[Inactive] HP Studio Laptop
Page 1 of 2 12 LastLast
Results 1 to 15 of 30

Thread: [Inactive] HP Studio Laptop

  1. #1
    Join Date
    May 2001
    Location
    to close to Washington D.C.
    Posts
    2,269

    [Inactive] HP Studio Laptop

    first:

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-06-2015
    Ran by Sharon (administrator) on SHARON-PC on 08-06-2015 21:48:56
    Running from F:\
    Loaded Profiles: Sharon (Available Profiles: Sharon)
    Platform: Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: English (United States)
    Internet Explorer Version 9 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\stacsv64.exe
    (Microsoft Corporation) C:\Windows\System32\SLsvc.exe
    (http://simple-files.com/) C:\Program Files (x86)\SmileFilesUpdater\SmileFilesUpdater.exe
    (Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe
    (Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    (LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\N360.exe
    (SoftThinks) C:\Windows\sminst\SftService.exe
    (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
    (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
    (Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
    (SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
    (LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
    () C:\Program Files (x86)\USB Optical Mouse\USB Optical Mouse\MouseHid.exe
    (Apple Inc.) C:\Program Files (x86)\QuickTime\QTTask.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\N360.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
    (SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Farbar) F:\FRST64 (1).exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM-x32\...\Run: [Easy Dock] => [X]
    HKLM-x32\...\RunOnce: [MyWebSearch bar Uninstall] => rundll32 C:\PROGRA~2\UNINST~1.DLL,O -2
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-2719491577-406441165-2934950541-1000\...\Run: [Easy Dock] => [X]
    HKU\S-1-5-21-2719491577-406441165-2934950541-1000\...\MountPoints2: {057f2312-7c88-11de-8e7e-00038a000015} - F:\VZAccess_Manager.exe /z detect
    HKU\S-1-5-21-2719491577-406441165-2934950541-1000\...\MountPoints2: {29aad533-2eaf-11df-ad3c-002219ee52ac} - G:\rcaeasyrip_setup.exe
    HKU\S-1-5-21-2719491577-406441165-2934950541-1000\...\MountPoints2: {4fc44098-b149-11de-8596-002219ee52ac} - F:\VZAccess_Manager.exe /z detect
    HKU\S-1-5-21-2719491577-406441165-2934950541-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2006-11-02] (Microsoft Corporation)
    Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2009-06-12]
    ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2009-06-12]
    ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\21.5.0.19\buShell.dll [2014-02-27] (Symantec Corporation)
    ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\21.5.0.19\buShell.dll [2014-02-27] (Symantec Corporation)
    ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\21.5.0.19\buShell.dll [2014-02-27] (Symantec Corporation)
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com
    HKU\S-1-5-21-2719491577-406441165-2934950541-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search.ask.com/?tpid=ORJ-...-23&psv=&pt=tb
    SearchScopes: HKLM-x32 -> DefaultScope {6560422E-A3FB-4B3A-9D6A-D2D48BAD0FA4} URL =
    SearchScopes: HKLM-x32 -> {56256A51-B582-467e-B8D4-7786EDA79AE0} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZUxdm572YYUS&ptb=6JtRTm9Pd6rzwKmUYp2ASw&psa=&ind=2010080211&ptnrS=ZUxdm572YYUS&si=200020&st=sb&n=77cf63d3&searchfor={searchTerms}
    SearchScopes: HKLM-x32 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
    SearchScopes: HKU\.DEFAULT -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
    SearchScopes: HKU\S-1-5-19 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
    SearchScopes: HKU\S-1-5-20 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
    SearchScopes: HKU\S-1-5-21-2719491577-406441165-2934950541-1000 -> URL http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3292715&CUI=UN30889068267258263&UM=2&UP=SP066BDC8E-A9C9-4758-B17C-B1C7ABFC9C98&SSPV=
    SearchScopes: HKU\S-1-5-21-2719491577-406441165-2934950541-1000 -> SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
    SearchScopes: HKU\S-1-5-21-2719491577-406441165-2934950541-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
    SearchScopes: HKU\S-1-5-21-2719491577-406441165-2934950541-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-2719491577-406441165-2934950541-1000 -> {56256A51-B582-467e-B8D4-7786EDA79AE0} URL =
    SearchScopes: HKU\S-1-5-21-2719491577-406441165-2934950541-1000 -> {5C99C337-A32D-42CF-8A34-AF2D05CF588C} URL = http://www.search.ask.com/web?tpid=ORJ-SPE&o=APN11405&pf=V7&p2=%5EBBD%5EOSJ000%5EYY%5EUS&gct=&itbv=12.15.5.30&apn_uid=08FE773B-9F99-4EE4-9C0C-BEECA4C796BB&apn_ptnrs=BBD&apn_dtid=%5EOSJ000%5EYY%5EUS&apn_dbr=ie_9.0.8112.16563&doi=2014-08-23&trgb=IE&q={searchTerms}&psv=&pt=tb
    SearchScopes: HKU\S-1-5-21-2719491577-406441165-2934950541-1000 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL =
    BHO: youtubeadblocker -> {21d682e2-9272-4ebe-af1d-e3372acce7b2} -> C:\Program Files (x86)\youtubeadblocker\mVokkEpmucmwuL.x64.dll [2015-04-02] ()
    BHO: shopperz -> {5081D2D4-1637-404c-B74F-50526718257D} -> C:\Program Files\shopperz\mseff64.dll No File
    BHO: ArcadeFrontier Addon -> {6C8DB2EC-499B-4897-A784-0E3186C97E9D} -> C:\Users\Sharon\AppData\Local\ArcadeFrontier\ArcadeFrontier_x64.dll No File
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-01-19] (Oracle Corporation)
    BHO: PriiCeeLeesss -> {8b14e0b1-8cf0-4f6a-91b5-31f2da1043c8} -> C:\Program Files (x86)\PriiCeeLeesss\CZ23sTFe8PtSnj.x64.dll [2015-04-02] ()
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-05] (Google Inc.)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-01-19] (Oracle Corporation)
    BHO: XBTBPos00 Class -> {EDBBE0D0-A76A-4FE4-AE6B-13BCEFFD75C8} -> C:\Program Files (x86)\Brand Thunder\IE\tbcore3x64.dll No File
    BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
    BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll [2013-09-06] (McAfee, Inc.)
    BHO-x32: IEOptimizer -> {10AD2C61-0898-4348-8600-14A342F22AC3} -> C:\Program Files (x86)\SavingsBull\IEOptimizer.dll [2014-02-18] ()
    BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated)
    BHO-x32: PDF Suite Helper -> {1AD61D5B-58A3-4592-9B34-DC84688FF805} -> C:\Program Files (x86)\PDF Suite 2010\PDFIEHelper.dll [2010-02-10] (Interactive Brands)
    BHO-x32: youtubeadblocker -> {21d682e2-9272-4ebe-af1d-e3372acce7b2} -> C:\Program Files (x86)\youtubeadblocker\mVokkEpmucmwuL.dll [2015-04-02] ()
    BHO-x32: RivalGaming Games -> {26D675AC-D925-4bbf-A720-62C2AA4A81EB} -> C:\Users\Sharon\AppData\Local\RivalGaming\RivalGaming.dll [2012-04-06] (RivalGaming)
    BHO-x32: Idmsq Extension -> {3AA4FC9D-FB51-44a2-B09F-0457857CA7C2} -> C:\Users\Sharon\AppData\Roaming\IDMSQ\idmsqext.dll [2013-10-24] (Or Interactive Ltd)
    BHO-x32: shopperz -> {5081D2D4-1637-404c-B74F-50526718257D} -> C:\Program Files\shopperz\mseff32.dll No File
    BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
    BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\coIEPlg.dll [2014-07-31] (Symantec Corporation)
    BHO-x32: CIEDownload Object -> {67BCF957-85FC-4036-8DC4-D4D80E00A77B} -> C:\Program Files (x86)\SMART Technologies Inc\Notebook Software\NotebookPlugin.dll [2007-05-08] (SMART Technologies Inc.)
    BHO-x32: No Name -> {6C8DB2EC-499B-4897-A784-0E3186C97E9D} -> No File
    BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\IPS\IPSBHO.DLL [2014-07-23] (Symantec Corporation)
    BHO-x32: Funmoods Helper Object -> {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} -> C:\PROGRA~2\Funmoods\1.5.23.22\bh\escort.dll No File
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-07-25] (Oracle Corporation)
    BHO-x32: PriiCeeLeesss -> {8b14e0b1-8cf0-4f6a-91b5-31f2da1043c8} -> C:\Program Files (x86)\PriiCeeLeesss\CZ23sTFe8PtSnj.dll [2015-04-02] ()
    BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17] (Microsoft Corporation)
    BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-05] (Google Inc.)
    BHO-x32: No Name -> {D3D233D5-9F6D-436C-B6C7-E63F77503B30} -> C:\PROGRA~2\INBOXT~1\Inbox.dll No File
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-07-25] (Oracle Corporation)
    BHO-x32: XBTBPos00 Class -> {EDBBE0D0-A76A-4FE4-AE6B-13BCEFFD75C8} -> C:\Program Files (x86)\Brand Thunder\IE\tbcore3.dll No File
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-05] (Google Inc.)
    Toolbar: HKLM-x32 - &Inbox Toolbar - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\PROGRA~2\INBOXT~1\Inbox.dll No File
    Toolbar: HKLM-x32 - PDF Suite Toolbar - {261F6A8B-7AAF-4BF5-8552-6610F4D67819} - C:\Program Files (x86)\PDF Suite 2010\PDFIEPlugin.dll [2010-02-10] (Interactive Brands)
    Toolbar: HKLM-x32 - FingerSystem IE Memo - {8D13872E-6174-49C1-B8D2-793F90CCAFAC} - C:\Program Files (x86)\Finger System Inc\Fingersystem Ipen Driver\FGIeMemo.dll [2003-02-17] ()
    Toolbar: HKLM-x32 - Funmoods Toolbar - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\PROGRA~2\Funmoods\1.5.23.22\escorTlbr.dll No File
    Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\coIEPlg.dll [2014-07-31] (Symantec Corporation)
    Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-05] (Google Inc.)
    Toolbar: HKU\S-1-5-21-2719491577-406441165-2934950541-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    Toolbar: HKU\S-1-5-21-2719491577-406441165-2934950541-1000 -> No Name - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
    Toolbar: HKU\S-1-5-21-2719491577-406441165-2934950541-1000 -> No Name - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
    Toolbar: HKU\S-1-5-21-2719491577-406441165-2934950541-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-05] (Google Inc.)
    Toolbar: HKU\S-1-5-21-2719491577-406441165-2934950541-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    Toolbar: HKU\S-1-5-21-2719491577-406441165-2934950541-1000 -> No Name - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
    Toolbar: HKU\S-1-5-21-2719491577-406441165-2934950541-1000 -> No Name - {7846AE31-BEA2-438A-8F5E-2D899361656C} - No File
    Toolbar: HKU\S-1-5-21-2719491577-406441165-2934950541-1000 -> No Name - {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
    Toolbar: HKU\S-1-5-21-2719491577-406441165-2934950541-1000 -> No Name - {4153492D-4700-A76A-76A7-7A786E7484D7} - No File
    Toolbar: HKU\S-1-5-21-2719491577-406441165-2934950541-1000 -> No Name - {4F524A2D-5350-4500-76A7-7A786E7484D7} - No File
    DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/pr.../ieawsdc32.cab
    DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/s...irector/sw.cab
    DPF: HKLM-x32 {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfarm.com/images/noc...tup1.0.1.1.cab
    DPF: HKLM-x32 {21BB8360-F943-447E-98F3-3C22345375A7} http://aolsvc.aol.com/onlinegames/fr...b.1.0.0.13.cab
    DPF: HKLM-x32 {2D168880-539F-4967-BA11-F7C2862B9E1D} http://aolsvc.aol.com/onlinegames/fr...eb.1.0.0.4.cab
    DPF: HKLM-x32 {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} http://archives.gametap.com/static/c...pWebPlayer.cab
    DPF: HKLM-x32 {639658F3-B141-4D6B-B936-226F75A5EAC3} http://aolsvc.aol.com/onlinegames/tr...2.1.0.0.67.cab
    DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
    DPF: HKLM-x32 {74E4A24D-5224-4F05-8A41-99445E0FC22B} http://aolsvc.aol.com/onlinegames/fr...ouseplayer.cab
    DPF: HKLM-x32 {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/...Uploader55.cab
    DPF: HKLM-x32 {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} http://aolsvc.aol.com/onlinegames/fr...sPlayer_v4.cab
    DPF: HKLM-x32 {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://aolsvc.aol.com/onlinegames/fr...ylomplayer.cab
    DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/ge...nt/swflash.cab
    DPF: HKLM-x32 {D40F5876-A494-4124-8161-82625BB28C06} http://aolsvc.aol.com/onlinegames/fr...b.1.0.0.14.cab
    DPF: HKLM-x32 {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://aolsvc.aol.com/onlinegames/be...loader_v10.cab
    DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: HKLM-x32 {FCB28D51-A017-46B2-9FB3-F7BFD53B2E42} http://aolsvc.aol.com/onlinegames/fr...eb.1.0.0.6.cab
    Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~2\INBOXT~1\Inbox.dll No File
    Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-02] (Microsoft Corporation)
    Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-02] (Microsoft Corporation)
    Winsock: Catalog9 11 C:\Windows\SysWOW64\Gambali.dll [340944 2015-04-02] (Gambali OEM Software)
    Winsock: Catalog9 12 C:\Windows\SysWOW64\Gambali.dll [340944 2015-04-02] (Gambali OEM Software)
    Winsock: Catalog9 13 C:\Windows\SysWOW64\Gambali.dll [340944 2015-04-02] (Gambali OEM Software)
    Winsock: Catalog9 14 C:\Windows\SysWOW64\Gambali.dll [340944 2015-04-02] (Gambali OEM Software)
    Winsock: Catalog9 15 C:\Windows\SysWOW64\Gambali.dll [340944 2015-04-02] (Gambali OEM Software)
    Winsock: Catalog9-x64 01 C:\Windows\system32\Gambali64.dll [408424 2015-04-02] (Gambali OEM Software)
    Winsock: Catalog9-x64 02 C:\Windows\system32\Gambali64.dll [408424 2015-04-02] (Gambali OEM Software)
    Winsock: Catalog9-x64 03 C:\Windows\system32\Gambali64.dll [408424 2015-04-02] (Gambali OEM Software)
    Winsock: Catalog9-x64 04 C:\Windows\system32\Gambali64.dll [408424 2015-04-02] (Gambali OEM Software)
    Winsock: Catalog9-x64 15 C:\Windows\system32\Gambali64.dll [408424 2015-04-02] (Gambali OEM Software)
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

    FireFox:
    ========
    FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-01-19] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-01-19] (Oracle Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2010-09-22] ()
    FF Plugin-x32: @ei.Retrogamer_4w.com/Plugin -> C:\Program Files (x86)\Retrogamer_4wEI\Installr\2.bin\NP4wEISB.dll [2012-12-28] (Retrogamer)
    FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-25] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-07-25] (Oracle Corporation)
    FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll [2013-09-06] (McAfee, Inc.)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2008-12-04] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
    FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll [2012-05-31] (Oberon-Media )
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-14] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-14] (Google Inc.)
    FF Plugin-x32: @viewpoint.com/VMP -> C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll [2004-02-20] ()
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-2719491577-406441165-2934950541-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Sharon\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-05-14] (Unity Technologies ApS)
    FF Extension: RivalGaming - C:\Users\Sharon\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\links@rivalgaming.com [2012-04-06]
    FF HKLM\...\Firefox\Extensions: [{5081D2D4-1637-404c-B74F-50526718257D}] - C:\Program Files\shopperz\Firefox
    FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-10-08]
    FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
    FF HKLM-x32\...\Firefox\Extensions: [FFPDFConverter@ib.com] - C:\Program Files (x86)\PDF Suite 2010\firefoxextension
    FF Extension: PDF Suite Converter For Firefox - C:\Program Files (x86)\PDF Suite 2010\firefoxextension [2010-02-26]
    FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.5.0.19\coFFPlgn
    FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.5.0.19\coFFPlgn [2015-06-08]
    FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.5.0.19\IPSFF
    FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.5.0.19\IPSFF [2014-08-22]

    Chrome:
    =======
    CHR dev: Chrome dev build detected! <======= ATTENTION
    CHR HomePage: Default -> hxxp://www.google.com/
    CHR StartupUrls: Default -> "hxxp://www.google.com/"
    CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\PepperFlash\pepflashplayer.dll ()
    CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\ppGoogleNaClPluginChrome.dll No File
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\pdf.dll No File
    CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
    CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.1.3\\npsitesafety.dll No File
    CHR Plugin: (Oberon com adapter) - C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll (Oberon-Media )
    CHR Plugin: (Exent® AOD Gecko Plugin) - C:\Program Files (x86)\Free Ride Games\npExentCtl.dll No File
    CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll No File
    CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    CHR Plugin: (My Web Search Plugin Stub) - C:\Program Files (x86)\MyWebSearch\bar\2.bin\NPMyWebS.dll No File
    CHR Plugin: (Retrogamer Installer Plugin Stub) - C:\Program Files (x86)\Retrogamer_4wEI\Installr\2.bin\NP4wEISB.dll (Retrogamer)
    CHR Plugin: (MetaStream 3 Plugin) - C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
    CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    CHR Plugin: (Unity Player) - C:\Users\Sharon\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
    CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll No File
    CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
    CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
    CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll No File
    CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    CHR Profile: C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (AVG Do Not Track) - C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\epojjbofkhffmihobdncmbhdocjljhpi [2015-04-02]
    CHR Extension: (Norton Identity Safe) - C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-08-23]
    CHR Extension: (We-Care Reminder) - C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm [2014-02-19]
    CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14]
    CHR Extension: (Norton Security Toolbar) - C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-08-23]
    CHR Extension: (Google Wallet) - C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-29]
    CHR Extension: (Internet Download Manager Squared) - C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohenffmfbnoidogjgebadealdkecjdal [2014-03-22]
    CHR HKLM\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\Sharon\AppData\Local\funmoods.crx [2012-09-10]
    CHR HKU\S-1-5-21-2719491577-406441165-2934950541-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\Sharon\AppData\Local\funmoods.crx [2012-09-10]
    CHR HKU\S-1-5-21-2719491577-406441165-2934950541-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hgiifhjbblnglipdbpdgagphlcbililb] - C:\Users\Sharon\AppData\Local\CRE\hgiifhjbblnglipdbpdgagphlcbililb.crx [2013-12-12]
    CHR HKLM-x32\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\Sharon\AppData\Local\funmoods.crx [2012-09-10]
    CHR HKLM-x32\...\Chrome\Extension: [hgiifhjbblnglipdbpdgagphlcbililb] - C:\Users\Sharon\AppData\Local\CRE\hgiifhjbblnglipdbpdgagphlcbililb.crx [2013-12-12]
    CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\Exts\Chrome.crx [2014-08-22]
    CHR HKLM-x32\...\Chrome\Extension: [ohenffmfbnoidogjgebadealdkecjdal] - C:\Users\Sharon\AppData\Roaming\IDMSQ\IDMSQ.crx [2013-09-24]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S2 astcc; C:\Windows\SysWOW64\ASTSRV.EXE [393216 2008-02-28] (Nalpeiron Ltd.) [File not signed]
    S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [36936 2014-10-09] (Just Develop It) <==== ATTENTION
    S2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2008-12-18] (Stardock Corporation) [File not signed]
    S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
    S3 lxcf_device; C:\Windows\system32\lxcfcoms.exe [451584 2005-07-25] ( )
    S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
    R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\N360.exe [265040 2014-07-31] (Symantec Corporation)
    S2 PDF Suite 2010 Service; C:\Program Files (x86)\PDF Suite 2010\ConversionService.exe [725768 2010-02-10] (Interactive Brands Inc.)
    R2 SftService; C:\Windows\sminst\sftservice.EXE [632048 2009-02-23] (SoftThinks)
    S2 Updater Service for AMZN; C:\Program Files (x86)\Amazon Browser Bar\ToolbarUpdaterService.exe [203776 2012-02-01] () [File not signed]
    S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-20] (Microsoft Corporation)
    S2 BTHelper.exe; C:\Program Files (x86)\Brand Thunder\Helper\bin\BTHelper.exe [X]
    S2 OutfoxTvService; C:\Program Files\OutfoxTV\OutfoxTvService.exe [X]

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S2 ASCTRM; C:\Windows\SysWow64\Drivers\ASCTRM.sys [8552 2009-07-26] (Windows (R) 2000 DDK provider)
    R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.5.0.19\Definitions\BASHDefs\20140821.007\BHDrvx64.sys [1588016 2014-08-18] (Symantec Corporation)
    R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1505000.013\ccSetx64.sys [162392 2014-02-20] (Symantec Corporation)
    R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-08-23] (Symantec Corporation)
    R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-08-23] (Symantec Corporation)
    S3 FlyUsb; C:\Windows\System32\DRIVERS\FlyUsb.sys [24576 2012-09-28] (LeapFrog)
    R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.5.0.19\Definitions\IPSDefs\20140905.001\IDSvia64.sys [633560 2014-09-02] (Symantec Corporation)
    R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.5.0.19\Definitions\VirusDefs\20140907.003\ENG64.SYS [129752 2014-08-23] (Symantec Corporation)
    R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.5.0.19\Definitions\VirusDefs\20140907.003\EX64.SYS [2137304 2014-08-23] (Symantec Corporation)
    R3 NMgamingmsFltr; C:\Windows\System32\drivers\NMgamingms.sys [11264 2009-07-24] (Primax Ltd)
    S3 NWUSBModem; C:\Windows\System32\DRIVERS\nwusbmdm.sys [213120 2008-05-09] (Novatel Wireless Inc.)
    S3 NWUSBPort; C:\Windows\System32\DRIVERS\nwusbser.sys [213120 2008-05-09] (Novatel Wireless Inc.)
    S3 NWUSBPort2; C:\Windows\System32\DRIVERS\nwusbser2.sys [213120 2008-05-09] (Novatel Wireless Inc.)
    R3 SMARTVHidMiniVistaAmd64; C:\Windows\System32\DRIVERS\SMARTVHidMiniVistaAmd64.sys [10496 2007-03-08] (SMART Technologies Inc.)
    R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1505000.013\SRTSP64.SYS [875736 2014-07-23] (Symantec Corporation)
    R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1505000.013\SRTSPX64.SYS [36952 2014-07-23] (Symantec Corporation)
    S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2013-12-23] ()
    R0 SymDS; C:\Windows\System32\drivers\N360x64\1505000.013\SYMDS64.SYS [493656 2014-07-23] (Symantec Corporation)
    R0 SymEFA; C:\Windows\System32\drivers\N360x64\1505000.013\SYMEFA64.SYS [1148120 2014-07-23] (Symantec Corporation)
    R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-08-22] (Symantec Corporation)
    R1 SymIRON; C:\Windows\system32\drivers\N360x64\1505000.013\Ironx64.SYS [264280 2014-07-23] (Symantec Corporation)
    R1 SYMTDIv; C:\Windows\System32\Drivers\N360x64\1505000.013\SYMTDIV.SYS [510168 2014-07-23] (Symantec Corporation)
    R1 cherimoya; system32\drivers\cherimoya.sys [X]
    S1 hlnfd; system32\drivers\hlnfd.sys [X]
    S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
    S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
    S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
    S3 PCD5SRVC{048DBD20-445E8C82-05040104}; \??\C:\PROGRA~2\DELLSU~1\HWDiag\bin\PCD5SRVC_x64.pkms [X]
    S3 SYMFW; \SystemRoot\System32\Drivers\N360x64\0308030.006\SYMFW.SYS [X]
    S3 SYMNDISV; \SystemRoot\System32\Drivers\N360x64\0308030.006\SYMNDISV.SYS [X]
    S2 X4HSX32; \??\C:\Program Files (x86)\GameTap Web Player\bin\Release\X4HSX32.Sys [X]
    S2 X5XSEx; \??\C:\Program Files (x86)\Free Ride Games\X5XSEx.Sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-06-08 21:19 - 2010-07-22 08:52 - 00775696 _____ (MyWebSearch.com) C:\Program Files (x86)\Uninstall Fun Web Products.dll
    2015-06-08 20:58 - 2015-06-08 20:58 - 00317952 _____ C:\Windows\Minidump\Mini060815-01.dmp
    2015-06-07 22:08 - 2015-06-08 21:48 - 00000000 ____D C:\FRST
    2015-05-16 23:23 - 2015-05-18 16:54 - 02154496 _____ C:\Users\Sharon\Desktop\JEOPARDY GEOMETRY SOL REVIEW 14-15.ppt
    2015-05-13 23:09 - 2015-04-19 17:24 - 01029120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
    2015-05-13 23:09 - 2015-04-19 17:24 - 00219648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
    2015-05-13 23:09 - 2015-04-19 17:24 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
    2015-05-13 23:09 - 2015-04-19 17:24 - 00160768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
    2015-05-13 23:09 - 2015-04-19 16:19 - 01172480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
    2015-05-13 23:09 - 2015-04-19 16:18 - 00486400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
    2015-05-13 23:09 - 2015-04-19 16:13 - 00682496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
    2015-05-13 23:09 - 2015-04-19 16:12 - 01072640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
    2015-05-13 23:09 - 2015-04-17 20:16 - 01268224 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
    2015-05-13 23:09 - 2015-04-17 20:16 - 00327680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
    2015-05-13 23:09 - 2015-04-17 20:16 - 00287232 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
    2015-05-13 23:09 - 2015-04-17 20:16 - 00196096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
    2015-05-13 23:09 - 2015-04-17 19:45 - 02002944 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
    2015-05-13 23:09 - 2015-04-17 19:44 - 00566272 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
    2015-05-13 23:09 - 2015-04-17 19:35 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
    2015-05-13 23:09 - 2015-04-17 19:33 - 01561088 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
    2015-05-13 23:09 - 2015-04-17 19:33 - 01154048 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
    2015-05-13 23:09 - 2015-04-17 19:30 - 02793472 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2015-05-13 21:44 - 2015-04-30 12:03 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2015-05-13 21:44 - 2015-04-30 11:41 - 00347648 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2015-05-13 21:15 - 2015-04-10 19:33 - 00384512 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
    2015-05-13 21:15 - 2015-04-10 19:22 - 00279552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\services.exe
    2015-05-13 21:12 - 2015-04-30 09:14 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
    2015-05-13 21:12 - 2015-04-30 09:14 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
    2015-05-12 21:59 - 2015-04-09 19:52 - 02339840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2015-05-12 21:59 - 2015-04-09 19:47 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2015-05-12 21:59 - 2015-04-09 19:46 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2015-05-12 21:59 - 2015-04-09 19:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2015-05-12 21:59 - 2015-04-09 19:45 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2015-05-12 21:59 - 2015-04-09 19:45 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2015-05-12 21:59 - 2015-04-09 19:45 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2015-05-12 21:59 - 2015-04-09 19:14 - 12379136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2015-05-12 21:59 - 2015-04-09 19:10 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2015-05-12 21:59 - 2015-04-09 19:05 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2015-05-12 21:59 - 2015-04-09 19:04 - 00421888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2015-05-12 21:59 - 2015-04-09 19:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2015-05-12 21:59 - 2015-04-09 19:03 - 00718336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2015-05-12 21:59 - 2015-04-09 19:03 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2015-05-12 21:59 - 2015-04-09 19:03 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2015-05-12 21:59 - 2015-04-09 19:03 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2015-05-12 21:59 - 2015-04-09 19:03 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2015-05-12 21:58 - 2015-04-09 20:10 - 17881088 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2015-05-12 21:58 - 2015-04-09 19:55 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2015-05-12 21:58 - 2015-04-09 19:53 - 10935808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2015-05-12 21:58 - 2015-04-09 19:48 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2015-05-12 21:58 - 2015-04-09 19:46 - 02158080 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2015-05-12 21:58 - 2015-04-09 19:46 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2015-05-12 21:58 - 2015-04-09 19:46 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2015-05-12 21:58 - 2015-04-09 19:46 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2015-05-12 21:58 - 2015-04-09 19:46 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2015-05-12 21:58 - 2015-04-09 19:46 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2015-05-12 21:58 - 2015-04-09 19:46 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
    2015-05-12 21:58 - 2015-04-09 19:46 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2015-05-12 21:58 - 2015-04-09 19:45 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
    2015-05-12 21:58 - 2015-04-09 19:45 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
    2015-05-12 21:58 - 2015-04-09 19:45 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
    2015-05-12 21:58 - 2015-04-09 19:08 - 09750528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2015-05-12 21:58 - 2015-04-09 19:08 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2015-05-12 21:58 - 2015-04-09 19:05 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2015-05-12 21:58 - 2015-04-09 19:04 - 01804288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2015-05-12 21:58 - 2015-04-09 19:04 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2015-05-12 21:58 - 2015-04-09 19:04 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2015-05-12 21:58 - 2015-04-09 19:04 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2015-05-12 21:58 - 2015-04-09 19:03 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2015-05-12 21:58 - 2015-04-09 19:03 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2015-05-12 21:58 - 2015-04-09 19:03 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
    2015-05-12 21:58 - 2015-04-09 19:03 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
    2015-05-12 21:58 - 2015-04-09 19:03 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-06-08 21:43 - 2010-06-24 22:45 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-06-08 21:23 - 2015-04-02 22:07 - 00000000 ____D C:\Program Files (x86)\SmileFiles
    2015-06-08 21:07 - 2011-08-23 10:24 - 00000000 ____D C:\Windows\pss
    2015-06-08 21:05 - 2012-08-28 10:54 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-06-08 21:05 - 2009-06-12 03:27 - 01928276 _____ C:\Windows\WindowsUpdate.log
    2015-06-08 21:04 - 2010-06-24 22:45 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-06-08 21:00 - 2014-03-11 17:42 - 00000000 ____D C:\Users\Sharon\AppData\Roaming\IDMSQ
    2015-06-08 20:59 - 2006-11-02 11:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2015-06-08 20:59 - 2006-11-02 11:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    2015-06-08 20:59 - 2006-11-02 11:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    2015-06-08 20:58 - 2009-12-18 00:55 - 00000000 ____D C:\Windows\Minidump
    2015-06-08 20:58 - 2009-12-18 00:54 - 794868058 _____ C:\Windows\MEMORY.DMP
    2015-06-07 22:49 - 2006-11-02 11:27 - 00261436 _____ C:\Windows\setupact.log
    2015-06-07 22:01 - 2006-11-02 08:46 - 00812552 _____ C:\Windows\system32\PerfStringBackup.INI
    2015-05-30 11:52 - 2006-11-02 11:42 - 00032532 _____ C:\Windows\Tasks\SCHEDLGU.TXT
    2015-05-25 19:07 - 2012-06-13 15:04 - 00000000 ____D C:\Program Files\Lx_cats
    2015-05-25 12:53 - 2011-12-31 21:26 - 00000000 ____D C:\Users\Sharon\AppData\Local\CrashDumps
    2015-05-16 08:52 - 2014-03-11 16:50 - 00000000 ____D C:\Program Files (x86)\IDMSQ
    2015-05-15 22:18 - 2006-11-02 11:07 - 00000000 ___RD C:\Users\Public\Recorded TV
    2015-05-14 22:38 - 2010-06-24 22:45 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2015-05-14 22:38 - 2010-06-24 22:45 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2015-05-14 16:41 - 2006-11-02 11:21 - 00403096 _____ C:\Windows\system32\FNTCACHE.DAT
    2015-05-14 16:39 - 2006-11-02 11:07 - 00000000 ____D C:\Program Files\Windows Journal
    2015-05-13 22:30 - 2009-10-04 21:49 - 00000000 ____D C:\ProgramData\Microsoft Help
    2015-05-13 22:18 - 2013-07-24 03:02 - 00000000 ____D C:\Windows\system32\MRT
    2015-05-13 22:05 - 2015-04-02 22:13 - 00000000 ____D C:\Program Files (x86)\PriiCeeLeesss
    2015-05-13 21:49 - 2006-11-02 08:35 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
    2015-05-13 21:14 - 2006-11-02 11:07 - 00000000 ____D C:\Windows\SysWOW64\XPSViewer
    2015-05-13 21:12 - 2010-06-05 12:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    2015-05-13 21:10 - 2009-06-12 09:14 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
    2015-05-09 09:05 - 2011-10-22 11:58 - 00002015 _____ C:\lxcf.log

    ==================== Files in the root of some directories =======

    2015-06-08 21:19 - 2010-07-22 08:52 - 0775696 _____ (MyWebSearch.com) C:\Program Files (x86)\Uninstall Fun Web Products.dll
    2009-10-19 20:19 - 2015-01-27 18:58 - 0002330 _____ () C:\Users\Sharon\AppData\Roaming\evpro32.prf
    2015-01-01 00:17 - 2015-01-01 00:17 - 0000552 _____ () C:\Users\Sharon\AppData\Local\d3d8caps.dat
    2014-01-01 09:45 - 2014-01-01 09:45 - 0000680 _____ () C:\Users\Sharon\AppData\Local\d3d9caps.dat
    2013-11-14 12:49 - 2013-11-14 12:49 - 0007052 _____ () C:\Users\Sharon\AppData\Local\d3d9caps.tmp
    2010-01-27 23:25 - 2014-09-06 15:00 - 0060928 _____ () C:\Users\Sharon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2010-06-24 22:27 - 2010-06-24 22:28 - 0200065 _____ () C:\Users\Sharon\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
    2010-06-24 22:27 - 2010-06-24 22:27 - 0000002 _____ () C:\Users\Sharon\AppData\Local\dd_dotnetfx35error.txt
    2010-06-24 22:27 - 2010-06-24 22:28 - 0109544 _____ () C:\Users\Sharon\AppData\Local\dd_dotnetfx35install.txt
    2014-03-11 16:53 - 2014-03-11 16:58 - 0434964 _____ () C:\Users\Sharon\AppData\Local\dd_vcredistMSI4A42.txt
    2013-07-25 13:33 - 2013-07-25 13:33 - 0386256 _____ () C:\Users\Sharon\AppData\Local\dd_vcredistMSI4C04.txt
    2009-12-31 21:33 - 2009-12-31 21:33 - 0423272 _____ () C:\Users\Sharon\AppData\Local\dd_vcredistMSI5A5C.txt
    2014-03-11 16:53 - 2014-03-11 16:58 - 0016094 _____ () C:\Users\Sharon\AppData\Local\dd_vcredistUI4A42.txt
    2013-07-25 13:32 - 2013-07-25 13:33 - 0011378 _____ () C:\Users\Sharon\AppData\Local\dd_vcredistUI4C04.txt
    2009-12-31 21:33 - 2009-12-31 21:33 - 0011370 _____ () C:\Users\Sharon\AppData\Local\dd_vcredistUI5A5C.txt
    2012-09-10 09:46 - 2012-09-10 09:46 - 0031465 _____ () C:\Users\Sharon\AppData\Local\funmoods.crx
    2009-10-19 19:59 - 2014-04-17 16:57 - 0004096 ____H () C:\Users\Sharon\AppData\Local\keyfile3.drm
    2010-06-24 22:27 - 2010-06-24 22:28 - 0003124 _____ () C:\Users\Sharon\AppData\Local\uxeventlog.txt
    2011-12-15 22:25 - 2011-12-29 17:53 - 0001940 _____ () C:\Users\Sharon\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
    2014-12-25 10:03 - 2014-12-25 10:03 - 0000000 _____ () C:\Users\Sharon\AppData\Local\{9F9A6295-AB11-47C0-86F2-0FF5D7FF0764}
    2011-06-13 02:27 - 2011-06-13 02:27 - 0000000 _____ () C:\Users\Sharon\AppData\Local\{D63E6BA5-CCDD-4F2D-8196-7E0035FF344C}
    2014-12-16 23:23 - 2014-12-16 23:23 - 0000000 _____ () C:\Users\Sharon\AppData\Local\{DCDD22A3-AEAD-42F7-B76D-5CFC34029865}
    2012-09-23 17:18 - 2012-09-23 17:32 - 0000624 _____ () C:\ProgramData\hpzinstall.log
    2009-10-09 16:23 - 2009-10-09 16:23 - 0001426 _____ () C:\ProgramData\productlist.xml

    Files to move or delete:
    ====================
    C:\Users\Public\AlexaNSISPlugin.6040.dll


    Some files in TEMP:
    ====================
    C:\Users\Sharon\AppData\Local\Temp\eject.exe
    C:\Users\Sharon\AppData\Local\Temp\GLB1A2B.EXE
    C:\Users\Sharon\AppData\Local\Temp\msvcp71.dll
    C:\Users\Sharon\AppData\Local\Temp\msvcr71.dll
    C:\Users\Sharon\AppData\Local\Temp\ose00000.exe
    C:\Users\Sharon\AppData\Local\Temp\tbGam0.dll
    C:\Users\Sharon\AppData\Local\Temp\_is46C6.exe


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-06-08 21:05

    ==================== End of log ============================

  2. #2
    Join Date
    May 2001
    Location
    to close to Washington D.C.
    Posts
    2,269
    addition:

    Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-06-2015
    Ran by Sharon at 2015-06-07 22:10:39
    Running from F:\
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-2719491577-406441165-2934950541-500 - Administrator - Disabled)
    ASPNET (S-1-5-21-2719491577-406441165-2934950541-1002 - Limited - Enabled)
    Guest (S-1-5-21-2719491577-406441165-2934950541-501 - Limited - Disabled)
    Sharon (S-1-5-21-2719491577-406441165-2934950541-1000 - Administrator - Enabled) => C:\Users\Sharon

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Norton 360 (Enabled - Out of date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
    AS: Norton 360 (Enabled - Out of date) {631E4324-D31C-783F-EC5C-35AD42B18466}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: Norton 360 (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    4 Elements II (HKLM-x32\...\985edda6b17a0e8241611d44673e451a) (Version: - )
    ACECAD DigiMemo Manager (HKLM-x32\...\{50EF6812-7B51-4459-A52D-B4776DAAA415}) (Version: 1.0.0 - ACECAD)
    Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
    Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.0.2.12610 - Adobe Systems Inc.)
    Adobe Flash Player 10 Plugin (HKLM-x32\...\{0DFB3DE8-65B9-44FF-AA0A-3BECC5A2BFD1}) (Version: 10.0.32.18 - Adobe Systems, Inc.)
    Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
    Adobe Reader 9.5.5 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
    Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.1.629 - Adobe Systems, Inc.)
    Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: - )
    Anti-phishing Domain Advisor (HKLM-x32\...\Anti-phishing Domain Advisor) (Version: 1.1.0.1 - Visicom Media Inc. (Powered by Panda Security))
    Apple Application Support (HKLM-x32\...\{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}) (Version: 1.3.2 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{33EB1061-ABF1-4470-A540-32E97A610536}) (Version: 3.2.0.47 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    ArioForm Lite for ACECAD 1.1.0 (HKLM-x32\...\{5229C5BA-387D-4A65-95C9-CC3E2FDC375E}_is1) (Version: - Ariolis)
    Bejeweled 2 Deluxe (HKLM-x32\...\Bejeweled 2 Deluxe) (Version: - PopCap Games)
    Bonjour (HKLM\...\{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}) (Version: 2.0.3.0 - Apple Inc.)
    Build It! Miami Beach Resort (HKLM-x32\...\amg-builditmiamibeachresort) (Version: - gamehouse)
    Burger Shop (HKLM-x32\...\4536fc8d7c09d096a907b462f51fc84e) (Version: - )
    Burger Shop 2™ (remove only) (HKLM-x32\...\Burger Shop 2™) (Version: - )
    Choice Guard (x32 Version: 1.2.87.0 - Microsoft Corporation) Hidden
    Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    CWA Reminder by We-Care.com v4.1.26.3 (HKLM-x32\...\{26B4D0E1-6F6D-48DF-8719-80276A259F7E}) (Version: 4.1.26.3 - We-Care.com)
    Deer Drive (HKLM-x32\...\111448437) (Version: - Oberon Media)
    Delicious Deluxe (remove only) (HKLM-x32\...\Delicious Deluxe) (Version: - )
    Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 2.18 - Dell)
    Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: Dell DataSafe Local Backup 2.75 x64 - Dell)
    Dell Dock (HKLM\...\{F6CB42B9-F033-4152-8813-FF11DA8E6A78}) (Version: 1.0.0 - Dell)
    Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
    Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
    Dell Support Center (Support Software) (HKLM-x32\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.5.08318 - Dell)
    Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.102.101.211 - Alps Electric)
    Dell Video Chat (HKLM-x32\...\Dell Video Chat) (Version: 6.0 (6567) - SightSpeed Inc.)
    Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: - )
    Dell-eBay (HKLM-x32\...\{B935C985-A17F-484B-8470-09E4FC27DC26}) (Version: 1.00.0000 - Dell)
    Download Updater (AOL LLC) (HKLM-x32\...\SoftwareUpdUtility) (Version: - ) <==== ATTENTION
    Elementals - The Magic Key (HKLM-x32\...\16a3f7225f105619fa1519b4844d3743) (Version: - )
    ExamView Pro (HKLM-x32\...\ExamView Pro) (Version: - )
    Farming Simulator 2011 (HKLM-x32\...\FarmingSimulator2011_PLATINUMEN_is1) (Version: 1.0 - GIANTS Software)
    Farmscapes (HKLM-x32\...\Farmscapes_is1) (Version: 1.0 - Media Contact LLC)
    Fingersystem Ipen Driver (HKLM-x32\...\{69C77452-4D16-4182-B325-B2CEDABFA740}) (Version: - )
    Fishdom H2O Hidden Odyssey (TM) (HKLM-x32\...\78f1b0f4810ded51b2421c2a80fbbdb9) (Version: - )
    Free Download Manager 3.9.2 (HKLM-x32\...\Free Download Manager_is1) (Version: - FreeDownloadManager.ORG)
    Game Master 1.1 Toolbar (HKLM-x32\...\Game_Master_1.1 Toolbar) (Version: 6.2.7.3 - Game Master 1.1)
    GameTap Web Player (HKLM-x32\...\{86C0E2A3-1EDA-4F01-A43D-80DA8642813C}_is1) (Version: - Metaboli)
    Gardenscapes - Mansion Makeover (HKLM-x32\...\46b9a12a24ec4746772406e7a1f487a2) (Version: - )
    Gardenscapes (HKLM-x32\...\97aa6660c2eb5d7678ec45247eba5328) (Version: - )
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.135 - Google Inc.)
    Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
    Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
    Homepage Protection (HKLM-x32\...\Homepage Protection) (Version: - AOL Products)
    Hospital Haste (HKLM-x32\...\bec1c9b3c1d035d30940bb4274f17e42) (Version: - )
    Inbox Toolbar (HKLM-x32\...\{612AD33D-9824-4E87-8396-92374E91C4BB}_is1) (Version: 1.0.0 - Inbox.com, Inc.)
    InteGrade Pro (HKLM-x32\...\InteGrade Pro) (Version: 9.4.0.0 - Pearson School Systems)
    Integrated Webcam Driver (1.05.02.1227) (HKLM\...\Creative OA001) (Version: 1.05.02.1227 - Creative Technology Ltd.)
    Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - )
    Internet Download Manager Upgrade (HKU\S-1-5-21-2719491577-406441165-2934950541-1000\...\d46796c124a73858) (Version: 1.0.0.1 - Internet Download Manager Upgrade)
    Internet Download Manager² 1.0 (HKLM-x32\...\IDMSQ) (Version: 1.0 - OR Interactive Ltd)
    ITECIR (HKLM-x32\...\{F6BB6248-C507-46FE-8A35-1B16F35E0441}) (Version: 1.9 - ITE)
    iTunes (HKLM\...\{104FB32A-7CE3-4C4B-B2AA-70C613FF9DFA}) (Version: 10.0.1.22 - Apple Inc.)
    Jane's Hotel Mania (HKLM-x32\...\99d712d92aa2cdf2047016e39d61edf1) (Version: - )
    Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle)
    Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.670 - Oracle)
    Java(TM) 6 Update 26 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216011FF}) (Version: 6.0.260 - Sun Microsystems, Inc.)
    Jet Set Go (HKLM-x32\...\951e5b35edd28682e6c2193974c885f4) (Version: - )
    Junk Mail filter update (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
    Kitchen Brigade (HKLM-x32\...\92c9031c29e9fbf4809091383e25294d) (Version: - )
    LeapFrog Connect (HKLM-x32\...\UPCShell) (Version: 4.2.9.15649 - LeapFrog)
    LeapFrog Connect (x32 Version: 4.2.9.15649 - LeapFrog) Hidden
    Lexmark 730 Series (HKLM\...\Lexmark 730 Series) (Version: - )
    Live! Cam Avatar Creator (HKLM-x32\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.1419.1 - Creative Technology Ltd)
    McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.130.10 - McAfee, Inc.)
    Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
    Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM-x32\...\M2698023) (Version: - )
    Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM-x32\...\M2833941) (Version: - )
    Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM-x32\...\M979906) (Version: - )
    Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
    Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft PowerPoint Viewer 97 (HKLM-x32\...\PPTView97) (Version: - )
    Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
    Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
    Mobile Broadband Generic Drivers (HKLM-x32\...\{68CC54AC-EFE5-4CE4-81F8-BE0C834E2D86}) (Version: 2.02.07.002.14 - Novatel Wireless)
    My Web Search (HKLM-x32\...\MyWebSearch bar Uninstall) (Version: - My Web Search) <==== ATTENTION
    MyPC Backup (HKLM\...\MyPC Backup) (Version: - JDi Backup Ltd) <==== ATTENTION
    MyScript Notes for ACECAD (HKLM-x32\...\{6378CFE7-D898-4C41-A7DD-4BB54ED80BB7}) (Version: 2.2.0.1 - Vision Objects)
    Mystery of Mortlake Mansion(TM) (HKLM-x32\...\f3c5b9886c3471dfe2a3f285b8874441) (Version: - )
    Norton 360 (HKLM-x32\...\N360) (Version: 21.5.0.19 - Symantec Corporation)
    Oregon Trail(R) 5 (HKLM-x32\...\Oregon Trail(R) 5) (Version: - )
    PDF Suite 2010 (HKLM-x32\...\{F0D70E89-E902-4B44-94E4-A668AA80E167}) (Version: 9.0.8 - Interactive Brands Inc.)
    PH Mathematics Interactive Textbook - Algebra 1 (HKLM-x32\...\{FA4600DF-CC63-4813-9606-4C93469FAF36}) (Version: 1.00.0000 - Prentice Hall)
    PH Mathematics Interactive Textbook - Geometry (HKLM-x32\...\{ACAC2BF5-B8A1-49B8-840E-865BEAF05B4C}) (Version: 1.00.0000 - Prentice Hall)
    Plan It Green(C) (remove only) (HKLM-x32\...\Plan It Green(C)) (Version: - )
    PowerDVD DX (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.2.5024 - Dell Corp.)
    PriiCeeLeesss (HKLM-x32\...\{75F9BF4A-AF67-A478-A37B-31D73186D3F3}) (Version: - ) <==== ATTENTION
    Quickset (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 9.2.8 - Dell Inc.)
    QuickTime (HKLM-x32\...\{E7004147-2CCA-431C-AA05-2AB166B9785D}) (Version: 7.68.75.0 - Apple Inc.)
    RealPlayer Basic (HKLM-x32\...\RealPlayer 6.0) (Version: - )
    RivalGaming (HKU\S-1-5-21-2719491577-406441165-2934950541-1000\...\RivalGaming) (Version: - RivalGaming)
    Roads of Rome (HKLM-x32\...\da4a21f058e17ce70e21360d504769ff) (Version: - )
    Roads of Rome 3 (HKLM-x32\...\d109e8f40a26046e672f997c4f75e9fe) (Version: - )
    RocketTab (HKLM-x32\...\RocketTab) (Version: - RocketTab) <==== ATTENTION!
    Roxio Creator DE (HKLM-x32\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - Roxio)
    RTC Client API v1.2 (HKLM-x32\...\{44CDBD1B-89FB-4E02-8319-2A4C550F664A}) (Version: 1.2.0000 - Microsoft)
    SavingsBull (x32 Version: 1.0.0.0 - SavingsBull) Hidden <==== ATTENTION
    Search App by Ask (HKLM-x32\...\{4F524A2D-5350-4500-76A7-A758B70C0F05}) (Version: 12.15.5.30 - APN, LLC) <==== ATTENTION
    Shockwave (HKLM-x32\...\Shockwave) (Version: - )
    shopperz 2.0.0.457 (HKLM\...\{5081D2D4-1637-404c-B74F-50526718257D}_is1) (Version: 2.0.0.457 - shopperz) <==== ATTENTION
    SMART Board Software (HKLM-x32\...\{46486451-E60F-42C3-92D7-796D8594688A}) (Version: 9.7.44.0 - SMART Technologies Inc.)
    SMART Essentials for Educators (HKLM-x32\...\{CF8B49B4-98C5-4F55-B743-7956B24567C0}) (Version: 1.1.9.0 - SMART Technologies Inc.)
    SmileFiles (HKU\S-1-5-21-2719491577-406441165-2934950541-1000\...\SmileFiles) (Version: 27.15.14 - http://www.realdown4load.com)
    Spirits and Curses 3-in-1 Bundle (HKLM-x32\...\1a170e04091dbaf5b04f57372c74da29) (Version: - )
    Stronghold Kingdoms (HKLM-x32\...\{D1D632A2-E249-466D-A094-B1B934D37645}_is1) (Version: 1.17 - Firefly Studios)
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    The Secret of Hildegards (HKLM-x32\...\eb5fbc9eac27ce3365399c5be04ece91) (Version: - )
    Timez Attack Launcher (HKLM-x32\...\Timez Attack Launcher O) (Version: O - Big Brainz)
    TI-SmartView™ for the TI-84 Plus Family (HKLM-x32\...\{DCFC65CB-97F5-4B9D-BFCD-BAEC7B053FAE}) (Version: 3.1 - Texas Instruments Incorporated.)
    Unity Web Player (HKU\S-1-5-21-2719491577-406441165-2934950541-1000\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
    University of Mary Washington (HKLM-x32\...\{2808B1F2-4E55-4340-9601-07489B18A510}) (Version: 3.0.0 - Antech Systems, Inc.)
    Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
    Update Service SmileFiles (HKU\S-1-5-21-2719491577-406441165-2934950541-1000\...\Update Service SmileFiles) (Version: 27.15.14 - http://www.realdown4load.com)
    USB Optical Mouse (HKLM-x32\...\{EEAE45EB-C1E3-4CCD-930D-D7B40F810063}) (Version: 1.00.0000 - )
    Viewpoint Media Player (HKLM-x32\...\ViewpointMediaPlayer) (Version: - )
    VZAccess Manager for Novatel (HKLM-x32\...\{7BA20EF6-AE4E-4408-B083-7AE999E92D73}) (Version: 6.9.8 - Smith Micro Software Inc.)
    Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0) (HKLM\...\781745E87AFF80C0C1388CFF79D19ECAB2E9BB47) (Version: 11/05/2008 1.1.1.0 - LeapFrog)
    Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation)
    Windows Live Sign-in Assistant (HKLM-x32\...\{9422C8EA-B0C6-4197-B8FC-DC797658CA00}) (Version: 5.000.818.6 - Microsoft Corporation)
    Windows Live Sync (HKLM-x32\...\{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}) (Version: 14.0.8050.1202 - Microsoft Corporation)
    Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
    Yahoo! Detect (HKLM-x32\...\YTdetect) (Version: - )
    youtubeadblocker (HKLM-x32\...\{4820778D-AB0D-6D18-C316-52A6A0E1D507}) (Version: - ) <==== ATTENTION

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-2719491577-406441165-2934950541-1000_Classes\CLSID\{2A6D18AD-E610-DCE1-B772-87F9110B8FFD}\localserver32 -> C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-2719491577-406441165-2934950541-1000_Classes\CLSID\{8A1C607E-0A29-BB91-4F97-07C7C0A3394B}\localserver32 -> C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-2719491577-406441165-2934950541-1000_Classes\CLSID\{C649303D-D33E-8E12-F1D6-961B1E498743}\localserver32 -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\A3DUtility.exe (Adobe Systems Incorporated)
    CustomCLSID: HKU\S-1-5-21-2719491577-406441165-2934950541-1000_Classes\CLSID\{FBAA1843-D6E4-E1D1-F5F0-7FAFDB6FC0A0}\localserver32 -> "C:\Program Files (x86)\AOL 9.0\waol.exe" No File

    ==================== Restore Points =========================

    22-05-2014 03:01:05 Windows Update
    15-06-2014 03:12:55 Windows Update
    16-06-2014 03:05:23 Windows Update
    25-07-2014 03:00:35 Windows Update
    17-08-2014 03:02:13 Windows Update
    23-08-2014 19:03:09 Installed Java 7 Update 67
    29-08-2014 03:00:19 Windows Update
    10-09-2014 16:16:02 Windows Update
    13-09-2014 03:00:21 Windows Update
    21-10-2014 03:01:12 Windows Update
    17-11-2014 04:01:10 Windows Update
    25-11-2014 04:00:22 Windows Update
    12-12-2014 18:52:48 Windows Update
    14-01-2015 04:00:12 Windows Update
    11-02-2015 22:31:01 Windows Update
    15-02-2015 20:07:57 Windows Update
    12-03-2015 03:00:58 Windows Update
    14-03-2015 03:00:56 Windows Update
    19-04-2015 18:54:40 Windows Update
    13-05-2015 21:04:18 Windows Update

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2006-11-02 08:34 - 2014-03-11 17:42 - 00000804 ____N C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 localhost
    127.0.0.1 d3oxij66pru1i3.cloudfront.net


    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {047BC9CA-925C-4665-9C14-695326AFB9D7} - System32\Tasks\Microsoft\Windows\RestartManager\{3561D1ED-62B8-45df-BD07-EDC512DF8AD0} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
    Task: {0967A724-38BB-481F-B5C8-3F96846E510D} - \Advanced System Protector_startup No Task File <==== ATTENTION
    Task: {1D5D74C0-5D42-407C-A339-511D7A6DA010} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
    Task: {20E1C551-02AA-4AE6-903D-C0203D6179BF} - System32\Tasks\gtaUpt => C:\Program Files\shopperz\zaeed.bat [2015-03-25] ()
    Task: {228F6F11-8F2A-4878-985D-01491532C40F} - System32\Tasks\Update Service SmileFiles => C:\Program Files (x86)\SmileFilesUpdater\SmileFilesUpdater.exe [2015-04-02] (http://simple-files.com/)
    Task: {4F26B35F-1C44-4041-AFEC-70C2E2A01854} - System32\Tasks\{BEB2ADA5-4771-4730-A968-B7D70955466F} => pcalua.exe -a E:\installers\Netscape-FlashplayerInstall.exe -d E:\installers
    Task: {53B1A808-C22C-4D8C-9081-742E13D189B6} - System32\Tasks\{D3B06E94-F191-4E5A-9591-B98D7B070FE8} => pcalua.exe -a "C:\Program Files (x86)\The Learning Company\Oregon Trail(R) 5\TLCRUN.EXE" -d "C:\Program Files (x86)\The Learning Company\Oregon Trail(R) 5" -c Main
    Task: {55DBD4B3-81EC-40C9-882F-D6B45ACC3399} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION
    Task: {668452DF-F8D7-4C1B-8BE6-B6CBAF3F0789} - System32\Tasks\Microsoft\Windows\RestartManager\{3BFBE0B0-A4A1-4e73-802D-8AFD29B7F7C2} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
    Task: {66E1DAC3-C5E9-4934-B696-544C87BFB84F} - System32\Tasks\{320AA01D-BF19-4DFF-B1C1-2FFB553F6735} => pcalua.exe -a E:\Setup.EXE -d E:\
    Task: {6C06CFA1-307E-4745-8C9D-C2BD46F35027} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\SymErr.exe [2014-01-30] (Symantec Corporation)
    Task: {6FF67D00-107B-4F30-84B0-980015A433F4} - System32\Tasks\{675D32C3-18FD-4D8A-8E46-2297121CC42B} => pcalua.exe -a E:\Setup.exe -d E:\
    Task: {82FDBCDC-E25F-4386-984F-FBEB836407E9} - System32\Tasks\4800 => Wscript.exe C:\Users\Sharon\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
    Task: {8A098427-0FE1-4E60-B86A-202C5E329AE9} - System32\Tasks\{1B88003D-31E9-4326-9CB5-8E2040A38861} => pcalua.exe -a C:\Users\Sharon\Downloads\Install+InteGrade+Pro.exe -d "C:\Program Files (x86)\Verizon Wireless\VZAccess Manager"
    Task: {8A7DFAEB-0AAB-4B21-A767-3AD56DE1A768} - System32\Tasks\Microsoft\Windows\RestartManager\{B996929D-C3A1-48f6-8FF4-82FB9820208F} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
    Task: {929C5E84-87BC-4E64-857B-FFD8C1163BAD} - System32\Tasks\{B88DC021-9523-49D4-8FEB-B8D25A597735} => pcalua.exe -a C:\Users\Sharon\Desktop\Install+InteGrade+Pro.exe -d C:\Users\Sharon
    Task: {9B98581A-EDC8-4D50-8608-98FE3BDD2EC3} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\SymErr.exe [2014-01-30] (Symantec Corporation)
    Task: {ABED0FE4-1EE2-401E-85D8-72615DECBA8E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
    Task: {C5BB8BF2-CC98-461F-9F01-5B1298539C21} - System32\Tasks\{538603FA-4BA4-4868-8B99-1D5631D4BD33} => pcalua.exe -a E:\installers\flashplayer6_winax.exe -d E:\installers
    Task: {D1CE7DFD-6BDF-4A84-9CB2-F250E9AD8501} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {D1D06055-CDA6-4E52-B617-1AF8202DC27F} - System32\Tasks\RocketTab => cmd.exe /C start "" "C:\Program Files (x86)\Search Extensions\Client.exe" /Preferred=true <==== ATTENTION
    Task: {E1C942AA-3D24-4B89-BD79-22E3FE26969F} - System32\Tasks\{E54D219F-E70B-4928-9EDE-357F0DD36659} => pcalua.exe -a E:\installers\QuickTimeInstaller.exe -d E:\installers
    Task: {E5054436-69C0-4DA0-A8D4-438CD4B7770C} - System32\Tasks\Microsoft\Windows\RestartManager\{AA7EDFF4-7384-4477-AF3A-A1924C98002C} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
    Task: {E723571C-E8E3-4410-B223-DFC4F8FE6389} - System32\Tasks\{8350FDCE-B14C-4ADC-941C-D2F1176003D7} => pcalua.exe -a c:\Users\Public\Downloads\Delicious.exe
    Task: {EA290F2E-ECA6-4D9A-84C6-5C072C9B8E24} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\WSCStub.exe [2014-07-31] (Symantec Corporation)
    Task: {EB58133F-92DB-40C5-8DDF-3316F57D4996} - System32\Tasks\LuckyTab => C:\Program Files (x86)\LuckyTab\LuckyTab.exe [2015-04-02] (http://lucky-tab.com/) <==== ATTENTION
    Task: {ED0FD591-5EED-45AE-AEC8-98C3DA7A6816} - System32\Tasks\{364D74D1-1D31-4EB5-AA26-03439C1372A3} => pcalua.exe -a "C:\IGPRO\Uninstall InteGrade Pro 9.4.exe"
    Task: {F2440F18-E4DC-467F-9ECB-5193123E8615} - System32\Tasks\RocketTab Update Task => C:\Program Files (x86)\Search Extensions\uninstall.exe <==== ATTENTION
    Task: {F6D82A8A-1D77-4639-B205-7D58FED53EE0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15] (Adobe Systems Incorporated)
    Task: {FF61C71C-120F-4EC8-934F-F852707F7D6D} - System32\Tasks\Microsoft\Windows\RestartManager\{345A4DBD-6A6A-40d4-A83C-ACE64CAE2F78} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (Whitelisted) ==============

    2015-04-02 22:12 - 2015-03-25 16:43 - 00282488 _____ () C:\Program Files\shopperz\grunt.exe
    2015-04-02 22:12 - 2015-03-25 16:43 - 01446264 _____ () C:\Program Files\shopperz\csrcc.exe
    2013-10-30 02:21 - 2013-10-30 02:21 - 02561088 _____ () C:\Program Files (x86)\IDMSQ\idmsq.exe
    2012-02-01 12:11 - 2012-02-01 12:11 - 00203776 _____ () C:\Program Files (x86)\Amazon Browser Bar\ToolbarUpdaterService.exe
    2015-05-14 22:50 - 2015-05-14 22:50 - 00472576 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_64\VistaBridgeLibrary\90ca23bba6253753991d9353147ba6a9\VistaBridgeLibrary.ni.dll
    2013-07-24 15:59 - 2010-03-30 10:37 - 00245248 _____ () C:\Program Files (x86)\USB Optical Mouse\USB Optical Mouse\MouseHid.exe
    2014-02-18 09:32 - 2014-02-18 09:32 - 01102336 _____ () C:\Program Files (x86)\MyPC Backup\x64\System.Data.SQLite.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\Windows:AstInfo
    AlternateDataStreams: C:\ProgramData\TEMP:F2721624

    ==================== Safe Mode (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-2719491577-406441165-2934950541-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Sharon\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
    DNS Servers: Media is not connected to internet.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SMART Board Tools.lnk => C:\Windows\pss\SMART Board Tools.lnk.CommonStartup
    MSCONFIG\startupfolder: C:^Users^Sharon^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MyPC Backup.lnk => C:\Windows\pss\MyPC Backup.lnk.Startup
    MSCONFIG\startupreg: 023c03038d1e8d0dd5b29cacacce04d0 => C:\Users\Public\DOWNLO~1\HOSPIT~1.EXE /r
    MSCONFIG\startupreg: AOL Dialer => C:\Program Files (x86)\Common Files\AOL\ACS\AOlDial.exe
    MSCONFIG\startupreg: AOLDialer => "C:\Program Files (x86)\Common Files\AOL\ACS\AOLDial.exe"
    MSCONFIG\startupreg: Dell Webcam Central => "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2
    MSCONFIG\startupreg: Easy Dock => C:\Users\Sharon\Documents\RCA easyRip\EZDock.exe
    MSCONFIG\startupreg: Exetender => "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
    MSCONFIG\startupreg: Free Download Manager => "C:\Program Files (x86)\Free Download Manager\fdm.exe" -autorun
    MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    MSCONFIG\startupreg: LXCFCATS => rundll32 C:\Windows\system32\spool\DRIVERS\x64\3\LXCFtime.dll,_RunDLLEntry@16
    MSCONFIG\startupreg: MyWebSearch Email Plugin => C:\PROGRA~2\MYWEBS~1\bar\2.bin\mwsoemon.exe
    MSCONFIG\startupreg: OutfoxTV => C:\Program Files\OutfoxTV\OutfoxTV\DesktopContainer.exe
    MSCONFIG\startupreg: RealTray => "C:\Program Files (x86)\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
    MSCONFIG\startupreg: SMART Board Service => C:\Program Files (x86)\SMART Technologies Inc\SMART Board Software\SMARTBoardService.exe
    MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    MSCONFIG\startupreg: WMPNSCFG => C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
    FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
    FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
    FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
    FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
    FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
    FirewallRules: [{C80768D3-8C2A-4473-8E99-9B6D791E0995}] => (Allow) C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe
    FirewallRules: [{B45FDCDF-6573-4E5A-B10F-190DB239E24A}] => (Allow) C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe
    FirewallRules: [{7CD3BDE3-30E2-477A-A362-1C0315013352}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
    FirewallRules: [{FDAED6D0-A7F3-47DE-94B6-03537917DD61}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    FirewallRules: [{87D751FE-2703-4D79-9410-31D88217327A}] => (Allow) svchost.exe
    FirewallRules: [{8F73DF9B-5072-4CD9-932A-9B6881BDFDD9}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
    FirewallRules: [{505720E6-5158-4A4C-93BE-DA8C98CEDF05}] => (Allow) C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe
    FirewallRules: [{F27585D3-6F5C-449B-BC9E-5A37715E183C}] => (Allow) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    FirewallRules: [{7D6786D5-D9BD-4199-B50D-67C7567481DD}] => (Allow) C:\Program Files (x86)\Common Files\AOL\ACS\AOLacsd.exe
    FirewallRules: [{A3E33759-72D2-4E27-9942-37F6AC94DC5E}] => (Allow) C:\Program Files (x86)\Common Files\AOL\ACS\AOLacsd.exe
    FirewallRules: [{C8442DD9-C952-4261-B157-1B122BE8849E}] => (Allow) C:\Program Files (x86)\Common Files\AOL\ACS\AOLDial.exe
    FirewallRules: [{061B659F-E4E1-4D0B-98C7-BB89C1F5195D}] => (Allow) C:\Program Files (x86)\Common Files\AOL\ACS\AOLDial.exe
    FirewallRules: [{564FA226-DB5F-4C92-B413-0B2951B5C1C8}] => (Allow) C:\Program Files (x86)\Common Files\AOL\ACS\AOLDial.exe
    FirewallRules: [{8C7DF8C1-EEB4-421C-A266-5D54A4B3554E}] => (Allow) C:\Program Files (x86)\Common Files\AOL\ACS\AOLacsd.exe
    FirewallRules: [{1831478F-5C39-4C47-BDE5-555A908D345D}] => (Allow) C:\Program Files (x86)\Common Files\AOL\ACS\AOLDial.exe
    FirewallRules: [{4145F0E4-7E2B-4FA4-9485-E5C548039C4F}] => (Allow) C:\Program Files (x86)\Common Files\AOL\ACS\AOLacsd.exe
    FirewallRules: [{CD056739-1E30-4FE9-9CDF-AEB826E18C5E}] => (Allow) C:\Program Files (x86)\AOL\RC\regclient.exe
    FirewallRules: [{86836D87-42B8-4CAA-A2B3-7D2B0BA5AEF5}] => (Allow) C:\Program Files (x86)\AOL\RC\regclient.exe
    FirewallRules: [{11B1DA10-6608-43B4-8562-194DBC6E6BC0}] => (Allow) C:\Program Files (x86)\Common Files\AOL\ACS\AOLDial.exe
    FirewallRules: [{01490CA1-4E78-4ADC-ACA2-BF4F2FF1304C}] => (Allow) C:\Program Files (x86)\Common Files\AOL\ACS\AOLDial.exe
    FirewallRules: [{2A7C505A-F638-4132-B694-B2C5F71A8444}] => (Allow) C:\Program Files (x86)\Common Files\AOL\ACS\AOLacsd.exe
    FirewallRules: [{3E307648-4115-4E99-A8AC-AB6DBAC7EB0E}] => (Allow) C:\Program Files (x86)\Common Files\AOL\ACS\AOLacsd.exe
    FirewallRules: [{09E2E17B-764D-4F8D-8853-006E705EE3D3}] => (Allow) C:\Program Files (x86)\Common Files\AOL\1248711395\ee\aolsoftware.exe
    FirewallRules: [{5871F8EC-8899-467E-A8A3-FE4D8687ED5B}] => (Allow) C:\Program Files (x86)\Common Files\AOL\1248711395\ee\aolsoftware.exe
    FirewallRules: [{33836889-7EB3-48E1-A89A-40D07F7B0E6D}] => (Allow) C:\Program Files (x86)\AOL 9.0\waol.exe
    FirewallRules: [{534CC5BD-A273-4ADC-9911-6776635932E3}] => (Allow) C:\Program Files (x86)\AOL 9.0\waol.exe
    FirewallRules: [{45A4BA32-3771-4A41-94E3-A7DF845E0003}] => (Allow) C:\Program Files (x86)\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe
    FirewallRules: [{B404E563-856C-4602-834F-85AF59F4DC72}] => (Allow) C:\Program Files (x86)\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe
    FirewallRules: [{A20C28A2-A2ED-4454-A3AB-D504005EC9E1}] => (Allow) C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe
    FirewallRules: [{BD8B7354-4A54-4EE9-89D2-8098A085291B}] => (Allow) C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe
    FirewallRules: [{40710B0A-E2AA-45C5-82B5-7CE5AA634EE4}] => (Allow) C:\Program Files (x86)\Common Files\AOL\System Information\sinf.exe
    FirewallRules: [{E8ABE5BE-2E47-4A1A-BA08-4EDFBFA6F338}] => (Allow) C:\Program Files (x86)\Common Files\AOL\System Information\sinf.exe
    FirewallRules: [{DBDC2C5B-528A-45FA-91B7-BF8AD770AD3F}] => (Allow) C:\Program Files (x86)\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe
    FirewallRules: [{0FBA3A53-6778-4AA2-9556-9335183F77D9}] => (Allow) C:\Program Files (x86)\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe
    FirewallRules: [{22C75BBF-E03C-4B35-8052-02B557D4CD07}] => (Allow) C:\Program Files (x86)\Common Files\AOL\AOL Spyware Protection\asp.exe
    FirewallRules: [{0D915D35-A04F-48EA-8736-49129B25E29D}] => (Allow) C:\Program Files (x86)\Common Files\AOL\AOL Spyware Protection\asp.exe
    FirewallRules: [{30D23461-EEE1-4CD8-A568-E56E5D23DBA4}] => (Allow) C:\Program Files (x86)\LimeWire\LimeWire.exe
    FirewallRules: [{3E808881-FA60-4DDA-848C-96B4ED52331F}] => (Allow) C:\Program Files (x86)\LimeWire\LimeWire.exe
    FirewallRules: [{C524B983-BCC2-4811-B31A-7841F91EF52C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{B7618D51-CA96-441C-B04A-C3179CC6053E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{301B41E7-0EF2-412C-A49D-38202575D1D5}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
    FirewallRules: [{CB27BA2A-288D-4B9E-8F00-E3D9B1F272D5}] => (Allow) LPort=80
    FirewallRules: [{67CDF4AB-7FD1-4FE2-8093-0C1C232ED996}] => (Allow) LPort=80
    FirewallRules: [{CAD0A9E3-D32E-4DC4-B07F-2FF13655577E}] => (Allow) LPort=80
    FirewallRules: [{3055FC9F-9E08-4D3F-A395-913D5BB9E64A}] => (Allow) C:\Program Files (x86)\Farming Simulator 2011\FarmingSimulator2011.exe
    FirewallRules: [{F2C87E43-623A-4352-9DE9-83707E641026}] => (Allow) C:\Program Files (x86)\Farming Simulator 2011\FarmingSimulator2011.exe
    FirewallRules: [{AD399591-E989-4087-A494-E902A2869799}] => (Allow) C:\Program Files (x86)\Farming Simulator 2011\game.exe
    FirewallRules: [{87B32AA9-0D09-4B50-9BF1-965239F4EA85}] => (Allow) C:\Program Files (x86)\Farming Simulator 2011\game.exe
    FirewallRules: [{E1AB8E18-FA31-41FB-8EAD-3CBFA7E4082B}] => (Allow) LPort=135
    FirewallRules: [{1FC8C2EA-D21F-48EE-B4B6-1D94ACAC4A16}] => (Allow) LPort=5000
    FirewallRules: [{820F01B8-04D3-4AAF-A748-EC760EC8C83B}] => (Allow) LPort=5001
    FirewallRules: [{6C36A468-4C8F-4104-84B6-85A52A1E3762}] => (Allow) LPort=5002
    FirewallRules: [{7A16EB2C-32E6-40BC-BC53-6B67CC4CFF19}] => (Allow) LPort=5003
    FirewallRules: [{0263A0BD-1F8A-452C-9CE8-E0DED8AD9C67}] => (Allow) LPort=5004
    FirewallRules: [{FA764A1A-67B9-46D3-9852-4B8523FDAB48}] => (Allow) LPort=5005
    FirewallRules: [{96D402F7-7E35-4897-8CF0-6785D6F5ED81}] => (Allow) LPort=5006
    FirewallRules: [{BFCD3F31-071A-473D-8746-72D375B08C68}] => (Allow) LPort=5007
    FirewallRules: [{1903D871-8E35-4F7B-ABDA-A2B3558040C3}] => (Allow) LPort=5008
    FirewallRules: [{40ADD263-CBEA-4CF8-A05C-91CD4F358ED0}] => (Allow) LPort=5009
    FirewallRules: [{885F41FA-7EB7-40AE-AB18-B6B241093287}] => (Allow) LPort=5010
    FirewallRules: [{967CEEB3-C08C-4DB5-9249-9EC34895867E}] => (Allow) LPort=5011
    FirewallRules: [{A547315E-2472-4CDC-A648-7868CF466974}] => (Allow) LPort=5012
    FirewallRules: [{36CECDBB-87EF-4C9D-BF31-938A3759F681}] => (Allow) LPort=5013
    FirewallRules: [{C74295ED-427E-4E0E-BE72-EC5E4281592D}] => (Allow) LPort=5014
    FirewallRules: [{EBB77895-2186-4DE8-87DA-02A1CAF41E84}] => (Allow) LPort=5015
    FirewallRules: [{BA6202D4-59E0-4922-B897-8739F6023F39}] => (Allow) LPort=5016
    FirewallRules: [{1C6D36DA-B843-4974-B3CD-F003E36E8901}] => (Allow) LPort=5017
    FirewallRules: [{833B570E-7566-483A-82FA-5FE55A7C0C86}] => (Allow) LPort=5018
    FirewallRules: [{2EE92E7C-1DE0-426C-AF4D-E9AC04D4361F}] => (Allow) LPort=5019
    FirewallRules: [{1A9F27C6-1DDE-4650-9B17-BDC6FB2163D3}] => (Allow) LPort=5020
    FirewallRules: [{29F3971B-0E95-4729-BBA6-4174BF407BFD}] => (Allow) C:\Windows\System32\lxcfcoms.exe
    FirewallRules: [{DAD3454C-06EB-4EA8-8ADF-8B989EABDC7A}] => (Allow) C:\Windows\System32\lxcfcoms.exe
    FirewallRules: [{9B4BAFFE-99B0-4B56-B681-D818C641F0BF}] => (Allow) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\LeapfrogConnect.exe
    FirewallRules: [{4912D6FE-AA40-4880-BE54-596F8834601A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{4FC83800-F0E0-4085-9250-76B83D8D7014}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{1F673248-AD11-4D94-BB2E-892D0A5CC38B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Farming Simulator 2013\FarmingSimulator2013Game.exe
    FirewallRules: [{322E2F16-08B0-43FC-A64B-1619140977CF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Farming Simulator 2013\FarmingSimulator2013Game.exe
    FirewallRules: [{B3977BC1-0E24-40AA-A3EB-B97A7D0D0A23}] => (Allow) C:\Users\Sharon\AppData\Local\Temp\Temp1_Tessellation-worksheets-printable.zip\Tessellation-worksheets-printable.exe
    FirewallRules: [{BE6D7893-CED8-4D60-BE46-3276E8D201B8}] => (Allow) C:\Users\Sharon\AppData\Local\Temp\Temp1_Tessellation-worksheets-printable.zip\Tessellation-worksheets-printable.exe
    FirewallRules: [{35924B7B-D9E3-4BFF-8E3B-F3C17F1E6B91}] => (Allow) C:\Program Files (x86)\SmileFiles\SmileFiles.exe
    FirewallRules: [{47A38765-23AD-405D-832C-D71D1C487A8E}] => (Allow) C:\Program Files (x86)\SmileFiles\SmileFiles.exe
    FirewallRules: [{F4FFC19E-B9B9-4526-8935-FE04530043BF}] => (Allow) C:\Program Files (x86)\SmileFiles\downloader.exe
    FirewallRules: [{7AB0B1A9-258C-4139-B043-EE6CC4C5D428}] => (Allow) C:\Program Files (x86)\SmileFiles\downloader.exe
    FirewallRules: [{73FC0D4F-5D9D-4D78-98F7-373C0DA1CF79}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

  3. #3
    Join Date
    May 2001
    Location
    to close to Washington D.C.
    Posts
    2,269
    ==================== Faulty Device Manager Devices =============

    Name: 6TO4 Adapter
    Description: Microsoft 6to4 Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

    Name: Microsoft 6to4 Adapter #2
    Description: Microsoft 6to4 Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

    Name: Microsoft 6to4 Adapter #2
    Description: Microsoft 6to4 Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

    Name: 6TO4 Adapter
    Description: Microsoft 6to4 Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

    Name: 6TO4 Adapter
    Description: Microsoft 6to4 Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

    Name: 6TO4 Adapter
    Description: Microsoft 6to4 Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

    Name: Microsoft 6to4 Adapter #4
    Description: Microsoft 6to4 Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
    Resolution: Update the driver

    Name: 6TO4 Adapter
    Description: Microsoft 6to4 Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

    Name: 6TO4 Adapter
    Description: Microsoft 6to4 Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

    Name: 6TO4 Adapter
    Description: Microsoft 6to4 Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

    Name: 6TO4 Adapter
    Description: Microsoft 6to4 Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

    Name: isatap.{1FCB182A-12FA-4842-808B-3A07261C76AA}
    Description: Microsoft ISATAP Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

    Name: Microsoft ISATAP Adapter #3
    Description: Microsoft ISATAP Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

    Name: Microsoft ISATAP Adapter #4
    Description: Microsoft ISATAP Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

    Name: Microsoft ISATAP Adapter #5
    Description: Microsoft ISATAP Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

    Name: isatap.{1FCB182A-12FA-4842-808B-3A07261C76AA}
    Description: Microsoft ISATAP Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

    Name: isatap.{4F4DADB4-1297-48E9-85DD-02287C3B56C8}
    Description: Microsoft ISATAP Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

    Name: isatap.{0117A9A3-1105-43CB-9A3F-7E8A0251FE52}
    Description: Microsoft ISATAP Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

    Name: isatap.{7F5041D8-4744-4955-864E-D9F50CC62899}
    Description: Microsoft ISATAP Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

    Name: isatap.{D18DF46B-E1F9-4524-833C-499EDC96B500}
    Description: Microsoft ISATAP Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

    Name: isatap.{FB0445DD-ADF1-4BC8-BD18-761A264128E1}
    Description: Microsoft ISATAP Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

    Name: isatap.{FB0445DD-ADF1-4BC8-BD18-761A264128E1}
    Description: Microsoft ISATAP Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

    Name: isatap.{FB0445DD-ADF1-4BC8-BD18-761A264128E1}
    Description: Microsoft ISATAP Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

    Name: isatap.{FB0445DD-ADF1-4BC8-BD18-761A264128E1}
    Description: Microsoft ISATAP Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

    Name: isatap.{FB0445DD-ADF1-4BC8-BD18-761A264128E1}
    Description: Microsoft ISATAP Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

    Name: isatap.{FB0445DD-ADF1-4BC8-BD18-761A264128E1}
    Description: Microsoft ISATAP Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (06/07/2015 09:56:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (05/28/2015 04:45:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (05/25/2015 06:56:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (05/25/2015 00:54:33 PM) (Source: MsiInstaller) (EventID: 11606) (User: NT AUTHORITY)
    Description: Product: Search App by Ask -- Error 1606. Could not access network location %APPDATA%\.

    Error: (05/25/2015 00:54:33 PM) (Source: MsiInstaller) (EventID: 11606) (User: NT AUTHORITY)
    Description: Product: Search App by Ask -- Error 1606. Could not access network location %APPDATA%\.

    Error: (05/25/2015 00:53:00 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application rundll32.exe, version 6.0.6000.16386, time stamp 0x4549bb52, faulting module ntdll.dll, version 6.0.6002.19346, time stamp 0x55023e3e, exception code 0xc0000005, fault offset 0x00000000000253ba,
    process id 0x1394, application start time 0xrundll32.exe0.

    Error: (05/25/2015 08:48:30 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (05/24/2015 08:53:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (05/24/2015 11:53:36 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (05/23/2015 09:06:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


    System errors:
    =============
    Error: (06/07/2015 09:57:32 PM) (Source: Application Popup) (EventID: 1060) (User: )
    Description: \??\C:\Program Files (x86)\GameTap Web Player\bin\Release\X4HSX has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

    Error: (06/07/2015 09:57:33 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: hlnfd

    Error: (06/07/2015 09:57:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: X5XSEx%%3

    Error: (06/07/2015 09:57:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: X4HSX32%%1275

    Error: (06/07/2015 09:56:58 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: PDF Suite 2010 Service%%2147500037

    Error: (06/07/2015 09:56:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: OutfoxTvService%%2

    Error: (06/07/2015 09:56:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: BTHelper.exe%%2

    Error: (06/07/2015 09:56:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: ASCTRM%%1275

    Error: (06/07/2015 09:55:14 PM) (Source: Application Popup) (EventID: 1060) (User: )
    Description: \SystemRoot\SysWow64\Drivers\ASCTRM.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

    Error: (05/30/2015 11:51:13 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: PDF Suite 2010 Service%%2147500037


    Microsoft Office:
    =========================

  4. #4
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Please, observe following rules:

    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.



    ==========================

    Running from F:\
    Please move FRST to correct location - Desktop.

    Uninstall following unwanted programs:

    Download Updater
    My Web Search
    MyPC Backup
    PriiCeeLeesss
    RocketTab
    SavingsBull
    Search App by Ask
    shopperz
    youtubeadblocker


    Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2


    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again



    Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
    NOTE. If you already have MBAM 2.0 installed scroll down.


    • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to the following:


      • Launch Malwarebytes Anti-Malware
      • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.


    • Click Finish.
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.




    If you already have MBAM 2.0 installed:


    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.



    How to get logs:
    (Export log to save as txt)



    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Export'.
    • Click 'Text file (*.txt)'
    • In the Save File dialog box which appears, click on Desktop.
    • In the File name: box type a name for your scan log.
    • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
    • Click Ok
    • Attach that saved log to your next reply.




    (Copy to clipboard for pasting into forum replies or tickets)


    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Copy to Clipboard'
    • Paste the contents of the clipboard into your reply.



    Please download AdwCleaner by Xplode onto your desktop.

    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.



    Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

  5. #5
    Join Date
    May 2001
    Location
    to close to Washington D.C.
    Posts
    2,269

    rkreport.txt

    RogueKiller V10.8.1.0 [Jun 3 2015] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version
    Started in : Normal mode
    User : Sharon [Administrator]
    Started from : C:\Users\Sharon\Desktop\RogueKiller.exe
    Mode : Delete -- Date : 06/09/2015 20:43:00

    ¤¤¤ Processes : 1 ¤¤¤
    [PUP] (SVC) Updater Service for AMZN -- C:\Program Files (x86)\Amazon Browser Bar\ToolbarUpdaterService.exe[-] -> Stopped

    ¤¤¤ Registry : 51 ¤¤¤
    [PUP] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5081D2D4-1637-404c-B74F-50526718257D} (C:\Program Files\shopperz\mseff64.dll) -> Not selected
    [PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} -> Not selected
    [PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10AD2C61-0898-4348-8600-14A342F22AC3} -> Not selected
    [PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3AA4FC9D-FB51-44a2-B09F-0457857CA7C2} -> Not selected
    [PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5081D2D4-1637-404c-B74F-50526718257D} (C:\Program Files\shopperz\mseff64.dll) -> Not selected
    [PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} -> Not selected
    [PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} -> Not selected
    [PUP] (X86) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar | {D7E97865-918F-41E4-9CD0-25AB1C574CE8} : -> Not selected
    [PUP] (X86) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar | {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} : Funmoods Toolbar -> Not selected
    [PUP] (X64) HKEY_USERS\S-1-5-21-2719491577-406441165-2934950541-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser | {D7E97865-918F-41E4-9CD0-25AB1C574CE8} : -> Not selected
    [PUP] (X64) HKEY_USERS\S-1-5-21-2719491577-406441165-2934950541-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser | {D4027C7F-154A-4066-A1AD-4243D8127440} : -> Not selected
    [PUP] (X64) HKEY_USERS\S-1-5-21-2719491577-406441165-2934950541-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser | {4B3803EA-5230-4DC3-A7FC-33638F3D3542} : -> Not selected
    [PUP] (X64) HKEY_USERS\S-1-5-21-2719491577-406441165-2934950541-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser | {30F9B915-B755-4826-820B-08FBA6BD249D} : -> Not selected
    [PUP] (X64) HKEY_USERS\S-1-5-21-2719491577-406441165-2934950541-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser | {4F524A2D-5350-4500-76A7-7A786E7484D7} : -> Not selected
    [PUP] (X86) HKEY_USERS\S-1-5-21-2719491577-406441165-2934950541-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser | {D7E97865-918F-41E4-9CD0-25AB1C574CE8} : -> Not selected
    [PUP] (X86) HKEY_USERS\S-1-5-21-2719491577-406441165-2934950541-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser | {D4027C7F-154A-4066-A1AD-4243D8127440} : -> Not selected
    [PUP] (X86) HKEY_USERS\S-1-5-21-2719491577-406441165-2934950541-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser | {4B3803EA-5230-4DC3-A7FC-33638F3D3542} : -> Not selected
    [PUP] (X86) HKEY_USERS\S-1-5-21-2719491577-406441165-2934950541-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser | {30F9B915-B755-4826-820B-08FBA6BD249D} : -> Not selected
    [PUP] (X86) HKEY_USERS\S-1-5-21-2719491577-406441165-2934950541-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser | {4F524A2D-5350-4500-76A7-7A786E7484D7} : -> Not selected
    [PUP] (X64) HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks | {D8278076-BC68-4484-9233-6E7F1628B56C} : -> Not selected
    [PUP] (X86) HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks | {D8278076-BC68-4484-9233-6E7F1628B56C} : -> Not selected
    [PUP] (X64) HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks | {D8278076-BC68-4484-9233-6E7F1628B56C} : -> Not selected
    [PUP] (X86) HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks | {D8278076-BC68-4484-9233-6E7F1628B56C} : -> Not selected
    [Hj.RegVal] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_D_C2BB\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell : cmd.exe /k start cmd.exe -> Replaced (explorer.exe)
    [Hj.RegVal] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_D_C2BB\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell : cmd.exe /k start cmd.exe -> Replaced (explorer.exe)
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\cherimoya (system32\drivers\cherimoya.sys) -> Not selected
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\hlnfd (system32\drivers\hlnfd.sys) -> Not selected
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SWDUMon (system32\DRIVERS\SWDUMon.sys) -> Not selected
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Updater Service for AMZN (C:\Program Files (x86)\Amazon Browser Bar\ToolbarUpdaterService.exe) -> Not selected
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cherimoya (system32\drivers\cherimoya.sys) -> Not selected
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hlnfd (system32\drivers\hlnfd.sys) -> Not selected
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SWDUMon (system32\DRIVERS\SWDUMon.sys) -> Not selected
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Updater Service for AMZN (C:\Program Files (x86)\Amazon Browser Bar\ToolbarUpdaterService.exe) -> Not selected
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\BackupStack (C:\Program Files (x86)\MyPC Backup\BackupStack.exe) -> Not selected
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\cherimoya (system32\drivers\cherimoya.sys) -> Not selected
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\hlnfd (system32\drivers\hlnfd.sys) -> Not selected
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SWDUMon (system32\DRIVERS\SWDUMon.sys) -> Not selected
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Updater Service for AMZN (C:\Program Files (x86)\Amazon Browser Bar\ToolbarUpdaterService.exe) -> Not selected
    [PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.aol.com -> Not selected
    [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2719491577-406441165-2934950541-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.search.ask.com/?tpid=ORJ-SPE&o=APN11405&pf=V7&trgb=IE&p2=%5EBBD%5EOSJ000%5EYY%5EUS&gct=hp&apn_ptnrs=BBD&apn_dtid=%5EOSJ000%5EYY%5EUS&apn_dbr=ie_9.0.8112.16563&apn_uid=08FE773B-9F99-4EE4-9C0C-BEECA4C796BB&itbv=12.15.5.30&doi=2014-08-23&psv=&pt=tb -> Not selected
    [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2719491577-406441165-2934950541-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.search.ask.com/?tpid=ORJ-SPE&o=APN11405&pf=V7&trgb=IE&p2=%5EBBD%5EOSJ000%5EYY%5EUS&gct=hp&apn_ptnrs=BBD&apn_dtid=%5EOSJ000%5EYY%5EUS&apn_dbr=ie_9.0.8112.16563&apn_uid=08FE773B-9F99-4EE4-9C0C-BEECA4C796BB&itbv=12.15.5.30&doi=2014-08-23&psv=&pt=tb -> Not selected
    [PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-2719491577-406441165-2934950541-1000\Software\Microsoft\Internet Explorer\Main | Search Page : -> Not selected
    [PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-2719491577-406441165-2934950541-1000\Software\Microsoft\Internet Explorer\Main | Search Page : -> Not selected
    [PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-2719491577-406441165-2934950541-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Not selected
    [PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-2719491577-406441165-2934950541-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1DF40FBB-8956-468D-B165-4666D3CD41E3} | DhcpNameServer : 10.13.1.3 205.174.118.35 [X][X] -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{FB0445DD-ADF1-4BC8-BD18-761A264128E1} | DhcpNameServer : 198.224.190.135 198.224.191.135 [X][X] -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{1DF40FBB-8956-468D-B165-4666D3CD41E3} | DhcpNameServer : 10.13.1.3 205.174.118.35 [X][X] -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{FB0445DD-ADF1-4BC8-BD18-761A264128E1} | DhcpNameServer : 198.224.190.135 198.224.191.135 [X][X] -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{1DF40FBB-8956-468D-B165-4666D3CD41E3} | DhcpNameServer : 10.13.1.3 205.174.118.35 [X][X] -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{FB0445DD-ADF1-4BC8-BD18-761A264128E1} | DhcpNameServer : 198.224.190.135 198.224.191.135 [X][X] -> Not selected

    ¤¤¤ Tasks : 1 ¤¤¤
    [Suspicious.Path] \\4800 -- wscript.exe (C:\Users\Sharon\AppData\Local\Temp\launchie.vbs //B) -> Not selected

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ Hosts File : 3 ¤¤¤
    [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
    [C:\Windows\System32\drivers\etc\hosts] ::1 localhost
    [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 d3oxij66pru1i3.cloudfront.net

    ¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: +++++
    --- User ---
    [MBR] 86d382effffc19d235afa543bf73762c
    [BSP] 162060bb474056eae6dde76395768ebf : HP MBR Code
    Partition table:
    0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 78 MB
    1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 161792 | Size: 15360 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    2 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 31619072 | Size: 461500 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive1: +++++
    --- User ---
    [MBR] a124dc1f32b91ceacb765c7a5ad6ec2e
    [BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
    Partition table:
    0 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 32 | Size: 15266 MB
    User = LL1 ... OK
    Error reading LL2 MBR! ([32] The request is not supported. )


    ============================================
    RKreport_SCN_06092015_195403.log

  6. #6
    Join Date
    May 2001
    Location
    to close to Washington D.C.
    Posts
    2,269
    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 6/9/2015
    Scan Time: 8:56:18 PM
    Logfile: mbam application history.txt
    Administrator: Yes

    Version: 2.01.6.1022
    Malware Database: v2015.06.09.06
    Rootkit Database: v2015.06.02.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows Vista Service Pack 2
    CPU: x64
    File System: NTFS
    User: Sharon

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 387803
    Time Elapsed: 57 min, 45 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)

  7. #7
    Join Date
    May 2001
    Location
    to close to Washington D.C.
    Posts
    2,269
    # AdwCleaner v4.206 - Logfile created 09/06/2015 at 22:10:36
    # Updated 01/06/2015 by Xplode
    # Database : 2015-06-09.1 [Server]
    # Operating system : Windows (TM) Vista Home Premium Service Pack 2 (x64)
    # Username : Sharon - SHARON-PC
    # Running from : C:\Users\Sharon\Desktop\3adwcleaner_4.206.exe
    # Option : Cleaning

    ***** [ Services ] *****

    [#] Service Deleted : cherimoya
    [#] Service Deleted : hlnfd
    [#] Service Deleted : Updater Service for AMZN
    [#] Service Deleted : swdumon

    ***** [ Files / Folders ] *****

    [!] Folder Deleted : C:\ProgramData\apn
    [!] Folder Deleted : C:\ProgramData\Babylon
    [!] Folder Deleted : C:\ProgramData\Conduit
    [!] Folder Deleted : C:\ProgramData\GameTap Web Player
    [!] Folder Deleted : C:\ProgramData\Systweak
    [!] Folder Deleted : C:\ProgramData\Tarma Installer
    [!] Folder Deleted : C:\ProgramData\Trymedia
    [!] Folder Deleted : C:\ProgramData\Viewpoint
    [!] Folder Deleted : C:\ProgramData\Fighters
    [!] Folder Deleted : C:\ProgramData\FlashBeat
    [!] Folder Deleted : C:\ProgramData\{baa2739f-b6ce-a6c3-baa2-2739fb6cce7e}
    [!] Folder Deleted : C:\Program Files (x86)\AOL Toolbar
    [!] Folder Deleted : C:\Program Files (x86)\Ask.com
    [!] Folder Deleted : C:\Program Files (x86)\Conduit
    [!] Folder Deleted : C:\Program Files (x86)\FunWebProducts
    [!] Folder Deleted : C:\Program Files (x86)\IDMSQ
    [!] Folder Deleted : C:\Program Files (x86)\MyWebSearch
    [!] Folder Deleted : C:\Program Files (x86)\SavingsBull
    [!] Folder Deleted : C:\Program Files (x86)\Viewpoint
    [!] Folder Deleted : C:\Program Files (x86)\LuckyTab
    [!] Folder Deleted : C:\Program Files (x86)\SmileFilesUpdater
    [!] Folder Deleted : C:\Program Files (x86)\SmileFiles
    [!] Folder Deleted : C:\Program Files (x86)\MyWebSearch
    [!] Folder Deleted : C:\Program Files (x86)\Retrogamer_4wEI
    [!] Folder Deleted : C:\Program Files (x86)\Common Files\FreeCause
    [!] Folder Deleted : C:\Windows\Installer\{6DDE8071-E4BA-461B-8A96-990DFAA0EBD1}
    [!] Folder Deleted : C:\Program Files\AOL Toolbar
    [!] Folder Deleted : C:\Users\Sharon\AppData\Local\Conduit
    [!] Folder Deleted : C:\Users\Sharon\AppData\Local\NativeMessaging
    [!] Folder Deleted : C:\Users\Sharon\AppData\Local\PackageAware
    [!] Folder Deleted : C:\Users\Sharon\AppData\Local\TBHostSupport
    [!] Folder Deleted : C:\Users\Sharon\AppData\LocalLow\AskToolbar
    [!] Folder Deleted : C:\Users\Sharon\AppData\LocalLow\Conduit
    [!] Folder Deleted : C:\Users\Sharon\AppData\LocalLow\Funmoods
    [!] Folder Deleted : C:\Users\Sharon\AppData\LocalLow\FunWebProducts
    [!] Folder Deleted : C:\Users\Sharon\AppData\LocalLow\Inbox Toolbar
    [!] Folder Deleted : C:\Users\Sharon\AppData\LocalLow\MyWebSearch
    [!] Folder Deleted : C:\Users\Sharon\AppData\LocalLow\PriceGong
    [!] Folder Deleted : C:\Users\Sharon\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
    [!] Folder Deleted : C:\Users\Sharon\AppData\LocalLow\MyWebSearch
    [!] Folder Deleted : C:\Users\Sharon\AppData\LocalLow\Retrogamer_4wEI
    [!] Folder Deleted : C:\Users\Sharon\AppData\Roaming\Babylon
    [!] Folder Deleted : C:\Users\Sharon\AppData\Roaming\IDMSQ
    [!] Folder Deleted : C:\Users\Sharon\AppData\Roaming\Inbox Toolbar
    [!] Folder Deleted : C:\Users\Sharon\AppData\Roaming\iWin
    [!] Folder Deleted : C:\Users\Sharon\AppData\Roaming\OpenCandy
    [!] Folder Deleted : C:\Users\Sharon\AppData\Roaming\Systweak
    [!] Folder Deleted : C:\Users\Sharon\AppData\Roaming\SmileFiles
    [!] Folder Deleted : C:\Users\Sharon\AppData\Roaming\Microsoft\Windows\Start Menu\LuckyTab
    [!] Folder Deleted : C:\Users\Sharon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IDMSQ
    [!] Folder Deleted : C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm
    [!] Folder Deleted : C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohenffmfbnoidogjgebadealdkecjdal
    [!] Folder Deleted : C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
    File Deleted : C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ippkomaaonokjnfjoikaemidanojkfmm_0.localstorage
    File Deleted : C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ippkomaaonokjnfjoikaemidanojkfmm_0.localstorage-journal
    File Deleted : C:\END
    File Deleted : C:\Windows\Downloaded Program Files\popcaploader.inf
    File Deleted : C:\Windows\System32\Gambali64.dll
    File Deleted : C:\Windows\System32\drivers\swdumon.sys
    File Deleted : C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_photo.conduitapps.com_0.localstorage
    File Deleted : C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_photo.conduitapps.com_0.localstorage-journal
    File Deleted : C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_apps4u2.conduitapps.com_0.localstorage
    File Deleted : C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_apps4u2.conduitapps.com_0.localstorage-journal
    File Deleted : C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_myfriendsvideo5.conduitapps.com_0.localstorage
    File Deleted : C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_myfriendsvideo5.conduitapps.com_0.localstorage-journal
    File Deleted : C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_nortonsafe.search.ask.com_0.localstorage
    File Deleted : C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_nortonsafe.search.ask.com_0.localstorage-journal
    File Deleted : C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_photo.conduitapps.com_0.localstorage
    File Deleted : C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_photo.conduitapps.com_0.localstorage-journal

    ***** [ Scheduled tasks ] *****

    Task Deleted : Update Service SmileFiles

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ohenffmfbnoidogjgebadealdkecjdal
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
    Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
    Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
    Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
    Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
    Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
    Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
    Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
    Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
    Key Deleted : HKLM\Software\Classes\popcaploader.popcaploaderctrl2
    Key Deleted : HKLM\Software\Classes\popcaploader.popcaploaderctrl2.1
    Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
    Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
    Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
    Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\inbox
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
    Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll
    Key Deleted : HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss
    Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.XBTBPos00
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.XBTBPos00.1
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{425F4ABF-B8E4-402D-9E49-06E494EB8DBF}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{042DA63B-0933-403D-9395-B49307691690}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{37540F19-DD4C-478B-B2DF-C19281BCAF27}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3AA4FC9D-FB51-44A2-B09F-0457857CA7C2}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CF50C82-4C4B-43E9-B1B2-15CB1BD0C193}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7D8DAE88-BC05-4578-8C29-E541FFBA5757}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E4E3E0F8-CD30-4380-8CE9-B96904BDEFCA}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE8A736F-4124-4D9C-B4B1-3B12381EFABE}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C9C5DEAF-0A1F-4660-8279-9EDFAD6FEFE1}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CBEF8724-D080-4737-88DA-111EEC6651AA}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B5C4833B-847B-49CD-8EBE-CDD9B43C882F}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{14EF423E-3EE8-44AE-9337-07AC3F27B744}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FCE74B5F-13A9-47C3-B69E-5210C1EECBEF}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3AA4FC9D-FB51-44A2-B09F-0457857CA7C2}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{042DA63B-0933-403D-9395-B49307691690}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3AA4FC9D-FB51-44A2-B09F-0457857CA7C2}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{042DA63B-0933-403D-9395-B49307691690}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1E0DE227-5CE4-4EA3-AB0C-8B03E1AA76BC}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3AA4FC9D-FB51-44A2-B09F-0457857CA7C2}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8736C681-37A0-40C6-A0F0-4C083409151C}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3AA4FC9D-FB51-44A2-B09F-0457857CA7C2}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EBD24BD3-E272-4FA3-A8BA-C5D709757CAB}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B6}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3AA4FC9D-FB51-44A2-B09F-0457857CA7C2}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45DD-9B68-D6A12C30E5D7}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48DD-9B6D-7A13A3E42127}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40FD-8DAE-FF14757F60C7}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA}
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4B3803EA-5230-4DC3-A7FC-33638F3D3542}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
    Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
    Key Deleted : HKCU\Software\Alexa Internet
    Key Deleted : HKCU\Software\APN PIP
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\distromatic
    Key Deleted : HKCU\Software\MyWebSearch
    Key Deleted : HKCU\Software\systweak
    Key Deleted : HKCU\Software\YahooPartnerToolbar
    Key Deleted : HKCU\Software\SmileFiles
    Key Deleted : HKCU\Software\AppDataLow\PlaySushi
    Key Deleted : HKCU\Software\AppDataLow\Software\Compete
    Key Deleted : HKCU\Software\AppDataLow\Software\Freecause
    Key Deleted : HKCU\Software\AppDataLow\Software\MyWebSearch
    Key Deleted : HKCU\Software\AppDataLow\Software\Toolbar
    Key Deleted : HKCU\Software\AppDataLow\Software\Retrogamer_4wEI
    Key Deleted : HKLM\SOFTWARE\Babylon
    Key Deleted : HKLM\SOFTWARE\Conduit
    Key Deleted : HKLM\SOFTWARE\FocusInteractive
    Key Deleted : HKLM\SOFTWARE\Fun Web Products
    Key Deleted : HKLM\SOFTWARE\Inbox Toolbar
    Key Deleted : HKLM\SOFTWARE\MetaStream
    Key Deleted : HKLM\SOFTWARE\MyWebSearch
    Key Deleted : HKLM\SOFTWARE\PIP
    Key Deleted : HKLM\SOFTWARE\systweak
    Key Deleted : HKLM\SOFTWARE\Trymedia Systems
    Key Deleted : HKLM\SOFTWARE\Viewpoint
    Key Deleted : HKLM\SOFTWARE\{F2E9660B-98AF-42c0-8258-9CDDF07BF95D}
    Key Deleted : HKLM\SOFTWARE\Retrogamer_4wEI
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Update Service SmileFiles
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6DDE8071-E4BA-461B-8A96-990DFAA0EBD1}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{612AD33D-9824-4E87-8396-92374E91C4BB}_is1
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BrowserSafeGuard
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PlaySushi
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Update Service SmileFiles
    Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
    Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1C19AC53289098045B06B0DD1D37CBAB
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23D9E9D21B4E77E41B9F50DD22F24E20
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23EEA1F105A7F45449974D9B95E7AC89
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\26982796A8AFD1246B95E00265A95BF9
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\42D92D0D75AFEF74297E03876C8D9D33
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50FFE845C555A6E4BADB7CB7A145BFEB
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\715A3348920B6534690067594BB69F60
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7B7B13B037A7C2A42AC3E3EAF14D7107
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7D05B2942E9CC80499F397F6114DFB35
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8591B8948E1C4A04F90505B3CDEE8555
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8D841C5FEC311624CB88D49DB3884FA7
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AD04033484A18CA4CAB3EE59D39D756E
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AD746BF3B3B3FD8409B86604BA85982A
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F355F0DB7A2E3A14B8E7A568FBA25937
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1708EDD6AB4EB164A86999D0AF0ABE1D
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.com
    Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>

    ***** [ Web browsers ] *****

    -\\ Internet Explorer v9.0.8112.16644

    Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
    Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [SearchAssistant]
    Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [CustomizeSearch]
    Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [CustomizeSearch]

    -\\ Google Chrome v42.0.2311.135

    [C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
    [C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
    [C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : bbjciahceamgodcoidkjpchnokgfpphh
    [C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
    [C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb
    [C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : hgiifhjbblnglipdbpdgagphlcbililb
    [C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : ippkomaaonokjnfjoikaemidanojkfmm
    [C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : ohenffmfbnoidogjgebadealdkecjdal
    [C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : lccekmodgklaepjeofjdjpbminllajkg

    *************************

    AdwCleaner[R0].txt - [24479 bytes] - [09/06/2015 22:04:58]
    AdwCleaner[S0].txt - [22259 bytes] - [09/06/2015 22:10:42]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [22319 bytes] ##########

  8. #8
    Join Date
    May 2001
    Location
    to close to Washington D.C.
    Posts
    2,269
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.9.1 (06.08.2015:1)
    OS: Windows (TM) Vista Home Premium x64
    Ran by Sharon on Tue 06/09/2015 at 22:19:42.44
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Tasks



    ~~~ Registry Values

    Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4153492D-4700-A76A-76A7-7A786E7484D7}
    Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7846AE31-BEA2-438A-8F5E-2D899361656C}
    Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{261F6A8B-7AAF-4BF5-8552-6610F4D67819}



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AD61D5B-58A3-4592-9B34-DC84688FF805}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{261F6A8B-7AAF-4BF5-8552-6610F4D67819}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{26D675AC-D925-4bbf-A720-62C2AA4A81EB}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{EDBBE0D0-A76A-4FE4-AE6B-13BCEFFD75C8}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1AD61D5B-58A3-4592-9B34-DC84688FF805}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{26D675AC-D925-4bbf-A720-62C2AA4A81EB}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EDBBE0D0-A76A-4FE4-AE6B-13BCEFFD75C8}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{1AD61D5B-58A3-4592-9B34-DC84688FF805}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{26D675AC-D925-4bbf-A720-62C2AA4A81EB}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{EDBBE0D0-A76A-4FE4-AE6B-13BCEFFD75C8}



    ~~~ Files

    Successfully deleted: [File] C:\Windows\prefetch\TOOLBARUPDATERSERVICE.EXE-76B3C3DE.pf
    Successfully deleted: [File] C:\Users\Sharon\appdata\local\google\chrome\user data\default\local storage\hxxp_www.superfish.com_0.localstorage
    Successfully deleted: [File] C:\Users\Sharon\appdata\local\google\chrome\user data\default\local storage\hxxp_www.superfish.com_0.localstorage-journal
    Successfully deleted: [File] C:\Users\Sharon\appdata\local\google\chrome\user data\default\local storage\hxxps_www.superfish.com_0.localstorage
    Successfully deleted: [File] C:\Users\Sharon\appdata\local\google\chrome\user data\default\local storage\hxxps_www.superfish.com_0.localstorage-journal



    ~~~ Folders

    Successfully deleted: [Folder] C:\Program Files (x86)\driverupdate
    Successfully deleted: [Folder] C:\ProgramData\pcdr
    Successfully deleted: [Folder] C:\Users\Sharon\appdata\local\rivalgaming
    Successfully deleted: [Folder] C:\Users\Sharon\appdata\locallow\company
    Successfully deleted: [Folder] C:\Users\Sharon\AppData\Roaming\alot
    Successfully deleted: [Folder] C:\Users\Sharon\AppData\Roaming\microsoft\windows\start menu\programs\rivalgaming
    Successfully deleted: [Folder] C:\Users\Sharon\AppData\Roaming\pcdr
    Successfully deleted: [Folder] C:\ProgramData\10512698717041424079
    Successfully deleted: [Folder] C:\ProgramData\5251e4d5c03e4b429e9ec62791b7921b
    Successfully deleted: [Folder] C:\ProgramData\890cb5f003d1430780c8d0c74565cd1e



    ~~~ Chrome

    Successfully deleted: [Folder] C:\Users\Sharon\appdata\local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk

    [C:\Users\Sharon\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

    [C:\Users\Sharon\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
    mkfokfffehpeedafpekjeddnmnjhmcmk

    [C:\Users\Sharon\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

    [C:\Users\Sharon\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
    [
    mkfokfffehpeedafpekjeddnmnjhmcmk
    ]





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Tue 06/09/2015 at 22:25:07.21
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  9. #9
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.



    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.



    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"


    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode


    • Double-click on the Rkill desktop icon to run the tool.
    • If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.



    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

  10. #10
    Join Date
    May 2001
    Location
    to close to Washington D.C.
    Posts
    2,269
    ComboFix 15-06-09.01 - Sharon 06/10/2015 21:26:35.1.2 - x64
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4054.1555 [GMT -4:00]
    Running from: C:\Users\Sharon\Desktop\ComboFix.exe
    AV: Norton 360 *Disabled/Outdated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
    FW: Norton 360 *Disabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
    SP: Norton 360 *Enabled/Outdated* {631E4324-D31C-783F-EC5C-35AD42B18466}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\Users\Public\AlexaNSISPlugin.6040.dll
    C:\Users\Sharon\AppData\Roaming\Microsoft\Windows\Recent\~$C Pythagorean Theorem WARMUP.doc
    C:\Users\Sharon\AppData\Roaming\Microsoft\Windows\Recent\PLC Pythagorean Theorem WARMUP.doc
    C:\Windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
    C:\Windows\Downloaded Program Files\popcaploader.dll
    C:\Windows\SysWow64\images
    C:\Windows\SysWow64\images\FGWinNT_ToolBar_eng.gif
    C:\Windows\SysWow64\images\FGWinNT_ToolBar_kor.gif
    C:\Windows\SysWow64\images\FGWinNT_Tray_eng.bmp
    C:\Windows\SysWow64\images\FGWinNT_Tray_kor.gif
    C:\Windows\SysWow64\images\FGWinNT_View_eng.jpg
    C:\Windows\SysWow64\images\FGWinNT_View_kor.jpg
    C:\Windows\SysWow64\images\RUN_ENG.JPG
    C:\Windows\SysWow64\images\RUN_KOR.JPG
    C:\Windows\SysWow64\images\toolbar_eng.jpg
    C:\Windows\SysWow64\images\toolbar_kor.jpg
    C:\Windows\SysWow64\jgaw400.dll
    D:\AUTORUN.INF


    ((((((((((((((((((((((((( Files Created from 2015-05-11 to 2015-06-11 )))))))))))))))))))))))))))))))


    2015-06-10 02:19:49 . 2015-06-10 02:19:49 -------- d-----w- C:\RegBackup
    2015-06-10 02:02:26 . 2015-06-10 02:11:09 -------- d-----w- C:\AdwCleaner
    2015-06-10 00:54:50 . 2015-06-10 00:55:43 136408 ----a-w- C:\Windows\system32\drivers\MBAMSwissArmy.sys
    2015-06-10 00:51:58 . 2015-06-10 00:52:03 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
    2015-06-10 00:51:58 . 2015-06-10 00:51:58 -------- d-----w- C:\ProgramData\Malwarebytes
    2015-06-10 00:51:58 . 2015-04-14 13:37:52 64216 ----a-w- C:\Windows\system32\drivers\mwac.sys
    2015-06-10 00:51:58 . 2015-04-14 13:37:46 107736 ----a-w- C:\Windows\system32\drivers\mbamchameleon.sys
    2015-06-10 00:51:58 . 2015-04-14 13:37:42 25816 ----a-w- C:\Windows\system32\drivers\mbam.sys
    2015-06-09 23:47:31 . 2015-06-09 23:47:31 35064 ----a-w- C:\Windows\system32\drivers\TrueSight.sys
    2015-06-09 23:47:30 . 2015-06-10 00:50:05 -------- d-----w- C:\ProgramData\RogueKiller
    2015-06-08 02:08:53 . 2015-06-09 01:49:36 -------- d-----w- C:\FRST
    2015-05-14 01:46:01 . 2015-04-08 00:47:08 1505792 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
    2015-05-14 01:46:00 . 2015-04-08 01:11:05 939008 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
    2015-05-14 01:45:59 . 2015-04-08 00:47:28 1822208 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
    2015-05-14 01:45:59 . 2015-04-08 00:47:08 1482240 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
    2015-05-14 01:45:59 . 2015-04-08 00:47:08 1454080 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
    2015-05-14 01:45:59 . 2015-04-07 23:48:54 2294784 ----a-w- C:\Program Files\Windows Journal\Journal.exe
    2015-05-14 01:44:44 . 2015-04-30 16:03:33 279040 ----a-w- C:\Windows\SysWow64\schannel.dll
    2015-05-14 01:44:43 . 2015-04-30 15:41:49 347648 ----a-w- C:\Windows\system32\schannel.dll
    2015-05-14 01:15:01 . 2015-04-10 23:33:28 384512 ----a-w- C:\Windows\system32\services.exe
    2015-05-14 01:15:01 . 2015-04-10 23:22:42 279552 ----a-w- C:\Windows\SysWow64\services.exe
    2015-05-14 01:12:50 . 2015-04-30 13:14:01 124112 ----a-w- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
    2015-05-14 01:12:50 . 2015-04-30 13:14:01 102608 ----a-w- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
    2015-05-13 01:58:57 . 2015-04-09 23:46:01 282112 ----a-w- C:\Windows\system32\dxtrans.dll
    .


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2015-06-11 01:05:41 . 2012-08-28 14:54:05 778416 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2015-06-11 01:05:41 . 2011-06-27 21:41:42 142512 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2015-05-14 01:49:49 . 2006-11-02 12:35:00 140425016 ----a-w- C:\Windows\system32\mrt.exe
    2015-03-14 02:22:49 . 2015-04-19 23:31:44 1585248 ----a-w- C:\Windows\system32\ntdll.dll
    2015-03-14 02:22:49 . 2015-04-19 23:31:44 1168080 ----a-w- C:\Windows\SysWow64\ntdll.dll
    2015-03-13 01:44:46 . 2015-04-19 23:31:45 4691384 ----a-w- C:\Windows\system32\ntoskrnl.exe
    2015-03-13 01:44:34 . 2015-04-19 23:31:46 5120 ----a-w- C:\Windows\SysWow64\wow32.dll


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown
    REGEDIT4

  11. #11
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    The above log is incomplete.

  12. #12
    Join Date
    May 2001
    Location
    to close to Washington D.C.
    Posts
    2,269
    ComboFix 15-06-09.01 - Sharon 06/11/2015 20:05:37.2.2 - x64
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4054.1941 [GMT -4:00]
    Running from: c:\users\Sharon\Desktop\ComboFix.exe
    AV: Norton 360 *Disabled/Outdated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
    FW: Norton 360 *Disabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
    SP: Norton 360 *Enabled/Outdated* {631E4324-D31C-783F-EC5C-35AD42B18466}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ---- Previous Run -------
    .
    c:\users\Public\AlexaNSISPlugin.6040.dll
    c:\users\Sharon\AppData\Roaming\Microsoft\Windows\Recent\~$C Pythagorean Theorem WARMUP.doc
    c:\users\Sharon\AppData\Roaming\Microsoft\Windows\Recent\PLC Pythagorean Theorem WARMUP.doc
    c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
    c:\windows\Downloaded Program Files\popcaploader.dll
    c:\windows\SysWow64\images
    c:\windows\SysWow64\images\FGWinNT_ToolBar_eng.gif
    c:\windows\SysWow64\images\FGWinNT_ToolBar_kor.gif
    c:\windows\SysWow64\images\FGWinNT_Tray_eng.bmp
    c:\windows\SysWow64\images\FGWinNT_Tray_kor.gif
    c:\windows\SysWow64\images\FGWinNT_View_eng.jpg
    c:\windows\SysWow64\images\FGWinNT_View_kor.jpg
    c:\windows\SysWow64\images\RUN_ENG.JPG
    c:\windows\SysWow64\images\RUN_KOR.JPG
    c:\windows\SysWow64\images\toolbar_eng.jpg
    c:\windows\SysWow64\images\toolbar_kor.jpg
    c:\windows\SysWow64\jgaw400.dll
    D:\AUTORUN.INF
    .
    .
    ((((((((((((((((((((((((( Files Created from 2015-05-12 to 2015-06-12 )))))))))))))))))))))))))))))))
    .
    .
    2015-06-12 00:21 . 2015-06-12 00:21 -------- d-----w- c:\users\Sharon\AppData\Local\temp
    2015-06-12 00:21 . 2015-06-12 00:21 -------- d-----w- c:\users\Default\AppData\Local\temp
    2015-06-10 02:19 . 2015-06-10 02:19 -------- d-----w- C:\RegBackup
    2015-06-10 02:02 . 2015-06-10 02:11 -------- d-----w- C:\AdwCleaner
    2015-06-10 00:54 . 2015-06-10 00:55 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2015-06-10 00:51 . 2015-06-10 00:52 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
    2015-06-10 00:51 . 2015-06-10 00:51 -------- d-----w- c:\programdata\Malwarebytes
    2015-06-10 00:51 . 2015-04-14 13:37 64216 ----a-w- c:\windows\system32\drivers\mwac.sys
    2015-06-10 00:51 . 2015-04-14 13:37 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2015-06-10 00:51 . 2015-04-14 13:37 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
    2015-06-09 23:47 . 2015-06-09 23:47 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
    2015-06-09 23:47 . 2015-06-10 00:50 -------- d-----w- c:\programdata\RogueKiller
    2015-06-08 02:08 . 2015-06-09 01:49 -------- d-----w- C:\FRST
    2015-05-14 01:46 . 2015-04-08 00:47 1505792 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
    2015-05-14 01:46 . 2015-04-08 01:11 939008 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
    2015-05-14 01:45 . 2015-04-08 00:47 1822208 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
    2015-05-14 01:45 . 2015-04-08 00:47 1482240 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
    2015-05-14 01:45 . 2015-04-08 00:47 1454080 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
    2015-05-14 01:45 . 2015-04-07 23:48 2294784 ----a-w- c:\program files\Windows Journal\Journal.exe
    2015-05-14 01:44 . 2015-04-30 16:03 279040 ----a-w- c:\windows\SysWow64\schannel.dll
    2015-05-14 01:44 . 2015-04-30 15:41 347648 ----a-w- c:\windows\system32\schannel.dll
    2015-05-14 01:15 . 2015-04-10 23:33 384512 ----a-w- c:\windows\system32\services.exe
    2015-05-14 01:15 . 2015-04-10 23:22 279552 ----a-w- c:\windows\SysWow64\services.exe
    2015-05-14 01:12 . 2015-04-30 13:14 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
    2015-05-14 01:12 . 2015-04-30 13:14 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
    2015-05-13 01:58 . 2015-04-09 23:46 282112 ----a-w- c:\windows\system32\dxtrans.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2015-06-11 01:05 . 2012-08-28 14:54 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2015-06-11 01:05 . 2011-06-27 21:41 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2015-05-14 01:49 . 2006-11-02 12:35 140425016 ----a-w- c:\windows\system32\mrt.exe
    2015-03-14 02:22 . 2015-04-19 23:31 1585248 ----a-w- c:\windows\system32\ntdll.dll
    2015-03-14 02:22 . 2015-04-19 23:31 1168080 ----a-w- c:\windows\SysWow64\ntdll.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-2-6 1312096]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
    @="Service"
    .
    S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe;c:\windows\SYSNATIVE\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe [x]
    .
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    Themes
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2015-04-30 20:42 988488 ----a-w- c:\program files (x86)\Google\Chrome\Application\42.0.2311.135\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2015-06-12 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-28 01:05]
    .
    2015-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-25 22:18]
    .
    2015-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-25 22:18]
    .
    .
    --------- X64 Entries -----------
    .
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com
    mLocal Page = c:\windows\SysWOW64\blank.htm
    mSearchAssistant =
    mCustomizeSearch = hxxp://www.google.com
    TCP: DhcpNameServer = 192.168.0.1
    DPF: {21BB8360-F943-447E-98F3-3C22345375A7} - hxxp://aolsvc.aol.com/onlinegames/free-trial-chocolatier/ChocolatierWeb.1.0.0.13.cab
    DPF: {2D168880-539F-4967-BA11-F7C2862B9E1D} - hxxp://aolsvc.aol.com/onlinegames/free-trial-diaper-dash/DiaperDashWeb.1.0.0.4.cab
    DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} - hxxp://archives.gametap.com/static/cab_headless/GameTapWebPlayer.cab
    DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} - hxxp://aolsvc.aol.com/onlinegames/free-trial-big-island-blends/gamehouseplayer.cab
    DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://aolsvc.aol.com/onlinegames/free-trial-delicious-winter-edition/zylomplayer.cab
    DPF: {D40F5876-A494-4124-8161-82625BB28C06} - hxxp://aolsvc.aol.com/onlinegames/free-trial-chocolatier-2-secret-ingredients/Chocolatier2Web.1.0.0.14.cab
    DPF: {FCB28D51-A017-46B2-9FB3-F7BFD53B2E42} - hxxp://aolsvc.aol.com/onlinegames/free-trial-decadence-by-design/Chocolatier3Web.1.0.0.6.cab
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKCU-Run-Easy Dock - (no file)
    Wow6432Node-HKLM-Run-Easy Dock - (no file)
    SafeBoot-WudfPf
    SafeBoot-WudfRd
    BHO-{EDBBE0D0-A76A-4FE4-AE6B-13BCEFFD75C8} - c:\program files (x86)\Brand Thunder\IE\tbcore3x64.dll
    AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
    AddRemove-Burger Shop 2™ - c:\program files (x86)\GoBit
    AddRemove-IDMSQ - c:\program files (x86)\IDMSQ\uninst.exe
    AddRemove-Shockwave - c:\windows\System32\Macromed\SHOCKW~1\UNWISE.EXE
    .
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N360]
    "ImagePath"="\"c:\program files (x86)\Norton 360\Engine\21.5.0.19\N360.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\21.5.0.19\diMaster.dll\" /prefetch:1"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCD5SRVC{048DBD20-445E8C82-05040104}]
    "ImagePath"="\??\c:\progra~2\DELLSU~1\HWDiag\bin\PCD5SRVC_x64.pkms"
    "ImagePath"="\SystemRoot\System32\Drivers\N360x64\1505000.013\SYMTDIV.SYS"
    "TrustedImagePaths"="c:\program files (x86)\Norton 360\Engine\21.5.0.19;c:\program files (x86)\Norton 360\Engine64\21.5.0.19"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_188_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_188_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker6"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_188_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_188_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_188.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.17"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_188.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_188.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_188.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker6"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
    @="Shockwave Flash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
    @Denied: (A 2) (Everyone)
    @=""
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
    @="FlashBroker"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Completion time: 2015-06-11 20:25:05
    ComboFix-quarantined-files.txt 2015-06-12 00:25
    .
    Pre-Run: 337,003,888,640 bytes free
    Post-Run: 336,822,943,744 bytes free
    .
    - - End Of File - - 90069CA9982D34B37FFF02079332914C
    5C616939100B85E558DA92B899A0FC36

  13. #13
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.


    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Make sure you checkmark Addition.txt box.
    • Press Scan button.
    • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

  14. #14
    Join Date
    May 2001
    Location
    to close to Washington D.C.
    Posts
    2,269
    i cant seem to get this last part to complete. it just seems to want to run and run ... scanning office something 3 thousand and something ....

    for hours.

    ill try again tonight, maybe in safe more.

    thanks

  15. #15
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Try to delete current FRST copy and download fresh one.

Thread Information

Users Browsing this Thread

There are currently 4 users browsing this thread. (0 members and 4 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •