1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Constantly re-directed by malware

Discussion in 'Virus & Other Malware Removal' started by HalfFull, Feb 19, 2015.

Thread Status:
Not open for further replies.
Advertisement
  1. HalfFull

    HalfFull Thread Starter

    Joined:
    Sep 18, 2007
    Messages:
    37
    My laptop has been infected by malware that constantly re-directs me when I am trying to navigate the web. I thought I had removed this several weeks ago. I don't use the machine very often and when I went back recently it has re-appeared, with a vengeance.

    I am posting from a different device because I have not been able to get to the tech guys forum from the infected machine. That is why I have not download the TSG SysInfo as requested.

    Any suggestions?
     
  2. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    37,042
    Hiya

    Are you still having this problem? If so, can you try this. Download the following to the computer that is working, and transfer over using a usb drive etc


    Please download Malwarebytes' Anti-Malware from Here or Here

    Transfer to the USB drive.


    Also, download the manual updates, just in case it won't connect online correctly when updating (it tries to update when you click Scan)

    http://malwarebytes.gt500.org/

    and select Manually Updating Malwarebytes' Anti-Malware download

    Put that on the same disk, and install after you've installed the program.


    -----------

    Also, get AdwAware and transfer onto the drive:

    Go here, to download and save AdwCleaner.exe to your desktop.

    [​IMG]

    Just click on the Download Now @BleepingComputer

    Note: It looks like a gray bug with 6 black legs.

    --------------------------------------------



    Close all open windows first, then double-click AdwCleaner.exe to load its main window.

    Click the Scan button, then click "OK".

    Allow the scan process to finish.

    If it appears to freeze, be patient for a few minutes.

    When it's finished, click on the Report button.

    Return here to your thread, then copy-and-paste the ENTIRE log here


    -------------

    • Double Click the downloaded mbam-setup-x.x.x.xxxx.exe to install the application. (x.x.x.xxxx represents the current version number).
    • During installation, make sure uncheck Enable free trial of Malwarebytes Anti-Malware Premium, then click Finish. You can always upgrade later ;) :


      [​IMG]
    • If an update is found, it will download and install the latest updates automatically:


      [​IMG]
    • Now select the Settings tab, and check the box next to Scan for rootkits:

      [​IMG]
    • Go back to the Dashboard tab, and click the Scan Now button:

      [​IMG]
    • The scan may take some time to finish,so please be patient.

      [​IMG]
    • When the scan is complete, it will show you the results. (This one is clean):

      [​IMG]
    • Make sure that everything is checked, and click Quarantine All (or similar).
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note below) If the log doesn't open, select View detailed log in the Scan tab:

      [​IMG]
    • The log is automatically saved by MBAM and can be viewed by going to the History tab and clicking on Application Logs:

      [​IMG]
    • Choose the latest Scan Log, and click on the View button:

      [​IMG]
    • In the bottom of the Scanning History Log window that opens, you can click on Export > Save to Text file (*.txt). Save the report to your Desktop.

      [​IMG]
    • Copy & Paste the entire contents of the report log in your next reply.

    Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

    *** In your next reply, I need you to Copy&Paste the contents of the MBAM log file.

    -----------------------------

    Transfer both logs back to this computer, and copy/paste them here :)

    Thanks


    eddie
     
  3. HalfFull

    HalfFull Thread Starter

    Joined:
    Sep 18, 2007
    Messages:
    37
    Thanks for the reply eddie -

    I was away from home for a bit so I couldn't work on this problem. I am back and tried to execute your instructions but have been unsuccessful. I think I have a real doosey of a virus!

    I successfully downloaded the 2 programs to a USB. When I take the USB to the infected computer, the reimage repair file gets removed from the USB before I can copy it. If I am very quick I can find it on the USB but even if I just try to open it there it is removed before anything can happen.

    The mbam-rules.exe did copy to the infected computer. When I tried to run this an Install Wizard began and I am able to follow the prompts but it immediately says it is "finished" and then nothing. When I check the install list I don't see any recent activity so I think it isn't being installed.

    I tried using the infected computer directly to download the repair file. I am able to get to the webpage and click on the download but whether I run or save I get a message about needing administrator approval to proceed. I am the administrator but regardless of whether I "continue" or "skip" the download will not progress due to error messages.

    When I go to the bleeping computer site I get a pop up telling me the media content is not displaying properly and that I need to update the system player. It may be legit but I am reluctant to "update" anything right now.

    Yuck!!!

    Can you still help me?
     
  4. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    37,042
    No worries for the wait :)

    Just reading this part:

    You said reimage. Is that what you downloaded from the link I gave you? Should be AdwCleaner.


    You did right in not getting the player, Bleeping would never install this.

    Not sure what is on there, so lets run ComboFix straight away, see if it helps. Again, just transfer the file to the usb etc


    ----------------


    Download ComboFix from one of these locations:

    Link 1
    Link 2


    * IMPORTANT !!! As you download it rename it to HalfFull123.exe and save it to your Desktop


    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      • Remember to re-enable the protection again afterwards before connecting to the Internet.
    • Double click on ComboFix.exe & follow the prompts.

    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


    [​IMG]


    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    [​IMG]


    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
     
  5. HalfFull

    HalfFull Thread Starter

    Joined:
    Sep 18, 2007
    Messages:
    37
    Finally -

    I have attached the ComboFix.txt as requested.

    Things are better, I am able to post from the infected computer now but not quite right as i get all kinds of pop up warnings.

    Hopefully I can be a bit more responsive as we continue eddie - I am very grateful for your guidance.
     

    Attached Files:

  6. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    37,042
    That's great to hear, so lets do the next bit (y)

    Now, you have removed quite a lot there, and there were a few things that pointed to other things, so can we see if we can get the MBAM/Adwcleaner to run.

    I'll repost it here, see if you can get it from the infected computer. If still no joy, can you run the OTL program instead. It won't remove anything but show us what is there.

    But, if you can run them both, do so, then run the OTL program after, to see whats left :)

    *Also, you said before about Reimage trying to run with AdwCleaner. I've put the direct link but if you still have problems with it, leave it and just try the MBAM*

    -----------------------------------

    [​IMG] Please download Malwarebytes Anti-Malware to your desktop
    • Double-click mbam-setup-version.exe and follow the prompts to install the program.
    • At the end, be sure to uncheck the following:
      1. Enable free trial of Malwarebytes Anti-Malware Premium
    • Then click Finish.
    • If an update is found, you will be prompted to download and install the latest version.
    • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
    • When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
    • Reboot your computer if prompted.
    Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.


    --------

    Go here, to download and save AdwCleaner.exe to your desktop.

    Note: It looks like a gray bug with 6 black legs.

    Close all open windows first, then double-click AdwCleaner.exe to load its main window.

    Click the Scan button, then click "OK".

    Allow the scan process to finish.

    If it appears to freeze, be patient for a few minutes.

    When it's finished, click on the Report button.

    Return here to your thread, then copy-and-paste the ENTIRE log here


    --------------------

    Download OTL to your Desktop


    (Vista or Win 7 => right click and Run As Administrator)

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Standard Output.
    • At the top, check the box entitled Scan All Users
    • Toward the bottom, check:
      All Users
      LOP Check
      Purity Check
    • Under the Standard Registry box change it to All
      Do not change any settings unless otherwise told to do so.
    • Please copy the text in the code box below and paste it in the Custom Scans/Fixes box in OTL:

      Code:
      DRIVES
      netsvcs
      activex
      msconfig
      drivers32
      %systemroot%\assembly\GAC_32\*.ini
      %systemroot%\assembly\GAC_64\*.ini
      %ALLUSERSPROFILE%\Application Data\*.exe
      %APPDATA%\*.
      safebootminimal
      safebootnetwork
      %SYSTEMDRIVE%\*.*
      %PROGRAMFILES%\*.exe
      %LOCALAPPDATA%\*.exe
      %windir%\Installer\*.*
      %windir%\system32\tasks\*.*
      %windir%\system32\tasks\*.* /64
      %systemroot%\Fonts\*.exe
      %systemroot%\*. /mp /s
      /md5start
      pnrpnsp.dll
      nwprovau.dll
      nlaapi.dll
      napinsp.dll
      mswsock.dll
      winrnr.dll
      wshelper.dll
      consrv.dll
      explorer.exe
      winlogon.exe
      regedit.exe
      Userinit.exe
      svchost.exe
      services.exe
      user32.dll
      atapi.sys
      csrss.exe
      PRINTISOLATIONHOST.EXE
      /md5stop
      hklm\software\clients\startmenuinternet|command /rs
      hklm\software\clients\startmenuinternet|command /64 /rs
      %systemroot%\system32\*.dll /lockedfiles
      %systemroot%\Tasks\*.job /lockedfiles
      %systemdrive%\$Recycle.Bin|@;true;true;true /fp
      %systemroot%\system32\drivers\*.sys /lockedfiles
      C:\Windows\assembly\tmp\U\*.* /s
      %Temp%\smtmp\* \s
      %Temp%\smtmp\1\*.*
      %Temp%\smtmp\2\*.*
      %Temp%\smtmp\3\*.*
      %Temp%\smtmp\4\*.*
      dir "%systemdrive%\*" /S /A:L /C
      CREATERESTOREPOINT
      
    • Click the Run Scan button. The scan wont take long.
      A black box will appear, this is part of the custom scan, so don't be alarmed ;)
      IF OTL SAYS 'NOT RESPONDING' DON'T USE THE MOUSE. IT WILL CARRY ON SCANNING AFTER A FEW MINUTES

    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic


    ---------------

    Thanks

    eddie
     
  7. HalfFull

    HalfFull Thread Starter

    Joined:
    Sep 18, 2007
    Messages:
    37
    Eddie _

    Adwcleaner logfile below. I wasn't able to copy the OTL files into the thread so I attached the files. I feel like there was something else I was supposed to include in my response but hopefully this is enough.

    BTW - I am sure there is still stuff we haven't removed :rolleyes:




    # AdwCleaner v4.111 - Logfile created 06/03/2015 at 12:43:52
    # Updated 18/02/2015 by Xplode
    # Database : 2015-03-05.1 [Server]
    # Operating system : Windows 7 Home Premium Service Pack 1 (x64)
    # Username : Jim Wiles - JIMWILES-LAPTOP
    # Running from : C:\Users\Jim Wiles\Downloads\AdwCleaner.exe
    # Option : Scan

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    File Found : C:\Users\Carrie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage
    File Found : C:\Users\Carrie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage-journal
    File Found : C:\Users\Carrie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage
    File Found : C:\Users\Carrie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal
    File Found : C:\Users\Jim Wiles\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
    File Found : C:\Users\Jim Wiles\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
    File Found : C:\Users\Jim Wiles\AppData\Roaming\Mozilla\Firefox\Profiles\6j6pnmhh.default\user.js
    File Found : C:\Users\Jim Wiles\Desktop\FlvPlayer.lnk
    File Found : C:\Users\Jim Wiles\Desktop\Optimizer Pro.lnk
    Folder Found : C:\Program Files (x86)\BEtterPPrIceCheuc
    Folder Found : C:\Program Files (x86)\CLiickFiorrSuaolE
    Folder Found : C:\Program Files (x86)\FlvPlayer
    Folder Found : C:\Program Files (x86)\Optimizer Pro 3.16
    Folder Found : C:\Program Files (x86)\Realdeual
    Folder Found : C:\Program Files (x86)\Realdeual
    Folder Found : C:\Program Files (x86)\RoyaulCouupon
    Folder Found : C:\Program Files (x86)\ssavernet
    Folder Found : C:\Program Files (x86)\ssavernet
    Folder Found : C:\Program Files (x86)\SShoopperMaster
    Folder Found : C:\ProgramData\4d09ce8d5400296d
    Folder Found : C:\ProgramData\4d09ce8d5400296d
    Folder Found : C:\ProgramData\5551195122105854317
    Folder Found : C:\ProgramData\ehpjdmbbfmkjnnponkdinjaijndedgam
    Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
    Folder Found : C:\ProgramData\Realdeual
    Folder Found : C:\ProgramData\Realdeual
    Folder Found : C:\ProgramData\ssavernet
    Folder Found : C:\ProgramData\ssavernet
    Folder Found : C:\Users\Carrie\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh
    Folder Found : C:\Users\Carrie\AppData\LocalLow\AVG Secure Search
    Folder Found : C:\Users\Jim Wiles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FlvPlayer
    Folder Found : C:\Users\Jim Wiles\AppData\Roaming\Optimizer Pro
    Folder Found : C:\Users\Jim Wiles\Documents\Optimizer Pro

    ***** [ Scheduled tasks ] *****

    Task Found : Optimizer Pro Schedule

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
    Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Key Found : HKCU\Software\IGearSettings
    Key Found : HKCU\Software\InstalledBrowserExtensions
    Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
    Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\delta.com
    Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mywebgrocer.com
    Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
    Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.delta.com
    Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{661ff33c-3ba7-4e64-be63-c06bcc71f612}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{661ff33c-3ba7-4e64-be63-c06bcc71f612}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Found : HKCU\Software\Optimizer Pro
    Key Found : [x64] HKCU\Software\IGearSettings
    Key Found : [x64] HKCU\Software\InstalledBrowserExtensions
    Key Found : [x64] HKCU\Software\Optimizer Pro
    Key Found : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
    Key Found : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
    Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{065C1A21-97F8-45FB-A9F0-861B60FACEC8}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{12dfdab9-48be-48d0-907e-3663eb1464dc}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{3204358F-5904-46A6-841F-D6B5BE3EF4E3}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{3AE67737-0E3E-44AA-AA5E-46A68BF017FF}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{3EE5B726-044A-48D2-AA7B-049BD9A0F62A}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{55f6e569-1771-431b-ab36-cfa721019f67}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{60FBBE03-57FF-49D8-B38E-053D3F489825}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{661ff33c-3ba7-4e64-be63-c06bcc71f612}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{6A5182F1-C0B8-42B8-96CC-7F329CD46913}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{6C153418-8E4D-4FAF-AF27-5201E38463A7}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{7da1a422-ab14-4a25-96a7-3f1265dc7a93}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{8db8083d-ecef-4458-9ee0-696410e0e283}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{A26A2F05-AC4D-4A1E-9531-9125F7309B78}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5D6240-7DF0-435D-9B9B-F8586A99DE86}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{F343045E-E20A-46E1-82D8-9962C43EFC9E}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{FBB360DC-CB6C-4D6A-808A-2C773151BFFF}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{FFD7DDAC-EC28-42A5-8D39-917B9078604B}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
    Key Found : HKLM\SOFTWARE\Classes\P12dfdab9_48be_48d0_907e_3663eb1464dc_.P12dfdab9_48be_48d0_907e_3663eb1464dc_
    Key Found : HKLM\SOFTWARE\Classes\P12dfdab9_48be_48d0_907e_3663eb1464dc_.P12dfdab9_48be_48d0_907e_3663eb1464dc_.9
    Key Found : HKLM\SOFTWARE\Classes\P55f6e569_1771_431b_ab36_cfa721019f67_.P55f6e569_1771_431b_ab36_cfa721019f67_
    Key Found : HKLM\SOFTWARE\Classes\P55f6e569_1771_431b_ab36_cfa721019f67_.P55f6e569_1771_431b_ab36_cfa721019f67_.9
    Key Found : HKLM\SOFTWARE\Classes\P661ff33c_3ba7_4e64_be63_c06bcc71f612_.P661ff33c_3ba7_4e64_be63_c06bcc71f612_
    Key Found : HKLM\SOFTWARE\Classes\P661ff33c_3ba7_4e64_be63_c06bcc71f612_.P661ff33c_3ba7_4e64_be63_c06bcc71f612_.9
    Key Found : HKLM\SOFTWARE\Classes\P7da1a422_ab14_4a25_96a7_3f1265dc7a93_.P7da1a422_ab14_4a25_96a7_3f1265dc7a93_
    Key Found : HKLM\SOFTWARE\Classes\P7da1a422_ab14_4a25_96a7_3f1265dc7a93_.P7da1a422_ab14_4a25_96a7_3f1265dc7a93_.9
    Key Found : HKLM\SOFTWARE\Classes\P8db8083d_ecef_4458_9ee0_696410e0e283_.P8db8083d_ecef_4458_9ee0_696410e0e283_
    Key Found : HKLM\SOFTWARE\Classes\P8db8083d_ecef_4458_9ee0_696410e0e283_.P8db8083d_ecef_4458_9ee0_696410e0e283_.9
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{079E2F0F-FCA0-4163-BC82-5355B879E86E}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{41F978F3-431A-4464-A789-5C0692D562FB}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{57B0DCF0-8B40-4449-8AA4-E297D6E779D4}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E0D6077D-7186-48B2-A6C6-2F7C533E8CFF}
    Key Found : HKLM\SOFTWARE\GlobalUpdate
    Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
    Key Found : HKLM\SOFTWARE\InstalledBrowserExtensions
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{12dfdab9-48be-48d0-907e-3663eb1464dc}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{55f6e569-1771-431b-ab36-cfa721019f67}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{661ff33c-3ba7-4e64-be63-c06bcc71f612}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7da1a422-ab14-4a25-96a7-3f1265dc7a93}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8db8083d-ecef-4458-9ee0-696410e0e283}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37476589-E48E-439E-A706-56189E2ED4C4}_is1
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37476589-E48E-439E-A706-56189E2ED4C4}_is1
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{614925F9-841A-53FE-A28F-DC30FA07239B}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
    Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{12dfdab9-48be-48d0-907e-3663eb1464dc}
    Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
    Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{661ff33c-3ba7-4e64-be63-c06bcc71f612}
    Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{8db8083d-ecef-4458-9ee0-696410e0e283}
    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
    Key Found : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions

    ***** [ Web browsers ] *****

    -\\ Internet Explorer v11.0.9600.17631


    -\\ Mozilla Firefox v11.0 (en-US)


    -\\ Google Chrome v39.0.2171.95

    [C:\Users\Carrie\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
    [C:\Users\Carrie\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
    [C:\Users\Jim Wiles\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
    [C:\Users\Jim Wiles\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
    *************************

    AdwCleaner[R0].txt - [11593 bytes] - [06/03/2015 12:43:52]

    ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [11653 bytes] ##########
     

    Attached Files:

  8. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    37,042
    Thanks, it was the MBAM log, but this is plenty to look at :)

    Whilst I do, can you run this with AdwCleaner. I'll go through the above, see what there is etc ;)


    Re-run AdwCleaner with the Scan option. After its finished scanning, click the Clean button.

    Allow the cleaning process to finish.

    If it appears to freeze, be patient for a few minutes.

    When it's finished, click on the Report button.

    Return here to your thread, then copy-and-paste the ENTIRE log here
     
  9. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    37,042
    Okay, I think if you run the above first, that should remove a good deal to start with. Then, we'll remove some other stuff, scan to see whats there with other tools, and remove as we go :)

    One quick question: do you use PC Doctor? If not, we'll remove that later on. Prefer to ask then just remove it ;)
     
  10. HalfFull

    HalfFull Thread Starter

    Joined:
    Sep 18, 2007
    Messages:
    37
    Eddie-

    I think I am going backwards!

    i attempted to follow your instructions. I had to download the adwcleaner again, fighting through the attempts to hijack. I try to run the .exe file and I am asked if I authorize changes to my computer by this program. I agree and that is the last thingi see happen. I retraced my steps several times without success.

    As I post this, the infected computer can no longer open a Google page and I am posting from another device.

    I don't use pc doctor.

    my word, isn't this fun?
     
  11. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    37,042
    At work at the moment, so can't get to any of my links etc, so will have to look fully when home.

    You oginally ran it from here:

    C:\Users\Jim Wiles\Downloads\AdwCleaner.exe

    I take it, its not there anymore.

    Let me see if I can get RogueKiller. I think it may have to be a transfer thing again, but lets use this to see if it helps. May have to go another route, but we'll get there.

    ----

    Download RogueKiller to your desktop

    • Quit all running programs
    • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
    • When prompted, type 1 and validate by tapping Enter
    • The RKreport.txt shall be generated next to the executable.
    • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
    Please post the contents of the RKreport.txt in your next Reply.
     
  12. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    37,042
    Do you still have OTL on the computer? It was saved to here:

    C:\Users\Jim Wiles\Downloads

    If so, and you have problems with AdwCleaner etc, we'll try the manual approach with OTL. When we run the fix, disconnect from the web, just in case it tries to keep installing the malware we're trying to remove.

    I'll start creating the fix, but if you manage to get adwcleaner and/or RogueKiller, then post them first, as it should help :)
     
  13. HalfFull

    HalfFull Thread Starter

    Joined:
    Sep 18, 2007
    Messages:
    37
    Hi Eddie:

    There are 2 log files from AdwCleaner pasted below

    AdwCleaner[R3]:
    # AdwCleaner v4.112 - Logfile created 12/03/2015 at 17:47:39
    # Updated 09/03/2015 by Xplode
    # Database : 2015-03-05.1 [Server]
    # Operating system : Windows 7 Home Premium Service Pack 1 (x64)
    # Username : Jim Wiles - JIMWILES-LAPTOP
    # Running from : C:\Users\Jim Wiles\Downloads\AdwCleaner (1).exe
    # Option : Scan

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Found : C:\Users\Carrie\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh

    ***** [ Scheduled tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****


    ***** [ Web browsers ] *****

    -\\ Internet Explorer v11.0.9600.17631


    -\\ Mozilla Firefox v11.0 (en-US)


    -\\ Google Chrome v39.0.2171.95

    *************************

    AdwCleaner[R0].txt - [11781 bytes] - [06/03/2015 13:43:52]
    AdwCleaner[R1].txt - [12285 bytes] - [12/03/2015 16:56:45]
    AdwCleaner[R2].txt - [23559 bytes] - [12/03/2015 16:58:39]
    AdwCleaner[R3].txt - [969 bytes] - [12/03/2015 17:47:39]
    AdwCleaner[S0].txt - [13550 bytes] - [12/03/2015 17:03:46]

    ########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [1087 bytes] ##########


    AdwCleaner [S1}:
    # AdwCleaner v4.112 - Logfile created 12/03/2015 at 17:52:13
    # Updated 09/03/2015 by Xplode
    # Database : 2015-03-05.1 [Server]
    # Operating system : Windows 7 Home Premium Service Pack 1 (x64)
    # Username : Jim Wiles - JIMWILES-LAPTOP
    # Running from : C:\Users\Jim Wiles\Downloads\AdwCleaner (1).exe
    # Option : Cleaning

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\Users\Carrie\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh

    ***** [ Scheduled tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****


    ***** [ Web browsers ] *****

    -\\ Internet Explorer v11.0.9600.17631


    -\\ Mozilla Firefox v11.0 (en-US)


    -\\ Google Chrome v39.0.2171.95


    *************************

    AdwCleaner[R0].txt - [11781 bytes] - [06/03/2015 13:43:52]
    AdwCleaner[R1].txt - [12285 bytes] - [12/03/2015 16:56:45]
    AdwCleaner[R2].txt - [23559 bytes] - [12/03/2015 16:58:39]
    AdwCleaner[R3].txt - [1166 bytes] - [12/03/2015 17:47:39]
    AdwCleaner[S0].txt - [13550 bytes] - [12/03/2015 17:03:46]
    AdwCleaner[S1].txt - [1096 bytes] - [12/03/2015 17:52:13]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1155 bytes] ##########


    I also downloaded and ran the SparkPlucPCCleaner. Several items were "found" but I wasn't able to access a report or a log. Cleaning required registering etc which I didn't do. It makes me worried that I have been dupped again while trying to download your recommendations.

    I'm not sure I'm helping you much:rolleyes:
     
  14. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    37,042
    Every little bit helps, trust me. As much info you give helps in trying to get stuff removed. Also, what may fix someone may need to be tweaked for the next person :)


    For the SparkPlucPCCleaner, where did you get it from? Was it from a link that I posted above?

    Can you re-run OTL as follows (basic scan) to see if AdwCleaner removed the other entries that I was going to remove. Then, we'll run the OTL fix to remove the things it finds, and work on some manual scans, to remove the other stuff :)

    So, the basic OTL scan. No need to get another copy, just use the one in the Downloads folder. It will overwrite the original OTL log, and will only need that one, no need to post the Extras if it appears (may not on the second run ;)

    ----------------

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic
     
  15. HalfFull

    HalfFull Thread Starter

    Joined:
    Sep 18, 2007
    Messages:
    37
    I did get sparkplucpccleaner from the link you posted. I actually repeated my steps from a non-infected device and downloaded a file that was identical so I guess it was right, I just couldn't find the report/log file.

    Here is the OTL.txt from this morning:
    OTL logfile created on: 3/14/2015 10:23:47 AM - Run 2
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jim Wiles\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.11.9600.17633)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.91 Gb Total Physical Memory | 2.17 Gb Available Physical Memory | 55.44% Memory free
    7.82 Gb Paging File | 5.65 Gb Available in Paging File | 72.23% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 451.01 Gb Total Space | 222.10 Gb Free Space | 49.24% Space Free | Partition Type: NTFS

    Computer Name: JIMWILES-LAPTOP | User Name: Jim Wiles | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2015/03/06 14:18:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jim Wiles\Downloads\OTL.exe
    PRC - [2014/12/19 09:48:18 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2014/11/21 14:20:52 | 000,043,816 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    PRC - [2014/11/21 14:20:38 | 000,043,816 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    PRC - [2014/10/21 18:52:24 | 022,869,088 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    PRC - [2014/10/11 13:05:40 | 000,060,712 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
    PRC - [2013/09/16 01:26:08 | 000,924,040 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
    PRC - [2013/09/16 01:24:16 | 000,153,992 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
    PRC - [2013/09/16 01:23:04 | 000,395,656 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
    PRC - [2013/09/15 23:07:00 | 001,505,608 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
    PRC - [2013/08/20 06:44:58 | 000,054,152 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
    PRC - [2013/06/28 18:48:04 | 000,014,624 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    PRC - [2011/09/06 14:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
    PRC - [2011/08/18 12:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
    PRC - [2011/08/18 12:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
    PRC - [2011/08/01 14:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
    PRC - [2011/06/29 08:52:54 | 000,474,176 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
    PRC - [2011/06/27 19:26:30 | 002,022,976 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
    PRC - [2010/11/17 13:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    PRC - [2010/11/17 11:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
    PRC - [2010/11/06 00:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    PRC - [2010/11/06 00:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    PRC - [2010/11/03 13:01:20 | 001,298,496 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
    PRC - [2010/11/03 12:53:28 | 000,897,088 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
    PRC - [2010/11/03 12:53:06 | 000,979,008 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
    PRC - [2010/10/29 17:20:58 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe
    PRC - [2010/10/05 22:04:12 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2010/10/05 22:04:08 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2010/10/01 17:55:28 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
    PRC - [2010/09/17 15:28:14 | 000,577,792 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Backup Now EZ\BackupNowEZtray.exe
    PRC - [2010/09/17 15:28:06 | 000,045,312 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe
    PRC - [2010/08/19 19:06:56 | 000,487,562 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
    PRC - [2009/08/04 18:21:58 | 000,030,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe


    ========== Modules (No Company Name) ==========

    MOD - [2015/03/14 10:16:47 | 001,160,704 | ---- | M] () -- C:\Users\Jim Wiles\AppData\Local\Temp\_MEI55402\_ssl.pyd
    MOD - [2015/03/14 10:16:47 | 000,811,008 | ---- | M] () -- C:\Users\Jim Wiles\AppData\Local\Temp\_MEI55402\wx._windows_.pyd
    MOD - [2015/03/14 10:16:47 | 000,805,888 | ---- | M] () -- C:\Users\Jim Wiles\AppData\Local\Temp\_MEI55402\wx._gdi_.pyd
    MOD - [2015/03/14 10:16:47 | 000,713,216 | ---- | M] () -- C:\Users\Jim Wiles\AppData\Local\Temp\_MEI55402\_hashlib.pyd
    MOD - [2015/03/14 10:16:47 | 000,110,080 | ---- | M] () -- C:\Users\Jim Wiles\AppData\Local\Temp\_MEI55402\PyWinTypes27.dll
    MOD - [2015/03/14 10:16:47 | 000,027,136 | ---- | M] () -- C:\Users\Jim Wiles\AppData\Local\Temp\_MEI55402\_multiprocessing.pyd
    MOD - [2015/03/14 10:16:47 | 000,007,168 | ---- | M] () -- C:\Users\Jim Wiles\AppData\Local\Temp\_MEI55402\hashobjs_ext.pyd
    MOD - [2015/03/14 10:16:46 | 001,062,400 | ---- | M] () -- C:\Users\Jim Wiles\AppData\Local\Temp\_MEI55402\wx._controls_.pyd
    MOD - [2015/03/14 10:16:46 | 000,070,656 | ---- | M] () -- C:\Users\Jim Wiles\AppData\Local\Temp\_MEI55402\wx._html2.pyd
    MOD - [2015/03/14 10:16:46 | 000,025,600 | ---- | M] () -- C:\Users\Jim Wiles\AppData\Local\Temp\_MEI55402\win32pdh.pyd
    MOD - [2015/03/14 10:16:46 | 000,024,064 | ---- | M] () -- C:\Users\Jim Wiles\AppData\Local\Temp\_MEI55402\win32pipe.pyd
    MOD - [2015/03/14 10:15:49 | 000,686,080 | ---- | M] () -- C:\Users\Jim Wiles\AppData\Local\Temp\_MEI55402\unicodedata.pyd
    MOD - [2015/03/14 10:15:48 | 000,127,488 | ---- | M] () -- C:\Users\Jim Wiles\AppData\Local\Temp\_MEI55402\pyexpat.pyd
    MOD - [2015/03/14 10:15:48 | 000,038,912 | ---- | M] () -- C:\Users\Jim Wiles\AppData\Local\Temp\_MEI55402\win32inet.pyd
    MOD - [2015/03/14 10:15:48 | 000,018,432 | ---- | M] () -- C:\Users\Jim Wiles\AppData\Local\Temp\_MEI55402\win32event.pyd
    MOD - [2015/03/14 10:15:48 | 000,017,408 | ---- | M] () -- C:\Users\Jim Wiles\AppData\Local\Temp\_MEI55402\win32profile.pyd
    MOD - [2015/03/14 10:15:48 | 000,010,240 | ---- | M] () -- C:\Users\Jim Wiles\AppData\Local\Temp\_MEI55402\select.pyd
    MOD - [2015/03/14 10:15:47 | 000,525,640 | ---- | M] () -- C:\Users\Jim Wiles\AppData\Local\Temp\_MEI55402\windows._lib_cacheinvalidation.pyd
    MOD - [2015/03/14 10:15:47 | 000,119,808 | ---- | M] () -- C:\Users\Jim Wiles\AppData\Local\Temp\_MEI55402\win32file.pyd
    MOD - [2015/03/14 10:15:47 | 000,108,544 | ---- | M] () -- C:\Users\Jim Wiles\AppData\Local\Temp\_MEI55402\win32security.pyd
    MOD - [2015/03/14 10:15:47 | 000,045,568 | ---- | M] () -- C:\Users\Jim Wiles\AppData\Local\Temp\_MEI55402\_socket.pyd
    MOD - [2015/03/14 10:15:46 | 001,175,040 | ---- | M] () -- C:\Users\Jim Wiles\AppData\Local\Temp\_MEI55402\wx._core_.pyd
    MOD - [2015/03/14 10:15:46 | 000,735,232 | ---- | M] () -- C:\Users\Jim Wiles\AppData\Local\Temp\_MEI55402\wx._misc_.pyd
    MOD - [2015/03/14 10:15:46 | 000,557,056 | ---- | M] () -- C:\Users\Jim Wiles\AppData\Local\Temp\_MEI55402\pysqlite2._sqlite.pyd
    MOD - [2015/03/14 10:15:46 | 000,364,544 | ---- | M] () -- C:\Users\Jim Wiles\AppData\Local\Temp\_MEI55402\pythoncom27.dll
    MOD - [2015/03/14 10:15:46 | 000,320,512 | ---- | M] () -- C:\Users\Jim Wiles\AppData\Local\Temp\_MEI55402\win32com.shell.shell.pyd
    MOD - [2015/03/14 10:15:46 | 000,167,936 | ---- | M] () -- C:\Users\Jim Wiles\AppData\Local\Temp\_MEI55402\win32gui.pyd
    MOD - [2015/03/14 10:15:46 | 000,128,512 | ---- | M] () -- C:\Users\Jim Wiles\AppData\Local\Temp\_MEI55402\_elementtree.pyd
    MOD - [2015/03/14 10:15:46 | 000,122,368 | ---- | M] () -- C:\Users\Jim Wiles\AppData\Local\Temp\_MEI55402\wx._wizard.pyd
    MOD - [2015/03/14 10:15:46 | 000,098,816 | ---- | M] () -- C:\Users\Jim Wiles\AppData\Local\Temp\_MEI55402\win32api.pyd
    MOD - [2015/03/14 10:15:46 | 000,087,552 | ---- | M] () -- C:\Users\Jim Wiles\AppData\Local\Temp\_MEI55402\_ctypes.pyd
    MOD - [2015/03/14 10:15:46 | 000,078,336 | ---- | M] () -- C:\Users\Jim Wiles\AppData\Local\Temp\_MEI55402\wx._animate.pyd
    MOD - [2015/03/14 10:15:46 | 000,035,840 | ---- | M] () -- C:\Users\Jim Wiles\AppData\Local\Temp\_MEI55402\win32process.pyd
    MOD - [2015/03/14 10:15:46 | 000,022,528 | ---- | M] () -- C:\Users\Jim Wiles\AppData\Local\Temp\_MEI55402\win32ts.pyd
    MOD - [2015/03/14 10:15:46 | 000,011,264 | ---- | M] () -- C:\Users\Jim Wiles\AppData\Local\Temp\_MEI55402\win32crypt.pyd
    MOD - [2015/03/06 12:33:24 | 010,069,504 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System\d18e2115a3270f89663fce831547f534\System.ni.dll
    MOD - [2015/03/05 18:15:48 | 012,895,232 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\d8223c30928e02bc7ed5b8b81effa7b5\System.Windows.Forms.ni.dll
    MOD - [2015/03/05 18:15:41 | 001,642,496 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\dd2f9ea99ac0f984b9dc430824638c9f\System.Drawing.ni.dll
    MOD - [2015/03/05 18:14:32 | 017,207,296 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\d1265d6159ea876f9d63ea4c1361b587\mscorlib.ni.dll
    MOD - [2014/11/12 04:44:17 | 001,669,632 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\bb21380c3d4870a81038f30e1a00bcd5\Microsoft.VisualBasic.ni.dll
    MOD - [2014/11/12 04:43:47 | 000,475,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\82fb26570c888a04480408d950d9b016\IAStorUtil.ni.dll
    MOD - [2014/11/12 04:40:31 | 000,774,144 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\875c35969785fa170d186e7ca546ac9e\System.Runtime.Remoting.ni.dll
    MOD - [2014/10/16 04:10:41 | 002,297,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\e3641fa3359f37ad12c84183ce765093\System.Core.ni.dll
    MOD - [2014/10/16 04:03:38 | 000,368,128 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7b22741531a2850c807656d0298a96bd\PresentationFramework.Aero.ni.dll
    MOD - [2014/10/16 04:03:37 | 000,212,992 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\a229c5bed4a12b5db6ca55d223ada6df\System.ServiceProcess.ni.dll
    MOD - [2014/10/16 04:03:29 | 011,922,944 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\b4001d722e320fa42cd87b04b5249b2d\System.Web.ni.dll
    MOD - [2014/10/16 04:03:12 | 014,340,096 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1f539baa94516139240877cb6afd72c2\PresentationFramework.ni.dll
    MOD - [2014/10/16 04:03:01 | 012,435,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1453d9e9a4989833ef3db4b22549ba1a\System.Windows.Forms.ni.dll
    MOD - [2014/10/16 04:02:56 | 001,593,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\836e10dfd0811b303553216f5cb092ef\System.Drawing.ni.dll
    MOD - [2014/10/16 04:02:51 | 005,467,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d49908aa93a23c84847b1f8b1b667860\System.Xml.ni.dll
    MOD - [2014/10/16 04:02:48 | 000,978,432 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\237d509a79aeef6e4635b09450d98f2a\System.Configuration.ni.dll
    MOD - [2014/10/16 04:02:47 | 012,236,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\3d4f835b8078dacc8d5da623e2c3f0ee\PresentationCore.ni.dll
    MOD - [2014/10/16 04:02:38 | 003,348,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d97a5aa0eb7697aca7c6e90ae471af2b\WindowsBase.ni.dll
    MOD - [2014/10/16 04:02:35 | 007,991,808 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\908ba9e296e92b4e14bdc2437edac603\System.ni.dll
    MOD - [2014/10/11 13:06:16 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2014/10/11 13:05:58 | 001,044,776 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2014/09/12 04:16:51 | 000,014,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\f473a3fb0073a13849f5206103f64a99\IAStorCommon.ni.dll
    MOD - [2014/09/12 04:03:29 | 011,497,984 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
    MOD - [2011/08/18 12:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
    MOD - [2011/06/29 08:52:54 | 000,474,176 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
    MOD - [2011/06/27 19:26:30 | 002,022,976 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
    MOD - [2011/06/27 19:25:30 | 000,058,944 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\DataService.dll
    MOD - [2011/06/24 23:21:46 | 000,322,624 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\en-US\UI\ManagerUI.dll
    MOD - [2011/06/24 23:20:26 | 000,565,968 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\sqlite3.dll
    MOD - [2010/11/24 23:44:02 | 000,375,280 | ---- | M] () -- c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll
    MOD - [2010/11/17 11:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
    MOD - [2010/03/22 15:52:42 | 006,776,832 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\QtGui4.dll
    MOD - [2010/03/16 20:28:28 | 000,326,144 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\QtXml4.dll
    MOD - [2010/03/16 20:28:16 | 000,635,904 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\QtNetwork4.dll
    MOD - [2010/03/16 20:28:04 | 001,926,144 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\QtCore4.dll
    MOD - [2010/03/11 19:52:34 | 000,225,280 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qmng4.dll
    MOD - [2010/03/11 19:52:34 | 000,028,160 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qgif4.dll
    MOD - [2010/03/05 15:07:58 | 000,125,952 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qjpeg4.dll
    MOD - [2010/03/05 15:07:58 | 000,031,744 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qico4.dll
    MOD - [2009/08/04 18:23:16 | 000,063,032 | ---- | M] () -- C:\Program Files (x86)\HP\HP UT LEDM\bin\HPTools.dll
    MOD - [2009/08/04 18:23:02 | 000,075,320 | ---- | M] () -- C:\Program Files (x86)\HP\HP UT LEDM\bin\HPToolkit.dll
    MOD - [2008/09/29 17:37:44 | 000,460,199 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Backup Now EZ\sqlite3.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2015/01/13 16:11:30 | 000,562,200 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\McAPExe.exe -- (McAPExe)
    SRV:64bit: - [2015/01/11 22:34:30 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
    SRV:64bit: - [2015/01/07 19:37:22 | 000,601,864 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
    SRV:64bit: - [2014/11/21 11:17:58 | 000,422,632 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\CSP\1.3.336.0\McCSPServiceHost.exe -- (mccspsvc)
    SRV:64bit: - [2014/11/06 06:34:38 | 001,050,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe -- (mfecore)
    SRV:64bit: - [2014/10/31 20:10:34 | 000,335,064 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (MSK80Service)
    SRV:64bit: - [2014/10/31 20:10:34 | 000,335,064 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe -- (McProxy)
    SRV:64bit: - [2014/10/31 20:10:34 | 000,335,064 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe -- (mcpltsvc)
    SRV:64bit: - [2014/10/31 20:10:34 | 000,335,064 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe -- (McNaiAnn)
    SRV:64bit: - [2014/10/31 20:10:34 | 000,335,064 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McMPFSvc)
    SRV:64bit: - [2014/10/31 20:10:34 | 000,335,064 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (HomeNetSvc)
    SRV:64bit: - [2014/10/01 12:18:08 | 000,189,920 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
    SRV:64bit: - [2014/10/01 12:15:18 | 000,221,832 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
    SRV:64bit: - [2014/04/09 09:13:48 | 000,289,256 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe -- (McComponentHostService)
    SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2013/03/04 13:31:38 | 004,774,208 | ---- | M] (RealVNC Ltd) [Auto | Running] -- C:\Program Files\RealVNC\VNC Server\vncserver.exe -- (vncserver)
    SRV:64bit: - [2012/09/26 20:30:48 | 000,126,880 | ---- | M] (HP) [Auto | Running] -- C:\Windows\SysNative\HPSIsvc.exe -- (HPSIService)
    SRV:64bit: - [2011/01/25 05:57:18 | 000,296,448 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
    SRV:64bit: - [2010/12/17 15:41:32 | 001,515,792 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
    SRV:64bit: - [2010/12/17 15:28:46 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
    SRV:64bit: - [2010/12/17 15:26:50 | 000,836,880 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
    SRV:64bit: - [2010/11/29 16:00:56 | 000,149,504 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
    SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2009/07/13 21:39:31 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\windows\SysNative\rundll32.exe -- (9b784ed1)
    SRV:64bit: - [2009/03/03 06:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
    SRV - [2015/02/19 17:39:38 | 000,155,368 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe -- (McAfee SiteAdvisor Service)
    SRV - [2015/02/18 06:01:34 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2014/12/30 09:15:06 | 000,013,720 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\896\g2aservice.exe -- (GoToAssist)
    SRV - [2014/12/19 09:48:18 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2014/04/12 00:08:08 | 000,103,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2014/03/20 18:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2013/10/23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2013/06/28 18:48:04 | 000,014,624 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
    SRV - [2011/08/18 12:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
    SRV - [2010/11/25 06:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
    SRV - [2010/11/25 06:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
    SRV - [2010/11/06 00:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
    SRV - [2010/11/03 13:01:20 | 001,298,496 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
    SRV - [2010/11/03 12:53:28 | 000,897,088 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
    SRV - [2010/10/29 14:20:58 | 000,236,016 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe -- (CLKMSVC10_9EC60124)
    SRV - [2010/10/05 22:04:12 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
    SRV - [2010/10/05 22:04:08 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
    SRV - [2010/09/17 15:28:06 | 000,045,312 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe -- (NTI BackupNowEZSvr)
    SRV - [2010/08/25 21:28:54 | 002,823,000 | ---- | M] (Dell, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU)
    SRV - [2009/06/24 11:57:04 | 000,136,704 | ---- | M] (HP) [Auto | Stopped] -- C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe -- (HP LaserJet Service)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2014/10/01 12:20:58 | 000,072,136 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
    DRV:64bit: - [2014/10/01 12:18:18 | 000,348,560 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
    DRV:64bit: - [2014/10/01 12:16:28 | 000,786,304 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
    DRV:64bit: - [2014/10/01 12:15:28 | 000,526,360 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
    DRV:64bit: - [2014/10/01 12:14:48 | 000,313,680 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
    DRV:64bit: - [2014/10/01 12:14:26 | 000,181,584 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
    DRV:64bit: - [2014/09/19 02:44:18 | 000,096,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfencrk.sys -- (mfencrk)
    DRV:64bit: - [2014/09/19 02:43:24 | 000,447,440 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfencbdc.sys -- (mfencbdc)
    DRV:64bit: - [2014/08/15 23:35:00 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2013/09/23 13:49:22 | 000,197,704 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HipShieldK.sys -- (HipShieldK)
    DRV:64bit: - [2013/08/19 22:48:42 | 000,095,152 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm)
    DRV:64bit: - [2012/09/26 01:45:35 | 000,020,480 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mvusbews.sys -- (mvusbews)
    DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/08/01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
    DRV:64bit: - [2011/05/13 04:28:46 | 000,363,856 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
    DRV:64bit: - [2011/04/13 15:04:38 | 000,023,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
    DRV:64bit: - [2011/04/08 23:00:20 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
    DRV:64bit: - [2011/03/25 22:17:48 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/01/25 05:57:18 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
    DRV:64bit: - [2010/12/21 10:08:48 | 008,505,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
    DRV:64bit: - [2010/12/10 17:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
    DRV:64bit: - [2010/12/10 17:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
    DRV:64bit: - [2010/12/01 06:02:22 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
    DRV:64bit: - [2010/11/29 16:00:04 | 000,016,120 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
    DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/06 19:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2010/11/04 06:07:06 | 000,058,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)
    DRV:64bit: - [2010/11/04 06:06:44 | 000,053,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmaud.sys -- (btmaudio)
    DRV:64bit: - [2010/11/04 04:31:44 | 000,059,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex)
    DRV:64bit: - [2010/10/29 20:11:42 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
    DRV:64bit: - [2010/10/26 15:08:08 | 000,406,632 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2010/10/19 19:12:58 | 000,274,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)
    DRV:64bit: - [2010/10/15 05:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
    DRV:64bit: - [2010/09/21 10:59:38 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
    DRV:64bit: - [2010/08/12 11:51:30 | 000,175,168 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
    DRV:64bit: - [2010/03/19 04:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
    DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 20:00:13 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Dot4Scan.sys -- (Dot4Scan)
    DRV:64bit: - [2009/06/10 16:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
    DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/05 16:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
    DRV:64bit: - [2009/05/05 16:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
    DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
    DRV:64bit: - [2006/11/01 13:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
    DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE:64bit: - HKLM\..\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
    IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    IE - HKCU\..\SearchScopes,DefaultScope = {BF071843-D79D-4E65-80E8-18A50F928E20}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
    IE - HKCU\..\SearchScopes\{52596C6C-7BFF-426D-A949-75972141FDF9}: "URL" = https://search.yahoo.com/search?fr=mcafee&type=B011US105D20121029&p={SearchTerms}
    IE - HKCU\..\SearchScopes\{BF071843-D79D-4E65-80E8-18A50F928E20}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.order.1: "Secure Search"
    FF - prefs.js..extensions.enabledAddons: {4ED1F68A-5463-4931-9384-8FFF5ED91D92}:3.6.3
    FF - prefs.js..network.proxy.no_proxies_on: "*.local"
    FF - prefs.js..network.proxy.type: 0
    FF - prefs.js..browser.search.defaultenginename: "Secure Search"
    FF - prefs.js..keyword.URL: "https://search.yahoo.com/search?fr=mcafee&type=B111US105D20121029&p="
    FF - prefs.js..browser.search.selectedEngine: "Secure Search"
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@Citrix.com/npican: C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Jim Wiles\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Jim Wiles\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Jim Wiles\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Jim Wiles\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2015/03/05 17:40:27 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/10/22 20:46:51 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\McAfee\MSK [2015/03/12 17:53:11 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{e4f94d1e-2f53-401e-8885-681602c0ddd8}: C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014/04/04 06:36:14 | 000,010,691 | ---- | M] ()

    [2012/04/11 10:20:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jim Wiles\AppData\Roaming\Mozilla\Extensions
    [2015/01/14 21:24:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jim Wiles\AppData\Roaming\Mozilla\Firefox\Profiles\6j6pnmhh.default\extensions
    [2015/03/03 18:28:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jim Wiles\AppData\Roaming\Mozilla\Firefox\Profiles\6j6pnmhh.default\extensions\staged
    [2012/04/11 10:19:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/03/13 00:39:39 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012/03/13 00:38:32 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2013/03/06 14:22:26 | 000,002,024 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml
    [2012/03/13 00:38:32 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - homepage:
    CHR - plugin: Error reading preferences file
    CHR - Extension: Google Slides = C:\Users\Jim Wiles\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\
    CHR - Extension: Google Docs = C:\Users\Jim Wiles\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\
    CHR - Extension: Google Drive = C:\Users\Jim Wiles\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\
    CHR - Extension: YouTube = C:\Users\Jim Wiles\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\
    CHR - Extension: Google Search = C:\Users\Jim Wiles\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
    CHR - Extension: Google Sheets = C:\Users\Jim Wiles\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\
    CHR - Extension: SiteAdvisor = C:\Users\Jim Wiles\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.65.135.1_1\
    CHR - Extension: Application Launcher for Drive (by Google) = C:\Users\Jim Wiles\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh\3.2_0\
    CHR - Extension: Gmail = C:\Users\Jim Wiles\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8_0\

    O1 HOSTS File: ([2015/03/03 21:42:06 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
    O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
    O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe ()
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
    O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [Stage Remote] C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe ()
    O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [AccuWeatherWidget] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe ()
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [BackupNowEZtray] C:\Program Files (x86)\NewTech Infosystems\Backup Now EZ\BackupNowEZtray.exe (NewTech Infosystems, Inc.)
    O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)
    O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
    O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.)
    O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
    O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
    O4 - HKLM..\Run: [HPUsageTrackingLEDM] C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe (Hewlett-Packard Company)
    O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
    O4 - HKLM..\Run: [mcpltui_exe] C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe (McAfee, Inc.)
    O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
    O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
    O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [Redirector] C:\Program Files (x86)\Citrix\ICA Client\redirector.exe (Citrix Systems, Inc.)
    O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [RoxWatchTray] c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
    O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
    O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
    O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
    O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{24A590EE-0FB4-456B-98E9-AFD3DFA9C2B8}: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{670A3528-945A-4BA9-9EA6-94FEFB046EF6}: DhcpNameServer = 192.168.0.1
    O18:64bit: - Protocol\Handler\cozi - No CLSID value found
    O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
    O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
    O18:64bit: - Protocol\Filter\ica - No CLSID value found
    O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
    O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\896\G2AWinLogon_x64.dll) - C:\Program Files (x86)\Citrix\GoToAssist\896\g2awinlogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2015/03/14 10:20:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
    [2015/03/12 17:57:23 | 000,000,000 | ---D | C] -- C:\Users\Jim Wiles\AppData\Roaming\SparkTrust
    [2015/03/12 17:57:18 | 000,000,000 | ---D | C] -- C:\Users\Jim Wiles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SparkTrust
    [2015/03/12 17:57:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SparkTrust
    [2015/03/12 17:57:07 | 000,000,000 | ---D | C] -- C:\ProgramData\SparkTrust
    [2015/03/12 17:57:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SparkTrust
    [2015/03/12 17:50:44 | 000,197,704 | ---- | C] (McAfee, Inc.) -- C:\windows\SysNative\drivers\HipShieldK.sys
    [2015/03/06 13:43:45 | 000,000,000 | ---D | C] -- C:\AdwCleaner
    [2015/03/06 11:40:35 | 000,129,752 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\MBAMSwissArmy.sys
    [2015/03/06 11:40:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    [2015/03/06 11:40:10 | 000,093,400 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbamchameleon.sys
    [2015/03/06 11:40:10 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mwac.sys
    [2015/03/06 11:40:10 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
    [2015/03/06 11:40:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
    [2015/03/06 06:48:00 | 000,000,000 | ---D | C] -- C:\ProgramData\5551195122105854317
    [2015/03/03 21:46:00 | 000,000,000 | ---D | C] -- C:\windows\temp
    [2015/03/03 21:42:09 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
    [2015/03/03 18:11:38 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
    [2015/03/03 18:11:38 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
    [2015/03/03 18:11:38 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
    [2015/03/03 18:10:43 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2015/03/03 18:10:22 | 000,000,000 | ---D | C] -- C:\windows\erdnt
    [2015/02/28 10:56:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2015/02/28 10:56:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2015/02/28 10:46:33 | 007,747,104 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Jim Wiles\Desktop\mbam-rules.exe
    [2015/02/18 06:52:10 | 000,000,000 | ---D | C] -- C:\ProgramData\PC-Doctor for Windows
    [2015/02/18 06:52:03 | 000,000,000 | ---D | C] -- C:\Program Files\Dell Support Center
    [2015/02/18 06:41:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Destroy the Web
    [2 C:\Users\Jim Wiles\Desktop\*.tmp files -> C:\Users\Jim Wiles\Desktop\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2015/03/14 10:37:00 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1183911440-790361981-2699837154-1004UA1cf27cfe0bdda3.job
    [2015/03/14 10:33:01 | 000,000,924 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1183911440-790361981-2699837154-1001UA.job
    [2015/03/14 10:22:00 | 000,000,898 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA1cff0597ca1e073.job
    [2015/03/14 10:18:57 | 020,260,076 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
    [2015/03/14 10:18:57 | 007,073,572 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
    [2015/03/14 10:18:57 | 000,006,250 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
    [2015/03/14 10:15:18 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore1cf914d95758bb3.job
    [2015/03/14 10:15:14 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
    [2015/03/14 10:15:12 | 000,000,898 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA1cf5377b10c36c2.job
    [2015/03/14 10:14:52 | 000,000,860 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1183911440-790361981-2699837154-1004Core1cf4ec3598be6b3.job
    [2015/03/14 10:14:52 | 000,000,653 | ---- | M] () -- C:\windows\tasks\SparkTrust PC Cleaner Plus_sch_0E342E6C-C907-11E4-9EEE-AC7289117FAF.job
    [2015/03/14 10:14:52 | 000,000,472 | ---- | M] () -- C:\windows\tasks\SparkTrust Registration3.job
    [2015/03/14 10:14:51 | 000,000,872 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1183911440-790361981-2699837154-1001Core1cfff35231e029.job
    [2015/03/14 10:14:48 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
    [2015/03/13 10:40:57 | 000,022,704 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2015/03/13 10:40:57 | 000,022,704 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2015/03/13 10:32:40 | 3148,222,464 | -HS- | M] () -- C:\hiberfil.sys
    [2015/03/12 17:57:21 | 000,001,355 | ---- | M] () -- C:\Users\Jim Wiles\Desktop\SparkTrust PC Cleaner Plus.lnk
    [2015/03/12 17:41:56 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
    [2015/03/12 16:54:28 | 000,000,020 | ---- | M] () -- C:\Users\Jim Wiles\AppData\Roaming\appdataFr3.bin
    [2015/03/06 11:41:47 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\MBAMSwissArmy.sys
    [2015/03/06 11:40:18 | 000,001,104 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2015/03/03 21:42:06 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
    [2015/02/28 10:30:50 | 007,747,104 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Jim Wiles\Desktop\mbam-rules.exe
    [2015/02/19 19:55:22 | 000,001,080 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
    [2015/02/19 04:47:35 | 000,471,152 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
    [2 C:\Users\Jim Wiles\Desktop\*.tmp files -> C:\Users\Jim Wiles\Desktop\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2015/03/12 18:28:07 | 000,000,653 | ---- | C] () -- C:\windows\tasks\SparkTrust PC Cleaner Plus_sch_0E342E6C-C907-11E4-9EEE-AC7289117FAF.job
    [2015/03/12 17:57:40 | 000,000,472 | ---- | C] () -- C:\windows\tasks\SparkTrust Registration3.job
    [2015/03/12 17:57:21 | 000,001,355 | ---- | C] () -- C:\Users\Jim Wiles\Desktop\SparkTrust PC Cleaner Plus.lnk
    [2015/03/12 17:41:56 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2015/03/06 11:40:18 | 000,001,104 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2015/03/03 18:11:38 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
    [2015/03/03 18:11:38 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
    [2015/03/03 18:11:38 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
    [2015/03/03 18:11:38 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
    [2015/03/03 18:11:38 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
    [2015/02/18 07:04:57 | 000,000,020 | ---- | C] () -- C:\Users\Jim Wiles\AppData\Roaming\appdataFr3.bin
    [2014/11/19 19:51:44 | 000,000,000 | ---- | C] () -- C:\Users\Jim Wiles\AppData\Local\{A2CAC6A0-750A-4F83-8C05-071A1CFDD670}
    [2014/06/12 19:55:31 | 000,000,000 | ---- | C] () -- C:\Users\Jim Wiles\AppData\Local\{B2E0DFC5-373D-4672-B157-1B2617FB19C0}
    [2013/04/03 10:09:04 | 000,000,600 | ---- | C] () -- C:\Users\Jim Wiles\PUTTY.RND
    [2012/01/29 22:08:40 | 000,001,080 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
    [2011/08/28 10:55:44 | 000,005,632 | ---- | C] () -- C:\Users\Jim Wiles\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/07/31 16:32:13 | 000,038,428 | ---- | C] () -- C:\Users\Jim Wiles\AppData\Roaming\Comma Separated Values (Windows).ADR

    ========== ZeroAccess Check ==========

    [2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 22:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 21:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2014/12/29 12:53:14 | 000,000,000 | ---D | M] -- C:\Users\Jim Wiles\AppData\Roaming\Dropbox
    [2011/07/06 23:13:38 | 000,000,000 | ---D | M] -- C:\Users\Jim Wiles\AppData\Roaming\Fingertapps
    [2013/10/17 21:24:06 | 000,000,000 | ---D | M] -- C:\Users\Jim Wiles\AppData\Roaming\ICAClient
    [2011/09/28 18:26:38 | 000,000,000 | ---D | M] -- C:\Users\Jim Wiles\AppData\Roaming\IDT
    [2014/07/16 19:10:17 | 000,000,000 | ---D | M] -- C:\Users\Jim Wiles\AppData\Roaming\PCDr
    [2015/03/12 17:57:23 | 000,000,000 | ---D | M] -- C:\Users\Jim Wiles\AppData\Roaming\SparkTrust
    [2015/02/18 06:45:42 | 000,000,000 | ---D | M] -- C:\Users\Jim Wiles\AppData\Roaming\TeamViewer

    ========== Purity Check ==========



    < End of report >

    extras file didn't appear
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1143401

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice