1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Computer sooooo slow.

Discussion in 'Virus & Other Malware Removal' started by besthomeguy, Mar 1, 2015.

Thread Status:
Not open for further replies.
Advertisement
  1. besthomeguy

    besthomeguy Thread Starter

    Joined:
    Mar 1, 2015
    Messages:
    6
    Hello folks,

    thank you so very much for help in [email protected]@. Im pretty tech savy and have been here in the past. I hate to bother yall, although my computer is really running slow and is so glitchy. I suspect there's some malware deep inside and im having a svc host issue. Im running secuna although its all so slow my progress takes so long. I cannot bring up the resource monitor in order to shut down the svc host process either. And i cannot do a secuna scan if i am in safe mode.

    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
    Processor: Intel(R) Celeron(R) CPU 900 @ 2.20GHz, Intel64 Family 6 Model 23 Stepping 10
    Processor Count: 1
    RAM: 1979 Mb
    Graphics Card: Mobile Intel(R) 4 Series Express Chipset Family, 6 Mb
    Hard Drives: C: Total - 139815 MB, Free - 68930 MB; D: Total - 12609 MB, Free - 2075 MB;
    Motherboard: Hewlett-Packard, 3612
    Antivirus: Microsoft Security Essentials, Updated and Enabled


    Logfile of Trend Micro HijackThis v2.0.5
    Scan saved at 11:32:38 AM, on 3/1/2015
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v11.0 (11.00.9600.17631)


    Boot mode: Safe mode with network support

    Running processes:
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Users\scott\Downloads\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: IEPlugin Class - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\PROGRA~2\ArcSoft\VIDEOD~1\ARCURL~1.DLL
    O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
    O2 - BHO: (no name) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - (no file)
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll
    O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    O2 - BHO: CoupExtensionn - {9088f94c-f85e-4bfc-a6df-bf5c28ed9918} - C:\Program Files (x86)\CoupExtensionn\3rBEhIjlSH1irT.dll
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
    O2 - BHO: FiandBeesstDiEAl - {b9dbf3ff-656d-4277-92d9-9e40b36826d7} - C:\Program Files (x86)\FiandBeesstDiEAl\vN762JocFZDaOp.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files (x86)\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files (x86)\BitComet\BitComet.exe/AddAllLink.htm
    O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll/206 (file missing)
    O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
    O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} (WRC Class) - http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
    O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} -
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
    O21 - SSODL: EldosMountNotificator-cbfs5 - {E44A3B27-19EA-4838-B903-684FBE9C7310} - C:\Windows\SysWOW64\cbfsMntNtf5.dll
    O22 - SharedTaskScheduler: Virtual Storage Mount Notification - {E44A3B27-19EA-4838-B903-684FBE9C7310} - C:\Windows\SysWOW64\cbfsMntNtf5.dll
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: BitComet Disk Boost Service (BITCOMET_HELPER_SERVICE) - www.BitComet.com - C:\Program Files (x86)\BitComet\tools\BitCometService.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: pcCMService - Alcatel-Lucent - C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
    O23 - Service: pcCMService64 - Alcatel-Lucent - C:\Program Files\Common Files\Motive\pcCMService.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

    --
    End of file - 8643 bytes
     
  2. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    Hi besthomeguy,
    Let's find out what is causing the big holdup.
    HJT is not very good on 64-bit machines. Need a different tool.
    -----------------------------------------------------------
    Download and Run the Farbar Scan Tool
    • Download FRST64 and save to your Desktop.
    • Double click Frst64.exe to launch it.
    • FRST64 will start to run.
      • When the tool opens click Yes to disclaimer.
      • Press the Scan button.
      • When finished scanning, 2 logs will open on your Desktop, FRST.txt and Addition.txt
      • Please post them in your next reply.
    If you lose track of them, they will be saved in the same location as FRST64.exe
    Feel free to use separate replies if it's more convenient.

    Please use Notepad with no wordwrap to post.
    Thanks,
    askey127
     
  3. besthomeguy

    besthomeguy Thread Starter

    Joined:
    Mar 1, 2015
    Messages:
    6
    Id like to thank you so much for the speedy reply.



    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-02-2015
    Ran by scott (administrator) on PC on 01-03-2015 12:17:18
    Running from C:\Users\scott\Downloads
    Loaded Profiles: scott (Available profiles: scott & Clean Slate)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    (Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
    (Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe
    () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    (Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (RealNetworks, Inc.) C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
    (Farbar) C:\Users\scott\Downloads\FRST64 (1).exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1808168 2009-06-18] (Synaptics Incorporated)
    HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [495104 2009-07-14] (Conexant Systems, Inc.)
    HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-2703411556-3791652630-4122355323-1001\...\Policies\system: [LogonHoursAction] 2
    HKU\S-1-5-21-2703411556-3791652630-4122355323-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
    SSODL: EldosMountNotificator-cbfs5 - {E44A3B27-19EA-4838-B903-684FBE9C7310} - C:\Windows\system32\cbfsMntNtf5.dll (EldoS Corporation)
    SSODL-x32: EldosMountNotificator-cbfs5 - {E44A3B27-19EA-4838-B903-684FBE9C7310} - C:\Windows\SysWOW64\cbfsMntNtf5.dll (EldoS Corporation)
    ShellIconOverlayIdentifiers: [1EldosIconOverlay-cbfs5] -> {7D35F071-7E4E-4BBE-AE55-420284D08EA7} => C:\Windows\system32\cbfsMntNtf5.dll (EldoS Corporation)
    ShellIconOverlayIdentifiers: [2EldosIconOverlay-cbfs5] -> {E5F6326D-D081-48AF-99B7-13B919385D59} => C:\Windows\system32\cbfsMntNtf5.dll (EldoS Corporation)
    ShellIconOverlayIdentifiers: [BitcasaBadFileOverlay] -> {EC168C82-5053-422A-BB08-3CD9ACA22E85} => C:\Program Files\Bitcasa\ExplorerMenu.dll ()
    ShellIconOverlayIdentifiers: [BitcasaIconOverlay] -> {A6975448-A999-49BB-B3E4-7730CF6A82C0} => C:\Program Files\Bitcasa\ExplorerMenu.dll ()
    ShellIconOverlayIdentifiers: [BitcasaMirrorOverlay] -> {8C403C00-4544-4A53-879B-1949390CDE13} => C:\Program Files\Bitcasa\ExplorerMenu.dll ()
    ShellIconOverlayIdentifiers: [BitcasaNotMirrored] -> {775CDDED-E6D2-4DD8-8C1F-158BEF44B62A} => C:\Program Files\Bitcasa\ExplorerMenu.dll ()
    ShellIconOverlayIdentifiers: [BitcasaProgressOverlay] -> {6FB8D52A-0064-45B2-B687-F596FEAD09C2} => C:\Program Files\Bitcasa\ExplorerMenu.dll ()
    ShellIconOverlayIdentifiers: [EldosIconOverlay-cbfs5] -> {8232BEA5-1CE9-488A-8BE0-0B07FBD8D001} => C:\Windows\system32\cbfsMntNtf5.dll (EldoS Corporation)
    ShellIconOverlayIdentifiers-x32: [1EldosIconOverlay-cbfs5] -> {7D35F071-7E4E-4BBE-AE55-420284D08EA7} => C:\Windows\SysWOW64\cbfsMntNtf5.dll (EldoS Corporation)
    ShellIconOverlayIdentifiers-x32: [2EldosIconOverlay-cbfs5] -> {E5F6326D-D081-48AF-99B7-13B919385D59} => C:\Windows\SysWOW64\cbfsMntNtf5.dll (EldoS Corporation)
    ShellIconOverlayIdentifiers-x32: [EldosIconOverlay-cbfs5] -> {8232BEA5-1CE9-488A-8BE0-0B07FBD8D001} => C:\Windows\SysWOW64\cbfsMntNtf5.dll (EldoS Corporation)
    GroupPolicyUsers\S-1-5-21-2703411556-3791652630-4122355323-1003\User: Group Policy restriction detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-2703411556-3791652630-4122355323-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-2703411556-3791652630-4122355323-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-2703411556-3791652630-4122355323-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM -> {5ED2AC63-4FB2-495B-9927-6719F31C27C7} URL = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
    SearchScopes: HKLM -> {85F65E60-E72C-4E9D-AE11-D675469AA0F4} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> {5ED2AC63-4FB2-495B-9927-6719F31C27C7} URL = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> {85F65E60-E72C-4E9D-AE11-D675469AA0F4} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql
    SearchScopes: HKU\S-1-5-21-2703411556-3791652630-4122355323-1001 -> DefaultScope {715935B6-8659-4B6D-BC6F-18FF2306BECF} URL = https://www.google.com/search?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2703411556-3791652630-4122355323-1001 -> {512577E2-3FD5-4827-A761-95D245AFA955} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3298566&CUI=UN16184216192487031&UM=2
    SearchScopes: HKU\S-1-5-21-2703411556-3791652630-4122355323-1001 -> {5ED2AC63-4FB2-495B-9927-6719F31C27C7} URL = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-2703411556-3791652630-4122355323-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
    SearchScopes: HKU\S-1-5-21-2703411556-3791652630-4122355323-1001 -> {715935B6-8659-4B6D-BC6F-18FF2306BECF} URL = https://www.google.com/search?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2703411556-3791652630-4122355323-1001 -> {85F65E60-E72C-4E9D-AE11-D675469AA0F4} URL =
    BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader)
    BHO: CoupExtensionn -> {9088f94c-f85e-4bfc-a6df-bf5c28ed9918} -> C:\Program Files (x86)\CoupExtensionn\3rBEhIjlSH1irT.x64.dll ()
    BHO: FiandBeesstDiEAl -> {b9dbf3ff-656d-4277-92d9-9e40b36826d7} -> C:\Program Files (x86)\FiandBeesstDiEAl\vN762JocFZDaOp.x64.dll ()
    BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
    BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
    BHO-x32: IEPlugin Class -> {11222041-111B-46E3-BD29-EFB2449479B1} -> C:\Program Files (x86)\ArcSoft\Video Downloader\ArcURLRecord.dll (ArcSoft, Inc.)
    BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
    BHO-x32: No Name -> {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} -> No File
    BHO-x32: BitComet Helper -> {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} -> C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
    BHO-x32: No Name -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No File
    BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    BHO-x32: CoupExtensionn -> {9088f94c-f85e-4bfc-a6df-bf5c28ed9918} -> C:\Program Files (x86)\CoupExtensionn\3rBEhIjlSH1irT.dll ()
    BHO-x32: No Name -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> No File
    BHO-x32: FiandBeesstDiEAl -> {b9dbf3ff-656d-4277-92d9-9e40b36826d7} -> C:\Program Files (x86)\FiandBeesstDiEAl\vN762JocFZDaOp.dll ()
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
    BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
    Toolbar: HKU\S-1-5-21-2703411556-3791652630-4122355323-1001 -> No Name - {724D43A0-0D85-11D4-9908-00400523E39A} - No File
    Toolbar: HKU\S-1-5-21-2703411556-3791652630-4122355323-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    Toolbar: HKU\S-1-5-21-2703411556-3791652630-4122355323-1001 -> No Name - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - No File
    DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
    DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
    DPF: HKLM-x32 {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
    DPF: HKLM-x32 {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
    DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

    FireFox:
    ========
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
    FF Plugin-x32: @java.com/DTPlugin,version=10.15.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Motive, Inc.)
    FF Plugin-x32: @real.com/nppl3260;version=17.0.9.17 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=17.0.9 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.9 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=17.0.9 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprpplugin;version=17.0.9.17 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009-11-01]
    FF HKLM-x32\...\Firefox\Extensions: [{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}] - C:\Program Files (x86)\ArcSoft\Video Downloader\Plugin_FireFox
    FF Extension: No Name - C:\Program Files (x86)\ArcSoft\Video Downloader\Plugin_FireFox [2011-10-27]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\ArcSoft\RAW Thumbnail Viewer\FireFox Extension
    FF Extension: No Name - C:\Program Files (x86)\ArcSoft\RAW Thumbnail Viewer\FireFox Extension [2011-10-27]
    FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
    FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-04-16]
    FF HKLM-x32\...\Firefox\Extensions: [{53D8DD28-1C83-41F3-B171-C2ED5B3E5DE8}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

    Chrome:
    =======
    CHR dev: Chrome dev build detected! <======= ATTENTION
    CHR HomePage: Default -> hxxp://www.google.com/
    CHR StartupUrls: Default -> "hxxp://google.com/"
    CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
    CHR Profile: C:\Users\scott\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-08]
    CHR Extension: (RealPlayer Downloader) - C:\Users\scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-03-01]
    CHR Extension: (DoWWnSavve) - C:\Users\scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfahdpadigldkpgimnnocnlodcobjnld [2015-02-12]
    CHR Extension: (Google Wallet) - C:\Users\scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
    CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2014-04-06]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S4 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
    S3 BITCOMET_HELPER_SERVICE; C:\Program Files (x86)\BitComet\tools\BitCometService.exe [1296728 2010-12-28] (www.BitComet.com)
    S4 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-08-20] (Hewlett-Packard Company) [File not signed]
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
    R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
    R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
    R2 pcCMService; C:\Program Files (x86)\Common Files\Motive\pcCMService.exe [369152 2012-11-15] (Alcatel-Lucent) [File not signed]
    R2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [460288 2012-11-15] (Alcatel-Lucent) [File not signed]
    R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-04-06] ()
    S4 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-04-16] (RealNetworks, Inc.)
    S4 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-04-07] () [File not signed]
    R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
    S4 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1225312 2012-11-26] (Secunia)
    S4 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [659040 2012-11-26] (Secunia)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
    R1 cbfs5; C:\Windows\system32\drivers\cbfs5.sys [413888 2013-11-25] (EldoS Corporation)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-01] (Malwarebytes Corporation)
    R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
    S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2009-08-14] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
    S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2009-08-14] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
    R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S3 Lavasoft Kernexplorer; \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [X]
    S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
    S3 MREMPR5; \??\C:\PROGRA~2\COMMON~1\Motive\MREMPR5.SYS [X]
    S3 MRENDIS5; \??\C:\PROGRA~2\COMMON~1\Motive\MRENDIS5.SYS [X]
    S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
    S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
    S1 SABKUTIL; \??\C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys [X]
    S3 SABProcEnum; \??\C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABProcEnum.sys [X]
    S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-03-01 12:17 - 2015-03-01 12:19 - 00020867 _____ () C:\Users\scott\Downloads\FRST.txt
    2015-03-01 12:16 - 2015-03-01 12:17 - 00000000 ___DC () C:\FRST
    2015-03-01 12:15 - 2015-03-01 12:15 - 02092544 _____ (Farbar) C:\Users\scott\Downloads\FRST64 (1).exe
    2015-03-01 12:02 - 2015-03-01 12:02 - 02092544 _____ (Farbar) C:\Users\scott\Downloads\FRST64.exe
    2015-03-01 11:34 - 2015-03-01 11:34 - 00509440 _____ (Tech Support Guy System) C:\Users\scott\Downloads\SysInfo.exe
    2015-03-01 11:32 - 2015-03-01 11:32 - 00008644 _____ () C:\Users\scott\Downloads\hijackthis.log
    2015-03-01 11:31 - 2015-03-01 11:31 - 00388608 _____ (Trend Micro Inc.) C:\Users\scott\Downloads\HijackThis.exe
    2015-03-01 11:29 - 2015-03-01 11:29 - 00000000 __SHD () C:\Users\scott\AppData\Local\EmieBrowserModeList
    2015-02-18 21:36 - 2015-02-19 23:03 - 00008736 _____ () C:\Windows\PFRO.log
    2015-02-18 21:06 - 2015-03-01 12:12 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-02-18 21:03 - 2015-02-18 21:03 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2015-02-18 21:03 - 2015-02-18 21:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-02-18 21:03 - 2015-02-18 21:03 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2015-02-18 21:03 - 2015-02-18 21:03 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2015-02-18 21:03 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2015-02-18 21:03 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2015-02-18 21:03 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2015-02-18 21:00 - 2015-02-18 21:01 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\scott\Downloads\mbam-setup-2.0.4.1028.exe
    2015-02-18 14:03 - 2015-02-18 14:03 - 00000010 _____ () C:\Users\scott\AppData\Local\sponge.last.runtime.cache
    2015-02-18 13:54 - 2015-02-18 13:54 - 02073512 _____ (Trend Micro Inc.) C:\Users\scott\Downloads\HousecallLauncher.exe
    2015-02-15 10:26 - 2015-01-22 20:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2015-02-15 10:26 - 2015-01-22 20:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2015-02-15 10:26 - 2015-01-22 19:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2015-02-15 10:26 - 2015-01-22 19:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2015-02-15 10:25 - 2015-01-08 19:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
    2015-02-15 10:25 - 2015-01-08 19:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
    2015-02-15 10:25 - 2015-01-08 19:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
    2015-02-15 10:25 - 2015-01-08 18:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
    2015-02-14 20:00 - 2014-10-17 18:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
    2015-02-14 20:00 - 2014-10-17 17:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
    2015-02-14 20:00 - 2014-07-06 18:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
    2015-02-14 20:00 - 2014-07-06 18:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
    2015-02-14 20:00 - 2014-07-06 18:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
    2015-02-14 20:00 - 2014-07-06 18:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
    2015-02-14 20:00 - 2014-07-06 17:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
    2015-02-14 20:00 - 2014-07-06 17:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
    2015-02-14 20:00 - 2014-07-06 17:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
    2015-02-14 20:00 - 2014-07-06 17:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
    2015-02-14 19:21 - 2015-01-15 00:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2015-02-14 19:21 - 2015-01-15 00:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2015-02-14 19:21 - 2015-01-15 00:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2015-02-14 19:21 - 2015-01-15 00:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2015-02-14 19:21 - 2015-01-15 00:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2015-02-14 19:21 - 2015-01-15 00:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2015-02-14 19:21 - 2015-01-15 00:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2015-02-14 19:21 - 2015-01-15 00:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2015-02-14 19:21 - 2015-01-15 00:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2015-02-14 19:21 - 2015-01-15 00:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2015-02-14 19:21 - 2015-01-15 00:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2015-02-14 19:21 - 2015-01-14 23:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
    2015-02-14 19:21 - 2015-01-14 23:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2015-02-14 19:21 - 2015-01-14 23:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2015-02-14 19:21 - 2015-01-14 23:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2015-02-14 19:21 - 2015-01-14 23:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
    2015-02-14 19:21 - 2015-01-14 23:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2015-02-14 19:21 - 2015-01-14 20:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
    2015-02-14 19:21 - 2015-01-12 19:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
    2015-02-14 19:21 - 2015-01-12 18:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
    2015-02-14 19:21 - 2014-11-07 19:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
    2015-02-14 19:21 - 2014-11-07 18:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2015-02-14 19:21 - 2014-10-24 17:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
    2015-02-14 19:21 - 2014-10-24 17:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
    2015-02-14 19:20 - 2015-01-13 21:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2015-02-14 19:20 - 2015-01-13 21:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2015-02-14 19:20 - 2015-01-11 19:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2015-02-14 19:20 - 2015-01-11 19:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2015-02-14 19:20 - 2015-01-11 18:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2015-02-14 19:20 - 2015-01-11 18:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2015-02-14 19:20 - 2015-01-11 18:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2015-02-14 19:20 - 2015-01-11 18:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2015-02-14 19:20 - 2015-01-11 18:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2015-02-14 19:20 - 2015-01-11 18:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2015-02-14 19:20 - 2015-01-11 18:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2015-02-14 19:20 - 2015-01-11 18:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2015-02-14 19:20 - 2015-01-11 18:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2015-02-14 19:20 - 2015-01-11 18:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2015-02-14 19:20 - 2015-01-11 18:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2015-02-14 19:20 - 2015-01-11 18:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2015-02-14 19:20 - 2015-01-11 18:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2015-02-14 19:20 - 2015-01-11 18:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2015-02-14 19:20 - 2015-01-11 18:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2015-02-14 19:20 - 2015-01-11 18:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2015-02-14 19:20 - 2015-01-11 18:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2015-02-14 19:20 - 2015-01-11 18:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2015-02-14 19:20 - 2015-01-11 18:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2015-02-14 19:20 - 2015-01-11 18:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2015-02-14 19:20 - 2015-01-11 18:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2015-02-14 19:20 - 2015-01-11 17:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2015-02-14 19:20 - 2015-01-11 17:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2015-02-14 19:20 - 2015-01-11 17:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2015-02-14 19:20 - 2015-01-11 17:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2015-02-14 19:20 - 2015-01-11 17:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2015-02-14 19:20 - 2015-01-11 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2015-02-14 19:20 - 2015-01-11 17:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2015-02-14 19:20 - 2015-01-11 17:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2015-02-14 19:20 - 2015-01-11 17:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2015-02-14 19:20 - 2015-01-11 17:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2015-02-14 19:20 - 2015-01-11 17:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2015-02-14 19:20 - 2015-01-11 17:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2015-02-14 19:20 - 2015-01-11 17:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2015-02-14 19:20 - 2015-01-11 17:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2015-02-14 19:20 - 2015-01-11 17:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2015-02-14 19:20 - 2015-01-11 17:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2015-02-14 19:20 - 2015-01-11 17:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2015-02-14 19:20 - 2015-01-11 17:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2015-02-14 19:20 - 2015-01-11 17:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2015-02-14 19:20 - 2015-01-11 17:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2015-02-14 19:20 - 2015-01-11 16:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2015-02-14 19:20 - 2015-01-11 16:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2015-02-14 19:20 - 2014-12-18 19:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
    2015-02-14 19:20 - 2014-12-07 19:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
    2015-02-14 19:20 - 2014-12-07 18:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
    2015-02-14 19:20 - 2014-10-13 18:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
    2015-02-14 19:20 - 2014-10-13 17:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
    2015-02-14 19:19 - 2015-01-11 19:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2015-02-14 19:19 - 2015-01-11 18:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2015-02-14 19:19 - 2015-01-11 18:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2015-02-14 19:19 - 2015-01-11 18:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2015-02-14 19:19 - 2015-01-11 17:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2015-02-14 19:19 - 2014-12-11 21:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
    2015-02-14 19:19 - 2014-12-11 21:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2015-02-14 19:19 - 2014-07-06 18:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
    2015-02-14 19:19 - 2014-07-06 18:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
    2015-02-14 19:19 - 2014-07-06 17:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
    2015-02-14 19:19 - 2014-07-06 17:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2015-02-14 19:18 - 2014-12-18 17:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
    2015-02-14 19:16 - 2015-01-13 22:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-02-14 19:16 - 2015-01-13 22:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2015-02-14 19:16 - 2015-01-13 22:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2015-02-14 19:16 - 2015-01-13 22:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2015-02-14 19:16 - 2015-01-13 21:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2015-02-14 19:16 - 2015-01-13 21:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2015-02-14 19:16 - 2015-01-13 21:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2015-02-14 19:15 - 2015-01-09 22:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2015-02-14 19:15 - 2015-01-09 22:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2015-02-14 19:15 - 2015-01-09 22:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2015-02-14 19:15 - 2015-01-09 22:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2015-02-14 19:15 - 2015-01-09 22:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2015-02-14 19:15 - 2015-01-09 22:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2015-02-14 19:15 - 2015-01-09 22:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2015-02-14 19:15 - 2015-01-09 22:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2015-02-14 19:15 - 2015-01-09 22:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2015-02-14 19:15 - 2015-01-09 22:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2015-02-14 19:15 - 2015-01-09 22:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2015-02-14 19:15 - 2015-01-09 22:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2015-02-14 19:15 - 2015-01-09 22:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2015-02-14 19:15 - 2015-01-09 22:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2015-02-14 19:14 - 2014-11-10 19:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
    2015-02-14 19:14 - 2014-11-10 18:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
    2015-02-14 19:13 - 2014-12-05 20:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
    2015-02-14 19:13 - 2014-12-05 19:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
    2015-02-14 19:13 - 2014-12-05 19:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
    2015-02-14 19:13 - 2014-10-13 18:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
    2015-02-14 19:13 - 2014-10-02 18:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
    2015-02-14 19:13 - 2014-10-02 18:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
    2015-02-14 19:13 - 2014-10-02 18:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
    2015-02-14 19:13 - 2014-10-02 18:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
    2015-02-14 19:13 - 2014-10-02 18:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
    2015-02-14 19:13 - 2014-10-02 17:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
    2015-02-14 19:13 - 2014-10-02 17:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
    2015-02-14 19:13 - 2014-10-02 17:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
    2015-02-14 19:13 - 2014-08-11 18:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
    2015-02-14 19:13 - 2014-08-11 17:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
    2015-02-14 19:12 - 2015-01-08 18:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2015-02-14 19:12 - 2014-11-10 17:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
    2015-02-14 19:12 - 2014-10-29 18:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
    2015-02-14 19:12 - 2014-10-29 17:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
    2015-02-14 19:12 - 2014-10-02 18:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
    2015-02-14 19:12 - 2014-10-02 18:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
    2015-02-14 19:12 - 2014-10-02 18:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
    2015-02-14 19:12 - 2014-10-02 18:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
    2015-02-14 19:12 - 2014-10-02 18:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
    2015-02-14 19:12 - 2014-10-02 17:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
    2015-02-14 19:12 - 2014-10-02 17:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
    2015-02-14 19:12 - 2014-10-02 17:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
    2015-02-14 19:12 - 2014-10-02 17:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
    2015-02-14 19:12 - 2014-10-02 17:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
    2015-02-14 19:12 - 2014-08-20 22:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
    2015-02-14 19:12 - 2014-08-20 22:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
    2015-02-14 19:12 - 2014-08-20 22:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2015-02-14 19:12 - 2014-08-20 22:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
    2015-02-14 19:11 - 2014-12-11 09:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
    2015-02-14 19:11 - 2014-11-25 19:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
    2015-02-14 19:11 - 2014-11-25 19:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
    2015-02-14 17:57 - 2015-03-01 12:03 - 00000728 _____ () C:\Windows\setupact.log
    2015-02-14 17:50 - 2014-02-25 14:15 - 00449915 ____R () C:\Windows\system32\Drivers\etc\hosts.20150214-175042.backup
    2015-02-13 17:53 - 2015-02-27 07:55 - 00000020 _____ () C:\Users\scott\AppData\Roaming\appdataFr3.bin
    2015-02-12 21:55 - 2015-02-12 21:56 - 00000000 ____D () C:\Program Files (x86)\DoWWnSavve
    2015-02-12 21:54 - 2015-02-12 21:56 - 00000000 ____D () C:\Program Files (x86)\FiandBeesstDiEAl
    2015-02-12 21:53 - 2015-02-12 21:56 - 00000000 ____D () C:\Program Files (x86)\Trollbar
    2015-02-12 21:53 - 2015-02-12 21:56 - 00000000 ____D () C:\Program Files (x86)\NEwSeaveer
    2015-02-12 21:51 - 2015-02-12 21:56 - 00000000 ____D () C:\Program Files (x86)\CoupExtensionn
    2015-02-12 21:50 - 2015-02-12 21:55 - 00000000 ____D () C:\ProgramData\18389776859675616451
    2015-02-12 21:50 - 2015-02-12 21:55 - 00000000 ____D () C:\Program Files (x86)\DigiuCoupon
    2015-02-11 06:43 - 2015-02-11 06:43 - 00000000 _____ () C:\Windows\setuperr.log
    2015-01-31 13:18 - 2015-01-31 13:18 - 00880784 _____ (Google Inc.) C:\Users\scott\Downloads\ChromeSetup.exe

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-03-01 12:19 - 2010-01-22 18:20 - 02031569 _____ () C:\Windows\WindowsUpdate.log
    2015-03-01 12:13 - 2010-05-20 16:00 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-03-01 12:11 - 2009-07-13 20:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-03-01 12:11 - 2009-07-13 20:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-03-01 12:03 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-03-01 10:54 - 2010-05-20 16:00 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-03-01 10:46 - 2013-02-22 03:59 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-02-28 13:59 - 2014-09-25 16:10 - 00000000 ____D () C:\Users\scott\AppData\Roaming\vlc
    2015-02-23 22:09 - 2009-07-13 21:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-02-20 03:59 - 2010-10-21 19:44 - 00000000 ____D () C:\ProgramData\boost_interprocess
    2015-02-18 21:34 - 2014-08-18 00:19 - 00000000 ____D () C:\Users\scott\AppData\Roaming\ContentExplorer
    2015-02-18 21:34 - 2013-10-10 18:58 - 00000000 ____D () C:\ProgramData\Conduit
    2015-02-18 14:31 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache
    2015-02-18 14:06 - 2013-02-12 03:43 - 06057599 _____ () C:\Users\scott\AppData\Local\census.cache
    2015-02-18 14:05 - 2013-02-12 03:37 - 00115219 _____ () C:\Users\scott\AppData\Local\ars.cache
    2015-02-18 11:02 - 2014-02-24 20:10 - 00775084 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
    2015-02-18 10:21 - 2014-11-18 13:29 - 00000000 ____D () C:\Users\scott\Desktop\bitcasa
    2015-02-18 08:33 - 2010-09-25 21:35 - 00000000 ____D () C:\Windows\pss
    2015-02-18 08:05 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\tracing
    2015-02-17 04:45 - 2014-03-29 17:15 - 00000000 ____D () C:\Users\scott\Desktop\Media
    2015-02-14 20:25 - 2009-07-13 20:45 - 00426800 _____ () C:\Windows\system32\FNTCACHE.DAT
    2015-02-14 20:20 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
    2015-02-14 19:57 - 2013-03-10 12:40 - 00002155 _____ () C:\Windows\epplauncher.mif
    2015-02-14 19:57 - 2013-03-10 12:39 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    2015-02-14 19:56 - 2013-03-10 12:39 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
    2015-02-14 19:56 - 2013-03-01 13:11 - 00000000 ____D () C:\Program Files\Microsoft Security Client
    2015-02-14 19:46 - 2014-02-10 06:12 - 00000000 ____D () C:\Windows\system32\MRT
    2015-02-11 06:46 - 2015-01-24 23:05 - 00000000 ____D () C:\ProgramData\{34d1b8a0-68a7-15f2-34d1-1b8a068ae281}
    2015-02-07 01:49 - 2010-05-20 16:00 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2015-02-07 01:49 - 2010-05-20 16:00 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2015-02-05 01:48 - 2013-02-22 03:59 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-02-05 01:48 - 2013-02-22 03:59 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2015-02-05 01:48 - 2012-05-01 20:18 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2015-02-01 13:02 - 2014-10-07 18:41 - 00000000 ____D () C:\Program Files\Softland
    2015-02-01 13:02 - 2014-10-07 18:41 - 00000000 ____D () C:\Program Files (x86)\Softland

    ==================== Files in the root of some directories =======

    2015-02-13 17:53 - 2015-02-27 07:55 - 0000020 _____ () C:\Users\scott\AppData\Roaming\appdataFr3.bin
    2013-10-24 12:23 - 2013-10-24 12:23 - 0099384 _____ () C:\Users\scott\AppData\Roaming\inst.exe
    2011-05-05 19:19 - 2013-10-24 12:23 - 0007859 _____ () C:\Users\scott\AppData\Roaming\pcouffin.cat
    2011-05-05 19:19 - 2013-10-24 12:23 - 0001167 _____ () C:\Users\scott\AppData\Roaming\pcouffin.inf
    2011-05-05 19:21 - 2013-10-24 12:23 - 0000033 _____ () C:\Users\scott\AppData\Roaming\pcouffin.log
    2011-05-05 19:19 - 2013-10-24 12:23 - 0082816 _____ (VSO Software) C:\Users\scott\AppData\Roaming\pcouffin.sys
    2011-01-22 18:53 - 2011-01-22 18:53 - 0000000 _____ () C:\Users\scott\AppData\Roaming\wklnhst.dat
    2013-02-12 03:37 - 2015-02-18 14:05 - 0115219 _____ () C:\Users\scott\AppData\Local\ars.cache
    2010-05-18 00:16 - 2010-05-18 00:16 - 0000000 _____ () C:\Users\scott\AppData\Local\AtStart.txt
    2013-02-12 03:43 - 2015-02-18 14:06 - 6057599 _____ () C:\Users\scott\AppData\Local\census.cache
    2010-10-19 22:34 - 2012-09-08 23:07 - 0004608 _____ () C:\Users\scott\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2010-05-18 00:16 - 2010-05-18 00:16 - 0000000 _____ () C:\Users\scott\AppData\Local\DSwitch.txt
    2010-07-01 21:33 - 2010-07-01 21:33 - 0000000 _____ () C:\Users\scott\AppData\Local\DVDPATH.TXT
    2013-02-11 03:34 - 2013-02-11 03:34 - 0000036 _____ () C:\Users\scott\AppData\Local\housecall.guid.cache
    2013-02-15 13:16 - 2014-04-20 09:06 - 0007611 _____ () C:\Users\scott\AppData\Local\Resmon.ResmonCfg
    2015-02-18 14:03 - 2015-02-18 14:03 - 0000010 _____ () C:\Users\scott\AppData\Local\sponge.last.runtime.cache
    2011-06-03 03:50 - 2011-06-03 03:50 - 0000000 _____ () C:\Users\scott\AppData\Local\{B3E8C0D2-D584-4632-9C66-05002853DB7E}
    2013-06-29 11:42 - 2013-06-29 11:42 - 0000057 _____ () C:\ProgramData\Ament.ini
    2010-05-18 00:16 - 2014-08-16 22:15 - 0000511 _____ () C:\ProgramData\HPWALog.txt
    2012-05-17 11:00 - 2012-05-17 11:03 - 0000305 _____ () C:\ProgramData\hpzinstall.log
    2010-01-22 18:31 - 2010-01-22 18:31 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
    2009-11-01 00:05 - 2009-11-01 00:06 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
    2010-01-22 18:30 - 2010-01-22 18:30 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
    2009-10-31 23:59 - 2009-11-01 00:00 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
    2010-01-22 18:30 - 2010-01-22 18:30 - 0000032 _____ () C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
    2010-01-22 18:31 - 2010-01-22 18:31 - 0000032 _____ () C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
    2009-10-31 23:59 - 2009-10-31 23:59 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
    2009-11-01 00:00 - 2009-11-01 00:05 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
    2010-01-22 18:31 - 2010-01-22 18:31 - 0000105 _____ () C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log

    Some content of TEMP:
    ====================
    C:\Users\scott\AppData\Local\Temp\209433089915573836.exe


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-02-26 22:31

    ==================== End Of Log ============================







    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-02-2015
    Ran by scott at 2015-03-01 12:21:51
    Running from C:\Users\scott\Downloads
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
    AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
    AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
    Adobe Shockwave Player (HKLM-x32\...\{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}) (Version: 11.0 - Adobe Systems, Inc.)
    Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
    Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 5.2 - Atheros)
    Bitcasa version 1.1.6.18 (HKLM\...\{EDA09459-AD7D-4434-BA0C-647F6703EA12}_is1) (Version: 1.1.6.18 - Bitcasa Inc.)
    BitComet 1.35 (HKLM-x32\...\BitComet) (Version: 1.35 - CometNetwork)
    CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
    Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.98.60.50 - Conexant)
    Duplicate Cleaner Free 3.2.4 (HKLM-x32\...\Duplicate Cleaner Free) (Version: 3.2.4 - DigitalVolcano Software Ltd) <==== ATTENTION
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
    Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
    HP Wireless Assistant (HKLM-x32\...\{54CC7901-804D-4155-B353-21F0CC9112AB}) (Version: 3.50.9.1 - Hewlett-Packard)
    Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.2302 - Intel Corporation)
    LightScribe System Software (HKLM-x32\...\{CC8E94A2-55C7-4460-953C-2A790180578C}) (Version: 1.18.8.1 - LightScribe)
    Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
    Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
    Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    MpcStar 5.3 (HKLM-x32\...\MpcStar) (Version: 5.3 - www.mpcstar.com)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    MSXML 4.0 SP2 and SOAP Toolkit 3.0 (x32 Version: 1.0.0.0 - Webroot Software, Inc.) Hidden
    MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
    QLBCASL (x32 Version: 6.40.17.2 - Hewlett-Packard) Hidden
    RealDownloader (x32 Version: 17.0.9 - RealNetworks, Inc.) Hidden
    RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
    RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
    RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
    RealPlayer Cloud (HKLM-x32\...\RealPlayer 17.0) (Version: 17.0.9 - RealNetworks)
    Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0007 - Realtek)
    Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30093 - Realtek Semiconductor Corp.)
    RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
    Recovery Manager (x32 Version: 5.5.2202 - CyberLink Corp.) Hidden
    Secunia PSI (3.0.0.6001) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.6001 - Secunia)
    Splashtop Software Updater (HKLM-x32\...\Splashtop Software Updater) (Version: 1.5.6.15 - Splashtop Inc.)
    Splashtop Streamer (HKLM-x32\...\{B7C5EA94-B96A-41F5-BE95-25D78B486678}) (Version: 2.6.5.3 - Splashtop Inc.)
    Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.2.0 - Synaptics Incorporated)
    UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
    VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
    WinDirStat 1.1.2 (HKU\S-1-5-21-2703411556-3791652630-4122355323-1001\...\WinDirStat) (Version: - )
    WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - )

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


    ==================== Restore Points =========================

    22-02-2015 12:10:15 Windows Update
    28-02-2015 11:55:10 Windows Update

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 18:34 - 2015-02-14 17:50 - 00449979 ____R C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 localhost
    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 www.1000gratisproben.com
    127.0.0.1 1001namen.com
    127.0.0.1 www.1001namen.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 www.100sexlinks.com
    127.0.0.1 100sexlinks.com
    127.0.0.1 10sek.com
    127.0.0.1 www.10sek.com
    127.0.0.1 www.1-2005-search.com
    127.0.0.1 1-2005-search.com
    127.0.0.1 123fporn.info
    127.0.0.1 www.123fporn.info
    127.0.0.1 123haustiereundmehr.com
    127.0.0.1 www.123haustiereundmehr.com

    There are 1000 more lines.


    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {168D4B06-4714-45C3-9B39-4C85901F7A58} - System32\Tasks\{FC3C1DF5-3CD8-4C25-A470-A2BF666EE3F6} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{9EE1FCF8-84BD-4EDB-8AC9-CAED6B8A0FA7}\setup.exe" -c -runfromtemp -l0x0009 -removeonly
    Task: {1DDF73CB-45C4-46C3-9CDB-EFC0A8758E02} - System32\Tasks\CCleanerSkipUAC => C:\Program Files (x86)\CCleaner\CCleaner.exe [2014-10-29] (Piriform Ltd)
    Task: {1EFE6C93-510E-4558-AF90-30BAC696AB2C} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe
    Task: {26EEAF8C-49B7-4C66-9A9B-A05E1CA992CB} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2703411556-3791652630-4122355323-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-04-07] (RealNetworks, Inc.)
    Task: {3029BB20-4E34-4AFF-A395-5E71CBECBECE} - System32\Tasks\{193CEDE2-25AD-40E4-8543-FE075F931C6D} => pcalua.exe -a "C:\Users\scott\Desktop\Programs Shortcut\Revouninstaller.exe" -d "C:\Users\scott\Desktop\Programs Shortcut"
    Task: {3A531F3F-ABCC-4A2F-99C6-3CCDDFB4AB4B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-31] (Google Inc.)
    Task: {3F39622C-CA1C-4D45-B058-BB05EEB0F8F7} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe
    Task: {4043D432-5644-4C96-97F9-5E0815474F0D} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2703411556-3791652630-4122355323-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2014-04-06] (RealNetworks, Inc.)
    Task: {58F4FA65-BC81-434E-BA31-9AA787E4B826} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
    Task: {5FB54682-F935-49CC-924C-1194827C2B36} - System32\Tasks\{AE69AC1B-2775-42D9-ABB3-598BFE2D3F8E} => pcalua.exe -a E:\Setup.exe -d E:\
    Task: {792152B6-096B-4CD8-9A8F-0824B9A39D6D} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2703411556-3791652630-4122355323-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-04-06] (RealNetworks, Inc.)
    Task: {951061FE-2F1E-49A2-BB7B-73A6103611B3} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
    Task: {9EC0B341-5B37-4CD0-AFC2-0DC2FE7E7139} - System32\Tasks\{949BE8E6-CDBC-4308-9CC5-FE7B432F56C6} => pcalua.exe -a C:\Users\scott\Downloads\wmp11-windowsxp-x86-enu.exe -d C:\Users\scott\Downloads
    Task: {AE1FFF49-8CCD-4F32-892A-FDCF6FE349B3} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2703411556-3791652630-4122355323-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-04-07] (RealNetworks, Inc.)
    Task: {C78C42F9-88FF-4E12-B1F3-A8D19AA54D13} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2703411556-3791652630-4122355323-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-04-07] (RealNetworks, Inc.)
    Task: {D9BAA893-B38B-43E9-899E-11D50F0679A9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
    Task: {DAC79370-61A4-48B6-A7F9-D5BB54827AFA} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2703411556-3791652630-4122355323-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-04-06] (RealNetworks, Inc.)
    Task: {FA881B85-1F0A-48C3-9FB8-213306F22A16} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2703411556-3791652630-4122355323-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-04-07] (RealNetworks, Inc.)
    Task: {FBCEDC9A-04A6-40DF-8E3E-CDE789ACA296} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-31] (Google Inc.)
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe

    ==================== Loaded Modules (whitelisted) ==============

    2014-04-06 22:00 - 2014-04-06 22:00 - 00039568 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    2014-02-26 21:29 - 2014-02-21 13:17 - 00313856 _____ () C:\Program Files\Bitcasa\ExplorerMenu.dll
    2014-02-26 21:29 - 2014-02-21 13:06 - 02064384 _____ () C:\Program Files\Bitcasa\bitcasaui.dll
    2015-02-19 22:33 - 2015-02-17 14:44 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libglesv2.dll
    2015-02-19 22:33 - 2015-02-17 14:44 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libegl.dll
    2015-02-19 22:33 - 2015-02-17 14:44 - 09171272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\pdf.dll
    2014-04-16 20:34 - 2014-04-16 20:34 - 00572504 _____ () c:\program files (x86)\real\realplayer\RPDS\Lib\r1api.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\ProgramData\Temp:30FD0CBD

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SplashtopRemoteService => ""="Service"

    ==================== EXE Association (whitelisted) ===============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-2703411556-3791652630-4122355323-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\scott\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 209.18.47.61 - 209.18.47.62

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\Services: ACDaemon => 2
    MSCONFIG\Services: AdobeARMservice => 2
    MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 2
    MSCONFIG\Services: APNMCP => 2
    MSCONFIG\Services: bthserv => 3
    MSCONFIG\Services: gupdate => 2
    MSCONFIG\Services: gupdatem => 3
    MSCONFIG\Services: hpqwmiex => 3
    MSCONFIG\Services: LightScribeService => 2
    MSCONFIG\Services: RealPlayer Cloud Service => 2
    MSCONFIG\Services: RealPlayerUpdateSvc => 2
    MSCONFIG\Services: Secunia PSI Agent => 2
    MSCONFIG\Services: Secunia Update Agent => 2
    MSCONFIG\Services: SplashtopRemoteService => 2
    MSCONFIG\Services: SSUService => 2
    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RealPlayer Cloud Service UI.lnk => C:\Windows\pss\RealPlayer Cloud Service UI.lnk.CommonStartup
    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk => C:\Windows\pss\Secunia PSI Tray.lnk.CommonStartup
    MSCONFIG\startupfolder: C:^Users^scott^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Cloverfield.lnk.disabled => C:\Windows\pss\Cloverfield.lnk.disabled.Startup
    MSCONFIG\startupfolder: C:^Users^scott^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Internet Explorer.lnk => C:\Windows\pss\Internet Explorer.lnk.Startup
    MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files (x86)\CCleaner\CCleaner64.exe" /MONITOR
    MSCONFIG\startupreg: HP Deskjet 3510 series (NET) => "C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN2CI1NHQ305R7:NW" -scfn "HP Deskjet 3510 series (NET)" -AutoStart 1
    MSCONFIG\startupreg: HP Software Update => "C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe"
    MSCONFIG\startupreg: HPADVISOR => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
    MSCONFIG\startupreg: LightScribe Control Panel => "C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" -hidden
    MSCONFIG\startupreg: QlbCtrl.exe => "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
    MSCONFIG\startupreg: SearchProtect => C:\Users\scott\AppData\Roaming\SearchProtect\bin\cltmng.exe
    MSCONFIG\startupreg: SearchProtectAll => C:\Program Files (x86)\SearchProtect\bin\cltmng.exe
    MSCONFIG\startupreg: Speech Recognition => "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
    MSCONFIG\startupreg: SpybotSD TeaTimer => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    MSCONFIG\startupreg: TkBellExe => "c:\program files (x86)\real\realplayer\update\realsched.exe" -osboot
    MSCONFIG\startupreg: WirelessAssistant => "C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe"

    ==================== Accounts: =============================

    Administrator (S-1-5-21-2703411556-3791652630-4122355323-500 - Administrator - Disabled)
    Clean Slate (S-1-5-21-2703411556-3791652630-4122355323-1003 - Limited - Enabled) => C:\Users\Clean Slate
    Guest (S-1-5-21-2703411556-3791652630-4122355323-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-2703411556-3791652630-4122355323-1002 - Limited - Enabled)
    scott (S-1-5-21-2703411556-3791652630-4122355323-1001 - Administrator - Enabled) => C:\Users\scott

    ==================== Faulty Device Manager Devices =============

    Name: Teredo Tunneling Pseudo-Interface
    Description: Microsoft Teredo Tunneling Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (02/28/2015 00:47:00 PM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
    Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
    Please use sxstrace.exe for detailed diagnosis.

    Error: (02/28/2015 00:46:42 PM) (Source: SideBySide) (EventID: 63) (User: )
    Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
    The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

    Error: (02/26/2015 10:30:42 PM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
    Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
    Please use sxstrace.exe for detailed diagnosis.

    Error: (02/26/2015 10:30:28 PM) (Source: SideBySide) (EventID: 63) (User: )
    Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
    The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

    Error: (02/22/2015 04:54:42 PM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
    Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
    Please use sxstrace.exe for detailed diagnosis.

    Error: (02/22/2015 04:54:32 PM) (Source: SideBySide) (EventID: 63) (User: )
    Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
    The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

    Error: (02/20/2015 00:31:26 AM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
    Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
    Please use sxstrace.exe for detailed diagnosis.

    Error: (02/20/2015 00:31:18 AM) (Source: SideBySide) (EventID: 63) (User: )
    Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
    The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

    Error: (02/19/2015 00:33:04 AM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
    Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
    Please use sxstrace.exe for detailed diagnosis.

    Error: (02/19/2015 00:32:53 AM) (Source: SideBySide) (EventID: 63) (User: )
    Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
    The value "*" of attribute "language" in element "assemblyIdentity" is invalid.


    System errors:
    =============
    Error: (03/01/2015 00:14:31 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
    Description: The ScRegSetValueExW call failed for FailureCommand with the following error:
    %%5

    Error: (03/01/2015 00:14:04 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
    Description: The ScRegSetValueExW call failed for Start with the following error:
    %%5

    Error: (03/01/2015 00:04:03 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    SABKUTIL

    Error: (03/01/2015 11:55:34 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
    %%1068

    Error: (03/01/2015 11:55:34 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
    %%1068

    Error: (03/01/2015 11:55:34 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
    %%1068

    Error: (03/01/2015 11:55:34 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
    %%1068

    Error: (03/01/2015 11:55:34 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
    %%1068

    Error: (03/01/2015 11:55:34 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
    %%1068

    Error: (03/01/2015 11:47:01 AM) (Source: DCOM) (EventID: 10005) (User: )
    Description: 1068BITS{4991D34B-80A1-4291-83B6-3328366B9097}


    Microsoft Office Sessions:
    =========================
    Error: (02/28/2015 00:47:00 PM) (Source: SideBySide) (EventID: 33) (User: )
    Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{2259DBC1-EFFB-42B5-BA35-DFC0AAB2B3FB}\recordingmanager.exe

    Error: (02/28/2015 00:46:42 PM) (Source: SideBySide) (EventID: 63) (User: )
    Description: assemblyIdentitylanguage*c:\program files (x86)\spybot - search & destroy\DelZip179.dllc:\program files (x86)\spybot - search & destroy\DelZip179.dll8

    Error: (02/26/2015 10:30:42 PM) (Source: SideBySide) (EventID: 33) (User: )
    Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{2259DBC1-EFFB-42B5-BA35-DFC0AAB2B3FB}\recordingmanager.exe

    Error: (02/26/2015 10:30:28 PM) (Source: SideBySide) (EventID: 63) (User: )
    Description: assemblyIdentitylanguage*c:\program files (x86)\spybot - search & destroy\DelZip179.dllc:\program files (x86)\spybot - search & destroy\DelZip179.dll8

    Error: (02/22/2015 04:54:42 PM) (Source: SideBySide) (EventID: 33) (User: )
    Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{2259DBC1-EFFB-42B5-BA35-DFC0AAB2B3FB}\recordingmanager.exe

    Error: (02/22/2015 04:54:32 PM) (Source: SideBySide) (EventID: 63) (User: )
    Description: assemblyIdentitylanguage*c:\program files (x86)\spybot - search & destroy\DelZip179.dllc:\program files (x86)\spybot - search & destroy\DelZip179.dll8

    Error: (02/20/2015 00:31:26 AM) (Source: SideBySide) (EventID: 33) (User: )
    Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{2259DBC1-EFFB-42B5-BA35-DFC0AAB2B3FB}\recordingmanager.exe

    Error: (02/20/2015 00:31:18 AM) (Source: SideBySide) (EventID: 63) (User: )
    Description: assemblyIdentitylanguage*c:\program files (x86)\spybot - search & destroy\DelZip179.dllc:\program files (x86)\spybot - search & destroy\DelZip179.dll8

    Error: (02/19/2015 00:33:04 AM) (Source: SideBySide) (EventID: 33) (User: )
    Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{2259DBC1-EFFB-42B5-BA35-DFC0AAB2B3FB}\recordingmanager.exe

    Error: (02/19/2015 00:32:53 AM) (Source: SideBySide) (EventID: 63) (User: )
    Description: assemblyIdentitylanguage*c:\program files (x86)\spybot - search & destroy\DelZip179.dllc:\program files (x86)\spybot - search & destroy\DelZip179.dll8


    CodeIntegrity Errors:
    ===================================
    Date: 2013-02-16 20:10:29.142
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2013-02-16 20:10:29.080
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2012-12-09 01:37:58.119
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABProcEnum.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2012-12-09 01:37:58.108
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABProcEnum.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2012-12-09 01:37:56.067
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2012-12-09 01:37:56.055
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2012-12-09 01:37:55.218
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\sabdifsv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2012-12-09 01:37:55.206
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\sabdifsv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


    ==================== Memory info ===========================

    Processor: Intel(R) Celeron(R) CPU 900 @ 2.20GHz
    Percentage of memory in use: 59%
    Total physical RAM: 1979.2 MB
    Available physical RAM: 809.69 MB
    Total Pagefile: 3958.39 MB
    Available Pagefile: 2146.41 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.82 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:136.54 GB) (Free:67.24 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Drive d: (RECOVERY) (Fixed) (Total:12.31 GB) (Free:2.03 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 149.1 GB) (Disk ID: 0393754D)
    Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=136.5 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=12.3 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================
     
  4. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    besthomeguy,
    ---------------------------------------------------------------
    Avoid Unwanted Adware
    There are a few seriously important tips about avoiding unwanted adware.
    Adware purveyors are getting more devious and unethical, so you have to be more diligent.

    • Don't click on the Sidebars of Websites
      The items on the sides of websites may be enticing, but they are all advertising, and one click could download unwanted adware onto your machine.

    • Never agree to download anything, if prompted to do so while Online.
      that goes for, "Your codec/browser/flash... needs to be updated to do this, blah, blah.."
      or "you need to first download the xyz.. program to do what you want".
      It is OK to download updates if prompted by legitimate suppliers, when the machine boots, while not yet online.

    • Don't download anything from sites known for adware bundling.
      For any online downloads, best avoid using CNET, Download.com, BrotherSoft, or Softonic
      They package their own "downloaders" and, without notice, deliver serious adware in addition to the desired free programs.
      Unfortunately, the results may be disastrous for your machine.
      FileHippo and MajorGeeks have been better, so far, as sources for downloading software.
      The website of any program's original author is best of all.

    • Avoid Using P2P file sharing programs
      This includes ĀµTorrent, Bearshare, Bittorrent, BitComet, Azureus, Frostwire, Vuze, Shareaza, Bitlord.
      The Unethical have "planted" thousands upon thousands of infections and Adware items in the shared torrent files.

    Spybot does not provide the functionality you need here to protect recent systems
    ------------------------------------------------
    Remove Programs Using Control Panel
    From Start, Control Panel, click on Programs and Features
    Click each Entry, as follows, one by one, if it exists, choose Uninstall, and give permission to Continue:

    BitComet
    Spybot - Search & Destroy

    If Spybot asks whether to remove all settings, answer YES.
    Take extra care in answering questions posed by any Uninstaller.
    -----------------------------------------------------------
    REBOOT (RESTART) Your Machine

    --------------------------------------------------------
    Run A Fix With FRST
    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both the program FRST64.exe and Fixlist.txt be in the same location, or the fix will not work.
    (Both on the Desktop is OK, or both in the same folder elsewhere)

    Run FRST64 and press the Fix button just once and wait. DO NOT PRESS THE SCAN BUTTON.
    If for some reason the tool needs a restart, please make sure you let the system restart normally.
    The tool may start automatically and complete its work after the system restart. Let the tool complete its run.
    When finished, FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents in your reply.

    askey127
     

    Attached Files:

  5. besthomeguy

    besthomeguy Thread Starter

    Joined:
    Mar 1, 2015
    Messages:
    6
    okay thank you so much again.

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-02-2015
    Ran by scott at 2015-03-01 13:59:07 Run:2
    Running from C:\Users\scott\Desktop
    Loaded Profiles: scott (Available profiles: scott & Clean Slate)
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    Duplicate Cleaner Free 3.2.4 (HKLM-x32\...\Duplicate Cleaner Free) (Version: 3.2.4 - DigitalVolcano Software Ltd) <==== ATTENTION
    GroupPolicyUsers\S-1-5-21-2703411556-3791652630-4122355323-1003\User: Group Policy restriction detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-2703411556-3791652630-4122355323-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    SearchScopes: HKLM -> {85F65E60-E72C-4E9D-AE11-D675469AA0F4} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql
    SearchScopes: HKLM-x32 -> {85F65E60-E72C-4E9D-AE11-D675469AA0F4} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql
    SearchScopes: HKU\S-1-5-21-2703411556-3791652630-4122355323-1001 -> {512577E2-3FD5-4827-A761-95D245AFA955} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3298566&CUI=UN1618421 6192487031&UM=2
    BHO-x32: BitComet Helper -> {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} -> C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
    BHO-x32: No Name -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No File
    S3 BITCOMET_HELPER_SERVICE; C:\Program Files (x86)\BitComet\tools\BitCometService.exe [1296728 2010-12-28] (www.BitComet.com)
    S3 Lavasoft Kernexplorer; \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [X]
    2015-02-20 03:59 - 2010-10-21 19:44 - 00000000 ____D () C:\ProgramData\boost_interprocess
    2015-02-18 21:34 - 2013-10-10 18:58 - 00000000 ____D () C:\ProgramData\Conduit

    *****************

    Duplicate Cleaner Free 3.2.4 (HKLM-x32\...\Duplicate Cleaner Free) (Version: 3.2.4 - DigitalVolcano Software Ltd) <==== ATTENTION => Error: No automatic fix found for this entry.
    "C:\Windows\system32\GroupPolicyUsers\S-1-5-21-2703411556-3791652630-4122355323-1003\User" => File/Directory not found.
    HKLM\SOFTWARE\Policies\Google => Key not found.
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => Key not found.
    HKU\S-1-5-21-2703411556-3791652630-4122355323-1001\SOFTWARE\Policies\Microsoft\Internet Explorer => Key not found.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{85F65E60-E72C-4E9D-AE11-D675469AA0F4} => Key not found.
    HKCR\CLSID\{85F65E60-E72C-4E9D-AE11-D675469AA0F4} => Key not found.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{85F65E60-E72C-4E9D-AE11-D675469AA0F4} => Key not found.
    HKCR\Wow6432Node\CLSID\{85F65E60-E72C-4E9D-AE11-D675469AA0F4} => Key not found.
    HKU\S-1-5-21-2703411556-3791652630-4122355323-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{512577E2-3FD5-4827-A761-95D245AFA955} => Key not found.
    HKCR\CLSID\{512577E2-3FD5-4827-A761-95D245AFA955} => Key not found.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} => Key not found.
    HKCR\Wow6432Node\CLSID\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} => Key not found.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} => Key not found.
    HKCR\Wow6432Node\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} => Key not found.
    BITCOMET_HELPER_SERVICE => Service not found.
    Lavasoft Kernexplorer => Service not found.
    "C:\ProgramData\boost_interprocess" => File/Directory not found.
    "C:\ProgramData\Conduit" => File/Directory not found.

    ==== End of Fixlog 13:59:08 ====
     
  6. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    besthomeguy,
    ------------------------------------------------
    Remove Program Using Control Panel
    From Start, Control Panel, click on Programs and Features
    Click this Entry, as follows, if it exists, choose Uninstall, and give permission to Continue:

    Duplicate Cleaner Free 3.2.4

    Take extra care in answering questions posed by any Uninstaller.
    -----------------------------------------------------------
    REBOOT (RESTART) Your Machine

    -------------------------------------------------------------
    AdwCleaner Download and Run

    Download AdwCleaner and save it to your desktop or somewhere you can find it.
    Take care NOT to click on any ad, like from PC Optimizer Pro. The correct link is the button labeled "Download from Bleeping Computer".
    NOTE: If using Internet Explorer and you get an alert that stops the program downloading click on Tools > Smartscreen Filter > Turn off Smartscreen Filter then click on OK in the box that opens. Then click on the link again.

    Close your browser and double click on this icon on your desktop:

    [​IMG]

    You will then see the screen below. Click on the Scan button (as indicated), accept any prompts that appear and allow it to run.
    It may take several minutes to complete.
    When it is done, click on the Clean button, accept any prompts that appear and allow the system to Reboot.
    You will then be presented with the report. Copy & Paste it into a reply here.

    [​IMG]
    If you lose track of the log, it is saved in this folder C:\AdwCleaner\
    The filename will be adwcleaner[xx].txt where [xx] will be S1, or S2, etc. whichever filename is newest.

    askey127
     
  7. besthomeguy

    besthomeguy Thread Starter

    Joined:
    Mar 1, 2015
    Messages:
    6
    # AdwCleaner v4.111 - Logfile created 01/03/2015 at 14:43:49
    # Updated 18/02/2015 by Xplode
    # Database : 2015-02-18.3 [Server]
    # Operating system : Windows 7 Home Premium Service Pack 1 (x64)
    # Username : scott - PC
    # Running from : C:\Users\scott\Downloads\AdwCleaner.exe
    # Option : Cleaning

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\SearchProtect
    Folder Deleted : C:\ProgramData\apn
    Folder Deleted : C:\ProgramData\18389776859675616451
    Folder Deleted : C:\Program Files (x86)\Conduit
    Folder Deleted : C:\Program Files (x86)\HiDefMedia
    Folder Deleted : C:\Program Files (x86)\Yula
    Folder Deleted : C:\Program Files (x86)\CoupExtensionn
    Folder Deleted : C:\Program Files (x86)\DigiuCoupon
    Folder Deleted : C:\Program Files (x86)\DoWWnSavve
    Folder Deleted : C:\Program Files (x86)\FiandBeesstDiEAl
    Folder Deleted : C:\Program Files (x86)\NEwSeaveer
    Folder Deleted : C:\Users\scott\AppData\Local\PackageAware
    Folder Deleted : C:\Users\scott\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\scott\AppData\LocalLow\HPAppData
    Folder Deleted : C:\Users\scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfahdpadigldkpgimnnocnlodcobjnld

    ***** [ Scheduled tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Classes\P9088f94c_f85e_4bfc_a6df_bf5c28ed9918_.P9088f94c_f85e_4bfc_a6df_bf5c28ed9918_
    Key Deleted : HKLM\SOFTWARE\Classes\P9088f94c_f85e_4bfc_a6df_bf5c28ed9918_.P9088f94c_f85e_4bfc_a6df_bf5c28ed9918_.9
    Key Deleted : HKLM\SOFTWARE\Classes\Pb9dbf3ff_656d_4277_92d9_9e40b36826d7_.Pb9dbf3ff_656d_4277_92d9_9e40b36826d7_
    Key Deleted : HKLM\SOFTWARE\Classes\Pb9dbf3ff_656d_4277_92d9_9e40b36826d7_.Pb9dbf3ff_656d_4277_92d9_9e40b36826d7_.9
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9088f94c-f85e-4bfc-a6df-bf5c28ed9918}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{b9dbf3ff-656d-4277-92d9-9e40b36826d7}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C7405EEB-2E16-40FE-9E27-1F48CAAB15E1}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9088f94c-f85e-4bfc-a6df-bf5c28ed9918}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b9dbf3ff-656d-4277-92d9-9e40b36826d7}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9088f94c-f85e-4bfc-a6df-bf5c28ed9918}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{b9dbf3ff-656d-4277-92d9-9e40b36826d7}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{9088f94c-f85e-4bfc-a6df-bf5c28ed9918}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{b9dbf3ff-656d-4277-92d9-9e40b36826d7}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9088f94c-f85e-4bfc-a6df-bf5c28ed9918}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b9dbf3ff-656d-4277-92d9-9e40b36826d7}
    Key Deleted : HKCU\Software\APN PIP
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\IM
    Key Deleted : HKCU\Software\smarttweak
    Key Deleted : HKCU\Software\systweak
    Key Deleted : HKCU\Software\YahooPartnerToolbar
    Key Deleted : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
    Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
    Key Deleted : HKLM\SOFTWARE\AVG Secure Search
    Key Deleted : HKLM\SOFTWARE\Conduit
    Key Deleted : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
    Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
    Key Deleted : [x64] HKLM\SOFTWARE\TornTv Downloader
    Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>

    ***** [ Web browsers ] *****

    -\\ Internet Explorer v11.0.9600.17631


    -\\ Google Chrome v40.0.2214.115

    [C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : jifflliplgeajjdhmkcfnngfpgbjonjg
    [C:\Users\scott\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
    [C:\Users\scott\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

    *************************

    AdwCleaner[R0].txt - [5437 bytes] - [01/03/2015 14:37:32]
    AdwCleaner[S0].txt - [5193 bytes] - [01/03/2015 14:43:49]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5252 bytes] ##########
     
  8. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    Besthomeguy,
    Looks good.
    ----------------------------------------------
    Download and Run Temp File Cleaner (TFC.exe)
    Download Temp File Cleaner and save it to your desktop.
    You might want to Save any unsaved work. TFC will close ALL open programs... including your browser!
    Right click the TFC icon and choose Run as administrator.
    If you have a lot of junk files to remove, it could take a while, so please be patient and let it finish.
    When it's done, it will report the total size of files removed. If it asks to Reboot, choose to do so.
    This will remove files that could not be removed while Windows was running.
    After Restart, log back in to your usual account.
    You can keep TFC on your desktop and run it every week or two to clean out excessive temporary files. It does usually require a restart.

    -------------------------------------------------------------
    Download MyDefrag from here and Install it : http://www.mydefrag.com/
    (The download button is on the left).
    After Installation, run MyDefrag in System Disk Monthly Mode on the C: drive
    (Click System Disk Monthly and then check C: drive, click Run)
    Wait for it. Go for lunch. It goes through 6 Zones. The Window will be labeled Finished at the top when it is done.
    Going forward, you can run it in System Disk Daily mode, but once every week or two is sufficient.
    It will finish quite a bit faster in the ensuing runs.

    Tell me how it's running.
    askey127
     
  9. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1144014

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice