FYI. the mshta.exe shows up in msconfig disabled item list as I tried disabling it in startup for msconfig, but they start afterwards anyway. So that didn't make any difference

Now I can see the location of the files and there names it helps to resolve the problem.

All the files were found and apparently removed by Malwarebytes and Adwcleaner also shows it deleted the program called Session Manager, which they all belong to. The program is not a serious threat and is simply classified as a PUP (Potentially Unwanted Program).

Open Windows Explorer, click on the C: drive in the left pane. In the right pane double click on Program Files, tell me if you can then see Settings Manager in the list, if you find it, right click on it and select Delete, let me know what happens as it may give a warning you do not have permission.

So on my siblings windows 7 computer, she downloads random things sometimes but is clueless on which things to select and now there is something downloading every time she typs in a search in the google search bar and if she types a website url exept google and facebook there is a 502 bad gateway error.:mad: we instaled avg, cleaned the threats and cache, but nothing is happening :(:(:(

OTL logfile created on: 7/2/2014 9:41:26 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jack Schwartz\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17126)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 1.51 Gb Available Physical Memory | 40.23% Memory free
7.50 Gb Paging File | 4.48 Gb Available in Paging File | 59.73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 585.15 Gb Total Space | 499.36 Gb Free Space | 85.34% Space Free | Partition Type: NTFS
Drive D: | 10.92 Gb Total Space | 1.58 Gb Free Space | 14.46% Space Free | Partition Type: NTFS
Drive G: | 29.80 Gb Total Space | 17.15 Gb Free Space | 57.56% Space Free | Partition Type: FAT32
Drive H: | 29.80 Gb Total Space | 16.96 Gb Free Space | 56.90% Space Free | Partition Type: FAT32

Computer Name: JACKSCHWARTZ-PC | User Name: Jack Schwartz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/07/02 13:22:59 | 000,088,648 | ---- | M] (COMPANYVERS_NAME) -- C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65barsvc.exe
PRC - [2014/06/24 08:59:36 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2014/06/24 08:59:33 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2014/06/24 08:59:32 | 000,750,160 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2014/06/24 07:53:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jack Schwartz\Desktop\OTL.exe
PRC - [2014/06/20 21:02:16 | 000,230,792 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
PRC - [2014/06/05 09:58:39 | 000,860,488 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/05/09 05:55:32 | 001,141,848 | ---- | M] (RealNetworks, Inc.) -- c:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
PRC - [2014/05/05 10:38:00 | 000,182,352 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
PRC - [2014/05/05 10:37:58 | 000,124,496 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
PRC - [2014/04/07 03:06:58 | 000,023,552 | ---- | M] () -- C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
PRC - [2014/04/06 23:00:42 | 000,039,568 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2013/12/21 02:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/07/03 04:32:44 | 001,228,504 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psia.exe
PRC - [2013/07/03 04:32:44 | 000,660,184 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe
PRC - [2012/07/13 16:27:00 | 000,769,432 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2012/05/30 13:56:52 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2011/10/21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
PRC - [2011/10/13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/01 05:54:46 | 000,185,640 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe
PRC - [2011/02/01 05:54:42 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe
PRC - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2010/03/12 18:40:22 | 000,762,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX3000.exe
PRC - [2009/12/01 20:49:52 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe


========== Modules (No Company Name) ==========

MOD - [2014/06/05 09:58:38 | 000,414,536 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppgooglenaclpluginchrome.dll
MOD - [2014/06/05 09:58:36 | 004,217,672 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll
MOD - [2014/06/05 09:58:32 | 000,716,616 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libglesv2.dll
MOD - [2014/06/05 09:58:31 | 000,126,280 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libegl.dll
MOD - [2014/06/05 09:58:30 | 001,732,424 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll
MOD - [2014/05/05 10:37:58 | 000,138,320 | ---- | M] () -- C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
MOD - [2014/05/05 10:37:52 | 000,049,744 | ---- | M] () -- C:\Users\Jack Schwartz\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
MOD - [2014/04/08 11:34:33 | 000,260,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsForm0b574481#\1ab52f8 951c2ab97592ec25830dd5165\WindowsFormsIntegration.ni.dll
MOD - [2014/04/08 11:34:03 | 019,693,056 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\24bf0c88 c0465485f4b842df043b3f45\System.ServiceModel.ni.dll
MOD - [2014/04/08 11:33:44 | 002,997,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\1e5e19d 119e04b93da3d45153abd60fd\System.IdentityModel.ni.dll
MOD - [2014/04/08 11:33:07 | 000,018,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio49d6fefe#\47e7fc4 01facd4a5d3f2237f16948f36\PresentationFramework-SystemXml.ni.dll
MOD - [2014/04/08 11:33:06 | 000,016,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio84a7b877#\af02d03 484578dbc357d1df8d1b6fd01\PresentationFramework-SystemData.ni.dll
MOD - [2014/04/08 09:13:42 | 000,223,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\f4354d6 580fbb745c0c8acba382a7b84\System.ServiceProcess.ni.dll
MOD - [2014/04/08 09:13:32 | 001,889,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\3fe705796c6a41d4 889d9001d1c56af8\System.Xaml.ni.dll
MOD - [2014/04/08 09:13:30 | 002,542,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\7e73e63cf4b 8efdf41900b9576489e61\System.Data.Linq.ni.dll
MOD - [2014/04/08 09:13:28 | 007,409,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\6bbed231aec6fd82 547e09474da0b2f9\System.Data.ni.dll
MOD - [2014/04/08 09:13:27 | 018,813,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\a4b45c4 4490c75bc2fb22780e7ef087d\PresentationFramework.ni.dll
MOD - [2014/04/08 09:13:21 | 012,894,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f4f6ee0 df2aa4189bf36e6335cb92761\System.Windows.Forms.ni.dll
MOD - [2014/04/08 09:13:14 | 011,025,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74542efbeb 46445949a39026c501132\PresentationCore.ni.dll
MOD - [2014/04/08 09:13:14 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5cd2aee5e7c07 227c694d89219688ab3\System.Drawing.ni.dll
MOD - [2014/04/08 09:13:13 | 000,122,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\78652b7fa68ee0 58bff6a118c657f565\SMDiagnostics.ni.dll
MOD - [2014/04/08 09:13:12 | 002,825,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\f6d7bb5 9f318c130d68816a89335d05e\System.Runtime.Serialization.ni.dll
MOD - [2014/04/08 09:13:12 | 000,806,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\34b53ec afa1d7ccc7ca961d722b5d983\System.ServiceModel.Internals.ni.dll
MOD - [2014/04/08 09:13:06 | 003,950,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\acf97bfe2a931d4a 47253b26b7218991\WindowsBase.ni.dll
MOD - [2014/04/08 09:13:06 | 000,470,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\75f8bc4 cf08030c4a53b6d5e0ae20046\PresentationFramework.Aero.ni.dll
MOD - [2014/04/08 09:13:02 | 007,662,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bada32953bb6b16a5 3d653eae23d78dc\System.Xml.ni.dll
MOD - [2014/04/08 09:13:01 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dce99d8de14d8a01 5313db98c72552ee\System.Core.ni.dll
MOD - [2014/04/08 09:12:57 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bbc48ec 4245e502ae19b0601d3799c9e\System.Configuration.ni.dll
MOD - [2014/04/08 09:12:56 | 010,060,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ff26cc03e6d57d8abd13b 990332e67c6\System.ni.dll
MOD - [2014/04/08 09:12:50 | 000,147,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\4c8a153aa66f cd62db6fff269a2ef2b4\System.Numerics.ni.dll
MOD - [2014/04/08 09:12:49 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97b e8dc991c47d07\mscorlib.ni.dll
MOD - [2009/12/01 20:49:50 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll


========== Services (SafeList) ==========

SRV:64bit: - [2014/05/30 05:21:05 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/10/10 18:54:28 | 000,144,152 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/03/12 18:40:18 | 000,199,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV:64bit: - [2007/03/22 03:26:14 | 000,566,704 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxbxcoms.exe -- (lxbx_device)
SRV - [2014/07/02 13:22:59 | 000,088,648 | ---- | M] (COMPANYVERS_NAME) [Auto | Running] -- C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65barsvc.exe -- (FromDocToPDF_65Service)
SRV - [2014/06/24 08:59:36 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2014/06/24 08:59:33 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2014/06/19 06:56:40 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/06/12 03:17:03 | 000,262,320 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/06/03 05:19:55 | 001,039,952 | ---- | M] (Avira Operations GmbH & Co. KG) [Disabled | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe -- (AntiVirWebService)
SRV - [2014/05/09 05:55:32 | 001,141,848 | ---- | M] (RealNetworks, Inc.) [Auto | Running] -- c:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe -- (RealPlayer Cloud Service)
SRV - [2014/05/05 10:37:58 | 000,124,496 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe -- (Avira.OE.ServiceHost)
SRV - [2014/04/07 03:06:58 | 000,023,552 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe -- (RealPlayerUpdateSvc)
SRV - [2014/04/06 23:00:42 | 000,039,568 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2014/04/03 20:21:48 | 000,315,008 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/12/21 02:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/11/04 18:31:56 | 000,092,160 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/07/03 04:32:44 | 001,228,504 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2013/07/03 04:32:44 | 000,660,184 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2012/07/13 16:27:00 | 000,769,432 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2012/05/30 13:56:52 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2011/10/21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/10/13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/06/16 13:13:20 | 000,151,552 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
SRV - [2011/02/01 05:54:46 | 000,185,640 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe -- (tgsrvc_verizondm)
SRV - [2011/02/01 05:54:42 | 000,206,120 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe -- (sprtsvc_verizondm)
SRV - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/03/22 04:26:14 | 000,566,704 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxbxcoms.exe -- (lxbx_device)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/06/24 08:59:32 | 000,117,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2014/06/03 05:19:53 | 000,130,584 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2014/02/25 11:41:28 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2013/10/01 22:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/07/03 04:32:42 | 000,018,456 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf_amd64.sys -- (PSI)
DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/07/22 12:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 17:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/23 03:34:00 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/03/12 18:40:22 | 002,060,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VX3000.sys -- (VX3000)
DRV:64bit: - [2009/09/01 15:10:00 | 000,029,696 | ---- | M] (NeoRouter Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nrtap.sys -- (nrtap)
DRV:64bit: - [2009/07/30 13:12:56 | 000,339,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={ inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={ inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9a216821-0ec5-49a3-85ac-fb72ae79a1e8}: "URL" = http://search.tb.ask.com/search/GGmain.jhtml?p2=^Y6^xdm003^YYA^us&si=CKLlqZOSp78CFc9j7Aody1cApQ&ptb=FD42165 2-41DD-438E-B5F2-2ABF692C7773&ind=2014070213&n=780c45c5&psa=&st=sb&searchfor={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {8456F1E8-B96F-423F-8584-7E194CCF165B}
IE - HKCU\..\SearchScopes\{678148FD-8E0C-4FD2-9F63-67FB9EE61102}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={ inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{8456F1E8-B96F-423F-8584-7E194CCF165B}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer: source}&ie={inputEncoding?}&oe={outputEncoding?}&rlz=1I7GGNI_enUS548
IE - HKCU\..\SearchScopes\{9a216821-0ec5-49a3-85ac-fb72ae79a1e8}: "URL" = http://search.tb.ask.com/search/GGmain.jhtml?p2=^Y6^xdm003^YYA^us&si=CKLlqZOSp78CFc9j7Aody1cApQ&ptb=FD42165 2-41DD-438E-B5F2-2ABF692C7773&ind=2014070213&n=780c45c5&psa=&st=sb&searchfor={searchTerms}
IE - HKCU\..\SearchScopes\{CD85E634-A04E-447D-8C4B-2B69025FA188}: "URL" = http://query.nytimes.com/gst/handler.html?query={searchTerms}&opensearch=1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing "
FF - prefs.js..browser.search.order.3: "Bing "
FF - prefs.js..browser.search.selectedEngine: "Bing "
FF - prefs.js..browser.startup.homepage: "https://www.google.com/?gws_rd=ssl|http://forums.techguy.org/virus-other-malware-removal/1128312-home-page-firefox-opens-bing.html#post8928497|about:customizing"
FF - prefs.js..extensions.enabledAddons:
FF - prefs.js..extensions.enabledAddons: donottrackplus%40abine.com:2.2.9.812
FF - prefs.js..extensions.enabledAddons: %7B53D8DD28-1C83-41F3-B171-C2ED5B3E5DE8%7D:17.0.9
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:30.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@FromDocToPDF_65.com/Plugin: C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\NP65Stub.dll (Mindspark)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files (x86)\Picasa2\npPicasa2.dll File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=17.0.9.17: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=17.0.9: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\np rndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=17.0.9: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\np rndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=17.0.9: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\np rndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=17.0.9.17: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014/05/09 05:56:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{53D8DD28-1C83-41F3-B171-C2ED5B3E5DE8}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2014/05/09 05:56:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/06/19 06:56:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/06/19 06:56:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Components: C:\Program Files (x86)\Mozilla Sunbird\components [2014/05/09 05:56:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Sunbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.4.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.4.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.6.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.6.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\showlyrics@superstrs oft.co: C:\Program Files (x86)\Show-Lyrics\FF\
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2010/12/15 18:22:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jack Schwartz\AppData\Roaming\Mozilla\Extensions
[2010/12/15 17:26:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jack Schwartz\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/12/15 18:22:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jack Schwartz\AppData\Roaming\Mozilla\Extensions\{718e30fb-e89b-41dd-9da7-e25a45638b28}
[2014/07/02 13:23:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jack Schwartz\AppData\Roaming\Mozilla\Firefox\Profiles\lsxpajl7.default\extensio ns
[2014/04/07 17:00:28 | 000,000,000 | ---D | M] (AOL Toolbar) -- C:\Users\Jack Schwartz\AppData\Roaming\Mozilla\Firefox\Profiles\lsxpajl7.default\extensio ns\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
[2014/07/02 13:23:08 | 000,000,000 | ---D | M] (FromDocToPDF) -- C:\Users\Jack Schwartz\AppData\Roaming\Mozilla\Firefox\Profiles\lsxpajl7.default\extensio ns\65ffxtbr@FromDocToPDF_65.com
[2013/06/18 08:41:48 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\Jack Schwartz\AppData\Roaming\Mozilla\Firefox\Profiles\lsxpajl7.default\extensio ns\ascsurfingprotection@iobit.com
[2013/08/16 09:49:47 | 000,000,000 | ---D | M] (DoNotTrackMe) -- C:\Users\Jack Schwartz\AppData\Roaming\Mozilla\Firefox\Profiles\lsxpajl7.default\extensio ns\donottrackplus@abine.com
[2010/12/15 18:22:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jack Schwartz\AppData\Roaming\Mozilla\Sunbird\Profiles\7x8i0njs.default\extensio ns
[2013/06/23 10:13:21 | 000,001,793 | ---- | M] () -- C:\Users\Jack Schwartz\AppData\Roaming\Mozilla\Firefox\Profiles\lsxpajl7.default\searchpl ugins\Bing.xml
[2012/07/11 20:24:44 | 000,002,289 | ---- | M] () -- C:\Users\Jack Schwartz\AppData\Roaming\Mozilla\Firefox\Profiles\lsxpajl7.default\searchpl ugins\inbox-search.xml
[2013/06/20 06:09:39 | 000,000,904 | ---- | M] () -- C:\Users\Jack Schwartz\AppData\Roaming\Mozilla\Firefox\Profiles\lsxpajl7.default\searchpl ugins\yahoo.xml
[2014/06/24 11:24:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2014/06/19 06:56:34 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2014/06/19 06:56:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/06/19 06:56:31 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2014/06/19 06:56:40 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/05/09 05:56:59 | 000,000,000 | ---D | M] (RealDownloader) -- C:\PROGRAMDATA\REALNETWORKS\REALDOWNLOADER\BROWSERPLUGINS\FIREFOX\EXT
[2014/05/09 05:55:50 | 000,148,040 | ---- | M] (RealPlayer Cloud) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryFor Suggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{go ogle:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instan tExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEnco ding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={goo gle:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google :cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={g oogle:suggestAPIKeyParameter},
CHR - homepage: https://www.google.com/
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Users\Jack Schwartz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\
CHR - Extension: Google Docs = C:\Users\Jack Schwartz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: Google Drive = C:\Users\Jack Schwartz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Jack Schwartz\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5019_0\
CHR - Extension: YouTube = C:\Users\Jack Schwartz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Jack Schwartz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: AdBlock = C:\Users\Jack Schwartz\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.34_0\
CHR - Extension: AdBlock = C:\Users\Jack Schwartz\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.35_0\
CHR - Extension: AdBlock = C:\Users\Jack Schwartz\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.37_0\
CHR - Extension: AdBlock = C:\Users\Jack Schwartz\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.1_0\
CHR - Extension: AdBlock = C:\Users\Jack Schwartz\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.3_0\
CHR - Extension: AdBlock = C:\Users\Jack Schwartz\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.5_0\
CHR - Extension: RealPlayer Downloader = C:\Users\Jack Schwartz\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\17.0.9_0\
CHR - Extension: Google Wallet = C:\Users\Jack Schwartz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\
CHR - Extension: Gmail = C:\Users\Jack Schwartz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/08/04 11:22:10 | 000,000,019 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin 64.dll (RealDownloader)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin .dll (RealDownloader)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [VX3000] C:\Windows\vVX3000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Avira Systray] C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [FromDocToPDF EPM Support] C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65medint.exe (Mindspark Interactive Network, Inc.)
O4 - HKLM..\Run: [FromDocToPDF_65 Browser Plugin Loader 64] C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65brmon64.exe (VER_COMPANY_NAME)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware)
O4 - HKCU..\Run: [TWC.Win7] C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe ()
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/pr.../ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn...Detection2.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 10.51.2)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.cvsphoto.com/upload/activ...eX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 1.7.0_07)
O16 - DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 1.7.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 10.51.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8550AEEA-B3CE-4A21-986C-AEE9E5FBA1B5}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/07/02 13:23:34 | 000,000,000 | ---D | C] -- C:\Users\Jack Schwartz\AppData\Local\FromDocToPDF_65
[2014/07/02 13:22:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FromDocToPDF_65
[2014/07/01 16:41:23 | 000,000,000 | ---D | C] -- C:\Users\Jack Schwartz\Desktop\BACKUP
[2014/07/01 06:13:33 | 000,000,000 | ---D | C] -- C:\Users\Jack Schwartz\Desktop\damaged sill
[2014/06/24 19:22:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Weather Channel
[2014/06/24 07:53:12 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jack Schwartz\Desktop\OTL.exe
[2014/06/22 15:42:14 | 000,000,000 | ---D | C] -- C:\Users\Jack Schwartz\Documents\Quicken
[2014/06/19 06:56:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/06/17 16:57:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Licenses
[2014/06/17 16:57:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
[2014/06/17 16:57:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpywareBlaster
[2014/06/12 18:04:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2014/05/08 16:35:46 | 030,705,792 | ---- | C] (Gemalto N.V.) -- C:\Users\Jack Schwartz\RunSanDiskSecureAccess_Win.exe
[4 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
[2 C:\Users\Jack Schwartz\*.tmp files -> C:\Users\Jack Schwartz\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/07/02 21:43:52 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/07/02 21:43:52 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/07/02 21:35:58 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/07/02 21:35:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/07/02 21:35:45 | 3019,350,016 | -HS- | M] () -- C:\hiberfil.sys
[2014/07/02 21:13:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/07/02 21:07:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/07/02 18:43:02 | 000,000,364 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForJack Schwartz.job
[2014/07/01 16:41:23 | 004,764,543 | ---- | M] () -- C:\Users\Jack Schwartz\Desktop\QDATA_2009 423-2013-10-24-2013-10-31.QDF
[2014/07/01 06:19:33 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/06/26 15:25:38 | 000,782,510 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/06/26 15:25:38 | 000,662,400 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/06/26 15:25:38 | 000,122,268 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/06/24 19:22:57 | 000,002,771 | ---- | M] () -- C:\Users\Public\Desktop\Desktop Weather.lnk
[2014/06/24 11:14:20 | 000,077,476 | ---- | M] () -- C:\Users\Jack Schwartz\Desktop\Lincoln at airplane controls.jpg
[2014/06/24 08:59:32 | 000,117,712 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2014/06/24 07:53:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jack Schwartz\Desktop\OTL.exe
[2014/06/20 11:28:44 | 000,002,042 | ---- | M] () -- C:\Users\Jack Schwartz\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2014/06/16 04:21:03 | 000,129,333 | ---- | M] () -- C:\Users\Jack Schwartz\Desktop\gayle ben 6 15 17.jpg
[2014/06/12 17:05:15 | 000,002,064 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/06/10 19:57:42 | 000,043,500 | ---- | M] () -- C:\Users\Jack Schwartz\Desktop\livingsocial_voucher_1000208487244.pdf
[2014/06/10 19:57:22 | 000,043,475 | ---- | M] () -- C:\Users\Jack Schwartz\Desktop\livingsocial_voucher_1000208487248.pdf
[2014/06/05 19:36:05 | 000,106,204 | ---- | M] () -- C:\Users\Jack Schwartz\ADDRESS BOOK THUNDERBIRD.ldif
[2014/06/03 05:19:53 | 000,130,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[4 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
[2 C:\Users\Jack Schwartz\*.tmp files -> C:\Users\Jack Schwartz\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/06/26 19:15:30 | 004,764,543 | ---- | C] () -- C:\Users\Jack Schwartz\Desktop\QDATA_2009 423-2013-10-24-2013-10-31.QDF
[2014/06/24 19:22:57 | 000,002,771 | ---- | C] () -- C:\Users\Public\Desktop\Desktop Weather.lnk
[2014/06/24 11:15:19 | 000,077,476 | ---- | C] () -- C:\Users\Jack Schwartz\Desktop\Lincoln at airplane controls.jpg
[2014/06/16 04:20:59 | 000,129,333 | ---- | C] () -- C:\Users\Jack Schwartz\Desktop\gayle ben 6 15 17.jpg
[2014/06/10 19:57:42 | 000,043,500 | ---- | C] () -- C:\Users\Jack Schwartz\Desktop\livingsocial_voucher_1000208487244.pdf
[2014/06/10 19:57:22 | 000,043,475 | ---- | C] () -- C:\Users\Jack Schwartz\Desktop\livingsocial_voucher_1000208487248.pdf
[2014/05/31 05:46:53 | 000,031,752 | ---- | C] () -- C:\Users\Jack Schwartz\cc_20140531_054651.reg
[2014/05/08 16:35:50 | 001,090,627 | ---- | C] () -- C:\Users\Jack Schwartz\Slakin and Schwartz 2014.JPG
[2014/05/08 16:35:50 | 000,112,464 | ---- | C] () -- C:\Users\Jack Schwartz\z.ldif
[2014/05/08 16:35:45 | 001,336,632 | R--- | C] () -- C:\Users\Jack Schwartz\LaunchU3.exe
[2014/05/08 16:35:45 | 001,084,153 | ---- | C] () -- C:\Users\Jack Schwartz\Phyllis and Roberta Slaktin 2014.JPG
[2014/05/08 16:35:45 | 000,033,440 | ---- | C] () -- C:\Users\Jack Schwartz\MS Outlook Contacts.CSV
[2014/05/08 16:35:45 | 000,028,396 | ---- | C] () -- C:\Users\Jack Schwartz\Mac Pro receipt_20130225R1695241561.pdf
[2014/05/08 16:35:45 | 000,001,968 | ---- | C] () -- C:\Users\Jack Schwartz\Microsoft Security Essentials.lnk
[2014/05/08 16:35:44 | 007,671,623 | ---- | C] () -- C:\Users\Jack Schwartz\EXERCISES CERVICAL.rtf
[2014/05/08 16:35:44 | 000,644,529 | ---- | C] () -- C:\Users\Jack Schwartz\Kidney ***'t S. Fla Apr 2013.PDF
[2014/05/08 16:35:44 | 000,061,946 | ---- | C] () -- C:\Users\Jack Schwartz\Kidney ***'t of S. Fla.rtf
[2014/05/08 16:35:43 | 002,529,490 | ---- | C] () -- C:\Users\Jack Schwartz\CXAI5198 TELEPHONE OWNERS MANUEL.pdf
[2014/05/08 16:35:43 | 000,276,336 | ---- | C] () -- C:\Users\Jack Schwartz\Disposition of Tangible Personal Property.jpg
[2014/05/08 16:35:42 | 002,529,490 | ---- | C] () -- C:\Users\Jack Schwartz\ANSW. MACHINE NY TELEPHONE OWNERS MANUEL CXAI5198.pdf
[2014/05/08 16:35:42 | 000,244,054 | ---- | C] () -- C:\Users\Jack Schwartz\cards Back of cards.jpg
[2014/05/08 16:35:42 | 000,219,867 | ---- | C] () -- C:\Users\Jack Schwartz\cards Front of cards.jpg
[2014/05/08 16:35:42 | 000,195,138 | ---- | C] () -- C:\Users\Jack Schwartz\CERT Hurricane What To Do May 12, 2010.pdf
[2014/05/08 16:35:42 | 000,065,839 | ---- | C] () -- C:\Users\Jack Schwartz\Ark Royal Letter.rtf
[2014/05/08 16:35:42 | 000,015,692 | ---- | C] () -- C:\Users\Jack Schwartz\cc_20121215_080752.reg
[2014/05/08 16:35:42 | 000,010,228 | ---- | C] () -- C:\Users\Jack Schwartz\cc_20130116_072628.reg
[2014/05/08 16:35:41 | 000,106,204 | ---- | C] () -- C:\Users\Jack Schwartz\ADDRESS BOOK THUNDERBIRD.ldif
[2013/07/29 19:08:22 | 001,358,424 | ---- | C] () -- C:\Users\Jack Schwartz\AppData\Roaming\VzInHomeAgent.exe
[2013/06/07 12:06:15 | 000,000,043 | ---- | C] () -- C:\Users\Jack Schwartz\AppData\Roaming\mbam.context.scan
[2013/05/07 12:26:29 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/09/13 19:39:00 | 000,000,288 | ---- | C] () -- C:\Users\Jack Schwartz\AppData\Roaming\.backup.dm
[2011/11/22 10:58:24 | 000,000,000 | ---- | C] () -- C:\Users\Jack Schwartz\AppData\Local\{D09561C1-7D73-459F-B827-9EE53EA3B601}
[2011/11/21 22:04:54 | 000,000,000 | ---- | C] () -- C:\Users\Jack Schwartz\AppData\Local\{13E7946C-90D7-4808-92DF-F399C06C35AC}
[2010/06/30 17:22:44 | 013,690,368 | ---- | C] () -- C:\Users\Jack Schwartz\AppData\Roaming\capture.avi
[2010/05/13 19:23:39 | 000,000,508 | ---- | C] () -- C:\Users\Jack Schwartz\AppData\Roaming\wklnhst.dat
[2010/05/13 11:45:01 | 000,038,458 | ---- | C] () -- C:\Users\Jack Schwartz\AppData\Roaming\Comma Separated Values (Windows).ADR
[2010/05/13 11:05:32 | 000,005,120 | ---- | C] () -- C:\Users\Jack Schwartz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/13 10:54:22 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 22:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 22:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2010/05/31 14:40:05 | 000,000,000 | -HSD | M] -- C:\Users\Jack Schwartz\AppData\Roaming\.#
[2010/12/21 12:53:08 | 000,000,000 | ---D | M] -- C:\Users\Jack Schwartz\AppData\Roaming\7100Series
[2010/11/25 07:56:29 | 000,000,000 | ---D | M] -- C:\Users\Jack Schwartz\AppData\Roaming\Efficient Address Book Free
[2010/11/24 19:18:00 | 000,000,000 | ---D | M] -- C:\Users\Jack Schwartz\AppData\Roaming\GetRightToGo
[2012/06/22 14:31:56 | 000,000,000 | ---D | M] -- C:\Users\Jack Schwartz\AppData\Roaming\Go PDF Reader
[2011/07/07 20:41:25 | 000,000,000 | ---D | M] -- C:\Users\Jack Schwartz\AppData\Roaming\gtk-2.0
[2012/07/23 16:53:46 | 000,000,000 | ---D | M] -- C:\Users\Jack Schwartz\AppData\Roaming\JGoodies
[2010/05/13 09:40:44 | 000,000,000 | ---D | M] -- C:\Users\Jack Schwartz\AppData\Roaming\PictureMover
[2012/09/13 19:39:58 | 000,000,000 | ---D | M] -- C:\Users\Jack Schwartz\AppData\Roaming\SanDisk SecureAccess
[2011/06/24 10:40:09 | 000,000,000 | ---D | M] -- C:\Users\Jack Schwartz\AppData\Roaming\TechWizard
[2010/05/14 08:40:06 | 000,000,000 | ---D | M] -- C:\Users\Jack Schwartz\AppData\Roaming\Template
[2010/12/15 17:26:37 | 000,000,000 | ---D | M] -- C:\Users\Jack Schwartz\AppData\Roaming\Thunderbird
[2010/05/14 08:35:53 | 000,000,000 | ---D | M] -- C:\Users\Jack Schwartz\AppData\Roaming\WinBatch
[2011/11/23 10:29:49 | 000,000,000 | ---D | M] -- C:\Users\Jack Schwartz\AppData\Roaming\Windows Live Writer
[2013/07/12 18:07:54 | 000,000,000 | ---D | M] -- C:\Users\Jack Schwartz\AppData\Roaming\ZebraNetworkSystems

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:5C321E34
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:DFC5A2B2

< End of report >

For about a month my laptop has been acting very odd. It is running very slow even though on our main computer the internet is fine. We were having alot of running issues then all of a sudden there are 3 files that appeared on the desktop about decryption and what not.

I tried everything to make a backup disk but it is not working.

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: AMD A6-3400M APU with Radeon(tm) HD Graphics, AMD64 Family 18 Model 1 Stepping 0
Processor Count: 4
RAM: 5610 Mb
Graphics Card: AMD Radeon(TM) HD 6520G, 512 Mb
Hard Drives: C: Total - 594247 MB, Free - 497019 MB; D: Total - 15927 MB, Free - 1412 MB;
Motherboard: Hewlett-Packard, 169B
Antivirus: Norton 360, Disabled


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 31/08/2011 6:22:50 PM
System Uptime: 02/07/2014 7:36:22 PM (1 hours ago)
.
Motherboard: Hewlett-Packard | | 169B
Processor: AMD A6-3400M APU with Radeon(tm) HD Graphics | Socket FS1 | 1400/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 580 GiB total, 485.34 GiB free.
D: is FIXED (NTFS) - 16 GiB total, 1.38 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP128: 16/03/2014 4:18:09 PM - Installed Warhammer Mark of Chaos
RP129: 22/03/2014 9:14:05 AM - Installed Warhammer Mark of Chaos
RP130: 22/03/2014 9:29:57 AM - Installed Warhammer Mark of Chaos
RP131: 05/05/2014 7:49:41 AM - Installed iTunes
RP132: 08/05/2014 3:48:33 PM - Removed iTunes
RP133: 08/05/2014 3:54:38 PM - Removed Apple Application Support
RP134: 08/05/2014 3:57:42 PM - Removed Apple Software Update
RP135: 08/05/2014 3:59:11 PM - Removed Apple Mobile Device Support
RP136: 08/05/2014 4:01:41 PM - Removed Bonjour
RP137: 08/05/2014 6:45:13 PM - Windows Backup
RP138: 09/05/2014 6:36:57 AM - Restore Operation
RP139: 16/05/2014 7:55:53 AM - Windows Backup
.
==== Installed Programs ======================
.
Adobe Flash Player 13 ActiveX
Adobe Flash Player 13 Plugin
Adobe Reader X (10.1.10) MUI
Adobe Shockwave Player 11.5
Agatha Christie - Peril at End House
Amazing Adventures Around the World
Amazing Adventures The Caribbean Secret
Amazing Adventures The Lost Tomb
Amazing Adventures: Riddle of The Two Knights™
Amazing Adventures: The Forgotten Dynasty
AMD APP SDK Runtime
AMD Fuel
AMD VISION Engine Control Center
Atheros Bluetooth Suite (64)
Atheros Driver Installation Program
ATI Catalyst Install Manager
Battle.net
Bejeweled 2 Deluxe
Bejeweled 3
Blackhawk Striker 2
Blasterball 3
Blio
Bounce Symphony
Brink of Consciousness Dorian Gray Syndrome Standard Edition
Build-a-lot 2
Cake Mania
Castle Link
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chuzzle Deluxe
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Contrôle ActiveX Windows Live Mesh pour connexions à distance
CyberLink YouCam
D3DX10
Diner Dash 2 Restaurant Rescue
Dora's World Adventure
Energy Star Digital Logo
Escape - Special Edition Bundle
Escape Rosecliff Island
ESU for Microsoft Windows 7
Evernote v. 4.2.2
Family Tales: The Sisters
Farm Frenzy
FATE - The Traitor Soul
Final Drive Nitro
Galerie de photos Windows Live
Hewlett-Packard ACLM.NET v1.2.1.1
HP Auto
HP Client Services
HP Connection Manager
HP Customer Experience Enhancements
HP Documentation
HP Games
HP On Screen Display
HP Power Manager
HP Quick Launch
HP Setup
HP Setup Manager
HP Software Framework
HP Support Assistant
IDT Audio
Java Auto Updater
Java(TM) 6 Update 24
Java(TM) 6 Update 24 (64-bit)
Junk Mail filter update
LG USB Modem driver
Lost Lagoon 2: Cursed and Forgotten
Magic Desktop
Mah Jong Medley
Malwarebytes Anti-Malware version 1.75.0.1300
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Moraff's Maximum MahJongg 1.0
MSVCRT
MSVCRT_amd64
Mystery P.I. - Curious Case of Counterfeit Cove
Mystery P.I. - Lost in Los Angeles
Mystery P.I. - Stolen in San Francisco
Mystery P.I. - The London Caper
Mystery P.I. - The Lottery Ticket
Mystery P.I. - The New York Fortune
Mystery P.I. - The Vegas Heist
Namco All-Stars PAC-MAN
Norton 360
Penguins!
Plants vs. Zombies - Game of the Year
PlayReady PC Runtime x86
Poker Superstars III
Polar Bowler
Polar Golfer
Pure Hidden
Rapport
Realtek Ethernet Controller Driver
Realtek PCIE Card Reader
Recovery Manager
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Slingo Supreme
Star Wars Empire at War
StarCraft II
Synaptics TouchPad Driver
Trusteer Endpoint Protection
TurboTax 2012
TurboTax 2013
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update Installer for WildTangent Games App
VaultCracker - The Last Safe
Virtual Villagers 4 - The Tree of Life
Warcraft III
Warcraft III: All Products
WildTangent Games
WildTangent Games App for HP
Windows Live
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WMV9/VC-1 Video Playback
Women's Murder Club - Death in Scarlet
Women's Murder Club - Twice in a Blue Moon
World of Warcraft
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
02/07/2014 7:38:57 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
02/07/2014 7:38:57 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
02/07/2014 7:38:44 PM, Error: Service Control Manager [7034] - The HP Auto service terminated unexpectedly. It has done this 1 time(s).
02/07/2014 7:38:26 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
02/07/2014 7:38:15 PM, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
.
==== End Of File ===========================


DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16490
Run by Trevor at 20:05:50 on 2014-07-02
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.5611.1041 [GMT -6:00]
.
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Windows\SysWOW64\ezSharedSvcHost.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Norton 360\Engine\20.5.0.28\ccSvcHst.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
C:\Program Files (x86)\Norton 360\Engine\20.5.0.28\ccSvcHst.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
C:\Users\Trevor\AppData\Roaming\Garmin\WINCE07.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\syswow64\dllhost.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe
C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.ca/
uSearch Bar = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com
mWinlogon: Userinit = userinit.exe,
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.5.0.28\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.5.0.28\ips\ipsbho.dll
BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.5.0.28\coieplg.dll
TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
uRun: [Apworks] regsvr32.exe C:\Users\Trevor\AppData\Local\Apworks\LFGIF13N.DLL
uRun: [GameServer707] "C:\Users\Trevor\AppData\Roaming\Garmin\WINCE07.exe"
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_13_0_0_214_ActiveX.exe -update activex
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
StartupFolder: C:\Users\Trevor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DECRYPT_INSTRUCTION.HTML
StartupFolder: C:\Users\Trevor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DECRYPT_INSTRUCTION.TXT
StartupFolder: C:\Users\Trevor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DECRYPT_INSTRUCTION.URL
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: EnableShellExecuteHooks = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: HideFastUserSwitching = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{00EDB46C-F0B5-4AD4-87AD-18A540F27E60} : DHCPNameServer = 192.168.254.2 142.166.86.18 142.166.86.19
TCP: Interfaces\{C389C8C4-CE1B-45D4-9900-EB19C2376B23} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{C389C8C4-CE1B-45D4-9900-EB19C2376B23}\44C496E6B6 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{C389C8C4-CE1B-45D4-9900-EB19C2376B23}\46C696E6B6 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{C389C8C4-CE1B-45D4-9900-EB19C2376B23}\F68445340205F627471626C6560284F6473707F647 : DHCPNameServer = 192.168.1.1
Handler: intu-tt2012 - {02F985EF-502B-4597-993F-6BF9E004C138} - C:\Program Files (x86)\TurboTax 2012\ic2012pp.dll
Handler: intu-tt2013 - {9FF5EC07-1645-43BF-828F-C73CFA7BC1AF} - C:\Program Files (x86)\TurboTax 2013\ic2013pp.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: <No Name> - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook32.dll
x64-mWinlogon: Userinit = C:\Windows\System32\userinit.exe,"C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe"
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
x64-Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
x64-RunOnce: [NCPluginUpdater] "c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe" Update
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
x64-Handler: intu-tt2012 - {02F985EF-502B-4597-993F-6BF9E004C138} - <orphaned>
x64-Handler: intu-tt2013 - {9FF5EC07-1645-43BF-828F-C73CFA7BC1AF} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: <No Name> - {E54729E8-643D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook64.dll
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-3-4 78976]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-3-4 38528]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\1405000.01C\symds64.sys [2014-5-1 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\1405000.01C\symefa64.sys [2014-5-1 1139800]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\BASHDefs\20130903.002\BHDrvx64.sys [2013-9-3 1525336]
R1 ccSet_N360;Norton 360 Settings Manager;C:\Windows\System32\drivers\N360x64\1405000.01C\ccsetx64.sys [2014-5-1 169048]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\IPSDefs\20130913.001\IDSviA64.sys [2013-9-13 520280]
R1 RapportCerberus_59849;RapportCerberus_59849;C:\ProgramData\Trusteer\Rapport \store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys [2013-10-29 606672]
R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2013-10-25 284176]
R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2013-10-25 399312]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\1405000.01C\ironx64.sys [2014-5-1 224416]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\1405000.01C\symnets.sys [2014-5-1 433752]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-4-2 204288]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-4-2 365568]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-10-22 106144]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664]
R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe --> C:\Windows\System32\ezSharedSvcHost.exe [?]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-3-5 35200]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-10 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-10 701512]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\20.5.0.28\ccsvchst.exe [2014-5-1 144368]
R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2013-10-25 1444120]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-2 483688]
R2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-10-22 158880]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-8-2 46136]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2010-11-17 115216]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2011-10-22 30368]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-8-29 140376]
R3 hpCMSrv;HP Connection Manager 4.0 Service;C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-5-23 1071160]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-7-15 25928]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-2-15 335464]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-1-18 539240]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2009-12-2 721768]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2009-12-2 269672]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2009-12-2 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2009-12-2 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-2 209768]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-8-2 47232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 HPAuto;HP Auto;C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-2-16 682040]
S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2011-10-22 36000]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2011-10-22 330912]
S3 btath_avdt;Atheros Bluetooth AVDT Service;C:\Windows\System32\drivers\btath_avdt.sys [2011-10-22 110240]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2011-10-22 167584]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2011-10-22 68256]
S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2011-10-22 280992]
S3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2011-10-22 521376]
S3 GamesAppIntegrationService;GamesAppIntegrationService;C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [2013-10-7 227904]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 RapportKE64;RapportKE64;C:\Windows\System32\drivers\RapportKE64.sys [2013-10-29 317808]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2013-3-18 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-9-2 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2014-05-16 15:36:47 70832 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-16 15:36:47 692400 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
.
============= FINISH: 20:24:56.77 ===============


GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-07-02 22:03:10
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000076 SAMSUNG_ rev.2AJ1 596.17GB
Running: lp6o2lk1.exe; Driver: C:\Users\Trevor\AppData\Local\Temp\ufdcrpob.sys

---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\MUI\StringCacheSettings@StringCacheGe neration 274
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\d0df9a0b2c17
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\d0df9a0b2c17 @d4206dc80ecc 0x14 0x34 0x27 0xA1 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\d0df9a0b2c17 @ec35861b0afb 0x95 0x1C 0x66 0x68 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\RapportCerberus_59849@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\RapportCerberus_59849
Reg HKLM\SYSTEM\CurrentControlSet\services\rdyboost\Parameters@ReadyBootPlanAge 1
Reg HKLM\SYSTEM\CurrentControlSet\services\rdyboost\Parameters@LastBootPlanUser Time ?Wed?, ?Jul ?02 ?14, 07:40:51 PM????????=??????????????????????
Reg HKLM\SYSTEM\CurrentControlSet\services\
Reg HKLM\SYSTEM\CurrentControlSet\services\@Parameters\0\x202e\x2764 820
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\d0df9a0b2c17 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\d0df9a0b2c17@d42 06dc80ecc 0x14 0x34 0x27 0xA1 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\d0df9a0b2c17@ec3 5861b0afb 0x95 0x1C 0x66 0x68 ...
Reg HKLM\SYSTEM\ControlSet002\services\ (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\@Parameters\0\x202e\x2764 820
---- EOF - GMER 2.1 ----


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:03:04 PM, on 02/07/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16490)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Users\Trevor\AppData\Roaming\Garmin\WINCE07.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\syswow64\dllhost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
c:\program files\internet explorer\iexplore
c:\program files\internet explorer\iexplore
c:\program files\internet explorer\iexplore
c:\program files\internet explorer\iexplore
c:\program files\internet explorer\iexplore
c:\program files\internet explorer\iexplore
C:\Program Files (x86)\Internet Explorer\iexplore.exe
c:\program files\internet explorer\iexplore
c:\program files\internet explorer\iexplore
c:\program files\internet explorer\iexplore
c:\program files\internet explorer\iexplore
c:\program files\internet explorer\iexplore
c:\program files\internet explorer\iexplore
c:\program files\internet explorer\iexplore
c:\program files\internet explorer\iexplore
c:\program files\internet explorer\iexplore
c:\program files\internet explorer\iexplore
c:\program files\internet explorer\iexplore
c:\program files\internet explorer\iexplore
c:\program files\internet explorer\iexplore
c:\program files\internet explorer\iexplore
c:\program files\internet explorer\iexplore
c:\program files\internet explorer\iexplore
c:\program files\internet explorer\iexplore
c:\program files\internet explorer\iexplore
C:\Users\Trevor\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/4
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/4
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON/4
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.5.0.28\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.5.0.28\IPS\IPSBHO.DLL
O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.5.0.28\coIEPlg.dll
O3 - Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - (no file)
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM\..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Trevor\AppData\Local\Google\Desktop\Install\{e313626d-c3f8-a3d2-b654-a9e5146b563d}\???\???\???\{e313626d-c3f8-a3d2-b654-a9e5146b563d}\GoogleUpdate.exe" >
O4 - HKCU\..\Run: [Apworks] regsvr32.exe C:\Users\Trevor\AppData\Local\Apworks\LFGIF13N.DLL
O4 - HKCU\..\Run: [GameServer707] "C:\Users\Trevor\AppData\Roaming\Garmin\WINCE07.exe"
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_13_0_0_214_ActiveX.exe -update activex
O4 - Startup: DECRYPT_INSTRUCTION.HTML
O4 - Startup: DECRYPT_INSTRUCTION.TXT
O4 - Startup: DECRYPT_INSTRUCTION.URL
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: intu-tt2012 - {02F985EF-502B-4597-993F-6BF9E004C138} - C:\Program Files (x86)\TurboTax 2012\ic2012pp.dll
O18 - Protocol: intu-tt2013 - {9FF5EC07-1645-43BF-828F-C73CFA7BC1AF} - C:\Program Files (x86)\TurboTax 2013\ic2013pp.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GamesAppIntegrationService - WildTangent - C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Auto (HPAuto) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
O23 - Service: HP Connection Manager 4.0 Service (hpCMSrv) - Hewlett-Packard Development Company L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files (x86)\Norton 360\Engine\20.5.0.28\ccSvcHst.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZAtheros Bt&Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
--
End of file - 13340 bytes

There is not enough information to begin solving this problem.
It's of course possible that friend's computer is infected with some virus or trajan, and that is causing the problem.
For help with that, your friend should follow the directions above, "Everyone must read this..." and post a new thread with the logs.

Be aware that some e-mail providers have been hacked by outsiders, stealing usernames and passwords.
In that case, the User is not necessarily at fault.
Yahoo mail, for example, has been victimized by hackers in the past.
Changing e-mail providers may be required.
Some articles:
http://www.huffingtonpost.com/2013/0...n_3366259.html
http://arstechnica.com/security/2013...s-hack-attack/

Omiga plus is Adware and should be removed.


Please run these scans in the order listed:

SCAN 1
Click on this link to download : ADWCleaner Click on the Download Now button and save it to your desktop.

NOTE: If using Internet Explorer and you get an alert that stops the program downloading click on Tools > Smartscreen Filter > Turn off Smartscreen Filter then click on OK in the box that opens. Then click on the link again.

Close your browser and double click on this icon on your desktop:

You will then see the screen below, click on the Scan button (as indicated), accept any prompts that appear and allow it to run, it may take several minutes to complete, when it is done click on the Clean button, accept any prompts that appear and allow the system to reboot. You will then be presented with the report, Copy & Paste it into your next post.

NOTE: If for any reason the report does not appear, open Windows Explorer and click on the C: drive in the left pane, in the right pane you should find a new folder called Adwcleaner, double click on it and you will see the saved logs. Find the log that has a number in brackets starting with an S NOT R, similar to this: Adwcleaner[S1], double click on the one with the highest number and the log will open, Copy & Paste it into your reply.




SCAN 2
Please download Farbar Recovery Scan Tool (FRST) and save it to your desktop. Do not get tempted to download and use any other software that may be advertised on the page.

Note: If you get a warning that the download could harm your system, please ignore it and allow the download to go ahead. FRST is perfectly safe and we would never ask you to download anything that isn't.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Double-click on FRST to run it. When the tool opens click Yes to the disclaimer.
• Press the Scan button. DO NOT check any of the Optional Scan options unless requested.
• It will make a log (FRST.txt) in the same directory the tool is run from. Please copy and paste it into your next reply.
• The first time the tool is run, it makes another log (Addition.txt). Please also copy and paste that into your reply.

As there has been no response for 10 days I am marking this thread as Solved.

You can still post here if you require further assistance, but after a while the thread will automatically be closed.

In our NWA Office...this computer got trashed with adware, junk, just bad stuff...I've got a lot off of it but some of it is hanging on pretty good...any help would be greatly appreciated...



HJT LOG

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 11:00:51 PM, on 7/3/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17126)


Boot mode: Normal

Running processes:
C:\Program Files (x86)\Fieldston Software\gSyncit\gsyncit.exe
C:\Program Files (x86)\Citrix\GoToAssist Remote Support Expert\715\g2ax_start.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Citrix\GoToAssist Remote Support Expert\715\g2ax_comm_expert.exe
C:\Program Files (x86)\Citrix\GoToAssist Remote Support Expert\715\g2ax_user_expert.exe
C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\715\g2ax_user_customer.exe
C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBWebConnector\QBWebConnector.exe
C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe
C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
C:\Program Files (x86)\Seiko Instruments USA Inc\Smart Label Printer 7.0.5\slpcap.exe
C:\Program Files (x86)\TechSmith\Snagit 9\Snagit32.exe
C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
C:\Program Files (x86)\Open JDK Explorer\ywnmon32.exe
C:\Users\Sharon\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe
C:\Users\Sharon\AppData\Local\SevereWeatherAlerts\SevereWeatherAlertsApp.ex e
C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
C:\Program Files (x86)\TechSmith\Snagit 9\TSCHelp.exe
C:\Program Files (x86)\TechSmith\Snagit 9\SnagPriv.exe
C:\Program Files (x86)\Microsoft\BingDesktop\BDExtHost.exe
C:\Program Files (x86)\Microsoft\BingDesktop\BDAppHost.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe
C:\Program Files (x86)\TechSmith\Snagit 9\snagiteditor.exe
C:\Program Files (x86)\Microsoft\BingDesktop\BDSurrogateHost.exe
C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
C:\Windows\sysWow64\SearchProtocolHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Sharon\Downloads\HijackThis.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Sharon\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13-comm.msn.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:8118;https=127.0.0.1:8118
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitBHO.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll
O2 - BHO: (no name) - {11111111-1111-1111-1111-110311281150} - (no file)
O2 - BHO: (no name) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - (no file)
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll
O2 - BHO: PasswordBox Helper - {5DB69B97-934B-451D-94DB-32EF802A01CD} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
O2 - BHO: (no name) - {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitIEAddin.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
O4 - HKLM\..\Run: [Bill & Pay Desktop Manager] C:\Program Files (x86)\Bill & Pay\bpdm.exe -M
O4 - HKLM\..\Run: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
O4 - HKLM\..\Run: [Fitbit Connect] "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun
O4 - HKLM\..\Run: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey
O4 - HKLM\..\Run: [CanonQuickMenu] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
O4 - HKLM\..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe
O4 - HKLM\..\Run: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe
O4 - HKLM\..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
O4 - HKLM\..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
O4 - HKLM\..\Run: [Windows YWN Monitor] C:\Program Files (x86)\Open JDK Explorer\ywnmon32.exe
O4 - HKLM\..\Run: [ywnmon32] C:\Program Files (x86)\Open JDK Explorer\ywnmon32.exe
O4 - HKLM\..\Run: [SaferBrowser] "C:\Program Files (x86)\SaferBrowser\SaferBrowser.exe"
O4 - HKCU\..\Run: [gSyncit] C:\Program Files (x86)\Fieldston Software\gSyncit\gsyncit.exe
O4 - HKCU\..\Run: [GoToAssist Remote Support Expert] "C:\Program Files (x86)\Citrix\GoToAssist Remote Support Expert\715\g2ax_start.exe" "/Trigger RunAtLogon"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Sharon\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Adobe Acrobat Synchronizer] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe"
O4 - HKCU\..\Run: [Onehub] C:\Program Files (x86)\Onehub\Onehub Sync\OnehubSync.exe
O4 - HKCU\..\Run: [HP Deskjet 3520 series (NET)] "C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN2581G0Q205SY:NW" -scfn "HP Deskjet 3520 series (NET)" -AutoStart 1
O4 - HKCU\..\Run: [DellSystemDetect] C:\Users\Sharon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Fitbit Connect] "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_79D6017B63550E610693B2552ABAD9A2] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
O4 - HKCU\..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2257791661-1415647857-1975798410-1006\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'QBDataServiceUser24')
O4 - HKUS\S-1-5-21-2257791661-1415647857-1975798410-1006\..\Run: [Onehub] C:\Program Files (x86)\Onehub\Onehub Sync\OnehubSync.exe (User 'QBDataServiceUser24')
O4 - HKUS\S-1-5-21-2257791661-1415647857-1975798410-1006\..\Run: [HP Deskjet 3520 series (NET)] "C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN2581G0Q205SY:NW" -scfn "HP Deskjet 3520 series (NET)" -AutoStart 1 (User 'QBDataServiceUser24')
O4 - HKUS\S-1-5-21-2257791661-1415647857-1975798410-1006\..\Run: [DellSystemDetect] C:\Users\QBDataServiceUser24\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms (User 'QBDataServiceUser24')
O4 - HKUS\S-1-5-21-2257791661-1415647857-1975798410-1006\..\Run: [Browser Infrastructure Helper] C:\Users\QBDataServiceUser24\AppData\Local\Smartbar\Application\QuickShare. exe startup (User 'QBDataServiceUser24')
O4 - HKUS\S-1-5-21-2257791661-1415647857-1975798410-1006\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'QBDataServiceUser24')
O4 - HKUS\S-1-5-21-2257791661-1415647857-1975798410-1007\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'QBDataServiceUser22')
O4 - HKUS\S-1-5-21-2257791661-1415647857-1975798410-1007\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'QBDataServiceUser22')
O4 - HKUS\S-1-5-21-2257791661-1415647857-1975798410-1012\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'QBDataServiceUser23')
O4 - HKUS\S-1-5-21-2257791661-1415647857-1975798410-1012\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'QBDataServiceUser23')
O4 - HKUS\S-1-5-18\..\RunOnce: [SpUninstallDeleteDir] rmdir /s /q "\SearchProtect" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SpUninstallDeleteDir] rmdir /s /q "\SearchProtect" (User 'Default user')
O4 - Startup: Dropbox.lnk = Sharon\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
O4 - Startup: Monitor Ink Alerts - .lnk = ?
O4 - Startup: Severe Weather Alerts App.lnk = Sharon\AppData\Local\SevereWeatherAlerts\SevereWeatherAlertsApp.exe
O4 - Startup: Severe Weather Alerts.lnk = Sharon\AppData\Local\SevereWeatherAlerts\SevereWeatherAlerts.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Intuit Data Protect.lnk = C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
O4 - Global Startup: QuickBooks
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: QuickBooks Web Connector.lnk = C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBWebConnector\QBWebConnector.exe
O4 - Global Startup: QuickBooks_Standard_21.lnk = C:\Program Files (x86)\Intuit\QuickBooks 2013\QBW32.EXE
O4 - Global Startup: SmartCapture.lnk = C:\Program Files (x86)\Seiko Instruments USA Inc\Smart Label Printer 7.0.5\slpcap.exe
O4 - Global Startup: Snagit 9.lnk = C:\Program Files (x86)\TechSmith\Snagit 9\Snagit32.exe
O4 - Global Startup: ywnmon32.exe.lnk = C:\Program Files (x86)\Open JDK Explorer\ywnmon32.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Clip image - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4
O8 - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3
O8 - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1
O8 - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: New note - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html
O8 - Extra context menu item: Open with PDF Viewer Plus - res://C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe
O9 - Extra 'Tools' menuitem: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.dell.com
O18 - Protocol: intu-help-qb3 - {C5E479EA-0A65-4B05-8C6C-2FC8CC682EB4} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll
O18 - Protocol: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files (x86)\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll
O18 - Protocol: intu-help-qb5 - {867FCB77-9823-4CD6-8210-D85F968D466F} - C:\Program Files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll
O18 - Protocol: intu-help-qb6 - {6898B29B-BF49-43CB-A0B1-D0B9496AF491} - C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 13.0\HelpAsyncPluggableProtocol.dll
O18 - Protocol: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - C:\Program Files (x86)\Intuit\QuickBooks 2014\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbpos - {662E7FAE-5C17-491C-AD9D-98C1F66CC6A0} - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBPOSProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files (x86)\Browny02\BrYNSvc.exe
O23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Fitbit Connect Service (Fitbit Connect) - Fitbit, Inc. - C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
O23 - Service: GoToAssist Remote Support Customer - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\715\g2ax_service.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) PROSet Monitoring Service - Unknown owner - C:\Windows\system32\IProsetMonitor.exe (file missing)
O23 - Service: Intuit Entitlement Service v8 - Intuit, Inc. - C:\Program Files (x86)\Common Files\Intuit\Entitlement Client\v8\Server\Intuit.Spc.Map.EntitlementClient.Server.Service.exe
O23 - Service: Intuit Update Service v4 (IntuitUpdateServiceV4) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PasswordBox - PasswordBox, Inc. - C:\Program Files (x86)\PasswordBox\pbbtnService.exe
O23 - Service: PDFProFiltSrvPP - Nuance Communications, Inc. - C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: QBPOS Database Manager v11 (QBPOSDBServiceV11) - Intuit Inc. - C:\Program Files (x86)\Intuit\QuickBooks Point of Sale 11.0\DatabaseServer\QBPOSDBService.exe
O23 - Service: QBIDPService (QBVSS) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
O23 - Service: QuickBooksDB22 - Intuit, Inc. - C:\PROGRA~2\Intuit\QUICKB~3\QBDBMgrN.exe
O23 - Service: QuickBooksDB23 - Intuit, Inc. - C:\PROGRA~2\Intuit\QUICKB~1\QBDBMgrN.exe
O23 - Service: QuickBooksDB24 - Intuit, Inc. - C:\PROGRA~2\Intuit\QU715F~1\QBDBMgrN.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SystemUpdatekb70007 - Unknown owner - C:\Windows\Microsoft\SystemUpdatekb70007\WindowsUpdater.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: DW WLAN Tray Service (wltrysvc) - Dell Inc. - C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 29234 bytes



DDS LOG

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17126 BrowserJavaVersion: 10.51.2
Run by Sharon at 23:14:30 on 2014-07-03
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8146.4134 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\715\g2ax_service.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files (x86)\Common Files\Intuit\Entitlement Client\v8\Server\Intuit.Spc.Map.EntitlementClient.Server.Service.exe
C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\dell\DBRM\Reminder\DbrmTrayicon.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
C:\Program Files (x86)\Fieldston Software\gSyncit\gsyncit.exe
C:\Program Files (x86)\Citrix\GoToAssist Remote Support Expert\715\g2ax_start.exe
C:\Program Files (x86)\Onehub\Onehub Sync\OnehubSync.exe
C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Citrix\GoToAssist Remote Support Expert\715\g2ax_comm_expert.exe
C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\715\g2ax_comm_customer.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files (x86)\Citrix\GoToAssist Remote Support Expert\715\g2ax_user_expert.exe
C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\715\g2ax_system_customer.exe
C:\Users\Sharon\AppData\Local\Apps\2.0\O430V8TO.259\WBCZN3A7.YT8\dell..tion _0f612f649c4a10af_0005.0004_3ddfe37344028d2c\DellSystemDetect.exe
C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\715\g2ax_user_customer.exe
C:\Program Files (x86)\PasswordBox\pbbtnService.exe
C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe
C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
C:\Program Files (x86)\Intuit\QuickBooks Point of Sale 11.0\DatabaseServer\QBPOSDBService.exe
C:\Program Files (x86)\Intuit\QuickBooks Point of Sale 11.0\DatabaseServer\QBDBMgrN10.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBWebConnector\QBWebConnector.exe
C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe
C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
C:\Program Files (x86)\Seiko Instruments USA Inc\Smart Label Printer 7.0.5\slpcap.exe
C:\Program Files (x86)\TechSmith\Snagit 9\Snagit32.exe
C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\Microsoft\SystemUpdatekb70007\WindowsUpdater.exe
C:\Program Files (x86)\Open JDK Explorer\ywnmon32.exe
C:\Users\Sharon\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Users\Sharon\AppData\Local\SevereWeatherAlerts\SevereWeatherAlertsApp.ex e
C:\Users\Sharon\AppData\Local\SevereWeatherAlerts\SevereWeatherAlerts.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
C:\Program Files (x86)\TechSmith\Snagit 9\TSCHelp.exe
C:\Program Files (x86)\TechSmith\Snagit 9\SnagPriv.exe
C:\Program Files (x86)\Microsoft\BingDesktop\BDExtHost.exe
C:\Program Files (x86)\MSR\Privoxy\privoxy.exe
C:\Program Files (x86)\Microsoft\BingDesktop\BDAppHost.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\TechSmith\Snagit 9\snagiteditor.exe
C:\Program Files (x86)\Browny02\BrYNSvc.exe
C:\Windows\system32\SearchIndexer.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\splwow64.exe
C:\Program Files (x86)\Microsoft\BingDesktop\BDSurrogateHost.exe
C:\PROGRA~2\Intuit\QUICKB~3\QBDBMgrN.exe
C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\PROGRA~2\Intuit\QUICKB~1\QBDBMgrN.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\PROGRA~2\Intuit\QU715F~1\QBDBMgrN.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
C:\Windows\system32\wuauclt.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\sysWow64\SearchProtocolHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Sharon\Downloads\HijackThis.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Sharon\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://dell13-comm.msn.com
uProxyServer = hxxp=127.0.0.1:8118;https=127.0.0.1:8118
mWinlogon: Userinit = userinit.exe
BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitBHO.dll
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll
BHO: {11111111-1111-1111-1111-110311281150} - <orphaned>
BHO: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - <orphaned>
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: PlusIEEventHelper Class: {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll
BHO: {5DB69B97-934B-451D-94DB-32EF802A01CD} - <orphaned>
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
BHO: {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} - <orphaned>
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitIEAddin.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
EB: F12 Developer Tools: {28BCCB9A-E66B-463C-82A4-09F320DE94D7} - C:\Program Files (x86)\Internet Explorer\F12Tools.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [gSyncit] C:\Program Files (x86)\Fieldston Software\gSyncit\gsyncit.exe
uRun: [GoToAssist Remote Support Expert] "C:\Program Files (x86)\Citrix\GoToAssist Remote Support Expert\715\g2ax_start.exe" "/Trigger RunAtLogon"
uRun: [Google Update] "C:\Users\Sharon\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Adobe Acrobat Synchronizer] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe"
uRun: [Onehub] C:\Program Files (x86)\Onehub\Onehub Sync\OnehubSync.exe
uRun: [HP Deskjet 3520 series (NET)] "C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN2581G0Q205SY:NW" -scfn "HP Deskjet 3520 series (NET)" -AutoStart 1
uRun: [DellSystemDetect] C:\Users\Sharon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [Fitbit Connect] "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun
uRun: [GoogleChromeAutoLaunch_79D6017B63550E610693B2552ABAD9A2] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
uRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
mRun: [Bill & Pay Desktop Manager] C:\Program Files (x86)\Bill & Pay\bpdm.exe -M
mRun: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
mRun: [Fitbit Connect] "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun
mRun: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey
mRun: [CanonQuickMenu] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
mRun: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
mRun: [IndexSearch] "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe"
mRun: [PaperPort PTD] "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe"
mRun: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe
mRun: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe
mRun: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
mRun: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
mRun: [Windows YWN Monitor] C:\Program Files (x86)\Open JDK Explorer\ywnmon32.exe
mRun: [ywnmon32] C:\Program Files (x86)\Open JDK Explorer\ywnmon32.exe
mRun: [SaferBrowser] "C:\Program Files (x86)\SaferBrowser\SaferBrowser.exe"
mRun: [t4pc_en_8] <no file>
dRunOnce: [SpUninstallDeleteDir] rmdir /s /q "\SearchProtect"
StartupFolder: C:\Users\Sharon\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ Dropbox.lnk - C:\Users\Sharon\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Sharon\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
StartupFolder: C:\Users\Sharon\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ MONITO~1.LNK - C:\Windows\System32\RunDll32.exe
StartupFolder: C:\Users\Sharon\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ SEVERE~2.LNK - C:\Users\Sharon\AppData\Local\SevereWeatherAlerts\SevereWeatherAlertsApp.ex e
StartupFolder: C:\Users\Sharon\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ SEVERE~1.LNK - C:\Users\Sharon\AppData\Local\SevereWeatherAlerts\SevereWeatherAlerts.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INTUIT~1.LNK - C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~2.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~3.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBWebConnector\QBWebConnector.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Intuit\QuickBooks 2013\QBW32.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SMARTC~1.LNK - C:\Program Files (x86)\Seiko Instruments USA Inc\Smart Label Printer 7.0.5\slpcap.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAGIT~1.LNK - C:\Program Files (x86)\TechSmith\Snagit 9\Snagit32.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\YWNMON~1.LNK - C:\Program Files (x86)\Open JDK Explorer\ywnmon32.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1\EXCHAN~1.LN K - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBWebConnector\QBWebConnector.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Clip image - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4
IE: Clip selection - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1
IE: Clip URL - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: New note - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html
IE: Open with PDF Viewer Plus - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
Trusted Zone: dell.com
TCP: NameServer = 192.168.1.254 192.168.0.1
TCP: Interfaces\{1937C7F0-C6AF-452B-A8A9-367DE7CFFD00} : DHCPNameServer = 192.168.1.254 192.168.0.1
TCP: Interfaces\{1937C7F0-C6AF-452B-A8A9-367DE7CFFD00}\34963736F65323432303 : DHCPNameServer = 192.168.1.254 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll
Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files (x86)\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll
Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll
Handler: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 13.0\HelpAsyncPluggableProtocol.dll
Handler: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - C:\Program Files (x86)\Intuit\QuickBooks 2014\HelpAsyncPluggableProtocol.dll
Handler: qbpos - {662E7FAE-5C17-491C-AD9D-98C1F66CC6A0} - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBPOSProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 9\DLLx64\SnagitBHO64.dll
x64-BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll
x64-TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
x64-TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe
x64-Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [DBRMTray] C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [CDAServer] C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
x64-RunOnce: [DBRMTray] C:\Dell\DBRM\Reminder\TrayApp.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\AddNote.html
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - <orphaned>
x64-Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - <orphaned>
x64-Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - <orphaned>
x64-Handler: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - <orphaned>
x64-Handler: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - <orphaned>
x64-Handler: qbpos - {662E7FAE-5C17-491C-AD9D-98C1F66CC6A0} - <orphaned>
x64-Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: GoToAssist Express Customer - C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\715\g2ax_winlogonx64.dll
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2013-11-2 20464]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
R1 {6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw64;{6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw64;C:\Windows\System32\drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw64.sys [2014-7-3 61112]
R1 {9d5747ee-0448-4681-8337-1555de75a3b6}Gw64;{9d5747ee-0448-4681-8337-1555de75a3b6}Gw64;C:\Windows\System32\drivers\{9d5747ee-0448-4681-8337-1555de75a3b6}Gw64.sys [2014-7-3 61120]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-9-20 50464]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-1-26 204288]
R2 BingDesktopUpdate;Bing Desktop Update service;C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2014-6-3 173792]
R2 Fitbit Connect;Fitbit Connect Service;C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [2014-1-10 1435680]
R2 GoToAssist Remote Support Customer;GoToAssist Remote Support Customer;C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\715\g2ax_service.exe [2014-6-19 610888]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-1-26 13632]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-8-27 747520]
R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2013-1-26 189608]
R2 Intuit Entitlement Service v8;Intuit Entitlement Service v8;C:\Program Files (x86)\Common Files\Intuit\Entitlement Client\v8\Server\Intuit.Spc.Map.EntitlementClient.Server.Service.exe [2011-12-23 24680]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2013-1-26 169432]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 133928]
R2 PasswordBox;PasswordBox;C:\Program Files (x86)\PasswordBox\pbbtnService.exe [2014-5-14 67584]
R2 PDFProFiltSrvPP;PDFProFiltSrvPP;C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2011-8-2 145256]
R2 QBPOSDBServiceV11;QBPOS Database Manager v11;C:\Program Files (x86)\Intuit\QuickBooks Point of Sale 11.0\DatabaseServer\QBPOSDBService.exe [2014-2-21 3133440]
R2 QBVSS;QBIDPService;C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2012-8-18 1248256]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2014-1-31 1153368]
R2 SSPORT;SSPORT;C:\Windows\System32\drivers\SSPORT.SYS [2011-9-23 11576]
R2 SystemUpdatekb70007;SystemUpdatekb70007;C:\Windows\Microsoft\SystemUpdatekb 70007\WindowsUpdater.exe [2014-7-3 18944]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-1-26 95248]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE [2014-3-11 247968]
R3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2014-6-26 266240]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2013-11-2 358896]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2013-11-2 792560]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2013-1-3 79240]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2013-1-3 15752]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\System32\drivers\nx6000.sys [2010-12-2 31744]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
R3 QuickBooksDB22;QuickBooksDB22;C:\PROGRA~2\Intuit\QUICKB~3\QBDBMgrN.exe -hvQuickBooksDB22 --> C:\PROGRA~2\Intuit\QUICKB~3\QBDBMgrN.exe -hvQuickBooksDB22 [?]
R3 QuickBooksDB23;QuickBooksDB23;C:\PROGRA~2\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB23 --> C:\PROGRA~2\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB23 [?]
R3 QuickBooksDB24;QuickBooksDB24;C:\PROGRA~2\Intuit\QU715F~1\QBDBMgrN.exe -hvQuickBooksDB24 --> C:\PROGRA~2\Intuit\QU715F~1\QBDBMgrN.exe -hvQuickBooksDB24 [?]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE [2014-3-11 193696]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 BrSerIb;Brother Serial Interface Driver(WDM);C:\Windows\System32\drivers\BrSerIb.sys [2012-7-31 95344]
S3 BrUsbSIb;Brother Serial USB Driver(WDM);C:\Windows\System32\drivers\BrUsbSib.sys [2012-6-21 21872]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-6-11 111616]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-8-27 828376]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [2014-4-9 289256]
S3 netvsc;netvsc;C:\Windows\System32\drivers\netvsc60.sys [2010-11-21 168448]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-2-8 19456]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 SynthVid;SynthVid;C:\Windows\System32\drivers\VMBusVideoM.sys [2010-11-21 22528]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-2-8 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-2-8 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-2-8 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-07-04 03:47:30 -------- d-----w- C:\Program Files (x86)\MSR
2014-07-04 03:43:33 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
2014-07-04 03:42:34 -------- d-----w- C:\AdwCleaner
2014-07-04 03:27:30 -------- d-----w- C:\Program Files\CCleaner
2014-07-04 02:25:07 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1F614C6F-5E88-4F11-ACFF-77EE11FDBEAC}\offreg.dll
2014-07-04 02:23:19 -------- d-----w- C:\Windows\Microsoft
2014-07-04 02:19:16 410624 ----a-w- C:\Users\Sharon\AppData\Local\CompTmp.exe
2014-07-04 01:14:24 1031560 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0C172748-4111-44FA-B944-A3146E73DE69}\gapaengine.dll
2014-07-04 01:14:11 10779000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1F614C6F-5E88-4F11-ACFF-77EE11FDBEAC}\mpengine.dll
2014-07-03 18:26:12 61112 ----a-w- C:\Windows\System32\drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw64.sys
2014-07-03 18:13:51 623720 ----a-w- C:\Users\Sharon\AppData\Local\nsf7E9B.tmp
2014-07-03 17:57:22 61120 ----a-w- C:\Windows\System32\drivers\{9d5747ee-0448-4681-8337-1555de75a3b6}Gw64.sys
2014-07-03 17:14:53 -------- d-----w- C:\Users\Sharon\AppData\Local\Rocket
2014-07-03 17:14:05 -------- d-----w- C:\Program Files (x86)\Driver Service Manager
2014-07-03 16:59:30 -------- d-----w- C:\Program Files (x86)\Open JDK Explorer
2014-07-03 16:57:38 -------- d-----w- C:\Users\Sharon\AppData\Local\Weather_Notifications,_LL
2014-07-03 16:57:36 -------- d-----w- C:\Users\Sharon\AppData\Local\SevereWeatherAlerts
2014-07-03 16:51:48 -------- d-----w- C:\ProgramData\SearchModule
2014-07-03 16:51:35 -------- d-----w- C:\Program Files\Common Files\Goobzo
2014-07-03 16:50:36 -------- d-----w- C:\Users\Sharon\AppData\Local\CrashRpt
2014-07-02 22:59:43 10779000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-06-27 03:00:09 -------- d-----w- C:\Users\Sharon\AppData\Roaming\PC-FAX TX
2014-06-26 22:50:37 -------- d-----w- C:\Users\Sharon\AppData\Roaming\ControlCenter4
2014-06-23 22:25:07 -------- d-----r- C:\Users\Sharon\AppData\Roaming\Brother
2014-06-23 02:09:34 -------- d-----w- C:\Users\Sharon\AppData\Roaming\FLEXnet
2014-06-23 01:48:15 -------- d-----w- C:\Program Files (x86)\ControlCenter4
2014-06-23 01:48:14 312832 ------w- C:\Windows\System32\BrFaxTxAppRun64.dll
2014-06-23 01:48:14 -------- d-----w- C:\ProgramData\PCFaxTx
2014-06-23 01:44:50 -------- d-----w- C:\ProgramData\zeon
2014-06-23 01:43:35 -------- d-----w- C:\Program Files (x86)\Common Files\ScanSoft Shared
2014-06-23 01:31:06 -------- d-----w- C:\Program Files\Nuance
2014-06-23 01:24:47 -------- d-----w- C:\Users\Sharon\AppData\Roaming\Nuance
2014-06-23 01:23:45 -------- d-----w- C:\Program Files (x86)\Nuance
2014-06-23 01:19:07 -------- d-----w- C:\ProgramData\Brother
2014-06-19 08:26:23 169544 ----a-w- C:\Windows\System32\g2ax_credential_provider64_715.dll
2014-06-11 06:12:37 506368 ----a-w- C:\Windows\System32\aepdu.dll
2014-06-11 06:12:36 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-06-06 07:05:59 -------- d-----w- C:\6 Payroll Classes
.
==================== Find3M ====================
.
2014-06-02 11:43:10 50464 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2014-05-30 10:02:37 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-05-30 10:02:09 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-05-30 09:39:43 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-05-30 09:39:23 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-05-30 09:38:29 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-05-30 09:21:23 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-05-30 09:21:05 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-05-30 09:20:36 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-05-30 09:11:24 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-05-30 09:08:22 5782528 ----a-w- C:\Windows\System32\jscript9.dll
2014-05-30 09:02:39 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-05-30 08:55:36 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-05-30 08:44:28 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-05-30 08:43:06 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-05-30 08:42:16 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-05-30 08:28:33 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-05-30 08:27:56 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-05-30 08:24:19 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-05-30 08:23:22 2040832 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-05-30 08:10:46 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-05-30 07:56:56 2266112 ----a-w- C:\Windows\System32\wininet.dll
2014-05-30 07:56:50 4244992 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-05-30 07:50:09 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-05-30 07:49:38 1964544 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-05-30 07:21:10 1790976 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-05-13 21:34:37 70832 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-13 21:34:37 692400 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-05-08 09:32:11 3178496 ----a-w- C:\Windows\System32\rdpcorets.dll
2014-05-08 09:32:11 16384 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll
2014-05-08 05:30:13 249856 ------w- C:\Windows\Setup1.exe
2014-05-08 05:30:11 73216 ----a-w- C:\Windows\ST6UNST.EXE
2014-05-02 06:29:52 1536 ----a-w- C:\Windows\SysWow64\RtkMsgs.dll
2014-04-25 02:34:59 801280 ----a-w- C:\Windows\System32\usp10.dll
2014-04-25 02:06:17 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
2014-04-15 07:34:10 1070232 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2014-04-12 02:22:05 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2014-04-12 02:22:05 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-04-12 02:19:38 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2014-04-12 02:19:38 136192 ----a-w- C:\Windows\System32\sspicli.dll
2014-04-12 02:19:37 28160 ----a-w- C:\Windows\System32\secur32.dll
2014-04-12 02:19:32 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-04-12 02:19:05 31232 ----a-w- C:\Windows\System32\lsass.exe
2014-04-12 02:12:06 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-04-12 02:10:56 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
.
============= FINISH: 23:15:06.66 ===============


ATTACH

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 2/8/2013 1:00:39 AM
System Uptime: 7/3/2014 10:45:36 PM (1 hours ago)
.
Motherboard: Dell Inc. | | 0M9KCM
Processor: Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz | CPU 1 | 3401/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 913 GiB total, 754.747 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
K: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description:
Device ID: ROOT\PRINTER\0002
Manufacturer:
Name:
PNP Device ID: ROOT\PRINTER\0002
Service:
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Teredo Tunneling Adapter
Device ID: ROOT\*TEREDO\0000
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TEREDO\0000
Service: tunnel
.
==== System Restore Points ===================
.
RP476: 6/29/2014 3:00:10 AM - Windows Update
RP477: 6/30/2014 3:00:10 AM - Windows Update
RP478: 7/1/2014 3:00:10 AM - Windows Update
RP479: 7/2/2014 1:26:59 AM - Dell Updates
RP480: 7/2/2014 3:00:10 AM - Windows Update
RP481: 7/3/2014 3:00:10 AM - Windows Update
RP482: 7/3/2014 9:14:58 PM - Windows Update
RP483: 7/3/2014 9:29:49 PM - Windows Update
.
==== Installed Programs ======================
.
64 Bit HP CIO Components Installer
7-Zip 9.20 (x64 edition)
Adobe Acrobat X Standard - English, Français, Deutsch
Adobe Creative Cloud
Adobe Flash Player 13 ActiveX
Adobe InDesign CC
Adobe Reader XI (11.0.07)
AIO_Scan
AMD APP SDK Runtime
AMD Catalyst Install Manager
Bill & Pay Desktop Manager
Bing Bar
Bing Desktop
Brother MFL-Pro Suite MFC-J4510DW
BufferChm
Canon Easy-WebPrint EX
Canon IJ Network Scanner Selector EX
Canon IJ Network Tool
Canon IJ Scan Utility
Canon MX470 series MP Drivers
Canon MX470 series On-screen Manual
Canon MX470 series User Registration
Canon My Image Garden
Canon My Image Garden Design Files
Canon My Printer
Canon Quick Menu
Canon Speed Dial Utility
Carbonite
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
Catalyst Control Center Profiles Desktop
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Cisco Connect
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Cisco WebEx Meetings
Citrix Online Launcher
Common Desktop Agent
Contents
Copy
Corel VideoStudio Ultimate X5
Coupon Printer for Windows
CutePDF Writer 3.0
D3DX10
Data Transfer Utility 12
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell B1160w Mono Laser Printer
Dell Backup and Recovery Manager
Dell Client System Update
Dell Edoc Viewer
Dell System Detect
Dell System Detect Bootstrapper
Destinations
DeviceDiscovery
DJ_AIO_Software
DJ_AIO_Software_min
Dropbox
DW WLAN Card Utility
eReg
Evernote v. 5.4
Fitbit Connect
Google Chrome
Google Talk Plugin
Google Update Helper
GoToAssist Customer 2.1.0.715
GoToAssist Expert 2.1.0.715
GoToAssist Unattended Customer 1.6.0.461
GoToMeeting 6.3.0.1440
GPBaseService2
gSyncit
HP Customer Participation Program 13.0
HP Deskjet 3520 series Basic Device Software
HP Deskjet 3520 series Help
HP Deskjet 3520 series Product Improvement Study
HP Deskjet 3520 series Setup Guide
HP Deskjet All-In-One Driver Software 13.0 Rel. 1
HP FWUpdateEDO2
HP Imaging Device Functions 13.0
HP Officejet Pro 8500 A910 Basic Device Software
HP Officejet Pro 8500 A910 Help
HP Photo Creations
HP Photosmart Essential 3.5
HP Product Detection
HP Smart Web Printing 4.51
HP Solution Center 13.0
HP Update
HPDiagnosticAlert
HPPhotoGadget
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPProductAssistant
HPSSupply
I.R.I.S. OCR
ICA
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Network Connections 16.8.45.00
Intel(R) Rapid Storage Technology
Intel(R) USB 3.0 eXtensible Host Controller Driver
Intel® Trusted Connect Service Client
IPM_VS_Pro
ISCOM
Java 7 Update 51
Java Auto Updater
join.me
Junk Mail filter update
Logitech SetPoint 6.52
MagTek USBMSR Demo
MarketResearch
Marketsplash Shortcuts
McAfee Security Scan Plus
Media Player
Mesh Runtime
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Corporation
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2758694)
Nuance PaperPort 12
Nuance PDF Viewer Plus
Onehub Sync
PaperPort Image Printer 64-bit
PDF Settings CC
Printatree
QBWebConnector
QuickBooks
QuickBooks Enterprise Solutions: Accountant Edition 13.0
QuickBooks Point of Sale 2013
QuickBooks Premier: Accountant Edition 2010
QuickBooks Premier: Accountant Edition 2011
QuickBooks Premier: Accountant Edition 2012
QuickBooks Premier: Accountant Edition 2013
QuickBooks Premier: Accountant Edition 2014
QuickBooks Runtime Redistributable
QuickBooks Statement Writer 2012
QuickBooks Statement Writer 2013
Realtek High Definition Audio Driver
Scan
Scansoft PDF Professional
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2767915) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2810073) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2878284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Setup
Setup AP
Severe Weather Alerts
Share
Share64
Shop for HP Supplies
Smart Label Printer 7.0.5
SmartSound Common Data
SmartSound Quicktracks 5
SmartWebPrinting
Snagit 9.1.3
SolutionCenter
Spybot - Search & Destroy
Status
System Update kb70007
TimeTrax Elite
TimeTrax Sync
Toolbox
TrayApp
UnloadSupport
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition
Video Player
Visual Studio 2005 Tools for Office Second Edition Runtime
Visual Studio Tools for the Office system 3.0 Runtime
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258)
VSClassic
VSHelp
VSUltimate
Webexp Enhanced
WebReg
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Encoder 9 Series
Yahoo! Toolbar
YouSendIt Plug-in for Outlook
.
==== Event Viewer Messages From Past Week ========
.
7/3/2014 9:54:42 PM, Error: Schannel [36888] - The following fatal alert was generated: 43. The internal error state is 252.
7/3/2014 9:48:03 PM, Error: Service Control Manager [7000] - The VO Service component service failed to start due to the following error: The system cannot find the file specified.
7/3/2014 9:47:57 PM, Error: Service Control Manager [7000] - The MSCamSvc service failed to start due to the following error: The system cannot find the file specified.
7/3/2014 9:43:26 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
7/3/2014 9:33:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
7/3/2014 9:33:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
7/3/2014 9:33:08 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/3/2014 9:33:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service CarboniteService with arguments "" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666}
7/3/2014 9:33:03 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\bcmihvsrv64.dll Error Code: 21
7/3/2014 9:33:01 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache MpFilter spldr vpcvmm Wanarpv6
7/3/2014 9:33:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
7/3/2014 9:32:50 PM, Error: Service Control Manager [7001] - The Microsoft Network Inspection System service depends on the Microsoft Malware Protection Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/3/2014 9:23:45 PM, Error: Service Control Manager [7034] - The vToolbarUpdater18.1.7 service terminated unexpectedly. It has done this 1 time(s).
7/3/2014 9:23:45 PM, Error: Service Control Manager [7034] - The SystemUpdatekb70007 service terminated unexpectedly. It has done this 1 time(s).
7/3/2014 9:23:45 PM, Error: Service Control Manager [7034] - The Bing Desktop Update service service terminated unexpectedly. It has done this 1 time(s).
7/3/2014 9:15:17 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070490: Hewlett-Packard - Imaging - Null Print - HP Deskjet 3520 series.
7/3/2014 9:01:54 PM, Error: Service Control Manager [7034] - The Intel(R) Management and Security Application Local Management Service service terminated unexpectedly. It has done this 1 time(s).
7/3/2014 8:04:06 PM, Error: Service Control Manager [7000] - The Search Protect Service service failed to start due to the following error: The system cannot find the file specified.
7/3/2014 8:02:55 PM, Error: Service Control Manager [7034] - The BlockAndSurf service terminated unexpectedly. It has done this 1 time(s).
7/3/2014 7:56:55 PM, Error: Service Control Manager [7034] - The FastFreeConverterUpdt service terminated unexpectedly. It has done this 1 time(s).
7/3/2014 5:45:55 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer KYLEESUD-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{1937C7F0-C6AF-452B-A8A9-367DE7CFFD00}. The master browser is stopping or an election is being forced.
7/3/2014 10:46:39 PM, Error: Service Control Manager [7005] - The LoadUserProfile call failed with the following error: Access is denied.
7/3/2014 1:32:42 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
7/3/2014 1:30:42 PM, Error: Service Control Manager [7022] - The Windows Search service hung on starting.
7/3/2014 1:25:07 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
7/3/2014 1:25:07 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/3/2014 1:25:07 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
7/3/2014 1:25:00 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
7/3/2014 1:24:59 PM, Error: Service Control Manager [7000] - The QuickBooksDB23 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/3/2014 1:24:39 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the QuickBooksDB23 service to connect.
7/3/2014 1:24:38 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
7/3/2014 1:21:19 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the QuickBooksDB22 service to connect.
7/3/2014 1:21:19 PM, Error: Service Control Manager [7000] - The QuickBooksDB22 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/3/2014 1:20:38 PM, Error: Service Control Manager [7005] - The LoadUserProfile call failed with the following error: Illegal operation attempted on a registry key that has been marked for deletion.
7/3/2014 1:19:19 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer SHARON-LAPTOP that believes that it is the master browser for the domain on transport NetBT_Tcpip_{1937C7F0-C6AF-452B-A8A9-367DE7CFFD00}. The master browser is stopping or an election is being forced.
6/26/2014 5:50:30 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the QBIDPService service to connect.
.
==== End Of File ===========================

As requested:

ComboFix 14-07-03.01 - User 07/04/2014 0:43.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1936.1159 [GMT -4:00]
Running from: c:\documents and settings\User\Desktop\puppy.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\User\WINDOWS
c:\program files\Java\jre7\bin\jp2ssv.dll
c:\windows\iun6002.exe
c:\windows\system32\AegisI5Installer.exe
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Files Created from 2014-06-04 to 2014-07-04 )))))))))))))))))))))))))))))))
.
.
2014-06-25 22:25 . 2010-08-30 12:34 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-06-25 22:25 . 2014-06-26 05:15 -------- d-----w- C:\AdwCleaner
2014-06-09 03:44 . 2014-06-09 03:44 388096 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2014-06-09 03:44 . 2014-06-09 03:44 -------- d-----w- c:\program files\Trend Micro
2014-06-09 02:55 . 2014-06-09 02:55 -------- d-----w- c:\documents and settings\User\Application Data\Greenshot
2014-06-09 02:55 . 2014-06-09 02:55 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Greenshot
2014-06-09 02:52 . 2014-06-09 02:52 -------- d-----w- c:\program files\sweetpacks bundle uninstaller_Video Converter swap_1554532
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2013-08-01 3673696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-09-15 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-15 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-09-15 150040]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-10-02 200704]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2008-12-16 729088]
"OA001Mon"="c:\windows\OA001Mon.exe" [2009-02-25 24576]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-02-23 483420]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-13 43848]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"Lexmark 2200 Series"="c:\program files\Lexmark 2200 Series\lxbvbmgr.exe" [2004-02-13 57344]
"BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440]
"AllShareAgent"="c:\program files\Samsung\AllShare\AllShareAgent.exe" [2012-03-02 285072]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-02-21 152392]
.
c:\documents and settings\User\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2006-10-26 98632]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2010-9-8 5185536]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf010 00.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSv c]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Samsung\\AllShare\\AllShareDMS\\AllShareDMS.exe"=
"c:\\Program Files\\Samsung\\AllShare\\AllShare.exe"=
"c:\\Program Files\\Samsung\\AllShare\\AllShareAgent.exe"=
"c:\\Program Files\\HTC\\HTC Sync Manager\\HTCSyncManager.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\User\\Application Data\\uTorrent\\uTorrent.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
"1542:TCP"= 1542:TCP:Realtek WPS TCP Prot
"1542:UDP"= 1542:UDP:Realtek WPS UDP Prot
"53:UDP"= 53:UDP:Realtek AP UDP Prot
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [8/11/2013 2:14 PM 243128]
R2 HTCMonitorService;HTCMonitorService;c:\program files\HTC\HTC Sync Manager\HSMServiceEntry.exe [11/18/2013 2:36 PM 87368]
R2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [10/17/2013 3:27 PM 166912]
R2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [9/8/2010 10:41 AM 237056]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [6/16/2009 3:27 PM 112512]
R3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [1/13/2013 11:33 PM 245760]
R3 cvusbdrv;Broadcom USH CV;c:\windows\system32\drivers\cvusbdrv.sys [6/16/2009 4:32 PM 32808]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [6/16/2009 4:32 PM 244368]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [6/16/2009 4:32 PM 110080]
R3 OA001Afx;Provides a software interface to control audio effects of OA001 camera.;c:\windows\system32\drivers\OA001Afx.sys [6/17/2009 8:59 AM 148056]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [6/17/2009 8:59 AM 133632]
R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [6/17/2009 8:59 AM 280096]
S2 SamsungAllShareV2.0;Samsung AllShare PC;c:\program files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [3/2/2012 5:00 PM 25504]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [10/17/2013 3:27 PM 21248]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [1/2/2014 10:32 PM 18944]
S3 qcserxp;HTC Diagnostic Port;c:\windows\system32\drivers\qcserxp.sys [3/30/2014 6:04 PM 103424]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys --> c:\windows\system32\DRIVERS\RTL8192su.sys [?]
S3 SimpleSlideShowServer;SimpleSlideShowServer;c:\program files\Samsung\AllShare\AllShareSlideShowService.exe [3/2/2012 5:00 PM 27584]
.
Contents of the 'Scheduled Tasks' folder
.
2014-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-12-19 18:09]
.
2014-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-12-19 18:09]
.
2014-07-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-725345543-854245398-2147175445-1003Core.job
- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-09-29 01:30]
.
2014-07-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-725345543-854245398-2147175445-1003UA.job
- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-09-29 01:30]
.
2014-07-01 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
- c:\windows\system32\xp_eos.exe [2014-03-08 01:59]
.
2014-06-14 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2014-03-08 01:59]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{0F52B98E-85FE-489D-A6FD-D3B54F5378A2}: NameServer = 208.69.150.250,208.69.150.252
TCP: Interfaces\{A894D98E-30C2-4132-B812-062DD1A1966D}: NameServer = 208.69.150.250,208.69.150.252
TCP: Interfaces\{B73DDC3A-438B-473D-B3A7-2BE8000A91F9}: NameServer = 208.69.150.250,208.69.150.252
TCP: Interfaces\{BC2A1417-2D82-4005-9E57-41FA994A6E6D}: NameServer = 208.69.150.250,208.69.150.252
TCP: Interfaces\{C6C4D502-70D5-4A1B-90E4-EE4CDED9328A}: NameServer = 208.69.150.250,208.69.150.252
TCP: Interfaces\{E023B900-7F2A-47C6-9779-CB9A0D8CEE28}: NameServer = 208.69.150.250,208.69.150.252
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Hobbyist Software VLC Streamer - c:\program files\Hobbyist Software\VLC Streamer\VLC Streamer Configuration.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-Aircraft Performance1.0 - c:\windows\iun6002.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-07-04 00:48
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-725345543-854245398-2147175445-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_ 9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX .exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(988)
c:\windows\system32\igfxdev.dll
.
Completion time: 2014-07-04 00:49:24
ComboFix-quarantined-files.txt 2014-07-04 04:49
.
Pre-Run: 30,303,707,136 bytes free
Post-Run: 32,925,179,904 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 1009B2045EBE261B9C03ADA280DFA92E
8F558EB6672622401DA993E1E865C861

I'm sorry but this contravenes our "Circumventing Company/School/Parental or Other Restrictions" rule, which states as follows:Since we cannot assist with this type of request, I'm closing this thread.

Not on all websites, but on many websites that I go to, I get ad popups, often "Ads by Volaro", and then also new windows popping up with ads for games, or markets.com. This is happening in Firefox.com, not Chrome or Internet Explorer. I tried to uninstall whatever looked unnecessary from Firefox add-ons and from Windows' Uninstall programs, and downloaded and used MalwareBytes. But it didn't help.

On firefox, the ads are sometimes so bad that I can't access parts of the website, such as Youtube - I can't access the history bar because it gets covered up.

Adobe Photoshop and Bridge have also stopped working. First I thought it was some random issue and I reinstalled them, but then very soon after that they stopped working again. I'm sure it must be because of this silly malware. I have utorrent.exe open and every so often I get a notification from Malwarebytes asking if I'd like to exclude utorrent.exe or some other website. All of this is getting really messy. I want to get rid of all the ads and popup windows and also Malwarebytes' popups!

I tried pasting the contents of the files for HijackThis, dds, attach and ark, but this forum told me the message got too long, so I've attached the four files instead.

Please let me know if that's fine...

Attached Files

	hijackthis.log (10.2 KB)
	attach.txt (6.0 KB)
	dds.txt (14.3 KB)
	ark.txt (73.8 KB)

Please visit Combofix Guide & Instructions for instructions for installing the Recovery Console and downloading and running ComboFix.

The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to puppy.exe please.

You will also need to disable all of your security programs so they don't interfere with ComboFix. Please visit the following link for more information on how to disable them:

http://www.bleepingcomputer.com/forums/topic114351.html

Be sure to remember to re-enable them right after the scan.

Post the log from ComboFix when you've accomplished that.

Important notes regarding ComboFix:

ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

ComboFix also prevents autorun of ALL CDs, floppies and USB devices (don't worry, the keyboard and mouse will still function) to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished. Read HERE for an article written by dvk01 on why we disable autoruns.

Ok. ran adwcleaner scan then clean. Allowed reboot. rescan and post. (p.s. i am doing everything in safe mode)

# AdwCleaner v3.214 - Report created 04/07/2014 at 23:39:28
# Updated 29/06/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Annie Campbell - SUPERANN
# Running from : C:\Documents and Settings\Annie Campbell\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


*************************

AdwCleaner[R0].txt - [13874 octets] - [04/07/2014 21:29:27]
AdwCleaner[R1].txt - [13935 octets] - [04/07/2014 23:29:02]
AdwCleaner[R2].txt - [652 octets] - [04/07/2014 23:39:28]
AdwCleaner[S0].txt - [13395 octets] - [04/07/2014 23:30:01]

########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [772 octets] ##########

I have recently downloaded a movie converter program and since then, whenever I open a second tab in my internet browser the following URL appears with a search box powered by bing. Google is my default home page and it opens properly in the first tab, but not the consecutives ones.


hxxp://www.trovi.com/?gd=&ctid=CT3319434&octid=EB_ORIGINAL_CTID&ISID=M6CEC969C-F1B0-40DD-9D1F-5FC958DDE3E9&SearchSource=69&CUI=&SSPV=&Lay=1&UM=6&UP=SPE1FB39C7-97A2-4133-9D75-732B722B3B3F




I have:
64-bit Operating System / Windows 8.1 Pro


Any guidance and help is much appreciated. Thank you!


Here's my HiJackThis log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:25:33 PM, on 7/5/2014
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17126)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Users\Delia\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Users\Delia\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_40.0.130.0_x86__v10z8vjag6ke6\H P.AiORemote.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\PROGRA~2\SearchProtect\SearchProtect\bin\cltmng.exe
C:\PROGRA~2\SearchProtect\UI\bin\cltmngui.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Delia\Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168.*.*;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: SFVBho - {00AF1458-D967-4C0E-B736-D6D010521EF5} - C:\Program Files (x86)\SnapFormViewer\Viewer\bin\lib\SFVPlugInIE_x86.dll (file missing)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [HLBackupScheduler] C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files (x86)\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [HP Officejet 6700 (NET)] "C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe" -deviceID "CN2CC9SMVH05RQ:NW" -scfn "HP Officejet 6700 (NET)" -AutoStart 1
O4 - HKCU\..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [Amazon Cloud Player] "C:\Users\Delia\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_E0896E6C54D81E44E49562148B023DD4] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\RunOnce: [DeleteMarkAny] C:\WINDOWS\SysWOW64\MASetupCleaner.exe C:\Program Files (x86)\MarkAny\ContentSafer
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Startup: Dropbox.lnk = Delia\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: Monitor Ink Alerts - HP Officejet 6700 (Network).lnk = ?
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
O4 - Global Startup: WDSmartWare.lnk = C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
O4 - Global Startup: wubi.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe
O9 - Extra 'Tools' menuitem: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} (20-20 3D Viewer) - http://kitchenplanner.ikea.com/US/Co...erAX_Win32.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/ca...2.3.10.115.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O20 - AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Search Protect Service (CltMngSvc) - Client Connect LTD - C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Process Monitor (LVPrcS64) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: MotoHelper Service (MotoHelper) - Unknown owner - C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: WD SmartWare Drive Manager Service (WDDMService.exe) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 16910 bytes


And here the log for GMER:
GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-07-05 15:14:43
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST31000528AS rev.CC45 931.51GB
Running: s3btu1jz.exe; Driver: C:\Users\Delia\AppData\Local\Temp\uglcapod.sys

---- Kernel code sections - GMER 2.1 ----
.text C:\WINDOWS\System32\win32k.sys!W32pServiceTable + 1 fffff960001f6201 7 bytes [20, 0A, 02, 00, F0, 70, 01]
.text C:\WINDOWS\System32\win32k.sys!W32pServiceTable + 9 fffff960001f6209 6 bytes [88, B0, FF, 01, 23, DC]
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\MUI\StringCacheSettings@StringCacheGe neration 98
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed -408298748
Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Teredo\PreviousState\00-8c-54-1f-41-83@AddressCreationTimestamp 0x52 0x3D 0xC8 0x09 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Teredo\PreviousState\00-8c-54-1f-41-83@UPnPState 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Teredo\PreviousState\00-8c-54-1f-41-83@TeredoAddress 2001:0:5ef5:79fb:2c94:3ae2:4d3c:f9c2
Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Teredo\PreviousState\00-8c-54-1f-41-83@ClientLocalPort 50461
Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Teredo\PreviousState\00-8c-54-1f-41-83@UPnPExternalPort 50461
Reg HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\Parameters@LastBootPlanUser Time ?Sat?, ?Jul ?05 ?14, 11:05:15 AM??,???????,???????????????,????
Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 3726
Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 1029
Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@Rw 0x64 0x62 0x03 0x00 ...
Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@RwMask 0x64 0x62 0x03 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00AF1458-D967-4C0E-B736-D6D010521EF5}\iexplore@Count 8773
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0347C33E-8762-4905-BF09-768834316C61}\iexplore@Count 10187
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0347C33E-8762-4905-BF09-768834316C61}\iexplore@Blocked 10188
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\iexplore@Count 10187
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\iexplore@Blocked 10187
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\iexplore@Count 19302
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore@Count 10187
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8DCB7100-DF86-4384-8842-8FA844297B3F}\iexplore@Count 10188
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8DCB7100-DF86-4384-8842-8FA844297B3F}\iexplore@Blocked 10188
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AA58ED58-01DD-4D91-8333-CF10577473F7}\iexplore@Count 10529
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\iexplore@Count 10187
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\iexplore@Blocked 10187
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore@Count 65027
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}\iexplore@Count 10188
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}\iexplore@Blocked 10188
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}\iexplore@Count 20376
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}\iexplore@Blocked 20375
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore@Count 10188
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}\iexplore@Count 10188
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}\iexplore@Blocked 10188
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}\iexplore@Count 10188
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}\iexplore@Blocked 10188
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@Last WindowsRequestBucketDrainTime 0x02 0x92 0x9C 0x35 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@Last WindowsLargeRequestBucketDrainTime 0x02 0x92 0x9C 0x35 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@Othe rBandwidthBucketCounter 84579
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@Othe rRequestBucketCounter 591
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@Last OtherRequestBucketDrainTime 0x02 0x92 0x9C 0x35 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@Glob alBandwidthBucketCounter 135598
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@Glob alRequestBucketCounter 691
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@Last GlobalRequestBucketDrainTime 0x02 0x92 0x9C 0x35 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@Last UploadTime 0x6D 0xDF 0xD6 0xA2 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@Roam ingSyncToken LM%3d63540159248743%3bID%3dEC23C215C11F1181!110%3bLR%3d63540158750497%3bEP% 3d4%3bTD%3dTrue%3bSO%3d0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\RegistrarData@L astRenewCollectionsInterest 0x31 0x0B 0xE6 0xE2 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData@Pending Operations 696
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\StartupNotify@EnableStartupA ppNotification 1
Reg HKCU\Software\Microsoft\Windows\Windows Error Reporting\Debug@StoreLocation C:\Users\Delia\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_H PNetworkCommuni_f0afccaacefefd269fc752f23f5fceba4813c9_77ef1292_3531df6b
Reg HKCU\Software\Microsoft\Windows\Windows Error Reporting\Debug\UIHandles@CheckingForSolutionDialog 0xEC 0x0E 0x51 0x00 ...
---- EOF - GMER 2.1 ----

Hello Tobo27,

Please carry out the following scans, and post the logs generated.

STEP 1
Farbar Recovery Scan Tool (FRST) Scan

• Please download Farbar Recovery Scan Tool (x32) and save the file to your desktop.
• Right-Click FRST.exe and select Run as administrator to run the programme.
• Click Yes to the disclaimer.
• Ensure the Addition.txt box is checked.
• Click the Scan button and let the programme run.
• Upon completion, click OK, then OK on the Addition.txt pop up screen.
• Two logs (FRST.txt & Addition.txt) will now be open on your desktop. Copy the contents of both logs and paste in your next reply.

STEP 2
aswMBR

• Please download aswMBR and save the file to your desktop.
• Temporarily disable your anti-virus software. For instructions, please refer to the following link.
• Right-Click aswMBR.exe and select Run as administrator to run the programme.
• If you are prompted to download the latest anti-virus definitions from avast!, click Yes.
• Click the AV Scan: drop down box and click C:\.
• Click Scan.
• Upon completion, you will see Scan finished successfully. Click Save log.
• Re-enable your anti-virus software.
• Copy the contents of the log and paste in your next reply.

Note: Do NOT attempt to click Fix or FixMBR.
Note: A file (MBR.dat) will be created on your desktop. Do NOT click or delete it.

======================================================

STEP 3
Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

• FRST.txt
• Addition.txt
• aswMBR log

Hello and welcome to Tech Support Guy Forums

Unknown MBR can mean an OEM installed MBR, so it isn't necessarily a bad thing, but we will check into that.

Please run the following:

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Hi

Windows XP does not boot.
Not even in safe mode.
the problems are:
Isass.exe - The application or DLL C:\Windows\apppatch\AcGenral.DLL is not a valid Windows image.
and then
userinit.exe - The application or DLL C:\Windows\apppatch\AcGenral.DLL is not a valid Windows image.
and
Explorer.exe The application or DLL C:\Windows\system32\iertutil.DLL

Help please!
Thank you very much

Hello everyone,

I ended up using a system restore back two days and the problem appears to have been resolved (wireless works in normal boot now.) I am still looking for feedback on ideas of what may have caused the original problem or if there are potential problems given the log above though. Thanks again for any ideas or suggestions.

I was trying to download an online business publication and my malware popped up with PUP, OPTIONAL, Showing three files named Amonetize, A., Wajam, A. And Freesoft. Now I am getting a proxy server error message. I went to Internet Options under connections and LAN settings and unchecked the proxy server box. When I restart the box stays checked. Not very tech savvy and need help. Thank you!