1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Infected by Rovnix.gen and bogus popups

Discussion in 'Virus & Other Malware Removal' started by sjdomin, May 18, 2014.

Thread Status:
Not open for further replies.
Advertisement
  1. sjdomin

    sjdomin Thread Starter

    Joined:
    Feb 20, 2005
    Messages:
    112
    Running Windows 7 64bit premium oh HP desktop.
    Infection resulted evidently from opening bogus E-mail (see my earlier post)
    Symptoms: persistent bogus "update flash player" popup; slow unresponsive Internet Explorer (100% CPU usage).
    MS Security Essentials Quick scan removed the popup; found and removed 3 files variously named (Hodouv\Aqdyozy.exe; Ezxain\ovpoez.exe;; ExupMEA\obcos.exe).
    It also found (Severe Threat) MS DOS Rovnix.gen!A (Quarantined) and WIN 64 Rovnix.gen!A (cleaned).
    The infections returned after restart until I turned off System Restore and deleted earlier restore points.
    Scans in Safe Mode with (updated) Spybot and Malbytes found no new infections but Malbytes several times reported "malicious web sit blocked"
    Hijack this, DDS and GMer files:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 12:39:07 PM, on 5/18/2014
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v11.0 (11.00.9600.17041)
    Boot mode: Safe mode with network support

    Running processes:
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://xfinity.comcast.net/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
    O2 - BHO: Freemake.YoutubeButton - {e9e8eb35-ff77-455d-b677-91e5e4fc06c2} - mscoree.dll (file missing)
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
    O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll
    O4 - HKLM\..\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
    O4 - HKLM\..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
    O4 - HKLM\..\Run: [Memeo Instant Backup] C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui
    O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [WebStorage] C:\Program Files (x86)\ASUS\WebStorage\2.1.1.265\AsusWSPanel.exe /S
    O4 - HKLM\..\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui
    O4 - HKLM\..\Run: [Recordpad] "C:\Program Files (x86)\NCH Swift Sound\Recordpad\recordpad.exe" -logon
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [AllShareAgent] C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKCU\..\Run: [cdloader] "C:\Users\Sam\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_FD70E4195A4DE5E83920BD6414A71B17] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
    O4 - HKCU\..\Run: [Google Update] "C:\Users\Sam\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [Google+ Auto Backup] "C:\Users\Sam\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart
    O4 - HKCU\..\Run: [rulejwhq] "C:\Users\Sam\AppData\Local\esxqeroq.exe"
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - Startup: Amazon Cloud Drive.appref-ms
    O4 - Global Startup: HRBlockDirect.lnk = C:\Program Files (x86)\HRBlockDirect\HRBlockDirect.exe
    O4 - Global Startup: SanDisk Media Manager.lnk = ?
    O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
    O4 - Global Startup: Snapfish PictureMover.lnk = C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
    O8 - Extra context menu item: Free YouTube Download - C:\Users\Sam\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
    O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    O9 - Extra button: @C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\IE\IEPluginDownloader.dll,-4 - {FC0EA236-1C31-418e-BFCE-A76DDB7F1362} - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\IE\IEPluginDownloader.dll (HKCU)
    O9 - Extra 'Tools' menuitem: Freemake Video Downloader - {FC0EA236-1C31-418e-BFCE-A76DDB7F1362} - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\IE\IEPluginDownloader.dll (HKCU)
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    O23 - Service: AcerSyncSystemService - Unknown owner - C:\Program Files\Acer\AcerSync\AcerSyncSystemService.exe
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: FreemakeVideoCapture - Ellora Assets Corp. - C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    O23 - Service: MemeoBackgroundService - Memeo - C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
    O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
    O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    O23 - Service: RoxioNow Service - Roxio - C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Samsung AllShare PC (SamsungAllShareV2.0) - Samsung Electronics Co., Ltd. - C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: Seagate Dashboard Service (SeagateDashboardService) - Memeo - C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
    O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\PSIA.exe
    O23 - Service: Secunia Update Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\sua.exe
    O23 - Service: SimpleSlideShowServer - Samsung Electronics Co., Ltd. - C:\Program Files (x86)\Samsung\AllShare\AllShareSlideShowService.exe
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

    --
    End of file - 17111 bytes

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 5/2/2011 4:01:04 PM
    System Uptime: 5/18/2014 12:21:32 PM (1 hours ago)
    .
    Motherboard: FOXCONN | | 2AB1
    Processor: AMD Athlon(tm) II X4 640 Processor | CPU 1 | 2992/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 919 GiB total, 453.804 GiB free.
    D: is FIXED (NTFS) - 13 GiB total, 1.273 GiB free.
    E: is CDROM ()
    G: is Removable
    H: is Removable
    I: is Removable
    J: is Removable
    K: is Removable
    L: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: Security Processor Loader Driver
    Device ID: ROOT\LEGACY_SPLDR\0000
    Manufacturer:
    Name: Security Processor Loader Driver
    PNP Device ID: ROOT\LEGACY_SPLDR\0000
    Service: spldr
    .
    ==== System Restore Points ===================
    .
    RP723: 5/17/2014 10:16:54 PM - After Safe Mode Scan malbyte Spybot MS Security Essentials
    .
    ==== Image File Execution Options =============
    .
    .
    ==== Installed Programs ======================
    .
    .
    ==== End Of File ===========================

    GMER 2.1.19357 - http://www.gmer.net
    Rootkit scan 2014-05-18 13:56:51
    Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000063 ST310005 rev.HP35 931.51GB
    Running: tzipdven.exe; Driver: C:\Users\Sam\AppData\Local\Temp\kxldypow.sys


    ---- User code sections - GMER 2.1 ----

    .text C:\Program Files\Internet Explorer\iexplore.exe[2644] C:\Windows\system32\winmm.dll!PlaySoundW 000007fef8612144 5 bytes {CALL 0xffffffffffffdebe}
    .text C:\Program Files\Internet Explorer\iexplore.exe[2644] C:\Windows\system32\winmm.dll!waveOutWrite 000007fef8613d40 5 bytes {CALL 0xffffffffffffc2c2}
    .text C:\Program Files\Internet Explorer\iexplore.exe[2644] C:\Windows\system32\winmm.dll!PlaySound 000007fef8632f10 5 bytes {CALL 0xfffffffffffdd0f2}
    .text C:\Program Files\Internet Explorer\iexplore.exe[2444] C:\Windows\system32\winmm.dll!PlaySoundW 000007fef8612144 5 bytes {CALL 0xffffffffffffdebe}
    .text C:\Program Files\Internet Explorer\iexplore.exe[2444] C:\Windows\system32\winmm.dll!waveOutWrite 000007fef8613d40 5 bytes {CALL 0xffffffffffffc2c2}
    .text C:\Program Files\Internet Explorer\iexplore.exe[2444] C:\Windows\system32\winmm.dll!PlaySound 000007fef8632f10 5 bytes {CALL 0xfffffffffffdd0f2}
    .text C:\Program Files\Internet Explorer\iexplore.exe[5880] C:\Windows\system32\winmm.dll!PlaySoundW 000007fef8612144 5 bytes {CALL 0xffffffffffffdebe}
    .text C:\Program Files\Internet Explorer\iexplore.exe[5880] C:\Windows\system32\winmm.dll!waveOutWrite 000007fef8613d40 5 bytes {CALL 0xffffffffffffc2c2}
    .text C:\Program Files\Internet Explorer\iexplore.exe[5880] C:\Windows\system32\winmm.dll!PlaySound 000007fef8632f10 5 bytes {CALL 0xfffffffffffdd0f2}

    ---- Threads - GMER 2.1 ----

    Thread C:\Windows\system32\svchost.exe [256:468] 000007fefa2059a0
    Thread C:\Windows\system32\svchost.exe [256:1164] 000007fefce11a70
    Thread C:\Windows\Explorer.EXE [1056:2076] 000000000413ff3c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:4224] 0000000000071a10
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:4200] 000000000007d240
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:3092] 000000000007d240
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:4420] 000000000007d240
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:3972] 000000000007d240
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:3812] 000000000007d240
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:2004] 000000000007d240
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:6100] 000000000007d240
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:2996] 000000000007d240
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:5684] 000000000007d240
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:3824] 000000000007d240
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:732] 000000000007d240
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:2984] 000000000007d240
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:968] 000000000007d240
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:4612] 0000000000082540
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:5784] 0000000000082540
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:2288] 0000000000082540
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:2972] 0000000000082540
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:4624] 0000000000082540
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:3524] 0000000000082540
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:4036] 0000000000082540
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:3276] 0000000000082540
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:4376] 0000000000082540
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:5000] 0000000000082540
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:3264] 000000000007d240
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:2572] 000000000007d240
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:4052] 000000000007d240
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:5252] 000000000007d240
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:4776] 000000000007d240
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:2456] 000000000007d240
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:4720] 000000000007d240
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:3632] 000000000007d240
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:2460] 000000000007d240
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:4876] 000000000007d240
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:3068] 000000000007d240
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:3120] 000000000007d240
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:2068] 000000000007d240
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:1328] 000000000007d240
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:4756] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:3504] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:4828] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:4056] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:5336] 000007fefc6834d0
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:2324] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:5416] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:692] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:3740] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:6072] 00000000720213e0
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:1748] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:4560] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:2212] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:3436] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:4712] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:3136] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:4432] 0000000071fa8dc0
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:2200] 0000000071fa8dc0
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:5620] 0000000071fa8dc0
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:4272] 0000000071fa8dc0
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:952] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:3488] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:4128] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:4404] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:4792] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:5064] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:4780] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:3688] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:5540] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:2548] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:3204] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:5928] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:3252] 0000000071fa8dc0
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:796] 0000000071fa8dc0
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:5212] 0000000071fa8dc0
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:5028] 0000000071fa8dc0
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:4824] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:3404] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:2464] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:2224] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:892] 000000000007d240
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:3300] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:2852] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:3364] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:5472] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:4900] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:2544] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:3052] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:4024] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:4292] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:6060] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:3096] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:5456] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:5912] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:3132] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:3852] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:4304] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:1996] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:2812] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:3872] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:1852] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:2936] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:1572] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:2100] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:4788] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:5936] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:2624] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:5224] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:2956] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:2920] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:3944] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:4644] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:2132] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:3400] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:5480] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:3156] 0000000071fa8dc0
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:1988] 0000000071fa8dc0
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:4136] 0000000071fa8dc0
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:5388] 0000000071fa8dc0
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:2700] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:2884] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:3440] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:4916] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:5564] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:3104] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:5360] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:2096] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:5172] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:2656] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:6020] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:6064] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:1276] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:3444] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:116] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:4500] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:4168] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:4372] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:4240] 0000000071fa8dc0
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:2472] 0000000071fa8dc0
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:4228] 0000000071fa8dc0
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:1384] 0000000071fa8dc0
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:5184] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:1128] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:3648] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:3384] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:4388] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:1780] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:5748] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:4368] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:924] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:3152] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:4908] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:2664] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:5712] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:4408] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:2228] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:4760] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:2360] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:5148] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:1916] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:5220] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:4912] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:3128] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:5284] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:4620] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:5352] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:2376] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:4816] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:1888] 0000000071fa8dc0
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:3212] 0000000071fa8dc0
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:5228] 0000000071fa8dc0
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:4252] 0000000071fa8dc0
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:5948] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:3636] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:5976] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:4692] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:4088] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:4512] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:5856] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:5100] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:4724] 0000000071fa8dc0
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:212] 0000000071fa8dc0
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:3916] 0000000071fa8dc0
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:2964] 0000000071fa8dc0
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:4708] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:5836] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:5852] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:2876] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:3116] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:756] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:4684] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:2116] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:3964] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:5516] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:5324] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:3304] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:3828] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:4652] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:6092] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:4588] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:276] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:5872] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:4280] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:6028] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:5704] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:2636] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:4716] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:3692] 0000000071fa8dc0
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:3980] 0000000071fa8dc0
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:2796] 0000000071fa8dc0
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:4108] 0000000071fa8dc0
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:5400] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:5188] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:5204] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:3960] 0000000071fa8dc0
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:5924] 0000000071fa8dc0
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:4968] 0000000071fa8dc0
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:5652] 0000000071fa8dc0
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:3188] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:4004] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:2184] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:4772] 0000000071fa8dc0
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:3372] 0000000071fa8dc0
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:2552] 0000000071fa8dc0
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:1768] 0000000071fa8dc0
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:2980] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:3036] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:1364] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:6080] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:3452] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:4124] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:2336] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:1320] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:3908] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:620] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:2808] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:1900] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:2864] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:2764] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:5848] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:5524] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:3880] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:1920] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:1648] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:3060] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:3844] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:1520] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:5076] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:5008] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:5460] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:2084] 0000000071fa8dc0
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:2488] 0000000071fa8dc0
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:1812] 0000000071fa8dc0
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:3928] 0000000071fa8dc0
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:5092] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:3172] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:1964] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:2932] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:3600] 0000000071fa8dc0
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:2088] 0000000071fa8dc0
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:4836] 0000000071fa8dc0
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:3168] 0000000071fa8dc0
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:5964] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:6112] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:1432] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:2856] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:2012] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:1376] 0000000071fa8dc0
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:4696] 0000000071fa8dc0
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:1316] 0000000071fa8dc0
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:2520] 0000000071fa8dc0
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:4316] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:1124] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:4100] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:1936] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:4700] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:3756] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:4312] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:5696] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:1396] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:2640] 0000000071fa8dc0
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:5528] 0000000071fa8dc0
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:5272] 0000000071fa8dc0
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:1628] 0000000071fa8dc0
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:2416] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:5056] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:308] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:6008] 0000000071fa8dc0
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:1956] 0000000071fa8dc0
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:4556] 0000000071fa8dc0
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:2268] 0000000071fa8dc0
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:3048] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:2404] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:4888] 0000000071fa8dc0
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:2860] 0000000071fa8dc0
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:4204] 0000000071fa8dc0
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:3392] 0000000071fa8dc0
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:1008] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:3408] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:1236] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:1292] 0000000071fa8dc0
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:2952] 0000000071fa8dc0
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:2612] 0000000071fa8dc0
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:4480] 0000000071fa8dc0
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:1800] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:4180] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:5916] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:2716] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:3376] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:3508] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:4984] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:3996] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:4032] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:2300] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:2988] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:324] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:5260] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:5908] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:3312] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:4444] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:4972] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:1984] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:5340] 0000000071fa8dc0
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:6088] 0000000071fa8dc0
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:1836] 0000000071fa8dc0
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:5328] 0000000071fa8dc0
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:6040] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:4568] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:1496] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:4064] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:3248] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:3656] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:3476] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:668] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:4840] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:3516] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:2208] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:2532] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:3696] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:5344] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:2412] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:1356] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:1692] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:4728] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:3988] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:4964] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:2736] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:3004] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:2820] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:1500] 0000000071fa8dc0
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:3112] 0000000071fa8dc0
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:3484] 0000000071fa8dc0
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:3320] 0000000071fa8dc0
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:2032] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:3840] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:3332] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:4552] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:2028] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:4048] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:5012] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:5108] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:1724] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:4608] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:3528] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:4012] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:876] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:6016] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:2556] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:5576] 0000000071fa8dc0
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:5060] 0000000071fa8dc0
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:6116] 0000000071fa8dc0
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:5728] 0000000071fa8dc0
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:6260] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:6264] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:6268] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:6272] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:6276] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:6284] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:6292] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:6300] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:6372] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:6376] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:6384] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:6388] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:6396] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:6400] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:6404] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:6408] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:6416] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:6420] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:6428] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:6432] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:6440] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:6448] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:6452] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:6460] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:6464] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:6468] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:6476] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:6480] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:6484] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:6492] 0000000071fa8dc0
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:6496] 0000000071fa8dc0
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:6500] 0000000071fa8dc0
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:6504] 0000000071fa8dc0
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:6508] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:6528] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:6596] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:6600] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:6604] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:6608] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:6612] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:6616] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:6624] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:6632] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:6640] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:6648] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:6652] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:6660] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:6664] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:6668] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:6672] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:6676] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:6684] 0000000071fa8dc0
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:6688] 0000000071fa8dc0
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:6692] 0000000071fa8dc0
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:6696] 0000000071fa8dc0
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:6732] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:6736] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:6740] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:6748] 0000000071fa8dc0
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:6752] 0000000071fa8dc0
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:6756] 0000000071fa8dc0
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:6760] 0000000071fa8dc0
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:6764] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:6768] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:6772] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:6780] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:6784] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:6788] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:6792] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:6796] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:6800] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:6804] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:6808] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:6816] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:6824] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:6832] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:6844] 000000000007d240
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:6952] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:6956] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:6964] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:6968] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:6980] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:6984] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:7032] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:7036] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:7080] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:7084] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:7092] 0000000071fa8dc0
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:7096] 0000000071fa8dc0
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:7100] 0000000071fa8dc0
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:7104] 0000000071fa8dc0
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:7152] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:7156] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:7160] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:2992] 0000000071fa8dc0
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:4152] 0000000071fa8dc0
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:2036] 0000000071fa8dc0
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:5780] 0000000071fa8dc0
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:5200] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:3016] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:768] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:3148] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:4196] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:3032] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:6168] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:6172] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:4340] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [1436:4144] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [2644:3044] 0000000000171a10
    Thread C:\Program Files\Internet Explorer\iexplore.exe [2644:4576] 000000000017d240
    Thread C:\Program Files\Internet Explorer\iexplore.exe [2644:2740] 000000000017d240
    Thread C:\Program Files\Internet Explorer\iexplore.exe [2644:1352] 000000000017d240
    Thread C:\Program Files\Internet Explorer\iexplore.exe [2644:5644] 000000000017d240
    Thread C:\Program Files\Internet Explorer\iexplore.exe [2644:1548] 0000000000182540
    Thread C:\Program Files\Internet Explorer\iexplore.exe [2644:1284] 000000000017d240
    Thread C:\Program Files\Internet Explorer\iexplore.exe [2644:2240] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [2644:3728] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [2644:4440] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [2644:2816] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [2644:4248] 00000000720213e0
    Thread C:\Program Files\Internet Explorer\iexplore.exe [2644:864] 000007fefc6834d0
    Thread C:\Program Files\Internet Explorer\iexplore.exe [2644:1588] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [2644:5140] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [2644:6848] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [2644:6852] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [2644:6872] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [2644:6876] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [2644:6880] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [2644:6888] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [2644:6892] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [2644:6896] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [2644:6904] 0000000071fa8dc0
    Thread C:\Program Files\Internet Explorer\iexplore.exe [2644:6908] 0000000071fa8dc0
    Thread C:\Program Files\Internet Explorer\iexplore.exe [2644:6912] 0000000071fa8dc0
    Thread C:\Program Files\Internet Explorer\iexplore.exe [2644:6916] 0000000071fa8dc0
    Thread C:\Program Files\Internet Explorer\iexplore.exe [2444:4528] 0000000000071a10
    Thread C:\Program Files\Internet Explorer\iexplore.exe [2444:1732] 000000000007d240
    Thread C:\Program Files\Internet Explorer\iexplore.exe [2444:4504] 000000000007d240
    Thread C:\Program Files\Internet Explorer\iexplore.exe [2444:4936] 000000000007d240
    Thread C:\Program Files\Internet Explorer\iexplore.exe [2444:3140] 000000000007d240
    Thread C:\Program Files\Internet Explorer\iexplore.exe [2444:5040] 000000000007d240
    Thread C:\Program Files\Internet Explorer\iexplore.exe [2444:1600] 000000000007d240
    Thread C:\Program Files\Internet Explorer\iexplore.exe [2444:2044] 0000000000082540
    Thread C:\Program Files\Internet Explorer\iexplore.exe [2444:1772] 0000000000082540
    Thread C:\Program Files\Internet Explorer\iexplore.exe [2444:5096] 0000000000082540
    Thread C:\Program Files\Internet Explorer\iexplore.exe [2444:1592] 000000000007d240
    Thread C:\Program Files\Internet Explorer\iexplore.exe [2444:2108] 000000000007d240
    Thread C:\Program Files\Internet Explorer\iexplore.exe [2444:1120] 000000000007d240
    Thread C:\Program Files\Internet Explorer\iexplore.exe [2444:5560] 000000000007d240
    Thread C:\Program Files\Internet Explorer\iexplore.exe [2444:2468] 000000000007d240
    Thread C:\Program Files\Internet Explorer\iexplore.exe [2444:3784] 000000000007d240
    Thread C:\Program Files\Internet Explorer\iexplore.exe [2444:3948] 000000000007d240
    Thread C:\Program Files\Internet Explorer\iexplore.exe [2444:1440] 000007fefc6834d0
    Thread C:\Program Files\Internet Explorer\iexplore.exe [2444:2788] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [2444:5892] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [2444:4584] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [2444:2504] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [2444:1452] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [2444:5596] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [2444:2340] 00000000720213e0
    Thread C:\Program Files\Internet Explorer\iexplore.exe [2444:6992] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [2444:6996] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [2444:7004] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [2444:7008] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [2444:7016] 000000000007d240
    Thread C:\Program Files\Internet Explorer\iexplore.exe [2444:7024] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [2444:7108] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [2444:7112] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [2444:7116] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [2444:7124] 0000000071fa8dc0
    Thread C:\Program Files\Internet Explorer\iexplore.exe [2444:7128] 0000000071fa8dc0
    Thread C:\Program Files\Internet Explorer\iexplore.exe [2444:7132] 0000000071fa8dc0
    Thread C:\Program Files\Internet Explorer\iexplore.exe [2444:7136] 0000000071fa8dc0
    Thread C:\Program Files\Internet Explorer\iexplore.exe [2444:2648] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [2444:3540] 0000000071bd3d6c
    Thread C:\Program Files\Internet Explorer\iexplore.exe [5880:3764] 0000000000071a10
    Thread C:\Program Files\Internet Explorer\iexplore.exe [5880:4332] 000000000007d240
    Thread C:\Program Files\Internet Explorer\iexplore.exe [5880:1776] 000000000007d240
    Thread C:\Program Files\Internet Explorer\iexplore.exe [5880:3324] 000000000007d240
    Thread C:\Program Files\Internet Explorer\iexplore.exe [5880:5244] 000000000007d240
    Thread C:\Program Files\Internet Explorer\iexplore.exe [5880:4596] 000000000007d240
    Thread C:\Program Files\Internet Explorer\iexplore.exe [5880:5256] 0000000000082540
    Thread C:\Program Files\Internet Explorer\iexplore.exe [5880:4704] 0000000000082540
    Thread C:\Program Files\Internet Explorer\iexplore.exe [5880:5492] 000000000007d240
    Thread C:\Program Files\Internet Explorer\iexplore.exe [5880:3616] 000000000007d240
    Thread C:\Program Files\Internet Explorer\iexplore.exe [5880:3348] 000000000007d240
    Thread C:\Program Files\Internet Explorer\iexplore.exe [5880:3020] 000000000007d240
    Thread C:\Program Files\Internet Explorer\iexplore.exe [5880:5332] 000000000007d240

    ---- Registry - GMER 2.1 ----

    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\[email protected] 18565

    ---- Disk sectors - GMER 2.1 ----

    Disk \Device\Harddisk0\DR0 unknown MBR code

    ---- EOF - GMER 2.1 ----
     
  2. Mark1956

    Mark1956 Malware Specialist

    Joined:
    May 7, 2011
    Messages:
    14,142
    Hi, you have another thread open for the same problem at Bleeping Computer: http://www.bleepingcomputer.com/for...nt-attack-from-sites-blocked-by-malwarebytes/ As you are now receiving help here please close that thread, if you start to follow advice from two different Malware experts it will be highly confusing.

    I can see a highly suspicious file still running on your system so it is likely you are still infected and most probably this is a Rootkit. Please read this warning:

    We shall start with a couple of scans to get a full picture of what is on your system, FRST will flag up any serious infections. DO NOT run any other scans that I have not asked you to do as this can cause a lot of confusion in the log results, just follow my instructions.

    Please run these in the order listed and make sure all logs requested are complete.

    SCAN 1
    NOTE: This will empty your recycle bin, if you have anything you need in there please save it before you run this scan.
    Download Temporary file cleaner and save it to the desktop. Make sure you do not use the Download button in the advert at the top of the page, use the button right next to the name TFC - Temp File Cleaner by Old Timer.
    Double click on the icon to run it (it appears as a dark grey dustbin). For Windows 7 and Vista right click the icon and select Run as Administrator.
    When the window opens click on Start. It will close all running programs and clear the desktop icons.
    When complete you may be asked to reboot, if so accept the request and your PC will reboot automatically.

    NOTE: There is no need to post the log, just confirm in your next post that it ran without a problem. At times it may appear to freeze, which is perfectly normal, it may take a while to complete the clean up depending on the amount of temporary files there are on the system.



    SCAN 2
    Click on this link to download : ADWCleaner Click on the Download Now button and save it to your desktop.

    NOTE: If using Internet Explorer and you get an alert that stops the program downloading click on Tools > Smartscreen Filter > Turn off Smartscreen Filter then click on OK in the box that opens. Then click on the link again.

    Close your browser and double click on this icon on your desktop: [​IMG]

    You will then see the screen below, click on the Scan button (as indicated), accept any prompts that appear and allow it to run, it may take several minutes to complete, when it is done click on the Clean button, accept any prompts that appear and allow the system to reboot. You will then be presented with the report, Copy & Paste it into your next post.

    [​IMG]


    SCAN 3
    Please download Farbar Recovery Scan Tool (FRST) and save it to your desktop. Do not get tempted to download Regclean Pro.

    Note: If you get a warning that the download could harm your system, please ignore it and allow the download to go ahead. FRST is perfectly safe and we would never ask you to download anything that isn't.

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

    • Double-click on FRST to run it. When the tool opens click Yes to the disclaimer.
    • Press the Scan button. DO NOT check any of the Optional Scan options unless requested.
    • It will make a log (FRST.txt) in the same directory the tool is run from. Please copy and paste it into your next reply.
    • The first time the tool is run, it makes another log (Addition.txt). Please also copy and paste that into your reply.
     
  3. sjdomin

    sjdomin Thread Starter

    Joined:
    Feb 20, 2005
    Messages:
    112
    Sorry for the delay in responding to your prompt and helpful reply. My first attempt to supply you with reqested logs failed for unknown reason. Will attempt to resend asap.
    Thank you
     
  4. sjdomin

    sjdomin Thread Starter

    Joined:
    Feb 20, 2005
    Messages:
    112
    Here are the requested logs
    The Temp File Cleaner by Old Timer ran without incident.
    Again thanks for your help
    # AdwCleaner v3.209 - Report created 19/05/2014 at 05:43:46
    # Updated 18/05/2014 by Xplode
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Username : Sam - SAM-HP
    # Running from : C:\Users\Sam\Downloads\AdwCleaner.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\Program Files (x86)\xfin_portal
    Folder Deleted : C:\Users\Sam\AppData\LocalLow\comcasttb
    Folder Deleted : C:\Users\Sam\AppData\LocalLow\xfin_portal
    Folder Deleted : C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\72khpq1c.default\xfin_portal
    Folder Deleted : C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\72khpq1c.default\Extensions\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{49BC4DD1-0E69-4611-9164-0009538C5E46}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{08635077-8829-49E2-B338-C968817EB460}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{20A3F109-F7C1-47B4-8098-8E654B264B1D}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8C7478AB-3155-463E-936F-55F91F0F10D0}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9E1B65EE-A131-42B4-94CA-847505E2F611}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A11A6BD-7880-49BD-92D4-6F09D0BD3250}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{68DE31F7-43FF-4EE2-B88B-10665016970D}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1791C1B5-FFD0-4D4B-ABCD-7A7DF6EAA89C}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49BC4DD1-0E69-4611-9164-0009538C5E46}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}]
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
    Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}]
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49BC4DD1-0E69-4611-9164-0009538C5E46}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
    Key Deleted : HKCU\Software\AppDataLow\Software\xfin_portal
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\xfin_portal

    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.17041


    -\\ Mozilla Firefox v21.0 (en-US)

    [ File : C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\72khpq1c.default\prefs.js ]


    -\\ Google Chrome v34.0.1847.137

    [ File : C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\preferences ]


    *************************

    AdwCleaner[R0].txt - [18600 octets] - [17/05/2014 05:37:35]
    AdwCleaner[R1].txt - [4231 octets] - [19/05/2014 05:34:42]
    AdwCleaner[S0].txt - [17060 octets] - [17/05/2014 05:51:53]
    AdwCleaner[S1].txt - [4192 octets] - [19/05/2014 05:43:46]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [4252 octets] ##########

    VAdditional scan result of Farbar Recovery Scan Tool (x64) Version: 17-05-2014
    Ran by Sam at 2014-05-19 06:06:43
    Running from C:\Users\Sam\Downloads
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
    AV: Norton Internet Security (Disabled - Out of date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
    AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
    AS: Norton Internet Security (Disabled - Out of date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
    FW: Norton Internet Security (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

    ==================== Installed Programs ======================

    3-Bible Concordance (HKLM-x32\...\{10402A72-27D4-4352-81BE-C6B20C1864ED}) (Version: 1.0.0 - David Dewhirst)
    Acer Sync (HKLM-x32\...\{1FA08A70-6E60-4E06-90B6-7B96A741E9E0}) (Version: 1.06.3006 - Acer Incorporated)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.3.0.3670 - Adobe Systems Incorporated)
    Adobe AIR (x32 Version: 3.3.0.3670 - Adobe Systems Incorporated) Hidden
    Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.2.202.235 - Adobe Systems Incorporated)
    Adobe Flash Player 11 Plugin (x64) (HKLM\...\{063C0043-E954-4850-9AA7-F9BC4E920D38}) (Version: 11.1.102.55 - Adobe Systems Incorporated)
    Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.206 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
    Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Amazon Cloud Drive (HKCU\...\23ab716f18849b6f) (Version: 2.4.2013.3290 - Amazon)
    Amazon Kindle (HKCU\...\Amazon Kindle) (Version: - Amazon)
    Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
    AntiLogger SDK version 1.7.6.367 (HKLM-x32\...\{4D46DE30-49FE-4043-99F7-D7E8C06175E0}_is1) (Version: 1.7.6.367 - Zemana Ltd.)
    Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.)
    Applian FLV and Media Player 3.1.1.12 (HKLM-x32\...\Applian FLV and Media Player) (Version: 3.1.1.12 - Applian Technologies)
    ATI Catalyst Install Manager (HKLM\...\{7C7A5A92-046C-A38C-AE0F-8F9CCA0F67A8}) (Version: 3.0.774.0 - ATI Technologies, Inc.)
    Audacity 2.0 (HKLM-x32\...\Audacity_is1) (Version: - Audacity Team)
    Audiograbber 1.83 SE (HKLM-x32\...\Audiograbber) (Version: 1.83 SE - Audiograbber)
    AVS Screen Capture version 2.0.1 (HKLM-x32\...\AVS Screen Capture_is1) (Version: - Online Media Technologies Ltd.)
    AVS Update Manager 1.0 (HKLM-x32\...\AVS Update Manager_is1) (Version: - Online Media Technologies Ltd.)
    AVS Video Editor 6 (HKLM-x32\...\AVS Video Editor_is1) (Version: - Online Media Technologies Ltd.)
    AVS Video Recorder 2.5 (HKLM-x32\...\AVS Video Recorder_is1) (Version: - Online Media Technologies Ltd.)
    AVS4YOU Software Navigator 1.4 (HKLM-x32\...\AVS4YOU Software Navigator_is1) (Version: - Online Media Technologies Ltd.)
    Batch Update (x32 Version: 2.1 - Libronix Corporation) Hidden
    Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Bible Data Type System Files (x32 Version: 2.1 - Libronix Corporation) Hidden
    BiblePro (HKLM-x32\...\{25EEC359-8639-4528-83F4-A5AC2DAD3B35}) (Version: 12.8 - BibleOcean.com)
    Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
    Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
    Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Blio (HKLM-x32\...\{504CC891-B140-4E1B-860B-5E4C1DFBA9E3}) (Version: 2.0.5350 - K-NFB Reading Technology, Inc.)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
    calibre (HKLM-x32\...\{8D8C1516-D6D5-41F1-B98B-DCCCF17F8ED2}) (Version: 1.36.0 - Kovid Goyal)
    Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
    Catalyst Control Center Core Implementation (x32 Version: 2010.0511.2153.37435 - ATI) Hidden
    Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0511.2153.37435 - ATI) Hidden
    Catalyst Control Center Graphics Full New (x32 Version: 2010.0511.2153.37435 - ATI) Hidden
    Catalyst Control Center Graphics Light (x32 Version: 2010.0511.2153.37435 - ATI) Hidden
    Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0511.2153.37435 - ATI) Hidden
    Catalyst Control Center InstallProxy (x32 Version: 2010.0511.2153.37435 - ATI Technologies, Inc.) Hidden
    Catalyst Control Center Localization All (x32 Version: 2010.0511.2153.37435 - ATI) Hidden
    CCC Help Chinese Standard (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
    CCC Help Chinese Traditional (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
    CCC Help Czech (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
    CCC Help Danish (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
    CCC Help Dutch (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
    CCC Help English (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
    CCC Help Finnish (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
    CCC Help French (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
    CCC Help German (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
    CCC Help Greek (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
    CCC Help Hungarian (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
    CCC Help Italian (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
    CCC Help Japanese (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
    CCC Help Korean (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
    CCC Help Norwegian (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
    CCC Help Polish (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
    CCC Help Portuguese (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
    CCC Help Russian (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
    CCC Help Spanish (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
    CCC Help Swedish (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
    CCC Help Thai (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
    CCC Help Turkish (x32 Version: 2010.0511.2152.37435 - ATI) Hidden
    ccc-core-static (x32 Version: 2010.0511.2153.37435 - ATI) Hidden
    ccc-utility64 (Version: 2010.0511.2153.37435 - ATI) Hidden
    CCleaner (HKLM\...\CCleaner) (Version: 4.05 - Piriform)
    Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.4.12263.1 - Cisco Consumer Products LLC)
    Common System Files (x32 Version: 2.1 - Libronix Corporation) Hidden
    Constant Guard Protection Suite (HKLM-x32\...\ID Vault) (Version: 1.14.425.1 - Comcast)
    CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.3210 - CyberLink Corp.)
    CyberLink DVD Suite Deluxe (x32 Version: 7.0.3210 - CyberLink Corp.) Hidden
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Disketch CD Label Software (HKLM-x32\...\Disketch) (Version: - NCH Software)
    Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Doxillion Document Converter (HKLM-x32\...\Doxillion) (Version: - NCH Software)
    DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.2.4412 - Hewlett-Packard)
    DVD Menu Pack for HP MediaSmart Video (x32 Version: 4.2.4412 - Hewlett-Packard) Hidden
    DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version: - DVD Shrink)
    Escape Rosecliff Island (x32 Version: 2.2.0.95 - WildTangent) Hidden
    e-Sword (HKLM-x32\...\{02327B3D-44BA-498F-AB63-CD520B0585D2}) (Version: 10.00.0007 - Rick Meyers)
    Express Burn Disc Burning Software (HKLM-x32\...\ExpressBurn) (Version: - NCH Software)
    Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
    FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
    FREE Hi-Q Recorder 1.92 (HKLM-x32\...\FREE Hi-Q Recorder_is1) (Version: - Rick Roemer, (Roemer Software))
    Free Sound Recorder v9.3.1 (HKLM-x32\...\Free Sound Recorder_is1) (Version: - Copyright(C) 2005-2012 FreeSoundRecorder Technologies, Inc.)
    Free WMA to MP3 Converter 1.16 (HKLM-x32\...\Free WMA to MP3 Converter_is1) (Version: - Jodix Technologies Ltd.)
    Free YouTube Download version 3.1.40.1031 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.1.40.1031 - DVDVideoSoft Ltd.)
    Freemake Audio Converter version 1.1.0 (HKLM-x32\...\Freemake Audio Converter_is1) (Version: 1.1.0 - Ellora Assets Corporation)
    Freemake Music Box (HKLM-x32\...\Freemake Music Box_is1) (Version: 0.9.1 - Ellora Assets Corporation)
    Freemake Video Converter version 3.1.2 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 3.1.2 - Ellora Assets Corporation)
    Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.6.4 - Ellora Assets Corporation)
    GIMP 2.8.2 (HKLM\...\GIMP-2_is1) (Version: 2.8.2 - The GIMP Team)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.137 - Google Inc.)
    Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
    Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
    Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
    Google+ Auto Backup (HKCU\...\Google+ Auto Backup) (Version: 1.0.25.133 - Google, Inc.)
    Graphical Query Editor (x32 Version: 2.1 - Libronix Corporation) Hidden
    H&R Block Deluxe + Efile + State 2012 (HKLM-x32\...\{89D20029-0578-4D8D-979A-695C8D868868}) (Version: 12.05.7803 - HRB Technology, LLC.)
    H&R Block Deluxe + Efile + State 2013 (HKLM-x32\...\{EDE796DE-0A72-464D-9D21-F04BC41A092B}) (Version: 13.05.6502 - HRB Technology, LLC.)
    H&R Block Deluxe + Efile 2011 (HKLM-x32\...\{7330262C-0A1C-4B3B-ACFF-7EEC5BF65CCF}) (Version: 11.04.7102 - HRB Technology, LLC.)
    H&R Block Indiana 2011 (HKLM-x32\...\{2080D276-8593-4DDC-941A-7C921CC155A6}) (Version: 1.11.3701 - HRB Technology, LLC.)
    H&R Block Indiana 2012 (HKLM-x32\...\{7ED4FD5B-8FBC-478C-93E0-370971AFE250}) (Version: 1.12.4401 - HRB Technology, LLC.)
    H&R Block Indiana 2013 (HKLM-x32\...\{A01CDB45-7965-4262-AAEE-BDD8F4433957}) (Version: 1.13.3301 - HRB Technology, LLC.)
    Harmony (HKLM-x32\...\Harmony) (Version: - )
    Heroes of Hellas 2 - Olympia (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
    HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
    honestech VHS to DVD 3.0 SE (HKLM-x32\...\{2856F5EA-E98A-40E4-BAD6-8C644A4A3F3C}) (Version: 3.0 - honestech)
    honestech VHS to DVD 3.0 SE (x32 Version: 3.0 - Honest Technology) Hidden
    HP Auto (Version: 1.0.12494.3472 - Hewlett-Packard Company) Hidden
    HP Client Services (Version: 1.0.12656.3472 - Hewlett-Packard) Hidden
    HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden
    HP Game Console (x32 Version: - WildTangent) Hidden
    HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.5 - WildTangent)
    HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 4.2.4725 - Hewlett-Packard)
    HP MediaSmart DVD (x32 Version: 4.2.4725 - Hewlett-Packard) Hidden
    HP MediaSmart Music (HKLM-x32\...\InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}) (Version: 4.2.4517 - Hewlett-Packard)
    HP MediaSmart Music (x32 Version: 4.2.4517 - Hewlett-Packard) Hidden
    HP MediaSmart Photo (HKLM-x32\...\InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}) (Version: 4.2.4513 - Hewlett-Packard)
    HP MediaSmart Photo (x32 Version: 4.2.4513 - Hewlett-Packard) Hidden
    HP MediaSmart SmartMenu (HKLM\...\{A40F60B1-F1E1-452E-96A5-FF97F9A2D102}) (Version: 3.1.2.4 - Hewlett-Packard)
    HP MediaSmart Video (HKLM-x32\...\InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}) (Version: 4.2.4522 - Hewlett-Packard)
    HP MediaSmart Video (x32 Version: 4.2.4522 - Hewlett-Packard) Hidden
    HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{2EA3D6B2-157E-4112-A3AB-BF17E16661C3}) (Version: 1.0.4.0 - Hewlett-Packard)
    HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0.2 - Hewlett-Packard)
    HP MovieStore (x32 Version: 1.0.027 - Hewlett-Packard) Hidden
    HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
    HP Product Detection (HKLM-x32\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
    HP Setup (HKLM-x32\...\{53469506-A37E-4314-A9D9-38724EC23A75}) (Version: 8.4.4400.3525 - Hewlett-Packard Company)
    HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.0.12844.3519 - Hewlett-Packard Company)
    HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
    HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)
    HP Update (HKLM-x32\...\{DE77FE3F-A33D-499A-87AD-5FC406617B40}) (Version: 5.002.003.003 - Hewlett-Packard)
    HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.1.6.0 - Hewlett-Packard)
    HRBlockDirect version 1.1.2.0 (HKLM-x32\...\{631EFC00-5A7A-4A90-9578-039EDA92DE0F}_is1) (Version: 1.1.2.0 - HRBlock)
    Hulu Desktop (HKCU\...\HuluDesktop) (Version: 0.9.13 - Hulu LLC)
    iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
    Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.550 - Oracle)
    Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
    Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Kobo (HKLM-x32\...\Kobo) (Version: 2.1.3 - Kobo Inc.)
    LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3130 - CyberLink Corp.)
    LabelPrint (x32 Version: 2.5.3130 - CyberLink Corp.) Hidden
    LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
    Libronix Digital Library System (HKLM-x32\...\Libronix DLS) (Version: - Libronix Corporation)
    Libronix Digital Library System (x32 Version: 2.1 - Libronix Corporation) Hidden
    Libronix DLS Application (x32 Version: 2.1 - Libronix Corporation) Hidden
    Libronix DLS Shortcuts (x32 Version: 2.1 - Libronix Corporation) Hidden
    LibronixUpdate (x32 Version: 2.1 - Libronix Corporation) Hidden
    LightScribe System Software (HKLM-x32\...\{FD7F0DB8-0E96-4D64-AD4D-9B5A936AF2A8}) (Version: 1.18.20.1 - LightScribe)
    LLS Resource Driver (x32 Version: 2.1 - Libronix Corporation) Hidden
    magicJack (HKCU\...\magicJack) (Version: 2.0.6073.4413 - magicJack L.P.)
    Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
    Memeo Instant Backup (HKLM-x32\...\{8E666407-AC41-46a2-9692-6C7BFCBFDD37}) (Version: 4.60.0.7876 - Memeo Inc.)
    Memorex exPressit Label Design Studio (HKLM-x32\...\MVApplication1) (Version: - )
    Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
    Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322 - Microsoft) Hidden
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
    Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
    Microsoft Money 2006 (HKLM-x32\...\Money2006b) (Version: 15 - Microsoft)
    Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
    Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
    Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Reader (HKLM-x32\...\{B6F7DBE7-2FE2-458F-A738-B10832746036}) (Version: - )
    Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
    Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft SQL Server Compact 3.5 SP1 x64 繁體中文 (HKLM\...\{A423B3FB-C9E6-4953-9A83-2A5F45CAF466}) (Version: 3.5.5692.0 - Microsoft Corporation)
    Microsoft SQL Server Compact 3.5 SP1 繁體中文 (HKLM-x32\...\{0BE37B03-93EF-4B46-A4F3-30ED22569D1A}) (Version: 3.5.5692.0 - Microsoft Corporation)
    Microsoft Sync Framework Runtime v1.0 (x64) (HKLM\...\{53D7A054-4598-4947-A159-E8FCC77720AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
    Microsoft Sync Framework Services v1.0 (x64) (HKLM\...\{32508A23-C9EA-4D29-83CA-97A42A13701E}) (Version: 1.0.1215.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0 - Microsoft Corp.) Hidden
    Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.2.4412 - Hewlett-Packard)
    Movie Theme Pack for HP MediaSmart Video (x32 Version: 4.2.4412 - Hewlett-Packard) Hidden
    Mozilla Firefox 21.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 21.0 (x86 en-US)) (Version: 21.0 - Mozilla)
    MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
    MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    Mystery P.I. - The London Caper (x32 Version: 2.2.0.95 - WildTangent) Hidden
    New Yorker Viewer (HKLM-x32\...\New Yorker Viewer1.0) (Version: 1.0 - The New Yorker)
    Norton Internet Security (HKLM-x32\...\NIS) (Version: 18.7.2.3 - Symantec Corporation)
    Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
    OEB Resource Driver (x32 Version: 2.1 - Libronix Corporation) Hidden
    OverDrive Media Console (HKLM-x32\...\{D07205E7-F6D3-4333-AFCC-782A07685B72}) (Version: 3.2.20 - OverDrive, Inc.)
    ParetoLogic FileCure (HKLM-x32\...\{C1C441C4-57FA-4950-BDBA-BABFBAA2AA39}) (Version: 2.0.0.0 - ParetoLogic, Inc.)
    PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.9 - PDF Complete, Inc)
    PDF Resource Driver (x32 Version: 2.1 - Libronix Corporation) Hidden
    Pdf995 (installed by H&R Block) (HKLM-x32\...\Pdf995) (Version: - )
    PdfEdit995 (installed by H&R Block) (HKLM-x32\...\PdfEdit995) (Version: - )
    Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
    PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.7717 - CyberLink Corp.)
    PhotoNow! (x32 Version: 1.1.7717 - CyberLink Corp.) Hidden
    Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
    PictureMover (HKLM-x32\...\{264FE20A-757B-492a-B0C3-4009E2997D8A}) (Version: 3.5.0.33 - Hewlett-Packard Company)
    Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
    PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
    PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
    Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4329 - CyberLink Corp.)
    Power2Go (x32 Version: 6.1.4329 - CyberLink Corp.) Hidden
    PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3129 - CyberLink Corp.)
    PowerDirector (x32 Version: 8.0.3129 - CyberLink Corp.) Hidden
    PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-13231864975E}) (Version: 5.10.1102.0 - NewspaperDirect Inc.)
    Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: - Ralink)
    RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden
    RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
    RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
    RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6196 - Realtek Semiconductor Corp.)
    RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
    RecordPad Sound Recorder (HKLM-x32\...\Recordpad) (Version: - NCH Software)
    Recovery Manager (x32 Version: 5.5.3219 - CyberLink Corp.) Hidden
    RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.101 - RoxioNow)
    Samsung AllShare (HKLM-x32\...\InstallShield_{DF47ACA3-7C78-4C08-8007-AC682563C9F1}) (Version: 2.1.0.12031_10 - Samsung Electronics Co., Ltd.)
    Samsung AllShare (x32 Version: 2.1.0.12031_10 - Samsung Electronics Co., Ltd.) Hidden
    SanDisk ® Media Manager (HKLM-x32\...\{8BAF591E-B0E0-4DF6-B73C-AD10826E0DB7}) (Version: 2.1.0.4 - SanDisk)
    Seagate Dashboard (HKLM-x32\...\{C3A11907-930D-41AC-A135-CC3B12F92011}) (Version: 1.1.0.1421 - Memeo Inc.)
    Secunia PSI (3.0.0.0006) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.0006 - Secunia)
    Sentence Diagramming (x32 Version: 2.1 - Libronix Corporation) Hidden
    Shopping InContext (HKCU\...\{4E002314-9999-4402-9823-1CB9E6098849}_is1) (Version: 3.5 - InContext Solutions, Inc)
    SketchUp 8 (HKLM-x32\...\{8EB62C87-AAA6-4850-A5BC-64155884B973}) (Version: 3.0.16846 - Trimble Navigation Limited)
    Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.11.9874 - Skype Technologies S.A.)
    Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
    SMI Grabber Device (HKLM-x32\...\{B03B98E3-2795-48F6-BA33-793BBF5DF685}) (Version: 1.0.0.26 - Somagic)
    Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.0.1108 - SUPERAntiSpyware.com)
    Switch Sound File Converter (HKLM-x32\...\Switch) (Version: - NCH Software)
    Synctunes Desktop (HKLM-x32\...\{48C16095-BE15-48C7-9F13-FF2242587AEB}) (Version: 1.1.2 - The Bit Studio)
    Unity Web Player (HKCU\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
    Video Resource Driver (x32 Version: 2.1 - Libronix Corporation) Hidden
    Virtual Families (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
    WavePad Sound Editor (HKLM-x32\...\WavePad) (Version: - NCH Software)
    WebStorage (HKLM-x32\...\WebStorage) (Version: 2.1.1.265 - ASUS Cloud Corporation)
    Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Windows Driver Package - ACER Incorporated (qcusbser) Modem (08/16/2010 2.0.6.6) (HKLM\...\D149DB73BE02E748657C63CBB404510E56E08F63) (Version: 08/16/2010 2.0.6.6 - ACER Incorporated)
    Windows Driver Package - ACER Incorporated (qcusbser) Ports (08/16/2010 2.0.6.6) (HKLM\...\5D9817CE83DD092EB8923949297A94C53A0A27CF) (Version: 08/16/2010 2.0.6.6 - ACER Incorporated)
    Windows Driver Package - Acer, Inc (androidusb) USB (04/07/2011 1.0.0010.00000) (HKLM\...\C90373F31FCBEA27133FB8FD66ACE94121EFA097) (Version: 04/07/2011 1.0.0010.00000 - Acer, Inc)
    Windows Driver Package - Acer, Inc (androidusb) USB (08/16/2010 1.0.0010.00000) (HKLM\...\83E7AE861B9BCCB05F7AA822F9EE26C0672E6888) (Version: 08/16/2010 1.0.0010.00000 - Acer, Inc)
    Windows Driver Package - Linux Developer Community Net (08/16/2010 5.1.2600.2781) (HKLM\...\637F4A11ADE9B1B3D8F4A37C0C4CA8EA924B739E) (Version: 08/16/2010 5.1.2600.2781 - Linux Developer Community)
    Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
    Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
    Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live PIMT Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
    Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version: - )
    Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version: - Yahoo! Inc.)
    Zinio Reader 4 (HKLM-x32\...\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1) (Version: 4.0.3184 - Zinio LLC)
    Zinio Reader 4 (x32 Version: 4.0.3184 - Zinio LLC) Hidden
    Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

    ==================== Restore Points =========================

    18-05-2014 20:20:33 after Superantispyware Malwarebytes scans
    18-05-2014 20:21:33 After Superantispyware Malwarebytres scans

    ==================== Hosts content: ==========================

    2009-07-13 22:34 - 2011-05-05 08:05 - 00433994 ___RA C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 www.1000gratisproben.com
    127.0.0.1 1001namen.com
    127.0.0.1 www.1001namen.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 www.100sexlinks.com
    127.0.0.1 100sexlinks.com
    127.0.0.1 10sek.com
    127.0.0.1 www.10sek.com
    127.0.0.1 www.1-2005-search.com
    127.0.0.1 1-2005-search.com
    127.0.0.1 123fporn.info
    127.0.0.1 www.123fporn.info
    127.0.0.1 123haustiereundmehr.com
    127.0.0.1 www.123haustiereundmehr.com
    127.0.0.1 123moviedownload.com

    There are 1000 more lines.


    ==================== Scheduled Tasks (whitelisted) =============

    Task: {0DB49015-A9E9-4BBE-A34C-0763FEC7DF0C} - System32\Tasks\HPCeeScheduleForSam => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
    Task: {11E66744-47F2-4D3D-93DD-593887D32C10} - System32\Tasks\FOTA => C:\Program Files\Acer\AcerSync\FOTA.exe [2011-06-16] (Microsoft)
    Task: {1898D6BE-CA41-4DD5-8881-B317F311B7E4} - System32\Tasks\{0E1BE92B-A440-4C3B-8D02-0942C86FB01D} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2014-02-10] (Skype Technologies S.A.)
    Task: {2241F6CE-6D10-4E5F-B14C-985642E3E17E} - \Security Center Update - 3302468668 No Task File <==== ATTENTION
    Task: {29C85A6C-A574-4A36-B717-AE4093A1B105} - System32\Tasks\{E2D90C39-B8CF-410A-AF20-EADE52BE71A8} => C:\Program Files (x86)\iWisoft Free Video Downloader\VideoDownloader.exe
    Task: {2A0C37C1-B41E-424A-A568-68D92A97AD03} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2524037534-3531981673-270931832-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
    Task: {2A4B9E8E-3C42-4AA1-B7D5-355562545BBB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2524037534-3531981673-270931832-1000Core => C:\Users\Sam\AppData\Local\Google\Update\GoogleUpdate.exe [2014-05-03] (Google Inc.)
    Task: {2B32D55C-44D9-4138-A5F3-BBF6381008BE} - System32\Tasks\{3373564E-DCAB-4871-89DD-011065583878} => C:\Program Files (x86)\Audiograbber\audiograbber.exe [2004-02-08] ()
    Task: {3103A979-04BA-423E-87E9-2570484BEB29} - System32\Tasks\NCH Swift Sound\recordpadShakeIcon => C:\Program Files (x86)\NCH Swift Sound\Recordpad\Recordpad.exe [2011-05-06] (NCH Software)
    Task: {325B8D28-DC4C-4544-9B66-4E9627DD84FD} - \ParetoLogic Update Version3 No Task File <==== ATTENTION
    Task: {37FC0563-0C94-4A6D-8F29-0B605A80693B} - System32\Tasks\ParetoLogic Update Version3 Startup Task => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe
    Task: {399EA913-0749-4FA8-8DA6-FDB80C6CE028} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(Yes) => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe [2014-01-14] (Hewlett-Packard)
    Task: {3ADF4634-5FD4-4CC7-8381-F382E0010FC8} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2524037534-3531981673-270931832-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
    Task: {3EE77F65-606E-4BC9-8FAE-E59482276A3B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
    Task: {40AECC94-7C1D-4576-B1A4-75E8481B71D0} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2524037534-3531981673-270931832-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
    Task: {43F2D936-7846-4C4F-BA8F-8C946AEA0410} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-08-10] (Google Inc.)
    Task: {481F8095-F245-4F6D-B8D1-E54A7CB60C6C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-21] (Hewlett-Packard)
    Task: {59DFCA89-D312-46D5-B7D4-2D7EA51A5884} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(No) => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe [2014-01-14] (Hewlett-Packard)
    Task: {5FE2187C-9964-43E7-BC7A-D8360B177AA9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-08-10] (Google Inc.)
    Task: {5FE90F54-6E1A-41B8-8D1E-F628286D20F2} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2524037534-3531981673-270931832-1000UA => C:\Users\Sam\AppData\Local\Google\Update\GoogleUpdate.exe [2014-05-03] (Google Inc.)
    Task: {68DD2AA3-AC6D-428B-BC0C-70314E5B7857} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2524037534-3531981673-270931832-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14] (RealNetworks, Inc.)
    Task: {72A6FC6F-28D2-493E-B183-B9D036DE6B3E} - \Scheduled Update for Ask Toolbar No Task File <==== ATTENTION
    Task: {8C2B44BC-B701-4800-9EF4-3930818F6381} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
    Task: {8F0ADB3C-D2C0-44CD-ABAE-D4AA5F80390A} - \Security Center Update - 2564514129 No Task File <==== ATTENTION
    Task: {92B382FF-4E70-47A2-816B-26D1662F62F0} - \Security Center Update - 2539383184 No Task File <==== ATTENTION
    Task: {9595918F-FC6A-4A9A-8740-38D9EBD1062A} - System32\Tasks\NCH Swift Sound\expressburnShakeIcon => C:\Program Files (x86)\NCH Swift Sound\ExpressBurn\ExpressBurn.exe [2011-05-17] (NCH Software)
    Task: {9E638FBC-5A93-4055-9403-A2A2746D4F5D} - System32\Tasks\FileCure Default => C:\Program Files (x86)\ParetoLogic\FileCure\FileCure.exe
    Task: {A722A003-C02E-42F5-B3F0-55A06C8A4292} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2524037534-3531981673-270931832-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
    Task: {ADDB3D7D-B943-4D84-8600-03C61869835C} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
    Task: {BBFDAE4F-D703-45E7-BE3B-9C65996A2A64} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-12-12] (Hewlett-Packard Company)
    Task: {BDC55966-15C8-4310-A378-57F318849639} - System32\Tasks\Symantec\Norton Error Processor 18.7.2.3 => C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\SymErr.exe [2012-06-07] (Symantec Corporation)
    Task: {BEF5BBD6-7C71-4559-9BF3-4DAAE6CF6231} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2524037534-3531981673-270931832-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
    Task: {C3436105-4B8E-4AD1-B4DE-F8E9461B576A} - System32\Tasks\AcerSync => C:\Program Files\Acer\AcerSync\AcerSyncLiveUpdate.exe [2011-06-16] (acer)
    Task: {C3B5D8FD-78D2-4EC7-8A1C-D62861BCDA08} - System32\Tasks\HPCeeScheduleForSAM-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
    Task: {C480C5B2-1D72-4752-93F3-8476C017A5B7} - System32\Tasks\Symantec\Norton Error Analyzer 18.7.2.3 => C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\SymErr.exe [2012-06-07] (Symantec Corporation)
    Task: {CD751B1C-7A1C-4F31-8941-300EB3EECA2D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {D55A58D6-449C-41CA-87AC-3A7BC0513156} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-08-21] (Piriform Ltd)
    Task: {DDBF5053-A5A8-494A-912C-D2B2B8DD43FE} - \Security Center Update - 1964868495 No Task File <==== ATTENTION
    Task: {DF826B97-2F54-4F54-B218-EB841C696A90} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2524037534-3531981673-270931832-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
    Task: {E1294098-2EA4-453F-9A0A-5F9D0EB3C156} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
    Task: {E72F4258-497C-464F-8992-9ADA43BEE8E2} - \Security Center Update - 2296539022 No Task File <==== ATTENTION
    Task: {EDCB9BD7-54A7-4BB3-B802-EDB1FFC00F73} - \FileCure Startup No Task File <==== ATTENTION
    Task: {F98E6384-1B58-4195-81BF-286BB327F09A} - \ParetoLogic Registration3 No Task File <==== ATTENTION
    Task: C:\Windows\Tasks\FileCure Default.job => C:\Program Files (x86)\ParetoLogic\FileCure\FileCure.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2524037534-3531981673-270931832-1000Core.job => C:\Users\Sam\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2524037534-3531981673-270931832-1000UA.job => C:\Users\Sam\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\HPCeeScheduleForSAM-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
    Task: C:\Windows\Tasks\HPCeeScheduleForSam.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
    Task: C:\Windows\Tasks\ParetoLogic Update Version3 Startup Task.job => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe

    ==================== Loaded Modules (whitelisted) =============

    2013-04-03 13:04 - 2012-04-26 15:51 - 00040448 _____ () C:\Windows\System32\pdf995mon64.dll
    2012-08-02 07:57 - 2011-06-16 17:59 - 00081304 _____ () C:\Program Files\Acer\AcerSync\AcerSyncSystemService.exe
    2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    2010-09-15 14:31 - 2010-09-15 14:31 - 00611896 _____ () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    2014-01-14 05:51 - 2014-01-14 05:51 - 00091648 _____ () C:\Program Files (x86)\ASUS\WebStorage\2.1.1.265\ASUSWSHomeCloudAPI.dll
    2011-01-24 14:35 - 2011-01-24 14:35 - 00324320 _____ () C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe
    2014-01-15 01:55 - 2014-01-15 01:55 - 01296704 _____ () C:\Program Files (x86)\ASUS\WebStorage\2.1.1.265\AsusWSService.exe
    2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2014-03-26 12:02 - 2014-03-26 12:02 - 03305472 _____ () C:\Users\Sam\AppData\Local\Programs\Google\Google+ Auto Backup\gpuploader_i18n.dll
    2014-04-28 16:32 - 2014-04-28 16:32 - 00549272 _____ () C:\Program Files (x86)\Constant Guard Protection Suite\sqlite3.DLL
    2011-06-01 12:42 - 2011-06-01 12:42 - 00108296 _____ () C:\Program Files (x86)\Seagate\Seagate Dashboard\Memeo.Progress.dll
    2011-06-01 12:46 - 2011-06-01 12:46 - 00030984 _____ () C:\Program Files (x86)\Seagate\Seagate Dashboard\Plugins\Memeo.Dashboard.SeagateSharePlusPlugin.dll
    2011-01-24 14:35 - 2011-01-24 14:35 - 02896608 _____ () C:\Program Files (x86)\Memeo\AutoBackup\Memeo.Client.UI.dll
    2011-01-24 14:35 - 2011-01-24 14:35 - 00026848 _____ () C:\Program Files (x86)\Memeo\AutoBackup\Memeo.Client.DriveDetection.dll
    2010-03-22 18:59 - 2010-03-22 18:59 - 00504293 _____ () C:\Program Files (x86)\Memeo\AutoBackup\sqlite3.DLL
    2014-03-19 20:45 - 2014-05-19 05:59 - 00046080 _____ () C:\Users\Sam\AppData\Local\Apps\2.0\A1K0M2BK.L7N\VPOE581B.4P1\amaz..tion_f2fa081ea2183235_0002.0004_9f25fd1982bf3008\NativeOperations.dll
    2014-05-19 05:28 - 2014-05-19 05:28 - 00541696 _____ () C:\Users\Sam\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
    2011-06-01 12:16 - 2011-06-01 12:16 - 00241664 _____ () C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\libupnp.dll
    2011-06-01 12:16 - 2011-06-01 12:16 - 00971776 _____ () C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\libxml2.dll
    2014-05-16 05:43 - 2014-05-07 19:29 - 00065352 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\chrome_elf.dll
    2014-05-16 05:43 - 2014-05-07 19:29 - 00674632 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\libglesv2.dll
    2014-05-16 05:43 - 2014-05-07 19:29 - 00093000 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\libegl.dll
    2014-05-16 05:43 - 2014-05-07 19:29 - 04081480 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\pdf.dll
    2014-05-16 05:43 - 2014-05-07 19:29 - 00390472 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\ppGoogleNaClPluginChrome.dll
    2014-05-16 05:43 - 2014-05-07 19:29 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\ffmpegsumo.dll
    2012-02-22 16:46 - 2012-02-22 16:46 - 01135616 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMSWrap.dll
    2012-02-22 16:46 - 2012-02-22 16:46 - 00656896 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\ContentDirectoryPresenter.dll
    2012-02-22 16:46 - 2012-02-22 16:46 - 00105472 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\DCMCDP.dll
    2012-02-22 16:46 - 2012-02-22 16:46 - 00098816 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\FolderCDP.dll
    2012-02-22 16:46 - 2012-02-22 16:46 - 00077312 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\MetadataFramework.dll
    2012-01-05 22:40 - 2012-01-05 22:40 - 00520234 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\sqlite3.dll
    2012-01-05 22:40 - 2012-01-05 22:40 - 00450560 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\MoodExtractor.dll
    2012-01-05 22:40 - 2012-01-05 22:40 - 05717504 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\DCMImgExtractor.dll
    2012-02-22 16:46 - 2012-02-22 16:46 - 00029184 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AutoChaptering.dll
    2012-01-05 22:40 - 2012-01-05 22:40 - 00147456 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\libexpat.dll
    2012-02-22 16:46 - 2012-02-22 16:46 - 00012288 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\VideoThumb.dll
    2012-01-05 22:40 - 2012-01-05 22:40 - 04671488 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\avcodec-52.dll
    2012-01-05 22:40 - 2012-01-05 22:40 - 00070656 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\avutil-50.dll
    2012-01-05 22:40 - 2012-01-05 22:40 - 00686080 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\avformat-52.dll
    2012-01-05 22:40 - 2012-01-05 22:40 - 00152064 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\swscale-0.dll
    2012-02-22 16:46 - 2012-02-22 16:46 - 00027648 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AudioExtractor.dll
    2012-02-22 16:46 - 2012-02-22 16:46 - 00063488 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\ID3Driver.dll
    2012-01-05 22:40 - 2012-01-05 22:40 - 00366592 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\tag.dll
    2012-02-22 16:46 - 2012-02-22 16:46 - 00289792 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\libThumbnail.dll
    2012-02-22 16:46 - 2012-02-22 16:46 - 00023040 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\RichInfoDriver.dll
    2012-02-22 16:46 - 2012-02-22 16:46 - 00017920 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\VideoExtractor.dll
    2012-02-22 16:46 - 2012-02-22 16:46 - 00017920 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\ThumbnailMaker.dll
    2012-02-22 16:46 - 2012-02-22 16:46 - 00133120 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\VideoMetadataDriver.dll
    2012-02-22 16:46 - 2012-02-22 16:46 - 00290304 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\libKeyFrame.dll
    2012-02-22 16:46 - 2012-02-22 16:46 - 00024064 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\SECMetaDriver.dll
    2012-02-22 16:46 - 2012-02-22 16:46 - 00012288 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\ImageExtractor.dll
    2012-02-22 16:46 - 2012-02-22 16:46 - 00024064 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\photoDriver.dll
    2012-01-05 22:40 - 2012-01-05 22:40 - 00399826 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\libexif-12.dll.dll
    2012-02-22 16:46 - 2012-02-22 16:46 - 00013824 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\TextExtractor.dll
    2012-02-22 16:46 - 2012-02-22 16:46 - 00031232 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\Autobackup.dll
    2012-02-22 16:46 - 2012-02-22 16:46 - 00054784 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\RosettaAllShare.dll
    2012-01-05 22:40 - 2012-01-05 22:40 - 00044032 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\us.dll

    ==================== Alternate Data Streams (whitelisted) =========


    ==================== Safe Mode (whitelisted) ===================


    ==================== EXE Association (whitelisted) =============


    ==================== Disabled items from MSCONFIG ==============


    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (05/19/2014 05:49:43 AM) (Source: Application Virtualization Client) (EventID: 3134) (User: )
    Description: {tid=1214}
    Failed to initialize the Application Virtualization Client PerfMon provider (error 0x80070002).

    Error: (05/19/2014 05:38:36 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
    Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
    Exception code: 0xc000070a
    Fault offset: 0x000000000005cf99
    Faulting process id: 0x59c
    Faulting application start time: 0xExplorer.EXE0
    Faulting application path: Explorer.EXE1
    Faulting module path: Explorer.EXE2
    Report Id: Explorer.EXE3

    Error: (05/19/2014 05:25:07 AM) (Source: Application Virtualization Client) (EventID: 3134) (User: )
    Description: {tid=C54}
    Failed to initialize the Application Virtualization Client PerfMon provider (error 0x80070002).

    Error: (05/19/2014 05:19:36 AM) (Source: IDVault) (EventID: 0) (User: )
    Description: Interaction with the desktop is required. Enable desktop interaction flag in Properties->Log On.

    Error: (05/19/2014 05:19:36 AM) (Source: IDVault) (EventID: 0) (User: )
    Description: Display Flag Error Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))

    Error: (05/19/2014 05:19:29 AM) (Source: Wininit) (EventID: 1015) (User: )
    Description: A critical system process, C:\Windows\system32\lsass.exe, failed with status code 00000000. The machine must now be restarted.

    Error: (05/19/2014 05:11:35 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
    Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
    Exception code: 0xc0000008
    Fault offset: 0x00000000000cd7e8
    Faulting process id: 0x5e8
    Faulting application start time: 0xExplorer.EXE0
    Faulting application path: Explorer.EXE1
    Faulting module path: Explorer.EXE2
    Report Id: Explorer.EXE3

    Error: (05/19/2014 04:39:23 AM) (Source: IDVault) (EventID: 0) (User: )
    Description: IDVault_Exited failed Process must exit before requested information can be determined. at System.Diagnostics.Process.EnsureState(State state)
    at System.Diagnostics.Process.get_ExitCode()
    at IDVaultSvc.IDVaultExecutionController.IDVault_Exited(Object sender, EventArgs e)

    Error: (05/19/2014 04:30:22 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: chromeinstall-7u55.exe, version: 7.0.550.14, time stamp: 0x534cb50f
    Faulting module name: chromeinstall-7u55.exe, version: 7.0.550.14, time stamp: 0x534cb50f
    Exception code: 0xc0000409
    Fault offset: 0x000130c6
    Faulting process id: 0x1360
    Faulting application start time: 0xchromeinstall-7u55.exe0
    Faulting application path: chromeinstall-7u55.exe1
    Faulting module path: chromeinstall-7u55.exe2
    Report Id: chromeinstall-7u55.exe3

    Error: (05/19/2014 04:23:45 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: iexplore.exe, version: 11.0.9600.17041, time stamp: 0x53180888
    Faulting module name: Flash64_13_0_0_206.ocx, version: 13.0.0.206, time stamp: 0x5351a284
    Exception code: 0xc0000005
    Fault offset: 0x00000000007bf672
    Faulting process id: 0xbdc
    Faulting application start time: 0xiexplore.exe0
    Faulting application path: iexplore.exe1
    Faulting module path: iexplore.exe2
    Report Id: iexplore.exe3


    System errors:
    =============
    Error: (05/19/2014 06:06:15 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
    Description: The Windows Update service hung on starting.

    Error: (05/19/2014 06:03:38 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
    Description: The Samsung AllShare PC service hung on starting.

    Error: (05/19/2014 05:48:44 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The MemeoBackgroundService service failed to start due to the following error:
    %%1053

    Error: (05/19/2014 05:48:44 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (120000 milliseconds) while waiting for the MemeoBackgroundService service to connect.

    Error: (05/19/2014 05:29:17 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
    Description: The Samsung AllShare PC service hung on starting.

    Error: (05/19/2014 05:24:42 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The MemeoBackgroundService service failed to start due to the following error:
    %%1053

    Error: (05/19/2014 05:24:42 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (120000 milliseconds) while waiting for the MemeoBackgroundService service to connect.

    Error: (05/19/2014 05:21:46 AM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 5:19:38 AM on &#8206;5/&#8206;19/&#8206;2014 was unexpected.

    Error: (05/19/2014 05:20:31 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Secunia Update Agent service failed to start due to the following error:
    %%1053

    Error: (05/19/2014 05:20:31 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (120000 milliseconds) while waiting for the Secunia Update Agent service to connect.


    Microsoft Office Sessions:
    =========================
    Error: (05/19/2014 05:49:43 AM) (Source: Application Virtualization Client) (EventID: 3134) (User: )
    Description: {tid=1214}
    0x80070002

    Error: (05/19/2014 05:38:36 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Explorer.EXE6.1.7601.175674d672ee4ntdll.dll6.1.7601.18247521eaf24c000070a000000000005cf9959c01cf7343c8131e05C:\Windows\Explorer.EXEC:\Windows\SYSTEM32\ntdll.dll5980464c-df39-11e3-9e98-78acc098411b

    Error: (05/19/2014 05:25:07 AM) (Source: Application Virtualization Client) (EventID: 3134) (User: )
    Description: {tid=C54}
    0x80070002

    Error: (05/19/2014 05:19:36 AM) (Source: IDVault) (EventID: 0) (User: )
    Description: Interaction with the desktop is required. Enable desktop interaction flag in Properties->Log On.

    Error: (05/19/2014 05:19:36 AM) (Source: IDVault) (EventID: 0) (User: )
    Description: Display Flag Error Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))

    Error: (05/19/2014 05:19:29 AM) (Source: Wininit) (EventID: 1015) (User: )
    Description: C:\Windows\system32\lsass.exe00000000

    Error: (05/19/2014 05:11:35 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Explorer.EXE6.1.7601.175674d672ee4ntdll.dll6.1.7601.18247521eaf24c000000800000000000cd7e85e801cf7339c1401f2aC:\Windows\Explorer.EXEC:\Windows\SYSTEM32\ntdll.dll9329e5fa-df35-11e3-81a7-78acc098411b

    Error: (05/19/2014 04:39:23 AM) (Source: IDVault) (EventID: 0) (User: )
    Description: IDVault_Exited failed Process must exit before requested information can be determined. at System.Diagnostics.Process.EnsureState(State state)
    at System.Diagnostics.Process.get_ExitCode()
    at IDVaultSvc.IDVaultExecutionController.IDVault_Exited(Object sender, EventArgs e)

    Error: (05/19/2014 04:30:22 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: chromeinstall-7u55.exe7.0.550.14534cb50fchromeinstall-7u55.exe7.0.550.14534cb50fc0000409000130c6136001cf733c73c30f0cC:\Users\Sam\Downloads\chromeinstall-7u55.exeC:\Users\Sam\Downloads\chromeinstall-7u55.exed11e2c37-df2f-11e3-81a7-78acc098411b

    Error: (05/19/2014 04:23:45 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: iexplore.exe11.0.9600.1704153180888Flash64_13_0_0_206.ocx13.0.0.2065351a284c000000500000000007bf672bdc01cf733b6ac26ac3C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\Macromed\Flash\Flash64_13_0_0_206.ocxe470c50b-df2e-11e3-81a7-78acc098411b


    ==================== Memory info ===========================

    Percentage of memory in use: 54%
    Total physical RAM: 3839.29 MB
    Available physical RAM: 1748.12 MB
    Total Pagefile: 7678.57 MB
    Available Pagefile: 4663.1 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.82 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:918.5 GB) (Free:453.37 GB) NTFS
    Drive d: (HP_RECOVERY) (Fixed) (Total:12.91 GB) (Free:1.27 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 932 GB) (Disk ID: 6167C4D5)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=919 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=13 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-05-2014
    Ran by Sam (administrator) on SAM-HP on 19-05-2014 06:03:50
    Running from C:\Users\Sam\Downloads
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
    Internet Explorer Version 11
    Boot Mode: Normal

    The only official download link for FRST:
    Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
    Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
    See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (AMD) C:\Windows\System32\atiesrxx.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    () C:\Program Files\Acer\AcerSync\AcerSyncSystemService.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Ellora Assets Corp.) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
    (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    (White Sky, Inc.) C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe
    (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
    (PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
    () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    (Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
    (Memeo) C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe
    (Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    (Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
    () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
    (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    (Google Inc.) C:\Users\Sam\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe
    (White Sky, Inc.) C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
    (Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (SanDisk Corporation) C:\Program Files (x86)\SanDisk\SanDisk Media Manager\SanDiskMediaManager-Launcher.EXE
    (Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
    (ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.1.1.265\AsusWSPanel.exe
    (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
    (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
    (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe
    (Amazon Digital Services, LLC.) C:\Users\Sam\AppData\Local\Apps\2.0\A1K0M2BK.L7N\VPOE581B.4P1\amaz..tion_f2fa081ea2183235_0002.0004_9f25fd1982bf3008\AmazonCloudDrive.exe
    (Memeo) C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe
    (Microsoft Corporation) C:\Windows\System32\sdclt.exe
    () C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe
    (Sun Microsystems, Inc.) C:\Users\Sam\AppData\Local\Apps\2.0\A1K0M2BK.L7N\VPOE581B.4P1\amaz..tion_f2fa081ea2183235_0002.0004_9f25fd1982bf3008\LocalServiceJre\bin\AmazonCloudDriveW.exe
    () C:\Program Files (x86)\ASUS\WebStorage\2.1.1.265\AsusWSService.exe
    (Axentra Corporation) C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft) C:\Program Files\Acer\AcerSync\FOTA.exe
    (acer) C:\Program Files\Acer\AcerSync\AcerSyncLiveUpdate.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
    (Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
    (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
    (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
    (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
    (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
    (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
    (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
    (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
    (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
    (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe


    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [611896 2010-09-15] ()
    HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
    HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-05-12] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [664600 2010-09-28] (PDF Complete Inc)
    HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
    HKLM-x32\...\Run: [Memeo Instant Backup] => C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe [136416 2011-01-24] (Memeo Inc.)
    HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
    HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.1.1.265\AsusWSPanel.exe [5591872 2014-01-15] (ASUS Cloud Corporation)
    HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2013-10-10] (RealNetworks, Inc.)
    HKLM-x32\...\Run: [Seagate Dashboard] => C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe [79112 2011-06-01] ()
    HKLM-x32\...\Run: [Recordpad] => C:\Program Files (x86)\NCH Swift Sound\Recordpad\recordpad.exe [1314308 2011-05-06] (NCH Software)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
    HKLM-x32\...\Run: [AllShareAgent] => C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe [285072 2012-03-01] (Samsung Electronics Co., Ltd.)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
    HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-05-13] (Hewlett-Packard)
    HKU\S-1-5-21-2524037534-3531981673-270931832-1000\...\Run: [cdloader] => C:\Users\Sam\AppData\Roaming\mjusbsp\cdloader2.exe [50592 2012-02-01] (magicJack L.P.)
    HKU\S-1-5-21-2524037534-3531981673-270931832-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6563608 2014-02-16] (SUPERAntiSpyware)
    HKU\S-1-5-21-2524037534-3531981673-270931832-1000\...\Run: [GoogleChromeAutoLaunch_FD70E4195A4DE5E83920BD6414A71B17] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [841032 2014-05-07] (Google Inc.)
    HKU\S-1-5-21-2524037534-3531981673-270931832-1000\...\Run: [Google Update] => C:\Users\Sam\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-05-03] (Google Inc.)
    HKU\S-1-5-21-2524037534-3531981673-270931832-1000\...\Run: [Google+ Auto Backup] => C:\Users\Sam\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe [3701064 2014-03-26] (Google Inc.)
    HKU\S-1-5-21-2524037534-3531981673-270931832-1000\...\Run: [rulejwhq] => "C:\Users\Sam\AppData\Local\esxqeroq.exe"
    HKU\S-1-5-21-2524037534-3531981673-270931832-1000\...\Run: [ComcastAntispyClient] => "C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" /hide
    HKU\S-1-5-21-2524037534-3531981673-270931832-1000\...\MountPoints2: {e7d9a60b-74f6-11e0-aaf1-78acc098411b} - M:\ONSPCLCK.exe
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Constant Guard.lnk
    ShortcutTarget: Constant Guard.lnk -> C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe (White Sky, Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HRBlockDirect.lnk
    ShortcutTarget: HRBlockDirect.lnk -> C:\Program Files (x86)\HRBlockDirect\HRBlockDirect.exe (HR Block )
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SanDisk Media Manager.lnk
    ShortcutTarget: SanDisk Media Manager.lnk -> (No File)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
    ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish PictureMover.lnk
    ShortcutTarget: Snapfish PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
    Startup: C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Cloud Drive.appref-ms ()

    ==================== Internet (Whitelisted) ====================

    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/tt2/?cid=tbid05192014
    HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://xfinity.comcast.net/
    HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1me10IE11ENUS/WOL_WCP
    SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
    SearchScopes: HKLM-x32 - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
    SearchScopes: HKCU - {0FD7B4C5-178E-4258-8101-0242D4190EC6} URL = http://search.xfinity.com/?cat=web&con=toolbar&cid=xfstart_tech_search&q={searchTerms}
    SearchScopes: HKCU - {76E9350E-0392-9C19-F83A-99BC015260AF} URL = http://www.bing.com/search?q={searchTerms}&pc=Z039&form=ZGAIDF
    SearchScopes: HKCU - {858BFBD9-EE49-47E9-A1DD-CD2C5E43996B} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3244149
    SearchScopes: HKCU - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL =
    BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
    BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
    BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
    BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    BHO-x32: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation)
    BHO-x32: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL (Symantec Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    BHO-x32: Constant Guard Protection Suite - {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.14.425.1\NativeBHO.dll (WhiteSky)
    BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
    BHO-x32: Freemake.YoutubeButton - {e9e8eb35-ff77-455d-b677-91e5e4fc06c2} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
    BHO-x32: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
    Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation)
    Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
    Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    DPF: HKLM-x32 {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
    Handler: lbxfile - {56831180-F115-11d2-B6AA-00104B2B9943} - No File
    Handler: lbxres - {24508F1B-9E94-40EE-9759-9AF5795ADF52} - No File
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
    Handler-x32: lbxfile - {56831180-F115-11d2-B6AA-00104B2B9943} - C:\Program Files (x86)\Libronix DLS\System\FileProt.dll (Libronix Corporation)
    Handler-x32: lbxres - {24508F1B-9E94-40EE-9759-9AF5795ADF52} - C:\Program Files (x86)\Libronix DLS\System\ResProt.dll (Libronix Corporation)
    Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 192.168.1.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\72khpq1c.default
    FF Homepage: hxxp://xfinity.comcast.net/
    FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll ()
    FF Plugin: @microsoft.com/GENUINE - disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
    FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKCU: @hulu.com/Hulu Desktop - C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll (Hulu LLC)
    FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Sam\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Sam\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Sam\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
    FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101772.dll (Amazon.com, Inc.)
    FF Extension: XFINITY Constant Guard Protection Suite - C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\72khpq1c.default\Extensions\[email protected] [2014-05-19]
    FF Extension: No Name - C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\72khpq1c.default\Extensions\temp [2014-05-19]
    FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\
    FF Extension: Symantec IPS - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ []
    FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_13_2
    FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_13_2 [2014-05-19]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\
    FF Extension: Freemake Video Converter Plugin - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ []
    FF HKLM-x32\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\[email protected]\
    FF Extension: Freemake Video Downloader Plugin - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\[email protected]\ []
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\[email protected]\
    FF Extension: Freemake Youtube Download Button - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\[email protected]\ []
    FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
    FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []

    Chrome:
    =======
    CHR HomePage: hxxp://www.comcast.net/tt2/?cid=tbid05192014
    CHR DefaultSearchKeyword: xfinity.com search
    CHR DefaultSearchProvider: Xfinity.com Search
    CHR DefaultSearchURL: http://search.xfinity.com/?cat=web&con=toolbar&cid=xfstart_tech_search&q={searchTerms}
    CHR DefaultNewTabURL:
    CHR Extension: (XFINITY Constant Guard Protection Suite) - C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\faknfdmfmhcmgphbfjhgmomfcihmocmp [2014-05-19]
    CHR Extension: (RealDownloader) - C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-05-17]
    CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2014-05-17]
    CHR Extension: (Google Wallet) - C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-17]
    CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Users\Sam\AppData\Roaming\DVDVideoSoft\DVDVideoSoftBrowserExtension.crx [2012-11-26]
    CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-04-09]

    ==================== Services (Whitelisted) =================

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2013-04-19] (SUPERAntiSpyware.com)
    R2 AcerSyncSystemService; C:\Program Files\Acer\AcerSync\AcerSyncSystemService.exe [81304 2011-06-16] ()
    R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2014-03-12] (Ellora Assets Corp.)
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
    R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
    R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [130008 2011-04-16] (Symantec Corporation)
    R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
    R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
    R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1119768 2010-09-28] (PDF Complete Inc)
    R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
    R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
    R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1295416 2012-03-30] (Secunia)
    R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [681016 2012-03-30] (Secunia)

    ==================== Drivers (Whitelisted) ====================

    S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [31744 2012-07-20] (Google Inc)
    R1 AntiLog32; C:\Windows\system32\drivers\AntiLog64.sys [49752 2014-05-19] (Zemana Ltd.)
    R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20100810.004\BHDrvx64.sys [945200 2010-08-08] (Symantec Corporation)
    R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20100706.002\IDSVia64.sys [463408 2010-06-27] (Symantec Corporation)
    S3 libusb0; C:\Windows\SysWOW64\drivers\libusb0.sys [21504 2011-10-07] (http://libusb-win32.sourceforge.net)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-05-19] (Malwarebytes Corporation)
    R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
    S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20101001.002\ENG64.SYS [117808 2010-10-01] (Symantec Corporation)
    S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20101001.002\EX64.SYS [1804336 2010-10-01] (Symantec Corporation)
    R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
    R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
    S3 OV550I; C:\Windows\System32\Drivers\ov550ivx.sys [196992 2008-02-22] (Omnivision Technologies, Inc.)
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    S3 SMIGrabber3C; C:\Windows\System32\Drivers\SmiUsbGrabber3C.sys [811520 2009-05-14] (Windows (R) Win 7 DDK provider)
    S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS [744568 2011-03-30] (Symantec Corporation)
    R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS [40568 2011-03-30] (Symantec Corporation)
    R0 SymDS; C:\Windows\System32\drivers\NISx64\1207020.003\SYMDS64.SYS [450680 2011-01-27] (Symantec Corporation)
    R0 SymEFA; C:\Windows\System32\drivers\NISx64\1207020.003\SYMEFA64.SYS [912504 2011-03-14] (Symantec Corporation)
    R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2011-05-15] (Symantec Corporation)
    R1 SymIRON; C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [171128 2011-01-27] (Symantec Corporation)
    R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [386168 2011-04-20] (Symantec Corporation)

    ==================== NetSvcs (Whitelisted) ===================
    ============= End Of Log ============================
     
  5. sjdomin

    sjdomin Thread Starter

    Joined:
    Feb 20, 2005
    Messages:
    112
    ==================== One Month Created Files and Folders ========

    2014-05-19 06:03 - 2014-05-19 06:05 - 00031053 _____ () C:\Users\Sam\Downloads\FRST.txt
    2014-05-19 06:02 - 2014-05-19 06:03 - 00000000 ____D () C:\FRST
    2014-05-19 06:01 - 2014-05-19 06:02 - 02067456 _____ (Farbar) C:\Users\Sam\Downloads\FRST64.exe
    2014-05-19 05:51 - 2014-05-19 05:51 - 00004360 _____ () C:\Users\Sam\Desktop\AdwCleaner[S1].txt
    2014-05-19 05:33 - 2014-05-19 05:34 - 01328723 _____ () C:\Users\Sam\Downloads\AdwCleaner.exe
    2014-05-19 05:29 - 2014-05-19 05:29 - 00000000 ____D () C:\Users\Sam\Desktop\New folder
    2014-05-19 05:21 - 2014-05-19 05:45 - 00001126 _____ () C:\Windows\PFRO.log
    2014-05-19 05:16 - 2014-05-19 05:16 - 00448512 _____ (OldTimer Tools) C:\Users\Sam\Desktop\TFC.exe
    2014-05-19 04:53 - 2014-05-19 04:53 - 27769568 _____ (Microsoft Corporation) C:\Users\Sam\Downloads\Windows-KB890830-x64-V5.12.exe
    2014-05-19 04:39 - 2014-05-19 04:49 - 00000000 ____D () C:\Users\Sam\AppData\Local\ID Vault
    2014-05-19 04:39 - 2014-05-19 04:39 - 00000000 ____D () C:\Users\Sam\AppData\Local\White_Sky,_Inc
    2014-05-19 04:39 - 2014-05-19 04:39 - 00000000 ____D () C:\ProgramData\IsolatedStorage
    2014-05-19 04:38 - 2014-05-19 06:02 - 00000000 ____D () C:\Users\Sam\AppData\Roaming\ID Vault
    2014-05-19 04:38 - 2014-05-19 04:38 - 00049752 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\AntiLog64.sys
    2014-05-19 04:38 - 2014-05-19 04:38 - 00000000 ____D () C:\Windows\SysWOW64\ZALSDK_uninst
    2014-05-19 04:38 - 2014-05-19 04:38 - 00000000 ____D () C:\Users\Sam\AppData\Local\Zemana
    2014-05-19 04:38 - 2014-03-20 12:07 - 11603256 _____ (Zemana Ltd.) C:\Windows\SysWOW64\ZALSDKCore.dll
    2014-05-19 04:37 - 2014-05-19 04:39 - 00000000 ____D () C:\Program Files (x86)\Constant Guard Protection Suite
    2014-05-19 04:37 - 2014-05-19 04:37 - 00002275 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Constant Guard.lnk
    2014-05-19 04:37 - 2014-05-19 04:37 - 00002263 _____ () C:\Users\Public\Desktop\Constant Guard.lnk
    2014-05-19 04:37 - 2014-05-19 04:37 - 00000000 ____D () C:\ProgramData\White Sky, Inc
    2014-05-19 04:36 - 2014-05-19 04:36 - 19928392 _____ (White Sky, Inc.) C:\Users\Sam\Downloads\constantguard.exe
    2014-05-19 04:29 - 2014-05-19 04:29 - 00921512 _____ (Oracle Corporation) C:\Users\Sam\Downloads\chromeinstall-7u55.exe
    2014-05-18 16:25 - 2014-05-18 16:25 - 00007597 _____ () C:\Windows\IE11_main.log
    2014-05-18 16:25 - 2014-05-18 16:25 - 00000000 ___HD () C:\Windows\msdownld.tmp
    2014-05-18 16:24 - 2014-05-18 16:24 - 58080904 _____ (Microsoft Corporation) C:\Users\Sam\Downloads\EIE11_EN-US_WOL_WIN764.EXE
    2014-05-18 14:45 - 2014-05-18 14:47 - 13829304 _____ (Microsoft Corporation) C:\Users\Sam\Downloads\mseinstall.exe
    2014-05-18 12:53 - 2014-05-18 12:54 - 00380416 _____ () C:\Users\Sam\Downloads\tzipdven.exe
    2014-05-18 12:51 - 2014-05-18 12:52 - 00688992 ____R (Swearware) C:\Users\Sam\Downloads\dds.scr
    2014-05-18 12:29 - 2014-05-18 12:29 - 00000259 _____ () C:\Users\Sam\Documents\Malwarebytes Update File 18may14.txt
    2014-05-17 21:04 - 2014-05-17 21:04 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-05-17 21:04 - 2014-05-17 21:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-05-17 21:04 - 2014-05-17 21:04 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-05-17 21:04 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2014-05-17 21:04 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2014-05-17 21:04 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2014-05-17 12:10 - 2014-05-19 05:45 - 00000840 _____ () C:\Windows\setupact.log
    2014-05-17 12:10 - 2014-05-17 12:10 - 00000000 _____ () C:\Windows\setuperr.log
    2014-05-17 07:23 - 2014-05-17 07:23 - 00000000 ____D () C:\Users\Sam\AppData\Roaming\Tific
    2014-05-17 07:18 - 2014-05-17 07:18 - 00000000 ____D () C:\Users\Sam\AppData\Local\Symantec
    2014-05-17 06:33 - 2014-05-17 06:33 - 00000000 ____D () C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
    2014-05-17 06:31 - 2014-05-17 06:31 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
    2014-05-17 05:43 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
    2014-05-17 05:37 - 2014-05-19 05:44 - 00000000 ____D () C:\AdwCleaner
    2014-05-16 20:42 - 2014-05-17 10:57 - 00000000 ____D () C:\ProgramData\Sophos
    2014-05-16 12:57 - 2014-05-16 12:58 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys
    2014-05-16 12:45 - 2014-05-19 05:46 - 00003332 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2524037534-3531981673-270931832-1000
    2014-05-16 12:45 - 2014-05-19 05:46 - 00003194 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2524037534-3531981673-270931832-1000
    2014-05-16 12:09 - 2014-05-19 06:01 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-05-16 09:48 - 2014-05-17 16:15 - 00000000 ____D () C:\Users\Sam\AppData\Roaming\Ezxain
    2014-05-16 05:49 - 2014-05-17 16:15 - 00000000 ____D () C:\Users\Sam\AppData\Roaming\Exupmea
    2014-05-16 05:16 - 2014-05-16 05:16 - 06956094 ____R () C:\Users\Sam\Desktop\~ofC92 Backup_2014-05-16_051643.mbf
    2014-05-16 04:55 - 2014-05-17 16:14 - 00000000 ____D () C:\Users\Sam\AppData\Roaming\Hodouv
    2014-05-15 17:44 - 2014-05-17 16:49 - 00000000 ____D () C:\Users\Sam\AppData\Roaming\Polamur
    2014-05-15 09:01 - 2014-05-15 08:56 - 00019723 _____ () C:\Users\Sam\Documents\hijackthis.log
    2014-05-15 08:42 - 2014-05-15 08:42 - 01402880 _____ () C:\Users\Sam\Downloads\HiJackThis.msi
    2014-05-15 06:35 - 2014-05-15 06:35 - 00012326 _____ () C:\Users\Sam\AppData\Local\nahbbowa
    2014-05-15 06:34 - 2014-05-16 10:43 - 00000000 ____D () C:\Users\Sam\AppData\Roaming\Odyrro
    2014-05-15 06:34 - 2014-05-15 06:34 - 00068314 _____ () C:\Users\Sam\AppData\Local\tvchovsh
    2014-05-15 06:32 - 2014-05-15 06:32 - 00650598 _____ () C:\Users\Sam\AppData\Local\evtgngmx
    2014-05-15 06:22 - 2014-05-18 16:28 - 00003354 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2524037534-3531981673-270931832-1000
    2014-05-15 06:22 - 2014-05-18 16:28 - 00003216 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2524037534-3531981673-270931832-1000
    2014-05-14 03:06 - 2014-05-06 00:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-05-14 03:06 - 2014-05-06 00:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-05-14 03:06 - 2014-05-05 23:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2014-05-14 03:06 - 2014-05-05 23:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2014-05-14 03:06 - 2014-05-05 23:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2014-05-14 03:06 - 2014-05-05 22:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2014-05-14 02:28 - 2014-05-09 02:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2014-05-14 02:28 - 2014-05-09 02:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2014-05-14 02:28 - 2014-03-24 22:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
    2014-05-14 02:28 - 2014-03-24 22:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2014-05-14 02:27 - 2014-04-11 22:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2014-05-14 02:27 - 2014-04-11 22:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2014-05-14 02:27 - 2014-04-11 22:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2014-05-14 02:27 - 2014-04-11 22:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2014-05-14 02:27 - 2014-04-11 22:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2014-05-14 02:27 - 2014-04-11 22:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2014-05-14 02:27 - 2014-04-11 22:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2014-05-14 02:27 - 2014-04-11 22:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2014-05-14 02:27 - 2014-04-11 22:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2014-05-14 02:27 - 2014-03-04 05:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2014-05-14 02:27 - 2014-03-04 05:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2014-05-14 02:27 - 2014-03-04 05:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
    2014-05-14 02:27 - 2014-03-04 05:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
    2014-05-14 02:27 - 2014-03-04 05:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2014-05-14 02:27 - 2014-03-04 05:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2014-05-14 02:27 - 2014-03-04 05:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2014-05-14 02:27 - 2014-03-04 05:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2014-05-14 02:27 - 2014-03-04 05:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
    2014-05-14 02:27 - 2014-03-04 05:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
    2014-05-14 02:27 - 2014-03-04 05:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
    2014-05-14 02:27 - 2014-03-04 05:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
    2014-05-14 02:27 - 2014-03-04 05:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
    2014-05-14 02:27 - 2014-03-04 05:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
    2014-05-14 02:27 - 2014-03-04 05:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
    2014-05-14 02:27 - 2014-03-04 05:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2014-05-14 02:27 - 2014-03-04 05:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2014-05-14 02:27 - 2014-03-04 05:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2014-05-14 02:27 - 2014-03-04 05:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2014-05-14 02:27 - 2014-03-04 05:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
    2014-05-14 02:27 - 2014-03-04 05:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2014-05-14 02:27 - 2014-03-04 05:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2014-05-14 02:27 - 2014-03-04 05:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2014-05-14 02:27 - 2014-03-04 05:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2014-05-14 02:27 - 2014-03-04 05:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
    2014-05-14 02:27 - 2014-03-04 05:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
    2014-05-14 02:27 - 2014-03-04 05:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
    2014-05-14 02:27 - 2014-03-04 05:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
    2014-05-14 02:27 - 2014-03-04 05:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
    2014-05-14 02:27 - 2014-03-04 05:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
    2014-05-14 02:27 - 2014-03-04 05:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2014-05-14 02:27 - 2014-03-04 05:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2014-05-12 10:20 - 2014-05-12 10:20 - 00000962 _____ () C:\Users\Public\Desktop\calibre - E-book management.lnk
    2014-05-11 10:55 - 2014-05-11 10:55 - 00002177 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco Connect.lnk
    2014-05-11 10:55 - 2014-05-11 10:55 - 00000000 ____D () C:\Program Files (x86)\Cisco Systems
    2014-05-10 18:16 - 2014-05-10 18:16 - 00000000 ____D () C:\Users\Sam\AppData\Local\{DD8C26C5-1A5E-4BD0-AF9E-1297F211FB87}
    2014-05-09 11:40 - 2014-05-09 11:40 - 00003374 _____ () C:\Windows\System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2524037534-3531981673-270931832-1000
    2014-05-03 07:51 - 2014-05-19 05:09 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2524037534-3531981673-270931832-1000UA.job
    2014-05-03 07:51 - 2014-05-17 20:09 - 00000848 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2524037534-3531981673-270931832-1000Core.job
    2014-05-03 07:51 - 2014-05-07 20:04 - 00003866 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2524037534-3531981673-270931832-1000UA
    2014-05-03 07:51 - 2014-05-07 20:04 - 00003470 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2524037534-3531981673-270931832-1000Core
    2014-05-03 07:51 - 2014-05-03 07:51 - 00000000 ____D () C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
    2014-05-03 07:50 - 2014-05-03 07:50 - 00001108 _____ () C:\Users\Public\Desktop\Picasa 3.lnk
    2014-05-03 07:49 - 2014-05-03 07:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
    2014-05-02 06:20 - 2014-05-14 03:23 - 00000000 ___SD () C:\Windows\system32\CompatTel
    2014-04-23 04:20 - 2014-04-23 04:20 - 00000000 __SHD () C:\Users\Sam\AppData\Local\EmieUserList
    2014-04-23 04:20 - 2014-04-23 04:20 - 00000000 __SHD () C:\Users\Sam\AppData\Local\EmieSiteList
    2014-04-22 20:52 - 2014-03-06 05:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2014-04-22 20:52 - 2014-03-06 04:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2014-04-22 20:52 - 2014-03-06 04:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2014-04-22 20:52 - 2014-03-06 04:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2014-04-22 20:52 - 2014-03-06 04:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2014-04-22 20:52 - 2014-03-06 04:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2014-04-22 20:52 - 2014-03-06 04:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2014-04-22 20:52 - 2014-03-06 04:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2014-04-22 20:52 - 2014-03-06 03:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2014-04-22 20:52 - 2014-03-06 03:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2014-04-22 20:52 - 2014-03-06 03:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2014-04-22 20:52 - 2014-03-06 03:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2014-04-22 20:52 - 2014-03-06 03:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2014-04-22 20:52 - 2014-03-06 03:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2014-04-22 20:51 - 2014-03-06 04:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2014-04-22 20:51 - 2014-03-06 04:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2014-04-22 20:51 - 2014-03-06 04:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2014-04-22 20:51 - 2014-03-06 04:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2014-04-22 20:51 - 2014-03-06 04:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2014-04-22 20:51 - 2014-03-06 04:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2014-04-22 20:51 - 2014-03-06 04:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2014-04-22 20:51 - 2014-03-06 04:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2014-04-22 20:51 - 2014-03-06 04:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2014-04-22 20:51 - 2014-03-06 04:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2014-04-22 20:51 - 2014-03-06 03:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2014-04-22 20:51 - 2014-03-06 03:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2014-04-22 20:51 - 2014-03-06 03:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2014-04-22 20:51 - 2014-03-06 03:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2014-04-22 20:51 - 2014-03-06 03:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2014-04-22 20:51 - 2014-03-06 03:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2014-04-22 20:51 - 2014-03-06 03:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2014-04-22 20:51 - 2014-03-06 03:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2014-04-22 20:51 - 2014-03-06 03:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2014-04-22 20:51 - 2014-03-06 03:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2014-04-22 20:51 - 2014-03-06 02:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2014-04-22 20:51 - 2014-03-06 02:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2014-04-22 20:51 - 2014-03-06 02:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2014-04-22 20:51 - 2014-03-06 02:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2014-04-22 20:51 - 2014-03-06 02:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2014-04-22 20:51 - 2014-03-06 01:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2014-04-22 20:51 - 2014-03-06 01:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2014-04-22 20:51 - 2014-03-06 01:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2014-04-22 20:51 - 2014-03-06 01:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2014-04-22 20:51 - 2014-03-06 01:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2014-04-19 04:55 - 2014-04-19 04:55 - 00000000 ____D () C:\Users\Sam\AppData\Roaming\Oracle
    2014-04-19 04:53 - 2014-04-19 04:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2014-04-19 04:53 - 2014-04-14 20:13 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
    2014-04-19 04:53 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
    2014-04-19 04:53 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
    2014-04-19 04:53 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
    2014-04-19 04:52 - 2014-04-19 04:53 - 00004129 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log

    ==================== One Month Modified Files and Folders =======

    2014-05-19 06:05 - 2014-05-19 06:03 - 00031053 _____ () C:\Users\Sam\Downloads\FRST.txt
    2014-05-19 06:03 - 2014-05-19 06:02 - 00000000 ____D () C:\FRST
    2014-05-19 06:02 - 2014-05-19 06:01 - 02067456 _____ (Farbar) C:\Users\Sam\Downloads\FRST64.exe
    2014-05-19 06:02 - 2014-05-19 04:38 - 00000000 ____D () C:\Users\Sam\AppData\Roaming\ID Vault
    2014-05-19 06:01 - 2014-05-16 12:09 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-05-19 05:54 - 2013-12-22 18:17 - 00000000 ____D () C:\Users\Sam\AppData\Roaming\WebStorage
    2014-05-19 05:54 - 2011-05-05 11:59 - 00000000 ____D () C:\Windows\System32\Tasks\NCH Swift Sound
    2014-05-19 05:52 - 2012-03-18 10:17 - 00000000 ____D () C:\Users\Sam\AppData\Local\Deployment
    2014-05-19 05:51 - 2014-05-19 05:51 - 00004360 _____ () C:\Users\Sam\Desktop\AdwCleaner[S1].txt
    2014-05-19 05:46 - 2014-05-16 12:45 - 00003332 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2524037534-3531981673-270931832-1000
    2014-05-19 05:46 - 2014-05-16 12:45 - 00003194 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2524037534-3531981673-270931832-1000
    2014-05-19 05:46 - 2013-10-10 01:52 - 00000490 _____ () C:\Windows\Tasks\ParetoLogic Update Version3 Startup Task.job
    2014-05-19 05:46 - 2012-08-10 16:46 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-05-19 05:46 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-05-19 05:45 - 2014-05-19 05:21 - 00001126 _____ () C:\Windows\PFRO.log
    2014-05-19 05:45 - 2014-05-17 12:10 - 00000840 _____ () C:\Windows\setupact.log
    2014-05-19 05:44 - 2014-05-17 05:37 - 00000000 ____D () C:\AdwCleaner
    2014-05-19 05:44 - 2011-03-01 21:21 - 01116802 _____ () C:\Windows\WindowsUpdate.log
    2014-05-19 05:41 - 2009-07-14 00:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-05-19 05:41 - 2009-07-14 00:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-05-19 05:38 - 2011-06-05 07:21 - 00000000 ____D () C:\Users\Sam\AppData\Local\CrashDumps
    2014-05-19 05:34 - 2014-05-19 05:33 - 01328723 _____ () C:\Users\Sam\Downloads\AdwCleaner.exe
    2014-05-19 05:30 - 2012-08-10 16:46 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-05-19 05:29 - 2014-05-19 05:29 - 00000000 ____D () C:\Users\Sam\Desktop\New folder
    2014-05-19 05:26 - 2011-05-02 16:09 - 00106480 _____ () C:\Users\Sam\AppData\Local\GDIPFONTCACHEV1.DAT
    2014-05-19 05:16 - 2014-05-19 05:16 - 00448512 _____ (OldTimer Tools) C:\Users\Sam\Desktop\TFC.exe
    2014-05-19 05:09 - 2014-05-03 07:51 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2524037534-3531981673-270931832-1000UA.job
    2014-05-19 04:53 - 2014-05-19 04:53 - 27769568 _____ (Microsoft Corporation) C:\Users\Sam\Downloads\Windows-KB890830-x64-V5.12.exe
    2014-05-19 04:49 - 2014-05-19 04:39 - 00000000 ____D () C:\Users\Sam\AppData\Local\ID Vault
    2014-05-19 04:39 - 2014-05-19 04:39 - 00000000 ____D () C:\Users\Sam\AppData\Local\White_Sky,_Inc
    2014-05-19 04:39 - 2014-05-19 04:39 - 00000000 ____D () C:\ProgramData\IsolatedStorage
    2014-05-19 04:39 - 2014-05-19 04:37 - 00000000 ____D () C:\Program Files (x86)\Constant Guard Protection Suite
    2014-05-19 04:38 - 2014-05-19 04:38 - 00049752 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\AntiLog64.sys
    2014-05-19 04:38 - 2014-05-19 04:38 - 00000000 ____D () C:\Windows\SysWOW64\ZALSDK_uninst
    2014-05-19 04:38 - 2014-05-19 04:38 - 00000000 ____D () C:\Users\Sam\AppData\Local\Zemana
    2014-05-19 04:38 - 2011-12-17 17:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-05-19 04:37 - 2014-05-19 04:37 - 00002275 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Constant Guard.lnk
    2014-05-19 04:37 - 2014-05-19 04:37 - 00002263 _____ () C:\Users\Public\Desktop\Constant Guard.lnk
    2014-05-19 04:37 - 2014-05-19 04:37 - 00000000 ____D () C:\ProgramData\White Sky, Inc
    2014-05-19 04:37 - 2009-07-13 23:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
    2014-05-19 04:36 - 2014-05-19 04:36 - 19928392 _____ (White Sky, Inc.) C:\Users\Sam\Downloads\constantguard.exe
    2014-05-19 04:29 - 2014-05-19 04:29 - 00921512 _____ (Oracle Corporation) C:\Users\Sam\Downloads\chromeinstall-7u55.exe
    2014-05-18 20:05 - 2011-05-08 17:38 - 00000000 ____D () C:\ProgramData\DVD Shrink
    2014-05-18 16:35 - 2011-08-15 20:40 - 00000000 ____D () C:\Windows\Minidump
    2014-05-18 16:35 - 2011-03-02 00:32 - 00336125 ____N () C:\Windows\Minidump\051814-68796-01.dmp
    2014-05-18 16:28 - 2014-05-15 06:22 - 00003354 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2524037534-3531981673-270931832-1000
    2014-05-18 16:28 - 2014-05-15 06:22 - 00003216 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2524037534-3531981673-270931832-1000
    2014-05-18 16:25 - 2014-05-18 16:25 - 00007597 _____ () C:\Windows\IE11_main.log
    2014-05-18 16:25 - 2014-05-18 16:25 - 00000000 ___HD () C:\Windows\msdownld.tmp
    2014-05-18 16:24 - 2014-05-18 16:24 - 58080904 _____ (Microsoft Corporation) C:\Users\Sam\Downloads\EIE11_EN-US_WOL_WIN764.EXE
    2014-05-18 15:07 - 2011-03-02 00:32 - 00336125 ____N () C:\Windows\Minidump\051814-45567-01.dmp
    2014-05-18 14:47 - 2014-05-18 14:45 - 13829304 _____ (Microsoft Corporation) C:\Users\Sam\Downloads\mseinstall.exe
    2014-05-18 14:46 - 2011-06-26 19:55 - 00003910 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{D23119A3-D0AD-4491-86FE-56FC887310EE}
    2014-05-18 12:54 - 2014-05-18 12:53 - 00380416 _____ () C:\Users\Sam\Downloads\tzipdven.exe
    2014-05-18 12:52 - 2014-05-18 12:51 - 00688992 ____R (Swearware) C:\Users\Sam\Downloads\dds.scr
    2014-05-18 12:29 - 2014-05-18 12:29 - 00000259 _____ () C:\Users\Sam\Documents\Malwarebytes Update File 18may14.txt
    2014-05-17 22:00 - 2011-09-03 11:12 - 00000987 _____ () C:\Users\Sam\Desktop\magicJack.lnk
    2014-05-17 22:00 - 2011-09-03 11:12 - 00000973 _____ () C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\magicJack.lnk
    2014-05-17 22:00 - 2011-09-03 11:12 - 00000000 ____D () C:\Users\Sam\AppData\Roaming\mjusbsp
    2014-05-17 21:04 - 2014-05-17 21:04 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-05-17 21:04 - 2014-05-17 21:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-05-17 21:04 - 2014-05-17 21:04 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-05-17 20:49 - 2011-05-02 17:57 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
    2014-05-17 20:36 - 2011-11-30 17:46 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
    2014-05-17 20:34 - 2013-05-14 20:38 - 00305664 ___SH () C:\Users\Sam\Desktop\Thumbs.db
    2014-05-17 20:09 - 2014-05-03 07:51 - 00000848 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2524037534-3531981673-270931832-1000Core.job
    2014-05-17 17:02 - 2011-03-02 00:32 - 00336125 ____N () C:\Windows\Minidump\051714-61058-01.dmp
    2014-05-17 16:49 - 2014-05-15 17:44 - 00000000 ____D () C:\Users\Sam\AppData\Roaming\Polamur
    2014-05-17 16:41 - 2011-03-02 00:32 - 00336125 ____N () C:\Windows\Minidump\051714-52151-01.dmp
    2014-05-17 16:15 - 2014-05-16 09:48 - 00000000 ____D () C:\Users\Sam\AppData\Roaming\Ezxain
    2014-05-17 16:15 - 2014-05-16 05:49 - 00000000 ____D () C:\Users\Sam\AppData\Roaming\Exupmea
    2014-05-17 16:14 - 2014-05-16 04:55 - 00000000 ____D () C:\Users\Sam\AppData\Roaming\Hodouv
    2014-05-17 14:27 - 2012-02-01 19:24 - 00003174 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForSam
    2014-05-17 14:27 - 2012-02-01 19:24 - 00000324 _____ () C:\Windows\Tasks\HPCeeScheduleForSam.job
    2014-05-17 13:11 - 2012-09-28 06:06 - 00007599 _____ () C:\Users\Sam\AppData\Local\Resmon.ResmonCfg
    2014-05-17 13:06 - 2013-06-10 04:31 - 00000000 ____D () C:\Users\Sam\Desktop\AntiViral
    2014-05-17 12:10 - 2014-05-17 12:10 - 00000000 _____ () C:\Windows\setuperr.log
    2014-05-17 11:53 - 2011-05-02 17:59 - 00000000 ____D () C:\ProgramData\Recovery
    2014-05-17 10:57 - 2014-05-16 20:42 - 00000000 ____D () C:\ProgramData\Sophos
    2014-05-17 07:23 - 2014-05-17 07:23 - 00000000 ____D () C:\Users\Sam\AppData\Roaming\Tific
    2014-05-17 07:21 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
    2014-05-17 07:18 - 2014-05-17 07:18 - 00000000 ____D () C:\Users\Sam\AppData\Local\Symantec
    2014-05-17 06:33 - 2014-05-17 06:33 - 00000000 ____D () C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
    2014-05-17 06:31 - 2014-05-17 06:31 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
    2014-05-16 12:58 - 2014-05-16 12:57 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys
    2014-05-16 12:23 - 2009-07-24 15:22 - 00000000 ____D () C:\Windows\Panther
    2014-05-16 12:09 - 2011-11-16 22:39 - 00000000 ____D () C:\Users\Sam\AppData\Roaming\Malwarebytes
    2014-05-16 12:09 - 2011-11-16 22:38 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-05-16 10:43 - 2014-05-15 06:34 - 00000000 ____D () C:\Users\Sam\AppData\Roaming\Odyrro
    2014-05-16 05:16 - 2014-05-16 05:16 - 06956094 ____R () C:\Users\Sam\Desktop\~ofC92 Backup_2014-05-16_051643.mbf
    2014-05-16 05:16 - 2011-05-04 06:46 - 00000000 ____D () C:\Users\Sam\Desktop\Money Backups
    2014-05-15 20:26 - 2013-04-03 13:04 - 00000000 ____D () C:\ProgramData\pdf995
    2014-05-15 20:26 - 2011-12-06 08:04 - 00000000 ____D () C:\ProgramData\Real
    2014-05-15 20:26 - 2011-05-02 16:10 - 00000000 ___RD () C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    2014-05-15 20:26 - 2011-03-01 21:56 - 00000000 ____D () C:\ProgramData\Norton
    2014-05-15 20:26 - 2011-03-01 21:42 - 00000000 ____D () C:\ProgramData\RoxioNow
    2014-05-15 20:26 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration
    2014-05-15 16:28 - 2011-05-02 16:01 - 00000000 ____D () C:\Users\Sam
    2014-05-15 08:56 - 2014-05-15 09:01 - 00019723 _____ () C:\Users\Sam\Documents\hijackthis.log
    2014-05-15 08:42 - 2014-05-15 08:42 - 01402880 _____ () C:\Users\Sam\Downloads\HiJackThis.msi
    2014-05-15 06:50 - 2012-10-25 09:58 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
    2014-05-15 06:35 - 2014-05-15 06:35 - 00012326 _____ () C:\Users\Sam\AppData\Local\nahbbowa
    2014-05-15 06:34 - 2014-05-15 06:34 - 00068314 _____ () C:\Users\Sam\AppData\Local\tvchovsh
    2014-05-15 06:32 - 2014-05-15 06:32 - 00650598 _____ () C:\Users\Sam\AppData\Local\evtgngmx
    2014-05-14 06:37 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
    2014-05-14 03:27 - 2011-05-02 16:10 - 00000000 ___RD () C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
    2014-05-14 03:23 - 2014-05-02 06:20 - 00000000 ___SD () C:\Windows\system32\CompatTel
    2014-05-14 03:06 - 2013-08-01 20:52 - 00000000 ____D () C:\Windows\system32\MRT
    2014-05-13 20:58 - 2011-10-27 11:52 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
    2014-05-13 20:58 - 2011-05-03 21:08 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
    2014-05-13 07:04 - 2011-03-01 21:43 - 00000000 ____D () C:\ProgramData\PDFC
    2014-05-12 15:17 - 2011-05-02 20:54 - 00000000 ____D () C:\Users\Sam\Calibre Library
    2014-05-12 14:30 - 2013-11-30 18:34 - 00000000 ____D () C:\Users\Sam\AppData\Local\calibre-cache
    2014-05-12 10:20 - 2014-05-12 10:20 - 00000962 _____ () C:\Users\Public\Desktop\calibre - E-book management.lnk
    2014-05-12 10:20 - 2011-05-02 20:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
    2014-05-12 10:20 - 2011-05-02 20:54 - 00000000 ____D () C:\Program Files (x86)\Calibre2
    2014-05-11 20:31 - 2013-02-24 06:09 - 00000000 ____D () C:\Users\Sam\Documents\My Kindle Content
    2014-05-11 20:31 - 2011-11-27 18:24 - 00000000 ____D () C:\Users\Sam\AppData\Roaming\SoftGrid Client
    2014-05-11 14:41 - 2012-04-10 17:30 - 00068096 _____ () C:\Users\Sam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2014-05-11 10:55 - 2014-05-11 10:55 - 00002177 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco Connect.lnk
    2014-05-11 10:55 - 2014-05-11 10:55 - 00000000 ____D () C:\Program Files (x86)\Cisco Systems
    2014-05-10 18:16 - 2014-05-10 18:16 - 00000000 ____D () C:\Users\Sam\AppData\Local\{DD8C26C5-1A5E-4BD0-AF9E-1297F211FB87}
    2014-05-10 18:16 - 2011-05-19 13:23 - 00000000 ____D () C:\Users\Sam\AppData\Local\Windows Live
    2014-05-10 04:09 - 2011-05-03 08:18 - 00000384 _____ () C:\Windows\Tasks\FileCure Default.job
    2014-05-09 11:40 - 2014-05-09 11:40 - 00003374 _____ () C:\Windows\System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2524037534-3531981673-270931832-1000
    2014-05-09 02:14 - 2014-05-14 02:28 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2014-05-09 02:11 - 2014-05-14 02:28 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2014-05-07 20:04 - 2014-05-03 07:51 - 00003866 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2524037534-3531981673-270931832-1000UA
    2014-05-07 20:04 - 2014-05-03 07:51 - 00003470 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2524037534-3531981673-270931832-1000Core
    2014-05-07 10:25 - 2012-08-10 16:46 - 00003888 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2014-05-07 10:25 - 2012-08-10 16:46 - 00003636 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2014-05-06 00:40 - 2014-05-14 03:06 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-05-06 00:17 - 2014-05-14 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-05-05 23:25 - 2014-05-14 03:06 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2014-05-05 23:07 - 2014-05-14 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2014-05-05 23:00 - 2014-05-14 03:06 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2014-05-05 22:10 - 2014-05-14 03:06 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2014-05-04 17:12 - 2011-05-06 06:50 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2014-05-03 07:51 - 2014-05-03 07:51 - 00000000 ____D () C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
    2014-05-03 07:51 - 2012-08-10 16:46 - 00000000 ____D () C:\Users\Sam\AppData\Local\Google
    2014-05-03 07:50 - 2014-05-03 07:50 - 00001108 _____ () C:\Users\Public\Desktop\Picasa 3.lnk
    2014-05-03 07:49 - 2014-05-03 07:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
    2014-05-03 07:49 - 2012-08-10 16:46 - 00000000 ____D () C:\Program Files (x86)\Google
    2014-05-03 07:44 - 2012-07-06 17:26 - 00000000 ____D () C:\Users\Sam\AppData\Local\Adobe
    2014-05-03 07:44 - 2012-05-10 04:55 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2014-05-03 07:44 - 2011-05-15 19:28 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2014-04-27 17:07 - 2011-06-02 05:04 - 00003214 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForSAM-HP$
    2014-04-27 17:07 - 2011-06-02 05:04 - 00000338 _____ () C:\Windows\Tasks\HPCeeScheduleForSAM-HP$.job
    2014-04-23 04:20 - 2014-04-23 04:20 - 00000000 __SHD () C:\Users\Sam\AppData\Local\EmieUserList
    2014-04-23 04:20 - 2014-04-23 04:20 - 00000000 __SHD () C:\Users\Sam\AppData\Local\EmieSiteList
    2014-04-23 04:05 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
    2014-04-22 05:41 - 2012-12-17 15:00 - 00000000 ____D () C:\Users\Sam\Documents\User Manuals
    2014-04-19 04:55 - 2014-04-19 04:55 - 00000000 ____D () C:\Users\Sam\AppData\Roaming\Oracle
    2014-04-19 04:54 - 2013-11-01 04:58 - 00000000 ____D () C:\ProgramData\Oracle
    2014-04-19 04:53 - 2014-04-19 04:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2014-04-19 04:53 - 2014-04-19 04:52 - 00004129 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
    2014-04-19 04:53 - 2013-11-01 05:00 - 00000000 ____D () C:\Program Files (x86)\Java

    ZeroAccess:
    C:\$Recycle.Bin\S-1-5-21-2524037534-3531981673-270931832-1000\$c59173e43f54fc470c3e7eea5570f4fb

    Some content of TEMP:
    ====================
    C:\Users\Sam\AppData\Local\Temp\Quarantine.exe
    C:\Users\Sam\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe
    [2014-05-14 02:27] - [2014-03-04 05:43] - 0455168 ____A (Microsoft Corporation) 88AB9B72B4BF3963A0DE0820B4B0B06C

    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


    LastRegBack: 2014-05-09 07:00

    =======
     
  6. Mark1956

    Mark1956 Malware Specialist

    Joined:
    May 7, 2011
    Messages:
    14,142
    You have a ZeroAccess Rootkit infection. There are a few other orphan entries that need to be removed but first we will take out the Rootkit. Once this is done please tell me how well the system is performing.

    Download the attachment at the bottom of this post by clicking on it and save it in the same location as FRST.

    • Launch FRST by double clicking on it.
    • When the FRST window opens click on the Fix button just once and wait.
    • The tool will make a log in the same location the program is run from (Fixlog.txt) please Copy & Paste it into your next reply.
     

    Attached Files:

  7. Mark1956

    Mark1956 Malware Specialist

    Joined:
    May 7, 2011
    Messages:
    14,142
    Please follow my post above, I just had to come back and post again as I missed something. You have two Anti Virus programs on this system. You should never have more than one as even when only one is active, conflicts can occur as most AV's leave drivers running in the background even when they are disabled.

    You need to uninstall one of them. I would recommend you keep Microsoft Security Essentials as this is free for life and will put less of a demand on system resources compared with Norton. If you choose to remove Norton you can use the Windows Firewall or get the free version of Comodo.

    Please tell me which one you have removed as a clean up tool will need to be run to remove the remnants.

    Also, I see you had used Adwcleaner before I posted my instructions and it removed a lot of Adware, as the second scan still shows detections it needs to be run again, just as you did before and post the new log. Follow the FRST instructions above first.
     
  8. sjdomin

    sjdomin Thread Starter

    Joined:
    Feb 20, 2005
    Messages:
    112
    Thanks very much.
    Before I begin to follow your instructions, two questions:
    Can I run the FRST scan in Safe mode Without Networking in order to avoid the constant Malwarebytes popups. (I am communicating with you on a laptop that is so far uninfected so I don't need networking on the infected desktop)
    and should I uninstall Norton even though I don't use it and it is not running
     
  9. Mark1956

    Mark1956 Malware Specialist

    Joined:
    May 7, 2011
    Messages:
    14,142
    You can run FRST in Safe Mode, but it would be best to run in Normal Mode and just disable Malwarebytes if it causes a problem, I've not known it to interfere with FRST. What message is Malwarebytes showing when it keeps popping up?

    As I said above, most Anti Virus programs still have drivers running in the background even though it may appear to be disabled, a quick look at your list of running services shows 9 for Norton. It should be uninstalled completely then go here: Norton Uninstall Tool Download and run the clean up tool to remove all the remnants.

    The most urgent thing is to get that Rootkit off the system following the instructions I posted, then remove Norton and run the clean up tool. Make sure you post the fixlog from FRST and report on how the system is running.
     
  10. sjdomin

    sjdomin Thread Starter

    Joined:
    Feb 20, 2005
    Messages:
    112
    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-05-2014
    Ran by Sam (administrator) on SAM-HP on 23-05-2014 09:57:41
    Running from C:\Users\Sam\Desktop
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
    Internet Explorer Version 11
    Boot Mode: Safe Mode (with Networking)

    The only official download link for FRST:
    Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
    Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
    See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE


    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [611896 2010-09-15] ()
    HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
    HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-05-12] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [664600 2010-09-28] (PDF Complete Inc)
    HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
    HKLM-x32\...\Run: [Memeo Instant Backup] => C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe [136416 2011-01-24] (Memeo Inc.)
    HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
    HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.1.1.265\AsusWSPanel.exe [5591872 2014-01-15] (ASUS Cloud Corporation)
    HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2013-10-10] (RealNetworks, Inc.)
    HKLM-x32\...\Run: [Seagate Dashboard] => C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe [79112 2011-06-01] ()
    HKLM-x32\...\Run: [Recordpad] => C:\Program Files (x86)\NCH Swift Sound\Recordpad\recordpad.exe [1314308 2011-05-06] (NCH Software)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
    HKLM-x32\...\Run: [AllShareAgent] => C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe [285072 2012-03-01] (Samsung Electronics Co., Ltd.)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
    HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-05-13] (Hewlett-Packard)
    HKU\S-1-5-21-2524037534-3531981673-270931832-1000\...\Run: [cdloader] => C:\Users\Sam\AppData\Roaming\mjusbsp\cdloader2.exe [50592 2012-02-01] (magicJack L.P.)
    HKU\S-1-5-21-2524037534-3531981673-270931832-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6563608 2014-02-16] (SUPERAntiSpyware)
    HKU\S-1-5-21-2524037534-3531981673-270931832-1000\...\Run: [GoogleChromeAutoLaunch_FD70E4195A4DE5E83920BD6414A71B17] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [841032 2014-05-07] (Google Inc.)
    HKU\S-1-5-21-2524037534-3531981673-270931832-1000\...\Run: [Google Update] => C:\Users\Sam\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-05-03] (Google Inc.)
    HKU\S-1-5-21-2524037534-3531981673-270931832-1000\...\Run: [Google+ Auto Backup] => C:\Users\Sam\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe [3701064 2014-03-26] (Google Inc.)
    HKU\S-1-5-21-2524037534-3531981673-270931832-1000\...\Run: [rulejwhq] => "C:\Users\Sam\AppData\Local\esxqeroq.exe"
    HKU\S-1-5-21-2524037534-3531981673-270931832-1000\...\Run: [ComcastAntispyClient] => "C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" /hide
    HKU\S-1-5-21-2524037534-3531981673-270931832-1000\...\MountPoints2: {e7d9a60b-74f6-11e0-aaf1-78acc098411b} - M:\ONSPCLCK.exe
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Constant Guard.lnk
    ShortcutTarget: Constant Guard.lnk -> C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe (White Sky, Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HRBlockDirect.lnk
    ShortcutTarget: HRBlockDirect.lnk -> C:\Program Files (x86)\HRBlockDirect\HRBlockDirect.exe (HR Block )
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SanDisk Media Manager.lnk
    ShortcutTarget: SanDisk Media Manager.lnk -> (No File)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
    ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish PictureMover.lnk
    ShortcutTarget: Snapfish PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
    Startup: C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Cloud Drive.appref-ms ()

    ==================== Internet (Whitelisted) ====================

    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/tt2/?cid=tbid05192014
    HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://xfinity.comcast.net/
    HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1me10IE11ENUS/WOL_WCP
    SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
    SearchScopes: HKLM-x32 - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
    SearchScopes: HKCU - {0FD7B4C5-178E-4258-8101-0242D4190EC6} URL = http://search.xfinity.com/?cat=web&con=toolbar&cid=xfstart_tech_search&q={searchTerms}
    SearchScopes: HKCU - {76E9350E-0392-9C19-F83A-99BC015260AF} URL = http://www.bing.com/search?q={searchTerms}&pc=Z039&form=ZGAIDF
    SearchScopes: HKCU - {858BFBD9-EE49-47E9-A1DD-CD2C5E43996B} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3244149
    SearchScopes: HKCU - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL =
    BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
    BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
    BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
    BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    BHO-x32: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation)
    BHO-x32: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL (Symantec Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    BHO-x32: Constant Guard Protection Suite - {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.14.425.1\NativeBHO.dll (WhiteSky)
    BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
    BHO-x32: Freemake.YoutubeButton - {e9e8eb35-ff77-455d-b677-91e5e4fc06c2} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
    BHO-x32: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
    Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation)
    Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
    Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    DPF: HKLM-x32 {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
    Handler: lbxfile - {56831180-F115-11d2-B6AA-00104B2B9943} - No File
    Handler: lbxres - {24508F1B-9E94-40EE-9759-9AF5795ADF52} - No File
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
    Handler-x32: lbxfile - {56831180-F115-11d2-B6AA-00104B2B9943} - C:\Program Files (x86)\Libronix DLS\System\FileProt.dll (Libronix Corporation)
    Handler-x32: lbxres - {24508F1B-9E94-40EE-9759-9AF5795ADF52} - C:\Program Files (x86)\Libronix DLS\System\ResProt.dll (Libronix Corporation)
    Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 192.168.1.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\72khpq1c.default
    FF Homepage: hxxp://xfinity.comcast.net/
    FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll ()
    FF Plugin: @microsoft.com/GENUINE - disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
    FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKCU: @hulu.com/Hulu Desktop - C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll (Hulu LLC)
    FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Sam\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Sam\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Sam\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
    FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101772.dll (Amazon.com, Inc.)
    FF Extension: XFINITY Constant Guard Protection Suite - C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\72khpq1c.default\Extensions\[email protected] [2014-05-19]
    FF Extension: No Name - C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\72khpq1c.default\Extensions\temp [2014-05-19]
    FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\
    FF Extension: Symantec IPS - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ []
    FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_13_2
    FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_13_2 [2014-05-22]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\
    FF Extension: Freemake Video Converter Plugin - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ []
    FF HKLM-x32\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\[email protected]\
    FF Extension: Freemake Video Downloader Plugin - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\[email protected]\ []
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\[email protected]\
    FF Extension: Freemake Youtube Download Button - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\[email protected]\ []
    FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
    FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []

    Chrome:
    =======
    CHR HomePage: hxxp://www.comcast.net/tt2/?cid=tbid05192014
    CHR Extension: (XFINITY Constant Guard Protection Suite) - C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\faknfdmfmhcmgphbfjhgmomfcihmocmp [2014-05-19]
    CHR Extension: (RealDownloader) - C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-05-17]
    CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2014-05-17]
    CHR Extension: (Google Wallet) - C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-17]
    CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Users\Sam\AppData\Roaming\DVDVideoSoft\DVDVideoSoftBrowserExtension.crx [2012-11-26]
    CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-04-09]

    ==================== Services (Whitelisted) =================

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2013-04-19] (SUPERAntiSpyware.com)
    S2 AcerSyncSystemService; C:\Program Files\Acer\AcerSync\AcerSyncSystemService.exe [81304 2011-06-16] ()
    S2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2014-03-12] (Ellora Assets Corp.)
    S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
    S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
    R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
    S2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [130008 2011-04-16] (Symantec Corporation)
    S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
    S2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
    S2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1119768 2010-09-28] (PDF Complete Inc)
    S2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
    S2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
    S2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1295416 2012-03-30] (Secunia)
    S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [681016 2012-03-30] (Secunia)

    ==================== Drivers (Whitelisted) ====================

    S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [31744 2012-07-20] (Google Inc)
    S1 AntiLog32; C:\Windows\system32\drivers\AntiLog64.sys [49752 2014-05-19] (Zemana Ltd.)
    S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20100810.004\BHDrvx64.sys [945200 2010-08-08] (Symantec Corporation)
    S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20100706.002\IDSVia64.sys [463408 2010-06-27] (Symantec Corporation)
    S3 libusb0; C:\Windows\SysWOW64\drivers\libusb0.sys [21504 2011-10-07] (http://libusb-win32.sourceforge.net)
    S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
    S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
    S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
    S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20101001.002\ENG64.SYS [117808 2010-10-01] (Symantec Corporation)
    S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20101001.002\EX64.SYS [1804336 2010-10-01] (Symantec Corporation)
    S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
    S2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
    S3 OV550I; C:\Windows\System32\Drivers\ov550ivx.sys [196992 2008-02-22] (Omnivision Technologies, Inc.)
    S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    S3 SMIGrabber3C; C:\Windows\System32\Drivers\SmiUsbGrabber3C.sys [811520 2009-05-14] (Windows (R) Win 7 DDK provider)
    S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS [744568 2011-03-30] (Symantec Corporation)
    S1 SRTSPX; C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS [40568 2011-03-30] (Symantec Corporation)
    R0 SymDS; C:\Windows\System32\drivers\NISx64\1207020.003\SYMDS64.SYS [450680 2011-01-27] (Symantec Corporation)
    R0 SymEFA; C:\Windows\System32\drivers\NISx64\1207020.003\SYMEFA64.SYS [912504 2011-03-14] (Symantec Corporation)
    S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2011-05-15] (Symantec Corporation)
    S1 SymIRON; C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [171128 2011-01-27] (Symantec Corporation)
    S1 SymNetS; C:\Windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [386168 2011-04-20] (Symantec Corporation)

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2014-05-23 08:48 - 2014-05-23 08:37 - 02067456 _____ (Farbar) C:\Users\Sam\Desktop\FRST64.exe
    2014-05-23 08:48 - 2014-05-23 08:35 - 01326389 _____ () C:\Users\Sam\Desktop\AdwCleaner.exe
    2014-05-23 08:43 - 2014-05-23 08:45 - 00000000 ____D () C:\Users\Sam\Desktop\New folder
    2014-05-19 06:10 - 2014-05-23 09:57 - 00001021 _____ () C:\Users\Sam\Desktop\FRST.txt
    2014-05-19 06:10 - 2014-05-19 06:10 - 00057612 _____ () C:\Users\Sam\Desktop\Addition.txt
    2014-05-19 06:06 - 2014-05-19 06:08 - 00057612 _____ () C:\Users\Sam\Downloads\Addition.txt
    2014-05-19 06:03 - 2014-05-19 06:08 - 00068428 _____ () C:\Users\Sam\Downloads\FRST.txt
    2014-05-19 06:02 - 2014-05-23 09:57 - 00000000 ____D () C:\FRST
    2014-05-19 06:01 - 2014-05-19 06:02 - 02067456 _____ (Farbar) C:\Users\Sam\Downloads\FRST64.exe
    2014-05-19 05:51 - 2014-05-19 05:51 - 00004360 _____ () C:\Users\Sam\Desktop\AdwCleaner[S1].txt
    2014-05-19 05:33 - 2014-05-19 05:34 - 01328723 _____ () C:\Users\Sam\Downloads\AdwCleaner.exe
    2014-05-19 05:21 - 2014-05-19 05:45 - 00001126 _____ () C:\Windows\PFRO.log
    2014-05-19 05:16 - 2014-05-19 05:16 - 00448512 _____ (OldTimer Tools) C:\Users\Sam\Desktop\TFC.exe
    2014-05-19 04:53 - 2014-05-19 04:53 - 27769568 _____ (Microsoft Corporation) C:\Users\Sam\Downloads\Windows-KB890830-x64-V5.12.exe
    2014-05-19 04:39 - 2014-05-19 08:12 - 00000000 ____D () C:\Users\Sam\AppData\Local\ID Vault
    2014-05-19 04:39 - 2014-05-19 04:39 - 00000000 ____D () C:\Users\Sam\AppData\Local\White_Sky,_Inc
    2014-05-19 04:39 - 2014-05-19 04:39 - 00000000 ____D () C:\ProgramData\IsolatedStorage
    2014-05-19 04:38 - 2014-05-22 20:11 - 00000000 ____D () C:\Users\Sam\AppData\Roaming\ID Vault
    2014-05-19 04:38 - 2014-05-19 04:38 - 00049752 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\AntiLog64.sys
    2014-05-19 04:38 - 2014-05-19 04:38 - 00000000 ____D () C:\Windows\SysWOW64\ZALSDK_uninst
    2014-05-19 04:38 - 2014-05-19 04:38 - 00000000 ____D () C:\Users\Sam\AppData\Local\Zemana
    2014-05-19 04:38 - 2014-03-20 12:07 - 11603256 _____ (Zemana Ltd.) C:\Windows\SysWOW64\ZALSDKCore.dll
    2014-05-19 04:37 - 2014-05-19 04:39 - 00000000 ____D () C:\Program Files (x86)\Constant Guard Protection Suite
    2014-05-19 04:37 - 2014-05-19 04:37 - 00002275 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Constant Guard.lnk
    2014-05-19 04:37 - 2014-05-19 04:37 - 00002263 _____ () C:\Users\Public\Desktop\Constant Guard.lnk
    2014-05-19 04:37 - 2014-05-19 04:37 - 00000000 ____D () C:\ProgramData\White Sky, Inc
    2014-05-19 04:36 - 2014-05-19 04:36 - 19928392 _____ (White Sky, Inc.) C:\Users\Sam\Downloads\constantguard.exe
    2014-05-19 04:29 - 2014-05-19 04:29 - 00921512 _____ (Oracle Corporation) C:\Users\Sam\Downloads\chromeinstall-7u55.exe
    2014-05-18 16:25 - 2014-05-18 16:25 - 00007597 _____ () C:\Windows\IE11_main.log
    2014-05-18 16:25 - 2014-05-18 16:25 - 00000000 ___HD () C:\Windows\msdownld.tmp
    2014-05-18 16:24 - 2014-05-18 16:24 - 58080904 _____ (Microsoft Corporation) C:\Users\Sam\Downloads\EIE11_EN-US_WOL_WIN764.EXE
    2014-05-18 14:45 - 2014-05-18 14:47 - 13829304 _____ (Microsoft Corporation) C:\Users\Sam\Downloads\mseinstall.exe
    2014-05-18 12:53 - 2014-05-18 12:54 - 00380416 _____ () C:\Users\Sam\Downloads\tzipdven.exe
    2014-05-18 12:51 - 2014-05-18 12:52 - 00688992 ____R (Swearware) C:\Users\Sam\Downloads\dds.scr
    2014-05-18 12:29 - 2014-05-18 12:29 - 00000259 _____ () C:\Users\Sam\Documents\Malwarebytes Update File 18may14.txt
    2014-05-17 21:04 - 2014-05-17 21:04 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-05-17 21:04 - 2014-05-17 21:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-05-17 21:04 - 2014-05-17 21:04 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-05-17 21:04 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2014-05-17 21:04 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2014-05-17 21:04 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2014-05-17 12:10 - 2014-05-22 20:01 - 00001008 _____ () C:\Windows\setupact.log
    2014-05-17 12:10 - 2014-05-17 12:10 - 00000000 _____ () C:\Windows\setuperr.log
    2014-05-17 07:23 - 2014-05-17 07:23 - 00000000 ____D () C:\Users\Sam\AppData\Roaming\Tific
    2014-05-17 07:18 - 2014-05-17 07:18 - 00000000 ____D () C:\Users\Sam\AppData\Local\Symantec
    2014-05-17 06:33 - 2014-05-17 06:33 - 00000000 ____D () C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
    2014-05-17 06:31 - 2014-05-17 06:31 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
    2014-05-17 05:43 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
    2014-05-17 05:37 - 2014-05-19 05:44 - 00000000 ____D () C:\AdwCleaner
    2014-05-16 20:42 - 2014-05-17 10:57 - 00000000 ____D () C:\ProgramData\Sophos
    2014-05-16 12:57 - 2014-05-16 12:58 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys
    2014-05-16 12:45 - 2014-05-19 08:35 - 00003332 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2524037534-3531981673-270931832-1000
    2014-05-16 12:45 - 2014-05-19 08:35 - 00003194 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2524037534-3531981673-270931832-1000
    2014-05-16 12:09 - 2014-05-22 20:10 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-05-16 09:48 - 2014-05-17 16:15 - 00000000 ____D () C:\Users\Sam\AppData\Roaming\Ezxain
    2014-05-16 05:49 - 2014-05-17 16:15 - 00000000 ____D () C:\Users\Sam\AppData\Roaming\Exupmea
    2014-05-16 05:16 - 2014-05-16 05:16 - 06956094 ____R () C:\Users\Sam\Desktop\~ofC92 Backup_2014-05-16_051643.mbf
    2014-05-16 04:55 - 2014-05-17 16:14 - 00000000 ____D () C:\Users\Sam\AppData\Roaming\Hodouv
    2014-05-15 17:44 - 2014-05-17 16:49 - 00000000 ____D () C:\Users\Sam\AppData\Roaming\Polamur
    2014-05-15 09:01 - 2014-05-15 08:56 - 00019723 _____ () C:\Users\Sam\Documents\hijackthis.log
    2014-05-15 08:42 - 2014-05-15 08:42 - 01402880 _____ () C:\Users\Sam\Downloads\HiJackThis.msi
    2014-05-15 06:35 - 2014-05-15 06:35 - 00012326 _____ () C:\Users\Sam\AppData\Local\nahbbowa
    2014-05-15 06:34 - 2014-05-16 10:43 - 00000000 ____D () C:\Users\Sam\AppData\Roaming\Odyrro
    2014-05-15 06:34 - 2014-05-15 06:34 - 00068314 _____ () C:\Users\Sam\AppData\Local\tvchovsh
    2014-05-15 06:32 - 2014-05-15 06:32 - 00650598 _____ () C:\Users\Sam\AppData\Local\evtgngmx
    2014-05-15 06:22 - 2014-05-22 20:02 - 00003354 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2524037534-3531981673-270931832-1000
    2014-05-15 06:22 - 2014-05-22 20:02 - 00003216 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2524037534-3531981673-270931832-1000
    2014-05-14 03:06 - 2014-05-06 00:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-05-14 03:06 - 2014-05-06 00:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-05-14 03:06 - 2014-05-05 23:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2014-05-14 03:06 - 2014-05-05 23:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2014-05-14 03:06 - 2014-05-05 23:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2014-05-14 03:06 - 2014-05-05 22:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2014-05-14 02:28 - 2014-05-09 02:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2014-05-14 02:28 - 2014-05-09 02:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2014-05-14 02:28 - 2014-03-24 22:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
    2014-05-14 02:28 - 2014-03-24 22:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2014-05-14 02:27 - 2014-04-11 22:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2014-05-14 02:27 - 2014-04-11 22:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2014-05-14 02:27 - 2014-04-11 22:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2014-05-14 02:27 - 2014-04-11 22:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2014-05-14 02:27 - 2014-04-11 22:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2014-05-14 02:27 - 2014-04-11 22:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2014-05-14 02:27 - 2014-04-11 22:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2014-05-14 02:27 - 2014-04-11 22:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2014-05-14 02:27 - 2014-04-11 22:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2014-05-14 02:27 - 2014-03-04 05:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2014-05-14 02:27 - 2014-03-04 05:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2014-05-14 02:27 - 2014-03-04 05:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
    2014-05-14 02:27 - 2014-03-04 05:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
    2014-05-14 02:27 - 2014-03-04 05:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2014-05-14 02:27 - 2014-03-04 05:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2014-05-14 02:27 - 2014-03-04 05:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2014-05-14 02:27 - 2014-03-04 05:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2014-05-14 02:27 - 2014-03-04 05:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
    2014-05-14 02:27 - 2014-03-04 05:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
    2014-05-14 02:27 - 2014-03-04 05:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
    2014-05-14 02:27 - 2014-03-04 05:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
    2014-05-14 02:27 - 2014-03-04 05:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
    2014-05-14 02:27 - 2014-03-04 05:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
    2014-05-14 02:27 - 2014-03-04 05:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
    2014-05-14 02:27 - 2014-03-04 05:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2014-05-14 02:27 - 2014-03-04 05:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2014-05-14 02:27 - 2014-03-04 05:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2014-05-14 02:27 - 2014-03-04 05:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2014-05-14 02:27 - 2014-03-04 05:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
    2014-05-14 02:27 - 2014-03-04 05:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2014-05-14 02:27 - 2014-03-04 05:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2014-05-14 02:27 - 2014-03-04 05:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2014-05-14 02:27 - 2014-03-04 05:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2014-05-14 02:27 - 2014-03-04 05:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
    2014-05-14 02:27 - 2014-03-04 05:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
    2014-05-14 02:27 - 2014-03-04 05:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
    2014-05-14 02:27 - 2014-03-04 05:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
    2014-05-14 02:27 - 2014-03-04 05:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
    2014-05-14 02:27 - 2014-03-04 05:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
    2014-05-14 02:27 - 2014-03-04 05:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2014-05-14 02:27 - 2014-03-04 05:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2014-05-11 10:55 - 2014-05-11 10:55 - 00002177 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco Connect.lnk
    2014-05-11 10:55 - 2014-05-11 10:55 - 00000000 ____D () C:\Program Files (x86)\Cisco Systems
    2014-05-10 18:16 - 2014-05-10 18:16 - 00000000 ____D () C:\Users\Sam\AppData\Local\{DD8C26C5-1A5E-4BD0-AF9E-1297F211FB87}
    2014-05-09 11:40 - 2014-05-09 11:40 - 00003374 _____ () C:\Windows\System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2524037534-3531981673-270931832-1000
    2014-05-03 07:51 - 2014-05-22 20:10 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2524037534-3531981673-270931832-1000UA.job
    2014-05-03 07:51 - 2014-05-22 20:09 - 00000848 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2524037534-3531981673-270931832-1000Core.job
    2014-05-03 07:51 - 2014-05-07 20:04 - 00003866 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2524037534-3531981673-270931832-1000UA
    2014-05-03 07:51 - 2014-05-07 20:04 - 00003470 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2524037534-3531981673-270931832-1000Core
    2014-05-03 07:51 - 2014-05-03 07:51 - 00000000 ____D () C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
    2014-05-03 07:49 - 2014-05-03 07:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
    2014-05-02 06:20 - 2014-05-14 03:23 - 00000000 ___SD () C:\Windows\system32\CompatTel
    2014-04-23 04:20 - 2014-04-23 04:20 - 00000000 __SHD () C:\Users\Sam\AppData\Local\EmieUserList
    2014-04-23 04:20 - 2014-04-23 04:20 - 00000000 __SHD () C:\Users\Sam\AppData\Local\EmieSiteList

    ==================== One Month Modified Files and Folders =======

    2014-05-23 09:57 - 2014-05-19 06:10 - 00001021 _____ () C:\Users\Sam\Desktop\FRST.txt
    2014-05-23 09:57 - 2014-05-19 06:02 - 00000000 ____D () C:\FRST
    2014-05-23 08:45 - 2014-05-23 08:43 - 00000000 ____D () C:\Users\Sam\Desktop\New folder
    2014-05-23 08:37 - 2014-05-23 08:48 - 02067456 _____ (Farbar) C:\Users\Sam\Desktop\FRST64.exe
    2014-05-23 08:35 - 2014-05-23 08:48 - 01326389 _____ () C:\Users\Sam\Desktop\AdwCleaner.exe
    2014-05-23 08:32 - 2011-03-01 21:21 - 01138018 _____ () C:\Windows\WindowsUpdate.log
    2014-05-23 08:25 - 2012-12-17 18:28 - 00000000 ____D () C:\Users\Sam\.gimp-2.8
    2014-05-22 20:12 - 2009-07-14 00:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-05-22 20:12 - 2009-07-14 00:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-05-22 20:11 - 2014-05-19 04:38 - 00000000 ____D () C:\Users\Sam\AppData\Roaming\ID Vault
    2014-05-22 20:10 - 2014-05-16 12:09 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-05-22 20:10 - 2014-05-03 07:51 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2524037534-3531981673-270931832-1000UA.job
    2014-05-22 20:09 - 2014-05-03 07:51 - 00000848 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2524037534-3531981673-270931832-1000Core.job
    2014-05-22 20:07 - 2011-06-26 19:55 - 00003910 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{D23119A3-D0AD-4491-86FE-56FC887310EE}
    2014-05-22 20:06 - 2013-12-22 18:17 - 00000000 ____D () C:\Users\Sam\AppData\Roaming\WebStorage
    2014-05-22 20:06 - 2012-03-18 10:17 - 00000000 ____D () C:\Users\Sam\AppData\Local\Deployment
    2014-05-22 20:06 - 2011-05-05 11:59 - 00000000 ____D () C:\Windows\System32\Tasks\NCH Swift Sound
    2014-05-22 20:02 - 2014-05-15 06:22 - 00003354 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2524037534-3531981673-270931832-1000
    2014-05-22 20:02 - 2014-05-15 06:22 - 00003216 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2524037534-3531981673-270931832-1000
    2014-05-22 20:02 - 2012-08-10 16:46 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-05-22 20:01 - 2014-05-17 12:10 - 00001008 _____ () C:\Windows\setupact.log
    2014-05-22 20:01 - 2013-10-10 01:52 - 00000490 _____ () C:\Windows\Tasks\ParetoLogic Update Version3 Startup Task.job
    2014-05-22 20:01 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-05-19 08:45 - 2011-08-15 20:40 - 00000000 ____D () C:\Windows\Minidump
    2014-05-19 08:45 - 2011-03-02 00:32 - 00336125 ____N () C:\Windows\Minidump\051914-51932-01.dmp
    2014-05-19 08:35 - 2014-05-16 12:45 - 00003332 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2524037534-3531981673-270931832-1000
    2014-05-19 08:35 - 2014-05-16 12:45 - 00003194 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2524037534-3531981673-270931832-1000
    2014-05-19 08:12 - 2014-05-19 04:39 - 00000000 ____D () C:\Users\Sam\AppData\Local\ID Vault
    2014-05-19 07:30 - 2012-08-10 16:46 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-05-19 06:10 - 2014-05-19 06:10 - 00057612 _____ () C:\Users\Sam\Desktop\Addition.txt
    2014-05-19 06:08 - 2014-05-19 06:06 - 00057612 _____ () C:\Users\Sam\Downloads\Addition.txt
    2014-05-19 06:08 - 2014-05-19 06:03 - 00068428 _____ () C:\Users\Sam\Downloads\FRST.txt
    2014-05-19 06:02 - 2014-05-19 06:01 - 02067456 _____ (Farbar) C:\Users\Sam\Downloads\FRST64.exe
    2014-05-19 05:51 - 2014-05-19 05:51 - 00004360 _____ () C:\Users\Sam\Desktop\AdwCleaner[S1].txt
    2014-05-19 05:45 - 2014-05-19 05:21 - 00001126 _____ () C:\Windows\PFRO.log
    2014-05-19 05:44 - 2014-05-17 05:37 - 00000000 ____D () C:\AdwCleaner
    2014-05-19 05:38 - 2011-06-05 07:21 - 00000000 ____D () C:\Users\Sam\AppData\Local\CrashDumps
    2014-05-19 05:34 - 2014-05-19 05:33 - 01328723 _____ () C:\Users\Sam\Downloads\AdwCleaner.exe
    2014-05-19 05:26 - 2011-05-02 16:09 - 00106480 _____ () C:\Users\Sam\AppData\Local\GDIPFONTCACHEV1.DAT
    2014-05-19 05:16 - 2014-05-19 05:16 - 00448512 _____ (OldTimer Tools) C:\Users\Sam\Desktop\TFC.exe
    2014-05-19 04:53 - 2014-05-19 04:53 - 27769568 _____ (Microsoft Corporation) C:\Users\Sam\Downloads\Windows-KB890830-x64-V5.12.exe
    2014-05-19 04:39 - 2014-05-19 04:39 - 00000000 ____D () C:\Users\Sam\AppData\Local\White_Sky,_Inc
    2014-05-19 04:39 - 2014-05-19 04:39 - 00000000 ____D () C:\ProgramData\IsolatedStorage
    2014-05-19 04:39 - 2014-05-19 04:37 - 00000000 ____D () C:\Program Files (x86)\Constant Guard Protection Suite
    2014-05-19 04:38 - 2014-05-19 04:38 - 00049752 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\AntiLog64.sys
    2014-05-19 04:38 - 2014-05-19 04:38 - 00000000 ____D () C:\Windows\SysWOW64\ZALSDK_uninst
    2014-05-19 04:38 - 2014-05-19 04:38 - 00000000 ____D () C:\Users\Sam\AppData\Local\Zemana
    2014-05-19 04:38 - 2011-12-17 17:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-05-19 04:37 - 2014-05-19 04:37 - 00002275 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Constant Guard.lnk
    2014-05-19 04:37 - 2014-05-19 04:37 - 00002263 _____ () C:\Users\Public\Desktop\Constant Guard.lnk
    2014-05-19 04:37 - 2014-05-19 04:37 - 00000000 ____D () C:\ProgramData\White Sky, Inc
    2014-05-19 04:37 - 2009-07-13 23:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
    2014-05-19 04:36 - 2014-05-19 04:36 - 19928392 _____ (White Sky, Inc.) C:\Users\Sam\Downloads\constantguard.exe
    2014-05-19 04:29 - 2014-05-19 04:29 - 00921512 _____ (Oracle Corporation) C:\Users\Sam\Downloads\chromeinstall-7u55.exe
    2014-05-18 20:05 - 2011-05-08 17:38 - 00000000 ____D () C:\ProgramData\DVD Shrink
    2014-05-18 16:35 - 2011-03-02 00:32 - 00336125 ____N () C:\Windows\Minidump\051814-68796-01.dmp
    2014-05-18 16:25 - 2014-05-18 16:25 - 00007597 _____ () C:\Windows\IE11_main.log
    2014-05-18 16:25 - 2014-05-18 16:25 - 00000000 ___HD () C:\Windows\msdownld.tmp
    2014-05-18 16:24 - 2014-05-18 16:24 - 58080904 _____ (Microsoft Corporation) C:\Users\Sam\Downloads\EIE11_EN-US_WOL_WIN764.EXE
    2014-05-18 15:07 - 2011-03-02 00:32 - 00336125 ____N () C:\Windows\Minidump\051814-45567-01.dmp
    2014-05-18 14:47 - 2014-05-18 14:45 - 13829304 _____ (Microsoft Corporation) C:\Users\Sam\Downloads\mseinstall.exe
    2014-05-18 12:54 - 2014-05-18 12:53 - 00380416 _____ () C:\Users\Sam\Downloads\tzipdven.exe
    2014-05-18 12:52 - 2014-05-18 12:51 - 00688992 ____R (Swearware) C:\Users\Sam\Downloads\dds.scr
    2014-05-18 12:29 - 2014-05-18 12:29 - 00000259 _____ () C:\Users\Sam\Documents\Malwarebytes Update File 18may14.txt
    2014-05-17 22:00 - 2011-09-03 11:12 - 00000973 _____ () C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\magicJack.lnk
    2014-05-17 22:00 - 2011-09-03 11:12 - 00000000 ____D () C:\Users\Sam\AppData\Roaming\mjusbsp
    2014-05-17 21:04 - 2014-05-17 21:04 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-05-17 21:04 - 2014-05-17 21:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-05-17 21:04 - 2014-05-17 21:04 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-05-17 20:49 - 2011-05-02 17:57 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
    2014-05-17 20:36 - 2011-11-30 17:46 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
    2014-05-17 20:34 - 2013-05-14 20:38 - 00305664 ___SH () C:\Users\Sam\Desktop\Thumbs.db
    2014-05-17 17:02 - 2011-03-02 00:32 - 00336125 ____N () C:\Windows\Minidump\051714-61058-01.dmp
    2014-05-17 16:49 - 2014-05-15 17:44 - 00000000 ____D () C:\Users\Sam\AppData\Roaming\Polamur
    2014-05-17 16:41 - 2011-03-02 00:32 - 00336125 ____N () C:\Windows\Minidump\051714-52151-01.dmp
    2014-05-17 16:15 - 2014-05-16 09:48 - 00000000 ____D () C:\Users\Sam\AppData\Roaming\Ezxain
    2014-05-17 16:15 - 2014-05-16 05:49 - 00000000 ____D () C:\Users\Sam\AppData\Roaming\Exupmea
    2014-05-17 16:14 - 2014-05-16 04:55 - 00000000 ____D () C:\Users\Sam\AppData\Roaming\Hodouv
    2014-05-17 14:27 - 2012-02-01 19:24 - 00003174 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForSam
    2014-05-17 14:27 - 2012-02-01 19:24 - 00000324 _____ () C:\Windows\Tasks\HPCeeScheduleForSam.job
    2014-05-17 13:11 - 2012-09-28 06:06 - 00007599 _____ () C:\Users\Sam\AppData\Local\Resmon.ResmonCfg
    2014-05-17 13:06 - 2013-06-10 04:31 - 00000000 ____D () C:\Users\Sam\Desktop\AntiViral
    2014-05-17 12:10 - 2014-05-17 12:10 - 00000000 _____ () C:\Windows\setuperr.log
    2014-05-17 11:53 - 2011-05-02 17:59 - 00000000 ____D () C:\ProgramData\Recovery
    2014-05-17 10:57 - 2014-05-16 20:42 - 00000000 ____D () C:\ProgramData\Sophos
    2014-05-17 07:23 - 2014-05-17 07:23 - 00000000 ____D () C:\Users\Sam\AppData\Roaming\Tific
    2014-05-17 07:21 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
    2014-05-17 07:18 - 2014-05-17 07:18 - 00000000 ____D () C:\Users\Sam\AppData\Local\Symantec
    2014-05-17 06:33 - 2014-05-17 06:33 - 00000000 ____D () C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
    2014-05-17 06:31 - 2014-05-17 06:31 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
    2014-05-16 12:58 - 2014-05-16 12:57 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys
    2014-05-16 12:23 - 2009-07-24 15:22 - 00000000 ____D () C:\Windows\Panther
    2014-05-16 12:09 - 2011-11-16 22:39 - 00000000 ____D () C:\Users\Sam\AppData\Roaming\Malwarebytes
    2014-05-16 12:09 - 2011-11-16 22:38 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-05-16 10:43 - 2014-05-15 06:34 - 00000000 ____D () C:\Users\Sam\AppData\Roaming\Odyrro
    2014-05-16 05:16 - 2014-05-16 05:16 - 06956094 ____R () C:\Users\Sam\Desktop\~ofC92 Backup_2014-05-16_051643.mbf
    2014-05-16 05:16 - 2011-05-04 06:46 - 00000000 ____D () C:\Users\Sam\Desktop\Money Backups
    2014-05-15 20:26 - 2013-04-03 13:04 - 00000000 ____D () C:\ProgramData\pdf995
    2014-05-15 20:26 - 2011-12-06 08:04 - 00000000 ____D () C:\ProgramData\Real
    2014-05-15 20:26 - 2011-05-02 16:10 - 00000000 ___RD () C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    2014-05-15 20:26 - 2011-03-01 21:56 - 00000000 ____D () C:\ProgramData\Norton
    2014-05-15 20:26 - 2011-03-01 21:42 - 00000000 ____D () C:\ProgramData\RoxioNow
    2014-05-15 20:26 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration
    2014-05-15 16:28 - 2011-05-02 16:01 - 00000000 ____D () C:\Users\Sam
    2014-05-15 08:56 - 2014-05-15 09:01 - 00019723 _____ () C:\Users\Sam\Documents\hijackthis.log
    2014-05-15 08:42 - 2014-05-15 08:42 - 01402880 _____ () C:\Users\Sam\Downloads\HiJackThis.msi
    2014-05-15 06:50 - 2012-10-25 09:58 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
    2014-05-15 06:35 - 2014-05-15 06:35 - 00012326 _____ () C:\Users\Sam\AppData\Local\nahbbowa
    2014-05-15 06:34 - 2014-05-15 06:34 - 00068314 _____ () C:\Users\Sam\AppData\Local\tvchovsh
    2014-05-15 06:32 - 2014-05-15 06:32 - 00650598 _____ () C:\Users\Sam\AppData\Local\evtgngmx
    2014-05-14 06:37 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
    2014-05-14 03:27 - 2011-05-02 16:10 - 00000000 ___RD () C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
    2014-05-14 03:23 - 2014-05-02 06:20 - 00000000 ___SD () C:\Windows\system32\CompatTel
    2014-05-14 03:06 - 2013-08-01 20:52 - 00000000 ____D () C:\Windows\system32\MRT
    2014-05-13 20:58 - 2011-10-27 11:52 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
    2014-05-13 20:58 - 2011-05-03 21:08 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
    2014-05-13 07:04 - 2011-03-01 21:43 - 00000000 ____D () C:\ProgramData\PDFC
    2014-05-12 15:17 - 2011-05-02 20:54 - 00000000 ____D () C:\Users\Sam\Calibre Library
    2014-05-12 14:30 - 2013-11-30 18:34 - 00000000 ____D () C:\Users\Sam\AppData\Local\calibre-cache
    2014-05-12 10:20 - 2011-05-02 20:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
    2014-05-12 10:20 - 2011-05-02 20:54 - 00000000 ____D () C:\Program Files (x86)\Calibre2
    2014-05-11 20:31 - 2013-02-24 06:09 - 00000000 ____D () C:\Users\Sam\Documents\My Kindle Content
    2014-05-11 20:31 - 2011-11-27 18:24 - 00000000 ____D () C:\Users\Sam\AppData\Roaming\SoftGrid Client
    2014-05-11 14:41 - 2012-04-10 17:30 - 00068096 _____ () C:\Users\Sam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2014-05-11 10:55 - 2014-05-11 10:55 - 00002177 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco Connect.lnk
    2014-05-11 10:55 - 2014-05-11 10:55 - 00000000 ____D () C:\Program Files (x86)\Cisco Systems
    2014-05-10 18:16 - 2014-05-10 18:16 - 00000000 ____D () C:\Users\Sam\AppData\Local\{DD8C26C5-1A5E-4BD0-AF9E-1297F211FB87}
    2014-05-10 18:16 - 2011-05-19 13:23 - 00000000 ____D () C:\Users\Sam\AppData\Local\Windows Live
    2014-05-10 04:09 - 2011-05-03 08:18 - 00000384 _____ () C:\Windows\Tasks\FileCure Default.job
    2014-05-09 11:40 - 2014-05-09 11:40 - 00003374 _____ () C:\Windows\System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2524037534-3531981673-270931832-1000
    2014-05-09 02:14 - 2014-05-14 02:28 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2014-05-09 02:11 - 2014-05-14 02:28 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2014-05-07 20:04 - 2014-05-03 07:51 - 00003866 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2524037534-3531981673-270931832-1000UA
    2014-05-07 20:04 - 2014-05-03 07:51 - 00003470 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2524037534-3531981673-270931832-1000Core
    2014-05-07 10:25 - 2012-08-10 16:46 - 00003888 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2014-05-07 10:25 - 2012-08-10 16:46 - 00003636 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2014-05-06 00:40 - 2014-05-14 03:06 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-05-06 00:17 - 2014-05-14 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-05-05 23:25 - 2014-05-14 03:06 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2014-05-05 23:07 - 2014-05-14 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2014-05-05 23:00 - 2014-05-14 03:06 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2014-05-05 22:10 - 2014-05-14 03:06 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2014-05-04 17:12 - 2011-05-06 06:50 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2014-05-03 07:51 - 2014-05-03 07:51 - 00000000 ____D () C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
    2014-05-03 07:51 - 2012-08-10 16:46 - 00000000 ____D () C:\Users\Sam\AppData\Local\Google
    2014-05-03 07:49 - 2014-05-03 07:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
    2014-05-03 07:49 - 2012-08-10 16:46 - 00000000 ____D () C:\Program Files (x86)\Google
    2014-05-03 07:44 - 2012-07-06 17:26 - 00000000 ____D () C:\Users\Sam\AppData\Local\Adobe
    2014-05-03 07:44 - 2012-05-10 04:55 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2014-05-03 07:44 - 2011-05-15 19:28 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2014-04-27 17:07 - 2011-06-02 05:04 - 00003214 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForSAM-HP$
    2014-04-27 17:07 - 2011-06-02 05:04 - 00000338 _____ () C:\Windows\Tasks\HPCeeScheduleForSAM-HP$.job
    2014-04-23 04:20 - 2014-04-23 04:20 - 00000000 __SHD () C:\Users\Sam\AppData\Local\EmieUserList
    2014-04-23 04:20 - 2014-04-23 04:20 - 00000000 __SHD () C:\Users\Sam\AppData\Local\EmieSiteList
    2014-04-23 04:05 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

    Some content of TEMP:
    ====================
    C:\Users\Sam\AppData\Local\Temp\Quarantine.exe
    C:\Users\Sam\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


    LastRegBack: 2014-05-19 07:53

    ==================== End Of Log ============================
     
  11. sjdomin

    sjdomin Thread Starter

    Joined:
    Feb 20, 2005
    Messages:
    112
    This is the only thing that showed up after opening FRST and clicking Fix
    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-05-2014
    Ran by Sam at 2014-05-23 11:03:25 Run:2
    Running from C:\Users\Sam\Desktop
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    C:\$Recycle.Bin\S-1-5-21-2524037534-3531981673-270931832-1000\$c59173e43f54fc470c3e7eea5570f4fb
    *****************

    "C:\$Recycle.Bin\S-1-5-21-2524037534-3531981673-270931832-1000\$c59173e43f54fc470c3e7eea5570f4fb" => File/Directory not found.

    ==== End of Fixlog ====
    There are still many Malware popups. They are all of the form
    "Malwarebytes has blocked a malicious website":
    Domain (something)-search.com
    IP 192.162.19.34
    Port 49189 (increases by one after each popup)
    Type Outbound
    Process iexplore.exe
    Using TaskManager to End Process for iexplore.exe gives temporary relief but it eventually starts up again.
    I intend to uninstall IExplore.
    I will also uninstall Norton
     
  12. sjdomin

    sjdomin Thread Starter

    Joined:
    Feb 20, 2005
    Messages:
    112
    AdwRescan Report
    # AdwCleaner v3.210 - Report created 23/05/2014 at 13:19:55
    # Updated 19/05/2014 by Xplode
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Username : Sam - SAM-HP
    # Running from : C:\Users\Sam\Desktop\AdwCleaner.exe
    # Option : Scan

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****


    ***** [ Browsers ] *****

    -\\ Internet Explorer v0.0.0.0


    -\\ Mozilla Firefox v21.0 (en-US)

    [ File : C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\72khpq1c.default\prefs.js ]


    -\\ Google Chrome v34.0.1847.137

    [ File : C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\preferences ]


    *************************

    AdwCleaner[R0].txt - [18600 octets] - [17/05/2014 05:37:35]
    AdwCleaner[R1].txt - [4231 octets] - [19/05/2014 05:34:42]
    AdwCleaner[R2].txt - [1268 octets] - [23/05/2014 13:09:59]
    AdwCleaner[R3].txt - [921 octets] - [23/05/2014 13:19:55]
    AdwCleaner[S0].txt - [17060 octets] - [17/05/2014 05:51:53]
    AdwCleaner[S1].txt - [4360 octets] - [19/05/2014 05:43:46]
    AdwCleaner[S2].txt - [1333 octets] - [23/05/2014 13:11:39]

    ########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [1161 octets] ##########
    Norton Uninstalled
    I Explorer "Turned Off" via Control Panel/ Turn Windows Features Off/On
     
  13. Mark1956

    Mark1956 Malware Specialist

    Joined:
    May 7, 2011
    Messages:
    14,142
    DO NOT remove Iexplore.exe, I doubt the system will let you and if you take it out Internet Explorer will not run and that will have a knock on effect with Windows Update.

    Give me a chance to do a full review of the logs and we shall find what is causing the problem and fix it.

    I didn't ask you to post another log from FRST, but that does confirm the Rootkit has been removed, you also ran the fix twice so the log you posted from the 2nd run shows the infection was not found as you will have already removed it with the first run.
     
  14. Mark1956

    Mark1956 Malware Specialist

    Joined:
    May 7, 2011
    Messages:
    14,142
    I found a very suspicious run key, doing a search for the process only gave this thread as a result so it is most probably a remnant of the infection.

    We now need to run FRST again to apply another fix. This will remove a lot of redundant files and Tasks, including all the Norton drivers which have been left behind, did you run the clean up tool I posted the link for as there should not have been that many.

    When you have done this please post the fixlog and then run the second scan below, this should show us what process is trying to make a connection on the port number you have quoted.

    Download the attachment at the bottom of this post by clicking on it and save it in the same location as FRST.

    • Launch FRST by double clicking on it.
    • When the FRST window opens click on the Fix button just once and wait.
    • The tool will make a log in the same location the program is run from (Fixlog.txt) please Copy & Paste it into your next reply.


    =================================

    When done please run this and post the log, have the PC running in Normal mode.

    Please click on this link: TCPiew When the page opens click on Download TCPView to start the download and save it to your desktop.

    • The program does not need to be installed, just extract it from the .zip file. (Right click on the file and select Extract All, then select the location to extract to)
    • Several files will appear, double click on the one showing the three PC monitors with Tcpview below it. (Don't confuse it with Tcpvcon which has the same icon).
    • If the User Account Control window pops up click on Yes.
    • When the window opens click on File and select Save as, give it any name you like and save it to your Desktop.
    • Attach it to you next post as follows:
    • Below the Message Box click on Go Advanced. Then scroll down until you see a button, Manage Attachments. Click on that and a new window opens.
    • Click on the Browse button, find the file you saved and click on it so it becomes highlighted and click on Open.
    • Now click on the Upload button. Wait for the Upload to complete, it will appear just below the Browse box.
    • When done, click on the Close this window button at the top of the page.
    • Enter your message-text in the message box, then click on Submit Reply.
     

    Attached Files:

  15. sjdomin

    sjdomin Thread Starter

    Joined:
    Feb 20, 2005
    Messages:
    112
    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-05-2014
    Ran by Sam (administrator) on SAM-HP on 23-05-2014 15:10:45
    Running from C:\Users\Sam\Desktop
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
    Internet Explorer Version 8
    Boot Mode: Normal

    The only official download link for FRST:
    Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
    Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
    See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (AMD) C:\Windows\System32\atiesrxx.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    () C:\Program Files\Acer\AcerSync\AcerSyncSystemService.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Ellora Assets Corp.) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
    (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    (White Sky, Inc.) C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe
    (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
    (PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
    () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    (Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
    (Memeo) C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
    (Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
    () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    (Google Inc.) C:\Users\Sam\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe
    (White Sky, Inc.) C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
    (Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
    (Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (SanDisk Corporation) C:\Program Files (x86)\SanDisk\SanDisk Media Manager\SanDiskMediaManager-Launcher.EXE
    (Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
    (ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.1.1.265\AsusWSPanel.exe
    (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
    (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
    (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe
    (Amazon Digital Services, LLC.) C:\Users\Sam\AppData\Local\Apps\2.0\A1K0M2BK.L7N\VPOE581B.4P1\amaz..tion_f2fa081ea2183235_0002.0004_9f25fd1982bf3008\AmazonCloudDrive.exe
    (Memeo) C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Sun Microsystems, Inc.) C:\Users\Sam\AppData\Local\Apps\2.0\A1K0M2BK.L7N\VPOE581B.4P1\amaz..tion_f2fa081ea2183235_0002.0004_9f25fd1982bf3008\LocalServiceJre\bin\AmazonCloudDriveW.exe
    () C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe
    (Memeo Inc.) C:\Program Files (x86)\Memeo\AutoBackup\MemeoUpdater.exe
    () C:\Program Files (x86)\ASUS\WebStorage\2.1.1.265\AsusWSService.exe
    (Axentra Corporation) C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
    (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
    (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE


    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [611896 2010-09-15] ()
    HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
    HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-05-12] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [664600 2010-09-28] (PDF Complete Inc)
    HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
    HKLM-x32\...\Run: [Memeo Instant Backup] => C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe [136416 2011-01-24] (Memeo Inc.)
    HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
    HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.1.1.265\AsusWSPanel.exe [5591872 2014-01-15] (ASUS Cloud Corporation)
    HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2013-10-10] (RealNetworks, Inc.)
    HKLM-x32\...\Run: [Seagate Dashboard] => C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe [79112 2011-06-01] ()
    HKLM-x32\...\Run: [Recordpad] => C:\Program Files (x86)\NCH Swift Sound\Recordpad\recordpad.exe [1314308 2011-05-06] (NCH Software)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
    HKLM-x32\...\Run: [AllShareAgent] => C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe [285072 2012-03-01] (Samsung Electronics Co., Ltd.)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
    HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-05-13] (Hewlett-Packard)
    HKU\S-1-5-21-2524037534-3531981673-270931832-1000\...\Run: [cdloader] => C:\Users\Sam\AppData\Roaming\mjusbsp\cdloader2.exe [50592 2012-02-01] (magicJack L.P.)
    HKU\S-1-5-21-2524037534-3531981673-270931832-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6563608 2014-02-16] (SUPERAntiSpyware)
    HKU\S-1-5-21-2524037534-3531981673-270931832-1000\...\Run: [GoogleChromeAutoLaunch_FD70E4195A4DE5E83920BD6414A71B17] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [841032 2014-05-07] (Google Inc.)
    HKU\S-1-5-21-2524037534-3531981673-270931832-1000\...\Run: [Google Update] => C:\Users\Sam\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-05-03] (Google Inc.)
    HKU\S-1-5-21-2524037534-3531981673-270931832-1000\...\Run: [Google+ Auto Backup] => C:\Users\Sam\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe [3701064 2014-03-26] (Google Inc.)
    HKU\S-1-5-21-2524037534-3531981673-270931832-1000\...\Run: [rulejwhq] => "C:\Users\Sam\AppData\Local\esxqeroq.exe"
    HKU\S-1-5-21-2524037534-3531981673-270931832-1000\...\Run: [ComcastAntispyClient] => "C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" /hide
    HKU\S-1-5-21-2524037534-3531981673-270931832-1000\...\MountPoints2: {e7d9a60b-74f6-11e0-aaf1-78acc098411b} - M:\ONSPCLCK.exe
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Constant Guard.lnk
    ShortcutTarget: Constant Guard.lnk -> C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe (White Sky, Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HRBlockDirect.lnk
    ShortcutTarget: HRBlockDirect.lnk -> C:\Program Files (x86)\HRBlockDirect\HRBlockDirect.exe (HR Block )
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SanDisk Media Manager.lnk
    ShortcutTarget: SanDisk Media Manager.lnk -> (No File)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
    ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish PictureMover.lnk
    ShortcutTarget: Snapfish PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
    Startup: C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Cloud Drive.appref-ms ()

    ==================== Internet (Whitelisted) ====================

    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/tt2/?cid=tbid05192014
    HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://xfinity.comcast.net/
    HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1me10IE11ENUS/WOL_WCP
    SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
    SearchScopes: HKLM-x32 - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
    SearchScopes: HKCU - {0FD7B4C5-178E-4258-8101-0242D4190EC6} URL = http://search.xfinity.com/?cat=web&con=toolbar&cid=xfstart_tech_search&q={searchTerms}
    SearchScopes: HKCU - {76E9350E-0392-9C19-F83A-99BC015260AF} URL = http://www.bing.com/search?q={searchTerms}&pc=Z039&form=ZGAIDF
    SearchScopes: HKCU - {858BFBD9-EE49-47E9-A1DD-CD2C5E43996B} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3244149
    SearchScopes: HKCU - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL =
    BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
    BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
    BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
    BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    BHO-x32: Constant Guard Protection Suite - {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.14.425.1\NativeBHO.dll (WhiteSky)
    BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
    BHO-x32: Freemake.YoutubeButton - {e9e8eb35-ff77-455d-b677-91e5e4fc06c2} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
    BHO-x32: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
    Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
    Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    DPF: HKLM-x32 {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
    Handler: lbxfile - {56831180-F115-11d2-B6AA-00104B2B9943} - No File
    Handler: lbxres - {24508F1B-9E94-40EE-9759-9AF5795ADF52} - No File
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
    Handler-x32: lbxfile - {56831180-F115-11d2-B6AA-00104B2B9943} - C:\Program Files (x86)\Libronix DLS\System\FileProt.dll (Libronix Corporation)
    Handler-x32: lbxres - {24508F1B-9E94-40EE-9759-9AF5795ADF52} - C:\Program Files (x86)\Libronix DLS\System\ResProt.dll (Libronix Corporation)
    Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 192.168.1.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\72khpq1c.default
    FF Homepage: hxxp://xfinity.comcast.net/
    FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll ()
    FF Plugin: @microsoft.com/GENUINE - disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
    FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKCU: @hulu.com/Hulu Desktop - C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll (Hulu LLC)
    FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Sam\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Sam\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Sam\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
    FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101772.dll (Amazon.com, Inc.)
    FF Extension: XFINITY Constant Guard Protection Suite - C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\72khpq1c.default\Extensions\[email protected] [2014-05-19]
    FF Extension: No Name - C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\72khpq1c.default\Extensions\temp [2014-05-19]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\
    FF Extension: Freemake Video Converter Plugin - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ []
    FF HKLM-x32\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\[email protected]\
    FF Extension: Freemake Video Downloader Plugin - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\[email protected]\ []
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\[email protected]\
    FF Extension: Freemake Youtube Download Button - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\[email protected]\ []
    FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
    FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
    FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
    FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-10-10]

    Chrome:
    =======
    CHR HomePage: hxxp://www.comcast.net/tt2/?cid=tbid05192014
    CHR Extension: (XFINITY Constant Guard Protection Suite) - C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\faknfdmfmhcmgphbfjhgmomfcihmocmp [2014-05-19]
    CHR Extension: (RealDownloader) - C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-05-17]
    CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2014-05-17]
    CHR Extension: (Google Wallet) - C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-17]
    CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Users\Sam\AppData\Roaming\DVDVideoSoft\DVDVideoSoftBrowserExtension.crx [2012-11-26]
    CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-04-09]

    ==================== Services (Whitelisted) =================

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2013-04-19] (SUPERAntiSpyware.com)
    R2 AcerSyncSystemService; C:\Program Files\Acer\AcerSync\AcerSyncSystemService.exe [81304 2011-06-16] ()
    R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2014-03-12] (Ellora Assets Corp.)
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
    R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
    R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
    R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
    R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1119768 2010-09-28] (PDF Complete Inc)
    R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
    R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
    R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1295416 2012-03-30] (Secunia)
    R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [681016 2012-03-30] (Secunia)

    ==================== Drivers (Whitelisted) ====================

    S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [31744 2012-07-20] (Google Inc)
    R1 AntiLog32; C:\Windows\system32\drivers\AntiLog64.sys [49752 2014-05-19] (Zemana Ltd.)
    S3 libusb0; C:\Windows\SysWOW64\drivers\libusb0.sys [21504 2011-10-07] (http://libusb-win32.sourceforge.net)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-05-23] (Malwarebytes Corporation)
    R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
    R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
    R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
    S3 OV550I; C:\Windows\System32\Drivers\ov550ivx.sys [196992 2008-02-22] (Omnivision Technologies, Inc.)
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    S3 SMIGrabber3C; C:\Windows\System32\Drivers\SmiUsbGrabber3C.sys [811520 2009-05-14] (Windows (R) Win 7 DDK provider)

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2014-05-23 15:09 - 2014-05-23 15:09 - 00005389 _____ () C:\Users\Sam\Desktop\fixlist.txt
    2014-05-23 15:00 - 2014-05-23 15:00 - 00003354 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2524037534-3531981673-270931832-1000
    2014-05-23 15:00 - 2014-05-23 15:00 - 00003216 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2524037534-3531981673-270931832-1000
    2014-05-23 13:26 - 2014-05-23 13:26 - 00001241 _____ () C:\Users\Sam\Desktop\AdwCleaner[R3].txt
    2014-05-23 08:48 - 2014-05-23 08:37 - 02067456 _____ (Farbar) C:\Users\Sam\Desktop\FRST64.exe
    2014-05-23 08:48 - 2014-05-23 08:35 - 01326389 _____ () C:\Users\Sam\Desktop\AdwCleaner.exe
    2014-05-23 08:43 - 2014-05-23 08:45 - 00000000 ____D () C:\Users\Sam\Desktop\New folder
    2014-05-19 06:10 - 2014-05-23 15:10 - 00027368 _____ () C:\Users\Sam\Desktop\FRST.txt
    2014-05-19 06:10 - 2014-05-19 06:10 - 00057612 _____ () C:\Users\Sam\Desktop\Addition.txt
    2014-05-19 06:06 - 2014-05-19 06:08 - 00057612 _____ () C:\Users\Sam\Downloads\Addition.txt
    2014-05-19 06:03 - 2014-05-19 06:08 - 00068428 _____ () C:\Users\Sam\Downloads\FRST.txt
    2014-05-19 06:02 - 2014-05-23 15:10 - 00000000 ____D () C:\FRST
    2014-05-19 06:01 - 2014-05-19 06:02 - 02067456 _____ (Farbar) C:\Users\Sam\Downloads\FRST64.exe
    2014-05-19 05:33 - 2014-05-19 05:34 - 01328723 _____ () C:\Users\Sam\Downloads\AdwCleaner.exe
    2014-05-19 05:21 - 2014-05-23 13:12 - 00253436 _____ () C:\Windows\PFRO.log
    2014-05-19 05:16 - 2014-05-19 05:16 - 00448512 _____ (OldTimer Tools) C:\Users\Sam\Desktop\TFC.exe
    2014-05-19 04:53 - 2014-05-19 04:53 - 27769568 _____ (Microsoft Corporation) C:\Users\Sam\Downloads\Windows-KB890830-x64-V5.12.exe
    2014-05-19 04:39 - 2014-05-19 08:12 - 00000000 ____D () C:\Users\Sam\AppData\Local\ID Vault
    2014-05-19 04:39 - 2014-05-19 04:39 - 00000000 ____D () C:\Users\Sam\AppData\Local\White_Sky,_Inc
    2014-05-19 04:39 - 2014-05-19 04:39 - 00000000 ____D () C:\ProgramData\IsolatedStorage
    2014-05-19 04:38 - 2014-05-23 15:02 - 00000000 ____D () C:\Users\Sam\AppData\Roaming\ID Vault
    2014-05-19 04:38 - 2014-05-19 04:38 - 00049752 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\AntiLog64.sys
    2014-05-19 04:38 - 2014-05-19 04:38 - 00000000 ____D () C:\Windows\SysWOW64\ZALSDK_uninst
    2014-05-19 04:38 - 2014-05-19 04:38 - 00000000 ____D () C:\Users\Sam\AppData\Local\Zemana
    2014-05-19 04:38 - 2014-03-20 12:07 - 11603256 _____ (Zemana Ltd.) C:\Windows\SysWOW64\ZALSDKCore.dll
    2014-05-19 04:37 - 2014-05-19 04:39 - 00000000 ____D () C:\Program Files (x86)\Constant Guard Protection Suite
    2014-05-19 04:37 - 2014-05-19 04:37 - 00002275 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Constant Guard.lnk
    2014-05-19 04:37 - 2014-05-19 04:37 - 00002263 _____ () C:\Users\Public\Desktop\Constant Guard.lnk
    2014-05-19 04:37 - 2014-05-19 04:37 - 00000000 ____D () C:\ProgramData\White Sky, Inc
    2014-05-19 04:36 - 2014-05-19 04:36 - 19928392 _____ (White Sky, Inc.) C:\Users\Sam\Downloads\constantguard.exe
    2014-05-19 04:29 - 2014-05-19 04:29 - 00921512 _____ (Oracle Corporation) C:\Users\Sam\Downloads\chromeinstall-7u55.exe
    2014-05-18 16:25 - 2014-05-18 16:25 - 00007597 _____ () C:\Windows\IE11_main.log
    2014-05-18 16:25 - 2014-05-18 16:25 - 00000000 ___HD () C:\Windows\msdownld.tmp
    2014-05-18 16:24 - 2014-05-18 16:24 - 58080904 _____ (Microsoft Corporation) C:\Users\Sam\Downloads\EIE11_EN-US_WOL_WIN764.EXE
    2014-05-18 14:45 - 2014-05-18 14:47 - 13829304 _____ (Microsoft Corporation) C:\Users\Sam\Downloads\mseinstall.exe
    2014-05-18 12:53 - 2014-05-18 12:54 - 00380416 _____ () C:\Users\Sam\Downloads\tzipdven.exe
    2014-05-18 12:51 - 2014-05-18 12:52 - 00688992 ____R (Swearware) C:\Users\Sam\Downloads\dds.scr
    2014-05-18 12:29 - 2014-05-18 12:29 - 00000259 _____ () C:\Users\Sam\Documents\Malwarebytes Update File 18may14.txt
    2014-05-17 21:04 - 2014-05-17 21:04 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-05-17 21:04 - 2014-05-17 21:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-05-17 21:04 - 2014-05-17 21:04 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-05-17 21:04 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2014-05-17 21:04 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2014-05-17 21:04 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2014-05-17 12:10 - 2014-05-23 14:55 - 00001400 _____ () C:\Windows\setupact.log
    2014-05-17 12:10 - 2014-05-17 12:10 - 00000000 _____ () C:\Windows\setuperr.log
    2014-05-17 07:23 - 2014-05-17 07:23 - 00000000 ____D () C:\Users\Sam\AppData\Roaming\Tific
    2014-05-17 07:18 - 2014-05-17 07:18 - 00000000 ____D () C:\Users\Sam\AppData\Local\Symantec
    2014-05-17 06:33 - 2014-05-17 06:33 - 00000000 ____D () C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
    2014-05-17 06:31 - 2014-05-17 06:31 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
    2014-05-17 05:43 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
    2014-05-17 05:37 - 2014-05-23 13:21 - 00000000 ____D () C:\AdwCleaner
    2014-05-16 20:42 - 2014-05-17 10:57 - 00000000 ____D () C:\ProgramData\Sophos
    2014-05-16 12:57 - 2014-05-16 12:58 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys
    2014-05-16 12:45 - 2014-05-23 10:53 - 00003332 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2524037534-3531981673-270931832-1000
    2014-05-16 12:45 - 2014-05-23 10:53 - 00003194 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2524037534-3531981673-270931832-1000
    2014-05-16 12:09 - 2014-05-23 14:59 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-05-16 09:48 - 2014-05-17 16:15 - 00000000 ____D () C:\Users\Sam\AppData\Roaming\Ezxain
    2014-05-16 05:49 - 2014-05-17 16:15 - 00000000 ____D () C:\Users\Sam\AppData\Roaming\Exupmea
    2014-05-16 05:16 - 2014-05-16 05:16 - 06956094 ____R () C:\Users\Sam\Desktop\~ofC92 Backup_2014-05-16_051643.mbf
    2014-05-16 04:55 - 2014-05-17 16:14 - 00000000 ____D () C:\Users\Sam\AppData\Roaming\Hodouv
    2014-05-15 17:44 - 2014-05-17 16:49 - 00000000 ____D () C:\Users\Sam\AppData\Roaming\Polamur
    2014-05-15 09:01 - 2014-05-15 08:56 - 00019723 _____ () C:\Users\Sam\Documents\hijackthis.log
    2014-05-15 08:42 - 2014-05-15 08:42 - 01402880 _____ () C:\Users\Sam\Downloads\HiJackThis.msi
    2014-05-15 06:35 - 2014-05-15 06:35 - 00012326 _____ () C:\Users\Sam\AppData\Local\nahbbowa
    2014-05-15 06:34 - 2014-05-16 10:43 - 00000000 ____D () C:\Users\Sam\AppData\Roaming\Odyrro
    2014-05-15 06:34 - 2014-05-15 06:34 - 00068314 _____ () C:\Users\Sam\AppData\Local\tvchovsh
    2014-05-15 06:32 - 2014-05-15 06:32 - 00650598 _____ () C:\Users\Sam\AppData\Local\evtgngmx
    2014-05-14 02:28 - 2014-05-09 02:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2014-05-14 02:28 - 2014-05-09 02:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2014-05-14 02:28 - 2014-03-24 22:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
    2014-05-14 02:28 - 2014-03-24 22:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2014-05-14 02:27 - 2014-04-11 22:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2014-05-14 02:27 - 2014-04-11 22:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2014-05-14 02:27 - 2014-04-11 22:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2014-05-14 02:27 - 2014-04-11 22:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2014-05-14 02:27 - 2014-04-11 22:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2014-05-14 02:27 - 2014-04-11 22:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2014-05-14 02:27 - 2014-04-11 22:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2014-05-14 02:27 - 2014-04-11 22:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2014-05-14 02:27 - 2014-04-11 22:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2014-05-14 02:27 - 2014-03-04 05:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2014-05-14 02:27 - 2014-03-04 05:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2014-05-14 02:27 - 2014-03-04 05:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
    2014-05-14 02:27 - 2014-03-04 05:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
    2014-05-14 02:27 - 2014-03-04 05:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2014-05-14 02:27 - 2014-03-04 05:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2014-05-14 02:27 - 2014-03-04 05:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2014-05-14 02:27 - 2014-03-04 05:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2014-05-14 02:27 - 2014-03-04 05:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
    2014-05-14 02:27 - 2014-03-04 05:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
    2014-05-14 02:27 - 2014-03-04 05:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
    2014-05-14 02:27 - 2014-03-04 05:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
    2014-05-14 02:27 - 2014-03-04 05:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
    2014-05-14 02:27 - 2014-03-04 05:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
    2014-05-14 02:27 - 2014-03-04 05:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
    2014-05-14 02:27 - 2014-03-04 05:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2014-05-14 02:27 - 2014-03-04 05:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2014-05-14 02:27 - 2014-03-04 05:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2014-05-14 02:27 - 2014-03-04 05:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2014-05-14 02:27 - 2014-03-04 05:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
    2014-05-14 02:27 - 2014-03-04 05:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2014-05-14 02:27 - 2014-03-04 05:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2014-05-14 02:27 - 2014-03-04 05:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2014-05-14 02:27 - 2014-03-04 05:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2014-05-14 02:27 - 2014-03-04 05:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
    2014-05-14 02:27 - 2014-03-04 05:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
    2014-05-14 02:27 - 2014-03-04 05:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
    2014-05-14 02:27 - 2014-03-04 05:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
    2014-05-14 02:27 - 2014-03-04 05:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
    2014-05-14 02:27 - 2014-03-04 05:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
    2014-05-14 02:27 - 2014-03-04 05:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2014-05-14 02:27 - 2014-03-04 05:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2014-05-11 10:55 - 2014-05-11 10:55 - 00002177 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco Connect.lnk
    2014-05-11 10:55 - 2014-05-11 10:55 - 00000000 ____D () C:\Program Files (x86)\Cisco Systems
    2014-05-10 18:16 - 2014-05-10 18:16 - 00000000 ____D () C:\Users\Sam\AppData\Local\{DD8C26C5-1A5E-4BD0-AF9E-1297F211FB87}
    2014-05-09 11:40 - 2014-05-09 11:40 - 00003374 _____ () C:\Windows\System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2524037534-3531981673-270931832-1000
    2014-05-03 07:51 - 2014-05-23 15:09 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2524037534-3531981673-270931832-1000UA.job
    2014-05-03 07:51 - 2014-05-22 20:09 - 00000848 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2524037534-3531981673-270931832-1000Core.job
    2014-05-03 07:51 - 2014-05-07 20:04 - 00003866 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2524037534-3531981673-270931832-1000UA
    2014-05-03 07:51 - 2014-05-07 20:04 - 00003470 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2524037534-3531981673-270931832-1000Core
    2014-05-03 07:51 - 2014-05-03 07:51 - 00000000 ____D () C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
    2014-05-03 07:49 - 2014-05-03 07:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
    2014-05-02 06:20 - 2014-05-14 03:23 - 00000000 ___SD () C:\Windows\system32\CompatTel
    2014-04-23 04:20 - 2014-04-23 04:20 - 00000000 __SHD () C:\Users\Sam\AppData\Local\EmieUserList
    2014-04-23 04:20 - 2014-04-23 04:20 - 00000000 __SHD () C:\Users\Sam\AppData\Local\EmieSiteList

    ==================== One Month Modified Files and Folders =======

    2014-05-23 15:11 - 2014-05-19 06:10 - 00027368 _____ () C:\Users\Sam\Desktop\FRST.txt
    2014-05-23 15:10 - 2014-05-19 06:02 - 00000000 ____D () C:\FRST
    2014-05-23 15:09 - 2014-05-23 15:09 - 00005389 _____ () C:\Users\Sam\Desktop\fixlist.txt
    2014-05-23 15:09 - 2014-05-03 07:51 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2524037534-3531981673-270931832-1000UA.job
    2014-05-23 15:09 - 2009-07-14 00:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-05-23 15:09 - 2009-07-14 00:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-05-23 15:02 - 2014-05-19 04:38 - 00000000 ____D () C:\Users\Sam\AppData\Roaming\ID Vault
    2014-05-23 15:00 - 2014-05-23 15:00 - 00003354 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2524037534-3531981673-270931832-1000
    2014-05-23 15:00 - 2014-05-23 15:00 - 00003216 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2524037534-3531981673-270931832-1000
    2014-05-23 15:00 - 2013-12-22 18:17 - 00000000 ____D () C:\Users\Sam\AppData\Roaming\WebStorage
    2014-05-23 15:00 - 2012-03-18 10:17 - 00000000 ____D () C:\Users\Sam\AppData\Local\Deployment
    2014-05-23 15:00 - 2011-05-05 11:59 - 00000000 ____D () C:\Windows\System32\Tasks\NCH Swift Sound
    2014-05-23 14:59 - 2014-05-16 12:09 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-05-23 14:56 - 2013-10-10 01:52 - 00000490 _____ () C:\Windows\Tasks\ParetoLogic Update Version3 Startup Task.job
    2014-05-23 14:56 - 2012-08-10 16:46 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-05-23 14:55 - 2014-05-17 12:10 - 00001400 _____ () C:\Windows\setupact.log
    2014-05-23 14:55 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-05-23 13:27 - 2011-03-01 21:21 - 01240424 _____ () C:\Windows\WindowsUpdate.log
    2014-05-23 13:26 - 2014-05-23 13:26 - 00001241 _____ () C:\Users\Sam\Desktop\AdwCleaner[R3].txt
    2014-05-23 13:21 - 2014-05-17 05:37 - 00000000 ____D () C:\AdwCleaner
    2014-05-23 13:12 - 2014-05-19 05:21 - 00253436 _____ () C:\Windows\PFRO.log
    2014-05-23 12:47 - 2009-07-24 15:22 - 00000000 ____D () C:\Windows\Panther
    2014-05-23 12:43 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
    2014-05-23 12:30 - 2012-08-10 16:46 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-05-23 12:17 - 2011-03-01 21:43 - 00000000 ____D () C:\ProgramData\PDFC
    2014-05-23 11:24 - 2011-06-05 07:21 - 00000000 ____D () C:\Users\Sam\AppData\Local\CrashDumps
    2014-05-23 11:12 - 2011-03-01 21:56 - 00000000 ____D () C:\ProgramData\Norton
    2014-05-23 10:53 - 2014-05-16 12:45 - 00003332 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2524037534-3531981673-270931832-1000
    2014-05-23 10:53 - 2014-05-16 12:45 - 00003194 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2524037534-3531981673-270931832-1000
    2014-05-23 08:45 - 2014-05-23 08:43 - 00000000 ____D () C:\Users\Sam\Desktop\New folder
    2014-05-23 08:37 - 2014-05-23 08:48 - 02067456 _____ (Farbar) C:\Users\Sam\Desktop\FRST64.exe
    2014-05-23 08:35 - 2014-05-23 08:48 - 01326389 _____ () C:\Users\Sam\Desktop\AdwCleaner.exe
    2014-05-23 08:25 - 2012-12-17 18:28 - 00000000 ____D () C:\Users\Sam\.gimp-2.8
    2014-05-22 20:09 - 2014-05-03 07:51 - 00000848 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2524037534-3531981673-270931832-1000Core.job
    2014-05-22 20:07 - 2011-06-26 19:55 - 00003910 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{D23119A3-D0AD-4491-86FE-56FC887310EE}
    2014-05-19 08:45 - 2011-08-15 20:40 - 00000000 ____D () C:\Windows\Minidump
    2014-05-19 08:45 - 2011-03-02 00:32 - 00336125 ____N () C:\Windows\Minidump\051914-51932-01.dmp
    2014-05-19 08:12 - 2014-05-19 04:39 - 00000000 ____D () C:\Users\Sam\AppData\Local\ID Vault
    2014-05-19 06:10 - 2014-05-19 06:10 - 00057612 _____ () C:\Users\Sam\Desktop\Addition.txt
    2014-05-19 06:08 - 2014-05-19 06:06 - 00057612 _____ () C:\Users\Sam\Downloads\Addition.txt
    2014-05-19 06:08 - 2014-05-19 06:03 - 00068428 _____ () C:\Users\Sam\Downloads\FRST.txt
    2014-05-19 06:02 - 2014-05-19 06:01 - 02067456 _____ (Farbar) C:\Users\Sam\Downloads\FRST64.exe
    2014-05-19 05:34 - 2014-05-19 05:33 - 01328723 _____ () C:\Users\Sam\Downloads\AdwCleaner.exe
    2014-05-19 05:26 - 2011-05-02 16:09 - 00106480 _____ () C:\Users\Sam\AppData\Local\GDIPFONTCACHEV1.DAT
    2014-05-19 05:16 - 2014-05-19 05:16 - 00448512 _____ (OldTimer Tools) C:\Users\Sam\Desktop\TFC.exe
    2014-05-19 04:53 - 2014-05-19 04:53 - 27769568 _____ (Microsoft Corporation) C:\Users\Sam\Downloads\Windows-KB890830-x64-V5.12.exe
    2014-05-19 04:39 - 2014-05-19 04:39 - 00000000 ____D () C:\Users\Sam\AppData\Local\White_Sky,_Inc
    2014-05-19 04:39 - 2014-05-19 04:39 - 00000000 ____D () C:\ProgramData\IsolatedStorage
    2014-05-19 04:39 - 2014-05-19 04:37 - 00000000 ____D () C:\Program Files (x86)\Constant Guard Protection Suite
    2014-05-19 04:38 - 2014-05-19 04:38 - 00049752 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\AntiLog64.sys
    2014-05-19 04:38 - 2014-05-19 04:38 - 00000000 ____D () C:\Windows\SysWOW64\ZALSDK_uninst
    2014-05-19 04:38 - 2014-05-19 04:38 - 00000000 ____D () C:\Users\Sam\AppData\Local\Zemana
    2014-05-19 04:38 - 2011-12-17 17:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-05-19 04:37 - 2014-05-19 04:37 - 00002275 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Constant Guard.lnk
    2014-05-19 04:37 - 2014-05-19 04:37 - 00002263 _____ () C:\Users\Public\Desktop\Constant Guard.lnk
    2014-05-19 04:37 - 2014-05-19 04:37 - 00000000 ____D () C:\ProgramData\White Sky, Inc
    2014-05-19 04:37 - 2009-07-13 23:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
    2014-05-19 04:36 - 2014-05-19 04:36 - 19928392 _____ (White Sky, Inc.) C:\Users\Sam\Downloads\constantguard.exe
    2014-05-19 04:29 - 2014-05-19 04:29 - 00921512 _____ (Oracle Corporation) C:\Users\Sam\Downloads\chromeinstall-7u55.exe
    2014-05-18 20:05 - 2011-05-08 17:38 - 00000000 ____D () C:\ProgramData\DVD Shrink
    2014-05-18 16:35 - 2011-03-02 00:32 - 00336125 ____N () C:\Windows\Minidump\051814-68796-01.dmp
    2014-05-18 16:25 - 2014-05-18 16:25 - 00007597 _____ () C:\Windows\IE11_main.log
    2014-05-18 16:25 - 2014-05-18 16:25 - 00000000 ___HD () C:\Windows\msdownld.tmp
    2014-05-18 16:24 - 2014-05-18 16:24 - 58080904 _____ (Microsoft Corporation) C:\Users\Sam\Downloads\EIE11_EN-US_WOL_WIN764.EXE
    2014-05-18 15:07 - 2011-03-02 00:32 - 00336125 ____N () C:\Windows\Minidump\051814-45567-01.dmp
    2014-05-18 14:47 - 2014-05-18 14:45 - 13829304 _____ (Microsoft Corporation) C:\Users\Sam\Downloads\mseinstall.exe
    2014-05-18 12:54 - 2014-05-18 12:53 - 00380416 _____ () C:\Users\Sam\Downloads\tzipdven.exe
    2014-05-18 12:52 - 2014-05-18 12:51 - 00688992 ____R (Swearware) C:\Users\Sam\Downloads\dds.scr
    2014-05-18 12:29 - 2014-05-18 12:29 - 00000259 _____ () C:\Users\Sam\Documents\Malwarebytes Update File 18may14.txt
    2014-05-17 22:00 - 2011-09-03 11:12 - 00000973 _____ () C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\magicJack.lnk
    2014-05-17 22:00 - 2011-09-03 11:12 - 00000000 ____D () C:\Users\Sam\AppData\Roaming\mjusbsp
    2014-05-17 21:04 - 2014-05-17 21:04 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-05-17 21:04 - 2014-05-17 21:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-05-17 21:04 - 2014-05-17 21:04 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-05-17 20:49 - 2011-05-02 17:57 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
    2014-05-17 20:36 - 2011-11-30 17:46 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
    2014-05-17 20:34 - 2013-05-14 20:38 - 00305664 ___SH () C:\Users\Sam\Desktop\Thumbs.db
    2014-05-17 17:02 - 2011-03-02 00:32 - 00336125 ____N () C:\Windows\Minidump\051714-61058-01.dmp
    2014-05-17 16:49 - 2014-05-15 17:44 - 00000000 ____D () C:\Users\Sam\AppData\Roaming\Polamur
    2014-05-17 16:41 - 2011-03-02 00:32 - 00336125 ____N () C:\Windows\Minidump\051714-52151-01.dmp
    2014-05-17 16:15 - 2014-05-16 09:48 - 00000000 ____D () C:\Users\Sam\AppData\Roaming\Ezxain
    2014-05-17 16:15 - 2014-05-16 05:49 - 00000000 ____D () C:\Users\Sam\AppData\Roaming\Exupmea
    2014-05-17 16:14 - 2014-05-16 04:55 - 00000000 ____D () C:\Users\Sam\AppData\Roaming\Hodouv
    2014-05-17 14:27 - 2012-02-01 19:24 - 00003174 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForSam
    2014-05-17 14:27 - 2012-02-01 19:24 - 00000324 _____ () C:\Windows\Tasks\HPCeeScheduleForSam.job
    2014-05-17 13:11 - 2012-09-28 06:06 - 00007599 _____ () C:\Users\Sam\AppData\Local\Resmon.ResmonCfg
    2014-05-17 13:06 - 2013-06-10 04:31 - 00000000 ____D () C:\Users\Sam\Desktop\AntiViral
    2014-05-17 12:10 - 2014-05-17 12:10 - 00000000 _____ () C:\Windows\setuperr.log
    2014-05-17 11:53 - 2011-05-02 17:59 - 00000000 ____D () C:\ProgramData\Recovery
    2014-05-17 10:57 - 2014-05-16 20:42 - 00000000 ____D () C:\ProgramData\Sophos
    2014-05-17 07:23 - 2014-05-17 07:23 - 00000000 ____D () C:\Users\Sam\AppData\Roaming\Tific
    2014-05-17 07:21 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
    2014-05-17 07:18 - 2014-05-17 07:18 - 00000000 ____D () C:\Users\Sam\AppData\Local\Symantec
    2014-05-17 06:33 - 2014-05-17 06:33 - 00000000 ____D () C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
    2014-05-17 06:31 - 2014-05-17 06:31 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
    2014-05-16 12:58 - 2014-05-16 12:57 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys
    2014-05-16 12:09 - 2011-11-16 22:39 - 00000000 ____D () C:\Users\Sam\AppData\Roaming\Malwarebytes
    2014-05-16 12:09 - 2011-11-16 22:38 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-05-16 10:43 - 2014-05-15 06:34 - 00000000 ____D () C:\Users\Sam\AppData\Roaming\Odyrro
    2014-05-16 05:16 - 2014-05-16 05:16 - 06956094 ____R () C:\Users\Sam\Desktop\~ofC92 Backup_2014-05-16_051643.mbf
    2014-05-16 05:16 - 2011-05-04 06:46 - 00000000 ____D () C:\Users\Sam\Desktop\Money Backups
    2014-05-15 20:26 - 2013-04-03 13:04 - 00000000 ____D () C:\ProgramData\pdf995
    2014-05-15 20:26 - 2011-12-06 08:04 - 00000000 ____D () C:\ProgramData\Real
    2014-05-15 20:26 - 2011-05-02 16:10 - 00000000 ___RD () C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    2014-05-15 20:26 - 2011-03-01 21:42 - 00000000 ____D () C:\ProgramData\RoxioNow
    2014-05-15 20:26 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration
    2014-05-15 16:28 - 2011-05-02 16:01 - 00000000 ____D () C:\Users\Sam
    2014-05-15 08:56 - 2014-05-15 09:01 - 00019723 _____ () C:\Users\Sam\Documents\hijackthis.log
    2014-05-15 08:42 - 2014-05-15 08:42 - 01402880 _____ () C:\Users\Sam\Downloads\HiJackThis.msi
    2014-05-15 06:50 - 2012-10-25 09:58 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
    2014-05-15 06:35 - 2014-05-15 06:35 - 00012326 _____ () C:\Users\Sam\AppData\Local\nahbbowa
    2014-05-15 06:34 - 2014-05-15 06:34 - 00068314 _____ () C:\Users\Sam\AppData\Local\tvchovsh
    2014-05-15 06:32 - 2014-05-15 06:32 - 00650598 _____ () C:\Users\Sam\AppData\Local\evtgngmx
    2014-05-14 06:37 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
    2014-05-14 03:27 - 2011-05-02 16:10 - 00000000 ___RD () C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
    2014-05-14 03:23 - 2014-05-02 06:20 - 00000000 ___SD () C:\Windows\system32\CompatTel
    2014-05-14 03:06 - 2013-08-01 20:52 - 00000000 ____D () C:\Windows\system32\MRT
    2014-05-13 20:58 - 2011-10-27 11:52 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
    2014-05-13 20:58 - 2011-05-03 21:08 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
    2014-05-12 15:17 - 2011-05-02 20:54 - 00000000 ____D () C:\Users\Sam\Calibre Library
    2014-05-12 14:30 - 2013-11-30 18:34 - 00000000 ____D () C:\Users\Sam\AppData\Local\calibre-cache
    2014-05-12 10:20 - 2011-05-02 20:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
    2014-05-12 10:20 - 2011-05-02 20:54 - 00000000 ____D () C:\Program Files (x86)\Calibre2
    2014-05-11 20:31 - 2013-02-24 06:09 - 00000000 ____D () C:\Users\Sam\Documents\My Kindle Content
    2014-05-11 20:31 - 2011-11-27 18:24 - 00000000 ____D () C:\Users\Sam\AppData\Roaming\SoftGrid Client
    2014-05-11 14:41 - 2012-04-10 17:30 - 00068096 _____ () C:\Users\Sam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2014-05-11 10:55 - 2014-05-11 10:55 - 00002177 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco Connect.lnk
    2014-05-11 10:55 - 2014-05-11 10:55 - 00000000 ____D () C:\Program Files (x86)\Cisco Systems
    2014-05-10 18:16 - 2014-05-10 18:16 - 00000000 ____D () C:\Users\Sam\AppData\Local\{DD8C26C5-1A5E-4BD0-AF9E-1297F211FB87}
    2014-05-10 18:16 - 2011-05-19 13:23 - 00000000 ____D () C:\Users\Sam\AppData\Local\Windows Live
    2014-05-10 04:09 - 2011-05-03 08:18 - 00000384 _____ () C:\Windows\Tasks\FileCure Default.job
    2014-05-09 11:40 - 2014-05-09 11:40 - 00003374 _____ () C:\Windows\System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2524037534-3531981673-270931832-1000
    2014-05-09 02:14 - 2014-05-14 02:28 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2014-05-09 02:11 - 2014-05-14 02:28 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2014-05-07 20:04 - 2014-05-03 07:51 - 00003866 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2524037534-3531981673-270931832-1000UA
    2014-05-07 20:04 - 2014-05-03 07:51 - 00003470 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2524037534-3531981673-270931832-1000Core
    2014-05-07 10:25 - 2012-08-10 16:46 - 00003888 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2014-05-07 10:25 - 2012-08-10 16:46 - 00003636 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2014-05-04 17:12 - 2011-05-06 06:50 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2014-05-03 07:51 - 2014-05-03 07:51 - 00000000 ____D () C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
    2014-05-03 07:51 - 2012-08-10 16:46 - 00000000 ____D () C:\Users\Sam\AppData\Local\Google
    2014-05-03 07:49 - 2014-05-03 07:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
    2014-05-03 07:49 - 2012-08-10 16:46 - 00000000 ____D () C:\Program Files (x86)\Google
    2014-05-03 07:44 - 2012-07-06 17:26 - 00000000 ____D () C:\Users\Sam\AppData\Local\Adobe
    2014-05-03 07:44 - 2012-05-10 04:55 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2014-05-03 07:44 - 2011-05-15 19:28 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2014-04-27 17:07 - 2011-06-02 05:04 - 00003214 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForSAM-HP$
    2014-04-27 17:07 - 2011-06-02 05:04 - 00000338 _____ () C:\Windows\Tasks\HPCeeScheduleForSAM-HP$.job
    2014-04-23 04:20 - 2014-04-23 04:20 - 00000000 __SHD () C:\Users\Sam\AppData\Local\EmieUserList
    2014-04-23 04:20 - 2014-04-23 04:20 - 00000000 __SHD () C:\Users\Sam\AppData\Local\EmieSiteList

    Some content of TEMP:
    ====================
    C:\Users\Sam\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


    LastRegBack: 2014-05-19 07:53

    ==================== End Of Log ============================
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1126200

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice