49ED-A115-DE683A6FE8A8}
2014-10-27 06:34 - 2014-10-27 18:37 - 00000000 ____D () C:\Users\mlstruck\AppData\Local\{66B3A009-F282-425C-8E94-13919D8882C9}
2014-10-26 10:51 - 2014-10-26 11:43 - 00000000 ____D () C:\Users\Katie\Downloads\Geography
2014-10-24 16:16 - 2014-11-13 19:58 - 00000000 ____D () C:\Users\Katie\Documents\French
2014-10-24 16:13 - 2014-10-24 16:13 - 00000000 ____D () C:\Users\Katie\AppData\Local\{F1F966AE-1A89-4933-9FF4-EDA420A20D8C}

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-14 12:07 - 2014-07-20 14:20 - 00000000 ___RD () C:\Users\Carl\Dropbox
2014-11-14 12:07 - 2014-07-18 12:03 - 00000000 ____D () C:\Users\Carl\AppData\Roaming\Dropbox
2014-11-14 12:07 - 2011-12-23 19:14 - 00000000 ____D () C:\Users\Carl\AppData\Roaming\Skype
2014-11-14 12:06 - 2009-11-06 18:30 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-14 12:05 - 2014-03-30 10:33 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf4c468a09bf30.job
2014-11-14 12:05 - 2010-10-31 04:24 - 00000000 ____D () C:\Windows\SysWOW64\logishrd
2014-11-14 12:05 - 2010-10-31 04:24 - 00000000 ____D () C:\Windows\system32\logishrd
2014-11-14 12:05 - 2009-04-08 13:05 - 00000000 _____ () C:\Windows\system32\LogConfigTemp.xml
2014-11-14 12:05 - 2006-11-02 07:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-14 12:05 - 2006-11-02 07:22 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-14 12:05 - 2006-11-02 07:22 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-14 12:03 - 2009-04-08 12:54 - 01418045 _____ () C:\Windows\WindowsUpdate.log
2014-11-14 12:03 - 2006-11-02 07:42 - 00032618 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-14 11:45 - 2006-11-02 04:46 - 00006656 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-14 11:41 - 2012-04-27 11:19 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-14 11:36 - 2008-01-20 19:26 - 06105372 _____ () C:\Windows\PFRO.log
2014-11-14 11:32 - 2009-11-06 18:30 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-14 11:19 - 2014-03-30 10:33 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf4c468da22830.job
2014-11-14 11:05 - 2009-06-08 20:27 - 00000000 ____D () C:\Users\mlstruck
2014-11-14 10:54 - 2014-07-20 14:20 - 00000918 _____ () C:\Users\Carl\Desktop\Dropbox.lnk
2014-11-14 10:54 - 2014-07-18 12:49 - 00000000 ____D () C:\Users\Carl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-11-13 20:29 - 2006-11-02 05:33 - 00000000 __RSD () C:\Windows\Media
2014-11-13 19:27 - 2006-11-02 04:33 - 01310720 _____ () C:\Windows\system32\config\default_previous
2014-11-13 19:26 - 2010-08-18 13:30 - 00000000 ____D () C:\Users\Katie\Tracing
2014-11-12 18:43 - 2006-11-02 04:33 - 00262144 _____ () C:\Windows\system32\config\security_previous
2014-11-12 11:57 - 2011-10-07 09:18 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-11-12 11:55 - 2008-11-03 13:38 - 00000000 ____D () C:\Program Files (x86)\Java
2014-11-12 11:40 - 2012-04-27 11:19 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-12 11:40 - 2012-04-27 11:19 - 00003682 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-12 11:40 - 2011-05-14 05:00 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-12 11:32 - 2006-11-02 05:33 - 00000000 ____D () C:\Windows\rescache
2014-11-12 11:10 - 2006-11-02 07:21 - 00352808 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-12 10:51 - 2008-11-03 13:21 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-12 10:44 - 2013-08-14 02:09 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-11 15:21 - 2010-01-04 21:52 - 00000000 ____D () C:\Users\mlstruck\Documents\Christmas
2014-11-11 15:17 - 2010-11-29 16:30 - 00000000 ____D () C:\Users\mlstruck\Tracing
2014-11-09 15:14 - 2010-07-20 05:37 - 00000000 ____D () C:\Users\mlstruck\Documents\My Scans
2014-11-09 12:23 - 2013-04-22 15:22 - 00000000 ____D () C:\Users\Katie\Documents\English
2014-11-09 12:14 - 2010-01-04 19:48 - 00000000 ____D () C:\Users\Katie\AppData\Roaming\Apple Computer
2014-11-01 10:21 - 2011-12-23 19:15 - 00000000 ____D () C:\Users\David\AppData\Roaming\Skype
2014-11-01 10:05 - 2014-03-10 14:49 - 00000000 ____D () C:\Users\David\AppData\Roaming\.minecraft
2014-10-31 23:26 - 2006-11-02 04:35 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-10-27 06:34 - 2011-04-17 19:50 - 00000000 ____D () C:\Users\mlstruck\AppData\Roaming\BitDefender
2014-10-26 15:06 - 2011-04-17 12:30 - 00000000 ____D () C:\Users\David\AppData\Roaming\BitDefender
2014-10-23 19:43 - 2014-03-25 21:23 - 00000000 ____D () C:\Users\Carl\Documents\Liza
2014-10-23 05:11 - 2011-12-23 19:13 - 00000000 ____D () C:\ProgramData\Skype
2014-10-22 23:26 - 2012-04-10 16:06 - 00001134 _____ () C:\Users\Carl\AppData\Local\UserProducts.xml
2014-10-22 20:26 - 2009-09-04 19:08 - 00000000 ____D () C:\Users\Carl\Documents\My Scans

Some content of TEMP:
====================
C:\Users\Carl\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpeqlm5l.dll
C:\Users\Carl\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Carl\AppData\Local\Temp\Quarantine.exe
C:\Users\Carl\AppData\Local\Temp\sqlite3.dll
C:\Users\David\AppData\Local\Temp\contentDATs.exe
C:\Users\David\AppData\Local\Temp\SearchWithGoogleUpdate.exe
C:\Users\David\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
C:\Users\David\AppData\Local\Temp\SWFXXLRT.DLL
C:\Users\Katie\AppData\Local\Temp\SearchWithGoogleUpdate.exe
C:\Users\mlstruck\AppData\Local\Temp\FFoxPackage.exe
C:\Users\mlstruck\AppData\Local\Temp\GLFA08.tmp.ConduitEngineSetup.exe
C:\Users\mlstruck\AppData\Local\Temp\installhelper.dll
C:\Users\mlstruck\AppData\Local\Temp\NGMDll.dll
C:\Users\mlstruck\AppData\Local\Temp\NGMResource.dll
C:\Users\mlstruck\AppData\Local\Temp\NGMSetup.exe
C:\Users\mlstruck\AppData\Local\Temp\nsn527F.tmp.exe
C:\Users\mlstruck\AppData\Local\Temp\prxGLFA08.tmp.tbElf_.dll
C:\Users\mlstruck\AppData\Local\Temp\SearchWithGoogleUpdate.exe
C:\Users\mlstruck\AppData\Local\Temp\uitools.dll
C:\Users\mlstruck\AppData\Local\Temp\unicows.dll
C:\Users\mlstruck\AppData\Local\Temp\Update.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-11-14 11:48

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-11-2014 02
Ran by Carl at 2014-11-14 12:10:55
Running from C:\Users\Carl\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Bitdefender Antivirus (Disabled - Up to date) {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
AS: Bitdefender Antispyware (Disabled - Up to date) {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall (Enabled) {A23392FD-84B9-F933-2C71-81E751F6EF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4500_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
AnswerWorks 5.0 English Runtime (HKLM-x32\...\{9E5A03E3-6246-4920-9630-0527D5DA9B07}) (Version: 008.000.0003 - Vantage Linguistics)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - )
Bitdefender Total Security (HKLM\...\Bitdefender) (Version: 17.26.0.1106 - Bitdefender)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BPD_HPSU (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (x32 Version: 50.0.165.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
CameraHelperMsi (x32 Version: 13.10.1217.0 - Logitech) Hidden
Combat Arms (HKLM-x32\...\Combat Arms) (Version:  - )
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CustomerResearchQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
CyberLink LabelPrint (HKLM-x32\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.0.3111 - CyberLink Corp.)
CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 4.1.2019 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.2115 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destination Component (x32 Version: 100.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 100.0.190.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
DocMgr (x32 Version: 100.0.201.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 11.0.0.0 - Hewlett-Packard) Hidden
DocProcQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
Dropbox (HKU\S-1-5-21-2265821247-3271303352-2493671787-1000\...\Dropbox) (Version: 2.10.52 - Dropbox, Inc.)
Elevated Installer (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
Elf_1 Toolbar (HKLM-x32\...\Elf_1 Toolbar) (Version:  - )
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
eSupportQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
ExamView Assessment Suite (HKLM-x32\...\ExamView Pro) (Version:  - )
EZ Fonts (HKLM-x32\...\{02F5BEE7-0AB6-4E42-9BF8-2588AAECC7F2}) (Version: 1.0.0 - EZ Fonts)
FastestIE (HKLM-x32\...\FastestIE) (Version:  - )
Fax (x32 Version: 100.0.187.000 - Hewlett-Packard) Hidden
FLV Direct Player (HKLM-x32\...\FLV Direct Player) (Version:  - )
GamersFirst LIVE! (HKLM-x32\...\GamersFirst LIVE!) (Version:  - GamersFirst)
Garmin City Navigator North America NT 2015.10 (HKLM-x32\...\{FCDB42FC-A70B-4041-877F-D73E16DE4345}) (Version: 2.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{b43ffffb-1adc-4bcb-b277-7844ebff94da}) (Version: 3.2.17.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin USB Drivers (HKLM-x32\...\{510D2239-6C2E-457B-9590-485EC552D94D}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM-x32\...\{D17111CB-C992-42A9-9D56-C19395102AAA}) (Version: 2.4.2 - Garmin Ltd or its subsidiaries)
Gateway Games (HKLM-x32\...\WildTangent gateway Master Uninstall) (Version: 1.0.0.71 - WildTangent)
Gateway Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 3.1.3003 - Acer Incorporated)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.120 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
GPBaseService (x32 Version: 100.0.187.000 - Hewlett-Packard) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 10.0 (HKLM\...\HPExtendedCapabilities) (Version: 10.0 - HP)
HP Document Manager 1.0 (HKLM\...\HP Document Manager) (Version: 1.0 - HP)
HP Imaging Device Functions 10.0 (HKLM\...\HP Imaging Device Functions) (Version: 10.0 - HP)
HP Officejet J4500 Series (HKLM\...\{CD0773D5-C18E-495c-B39B-21A96415EDD5}) (Version: 1.0 - HP)
HP Photosmart Essential 2.5 (HKLM\...\HP Photosmart Essential) (Version: 2.5 - HP)
HP Smart Web Printing (HKLM\...\HP Smart Web Printing) (Version: 3.5 - HP)
HP Smart Web Printing (HKLM-x32\...\HP Smart Web Printing) (Version: 131.1.35898 - Hewlett-Packard)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
IBM Lotus Forms Viewer 3.5.1 (HKLM-x32\...\{A0BBF7AB-2F47-47DC-BB02-4C826F2BC73C}) (Version: 7.6.1.333 - IBM)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)
J4500 (x32 Version: 50.0.165.000 - Hewlett-Packard) Hidden
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.710 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KB0817 Keyboard Driver (HKLM-x32\...\{ED5DCA6F-5FEA-47CB-83DB-210A468C298B}) (Version: 1.30.0000 - Gateway)
League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
Logitech Vid HD (HKLM-x32\...\Logitech Vid) (Version: 7.2 (7259) - Logitech Inc..)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.)
LWS VideoEffects (Version: 13.00.1774.0 - Logitech) Hidden
MarketResearch (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
Marvell Miniport Driver (HKLM-x32\...\Marvell Miniport Driver) (Version: 10.63.5.3 - Marvell)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Money Essentials (HKLM-x32\...\Money2007b) (Version: 16 - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Standard 2007 (HKLM-x32\...\STANDARDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{67E03279-F703-408F-B4BF-46B5FC8D70CD}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 4.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 4.0 (x86 en-US)) (Version: 4.0 - Mozilla)
MSN Toolbar (HKLM-x32\...\{08234a0d-cf39-4dca-99f0-0c5cb496da81}) (Version: 4.0.0390.0 - Microsoft Corporation)
MSN Toolbar Platform (x32 Version: 4.0.0379.0 - Microsoft Corporation) Hidden
MSVCSetup (x32 Version: 1.00.0000 - HP) Hidden
MSXML 4.0 SP2 (KB927978) (HKLM-x32\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Musicnotes Software Suite 1.7.2 (HKLM-x32\...\Musicnotes Combined Installer_is1) (Version: 1.7.2 - Musicnotes Inc.)
Nexon Game Manager (HKLM-x32\...\{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}) (Version:  - )
OCR Software by I.R.I.S. 10.0 (HKLM\...\HPOCR) (Version: 10.0 - HP)
Oregon Trail® 5 (HKLM-x32\...\Oregon Trail® 5) (Version:  - )
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.8 - Pando Networks Inc.)
ProductContext (x32 Version: 50.0.165.000 - Hewlett-Packard) Hidden
PSSWCORE (x32 Version: 2.02.0000 - Hewlett-Packard) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version:  - Realtek Semiconductor Corp.)
Sansa Updater (HKU\S-1-5-21-2265821247-3271303352-2493671787-1000\...\Sansa Updater) (Version:  - )
Scan (x32 Version: 10.1.0.0 - Hewlett-Packard) Hidden
Segoe UI (x32 Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 10.0 - HP)
Shop To Win (HKLM-x32\...\{2EDEF827-E14D-400B-BB7C-C0B17DC15C6B}_is1) (Version: 1.0.25 - Shop To Win, LLC)
ShopAtHome SelectRebates (HKLM-x32\...\SelectRebatesUninstall) (Version:  - ) <==== ATTENTION
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Smart Copy 3.1.1.1 (HKLM-x32\...\Smart Copy) (Version: 3.1.1.1 - I/O Interconnect)
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Spelling Dictionaries Support For Adobe Reader 8 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-800000000003}) (Version: 8.0.0 - Adobe Systems)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Status (x32 Version: 100.0.175.000 - Hewlett-Packard) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Toolbox (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
TurboTax 2008 (HKLM-x32\...\TurboTax 2008) (Version:  - )
TurboTax 2009 (HKLM-x32\...\TurboTax 2009) (Version:  - Intuit, Inc)
TurboTax 2010 (HKLM-x32\...\TurboTax 2010) (Version:  - Intuit, Inc)
TurboTax 2011 (HKLM-x32\...\TurboTax 2011) (Version:  - Intuit, Inc)
TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
Unity Web Player (HKLM-x32\...\UnityWebPlayer) (Version: 2.5.1f5_24931 - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VideoToolkit01 (x32 Version: 100.0.128.000 - Hewlett-Packard) Hidden
Vindictus (HKLM-x32\...\Vindictus) (Version:  - )
VoiceOver Kit (HKLM-x32\...\{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}) (Version: 1.42.128.0 - Apple Inc.)
WebReg (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
Windows 7 Upgrade Advisor (HKLM-x32\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0) (HKLM\...\49CF605F02C7954F4E139D18828DE298CD59217C) (Version: 06/03/2009 2.3.0.0 - Garmin)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
WinRAR 4.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
Wizard101 (HKLM-x32\...\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version:  - )
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - )
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Toolbar) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2265821247-3271303352-2493671787-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Carl\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2265821247-3271303352-2493671787-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Carl\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2265821247-3271303352-2493671787-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Carl\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2265821247-3271303352-2493671787-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Carl\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2265821247-3271303352-2493671787-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Carl\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2265821247-3271303352-2493671787-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Carl\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2265821247-3271303352-2493671787-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Carl\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2265821247-3271303352-2493671787-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Carl\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2265821247-3271303352-2493671787-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Carl\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2265821247-3271303352-2493671787-1000_Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 -> C:\Users\Carl\AppData\Local\Temp\snprinv\svenosp\wow64.dll No File

==================== Restore Points  =========================

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 04:34 - 2006-09-18 13:37 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {16401C9B-705D-4F18-AE8C-61E922B592A2} - System32\Tasks\GoogleUpdateTaskMachineCore1cf4c468a09bf30 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2008-08-06] (Google Inc.)
Task: {1FBD23B3-C6A4-4E3F-A6B4-579B682F97A6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {27F35796-52FD-4041-A722-0F45210DE47F} - System32\Tasks\MHotkey => C:\Windows\MHotKey.exe [2008-05-30] ()
Task: {2FE41E8E-F272-4302-B623-81B5FDAC1C42} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2008-08-06] (Google Inc.)
Task: {B4064DBF-457F-46EF-8884-ACAA4AF07010} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-12] (Adobe Systems Incorporated)
Task: {D8D335E4-0197-4ADE-BD19-8DB1BD93EBD2} - System32\Tasks\GoogleUpdateTaskMachineUA1cf4c468da22830 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2008-08-06] (Google Inc.)
Task: {DE7CB60C-8F79-4D3D-A460-B685A59D77D1} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-08-07] ()
Task: {DED93085-EC87-46F9-9A5E-4185C37E0A15} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Carl => C:\Program Files\Windows Calendar\WinCal.exe [2008-01-20] (Microsoft Corporation)
Task: {E0465D82-723A-475D-B999-C4E25ACA34FC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2008-08-06] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf4c468a09bf30.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf4c468da22830.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-03-26 13:19 - 2008-08-06 06:37 - 00265080 _____ () C:\Program Files\Bitdefender\Bitdefender\txmlutil.dll
2014-03-26 13:21 - 2014-08-13 01:16 - 00003072 _____ () C:\Program Files\Bitdefender\Bitdefender\UI\accessl.ui
2014-03-26 13:20 - 2011-11-14 18:17 - 00153680 _____ () C:\Program Files\Bitdefender\Bitdefender\bdfwcore.dll
2014-07-23 23:43 - 2014-07-23 23:43 - 00780592 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00047_008\ashttpbr.mdl
2014-07-23 23:43 - 2014-07-23 23:43 - 00568400 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00047_008\ashttpdsp.mdl
2014-07-23 23:43 - 2014-07-23 23:43 - 02602680 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00047_008\ashttpph.mdl
2014-07-23 23:43 - 2014-07-23 23:43 - 01323408 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00047_008\ashttprbl.mdl
2009-04-08 13:04 - 2008-06-11 10:18 - 00024576 ____N () C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe
2009-04-08 13:05 - 2009-04-08 13:05 - 00032768 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.Controller\3.0.3009.0__14bcaafdb44b5951\Framework.Model.Controller.dll
2009-04-08 13:05 - 2009-04-08 13:05 - 00009216 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3009.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll
2009-04-08 13:05 - 2009-04-08 13:05 - 00061440 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3009.0__3036420f80dd6947\Framework.Library.dll
2009-04-08 13:05 - 2009-04-08 13:05 - 00015360 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Host\3.0.3009.0__672b450de5a7e94a\Framework.Host.dll
2009-04-08 13:05 - 2009-04-08 13:05 - 00006144 _____ () C:\Windows\assembly\GAC_MSIL\Framework.PluginInterface\3.0.3009.0__9ecdf03bb2054f94\Framework.PluginInterface.dll
2009-04-08 13:05 - 2009-04-08 13:05 - 00036864 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3009.0__4df5dcab8860d239\Framework.Utility.dll
2011-09-03 13:52 - 2011-05-28 21:05 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2009-04-08 13:02 - 2008-05-30 09:50 - 00581120 ____N () C:\Windows\MHotKey.exe
2008-08-30 01:59 - 2008-08-30 01:59 - 00117248 _____ () C:\Windows\system32\atitmm64.dll
2008-11-03 13:43 - 2008-08-19 18:53 - 00244904 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2014-03-26 13:21 - 2013-03-25 14:16 - 01117920 _____ () C:\Program Files\Bitdefender\Bitdefender SafeBox\System.Data.SQLite.dll
2010-05-07 15:34 - 2010-05-07 15:34 - 00168792 ____N () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
2010-05-07 15:43 - 2010-05-07 15:43 - 00651096 ____N () C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
2014-04-23 15:05 - 2014-04-23 15:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-04-23 15:04 - 2014-04-23 15:04 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-03-26 13:19 - 2008-08-06 06:37 - 00204280 _____ () C:\Program Files\Bitdefender\Bitdefender\antispam32\txmlutil.dll
2014-11-14 12:07 - 2014-11-14 12:07 - 00043008 _____ () c:\users\carl\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpeqlm5l.dll
2013-08-23 11:01 - 2013-08-23 11:01 - 25100288 _____ () C:\Users\Carl\AppData\Roaming\Dropbox\bin\libcef.dll
2010-05-07 15:35 - 2010-05-07 15:35 - 02143576 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2010-05-07 15:35 - 2010-05-07 15:35 - 07954776 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2010-05-07 15:36 - 2010-05-07 15:36 - 00340824 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2010-05-07 15:36 - 2010-05-07 15:36 - 00921944 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtNetwork4.dll
2010-05-07 15:37 - 2010-05-07 15:37 - 00027480 ____N () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2010-05-07 15:37 - 2010-05-07 15:37 - 00126808 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2010-11-12 06:23 - 2010-11-12 06:23 - 00330584 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
2009-08-31 20:39 - 2009-08-31 20:39 - 00755712 _____ () C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.56.0__28c9bcd4dddc48a1\System.Data.SQLite.dll
2009-08-31 20:54 - 2009-08-31 20:54 - 00471040 ____N () C:\Windows\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
2010-04-11 11:04 - 2010-04-11 11:04 - 00854016 _____ () C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll
2010-04-11 11:04 - 2010-04-11 11:04 - 00471040 _____ () C:\Windows\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
2011-02-22 06:55 - 2011-02-22 06:55 - 00476520 _____ () C:\Windows\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Carl\Downloads\AnySendSetup.exe:BDU
AlternateDataStreams: C:\Users\Carl\Downloads\bitdefender_tsecurity.exe:BDU
AlternateDataStreams: C:\Users\Carl\Downloads\Combatarms_VER_US_2.1206.09.exe.ftpfygb.partial:BDU
AlternateDataStreams: C:\Users\Carl\Downloads\iLividSetupV1 (1).exe:BDU
AlternateDataStreams: C:\Users\Carl\Downloads\Internet_Explorer.exe:BDU
AlternateDataStreams: C:\Users\Carl\Downloads\iTunes64Setup.exe.eti0yqo.partial:BDU
AlternateDataStreams: C:\Users\Carl\Downloads\LeagueofLegends (1).exe:BDU
AlternateDataStreams: C:\Users\Carl\Downloads\LeagueofLegends.exe:BDU
AlternateDataStreams: C:\Users\Carl\Downloads\Minecraft (4).exe:BDU
AlternateDataStreams: C:\Users\Carl\Downloads\MusicnotesSuite.exe:BDU
AlternateDataStreams: C:\Users\Carl\Downloads\setup-lightshot-2.0.1.5.exe:BDU
AlternateDataStreams: C:\Users\Carl\Downloads\Unconfirmed 48515.crdownload:BDU
AlternateDataStreams: C:\Users\David\Desktop\mcpatcher-2.4.0.exe:BDU
AlternateDataStreams: C:\Users\David\Desktop\Minecraft.exe:BDU
AlternateDataStreams: C:\Users\David\Desktop\SWTOR_setup.exe:BDU
AlternateDataStreams: C:\Users\David\Desktop\TechnicLauncher (3).exe:BDU
AlternateDataStreams: C:\Users\David\Downloads\chromeinstall-7u5.exe:BDU
AlternateDataStreams: C:\Users\David\Downloads\chromeinstall-7u9 (1).exe:BDU
AlternateDataStreams: C:\Users\David\Downloads\chromeinstall-7u9.exe:BDU
AlternateDataStreams: C:\Users\David\Downloads\GamersFirst_LIVE!_Setup_EN.exe:BDU
AlternateDataStreams: C:\Users\David\Downloads\jre-7-windows-x64.exe:BDU
AlternateDataStreams: C:\Users\David\Downloads\LeagueofLegends.exe:BDU
AlternateDataStreams: C:\Users\David\Downloads\mcpatcher-2.3.6.exe:BDU
AlternateDataStreams: C:\Users\David\Downloads\Minecraft (1).exe:BDU
AlternateDataStreams: C:\Users\David\Downloads\Minecraft.exe:BDU
AlternateDataStreams: C:\Users\David\Downloads\SkypeSetup.exe:BDU
AlternateDataStreams: C:\Users\mlstruck\Downloads\GraboidVideoInstaller-5.1.0.0.exe:BDU

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk => C:\Windows\pss\GamersFirst LIVE!.lnk.CommonStartup
MSCONFIG\startupreg: Praetorian =>
MSCONFIG\startupreg: SelectRebates => "C:\Program Files (x86)\SelectRebates\SelectRebates.exe"
MSCONFIG\startupreg: Smart Copy => "C:\Program Files (x86)\IOI\Smart Copy\ButtonMonitor.exe" -A

========================= Accounts: ==========================

Administrator (S-1-5-21-2265821247-3271303352-2493671787-500 - Administrator - Disabled)
Carl (S-1-5-21-2265821247-3271303352-2493671787-1000 - Administrator - Enabled) => C:\Users\Carl
David (S-1-5-21-2265821247-3271303352-2493671787-1003 - Limited - Enabled) => C:\Users\David
Guest (S-1-5-21-2265821247-3271303352-2493671787-501 - Limited - Disabled)
Julie (S-1-5-21-2265821247-3271303352-2493671787-1002 - Limited - Enabled) => C:\Users\Julie
Katie (S-1-5-21-2265821247-3271303352-2493671787-1004 - Limited - Enabled) => C:\Users\Katie
mlstruck (S-1-5-21-2265821247-3271303352-2493671787-1001 - Administrator - Enabled) => C:\Users\mlstruck

==================== Faulty Device Manager Devices =============

Name: Microsoft ISATAP Adapter
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft ISATAP Adapter #4
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft ISATAP Adapter #7
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: BitDefender Firewall NDIS Filter Miniport
Description: BitDefender Firewall NDIS Filter Miniport
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: BitDefender
Service: Bdfndisf
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

Name:
Description:
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (11/14/2014 00:06:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (11/14/2014 00:11:18 PM) (Source: volsnap) (EventID: 20) (User: )
Description: The shadow copies of volume C: were aborted because of a failed free space computation.

Error: (11/14/2014 00:07:51 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: HP CUE DeviceDiscovery Service

Error: (11/14/2014 00:06:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: int15%%31

Error: (11/14/2014 00:06:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Intel® PRO/1000 NDIS 6 Adapter Driver%%1058

Error: (11/14/2014 00:05:52 PM) (Source: netbt) (EventID: 4321) (User: )
Description: The name "CARL-PC        :20" could not be registered on the interface with IP address 192.168.0.18.
The computer with the IP address 192.168.0.8 did not allow the name to be claimed by
this computer.

Error: (11/14/2014 00:05:52 PM) (Source: netbt) (EventID: 4321) (User: )
Description: The name "CARL-PC        :0" could not be registered on the interface with IP address 192.168.0.18.
The computer with the IP address 192.168.0.8 did not allow the name to be claimed by
this computer.

Error: (11/14/2014 00:05:52 PM) (Source: netbt) (EventID: 4321) (User: )
Description: The name "CARL-PC        :0" could not be registered on the interface with IP address 192.168.0.18.
The computer with the IP address 192.168.0.8 did not allow the name to be claimed by
this computer.

Error: (11/14/2014 00:05:52 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{6249F7B0-5D66-4930-9A04-3257C9BCA852} because another computer on the network has the same name.  The server could not start.

Error: (11/14/2014 00:05:49 PM) (Source: netbt) (EventID: 4321) (User: )
Description: The name "CARL-PC        :20" could not be registered on the interface with IP address 192.168.0.18.
The computer with the IP address 192.168.0.8 did not allow the name to be claimed by
this computer.

Error: (11/14/2014 00:05:49 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{6249F7B0-5D66-4930-9A04-3257C9BCA852} because another computer on the network has the same name.  The server could not start.

Microsoft Office Sessions:
=========================
Error: (04/01/2012 00:57:59 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 129 seconds with 120 seconds of active time.  This session ended with a crash.

CodeIntegrity Errors:
===================================
  Date: 2014-11-07 14:08:27.504
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-07 14:08:26.947
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-07 14:08:26.377
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-07 14:08:25.831
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-07 10:53:49.286
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-07 10:53:48.766
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-07 10:53:48.250
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-07 10:53:47.718
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-07 10:43:53.165
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-26 13:37:21.585
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\bdsandbox.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: AMD Phenom™ 9150e Quad-Core Processor
Percentage of memory in use: 52%
Total physical RAM: 3838.27 MB
Available physical RAM: 1821.32 MB
Total Pagefile: 7862.96 MB
Available Pagefile: 5656.88 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:586.4 GB) (Free:451.71 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 596.2 GB) (Disk ID: 83E6D949)
Partition 1: (Not Active) - (Size=9.8 GB) - (Type=27)
Partition 2: (Active) - (Size=586.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#8 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 14 November 2014 - 08:41 PM

Hi cstruck,

Please post all logs requested in one (1) reply. If they will not fit, then go ahead and break them up into multiple posts.

bullseye_zpse9eaf36e.gif TDSSKiller

Please download TDSSKiller.zip - Extract it to your desktop

  • TDSSKiller.exe
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Press Start Scan
    • Only if Malicious objects are found then ensure Cure is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

=========================

 

bullseye_zpse9eaf36e.gif FRST Fix Script

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the desktop as fixlist.txt



Start
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2265821247-3271303352-2493671787-1000\...409d6c4515e9\InprocServer32: [Default-shell32] C:\Users\Carl\AppData\Local\Temp\snprinv\svenosp\wow64.dll ATTENTION! ====> ZeroAccess?
URLSearchHook: HKLM-x32 - (No Name) - {22e03916-85c5-44b0-8dc9-1830c11238d9} - No File
SearchScopes: HKCU - Moikrug URL = http://moikrug.ru/pe...ms}&submitted=1
SearchScopes: HKCU - Yandex URL = http://start.iplay.c...&q={searchTerms}
SearchScopes: HKCU - {36377DD7-B3EB-42f5-986F-680BAF59BA9D} URL = http://yandex.ru/yan...xt={searchTerms}
BHO-x32: GamesBarBHO Class -> {CB0D163C-E9F4-4236-9496-0597E24B23A5} -> C:\Program Files (x86)\GamesBar\2.0.1.82\oberontb.dll No File
Toolbar: HKLM-x32 - No Name - {22e03916-85c5-44b0-8dc9-1830c11238d9} -  No File
Toolbar: HKU\S-1-5-21-2265821247-3271303352-2493671787-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKU\S-1-5-21-2265821247-3271303352-2493671787-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\85w9rd3l.default\searchplugins\yandex.xml
FF SearchPlugin: C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\85w9rd3l.default\searchplugins\ybqs-yandex.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\WebSearchober476294982.xml
FF Extension: Візуальныя закладкі - C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\85w9rd3l.default\Extensions\vb@yandex.ru [2013-04-24]
FF Extension: Кампанент &quot;Элементы Яндекса&quot; - C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\85w9rd3l.default\Extensions\yasearch@yandex.ru [2013-04-24]
FF Extension: LoudMo Contextual Ad Assistant - C:\Program Files (x86)\Mozilla Firefox\extensions\{5befc0da-3d3d-1bde-61c9-d91915f7ddda} [2010-05-01]
FF Extension: No Name - C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\85w9rd3l.default\extensions\gamesbar@oberon-media.com [Not Found]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [Not Found]
FF Extension: No Name - C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\85w9rd3l.default\extensions\toolbar@ask.com [Not Found]
ShopAtHome SelectRebates (HKLM-x32\...\SelectRebatesUninstall) (Version:  - ) <==== ATTENTION
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.8 - Pando Networks Inc.)
AlternateDataStreams: C:\Users\Carl\Downloads\AnySendSetup.exe:BDU
AlternateDataStreams: C:\Users\Carl\Downloads\bitdefender_tsecurity.exe:BDU
AlternateDataStreams: C:\Users\Carl\Downloads\Combatarms_VER_US_2.1206.09.exe.ftpfygb.partial:BDU
AlternateDataStreams: C:\Users\Carl\Downloads\iLividSetupV1 (1).exe:BDU
AlternateDataStreams: C:\Users\Carl\Downloads\Internet_Explorer.exe:BDU
AlternateDataStreams: C:\Users\Carl\Downloads\iTunes64Setup.exe.eti0yqo.partial:BDU
AlternateDataStreams: C:\Users\Carl\Downloads\LeagueofLegends (1).exe:BDU
AlternateDataStreams: C:\Users\Carl\Downloads\LeagueofLegends.exe:BDU
AlternateDataStreams: C:\Users\Carl\Downloads\Minecraft (4).exe:BDU
AlternateDataStreams: C:\Users\Carl\Downloads\MusicnotesSuite.exe:BDU
AlternateDataStreams: C:\Users\Carl\Downloads\setup-lightshot-2.0.1.5.exe:BDU
AlternateDataStreams: C:\Users\Carl\Downloads\Unconfirmed 48515.crdownload:BDU
AlternateDataStreams: C:\Users\David\Desktop\mcpatcher-2.4.0.exe:BDU
AlternateDataStreams: C:\Users\David\Desktop\Minecraft.exe:BDU
AlternateDataStreams: C:\Users\David\Desktop\SWTOR_setup.exe:BDU
AlternateDataStreams: C:\Users\David\Desktop\TechnicLauncher (3).exe:BDU
AlternateDataStreams: C:\Users\David\Downloads\chromeinstall-7u5.exe:BDU
AlternateDataStreams: C:\Users\David\Downloads\chromeinstall-7u9 (1).exe:BDU
AlternateDataStreams: C:\Users\David\Downloads\chromeinstall-7u9.exe:BDU
AlternateDataStreams: C:\Users\David\Downloads\GamersFirst_LIVE!_Setup_EN.exe:BDU
AlternateDataStreams: C:\Users\David\Downloads\jre-7-windows-x64.exe:BDU
AlternateDataStreams: C:\Users\David\Downloads\LeagueofLegends.exe:BDU
AlternateDataStreams: C:\Users\David\Downloads\mcpatcher-2.3.6.exe:BDU
AlternateDataStreams: C:\Users\David\Downloads\Minecraft (1).exe:BDU
AlternateDataStreams: C:\Users\David\Downloads\Minecraft.exe:BDU
AlternateDataStreams: C:\Users\David\Downloads\SkypeSetup.exe:BDU
AlternateDataStreams: C:\Users\mlstruck\Downloads\GraboidVideoInstaller-5.1.0.0.exe:BDU
EmptyTemp:
cmd: ipconfig /flushdns
End

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST and press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.

=========================

bullseye_zpse9eaf36e.gif Re-run Farbar Recovery Scan Tool it should be on your desktop.

    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.

=========================


In your next post please provide the following:


  • TDSSKiller log
  • Fixlog.txt
  • new FRST.txt
  • How is the computer running at the moment?

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#9 cstruck

cstruck

    Authentic Member

  • Authentic Member
  • PipPip
  • 80 posts

Posted 14 November 2014 - 09:10 PM

Good Evening OCD,  Sorry for not sending all the files in one post.  I'm having issues extracting the TDDSSKiller.zip file.  I tried in Internet explorer and Firefox.  Please Advise,  Carl



#10 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 14 November 2014 - 09:14 PM

What sort of issue are you having?


OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.

    Advertisements

Register to Remove


#11 cstruck

cstruck

    Authentic Member

  • Authentic Member
  • PipPip
  • 80 posts

Posted 14 November 2014 - 09:18 PM

Internet Explorer cannot display page



#12 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 14 November 2014 - 09:21 PM

Try going to this site and download the file:http://www.bleepingc...oad/tdsskiller/

 

either the .exe or the zip file


OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#13 cstruck

cstruck

    Authentic Member

  • Authentic Member
  • PipPip
  • 80 posts

Posted 14 November 2014 - 09:23 PM

that did it.  Thanks!



#14 cstruck

cstruck

    Authentic Member

  • Authentic Member
  • PipPip
  • 80 posts

Posted 14 November 2014 - 09:49 PM

just restarted following Fix.  Black screen say "CMOS Settings Wrong, CMOST DAte/Time Not Set, Press F2 to run SETUP, Press F1 to load default values and continue



#15 cstruck

cstruck

    Authentic Member

  • Authentic Member
  • PipPip
  • 80 posts

Posted 14 November 2014 - 10:29 PM

TDSSKiller Log--Nothing found

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-11-2014 02
Ran by Carl at 2014-11-14 21:31:32 Run:1
Running from C:\Users\Carl\Desktop
Loaded Profile: Carl (Available profiles: Carl & mlstruck & Julie & David & Katie)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2265821247-3271303352-2493671787-1000\...409d6c4515e9\InprocServer32: [Default-shell32] C:\Users\Carl\AppData\Local\Temp\snprinv\svenosp\wow64.dll ATTENTION! ====> ZeroAccess?
URLSearchHook: HKLM-x32 - (No Name) - {22e03916-85c5-44b0-8dc9-1830c11238d9} - No File
SearchScopes: HKCU - Moikrug URL = http://moikrug.ru/pe...ms}&submitted=1
SearchScopes: HKCU - Yandex URL = http://start.iplay.c...&q={searchTerms}
SearchScopes: HKCU - {36377DD7-B3EB-42f5-986F-680BAF59BA9D} URL = http://yandex.ru/yan...xt={searchTerms}
BHO-x32: GamesBarBHO Class -> {CB0D163C-E9F4-4236-9496-0597E24B23A5} -> C:\Program Files (x86)\GamesBar\2.0.1.82\oberontb.dll No File
Toolbar: HKLM-x32 - No Name - {22e03916-85c5-44b0-8dc9-1830c11238d9} -  No File
Toolbar: HKU\S-1-5-21-2265821247-3271303352-2493671787-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKU\S-1-5-21-2265821247-3271303352-2493671787-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\85w9rd3l.default\searchplugins\yandex.xml
FF SearchPlugin: C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\85w9rd3l.default\searchplugins\ybqs-yandex.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\WebSearchober476294982.xml
FF Extension: Візуальныя закладкі - C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\85w9rd3l.default\Extensions\vb@yandex.ru [2013-04-24]
FF Extension: Кампанент &quot;Элементы Яндекса&quot; - C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\85w9rd3l.default\Extensions\yasearch@yandex.ru [2013-04-24]
FF Extension: LoudMo Contextual Ad Assistant - C:\Program Files (x86)\Mozilla Firefox\extensions\{5befc0da-3d3d-1bde-61c9-d91915f7ddda} [2010-05-01]
FF Extension: No Name - C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\85w9rd3l.default\extensions\gamesbar@oberon-media.com [Not Found]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [Not Found]
FF Extension: No Name - C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\85w9rd3l.default\extensions\toolbar@ask.com [Not Found]
ShopAtHome SelectRebates (HKLM-x32\...\SelectRebatesUninstall) (Version:  - ) <==== ATTENTION
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.8 - Pando Networks Inc.)
AlternateDataStreams: C:\Users\Carl\Downloads\AnySendSetup.exe:BDU
AlternateDataStreams: C:\Users\Carl\Downloads\bitdefender_tsecurity.exe:BDU
AlternateDataStreams: C:\Users\Carl\Downloads\Combatarms_VER_US_2.1206.09.exe.ftpfygb.partial:BDU
AlternateDataStreams: C:\Users\Carl\Downloads\iLividSetupV1 (1).exe:BDU
AlternateDataStreams: C:\Users\Carl\Downloads\Internet_Explorer.exe:BDU
AlternateDataStreams: C:\Users\Carl\Downloads\iTunes64Setup.exe.eti0yqo.partial:BDU
AlternateDataStreams: C:\Users\Carl\Downloads\LeagueofLegends (1).exe:BDU
AlternateDataStreams: C:\Users\Carl\Downloads\LeagueofLegends.exe:BDU
AlternateDataStreams: C:\Users\Carl\Downloads\Minecraft (4).exe:BDU
AlternateDataStreams: C:\Users\Carl\Downloads\MusicnotesSuite.exe:BDU
AlternateDataStreams: C:\Users\Carl\Downloads\setup-lightshot-2.0.1.5.exe:BDU
AlternateDataStreams: C:\Users\Carl\Downloads\Unconfirmed 48515.crdownload:BDU
AlternateDataStreams: C:\Users\David\Desktop\mcpatcher-2.4.0.exe:BDU
AlternateDataStreams: C:\Users\David\Desktop\Minecraft.exe:BDU
AlternateDataStreams: C:\Users\David\Desktop\SWTOR_setup.exe:BDU
AlternateDataStreams: C:\Users\David\Desktop\TechnicLauncher (3).exe:BDU
AlternateDataStreams: C:\Users\David\Downloads\chromeinstall-7u5.exe:BDU
AlternateDataStreams: C:\Users\David\Downloads\chromeinstall-7u9 (1).exe:BDU
AlternateDataStreams: C:\Users\David\Downloads\chromeinstall-7u9.exe:BDU
AlternateDataStreams: C:\Users\David\Downloads\GamersFirst_LIVE!_Setup_EN.exe:BDU
AlternateDataStreams: C:\Users\David\Downloads\jre-7-windows-x64.exe:BDU
AlternateDataStreams: C:\Users\David\Downloads\LeagueofLegends.exe:BDU
AlternateDataStreams: C:\Users\David\Downloads\mcpatcher-2.3.6.exe:BDU
AlternateDataStreams: C:\Users\David\Downloads\Minecraft (1).exe:BDU
AlternateDataStreams: C:\Users\David\Downloads\Minecraft.exe:BDU
AlternateDataStreams: C:\Users\David\Downloads\SkypeSetup.exe:BDU
AlternateDataStreams: C:\Users\mlstruck\Downloads\GraboidVideoInstaller-5.1.0.0.exe:BDU
EmptyTemp:
cmd: ipconfig /flushdns
End
*****************

Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKU\S-1-5-21-2265821247-3271303352-2493671787-1000\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}" => Key deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\{22e03916-85c5-44b0-8dc9-1830c11238d9} => value deleted successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\Moikrug" => Key deleted successfully.
"HKCR\CLSID\Moikrug" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\Yandex" => Key deleted successfully.
"HKCR\CLSID\Yandex" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}" => Key deleted successfully.
"HKCR\CLSID\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CB0D163C-E9F4-4236-9496-0597E24B23A5}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{CB0D163C-E9F4-4236-9496-0597E24B23A5}" => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{22e03916-85c5-44b0-8dc9-1830c11238d9} => value deleted successfully.
"HKCR\Wow6432Node\CLSID\{22e03916-85c5-44b0-8dc9-1830c11238d9}" => Key not found.
HKU\S-1-5-21-2265821247-3271303352-2493671787-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => value deleted successfully.
"HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}" => Key not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => Key deleted successfully.
C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll => Moved successfully.
FF Plugin HKU\S-1-5-21-2265821247-3271303352-2493671787-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) => Error: No automatic fix found for this entry.
C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\85w9rd3l.default\searchplugins\yandex.xml => Moved successfully.
C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\85w9rd3l.default\searchplugins\ybqs-yandex.xml => Moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\WebSearchober476294982.xml => Moved successfully.
C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\85w9rd3l.default\Extensions\vb@yandex.ru => Moved successfully.
C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\85w9rd3l.default\Extensions\yasearch@yandex.ru => Moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{5befc0da-3d3d-1bde-61c9-d91915f7ddda} => Moved successfully.
C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\85w9rd3l.default\extensions\gamesbar@oberon-media.com not found.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} not found.
C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\85w9rd3l.default\extensions\toolbar@ask.com not found.
ShopAtHome SelectRebates (HKLM-x32\...\SelectRebatesUninstall) (Version:  - ) <==== ATTENTION => Error: No automatic fix found for this entry.
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.8 - Pando Networks Inc.) => Error: No automatic fix found for this entry.
C:\Users\Carl\Downloads\AnySendSetup.exe => ":BDU" ADS removed successfully.
C:\Users\Carl\Downloads\bitdefender_tsecurity.exe => ":BDU" ADS removed successfully.
C:\Users\Carl\Downloads\Combatarms_VER_US_2.1206.09.exe.ftpfygb.partial => ":BDU" ADS removed successfully.
C:\Users\Carl\Downloads\iLividSetupV1 (1).exe => ":BDU" ADS removed successfully.
C:\Users\Carl\Downloads\Internet_Explorer.exe => ":BDU" ADS removed successfully.
C:\Users\Carl\Downloads\iTunes64Setup.exe.eti0yqo.partial => ":BDU" ADS removed successfully.
C:\Users\Carl\Downloads\LeagueofLegends (1).exe => ":BDU" ADS removed successfully.
C:\Users\Carl\Downloads\LeagueofLegends.exe => ":BDU" ADS removed successfully.
C:\Users\Carl\Downloads\Minecraft (4).exe => ":BDU" ADS removed successfully.
C:\Users\Carl\Downloads\MusicnotesSuite.exe => ":BDU" ADS removed successfully.
C:\Users\Carl\Downloads\setup-lightshot-2.0.1.5.exe => ":BDU" ADS removed successfully.
C:\Users\Carl\Downloads\Unconfirmed 48515.crdownload => ":BDU" ADS removed successfully.
C:\Users\David\Desktop\mcpatcher-2.4.0.exe => ":BDU" ADS removed successfully.
C:\Users\David\Desktop\Minecraft.exe => ":BDU" ADS removed successfully.
C:\Users\David\Desktop\SWTOR_setup.exe => ":BDU" ADS removed successfully.
C:\Users\David\Desktop\TechnicLauncher (3).exe => ":BDU" ADS removed successfully.
C:\Users\David\Downloads\chromeinstall-7u5.exe => ":BDU" ADS removed successfully.
C:\Users\David\Downloads\chromeinstall-7u9 (1).exe => ":BDU" ADS removed successfully.
C:\Users\David\Downloads\chromeinstall-7u9.exe => ":BDU" ADS removed successfully.
C:\Users\David\Downloads\GamersFirst_LIVE!_Setup_EN.exe => ":BDU" ADS removed successfully.
C:\Users\David\Downloads\jre-7-windows-x64.exe => ":BDU" ADS removed successfully.
C:\Users\David\Downloads\LeagueofLegends.exe => ":BDU" ADS removed successfully.
C:\Users\David\Downloads\mcpatcher-2.3.6.exe => ":BDU" ADS removed successfully.
C:\Users\David\Downloads\Minecraft (1).exe => ":BDU" ADS removed successfully.
C:\Users\David\Downloads\Minecraft.exe => ":BDU" ADS removed successfully.
C:\Users\David\Downloads\SkypeSetup.exe => ":BDU" ADS removed successfully.
C:\Users\mlstruck\Downloads\GraboidVideoInstaller-5.1.0.0.exe => ":BDU" ADS removed successfully.

=========  ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => Removed 9.9 GB temporary data.

The system needed a reboot.

==== End of Fixlog ====

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-11-2014 02
Ran by Carl (administrator) on CARL-PC on 01-11-2014 22:18:15
Running from C:\Users\Carl\Desktop
Loaded Profile: Carl (Available profiles: Carl & mlstruck & Julie & David & Katie)
Platform: Windows Vista ™ Home Premium Service Pack 2 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\vsserv.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Agere Systems) C:\Windows\System32\agr64svc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\LVPrS64H.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Windows\mHotkey.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Chicony) C:\Windows\ChiFuncExt.exe
(Realtek Semiconductor) C:\Windows\RAVCpl64.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\bdagent.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Creative) C:\Windows\CNYHKey.exe
(Dropbox, Inc.) C:\Users\Carl\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Microsoft Corp.) C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
() C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe
(Chicony) C:\Windows\ModLEDKey.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RAVCpl64.exe [6495264 2008-09-18] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1833504 2008-09-18] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender\bdagent.exe [1754424 2008-08-06] (Bitdefender)
HKLM-x32\...\Run: [LchDrvKey] => C:\Windows\LchDrvKey.exe [36864 2007-03-28] ()
HKLM-x32\...\Run: [LedKey] => C:\Windows\CNYHKey.exe [339968 2008-04-23] (Creative)
HKLM-x32\...\Run: [P2Go_Menu] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [80896 2007-08-22] (Hewlett-Packard)
HKLM-x32\...\Run: [MSN Toolbar] => C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe [240992 2009-12-08] (Microsoft Corp.)
HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [288080 2009-07-17] (Microsoft Corporation)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [165208 2010-05-07] (Logitech Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2265821247-3271303352-2493671787-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2009-05-31] (Google Inc.)
HKU\S-1-5-21-2265821247-3271303352-2493671787-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21650016 2014-07-24] (Skype Technologies S.A.)
HKU\S-1-5-21-2265821247-3271303352-2493671787-1000\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [568400 2014-08-13] (Bitdefender)
HKU\S-1-5-21-2265821247-3271303352-2493671787-1000\...\Run: [Bitdefender Wallet] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [1002048 2014-08-13] (Bitdefender)
HKU\S-1-5-21-2265821247-3271303352-2493671787-1000\...\Run: [Bitdefender Wallet Application Agent] => C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [615256 2014-08-13] (Bitdefender)
HKU\S-1-5-21-2265821247-3271303352-2493671787-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-2265821247-3271303352-2493671787-1000\...\Run: [WMPNSCFG] => C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
HKU\S-1-5-21-2265821247-3271303352-2493671787-1000\...\MountPoints2: {92e36653-a89d-11df-b363-00226863662d} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL http://www.garmin.com/agent
HKU\S-1-5-18\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [568400 2014-08-13] (Bitdefender)
HKU\S-1-5-18\...\Run: [Bitdefender Wallet] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [1002048 2014-08-13] (Bitdefender)
HKU\S-1-5-18\...\Run: [Bitdefender Wallet Application Agent] => C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [615256 2014-08-13] (Bitdefender)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Carl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Carl\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Carl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [__SafeBox1] -> {152C96EB-288E-4EDC-B7C6-D21F8250ADF3} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox2] -> {342DAA0B-D796-460D-8566-901E08A1CCAD} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox3] -> {57595DAE-1AE1-4D97-A49E-67CBB53B52DF} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox4] -> {33816773-98AE-4723-ADE0-EBE54C8B5A67} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.co...ng}&rlz=1I7ACGW
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.co...ng}&rlz=1I7ACGW
SearchScopes: HKCU - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Bitdefender Wallet  -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender\pmbxie.dll (Bitdefender)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll No File
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: PE_IE_Helper Class -> {0941C58F-E461-4E03-BD7D-44C27392ADE1} -> C:\Program Files (x86)\IBM\Lotus Forms\Viewer\3.5\PEhelper.dll (IBM Corporation)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxie.dll (Bitdefender)
BHO-x32: FastestIE -> {54404F81-99CC-4FD3-9D29-92689B86C2CC} -> C:\Program Files (x86)\FastestIE\FastestIE.dll (fastestie.com)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: MSN Toolbar BHO -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-2265821247-3271303352-2493671787-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...tDetection2.cab
DPF: HKLM-x32 {74F4F118-91E6-4AFC-B8D2-04066781F239} https://www.member-d...dc/EZTwainX.cab
DPF: HKLM-x32 {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} https://kingsisle.hs...ameLauncher.CAB
DPF: HKLM-x32 {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab
DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnime...veX_Control.cab
DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicr...osoft/wrc32.ocx
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 216.177.160.61 216.177.160.60

FireFox:
========
FF ProfilePath: C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\85w9rd3l.default
FF NewTab: yafd:tabs
FF SelectedSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
FF Plugin: @Musicnotes.com/Musicnotes Viewer -> C:\Program Files\Musicnotes\npmusicn64.dll (Musicnotes, Inc.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @gamersfirst.com/LiveLauncher -> C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Windows\SysWOW64\npdeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpWinExt,version=4.0 -> C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @Musicnotes.com/Musicnotes Viewer -> C:\Program Files (x86)\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
FF Plugin-x32: @Sibelius.com/Scorch Plugin -> C:\Program Files (x86)\Musicnotes\npsibelius.dll ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @unity3d.com/UnityPlayer -> C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2265821247-3271303352-2493671787-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\mfc71.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\msvcr71.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npmfv.dll (IBM Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Extension: No Name - C:\Users\Carl\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com [2010-01-19]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\85w9rd3l.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-11-27]
FF Extension: No Name - C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\85w9rd3l.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}-trash [2010-11-27]
FF Extension: Search Assistant - C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\85w9rd3l.default\Extensions\{B3834E60-12A8-11E0-A289-939FDFD72085} [2012-05-17]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011-12-23]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011-08-20]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-12-25]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext
FF Extension: bdToolbar - C:\Program Files\Bitdefender\Bitdefender\bdtbext [2014-03-26]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-05-31]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009-09-04]
FF HKLM-x32\...\Firefox\Extensions: [msntoolbar@msn.com] - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\Firefox
FF Extension: MSN Toolbar - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\Firefox [2010-01-19]
FF HKLM-x32\...\Firefox\Extensions: [ffpwdman@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman [2014-03-26]
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{5befc0da-3d3d-1bde-61c9-d91915f7ddda} [Not Found]
FF Extension: No Name - C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\85w9rd3l.default\extensions\yasearch@yandex.ru [Not Found]
FF Extension: No Name - C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\85w9rd3l.default\extensions\vb@yandex.ru [Not Found]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP
CHR StartupUrls: Default -> "hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP", "hxxp://www.aol.com/"
CHR Profile: C:\Users\Carl\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Entanglement Web App) - C:\Users\Carl\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2011-02-23]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Carl\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (Bitdefender Wallet) - C:\Users\Carl\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccahoghmggldkcdjiebjkidpfongdfbl [2014-03-26]
CHR Extension: (Poppit!) - C:\Users\Carl\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2011-02-23]
CHR Extension: (Visual Bookmarks) - C:\Users\Carl\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkcpopggjcjkiicpenikeogioednjeac [2012-04-10]
CHR Extension: (Google Wallet) - C:\Users\Carl\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR HKLM-x32\...\Chrome\Extension: [ccahoghmggldkcdjiebjkidpfongdfbl] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxcr.crx [2014-03-26]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender\bdparentalservice.exe [77632 2014-08-13] (Bitdefender)
R2 ETService; C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe [24576 2008-06-11] () [File not signed]
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-08-07] (Garmin Ltd or its subsidiaries)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [139264 2007-11-06] (Hewlett-Packard Co.) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2008-08-19] () [File not signed]
R2 SafeBox; C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [94624 2013-07-08] (Bitdefender)
S3 scan; C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll [596776 2008-08-06] (Bitdefender)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe [67320 2014-08-13] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender\vsserv.exe [1536624 2008-08-06] (Bitdefender)
R2 yksvc; RUNDLL32.EXE ykx64coinst,serviceStartProc [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1260120 2014-08-13] (BitDefender)
R1 bdftdif; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdftdif.sys [119888 2011-11-14] (BitDefender LLC)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82824 2013-11-04] (BitDefender SRL)
R1 BDVEDISK; C:\Windows\System32\DRIVERS\bdvedisk.sys [76944 2012-04-17] (BitDefender)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [150256 2013-08-23] (BitDefender LLC)
R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [419616 2014-08-13] (BitDefender S.R.L.)
U4 bdselfpr; No ImagePath
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-14 22:23 - 2014-11-14 22:23 - 04184008 _____ (Kaspersky Lab ZAO) C:\Users\Carl\Desktop\tdsskiller.exe
2014-11-14 22:11 - 2014-11-14 22:11 - 00000000 _____ () C:\Users\Carl\Desktop\1xpvgyo3nge3m.qmqa2i9.partial
2014-11-14 13:10 - 2014-11-14 13:11 - 00041590 _____ () C:\Users\Carl\Desktop\Addition.txt
2014-11-14 13:09 - 2014-11-01 22:19 - 00027735 _____ () C:\Users\Carl\Desktop\FRST.txt
2014-11-14 12:52 - 2014-11-14 12:52 - 00003178 _____ () C:\Users\Carl\Desktop\JRT.txt
2014-11-14 12:47 - 2014-11-14 12:47 - 00000000 ____D () C:\Windows\ERUNT
2014-11-14 12:31 - 2014-11-14 12:35 - 00000000 ____D () C:\AdwCleaner
2014-11-14 12:30 - 2014-11-14 12:30 - 02140160 _____ () C:\Users\Carl\Desktop\AdwCleaner.exe
2014-11-14 12:28 - 2014-11-14 12:28 - 00001397 _____ () C:\Users\Carl\Desktop\checkup.txt
2014-11-14 12:21 - 2014-11-14 12:21 - 00001397 _____ () C:\Users\Carl\Documents\checkup.txt
2014-11-14 12:08 - 2014-11-14 12:09 - 02116608 _____ (Farbar) C:\Users\Carl\Desktop\FRST64.exe
2014-11-14 12:08 - 2014-11-14 12:08 - 05198336 _____ (AVAST Software) C:\Users\Carl\Desktop\aswMBR.exe
2014-11-14 12:00 - 2014-11-14 12:00 - 00854448 _____ () C:\Users\Carl\Desktop\SecurityCheck.exe
2014-11-14 11:59 - 2014-11-14 11:59 - 01706808 _____ (Thisisu) C:\Users\Carl\Desktop\JRT.exe
2014-11-13 10:04 - 2014-11-13 10:04 - 00000000 ____D () C:\Users\Carl\AppData\Local\Deployment
2014-11-13 10:04 - 2014-11-13 10:04 - 00000000 ____D () C:\Users\Carl\AppData\Local\Apps\2.0
2014-11-12 19:41 - 2014-11-12 19:43 - 00000000 ____D () C:\Users\Katie\AppData\Local\{F7B7211F-7DF3-4F52-AC66-4A184FED7C9A}
2014-11-12 19:35 - 2014-11-12 19:35 - 00000000 ____D () C:\Users\Katie\AppData\Local\Macromedia
2014-11-12 19:32 - 2014-11-12 19:32 - 00000000 ____D () C:\Users\Katie\AppData\Local\{DF1FB192-739E-41FA-8D7B-5F2E19DE2424}
2014-11-12 13:29 - 2014-11-12 13:29 - 00000000 ____D () C:\ProgramData\Dumps
2014-11-12 13:15 - 2014-11-12 13:15 - 00000000 ____D () C:\Users\Carl\{ca193454-bc05-40e6-8e1e-febbedb96b6c}
2014-11-12 12:55 - 2014-09-26 19:42 - 00883624 _____ (Oracle Corporation) C:\Windows\SysWOW64\npdeployJava1.dll
2014-11-12 12:55 - 2014-09-26 19:42 - 00806824 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2014-11-12 12:54 - 2014-11-12 12:54 - 00000000 ____D () C:\Users\Carl\AppData\Roaming\Oracle
2014-11-12 12:50 - 2014-09-26 19:42 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-11-12 12:50 - 2014-09-26 19:36 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-11-12 12:50 - 2014-09-26 19:36 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-11-12 12:50 - 2014-09-26 19:35 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-11-12 12:49 - 2014-11-12 12:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-11-12 11:54 - 2014-10-12 16:52 - 02782208 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 11:53 - 2014-09-18 17:50 - 00278528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-12 11:53 - 2014-09-18 17:45 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 11:48 - 2014-08-11 19:25 - 00729600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-12 11:48 - 2014-08-11 19:11 - 00923136 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 11:46 - 2014-10-09 18:10 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 11:46 - 2014-10-09 18:09 - 01689600 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 11:46 - 2014-10-09 18:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 11:46 - 2014-10-09 18:01 - 00077312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-12 11:46 - 2014-10-09 18:00 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-12 11:46 - 2014-10-09 16:53 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 11:46 - 2014-10-09 16:22 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-12 11:46 - 2014-06-15 15:18 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-11-12 11:46 - 2014-06-15 15:18 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-11-12 11:46 - 2014-06-13 11:22 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-11-12 11:46 - 2014-06-13 11:22 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-11-12 11:46 - 2014-06-13 10:36 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-11-12 11:46 - 2014-06-13 10:36 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-11-12 11:45 - 2014-10-17 18:08 - 00564224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-12 11:45 - 2014-10-17 17:46 - 00847360 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 11:45 - 2014-10-02 18:18 - 00274432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-12 11:45 - 2014-10-02 18:17 - 00396800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-12 11:45 - 2014-10-02 18:17 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-12 11:45 - 2014-10-02 18:03 - 00313344 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 11:45 - 2014-10-02 18:02 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 11:45 - 2014-10-02 18:01 - 00474624 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 11:45 - 2014-10-02 18:01 - 00446976 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 11:45 - 2014-10-02 16:49 - 00088576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\audiodg.exe
2014-11-12 11:29 - 2014-10-23 18:04 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-12 11:29 - 2014-10-23 17:39 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 11:29 - 2014-09-04 16:38 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
2014-11-12 11:29 - 2014-08-26 17:55 - 01249280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-12 11:29 - 2014-08-26 17:55 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-12 11:29 - 2014-08-26 17:41 - 01869824 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 11:29 - 2014-08-26 17:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 11:27 - 2014-09-08 23:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-11-12 11:27 - 2014-09-08 23:24 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-11-12 11:26 - 2014-10-27 13:13 - 02339840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-12 11:26 - 2014-10-27 13:06 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 11:26 - 2014-10-27 13:05 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 11:26 - 2014-10-27 13:04 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-11-12 11:26 - 2014-10-27 13:04 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-12 11:26 - 2014-10-27 13:04 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 11:26 - 2014-10-27 13:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-12 11:26 - 2014-10-27 13:03 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 11:26 - 2014-10-27 13:03 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-12 11:26 - 2014-10-27 13:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-12 11:26 - 2014-10-27 12:10 - 12366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-12 11:26 - 2014-10-27 12:05 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-12 11:26 - 2014-10-27 11:59 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-12 11:26 - 2014-10-27 11:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-11-12 11:26 - 2014-10-27 11:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-12 11:26 - 2014-10-27 11:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-12 11:26 - 2014-10-27 11:55 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-12 11:26 - 2014-10-27 11:55 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-12 11:26 - 2014-10-27 11:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-12 11:26 - 2014-10-27 11:54 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-12 11:25 - 2014-10-27 13:32 - 17870336 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 11:25 - 2014-10-27 13:12 - 10921472 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 11:25 - 2014-10-27 13:07 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 11:25 - 2014-10-27 13:05 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 11:25 - 2014-10-27 13:05 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-11-12 11:25 - 2014-10-27 13:04 - 02157056 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 11:25 - 2014-10-27 13:04 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 11:25 - 2014-10-27 13:04 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-12 11:25 - 2014-10-27 13:03 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-11-12 11:25 - 2014-10-27 13:03 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-11-12 11:25 - 2014-10-27 13:03 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-11-12 11:25 - 2014-10-27 12:02 - 09739776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-12 11:25 - 2014-10-27 11:59 - 01139712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-12 11:25 - 2014-10-27 11:58 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-12 11:25 - 2014-10-27 11:57 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-11-12 11:25 - 2014-10-27 11:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-12 11:25 - 2014-10-27 11:56 - 01802752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-12 11:25 - 2014-10-27 11:56 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-12 11:25 - 2014-10-27 11:56 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-12 11:25 - 2014-10-27 11:55 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-11-12 11:25 - 2014-10-27 11:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-11-12 11:25 - 2014-10-27 11:55 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-11-11 16:18 - 2014-11-11 16:18 - 00000000 ____D () C:\Users\mlstruck\AppData\Local\{28088A49-EE22-4F40-BA56-0A17D0DD823C}
2014-11-11 14:46 - 2014-11-01 22:18 - 00000000 ____D () C:\FRST
2014-11-10 06:56 - 2014-11-10 06:56 - 00000000 ____D () C:\Users\Katie\Documents\My Scans
2014-11-09 15:26 - 2014-11-09 15:27 - 00000000 ____D () C:\Users\mlstruck\AppData\Local\{CDF00B65-7969-41F4-BC77-7F8EB4E65D3C}
2014-11-09 15:13 - 2014-11-09 15:13 - 00000000 ____D () C:\Users\Katie\Documents\Recipes
2014-11-09 13:09 - 2014-11-09 13:09 - 00000000 ____D () C:\Users\Katie\AppData\Local\{AB61E324-AB16-40EE-89A7-115B7A8F0FA3}
2014-11-09 09:00 - 2014-11-12 12:50 - 00000000 ____D () C:\ProgramData\Oracle
2014-11-09 08:47 - 2014-11-12 12:50 - 00006782 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_71-b14.log
2014-11-07 11:43 - 2014-11-07 11:43 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-07 11:43 - 2014-11-07 11:43 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-06 14:07 - 2014-11-07 02:09 - 00000000 ____D () C:\Users\mlstruck\AppData\Local\{B49A7250-9AC9-4646-BD66-C0D0002860CE}
2014-11-04 19:06 - 2014-11-04 19:06 - 00227194 _____ () C:\Users\Katie\Documents\Jetblue Reservation scan code Apr 2015.pptx
2014-11-01 17:32 - 2014-11-01 17:32 - 00000385 _____ () C:\Users\Katie\AppData\Roaminguser_gensett.xml
2014-11-01 16:59 - 2014-11-01 16:59 - 00000000 ____D () C:\Users\Katie\AppData\Local\{D2701221-158F-4D2B-BAE6-84AEE50A127C}
2014-10-30 21:54 - 2014-10-31 21:56 - 00000000 ____D () C:\Users\mlstruck\AppData\Local\{F2F8F1C4-1E88-4056-83CF-C6855D7E6644}
2014-10-30 21:00 - 2014-10-30 21:00 - 00000000 _____ () C:\Users\David\Desktop\David Stem Cells
2014-10-30 18:50 - 2014-10-30 18:50 - 00000000 ___HD () C:\ProgramData\CanonBJ
2014-10-30 17:15 - 2014-10-30 17:15 - 00000000 ____D () C:\Users\Katie\AppData\Local\{AF51DC85-D4B3-46F1-AB2B-200D7ECAEC70}
2014-10-28 07:38 - 2014-10-30 07:43 - 00000000 ____D () C:\Users\mlstruck\AppData\Local\{92C16527-ED54-4A21-97EB-47E6AA9CAA6B}
2014-10-27 18:36 - 2014-10-27 18:36 - 00000000 ____D () C:\Users\Katie\AppData\Local\{174BD46C-ED3E-49ED-A115-DE683A6FE8A8}
2014-10-27 07:34 - 2014-10-27 19:37 - 00000000 ____D () C:\Users\mlstruck\AppData\Local\{66B3A009-F282-425C-8E94-13919D8882C9}
2014-10-26 11:51 - 2014-10-26 12:43 - 00000000 ____D () C:\Users\Katie\Downloads\Geography
2014-10-24 17:16 - 2014-11-13 20:58 - 00000000 ____D () C:\Users\Katie\Documents\French
2014-10-24 17:13 - 2014-10-24 17:13 - 00000000 ____D () C:\Users\Katie\AppData\Local\{F1F966AE-1A89-4933-9FF4-EDA420A20D8C}

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-14 22:46 - 2006-11-02 08:42 - 00032618 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-14 22:40 - 2012-04-27 12:19 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-14 22:32 - 2009-11-06 19:30 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-14 22:24 - 2014-03-30 11:33 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf4c468da22830.job
2014-11-14 22:19 - 2014-03-30 11:33 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1cf4c468da22830
2014-11-14 22:19 - 2014-03-30 11:33 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1cf4c468a09bf30
2014-11-14 22:07 - 2012-04-10 17:07 - 00000000 ____D () C:\Users\Carl\AppData\Roaming\Yandex
2014-11-14 12:05 - 2009-06-08 21:27 - 00000000 ____D () C:\Users\mlstruck
2014-11-14 11:54 - 2014-07-20 15:20 - 00000918 _____ () C:\Users\Carl\Desktop\Dropbox.lnk
2014-11-14 11:54 - 2014-07-18 13:49 - 00000000 ____D () C:\Users\Carl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-11-13 21:29 - 2006-11-02 06:33 - 00000000 __RSD () C:\Windows\Media
2014-11-13 20:27 - 2006-11-02 05:33 - 01310720 _____ () C:\Windows\system32\config\default_previous
2014-11-13 20:26 - 2010-08-18 14:30 - 00000000 ____D () C:\Users\Katie\Tracing
2014-11-12 19:43 - 2006-11-02 05:33 - 00262144 _____ () C:\Windows\system32\config\security_previous
2014-11-12 12:57 - 2011-10-07 10:18 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-11-12 12:55 - 2008-11-03 14:38 - 00000000 ____D () C:\Program Files (x86)\Java
2014-11-12 12:40 - 2012-04-27 12:19 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-12 12:40 - 2012-04-27 12:19 - 00003682 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-12 12:40 - 2011-05-14 06:00 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-12 12:32 - 2006-11-02 06:33 - 00000000 ____D () C:\Windows\rescache
2014-11-12 12:10 - 2006-11-02 08:21 - 00352808 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-12 11:51 - 2008-11-03 14:21 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-12 11:44 - 2013-08-14 03:09 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-11 16:21 - 2010-01-04 22:52 - 00000000 ____D () C:\Users\mlstruck\Documents\Christmas
2014-11-11 16:17 - 2010-11-29 17:30 - 00000000 ____D () C:\Users\mlstruck\Tracing
2014-11-09 16:14 - 2010-07-20 06:37 - 00000000 ____D () C:\Users\mlstruck\Documents\My Scans
2014-11-09 13:23 - 2013-04-22 16:22 - 00000000 ____D () C:\Users\Katie\Documents\English
2014-11-09 13:14 - 2010-01-04 20:48 - 00000000 ____D () C:\Users\Katie\AppData\Roaming\Apple Computer
2014-11-01 22:19 - 2014-07-20 15:20 - 00000000 ___RD () C:\Users\Carl\Dropbox
2014-11-01 22:19 - 2014-07-18 13:03 - 00000000 ____D () C:\Users\Carl\AppData\Roaming\Dropbox
2014-11-01 22:18 - 2006-11-02 05:46 - 00006656 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-01 11:21 - 2011-12-23 20:15 - 00000000 ____D () C:\Users\David\AppData\Roaming\Skype
2014-11-01 11:05 - 2014-03-10 15:49 - 00000000 ____D () C:\Users\David\AppData\Roaming\.minecraft
2014-11-01 00:26 - 2006-11-02 05:35 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-10-27 07:34 - 2011-04-17 20:50 - 00000000 ____D () C:\Users\mlstruck\AppData\Roaming\BitDefender
2014-10-26 16:06 - 2011-04-17 13:30 - 00000000 ____D () C:\Users\David\AppData\Roaming\BitDefender
2014-10-23 20:43 - 2014-03-25 22:23 - 00000000 ____D () C:\Users\Carl\Documents\Liza
2014-10-23 06:11 - 2011-12-23 20:13 - 00000000 ____D () C:\ProgramData\Skype
2014-10-23 00:26 - 2012-04-10 17:06 - 00001134 _____ () C:\Users\Carl\AppData\Local\UserProducts.xml
2014-10-22 21:26 - 2009-09-04 20:08 - 00000000 ____D () C:\Users\Carl\Documents\My Scans

Some content of TEMP:
====================
C:\Users\Carl\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpttjptp.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-11-14 13:15

==================== End Of Log ============================

Bitdefender still not working correctly and Google Chrome still not responding

Computer restarted after Fix and CMOS settings were wrong and CMOS Date/Time not Set.  I entered F1 to load default values and continue.  I had to go in manually and update the time. 


Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users