Please tell me if the computer is free of junk??

blah321 · Jan 21, 2015

Hi there,
We had some SweetIM thing that took over the computer and I cleaned it up by going to this website (http://www.bleepingcomputer.com/virus-removal/remove-sweetpacks-toolbar) but now I just want to be sure it is clean as I read it could have installed other stuff too. The PC still seems to run sluggish...
here is my sysinfo you requested:
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft® Windows Vista Home Premium, Service Pack 2, 32 bit
Processor: Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz, x64 Family 6 Model 15 Stepping 13
Processor Count: 2
RAM: 2045 Mb
Graphics Card: ATI Radeon HD 2400, 128 Mb
Hard Drives: C: Total - 294948 MB, Free - 82343 MB; D: Total - 10239 MB, Free - 6093 MB;
Motherboard: Dell Inc., 0RY007
Antivirus: AVG Anti-Virus Free, Updated: Yes, On-Demand Scanner: Enabled

Malwarebytes was a pain and kept hanging tho, so i couldnt grab the log file.

TIA

dbreeze · Jan 21, 2015

Hi blah321

Welcome to Tech Support Guy. My name is dbreeze and I'll be helping you with this problem. Before I get into the removal of malware / correction of your problem, I need you to be aware of the following:

Please read all of my response through at least once before attempting to follow the procedures described.I would recommend printing them out, if you can, as you can check off each step as you complete it. Also, as some of the cleaning may be done in Safe Mode and there will be no internet connection then, you will find that having the steps printed for reference speeds the cleaning process along. If there's anything you don't understand or isn't totally clear to you, please come back to me for clarification before you start those steps.

All of the assistants and staff at Tech Support Guy are here on a volunteer basis; please respect our time given to the cause of helping others.If you are going to be away for more than 4 days, please let me know here. (I will do the same for you.) We do realize that 'life happens' and situations arise unexpectedly; we just ask that you keep us up to date.

Malware removal is a complex, multiple step process; please stay with me on this thread (don't start another thread) until I declare that your logs are clean and you are good to go. The absence of apparent issues does not mean your system is clean; I will tell you when everything looks good for you to go and help you remove the tools we have used.

If any of the security programs on your system should give any warnings about the software tools I ask you to download and use, please do not be alarmed.All of the tools I will have you use are safe to use (as instructed) and malware free.

While we strive to disrupt your system as little as possible, things happen.If you can, it would be best to back up your personal files now (if you do not already have a backup). You can store these on a CD/DVD, USB drive or stick, anywhere but on your same system. This will save you from possible anguish later if something unforeseen happens.

Please do not run any other tools or scanners than what I ask you to.Some of the openly available software made for malware removal can make changes to your system that interfere with the cleaning of the malware, or even destroy your system. I will use only what the situation calls for and direct you in the proper use of that software.

Please do not attach any log files to your replies unless I specifically ask you.Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.

- Save ALL Tools to your Desktop-

All the tools that I will have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.

Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.
Google Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser. Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.
Mozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
and the click the "Select Folder" button. Click OK to get out of the Options menu.
Internet Explorer - Click the Tools menu in the upper right-corner of the browser. Select View downloads. Select the Options link in the lower left of the window. Click Browse and
select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

Let's get started....

Please download Farbar Recovery Scan Tool 32bit and save it to your Desktop.

Right click the FRST file on your desktop and select "Run as Administrator..." (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.

If an update is available, the program will inform you and download the update. Allow it do this please.

Press the Scan button.

It will produce a log called FRST.txt in the same directory the tool is run from.

Please copy and paste log back here.

The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe). Please also paste that along with the FRST.txt into your reply.

blah321 · Jan 23, 2015

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-01-2015
Ran by Jodi (administrator) on JODI-PC on 23-01-2015 09:00:16
Running from C:\Users\Jodi\Desktop
Loaded Profiles: Jodi (Available profiles: Jodi)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgrsx.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
( ) C:\Windows\System32\dlcxcoms.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
(Symantec Corporation) C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe
(PC Tools) C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgemcx.exe
(Symantec Corporation) C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe
(Eastman Kodak Company) C:\Program Files\Kodak\KODAK Share Button App\Listener.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Macrovision Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
() C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
() C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
(PC Tools) C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgui.exe
(Gteko Ltd.) C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Oracle Corporation) C:\Program Files\Java\jre1.8.0_31\bin\javaw.exe
(Avanquest Software ) C:\Program Files\Digital Line Detect\DLG.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(Fred's Software) C:\Program Files\PrintKey2000\Printkey2000.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcsrvx.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\ehome\mcupdate.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [ECenter] => C:\Dell\E-Center\EULALauncher.exe [17920 2007-05-25] ( )
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4452352 2007-05-11] (Realtek Semiconductor)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [90112 2006-11-10] ()
HKLM\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2006-10-03] (Macrovision Corporation)
HKLM\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2006-10-03] (Macrovision Corporation)
HKLM\...\Run: [Google Desktop Search] => C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-07-30] (Google)
HKLM\...\Run: [dscactivate] => C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [16384 2007-10-09] ( )
HKLM\...\Run: [FaxCenterServer] => C:\Program Files\Dell PC Fax\fm3032.exe [312200 2006-11-03] ()
HKLM\...\Run: [dlcxmon.exe] => C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe [292336 2007-01-12] ()
HKLM\...\Run: [MemoryCardManager] => C:\Program Files\Dell Photo AIO Printer 926\memcard.exe [304008 2006-11-03] ()
HKLM\...\Run: [DLCXCATS] => rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll,[email protected]
HKLM\...\Run: [Easy Dock] => C:\Users\Jodi\Documents\RCA easyRip\EZDock.exe
HKLM\...\Run: [AppleSyncNotifier] => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-10-06] (Apple Inc.)
HKLM\...\Run: [SSDMonitor] => C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe [104408 2010-08-05] (PC Tools)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-10-01] (Apple Inc.)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3667472 2014-12-18] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [X]
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-4097677784-3526681225-2606921827-1000\...\Run: [DellAutomatedPCTuneUp] => C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe [465136 2007-10-11] (Gteko Ltd.)
HKU\S-1-5-21-4097677784-3526681225-2606921827-1000\...\Run: [MsnMsgr] => C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [4280184 2012-03-08] (Microsoft Corporation)
HKU\S-1-5-21-4097677784-3526681225-2606921827-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-4097677784-3526681225-2606921827-1000\...\Run: [DW6] => "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
HKU\S-1-5-21-4097677784-3526681225-2606921827-1000\...\Run: [JagexGameStudios] => C:\Users\Jodi\AppData\Roaming\Jagex\client.jar [19144 2011-02-05] ()
HKU\S-1-5-21-4097677784-3526681225-2606921827-1000\...\Run: [Weather] => C:\Program Files\AWS\WeatherBug\Weather.exe 1
HKU\S-1-5-21-4097677784-3526681225-2606921827-1000\...\Run: [KGShareApp] => C:\Program Files\Kodak\KODAK Share Button App\KGShare_App.exe [394752 2012-06-26] (Eastman Kodak Company)
HKU\S-1-5-21-4097677784-3526681225-2606921827-1000\...\Run: [PrSft] => C:\Users\Jodi\AppData\Roaming\svc-lkpp.exe
HKU\S-1-5-21-4097677784-3526681225-2606921827-1000\...\RunOnce: [Shockwave Updater] => C:\Windows\System32\Adobe\Shockwave 11\SwHelper_1100465.exe [447928 2008-08-06] (Adobe Systems, Inc.)
HKU\S-1-5-21-4097677784-3526681225-2606921827-1000\...\MountPoints2: {24221ead-015a-11df-bd0d-001d09788a3e} - G:\rcaeasyrip_setup.exe
HKU\S-1-5-21-4097677784-3526681225-2606921827-1000\...\MountPoints2: {7d3aa47b-bfa1-11e1-9ff1-001d09788a3e} - G:\KODAK_Camera_Setup_App.exe
HKU\S-1-5-21-4097677784-3526681225-2606921827-1000\...\Winlogon: [Shell] C:\Windows\explorer.exe [2926592 2009-04-11] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-18\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\system32\Macromed\Flash\FlashUtil11c_ActiveX.exe -update activex
AppInit_DLLs: C:\PROGRA~1\GOOGLE\GOOGLE~2\GOEC62~1.DLL => C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2010-07-30] (Google)
IFEO\k9filter.exe: [Debugger] SvcHost.EXE
IFEO\mpcmdrun: [Debugger] c:\windows\vsjitdebugger.EXE
IFEO\mpsvc.dll: [Debugger] c:\windows\vsjitdebugger.EXE
IFEO\mpuxsrv.exe: [Debugger] c:\windows\vsjitdebugger.EXE
IFEO\msascui: [Debugger] c:\windows\vsjitdebugger.EXE
IFEO\MSconfig.exe: [Debugger] c:\windows\vsjitdebugger.EXE
IFEO\MSseces: [Debugger] c:\windows\vsjitdebugger.EXE
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Printkey2000.lnk
ShortcutTarget: Printkey2000.lnk -> C:\Program Files\PrintKey2000\Printkey2000.exe (Fred's Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
ShortcutTarget: VPN Client.lnk -> C:\Windows\Installer\{4C271126-C295-4828-A901-5910AE0C258B}\Icon3E5562ED7.ico ()
Startup: C:\Users\Jodi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fliptoast.lnk
ShortcutTarget: fliptoast.lnk -> C:\Program Files\fliptoast\fliptoast.exe (No File)
ShellIconOverlayIdentifiers: [EnhancedStorageShell] -> {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} => C:\Users\Jodi\AppData\Local\Temp\fuk.dll No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qwest.live.com
HKU\S-1-5-21-4097677784-3526681225-2606921827-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKU\S-1-5-21-4097677784-3526681225-2606921827-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qwest.live.com
HKU\S-1-5-21-4097677784-3526681225-2606921827-1000\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4097677784-3526681225-2606921827-1000 -> {70D46D94-BF1E-45ED-B567-48701376298E} URL = http://127.0.0.1:4664/search&s=XQvyfCA_K3Hk-3DtHZDJ0Yw1FF8?q={searchTerms}
SearchScopes: HKU\S-1-5-21-4097677784-3526681225-2606921827-1000 -> {A86CB93C-AF88-B5FE-F4D9-E79E5C6A4474} URL = http://www.bing.com/search?q={searchTerms}&pc=ZUGO&form=ZGAIDF
SearchScopes: HKU\S-1-5-21-4097677784-3526681225-2606921827-1000 -> {EC71185C-40D6-E07A-7848-65A610EF7AF9} URL = http://www.bing.com/search?q={searchTerms}&pc=ZUGO&form=ZGAIDF
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Updater For Simppull Toolbar -> {C4B8BAB4-1667-11DF-A242-BA9455D89593} -> C:\Program Files\simppulltoolbar\auxi\simppulltoolbAu.dll No File
BHO: CBrowserHelperObject Object -> {CA6319C0-31B7-401E-A518-A07C3DB8F777} -> C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
BHO: FDMIECookiesBHO Class -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> C:\Program Files\Free Download Manager\iefdm2.dll ()
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO: No Name -> {E4E6BF2A-1667-11DF-A01F-1F9655D89593} -> No File
Toolbar: HKU\S-1-5-21-4097677784-3526681225-2606921827-1000 -> No Name - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
Toolbar: HKU\S-1-5-21-4097677784-3526681225-2606921827-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {38AB6A6C-CC4C-4F9E-A3DD-3C5681EF18A1} http://www.freerealms.com/gamedata/FreeRealmsInstaller.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www2.snapfish.com/SnapfishActivia.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w3/pr01/resources/VistaMSNPUplden-us.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} http://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab
DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} http://asbmail02.americanbus.com/dwa8W.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} http://asbmail02.americanbus.com/dwa7W.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-us.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL No File [ ]
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 71.10.216.1 71.10.216.2 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Jodi\AppData\Roaming\Mozilla\Firefox\Profiles\zfqxeaq8.default
FF DefaultSearchEngine: Bing
FF SearchEngineOrder.1: Yahoo
FF SearchEngineOrder.2:
FF SelectedSearchEngine: Bing
FF Homepage: hxxp://www.search.yahoo.com/?fr=w3i&type=W3i_SP,205,0_0,StartPage,20110311,16900,0,16,0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @Microsoft.com/NpWinExt,version=5.0 -> C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @soe.sony.com/installer,version=1.0.3 -> C:\PROGRA~1\SONYON~1\npsoe.dll ()
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @unity3d.com/UnityPlayer -> C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll No File
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Jodi\AppData\Roaming\Mozilla\Firefox\Profiles\zfqxeaq8.default\searchplugins\bing-zugo.xml
FF Extension: Gamevance TextLinks - C:\Users\Jodi\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected] [2010-04-02]
FF Extension: GamePlayLabs Plugin - C:\Users\Jodi\AppData\Roaming\Mozilla\Firefox\Profiles\zfqxeaq8.default\Extensions\[email protected] [2011-03-24]
FF Extension: Search Toolbar - C:\Users\Jodi\AppData\Roaming\Mozilla\Firefox\Profiles\zfqxeaq8.default\Extensions\[email protected] [2010-09-22]
FF Extension: We-Care App - C:\Users\Jodi\AppData\Roaming\Mozilla\Firefox\Profiles\zfqxeaq8.default\Extensions\[email protected](65) [2013-03-24]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Jodi\AppData\Roaming\Mozilla\Firefox\Profiles\zfqxeaq8.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-12-14]
FF Extension: ShopToWin2 - C:\Users\Jodi\AppData\Roaming\Mozilla\Firefox\Profiles\zfqxeaq8.default\Extensions\{5835466c-49af-4cbe-b102-a8c8b6313749} [2012-11-23]
FF Extension: RuneScape - C:\Users\Jodi\AppData\Roaming\Mozilla\Firefox\Profiles\zfqxeaq8.default\Extensions\{a8864317-e18b-4292-99d9-e6e65ab905d3} [2015-01-21]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-06]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\Firefox
FF Extension: Bing Bar - C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\Firefox [2010-05-11]
FF HKU\S-1-5-21-4097677784-3526681225-2606921827-1000\...\Firefox\Extensions: [{1266764D-FC4F-4FA7-B63B-884D53B1680F}] - C:\Users\Jodi\AppData\Roaming\NetAssistant
FF Extension: Freeze.com NetAssistant - C:\Users\Jodi\AppData\Roaming\NetAssistant [2011-02-01]
FF Extension: No Name - C:\Users\Jodi\AppData\Roaming\Mozilla\Firefox\Profiles\zfqxeaq8.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [Not Found]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Profile: C:\Users\Jodi\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jodi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-21]
CHR Extension: (Google Wallet) - C:\Users\Jodi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-21]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3432976 2014-12-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [298080 2014-12-18] (AVG Technologies CZ, s.r.o.)
R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528608 2008-04-17] (Cisco Systems, Inc.)
S3 DellAMBrokerService; C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe [76016 2007-10-11] ()
R2 dlcx_device; C:\Windows\system32\dlcxcoms.exe [532480 2006-10-11] ( )
S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-07-30] (Google)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [235216 2013-09-06] (McAfee, Inc.)
R2 Norton PC Checkup Application Launcher; C:\Program Files\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe [131512 2012-05-24] (Symantec Corporation)
R2 PCCUJobMgr; C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe [126392 2009-08-24] (Symantec Corporation)
R2 PCToolsSSDMonitorSvc; C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe [583640 2010-08-05] (PC Tools)
S3 RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [880640 2006-11-16] (Sonic Solutions) [File not signed]
S2 SupportSoft RemoteAssist; C:\Program Files\Common Files\supportsoft\bin\ssrc.exe [329080 2011-02-14] (SupportSoft, Inc.)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)
S2 FastUserSwitchingCompatibility; C:\Windows\system32\FastUv32.dll [X]
S2 intelusb3; C:\Windows\system32\inusbw32.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 2WIREPCP; C:\Windows\System32\DRIVERS\2WirePCP.sys [68672 2007-05-30] (2Wire, Inc.)
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [208152 2014-12-08] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [154904 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AvgLdx86; C:\Windows\System32\DRIVERS\avgldx86.sys [192792 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [230680 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 AvgMfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [98584 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AvgTdiX; C:\Windows\System32\DRIVERS\avgtdix.sys [200984 2014-10-10] (AVG Technologies CZ, s.r.o.)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306299 2008-04-17] (Cisco Systems, Inc.) [File not signed]
R2 datunidr; C:\Windows\System32\DRIVERS\datunidr.sys [5376 2007-08-23] (Gteko Ltd.)
R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [125328 2008-03-29] (Deterministic Networks, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-01-23] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
R3 PTproct; C:\Program Files\DellAutomatedPCTuneUp\GTAction\triggers\PTproct.sys [4736 2006-10-05] (Gteko Ltd.) [File not signed]
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [36528 2006-07-24] (Sonic Solutions) [File not signed]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S2 MCSTRM; No ImagePath
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S0 oqgkt; system32\drivers\fiqxuc.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-23 09:00 - 2015-01-23 09:05 - 00026856 _____ () C:\Users\Jodi\Desktop\FRST.txt
2015-01-23 08:56 - 2015-01-23 09:00 - 00000000 ____D () C:\FRST
2015-01-23 08:54 - 2015-01-23 08:54 - 01118208 _____ (Farbar) C:\Users\Jodi\Desktop\FRST.exe
2015-01-22 04:43 - 2014-06-26 16:17 - 00619664 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2015-01-22 04:43 - 2014-06-26 16:17 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2015-01-22 04:43 - 2014-06-26 16:17 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2015-01-22 04:43 - 2014-06-05 22:28 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2015-01-22 04:39 - 2014-06-15 16:18 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2015-01-22 04:39 - 2014-06-13 12:22 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2015-01-22 04:39 - 2014-06-13 12:22 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2015-01-22 04:36 - 2014-10-09 19:01 - 00449536 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2015-01-22 04:36 - 2014-10-09 19:00 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-01-22 04:36 - 2014-10-09 17:22 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-01-22 04:35 - 2014-12-18 18:25 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-22 04:33 - 2014-11-03 18:19 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-01-22 04:30 - 2014-11-06 19:33 - 00974848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-01-22 03:39 - 2014-08-26 18:55 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-01-22 03:39 - 2014-08-26 18:55 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-01-22 03:31 - 2014-10-23 19:04 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2015-01-22 03:31 - 2014-10-23 19:03 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-01-22 03:30 - 2014-08-22 19:03 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-01-22 03:28 - 2014-08-11 20:25 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2015-01-22 03:25 - 2014-10-02 19:18 - 00274432 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-01-22 03:25 - 2014-10-02 19:17 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-01-22 03:25 - 2014-10-02 19:17 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-01-22 03:25 - 2014-10-02 19:17 - 00170496 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-01-22 03:24 - 2014-12-05 21:14 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-22 03:24 - 2014-12-05 21:14 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-22 03:24 - 2014-12-05 21:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-01-22 03:19 - 2014-10-17 19:08 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-01-22 03:16 - 2014-09-04 17:27 - 00143360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
2015-01-22 03:11 - 2014-12-02 20:06 - 00278528 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-01-22 03:11 - 2014-10-09 19:00 - 01259008 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-01-22 03:07 - 2014-12-05 21:14 - 00153600 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-22 03:07 - 2014-10-12 17:34 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-01-22 02:06 - 2014-04-26 10:01 - 00502784 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2015-01-22 02:06 - 2014-03-25 07:26 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-01-22 02:05 - 2014-06-13 18:44 - 00638400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2015-01-22 02:05 - 2014-06-13 18:33 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2015-01-22 02:05 - 2014-06-06 02:59 - 00506880 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2015-01-22 02:05 - 2014-06-02 04:31 - 02263552 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-01-22 02:05 - 2014-06-02 04:31 - 00332800 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-01-22 02:05 - 2014-06-02 04:30 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-01-22 02:05 - 2014-06-02 04:30 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-01-22 02:05 - 2014-06-02 02:56 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-01-22 02:05 - 2014-04-04 20:42 - 00905664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2015-01-22 02:00 - 2014-05-30 00:53 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-01-22 01:58 - 2014-03-09 19:22 - 01401344 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-01-22 01:58 - 2014-02-05 19:56 - 00894464 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-01-22 01:25 - 2014-11-24 14:44 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-01-22 01:25 - 2014-11-24 14:41 - 12369920 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-01-22 01:25 - 2014-11-24 14:40 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-01-22 01:25 - 2014-11-24 14:37 - 09740800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-01-22 01:25 - 2014-11-24 14:35 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-01-22 01:25 - 2014-11-24 14:35 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-01-22 01:25 - 2014-11-24 14:34 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-01-22 01:25 - 2014-11-24 14:34 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-01-22 01:25 - 2014-11-24 14:33 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-01-22 01:25 - 2014-11-24 14:33 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-01-22 01:25 - 2014-11-24 14:33 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-01-22 01:25 - 2014-11-24 14:33 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-01-22 01:25 - 2014-11-24 14:33 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-01-22 01:25 - 2014-11-24 14:33 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-01-22 01:25 - 2014-11-24 14:33 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-01-22 01:25 - 2014-11-24 14:32 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-01-22 01:25 - 2014-11-24 14:32 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-01-22 01:25 - 2014-11-24 14:32 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-01-22 01:25 - 2014-11-24 14:32 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-01-22 01:25 - 2014-11-24 14:32 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-01-22 01:25 - 2014-11-24 14:32 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-01-22 01:25 - 2014-11-24 14:32 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-01-22 00:58 - 2014-01-30 01:46 - 00876032 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2015-01-21 23:17 - 2015-01-21 22:40 - 00176552 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2015-01-21 23:17 - 2015-01-21 22:40 - 00176552 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2015-01-21 23:17 - 2015-01-21 22:40 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-01-21 23:11 - 2015-01-21 23:11 - 00000000 ____D () C:\Program Files\Common Files\Java
2015-01-21 20:06 - 2015-01-21 20:06 - 00000000 ____D () C:\Users\Jodi\AppData\Roaming\AVG2015
2015-01-21 20:04 - 2015-01-21 20:04 - 00000844 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2015-01-21 20:04 - 2015-01-21 20:04 - 00000000 ____D () C:\Users\Jodi\AppData\Roaming\TuneUp Software
2015-01-21 20:04 - 2015-01-21 20:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-01-21 20:02 - 2015-01-21 20:06 - 00000000 ____D () C:\ProgramData\AVG2015
2015-01-21 20:02 - 2015-01-21 20:02 - 00000000 ___HD () C:\$AVG
2015-01-21 19:57 - 2015-01-21 19:57 - 04637504 _____ (AVG Technologies) C:\Users\Jodi\Downloads\avg_free_stb_all_2015_5557_cnet.exe
2015-01-21 17:09 - 2015-01-21 17:12 - 00000000 ____D () C:\Users\Jodi\Desktop\New Folder (3)
2015-01-21 16:44 - 2015-01-21 16:44 - 00509440 _____ (Tech Support Guy System) C:\Users\Jodi\Desktop\SysInfo.exe
2015-01-21 16:32 - 2015-01-21 20:41 - 00000000 ____D () C:\Users\Jodi\AppData\Local\Avg2015
2015-01-21 16:02 - 2015-01-21 16:14 - 00000000 ____D () C:\AdwCleaner
2015-01-21 15:57 - 2015-01-21 15:57 - 02186752 _____ () C:\Users\Jodi\Desktop\AdwCleaner.exe
2015-01-21 15:56 - 2015-01-21 16:01 - 00004914 _____ () C:\Users\Jodi\Desktop\Rkill.txt
2015-01-21 15:56 - 2015-01-21 15:56 - 00000000 ____D () C:\Users\Jodi\Desktop\rkill
2015-01-21 15:55 - 2015-01-21 15:55 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Jodi\Desktop\iExplore.exe
2015-01-21 15:26 - 2015-01-21 15:26 - 00000901 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-21 15:26 - 2015-01-21 15:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-21 15:26 - 2015-01-21 15:26 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-01-21 15:26 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-21 15:26 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-21 15:25 - 2015-01-21 15:25 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Jodi\Desktop\mbam-setup-2.0.4.1028.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-23 09:05 - 2012-08-03 00:39 - 01236063 _____ () C:\Windows\WindowsUpdate.log
2015-01-23 09:05 - 2012-05-13 15:09 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-23 09:04 - 2012-05-13 15:09 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-01-23 09:04 - 2011-06-28 08:41 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-01-23 08:51 - 2006-11-02 06:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-23 08:51 - 2006-11-02 06:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-23 08:45 - 2011-12-03 21:59 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-23 08:45 - 2009-06-12 16:39 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2015-01-23 08:44 - 2013-10-03 21:37 - 00000000 ____D () C:\ProgramData\MFAData
2015-01-23 08:44 - 2011-12-03 21:59 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-23 08:41 - 2011-03-10 23:23 - 00000416 _____ () C:\Windows\Tasks\PCConfidential.job
2015-01-23 08:40 - 2006-11-02 07:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-22 07:28 - 2011-11-15 12:13 - 00000348 _____ () C:\Windows\Tasks\At16.job
2015-01-22 07:28 - 2011-11-15 12:13 - 00000346 _____ () C:\Windows\Tasks\At15.job
2015-01-22 06:21 - 2011-11-15 12:13 - 00000348 _____ () C:\Windows\Tasks\At14.job
2015-01-22 06:21 - 2011-11-15 12:13 - 00000346 _____ () C:\Windows\Tasks\At13.job
2015-01-22 05:34 - 2006-11-02 05:18 - 00000000 ____D () C:\Windows\rescache
2015-01-22 05:32 - 2006-11-02 05:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-01-22 05:23 - 2006-11-02 04:33 - 00759542 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-22 05:21 - 2011-11-15 12:13 - 00000348 _____ () C:\Windows\Tasks\At12.job
2015-01-22 05:21 - 2011-11-15 12:13 - 00000346 _____ () C:\Windows\Tasks\At11.job
2015-01-22 05:15 - 2006-11-02 06:47 - 00330944 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-22 05:14 - 2010-05-11 16:15 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-01-22 05:12 - 2007-12-13 13:30 - 00000012 _____ () C:\Windows\bthservsdp.dat
2015-01-22 05:12 - 2006-11-02 07:01 - 00032606 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-22 05:10 - 2006-11-02 06:37 - 00000000 ____D () C:\Program Files\Windows Journal
2015-01-22 04:30 - 2013-08-14 02:21 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-22 04:22 - 2011-11-15 12:13 - 00000348 _____ () C:\Windows\Tasks\At10.job
2015-01-22 04:22 - 2011-11-15 12:13 - 00000346 _____ () C:\Windows\Tasks\At9.job
2015-01-22 03:21 - 2011-11-15 12:13 - 00000348 _____ () C:\Windows\Tasks\At8.job
2015-01-22 03:21 - 2011-11-15 12:13 - 00000346 _____ () C:\Windows\Tasks\At7.job
2015-01-22 03:19 - 2010-06-04 02:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-01-22 02:21 - 2011-11-15 12:12 - 00000348 _____ () C:\Windows\Tasks\At6.job
2015-01-22 02:21 - 2011-11-15 12:12 - 00000346 _____ () C:\Windows\Tasks\At5.job
2015-01-22 01:21 - 2011-11-15 12:12 - 00000348 _____ () C:\Windows\Tasks\At4.job
2015-01-22 01:21 - 2011-11-15 12:12 - 00000346 _____ () C:\Windows\Tasks\At3.job
2015-01-22 00:21 - 2011-11-15 12:12 - 00000348 _____ () C:\Windows\Tasks\At2.job
2015-01-22 00:21 - 2011-11-15 12:12 - 00000346 _____ () C:\Windows\Tasks\At1.job
2015-01-21 23:21 - 2011-11-15 12:13 - 00000348 _____ () C:\Windows\Tasks\At48.job
2015-01-21 23:21 - 2011-11-15 12:13 - 00000346 _____ () C:\Windows\Tasks\At47.job
2015-01-21 22:40 - 2013-11-11 23:43 - 00272296 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2015-01-21 22:35 - 2013-11-11 23:44 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-21 22:34 - 2007-12-13 13:31 - 00000000 ____D () C:\Program Files\Java
2015-01-21 22:21 - 2011-11-15 12:13 - 00000348 _____ () C:\Windows\Tasks\At46.job
2015-01-21 22:21 - 2011-11-15 12:13 - 00000346 _____ () C:\Windows\Tasks\At45.job
2015-01-21 21:58 - 2006-11-02 05:18 - 00000000 ___RD () C:\Users\Public
2015-01-21 21:21 - 2011-11-15 12:13 - 00000348 _____ () C:\Windows\Tasks\At44.job
2015-01-21 21:21 - 2011-11-15 12:13 - 00000346 _____ () C:\Windows\Tasks\At43.job
2015-01-21 20:37 - 2011-01-28 14:34 - 00000000 ____D () C:\Users\Jodi\AppData\Roaming\Free Download Manager
2015-01-21 20:21 - 2011-11-15 12:13 - 00000348 _____ () C:\Windows\Tasks\At42.job
2015-01-21 20:21 - 2011-11-15 12:13 - 00000346 _____ () C:\Windows\Tasks\At41.job
2015-01-21 20:01 - 2009-06-12 17:13 - 00000000 ____D () C:\Program Files\AVG
2015-01-21 19:21 - 2011-11-15 12:13 - 00000348 _____ () C:\Windows\Tasks\At40.job
2015-01-21 19:21 - 2011-11-15 12:13 - 00000346 _____ () C:\Windows\Tasks\At39.job
2015-01-21 18:21 - 2011-11-15 12:13 - 00000348 _____ () C:\Windows\Tasks\At38.job
2015-01-21 18:21 - 2011-11-15 12:13 - 00000346 _____ () C:\Windows\Tasks\At37.job
2015-01-21 17:21 - 2011-11-15 12:13 - 00000348 _____ () C:\Windows\Tasks\At36.job
2015-01-21 17:21 - 2011-11-15 12:13 - 00000346 _____ () C:\Windows\Tasks\At35.job
2015-01-21 16:21 - 2011-11-15 12:13 - 00000348 _____ () C:\Windows\Tasks\At34.job
2015-01-21 16:21 - 2011-11-15 12:13 - 00000346 _____ () C:\Windows\Tasks\At33.job
2015-01-21 16:16 - 2013-05-27 09:58 - 00052734 _____ () C:\Windows\PFRO.log
2015-01-21 16:04 - 2011-12-03 22:01 - 00001973 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-21 15:33 - 2013-11-15 17:07 - 00000000 ____D () C:\Program Files\mozilla firefox
2015-01-21 15:33 - 2012-06-10 16:13 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-21 15:26 - 2009-06-12 16:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-21 15:22 - 2013-12-16 07:16 - 00000877 _____ () C:\Windows\setupact.log
2015-01-21 15:22 - 2009-12-31 15:18 - 00000000 ____D () C:\Users\Jodi\Tracing
2015-01-21 15:22 - 2008-01-19 12:54 - 00000000 ____D () C:\Program Files\Dl_cats
2015-01-08 09:55 - 2009-10-02 20:42 - 00249488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-31 13:15 - 2006-11-02 04:24 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

==================== Files in the root of some directories =======
2009-03-04 18:33 - 2011-10-27 20:42 - 0000004 _____ () C:\Users\Jodi\AppData\Roaming\24E78E
2014-02-09 22:32 - 2014-02-09 22:32 - 0002503 _____ () C:\Users\Jodi\AppData\Roaming\data.sec
2009-03-04 18:33 - 2011-10-27 20:42 - 0870128 _____ () C:\Users\Jodi\AppData\Roaming\mcs.rma
2011-01-13 22:24 - 2011-10-12 21:37 - 0000043 _____ () C:\Users\Jodi\AppData\Roaming\RSBot_Accounts.ini
2008-05-24 22:03 - 2013-07-08 02:11 - 0001356 _____ () C:\Users\Jodi\AppData\Local\d3d9caps.dat
2007-12-19 19:44 - 2013-01-19 14:34 - 0038912 _____ () C:\Users\Jodi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-11-18 12:28 - 2011-11-18 12:28 - 0000001 _____ () C:\ProgramData\4aY7knLV.exe.b
2011-11-18 12:28 - 2011-11-18 12:28 - 0000001 _____ () C:\ProgramData\4aY7knLV.exe_.b
2014-02-09 22:33 - 2014-02-09 22:53 - 0002763 _____ () C:\ProgramData\connector.swf
2010-02-09 17:29 - 2010-02-09 17:29 - 0004144 _____ () C:\ProgramData\kbkwknay.ayh
2011-01-16 23:26 - 2011-01-16 23:26 - 11504934 _____ () C:\ProgramData\SPL1A0C.tmp
2011-01-22 18:40 - 2011-01-22 18:40 - 2129376 _____ () C:\ProgramData\SPL228C.tmp
2011-03-17 23:10 - 2011-03-17 23:10 - 0784536 _____ () C:\ProgramData\SPL2657.tmp
2011-04-23 10:30 - 2011-04-23 10:30 - 1614050 _____ () C:\ProgramData\SPL4143.tmp
2011-01-21 19:24 - 2011-01-21 19:24 - 0342312 _____ () C:\ProgramData\SPL68FA.tmp
2011-01-16 23:28 - 2011-01-16 23:28 - 11504934 _____ () C:\ProgramData\SPLB144.tmp
2009-12-24 21:39 - 2009-12-24 21:39 - 0276662 _____ () C:\ProgramData\SPLD20B.tmp
2013-02-06 23:49 - 2013-02-06 23:49 - 0810521 _____ () C:\ProgramData\SPLDC58.tmp
2011-03-02 22:50 - 2011-03-02 22:50 - 2751521 _____ () C:\ProgramData\SPLE153.tmp
2011-11-15 12:13 - 2011-11-15 12:13 - 0000000 _____ () C:\ProgramData\WWgN12.dat

ZeroAccess:
C:\Users\Jodi\AppData\Local\{b4588576-5cec-c574-32f0-6545c25c5ec8}
C:\Users\Jodi\AppData\Local\{b4588576-5cec-c574-32f0-6545c25c5ec8}\@

Files to move or delete:
====================
C:\ProgramData\WWgN12.dat
C:\Users\Jodi\jagex_cl_loginapplet_LIVE.dat
C:\Users\Jodi\jagex_cl_runescape_LIVE.dat
C:\Users\Jodi\jagex_cl_runescape_LIVE1.dat
C:\Users\Jodi\jagex_cl_runescape_LIVE2.dat
C:\Users\Jodi\random.dat
C:\Users\Jodi\taskmanager.exe
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At10.job
C:\Windows\Tasks\At11.job
C:\Windows\Tasks\At12.job
C:\Windows\Tasks\At13.job
C:\Windows\Tasks\At14.job
C:\Windows\Tasks\At15.job
C:\Windows\Tasks\At16.job
C:\Windows\Tasks\At17.job
C:\Windows\Tasks\At18.job
C:\Windows\Tasks\At19.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At20.job
C:\Windows\Tasks\At21.job
C:\Windows\Tasks\At22.job
C:\Windows\Tasks\At23.job
C:\Windows\Tasks\At24.job
C:\Windows\Tasks\At25.job
C:\Windows\Tasks\At26.job
C:\Windows\Tasks\At27.job
C:\Windows\Tasks\At28.job
C:\Windows\Tasks\At29.job
C:\Windows\Tasks\At3.job
C:\Windows\Tasks\At30.job
C:\Windows\Tasks\At31.job
C:\Windows\Tasks\At32.job
C:\Windows\Tasks\At33.job
C:\Windows\Tasks\At34.job
C:\Windows\Tasks\At35.job
C:\Windows\Tasks\At36.job
C:\Windows\Tasks\At37.job
C:\Windows\Tasks\At38.job
C:\Windows\Tasks\At39.job
C:\Windows\Tasks\At4.job
C:\Windows\Tasks\At40.job
C:\Windows\Tasks\At41.job
C:\Windows\Tasks\At42.job
C:\Windows\Tasks\At43.job
C:\Windows\Tasks\At44.job
C:\Windows\Tasks\At45.job
C:\Windows\Tasks\At46.job
C:\Windows\Tasks\At47.job
C:\Windows\Tasks\At48.job
C:\Windows\Tasks\At5.job
C:\Windows\Tasks\At6.job
C:\Windows\Tasks\At7.job
C:\Windows\Tasks\At8.job
C:\Windows\Tasks\At9.job

Some content of TEMP:
====================
C:\Users\Jodi\AppData\Local\Temp\contentDATs.exe
C:\Users\Jodi\AppData\Local\Temp\dxwebsetup.exe
C:\Users\Jodi\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Jodi\AppData\Local\Temp\MSNFB8D.exe
C:\Users\Jodi\AppData\Local\Temp\Quarantine.exe
C:\Users\Jodi\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\Jodi\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-01-23 08:54

==================== End Of Log ============================

blah321 · Jan 23, 2015

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-01-2015
Ran by Jodi at 2015-01-23 09:07:33
Running from C:\Users\Jodi\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: AVG Anti-Virus Free (Disabled - Up to date) {0C939084-9E57-CBDB-EA61-0B0C7F62AF82}
AS: AVG Anti-Virus Free (Disabled - Up to date) {B7F27160-B86D-C455-D0D1-307E04E5E53F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ABBYY FineReader 6.0 Sprint (HKLM\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1784.41616 - ABBYY Software House)
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.0.0.0 - Adobe Systems Incorporated)
Acrobat.com (Version: 2.0.0 - Adobe Systems Incorporated) Hidden
Actiontec Gateway (HKLM\...\{9692FD03-6662-4E62-B08C-30DFF51651E1}) (Version: - )
Adobe Acrobat 5.0 (HKLM\...\Adobe Acrobat 5.0) (Version: 5.0 - Adobe Systems, Inc.)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.287 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Adobe Shockwave Player 11 (HKLM\...\Adobe Shockwave Player) (Version: 11 - Adobe Systems, Inc.)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASPCA Tri Reminder by We-Care.com (HKLM\...\{9F4ECB4A-AFD9-4E9F-8DF2-1E339AF8F2CF}) (Version: 4.0.7.5 - We-Care.com)
ATI Catalyst Control Center (HKLM\...\{055EE59D-217B-43A7-ABFF-507B966405D8}) (Version: 2.007.0731.2233 - )
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5645 - AVG Technologies)
AVG 2015 (Version: 15.0.4273 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5645 - AVG Technologies) Hidden
AviSynth 2.5 (HKLM\...\AviSynth) (Version: - )
Bing Bar Platform (Version: 5.0.1423.0 - Microsoft Corporation) Hidden
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Browser Address Error Redirector (HKLM\...\{62230596-37E5-4618-A329-0D21F529A86F}) (Version: 1.00.0000 - Dell)
Browser Plugin (HKLM\...\Browser Plugin) (Version: - )
ccc-core-static (Version: 2007.0731.2234.38497 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.13 - Piriform)
Cisco Systems VPN Client 5.0.03.0530 (HKLM\...\{4C271126-C295-4828-A901-5910AE0C258B}) (Version: 5.0.3 - Cisco Systems, Inc.)
City Magnate (HKLM\...\City Magnate_is1) (Version: - )
Conexant D850 PCI V.92 Modem (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1) (Version: - )
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Automated PC TuneUp (HKLM\...\{FE34691C-4298-4667-9758-D7F534DD0B94}) (Version: 1.0.3085 - Dell)
Dell DataSafe Online (HKLM\...\{2C6C74C2-042F-4D36-B7B0-0C538FCF01AB}) (Version: 1.0.15 - Dell, Inc.)
Dell Getting Started Guide (HKLM\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell PC Fax (HKLM\...\Dell PC Fax) (Version: - )
Dell Photo AIO Printer 926 (HKLM\...\Dell Photo AIO Printer 926) (Version: - Dell, Inc.)
Dell Support Center (HKLM\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.0.07282 - Dell)
Digital Line Detect (HKLM\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.21 - BVRP Software, Inc)
Disney Pirates of the Caribbean Online (HKLM\...\Disney Pirates of the Caribbean Online) (Version: - Walt Disney Internet Group)
Disney Toontown Online (HKLM\...\Disney Toontown Online) (Version: - Walt Disney Internet Group)
DVD Decrypter (Remove Only) (HKLM\...\DVD Decrypter) (Version: - )
EpicBot (HKLM\...\EpicBot) (Version: - )
Form Fill (Windows Live Toolbar) (Version: 03.01.0146 - Microsoft Corporation) Hidden
Free Realms Installer (HKLM\...\Free Realms Installer) (Version: 1.0.3.69 - Sony Online Entertainment)
Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.91 - Google Inc.)
Google Desktop (HKLM\...\Google Desktop) (Version: 5.9.1005.12335 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Hunting Unlimited 4 1.0 (HKLM\...\Hunting Unlimited 4) (Version: 1.0 - ValuSoft)
iCloud (HKLM\...\{925F1DB6-E86E-4378-9091-D1F68B0583C9}) (Version: 2.1.2.8 - Apple Inc.)
Intel(R) PRO Network Connections 12.1.11.0 (HKLM\...\PROSetDX) (Version: - Intel)
iPhone Configuration Utility (HKLM\...\{FA54AFB1-5745-4389-B8C1-9F7509672ED1}) (Version: 2.1.0.163 - Apple Inc.)
iTunes (HKLM\...\{E05D82D8-FE70-4228-B073-B0C07FE27595}) (Version: 11.1.1.11 - Apple Inc.)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java(TM) 6 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KODAK Share Button App (HKLM\...\{C3F0CF4C-0A8C-42F1-A585-2EF7886D6039}) (Version: 4.03.0000.0000 - Eastman Kodak Company)
Malwarebytes' Anti-Malware (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: - Malwarebytes Corporation)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MathFacts in a Flash Home (HKLM\...\InstallShield_{F25B426C-9DE8-40DA-8842-93A480A336C3}) (Version: 1.02.0000 - Renaissance Learning, Inc)
MathFacts in a Flash Home (Version: 1.02.0000 - Renaissance Learning, Inc) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.130.10 - McAfee, Inc.)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Asheron's Call (HKLM\...\Asheron's Call 1.00) (Version: - )
Microsoft Combat Flight Simulator 3.1 (HKLM\...\Combat Flight Simulator 3.0) (Version: - )
Microsoft Office 2000 Small Business (HKLM\...\{00030409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}) (Version: 3.1.8.0 - Apple Inc.)
Modem Diagnostic Tool (HKLM\...\{F63A3748-B93D-4360-9AD4-B064481A5C7B}) (Version: 1.0.17.8 - Dell)
Move Networks Media Player for Internet Explorer (HKLM\...\Move Networks Player - IE) (Version: - )
Mozilla Firefox 33.1.1 (x86 en-US) (HKLM\...\Mozilla Firefox 33.1.1 (x86 en-US)) (Version: 33.1.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 33.1.1 - Mozilla)
MSN Gaming Zone (HKLM\...\Microsoft Internet Gaming Zone) (Version: - )
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Music, Photos & Videos Launcher (HKLM\...\{D7769185-9A7C-48D4-8874-5388743A1DE2}) (Version: 1.00.0000 - Dell Inc.)
NetAssistant (Version: 3.6.5 - Freeze.com) Hidden
NetAssistant for Firefox (HKU\S-1-5-21-4097677784-3526681225-2606921827-1000\...\NetAssistant) (Version: 3.6.5 - Freeze.com)
NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.44 - BVRP Software, Inc)
Norton PC Checkup (HKLM\...\Norton PC Checkup_is1) (Version: 3.0.2.74.0 - NortonLive Services)
Norton PC Checkup (HKLM\...\NortonPCCheckup) (Version: 2.0.2.506 - Symantec Corporation)
Norton Security Scan (HKLM\...\{48B82226-75E3-4E90-92CC-D30F79EA6380}) (Version: 1.4.0 - Symantec Corporation)
PrintKey2000 (HKLM\...\PrintKey2000) (Version: - )
Product Documentation Launcher (HKLM\...\{89CEAE14-DD0F-448E-9554-15781EC9DB24}) (Version: 1.00.0000 - Dell Inc.)
QualxServ Service Agreement (HKLM\...\{0F756CD9-4A1E-409B-B101-601DDC4C03AA}) (Version: 1.11.0000 - Dell Inc.)
QuickConnect (HKLM\...\{4998FF95-709A-430A-B104-92A009ABB848}) (Version: 3.4 - Qwest)
QuickConnect (Version: 3.4 - Qwest) Hidden
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Qwest QuickAssist Desktop Tools (HKLM\...\{95DD6A08-2313-4D5B-8BEB-37968D0D799C}) (Version: 21 - SupportSoft)
RCA Video Converter (HKLM\...\{B6B834C0-0000-4F87-B767-D58D8035EC0E}) (Version: 1.05.0200 - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: - )
Registry Mechanic 10.0 (HKLM\...\Registry Mechanic_is1) (Version: 10.0 - PC Tools)
Rhapsody (HKLM\...\Rhapsody) (Version: - )
RIFT (HKU\S-1-5-21-4097677784-3526681225-2606921827-1000\...\RIFT) (Version: - Trion Worlds, Inc.)
Roxio Creator Audio (HKLM\...\{83FFCFC7-88C6-41c6-8752-958A45325C82}) (Version: 3.3.0 - Roxio)
Roxio Creator BDAV Plugin (HKLM\...\{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}) (Version: 3.3.0 - Roxio)
Roxio Creator Copy (HKLM\...\{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}) (Version: 3.3.0 - Roxio)
Roxio Creator Data (HKLM\...\{0D397393-9B50-4c52-84D5-77E344289F87}) (Version: 3.3.0 - Roxio)
Roxio Creator Premier (HKLM\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.3.0 - Roxio)
Roxio Creator Tools (HKLM\...\{0394CDC8-FABD-4ed8-B104-03393876DFDF}) (Version: 3.3.0 - Roxio)
Roxio EasyArchive (HKLM\...\{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}) (Version: 3.3.0 - Roxio)
Roxio MyDVD Premier (HKLM\...\{AAC90D5F-B8B1-4A06-B888-F3A241124D0D}) (Version: 9.0.116 - Roxio, Inc.)
Roxio Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Roxio)
RuneScape Launcher 1.0.4 (HKLM\...\{5D87C09F-512F-474A-A306-0FE3B89C396F}) (Version: 1.0.4 - Jagex Ltd)
Safari (HKLM\...\{FA4C2D53-205F-4245-9717-F3761154824D}) (Version: 5.34.57.2 - Apple Inc.)
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Skins (Version: 2007.0731.2234.38497 - ATI) Hidden
Smart Menus (Windows Live Toolbar) (Version: 03.01.0146 - Microsoft Corporation) Hidden
Sonic Activation Module (Version: 1.0 - Sonic Solutions) Hidden
The Weather Channel Desktop 6 (HKLM\...\The Weather Channel Desktop 6) (Version: - )
Unity Web Player (HKLM\...\UnityWebPlayer) (Version: 2.5.4b3_944 - Unity Technologies ApS)
User's Guides (HKLM\...\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}) (Version: - )
VIDEO GAME TYCOON : Gold Edition (HKLM\...\{C1D6BB50-1911-11DB-6784-0DE05EAD18BE}) (Version: 1.25 - GAMESweet Software, Inc.)
Videora iPod classic Converter 3.07 (HKLM\...\Videora iPod classic Converter) (Version: 3.07 - Red Kawa Inc.)
Virtual Villagers - A New Home (remove only) (HKLM\...\Virtual Villagers - A New Home) (Version: - )
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VoiceOver Kit (HKLM\...\{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}) (Version: 1.42.128.0 - Apple Inc.)
Windows Driver Package - Eastman Kodak KODAK Digital Camera (01/29/2010 1.4.1.0) (HKLM\...\3D970B9F930E7AAE23C06D39A1AC98548C90B442) (Version: 01/29/2010 1.4.1.0 - Eastman Kodak)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Mobile Device Center (HKLM\...\{904CCF62-818D-4675-BC76-D37EB399F917}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows Mobile Device Center Driver Update (HKLM\...\{E7044E25-3038-4A76-9064-344AC038043E}) (Version: 6.1.6965.0 - Microsoft Corporation)
Wizard101 (HKLM\...\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)
WLTB Custom Buttons (HKLM\...\{C6522325-92ED-4312-A45A-04E45896C130}) (Version: 1.0.0 - Microsoft)
World of Warcraft (HKLM\...\World of Warcraft) (Version: 4.2.2.14545 - Blizzard Entertainment)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4097677784-3526681225-2606921827-1000_Classes\CLSID\{1F586F82-69B2-E7B2-BB80-C7A7D7E61204}\InprocServer32 -> C:\Windows\system32\ole32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4097677784-3526681225-2606921827-1000_Classes\CLSID\{75160161-3296-3103-6142-816242346385}\InprocServer32 -> C:\Users\Jodi\AppData\Local\Temp\fuk.dll No File
CustomCLSID: HKU\S-1-5-21-4097677784-3526681225-2606921827-1000_Classes\CLSID\{C110638D-9DD2-289E-1B88-76A4B5B0D5FF}\InprocServer32 -> C:\Windows\system32\ole32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4097677784-3526681225-2606921827-1000_Classes\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}\InprocServer32 -> C:\Users\Jodi\AppData\Local\Temp\fuk.dll No File
CustomCLSID: HKU\S-1-5-21-4097677784-3526681225-2606921827-1000_Classes\CLSID\{FD8C4664-A2D4-97EC-185D-875E454333FE}\InprocServer32 -> C:\Windows\system32\ole32.dll (Microsoft Corporation)

==================== Restore Points =========================

02-12-2013 23:24:39 Scheduled Checkpoint
03-12-2013 06:56:17 Windows Update
10-12-2013 02:13:14 Windows Update
11-12-2013 03:00:13 Windows Update
16-12-2013 07:53:08 Scheduled Checkpoint
17-12-2013 01:36:21 Windows Update
20-12-2013 02:25:49 Windows Update
24-12-2013 02:25:51 Windows Update
26-12-2013 20:07:02 Scheduled Checkpoint
27-12-2013 16:47:31 Windows Update
31-12-2013 10:01:03 Windows Update
07-01-2014 01:38:13 Windows Update
10-01-2014 14:21:32 Windows Update
14-01-2014 02:06:39 Windows Update
15-01-2014 03:00:12 Windows Update
21-01-2014 04:00:41 Windows Update
28-01-2014 02:25:50 Windows Update
29-01-2014 03:00:12 Windows Update
04-02-2014 12:41:45 Windows Update
21-01-2015 20:01:29 Installed AVG 2015
21-01-2015 20:02:26 Installed AVG 2015
21-01-2015 20:12:42 1-21-15
22-01-2015 01:25:11 Windows Update
22-01-2015 03:00:31 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 04:23 - 2009-06-13 07:40 - 00307184 ___RA C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1001namen.com
127.0.0.1 1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com

There are 1000 more lines.

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {00D3F227-7D9C-4457-B235-390A5E14E6DD} - System32\Tasks\At34 => C:\Windows\system32\6h8MLO.com <==== ATTENTION
Task: {0AE8729B-F6DD-4C11-8307-A5D5D5972096} - System32\Tasks\At29 => C:\Windows\system32\6h8MLO.com <==== ATTENTION
Task: {0FAC9752-2BB0-42B2-B4BE-10DB2D897EAB} - System32\Tasks\At1 => C:\Windows\system32\6h8MLO.com <==== ATTENTION
Task: {136D2FF5-B5CE-4A37-8DED-6CFE0C560403} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-01-21] (Google Inc.)
Task: {16997BFE-C354-4B54-8FAC-2474B1FA0473} - System32\Tasks\At26 => C:\Windows\system32\6h8MLO.com <==== ATTENTION
Task: {17728A47-0BCE-4FAC-91A6-7EB26F90DCA0} - System32\Tasks\At48 => C:\Windows\system32\6h8MLO.com <==== ATTENTION
Task: {1B153724-01A1-41B6-991F-C0D469C329F1} - System32\Tasks\At42 => C:\Windows\system32\6h8MLO.com <==== ATTENTION
Task: {1B7DAA38-9F7C-46E5-83F2-E7458EC482E7} - System32\Tasks\At27 => C:\Windows\system32\6h8MLO.com <==== ATTENTION
Task: {1DE8D37C-2AA7-4DFE-958F-5832114402F8} - System32\Tasks\At17 => C:\Windows\system32\6h8MLO.com <==== ATTENTION
Task: {1E0EE21E-7D94-4846-9413-18EFD6F761F2} - System32\Tasks\At13 => C:\Windows\system32\6h8MLO.com <==== ATTENTION
Task: {2014C81B-A577-4DBA-B202-901ACA2AA647} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-01-21] (Google Inc.)
Task: {207DD20F-EAE0-4713-BB89-5742D4D847E5} - System32\Tasks\At3 => C:\Windows\system32\6h8MLO.com <==== ATTENTION
Task: {2403F5DA-96FA-4EE8-BD07-499233D75164} - System32\Tasks\RPCReminder => C:\Program Files\Winferno\RegistryPowerCleaner\RPCReminder.exe
Task: {2673EA33-E9B1-4E47-9E06-03E238AD42D5} - System32\Tasks\At38 => C:\Windows\system32\6h8MLO.com <==== ATTENTION
Task: {29E7FDF8-88D9-4668-97FB-8AC38FA772E5} - System32\Tasks\RMSmartUpdate => C:\Program Files\Registry Mechanic\update.exe
Task: {2D60E519-226B-4DEC-9CA0-E19E9FEC5645} - System32\Tasks\At19 => C:\Windows\system32\6h8MLO.com <==== ATTENTION
Task: {2F07948D-08E8-4C7B-99D2-FC7B1F14402D} - System32\Tasks\At44 => C:\Windows\system32\6h8MLO.com <==== ATTENTION
Task: {3170A13C-1984-484F-B59E-DE680216BA91} - System32\Tasks\At6 => C:\Windows\system32\6h8MLO.com <==== ATTENTION
Task: {35C6C530-741F-43CF-8A50-609D2C7AC4A3} - System32\Tasks\{BCCBB393-0578-4814-ADC8-F6FFC5B0B3BB} => pcalua.exe -a "C:\Remote Programs\Fish Tycoon\GPlrLanc.exe" -c -LOpCode 2 /RemoveContent cid=631650;name=Fish Tycoon;dir=C:\Remote Programs\Fish Tycoon\;prvid=143;cmdid=1;prvdir=Default
Task: {3B712D60-A468-4B89-803D-EC120740152E} - System32\Tasks\At8 => C:\Windows\system32\6h8MLO.com <==== ATTENTION
Task: {3FD785BF-A874-4967-8B53-9423F61B44FB} - System32\Tasks\At47 => C:\Windows\system32\6h8MLO.com <==== ATTENTION
Task: {43D49F34-93D8-406B-9C04-701263A90CE6} - System32\Tasks\{317CA001-91D9-41F9-A455-A8CF5A9A8C75} => Firefox.exe http://ui.skype.com/ui/0/6.3.73.105.457/en/abandoninstall?page=tsWLM
Task: {443F9444-27BA-44CE-B8A2-158CF64B0F5C} - System32\Tasks\At39 => C:\Windows\system32\6h8MLO.com <==== ATTENTION
Task: {467CFA64-0965-4CBD-96E1-49BA7092E25C} - System32\Tasks\At45 => C:\Windows\system32\6h8MLO.com <==== ATTENTION
Task: {4DBCED74-EBCB-46F4-8AE0-DA84C544EC51} - System32\Tasks\At30 => C:\Windows\system32\6h8MLO.com <==== ATTENTION
Task: {4F6A0621-5107-4A3D-AD3C-CE5F1D039951} - System32\Tasks\{B3D8BA82-EDDC-4340-B1EE-79C782EA2AFF} => pcalua.exe -a E:\Setup.exe -d E:\
Task: {59BABC9A-80A8-4B9D-82D9-B0786A390282} - System32\Tasks\At9 => C:\Windows\system32\6h8MLO.com <==== ATTENTION
Task: {608E0779-1230-46FD-A856-3763941D4FBC} - System32\Tasks\At4 => C:\Windows\system32\6h8MLO.com <==== ATTENTION
Task: {6B44C440-805D-463D-9146-957CE7D82756} - System32\Tasks\At24 => C:\Windows\system32\6h8MLO.com <==== ATTENTION
Task: {6D0D8AB4-733E-4810-A0E0-431B44BF7091} - System32\Tasks\At35 => C:\Windows\system32\6h8MLO.com <==== ATTENTION
Task: {786935CC-AAD9-4E3C-9303-EF9EED56DE33} - System32\Tasks\At23 => C:\Windows\system32\6h8MLO.com <==== ATTENTION
Task: {79392157-ACE3-4380-B3FC-3445C7650843} - System32\Tasks\At11 => C:\Windows\system32\6h8MLO.com <==== ATTENTION
Task: {79DA9D75-3D86-4A63-BEA2-84C6CFF9CA5B} - System32\Tasks\At25 => C:\Windows\system32\6h8MLO.com <==== ATTENTION
Task: {7E3F8379-0E72-46D7-BB58-E95D0FE2CEC7} - System32\Tasks\At31 => C:\Windows\system32\6h8MLO.com <==== ATTENTION
Task: {8514A7F7-EEA7-4AB6-83A3-5946DB266F37} - System32\Tasks\{8EF16558-2A92-407d-825F-149D101CB9FE} => C:\Program Files\Kodak\KODAK Share Button App\Listener.exe [2012-06-26] (Eastman Kodak Company)
Task: {8A02CC10-95F5-412E-84ED-7BF2B53CA067} - System32\Tasks\At41 => C:\Windows\system32\6h8MLO.com <==== ATTENTION
Task: {8D6095E3-6D4A-4ADF-AB97-B1268DCBE4DD} - System32\Tasks\At12 => C:\Windows\system32\6h8MLO.com <==== ATTENTION
Task: {92A064FF-6881-4A90-8872-5E3A3FAA275E} - System32\Tasks\At20 => C:\Windows\system32\6h8MLO.com <==== ATTENTION
Task: {98099DCF-0D20-4E60-BC12-0152766FCF82} - System32\Tasks\At18 => C:\Windows\system32\6h8MLO.com <==== ATTENTION
Task: {A02325C4-E430-42B0-BD62-45B54403EEC5} - System32\Tasks\PCConfidential => C:\Program Files\Winferno\PC Confidential\PCConfidential.exe
Task: {A717CFA9-286B-4164-8953-0654DB5A3D78} - System32\Tasks\At46 => C:\Windows\system32\6h8MLO.com <==== ATTENTION
Task: {A963583A-A20F-4152-8BE6-414C604E18B0} - System32\Tasks\At43 => C:\Windows\system32\6h8MLO.com <==== ATTENTION
Task: {AB6360CE-115B-4E94-B84B-ED97B79B290A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {AF8944D3-90D0-4072-B03F-E6F602B79EBE} - System32\Tasks\At15 => C:\Windows\system32\6h8MLO.com <==== ATTENTION
Task: {B690FDD9-DE76-4C57-9EC2-160462B05D9E} - System32\Tasks\At21 => C:\Windows\system32\6h8MLO.com <==== ATTENTION
Task: {BF2F61D5-08CB-4067-9740-932C066DC2B8} - System32\Tasks\{B463752C-9CAC-4176-A9FB-6FE59F5260CC} => pcalua.exe -a "C:\Program Files\GAMESweet\VideoGameTYCOON_GOLD\UninstVGT_GOLD.exe" -c /U "C:\Program Files\GAMESweet\VideoGameTYCOON_GOLD\UninstVGT_GOLD.log"
Task: {BF6BF5A3-3596-4B42-A1D8-5C5C3A854F3C} - System32\Tasks\At16 => C:\Windows\system32\6h8MLO.com <==== ATTENTION
Task: {C0C52769-9BE3-4233-BA45-0FC43659D416} - System32\Tasks\At28 => C:\Windows\system32\6h8MLO.com <==== ATTENTION
Task: {C90C3331-6B4D-4D09-92D1-AE1FA14125B6} - System32\Tasks\At14 => C:\Windows\system32\6h8MLO.com <==== ATTENTION
Task: {CA433BC0-E63F-408A-A491-A5AEA3457E97} - System32\Tasks\At2 => C:\Windows\system32\6h8MLO.com <==== ATTENTION
Task: {CBBA5F1B-D095-47CB-991D-AE9330A42D82} - System32\Tasks\At33 => C:\Windows\system32\6h8MLO.com <==== ATTENTION
Task: {CE7B93CC-F541-4261-9574-EE08F4485338} - System32\Tasks\At36 => C:\Windows\system32\6h8MLO.com <==== ATTENTION
Task: {D364F395-FF3D-4E5F-B370-A192887A84FB} - System32\Tasks\{10EF5062-FADE-4238-95E4-4EA61663B88F}-Kodak Share Button App Camera detect => C:\Program Files\Kodak\KODAK Share Button App\Listener.exe [2012-06-26] (Eastman Kodak Company)
Task: {D65B6FD7-656D-4AB7-AA54-E9931B7633AE} - System32\Tasks\At32 => C:\Windows\system32\6h8MLO.com <==== ATTENTION
Task: {D9D1C5AB-0661-4F7B-8E0F-696FC697699B} - System32\Tasks\At22 => C:\Windows\system32\6h8MLO.com <==== ATTENTION
Task: {DD16B367-7075-4CA6-8637-324DF1FDF2F9} - System32\Tasks\At40 => C:\Windows\system32\6h8MLO.com <==== ATTENTION
Task: {E3E2EC00-A9CF-4765-8C68-1A81ACD778F5} - System32\Tasks\PC Checkup 3 Weekly Scan => C:\Program Files\Norton PC Checkup 3.0\NLAppLauncher.exe [2012-05-24] (Symantec Corporation)
Task: {E491ABC4-F85B-46EB-AF25-CD04C214A91E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-23] (Adobe Systems Incorporated)
Task: {E6E08CA2-6A43-4A8D-9831-F4974140C447} - System32\Tasks\At7 => C:\Windows\system32\6h8MLO.com <==== ATTENTION
Task: {E8E3D505-A3D8-4289-B3B2-ADDE933921DD} - System32\Tasks\At37 => C:\Windows\system32\6h8MLO.com <==== ATTENTION
Task: {E9C220B2-51F0-43CA-B940-C06B01888358} - System32\Tasks\RegPowerClean => C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean.exe
Task: {F3DC97A8-2600-41C6-B783-1E5AAF0D4843} - System32\Tasks\At10 => C:\Windows\system32\6h8MLO.com <==== ATTENTION
Task: {FA341BA4-61CE-469A-8553-07D86470E765} - System32\Tasks\At5 => C:\Windows\system32\6h8MLO.com <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\At1.job => ?
Task: C:\Windows\Tasks\At10.job => ?
Task: C:\Windows\Tasks\At11.job => ?
Task: C:\Windows\Tasks\At12.job => ?
Task: C:\Windows\Tasks\At13.job => ?
Task: C:\Windows\Tasks\At14.job => ?
Task: C:\Windows\Tasks\At15.job => ?
Task: C:\Windows\Tasks\At16.job => ?
Task: C:\Windows\Tasks\At17.job => ?
Task: C:\Windows\Tasks\At18.job => ?
Task: C:\Windows\Tasks\At19.job => ?
Task: C:\Windows\Tasks\At2.job => ?
Task: C:\Windows\Tasks\At20.job => ?
Task: C:\Windows\Tasks\At21.job => ?
Task: C:\Windows\Tasks\At22.job => ?
Task: C:\Windows\Tasks\At23.job => ?
Task: C:\Windows\Tasks\At24.job => ?
Task: C:\Windows\Tasks\At25.job => ?
Task: C:\Windows\Tasks\At26.job => ?
Task: C:\Windows\Tasks\At27.job => ?
Task: C:\Windows\Tasks\At28.job => ?
Task: C:\Windows\Tasks\At29.job => ?
Task: C:\Windows\Tasks\At3.job => ?
Task: C:\Windows\Tasks\At30.job => ?
Task: C:\Windows\Tasks\At31.job => ?
Task: C:\Windows\Tasks\At32.job => ?
Task: C:\Windows\Tasks\At33.job => ?
Task: C:\Windows\Tasks\At34.job => ?
Task: C:\Windows\Tasks\At35.job => ?
Task: C:\Windows\Tasks\At36.job => ?
Task: C:\Windows\Tasks\At37.job => ?
Task: C:\Windows\Tasks\At38.job => ?
Task: C:\Windows\Tasks\At39.job => ?
Task: C:\Windows\Tasks\At4.job => ?
Task: C:\Windows\Tasks\At40.job => ?
Task: C:\Windows\Tasks\At41.job => ?
Task: C:\Windows\Tasks\At42.job => ?
Task: C:\Windows\Tasks\At43.job => ?
Task: C:\Windows\Tasks\At44.job => ?
Task: C:\Windows\Tasks\At45.job => ?
Task: C:\Windows\Tasks\At46.job => ?
Task: C:\Windows\Tasks\At47.job => ?
Task: C:\Windows\Tasks\At48.job => ?
Task: C:\Windows\Tasks\At5.job => ?
Task: C:\Windows\Tasks\At6.job => ?
Task: C:\Windows\Tasks\At7.job => ?
Task: C:\Windows\Tasks\At8.job => ?
Task: C:\Windows\Tasks\At9.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PCConfidential.job => C:\Program Files\Winferno\PC Confidential\PCConfidential.exe

==================== Loaded Modules (whitelisted) =============

2008-01-19 12:50 - 2006-10-06 06:06 - 00045056 _____ () C:\Windows\System32\DLPRMON.DLL
2008-01-19 12:50 - 2006-10-06 06:24 - 00016384 _____ () C:\Program Files\Dell PC Fax\DlCtrStr.dll
2008-01-19 12:50 - 2006-10-06 06:04 - 00032768 _____ () C:\Program Files\Dell PC Fax\ipcmt.dll
2008-01-19 12:54 - 2006-10-19 23:33 - 00117760 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\dlcxdrpp.dll
2011-06-24 21:56 - 2011-06-24 21:56 - 00087328 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-06-24 21:56 - 2011-06-24 21:56 - 01241888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2008-04-17 09:08 - 2008-04-17 09:08 - 00197408 _____ () C:\Windows\system32\vpnapi.dll
2013-05-08 07:51 - 2013-05-08 07:51 - 00019056 _____ () C:\Program Files\Adobe\Reader 9.0\Reader\viewerps.dll
2007-03-02 10:44 - 2007-03-02 10:44 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
2007-12-13 21:15 - 2007-08-19 23:08 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2007-12-13 13:44 - 2010-07-30 13:12 - 00034816 _____ () C:\Program Files\Google\Google Desktop Search\gzlib.dll
2008-01-19 12:51 - 2007-01-12 10:57 - 00292336 _____ () C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
2008-01-19 12:51 - 2006-08-08 13:54 - 00278528 _____ () C:\Program Files\Dell Photo AIO Printer 926\dlcxscw.dll
2008-01-19 12:51 - 2006-09-06 04:13 - 00073728 _____ () C:\Program Files\Dell Photo AIO Printer 926\dlcxcfg.dll
2008-01-19 12:51 - 2006-03-14 15:38 - 00143360 _____ () C:\Program Files\Dell Photo AIO Printer 926\dlcxdrec.dll
2008-01-19 12:51 - 2006-11-03 16:04 - 00304008 _____ () C:\Program Files\Dell Photo AIO Printer 926\memcard.exe

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:417F5F46
AlternateDataStreams: C:\ProgramData\TEMP:9547F1DB
AlternateDataStreams: C:\ProgramData\TEMP1B5B4F1
AlternateDataStreams: C:\Users\Jodi\Desktop\FargoDome_Demo.dmsd:Roxio EMC Stream
AlternateDataStreams: C:\Users\Jodi\Documents\Braydens Xmas Prog.dmsd:Roxio EMC Stream
AlternateDataStreams: C:\Users\Jodi\Documents\Panama Cruise Slideshow.dmss:Roxio EMC Stream
AlternateDataStreams: C:\Users\Jodi\Documents\Slideshow.dmss:Roxio EMC Stream

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SprtListen => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SprtListenPush => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SupportSoft RemoteAssist => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-4097677784-3526681225-2606921827-500 - Administrator - Disabled)
Guest (S-1-5-21-4097677784-3526681225-2606921827-501 - Limited - Disabled)
Jodi (S-1-5-21-4097677784-3526681225-2606921827-1000 - Administrator - Enabled) => C:\Users\Jodi

==================== Faulty Device Manager Devices =============

Name: Optiarc DVD+-RW AD-5170S ATA Device
Description: CD-ROM Drive
Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard CD-ROM drives)
Service: cdrom
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

Name: Cisco Systems VPN Adapter
Description: Cisco Systems VPN Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (01/22/2015 04:19:47 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4

Error: (01/22/2015 04:19:44 AM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4

Error: (01/21/2015 10:36:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program mbam.exe version 1.0.1.711 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: f38
Start Time: 01d035eb3af6cbc0
Termination Time: 0

Error: (01/21/2015 10:35:50 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SoftwareUpdate.exe version 2.1.3.127 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 16e4
Start Time: 01d035ec20daffd0
Termination Time: 5054

Error: (01/21/2015 08:19:01 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program mbam.exe version 1.0.1.711 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: e98
Start Time: 01d035e94979dd12
Termination Time: 16

Error: (01/21/2015 08:15:12 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program mbam.exe version 1.0.1.711 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 174c
Start Time: 01d035e8b758e5c2
Termination Time: 16

Error: (01/21/2015 06:19:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program mbam.exe version 1.0.1.711 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 1464
Start Time: 01d035d3aa994652
Termination Time: 4

Error: (01/21/2015 05:35:33 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program mbam.exe version 1.0.1.711 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 16f8
Start Time: 01d035d1d0afe4e2
Termination Time: 93

Error: (01/21/2015 05:27:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program mbam.exe version 1.0.1.711 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: f14
Start Time: 01d035cdcf9dbe02
Termination Time: 16

Error: (01/21/2015 05:12:56 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\JODI\APPDATA\ROAMING\MICROSOFT\WINDOWS\RECENT\DOWNLOADS.LNK> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

System errors:
=============
Error: (01/23/2015 09:06:22 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}

Error: (01/23/2015 08:48:19 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Windows Update

Error: (01/23/2015 08:43:14 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000BITS

Error: (01/23/2015 08:42:56 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {4991D34B-80A1-4291-83B6-3328366B9097}

Error: (01/23/2015 08:41:55 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: oqgkt

Error: (01/23/2015 08:41:55 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: MCSTRM%%2

Error: (01/23/2015 08:41:55 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Intel USB3 Device Service%%126

Error: (01/23/2015 08:41:55 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Network Security%%126

Error: (01/23/2015 08:40:52 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 7:43:41 AM on 1/22/2015 was unexpected.

Error: (01/22/2015 07:28:37 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000MBAMScheduler

Microsoft Office Sessions:
=========================
Error: (01/22/2015 04:19:47 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4

Error: (01/22/2015 04:19:44 AM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4

Error: (01/21/2015 10:36:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: mbam.exe1.0.1.711f3801d035eb3af6cbc00

Error: (01/21/2015 10:35:50 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: SoftwareUpdate.exe2.1.3.12716e401d035ec20daffd05054

Error: (01/21/2015 08:19:01 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: mbam.exe1.0.1.711e9801d035e94979dd1216

Error: (01/21/2015 08:15:12 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: mbam.exe1.0.1.711174c01d035e8b758e5c216

Error: (01/21/2015 06:19:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: mbam.exe1.0.1.711146401d035d3aa9946524

Error: (01/21/2015 05:35:33 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: mbam.exe1.0.1.71116f801d035d1d0afe4e293

Error: (01/21/2015 05:27:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: mbam.exe1.0.1.711f1401d035cdcf9dbe0216

Error: (01/21/2015 05:12:56 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\USERS\JODI\APPDATA\ROAMING\MICROSOFT\WINDOWS\RECENT\DOWNLOADS.LNK

CodeIntegrity Errors:
===================================
Date: 2015-01-23 09:06:36.546
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-01-23 09:06:36.156
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-01-23 09:06:35.672
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-01-23 09:06:35.251
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-01-23 09:06:34.362
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-01-23 09:06:33.987
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-01-23 09:06:33.613
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-01-23 09:06:33.176
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-01-23 09:03:22.310
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-01-23 09:03:21.920
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz
Percentage of memory in use: 67%
Total physical RAM: 2045.45 MB
Available physical RAM: 659.87 MB
Total Pagefile: 4332.17 MB
Available Pagefile: 2688.88 MB
Total Virtual: 2047.88 MB
Available Virtual: 1905.48 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:288.04 GB) (Free:79.72 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:5.94 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 40000000)
Partition 1: (Not Active) - (Size=55 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=288 GB) - (Type=07 NTFS)

==================== End Of Log ============================

dbreeze · Jan 23, 2015

FIRST

Download the attached fixlist.txt file (see the bottom of this post) and save it to the Desktop.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST by right clicking on the FRST.exe file, selecting "Run as Administrator..". The User Account Control may open up; if it does, select Yes to continue to let FRST open and load.

The tool will check for an updated version of itself every time it loads; please allow it to do this and the program will either inform you it is downloading an updated copy (and to wait until it is safe to continue) or show that it is ready to use (meaning there is no update found) and you can continue on. Press the Fix button just once and wait. The tool will create a restore point, process the script and ask for a restart of your system.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post the log in your next reply.

SECOND

AdwCleaner by Xplode

Download AdwCleaner from here or from here. Save the file to the desktop.

NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
You will see the following console:

Click the Scan button and wait for the scan to finish.

After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.

Click the Clean button.

Everything checked will be deleted.

When the program has finished cleaning a report appears.

Once done it will ask to reboot, allow this

On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt

Optional:

NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.

blah321 · Jan 24, 2015

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 24-01-2015 01
Ran by Jodi at 2015-01-24 17:18:26 Run:1
Running from C:\Users\Jodi\Desktop
Loaded Profiles: Jodi & (Available profiles: Jodi)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-4097677784-3526681225-2606921827-1000\...\Run: [PrSft] => C:\Users\Jodi\AppData\Roaming\svc-lkpp.exe
HKU\S-1-5-21-4097677784-3526681225-2606921827-1000\...\MountPoints2: {24221ead-015a-11df-bd0d-001d09788a3e} - G:\rcaeasyrip_setup.exe
HKU\S-1-5-21-4097677784-3526681225-2606921827-1000\...\MountPoints2: {7d3aa47b-bfa1-11e1-9ff1-001d09788a3e} - G:\KODAK_Camera_Setup_App.exe
HKU\S-1-5-21-4097677784-3526681225-2606921827-1000\...\Winlogon: [Shell] C:\Windows\explorer.exe [2926592 2009-04-11] (Microsoft Corporation) <==== ATTENTION
IFEO\k9filter.exe: [Debugger] SvcHost.EXE
IFEO\mpcmdrun: [Debugger] c:\windows\vsjitdebugger.EXE
IFEO\mpsvc.dll: [Debugger] c:\windows\vsjitdebugger.EXE
IFEO\mpuxsrv.exe: [Debugger] c:\windows\vsjitdebugger.EXE
IFEO\msascui: [Debugger] c:\windows\vsjitdebugger.EXE
IFEO\MSconfig.exe: [Debugger] c:\windows\vsjitdebugger.EXE
IFEO\MSseces: [Debugger] c:\windows\vsjitdebugger.EXE
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
ShortcutTarget: VPN Client.lnk -> C:\Windows\Installer\{4C271126-C295-4828-A901-5910AE0C258B}\Icon3E5562ED7.ico ()
Startup: C:\Users\Jodi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fliptoast.lnk
ShortcutTarget: fliptoast.lnk -> C:\Program Files\fliptoast\fliptoast.exe (No File)
ShellIconOverlayIdentifiers: [EnhancedStorageShell] -> {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} => C:\Users\Jodi\AppData\Local\Temp\fuk.dll No File
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4097677784-3526681225-2606921827-1000 -> {70D46D94-BF1E-45ED-B567-48701376298E} URL = http://127.0.0.1:4664/search&s=XQvyfCA_K3Hk-3DtHZDJ0Yw1FF8?q={searchTerms}
BHO: Updater For Simppull Toolbar -> {C4B8BAB4-1667-11DF-A242-BA9455D89593} -> C:\Program Files\simppulltoolbar\auxi\simppulltoolbAu.dll No File
BHO: No Name -> {E4E6BF2A-1667-11DF-A01F-1F9655D89593} -> No File
Toolbar: HKU\S-1-5-21-4097677784-3526681225-2606921827-1000 -> No Name - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
Toolbar: HKU\S-1-5-21-4097677784-3526681225-2606921827-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL No File [ ]
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
cmd: netsh winsock reset
FF Extension: Gamevance TextLinks - C:\Users\Jodi\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected] [2010-04-02]
FF Extension: GamePlayLabs Plugin - C:\Users\Jodi\AppData\Roaming\Mozilla\Firefox\Profiles\zfqxeaq8.default\Ext ensions\[email protected] [2011-03-24]
FF Extension: Search Toolbar - C:\Users\Jodi\AppData\Roaming\Mozilla\Firefox\Profiles\zfqxeaq8.default\Ext ensions\[email protected] [2010-09-22]
FF Extension: We-Care App - C:\Users\Jodi\AppData\Roaming\Mozilla\Firefox\Profiles\zfqxeaq8.default\Ext ensions\[email protected](65) [2013-03-24]
FF Extension: ShopToWin2 - C:\Users\Jodi\AppData\Roaming\Mozilla\Firefox\Profiles\zfqxeaq8.default\Ext ensions\{5835466c-49af-4cbe-b102-a8c8b6313749} [2012-11-23]
FF Extension: RuneScape - C:\Users\Jodi\AppData\Roaming\Mozilla\Firefox\Profiles\zfqxeaq8.default\Ext ensions\{a8864317-e18b-4292-99d9-e6e65ab905d3} [2015-01-21]
FF HKU\S-1-5-21-4097677784-3526681225-2606921827-1000\...\Firefox\Extensions: [{1266764D-FC4F-4FA7-B63B-884D53B1680F}] - C:\Users\Jodi\AppData\Roaming\NetAssistant
FF Extension: Freeze.com NetAssistant - C:\Users\Jodi\AppData\Roaming\NetAssistant [2011-02-01]
FF Extension: No Name - C:\Users\Jodi\AppData\Roaming\Mozilla\Firefox\Profiles\zfqxeaq8.default\ext ensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [Not Found]
S2 FastUserSwitchingCompatibility; C:\Windows\system32\FastUv32.dll [X]
S2 intelusb3; C:\Windows\system32\inusbw32.dll [X]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S2 MCSTRM; No ImagePath
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S0 oqgkt; system32\drivers\fiqxuc.sys [X]
C:\Users\Jodi\AppData\Local\{b4588576-5cec-c574-32f0-6545c25c5ec8}
C:\Users\Jodi\AppData\Local\{b4588576-5cec-c574-32f0-6545c25c5ec8}\@
CustomCLSID: HKU\S-1-5-21-4097677784-3526681225-2606921827-1000_Classes\CLSID\{75160161-3296-3103-6142-816242346385}\InprocServer32 -> C:\Users\Jodi\AppData\Local\Temp\fuk.dll No File
CustomCLSID: HKU\S-1-5-21-4097677784-3526681225-2606921827-1000_Classes\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}\InprocServer32 -> C:\Users\Jodi\AppData\Local\Temp\fuk.dll No File
Task: {00D3F227-7D9C-4457-B235-390A5E14E6DD} - System32\Tasks\At34 => C:\Windows\system32\6h8MLO.com <==== ATTENTION
Task: {0AE8729B-F6DD-4C11-8307-A5D5D5972096} - System32\Tasks\At29 => C:\Windows\system32\6h8MLO.com <==== ATTENTION
Task: {0FAC9752-2BB0-42B2-B4BE-10DB2D897EAB} - System32\Tasks\At1 => C:\Windows\system32\6h8MLO.com <==== ATTENTION
Task: {16997BFE-C354-4B54-8FAC-2474B1FA0473} - System32\Tasks\At26 => C:\Windows\system32\6h8MLO.com <==== ATTENTION
Task: {17728A47-0BCE-4FAC-91A6-7EB26F90DCA0} - System32\Tasks\At48 => C:\Windows\system32\6h8MLO.com <==== ATTENTION
Task: {1B153724-01A1-41B6-991F-C0D469C329F1} - System32\Tasks\At42 => C:\Windows\system32\6h8MLO.com <==== ATTENTION
Task: {1B7DAA38-9F7C-46E5-83F2-E7458EC482E7} - System32\Tasks\At27 => C:\Windows\system32\6h8MLO.com <==== ATTENTION
Task: {1DE8D37C-2AA7-4DFE-958F-5832114402F8} - System32\Tasks\At17 => C:\Windows\system32\6h8MLO.com <==== ATTENTION
Task: {1E0EE21E-7D94-4846-9413-18EFD6F761F2} - System32\Tasks\At13 => C:\Windows\system32\6h8MLO.com <==== ATTENTION
Task: {207DD20F-EAE0-4713-BB89-5742D4D847E5} - System32\Tasks\At3 => C:\Windows\system32\6h8MLO.com <==== ATTENTION
Task: {2673EA33-E9B1-4E47-9E06-03E238AD42D5} - System32\Tasks\At38 => C:\Windows\system32\6h8MLO.com <==== ATTENTION
Task: {2D60E519-226B-4DEC-9CA0-E19E9FEC5645} - System32\Tasks\At19 => C:\Windows\system32\6h8MLO.com <==== ATTENTION
Task: {2F07948D-08E8-4C7B-99D2-FC7B1F14402D} - System32\Tasks\At44 => C:\Windows\system32\6h8MLO.com <==== ATTENTION
Task: {3170A13C-1984-484F-B59E-DE680216BA91} - System32\Tasks\At6 => C:\Windows\system32\6h8MLO.com <==== ATTENTION
Task: {35C6C530-741F-43CF-8A50-609D2C7AC4A3} - System32\Tasks\{BCCBB393-0578-4814-ADC8-F6FFC5B0B3BB} => pcalua.exe -a "C:\Remote Programs\Fish Tycoon\GPlrLanc.exe" -c -LOpCode 2 /RemoveContent cid=631650;name=Fish Tycoon;dir=C:\Remote Programs\Fish Tycoon\;prvid=143;cmdid=1;prvdir=Default
Task: {3B712D60-A468-4B89-803D-EC120740152E} - System32\Tasks\At8 => C:\Windows\system32\6h8MLO.com <==== ATTENTION
Task: {3FD785BF-A874-4967-8B53-9423F61B44FB} - System32\Tasks\At47 => C:\Windows\system32\6h8MLO.com <==== ATTENTION
Task: {443F9444-27BA-44CE-B8A2-158CF64B0F5C} - System32\Tasks\At39 => C:\Windows\system32\6h8MLO.com <==== ATTENTION
Task: {467CFA64-0965-4CBD-96E1-49BA7092E25C} - System32\Tasks\At45 => C:\Windows\system32\6h8MLO.com <==== ATTENTION
Task: {4DBCED74-EBCB-46F4-8AE0-DA84C544EC51} - System32\Tasks\At30 => C:\Windows\system32\6h8MLO.com <==== ATTENTION
Task: {4F6A0621-5107-4A3D-AD3C-CE5F1D039951} - System32\Tasks\{B3D8BA82-EDDC-4340-B1EE-79C782EA2AFF} => pcalua.exe -a E:\Setup.exe -d E:\
Task: {59BABC9A-80A8-4B9D-82D9-B0786A390282} - System32\Tasks\At9 => C:\Windows\system32\6h8MLO.com <==== ATTENTION
Task: {608E0779-1230-46FD-A856-3763941D4FBC} - System32\Tasks\At4 => C:\Windows\system32\6h8MLO.com <==== ATTENTION
Task: {6B44C440-805D-463D-9146-957CE7D82756} - System32\Tasks\At24 => C:\Windows\system32\6h8MLO.com <==== ATTENTION
Task: {6D0D8AB4-733E-4810-A0E0-431B44BF7091} - System32\Tasks\At35 => C:\Windows\system32\6h8MLO.com <==== ATTENTION
Task: {786935CC-AAD9-4E3C-9303-EF9EED56DE33} - System32\Tasks\At23 => C:\Windows\system32\6h8MLO.com <==== ATTENTION
Task: {79392157-ACE3-4380-B3FC-3445C7650843} - System32\Tasks\At11 => C:\Windows\system32\6h8MLO.com <==== ATTENTION
Task: {79DA9D75-3D86-4A63-BEA2-84C6CFF9CA5B} - System32\Tasks\At25 => C:\Windows\system32\6h8MLO.com <==== ATTENTION
Task: {7E3F8379-0E72-46D7-BB58-E95D0FE2CEC7} - System32\Tasks\At31 => C:\Windows\system32\6h8MLO.com <==== ATTENTION
Task: {8A02CC10-95F5-412E-84ED-7BF2B53CA067} - System32\Tasks\At41 => C:\Windows\system32\6h8MLO.com <==== ATTENTION
Task: {8D6095E3-6D4A-4ADF-AB97-B1268DCBE4DD} - System32\Tasks\At12 => C:\Windows\system32\6h8MLO.com <==== ATTENTION
Task: {92A064FF-6881-4A90-8872-5E3A3FAA275E} - System32\Tasks\At20 => C:\Windows\system32\6h8MLO.com <==== ATTENTION
Task: {98099DCF-0D20-4E60-BC12-0152766FCF82} - System32\Tasks\At18 => C:\Windows\system32\6h8MLO.com <==== ATTENTION
Task: {A717CFA9-286B-4164-8953-0654DB5A3D78} - System32\Tasks\At46 => C:\Windows\system32\6h8MLO.com <==== ATTENTION
Task: {A963583A-A20F-4152-8BE6-414C604E18B0} - System32\Tasks\At43 => C:\Windows\system32\6h8MLO.com <==== ATTENTION
Task: {AF8944D3-90D0-4072-B03F-E6F602B79EBE} - System32\Tasks\At15 => C:\Windows\system32\6h8MLO.com <==== ATTENTION
Task: {B690FDD9-DE76-4C57-9EC2-160462B05D9E} - System32\Tasks\At21 => C:\Windows\system32\6h8MLO.com <==== ATTENTION
Task: {BF2F61D5-08CB-4067-9740-932C066DC2B8} - System32\Tasks\{B463752C-9CAC-4176-A9FB-6FE59F5260CC} => pcalua.exe -a "C:\Program Files\GAMESweet\VideoGameTYCOON_GOLD\UninstVGT_GOLD.exe" -c /U "C:\Program Files\GAMESweet\VideoGameTYCOON_GOLD\UninstVGT_GOLD.log"
Task: {BF6BF5A3-3596-4B42-A1D8-5C5C3A854F3C} - System32\Tasks\At16 => C:\Windows\system32\6h8MLO.com <==== ATTENTION
Task: {C0C52769-9BE3-4233-BA45-0FC43659D416} - System32\Tasks\At28 => C:\Windows\system32\6h8MLO.com <==== ATTENTION
Task: {C90C3331-6B4D-4D09-92D1-AE1FA14125B6} - System32\Tasks\At14 => C:\Windows\system32\6h8MLO.com <==== ATTENTION
Task: {CA433BC0-E63F-408A-A491-A5AEA3457E97} - System32\Tasks\At2 => C:\Windows\system32\6h8MLO.com <==== ATTENTION
Task: {CBBA5F1B-D095-47CB-991D-AE9330A42D82} - System32\Tasks\At33 => C:\Windows\system32\6h8MLO.com <==== ATTENTION
Task: {CE7B93CC-F541-4261-9574-EE08F4485338} - System32\Tasks\At36 => C:\Windows\system32\6h8MLO.com <==== ATTENTION
Task: {D65B6FD7-656D-4AB7-AA54-E9931B7633AE} - System32\Tasks\At32 => C:\Windows\system32\6h8MLO.com <==== ATTENTION
Task: {D9D1C5AB-0661-4F7B-8E0F-696FC697699B} - System32\Tasks\At22 => C:\Windows\system32\6h8MLO.com <==== ATTENTION
Task: {DD16B367-7075-4CA6-8637-324DF1FDF2F9} - System32\Tasks\At40 => C:\Windows\system32\6h8MLO.com <==== ATTENTION
Task: {E6E08CA2-6A43-4A8D-9831-F4974140C447} - System32\Tasks\At7 => C:\Windows\system32\6h8MLO.com <==== ATTENTION
Task: {E8E3D505-A3D8-4289-B3B2-ADDE933921DD} - System32\Tasks\At37 => C:\Windows\system32\6h8MLO.com <==== ATTENTION
Task: {F3DC97A8-2600-41C6-B783-1E5AAF0D4843} - System32\Tasks\At10 => C:\Windows\system32\6h8MLO.com <==== ATTENTION
Task: {FA341BA4-61CE-469A-8553-07D86470E765} - System32\Tasks\At5 => C:\Windows\system32\6h8MLO.com <==== ATTENTION
Task: C:\Windows\Tasks\At1.job => ?
Task: C:\Windows\Tasks\At10.job => ?
Task: C:\Windows\Tasks\At11.job => ?
Task: C:\Windows\Tasks\At12.job => ?
Task: C:\Windows\Tasks\At13.job => ?
Task: C:\Windows\Tasks\At14.job => ?
Task: C:\Windows\Tasks\At15.job => ?
Task: C:\Windows\Tasks\At16.job => ?
Task: C:\Windows\Tasks\At17.job => ?
Task: C:\Windows\Tasks\At18.job => ?
Task: C:\Windows\Tasks\At19.job => ?
Task: C:\Windows\Tasks\At2.job => ?
Task: C:\Windows\Tasks\At20.job => ?
Task: C:\Windows\Tasks\At21.job => ?
Task: C:\Windows\Tasks\At22.job => ?
Task: C:\Windows\Tasks\At23.job => ?
Task: C:\Windows\Tasks\At24.job => ?
Task: C:\Windows\Tasks\At25.job => ?
Task: C:\Windows\Tasks\At26.job => ?
Task: C:\Windows\Tasks\At27.job => ?
Task: C:\Windows\Tasks\At28.job => ?
Task: C:\Windows\Tasks\At29.job => ?
Task: C:\Windows\Tasks\At3.job => ?
Task: C:\Windows\Tasks\At30.job => ?
Task: C:\Windows\Tasks\At31.job => ?
Task: C:\Windows\Tasks\At32.job => ?
Task: C:\Windows\Tasks\At33.job => ?
Task: C:\Windows\Tasks\At34.job => ?
Task: C:\Windows\Tasks\At35.job => ?
Task: C:\Windows\Tasks\At36.job => ?
Task: C:\Windows\Tasks\At37.job => ?
Task: C:\Windows\Tasks\At38.job => ?
Task: C:\Windows\Tasks\At39.job => ?
Task: C:\Windows\Tasks\At4.job => ?
Task: C:\Windows\Tasks\At40.job => ?
Task: C:\Windows\Tasks\At41.job => ?
Task: C:\Windows\Tasks\At42.job => ?
Task: C:\Windows\Tasks\At43.job => ?
Task: C:\Windows\Tasks\At44.job => ?
Task: C:\Windows\Tasks\At45.job => ?
Task: C:\Windows\Tasks\At46.job => ?
Task: C:\Windows\Tasks\At47.job => ?
Task: C:\Windows\Tasks\At48.job => ?
Task: C:\Windows\Tasks\At5.job => ?
Task: C:\Windows\Tasks\At6.job => ?
Task: C:\Windows\Tasks\At7.job => ?
Task: C:\Windows\Tasks\At8.job => ?
Task: C:\Windows\Tasks\At9.job => ?
AlternateDataStreams: C:\ProgramData\TEMP:417F5F46
AlternateDataStreams: C:\ProgramData\TEMP:9547F1DB
AlternateDataStreams: C:\ProgramData\TEMP
1B5B4F1
C:\Windows\system32\6h8MLO.com
C:\Users\Jodi\AppData\Roaming\svc-lkpp.exe
C:\Windows\Installer\{4C271126-C295-4828-A901-5910AE0C258B}
C:\Users\Jodi\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
C:\Users\Jodi\AppData\Roaming\Mozilla\Firefox\Profiles\zfqxeaq8.default\Ext ensions\[email protected]
C:\Users\Jodi\AppData\Roaming\Mozilla\Firefox\Profiles\zfqxeaq8.default\Ext ensions\[email protected]
C:\Users\Jodi\AppData\Roaming\Mozilla\Firefox\Profiles\zfqxeaq8.default\Ext ensions\[email protected](65)
C:\Users\Jodi\AppData\Roaming\Mozilla\Firefox\Profiles\zfqxeaq8.default\Ext ensions\{5835466c-49af-4cbe-b102-a8c8b6313749}
C:\Users\Jodi\AppData\Roaming\Mozilla\Firefox\Profiles\zfqxeaq8.default\Ext ensions\{a8864317-e18b-4292-99d9-e6e65ab905d3}
C:\Users\Jodi\AppData\Roaming\NetAssistant
2015-01-22 07:28 - 2011-11-15 12:13 - 00000348 _____ () C:\Windows\Tasks\At16.job
2015-01-22 07:28 - 2011-11-15 12:13 - 00000346 _____ () C:\Windows\Tasks\At15.job
2015-01-22 06:21 - 2011-11-15 12:13 - 00000348 _____ () C:\Windows\Tasks\At14.job
2015-01-22 06:21 - 2011-11-15 12:13 - 00000346 _____ () C:\Windows\Tasks\At13.job
2015-01-22 05:21 - 2011-11-15 12:13 - 00000348 _____ () C:\Windows\Tasks\At12.job
2015-01-22 05:21 - 2011-11-15 12:13 - 00000346 _____ () C:\Windows\Tasks\At11.job
2015-01-22 04:22 - 2011-11-15 12:13 - 00000348 _____ () C:\Windows\Tasks\At10.job
2015-01-22 04:22 - 2011-11-15 12:13 - 00000346 _____ () C:\Windows\Tasks\At9.job
2015-01-22 03:21 - 2011-11-15 12:13 - 00000348 _____ () C:\Windows\Tasks\At8.job
2015-01-22 03:21 - 2011-11-15 12:13 - 00000346 _____ () C:\Windows\Tasks\At7.job
2015-01-22 02:21 - 2011-11-15 12:12 - 00000348 _____ () C:\Windows\Tasks\At6.job
2015-01-22 02:21 - 2011-11-15 12:12 - 00000346 _____ () C:\Windows\Tasks\At5.job
2015-01-22 01:21 - 2011-11-15 12:12 - 00000348 _____ () C:\Windows\Tasks\At4.job
2015-01-22 01:21 - 2011-11-15 12:12 - 00000346 _____ () C:\Windows\Tasks\At3.job
2015-01-22 00:21 - 2011-11-15 12:12 - 00000348 _____ () C:\Windows\Tasks\At2.job
2015-01-22 00:21 - 2011-11-15 12:12 - 00000346 _____ () C:\Windows\Tasks\At1.job
2015-01-21 23:21 - 2011-11-15 12:13 - 00000348 _____ () C:\Windows\Tasks\At48.job
2015-01-21 23:21 - 2011-11-15 12:13 - 00000346 _____ () C:\Windows\Tasks\At47.job
2015-01-21 22:21 - 2011-11-15 12:13 - 00000348 _____ () C:\Windows\Tasks\At46.job
2015-01-21 22:21 - 2011-11-15 12:13 - 00000346 _____ () C:\Windows\Tasks\At45.job
2015-01-21 21:21 - 2011-11-15 12:13 - 00000348 _____ () C:\Windows\Tasks\At44.job
2015-01-21 21:21 - 2011-11-15 12:13 - 00000346 _____ () C:\Windows\Tasks\At43.job
2015-01-21 20:21 - 2011-11-15 12:13 - 00000348 _____ () C:\Windows\Tasks\At42.job
2015-01-21 20:21 - 2011-11-15 12:13 - 00000346 _____ () C:\Windows\Tasks\At41.job
2015-01-21 19:21 - 2011-11-15 12:13 - 00000348 _____ () C:\Windows\Tasks\At40.job
2015-01-21 19:21 - 2011-11-15 12:13 - 00000346 _____ () C:\Windows\Tasks\At39.job
2015-01-21 18:21 - 2011-11-15 12:13 - 00000348 _____ () C:\Windows\Tasks\At38.job
2015-01-21 18:21 - 2011-11-15 12:13 - 00000346 _____ () C:\Windows\Tasks\At37.job
2015-01-21 17:21 - 2011-11-15 12:13 - 00000348 _____ () C:\Windows\Tasks\At36.job
2015-01-21 17:21 - 2011-11-15 12:13 - 00000346 _____ () C:\Windows\Tasks\At35.job
2015-01-21 16:21 - 2011-11-15 12:13 - 00000348 _____ () C:\Windows\Tasks\At34.job
2015-01-21 16:21 - 2011-11-15 12:13 - 00000346 _____ () C:\Windows\Tasks\At33.job
2011-11-18 12:28 - 2011-11-18 12:28 - 0000001 _____ () C:\ProgramData\4aY7knLV.exe.b
2011-11-18 12:28 - 2011-11-18 12:28 - 0000001 _____ () C:\ProgramData\4aY7knLV.exe_.b
2010-02-09 17:29 - 2010-02-09 17:29 - 0004144 _____ () C:\ProgramData\kbkwknay.ayh
C:\ProgramData\WWgN12.dat
C:\Users\Jodi\jagex_cl_loginapplet_LIVE.dat
C:\Users\Jodi\jagex_cl_runescape_LIVE.dat
C:\Users\Jodi\jagex_cl_runescape_LIVE1.dat
C:\Users\Jodi\jagex_cl_runescape_LIVE2.dat
C:\Users\Jodi\random.dat
C:\Users\Jodi\taskmanager.exe
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At10.job
C:\Windows\Tasks\At11.job
C:\Windows\Tasks\At12.job
C:\Windows\Tasks\At13.job
C:\Windows\Tasks\At14.job
C:\Windows\Tasks\At15.job
C:\Windows\Tasks\At16.job
C:\Windows\Tasks\At17.job
C:\Windows\Tasks\At18.job
C:\Windows\Tasks\At19.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At20.job
C:\Windows\Tasks\At21.job
C:\Windows\Tasks\At22.job
C:\Windows\Tasks\At23.job
C:\Windows\Tasks\At24.job
C:\Windows\Tasks\At25.job
C:\Windows\Tasks\At26.job
C:\Windows\Tasks\At27.job
C:\Windows\Tasks\At28.job
C:\Windows\Tasks\At29.job
C:\Windows\Tasks\At3.job
C:\Windows\Tasks\At30.job
C:\Windows\Tasks\At31.job
C:\Windows\Tasks\At32.job
C:\Windows\Tasks\At33.job
C:\Windows\Tasks\At34.job
C:\Windows\Tasks\At35.job
C:\Windows\Tasks\At36.job
C:\Windows\Tasks\At37.job
C:\Windows\Tasks\At38.job
C:\Windows\Tasks\At39.job
C:\Windows\Tasks\At4.job
C:\Windows\Tasks\At40.job
C:\Windows\Tasks\At41.job
C:\Windows\Tasks\At42.job
C:\Windows\Tasks\At43.job
C:\Windows\Tasks\At44.job
C:\Windows\Tasks\At45.job
C:\Windows\Tasks\At46.job
C:\Windows\Tasks\At47.job
C:\Windows\Tasks\At48.job
C:\Windows\Tasks\At5.job
C:\Windows\Tasks\At6.job
C:\Windows\Tasks\At7.job
C:\Windows\Tasks\At8.job
C:\Windows\Tasks\At9.job
C:\Users\Jodi\AppData\Local\Temp\contentDATs.exe
C:\Users\Jodi\AppData\Local\Temp\dxwebsetup.exe
C:\Users\Jodi\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Jodi\AppData\Local\Temp\MSNFB8D.exe
C:\Users\Jodi\AppData\Local\Temp\Quarantine.exe
C:\Users\Jodi\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\Jodi\AppData\Local\Temp\sqlite3.dll
C:\Remote Programs\Fish Tycoon\GPlrLanc.exe
C:\Program Files\GAMESweet\VideoGameTYCOON_GOLD
Reboot:
end

*****************

Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-4097677784-3526681225-2606921827-1000\Software\Microsoft\Windows\CurrentVersion\Run\\PrSft => value deleted successfully.
"HKU\S-1-5-21-4097677784-3526681225-2606921827-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{24221ead-015a-11df-bd0d-001d09788a3e}" => Key deleted successfully.
HKCR\CLSID\{24221ead-015a-11df-bd0d-001d09788a3e} => Key not found.
"HKU\S-1-5-21-4097677784-3526681225-2606921827-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7d3aa47b-bfa1-11e1-9ff1-001d09788a3e}" => Key deleted successfully.
HKCR\CLSID\{7d3aa47b-bfa1-11e1-9ff1-001d09788a3e} => Key not found.
HKU\S-1-5-21-4097677784-3526681225-2606921827-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\k9filter.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mpcmdrun" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mpsvc.dll" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mpuxsrv.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\msascui" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MSconfig.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MSseces" => Key deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk => Moved successfully.
C:\Windows\Installer\{4C271126-C295-4828-A901-5910AE0C258B}\Icon3E5562ED7.ico => Moved successfully.
C:\Users\Jodi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fliptoast.lnk => Moved successfully.
C:\Program Files\fliptoast\fliptoast.exe not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\EnhancedStorageShell" => Key deleted successfully.
"HKCR\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}" => Key Deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key deleted successfully.
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-4097677784-3526681225-2606921827-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}" => Key deleted successfully.
HKCR\CLSID\{70D46D94-BF1E-45ED-B567-48701376298E} => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C4B8BAB4-1667-11DF-A242-BA9455D89593}" => Key deleted successfully.
"HKCR\CLSID\{C4B8BAB4-1667-11DF-A242-BA9455D89593}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E4E6BF2A-1667-11DF-A01F-1F9655D89593}" => Key deleted successfully.
HKCR\CLSID\{E4E6BF2A-1667-11DF-A01F-1F9655D89593} => Key not found.
HKU\S-1-5-21-4097677784-3526681225-2606921827-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} => value deleted successfully.
HKCR\CLSID\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} => Key not found.
HKU\S-1-5-21-4097677784-3526681225-2606921827-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => value deleted successfully.
HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} => value deleted successfully.
"HKCR\CLSID\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" => Key deleted successfully.
Winsock: Catalog5 entry 000000000001\\LibraryPath was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5 entry 000000000005\\LibraryPath was set successfully to %SystemRoot%\System32\mswsock.dll

========= netsh winsock reset =========

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.

========= End of CMD: =========

C:\Users\Jodi\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected] => Moved successfully.
C:\Users\Jodi\AppData\Roaming\Mozilla\Firefox\Profiles\zfqxeaq8.default\Ext ensions\[email protected] => not found.
C:\Users\Jodi\AppData\Roaming\Mozilla\Firefox\Profiles\zfqxeaq8.default\Ext ensions\[email protected] => not found.
C:\Users\Jodi\AppData\Roaming\Mozilla\Firefox\Profiles\zfqxeaq8.default\Ext ensions\[email protected](65) => not found.
C:\Users\Jodi\AppData\Roaming\Mozilla\Firefox\Profiles\zfqxeaq8.default\Ext ensions\{5835466c-49af-4cbe-b102-a8c8b6313749} => not found.
C:\Users\Jodi\AppData\Roaming\Mozilla\Firefox\Profiles\zfqxeaq8.default\Ext ensions\{a8864317-e18b-4292-99d9-e6e65ab905d3} => not found.
HKU\S-1-5-21-4097677784-3526681225-2606921827-1000\Software\Mozilla\Firefox\Extensions\\{1266764D-FC4F-4FA7-B63B-884D53B1680F} => value deleted successfully.
C:\Users\Jodi\AppData\Roaming\NetAssistant => Moved successfully.
C:\Users\Jodi\AppData\Roaming\Mozilla\Firefox\Profiles\zfqxeaq8.default\ext ensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} => not found.
FastUserSwitchingCompatibility => Service deleted successfully.
intelusb3 => Service deleted successfully.
blbdrive => Service deleted successfully.
IpInIp => Service deleted successfully.
MCSTRM => Service deleted successfully.
NwlnkFlt => Service deleted successfully.
NwlnkFwd => Service deleted successfully.
oqgkt => Service deleted successfully.
C:\Users\Jodi\AppData\Local\{b4588576-5cec-c574-32f0-6545c25c5ec8} => Moved successfully.
"C:\Users\Jodi\AppData\Local\{b4588576-5cec-c574-32f0-6545c25c5ec8}\@" => File/Directory not found.
"HKU\S-1-5-21-4097677784-3526681225-2606921827-1000_Classes\CLSID\{75160161-3296-3103-6142-816242346385}" => Key deleted successfully.
HKU\S-1-5-21-4097677784-3526681225-2606921827-1000_Classes\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{00D3F227-7D9C-4457-B235-390A5E14E6DD}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{00D3F227-7D9C-4457-B235-390A5E14E6DD}" => Key deleted successfully.
C:\Windows\System32\Tasks\At34 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At34" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0AE8729B-F6DD-4C11-8307-A5D5D5972096}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0AE8729B-F6DD-4C11-8307-A5D5D5972096}" => Key deleted successfully.
C:\Windows\System32\Tasks\At29 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At29" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0FAC9752-2BB0-42B2-B4BE-10DB2D897EAB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0FAC9752-2BB0-42B2-B4BE-10DB2D897EAB}" => Key deleted successfully.
C:\Windows\System32\Tasks\At1 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At1" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{16997BFE-C354-4B54-8FAC-2474B1FA0473}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{16997BFE-C354-4B54-8FAC-2474B1FA0473}" => Key deleted successfully.
C:\Windows\System32\Tasks\At26 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At26" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{17728A47-0BCE-4FAC-91A6-7EB26F90DCA0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{17728A47-0BCE-4FAC-91A6-7EB26F90DCA0}" => Key deleted successfully.
C:\Windows\System32\Tasks\At48 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At48" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1B153724-01A1-41B6-991F-C0D469C329F1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1B153724-01A1-41B6-991F-C0D469C329F1}" => Key deleted successfully.
C:\Windows\System32\Tasks\At42 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At42" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1B7DAA38-9F7C-46E5-83F2-E7458EC482E7}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1B7DAA38-9F7C-46E5-83F2-E7458EC482E7}" => Key deleted successfully.
C:\Windows\System32\Tasks\At27 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At27" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1DE8D37C-2AA7-4DFE-958F-5832114402F8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1DE8D37C-2AA7-4DFE-958F-5832114402F8}" => Key deleted successfully.
C:\Windows\System32\Tasks\At17 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At17" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1E0EE21E-7D94-4846-9413-18EFD6F761F2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1E0EE21E-7D94-4846-9413-18EFD6F761F2}" => Key deleted successfully.
C:\Windows\System32\Tasks\At13 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At13" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{207DD20F-EAE0-4713-BB89-5742D4D847E5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{207DD20F-EAE0-4713-BB89-5742D4D847E5}" => Key deleted successfully.
C:\Windows\System32\Tasks\At3 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At3" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2673EA33-E9B1-4E47-9E06-03E238AD42D5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2673EA33-E9B1-4E47-9E06-03E238AD42D5}" => Key deleted successfully.
C:\Windows\System32\Tasks\At38 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At38" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2D60E519-226B-4DEC-9CA0-E19E9FEC5645}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2D60E519-226B-4DEC-9CA0-E19E9FEC5645}" => Key deleted successfully.
C:\Windows\System32\Tasks\At19 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At19" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2F07948D-08E8-4C7B-99D2-FC7B1F14402D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F07948D-08E8-4C7B-99D2-FC7B1F14402D}" => Key deleted successfully.
C:\Windows\System32\Tasks\At44 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At44" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3170A13C-1984-484F-B59E-DE680216BA91}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3170A13C-1984-484F-B59E-DE680216BA91}" => Key deleted successfully.
C:\Windows\System32\Tasks\At6 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At6" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{35C6C530-741F-43CF-8A50-609D2C7AC4A3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{35C6C530-741F-43CF-8A50-609D2C7AC4A3}" => Key deleted successfully.
C:\Windows\System32\Tasks\{BCCBB393-0578-4814-ADC8-F6FFC5B0B3BB} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{BCCBB393-0578-4814-ADC8-F6FFC5B0B3BB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3B712D60-A468-4B89-803D-EC120740152E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3B712D60-A468-4B89-803D-EC120740152E}" => Key deleted successfully.
C:\Windows\System32\Tasks\At8 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At8" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3FD785BF-A874-4967-8B53-9423F61B44FB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3FD785BF-A874-4967-8B53-9423F61B44FB}" => Key deleted successfully.
C:\Windows\System32\Tasks\At47 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At47" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{443F9444-27BA-44CE-B8A2-158CF64B0F5C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{443F9444-27BA-44CE-B8A2-158CF64B0F5C}" => Key deleted successfully.
C:\Windows\System32\Tasks\At39 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At39" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{467CFA64-0965-4CBD-96E1-49BA7092E25C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{467CFA64-0965-4CBD-96E1-49BA7092E25C}" => Key deleted successfully.
C:\Windows\System32\Tasks\At45 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At45" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4DBCED74-EBCB-46F4-8AE0-DA84C544EC51}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4DBCED74-EBCB-46F4-8AE0-DA84C544EC51}" => Key deleted successfully.
C:\Windows\System32\Tasks\At30 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At30" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4F6A0621-5107-4A3D-AD3C-CE5F1D039951}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4F6A0621-5107-4A3D-AD3C-CE5F1D039951}" => Key deleted successfully.
C:\Windows\System32\Tasks\{B3D8BA82-EDDC-4340-B1EE-79C782EA2AFF} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B3D8BA82-EDDC-4340-B1EE-79C782EA2AFF}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{59BABC9A-80A8-4B9D-82D9-B0786A390282}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{59BABC9A-80A8-4B9D-82D9-B0786A390282}" => Key deleted successfully.
C:\Windows\System32\Tasks\At9 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At9" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{608E0779-1230-46FD-A856-3763941D4FBC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{608E0779-1230-46FD-A856-3763941D4FBC}" => Key deleted successfully.
C:\Windows\System32\Tasks\At4 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At4" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6B44C440-805D-463D-9146-957CE7D82756}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6B44C440-805D-463D-9146-957CE7D82756}" => Key deleted successfully.
C:\Windows\System32\Tasks\At24 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At24" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6D0D8AB4-733E-4810-A0E0-431B44BF7091}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6D0D8AB4-733E-4810-A0E0-431B44BF7091}" => Key deleted successfully.
C:\Windows\System32\Tasks\At35 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At35" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{786935CC-AAD9-4E3C-9303-EF9EED56DE33}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{786935CC-AAD9-4E3C-9303-EF9EED56DE33}" => Key deleted successfully.
C:\Windows\System32\Tasks\At23 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At23" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{79392157-ACE3-4380-B3FC-3445C7650843}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{79392157-ACE3-4380-B3FC-3445C7650843}" => Key deleted successfully.
C:\Windows\System32\Tasks\At11 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At11" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{79DA9D75-3D86-4A63-BEA2-84C6CFF9CA5B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{79DA9D75-3D86-4A63-BEA2-84C6CFF9CA5B}" => Key deleted successfully.
C:\Windows\System32\Tasks\At25 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At25" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7E3F8379-0E72-46D7-BB58-E95D0FE2CEC7}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7E3F8379-0E72-46D7-BB58-E95D0FE2CEC7}" => Key deleted successfully.
C:\Windows\System32\Tasks\At31 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At31" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8A02CC10-95F5-412E-84ED-7BF2B53CA067}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8A02CC10-95F5-412E-84ED-7BF2B53CA067}" => Key deleted successfully.
C:\Windows\System32\Tasks\At41 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At41" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8D6095E3-6D4A-4ADF-AB97-B1268DCBE4DD}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8D6095E3-6D4A-4ADF-AB97-B1268DCBE4DD}" => Key deleted successfully.
C:\Windows\System32\Tasks\At12 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At12" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{92A064FF-6881-4A90-8872-5E3A3FAA275E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{92A064FF-6881-4A90-8872-5E3A3FAA275E}" => Key deleted successfully.
C:\Windows\System32\Tasks\At20 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At20" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{98099DCF-0D20-4E60-BC12-0152766FCF82}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{98099DCF-0D20-4E60-BC12-0152766FCF82}" => Key deleted successfully.
C:\Windows\System32\Tasks\At18 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At18" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A717CFA9-286B-4164-8953-0654DB5A3D78}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A717CFA9-286B-4164-8953-0654DB5A3D78}" => Key deleted successfully.
C:\Windows\System32\Tasks\At46 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At46" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A963583A-A20F-4152-8BE6-414C604E18B0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A963583A-A20F-4152-8BE6-414C604E18B0}" => Key deleted successfully.
C:\Windows\System32\Tasks\At43 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At43" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AF8944D3-90D0-4072-B03F-E6F602B79EBE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AF8944D3-90D0-4072-B03F-E6F602B79EBE}" => Key deleted successfully.
C:\Windows\System32\Tasks\At15 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At15" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B690FDD9-DE76-4C57-9EC2-160462B05D9E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B690FDD9-DE76-4C57-9EC2-160462B05D9E}" => Key deleted successfully.
C:\Windows\System32\Tasks\At21 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At21" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BF2F61D5-08CB-4067-9740-932C066DC2B8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BF2F61D5-08CB-4067-9740-932C066DC2B8}" => Key deleted successfully.
C:\Windows\System32\Tasks\{B463752C-9CAC-4176-A9FB-6FE59F5260CC} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B463752C-9CAC-4176-A9FB-6FE59F5260CC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BF6BF5A3-3596-4B42-A1D8-5C5C3A854F3C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BF6BF5A3-3596-4B42-A1D8-5C5C3A854F3C}" => Key deleted successfully.
C:\Windows\System32\Tasks\At16 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At16" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C0C52769-9BE3-4233-BA45-0FC43659D416}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C0C52769-9BE3-4233-BA45-0FC43659D416}" => Key deleted successfully.
C:\Windows\System32\Tasks\At28 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At28" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C90C3331-6B4D-4D09-92D1-AE1FA14125B6}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C90C3331-6B4D-4D09-92D1-AE1FA14125B6}" => Key deleted successfully.
C:\Windows\System32\Tasks\At14 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At14" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CA433BC0-E63F-408A-A491-A5AEA3457E97}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CA433BC0-E63F-408A-A491-A5AEA3457E97}" => Key deleted successfully.
C:\Windows\System32\Tasks\At2 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At2" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CBBA5F1B-D095-47CB-991D-AE9330A42D82}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CBBA5F1B-D095-47CB-991D-AE9330A42D82}" => Key deleted successfully.
C:\Windows\System32\Tasks\At33 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At33" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CE7B93CC-F541-4261-9574-EE08F4485338}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CE7B93CC-F541-4261-9574-EE08F4485338}" => Key deleted successfully.
C:\Windows\System32\Tasks\At36 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At36" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D65B6FD7-656D-4AB7-AA54-E9931B7633AE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D65B6FD7-656D-4AB7-AA54-E9931B7633AE}" => Key deleted successfully.
C:\Windows\System32\Tasks\At32 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At32" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D9D1C5AB-0661-4F7B-8E0F-696FC697699B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D9D1C5AB-0661-4F7B-8E0F-696FC697699B}" => Key deleted successfully.
C:\Windows\System32\Tasks\At22 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At22" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DD16B367-7075-4CA6-8637-324DF1FDF2F9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DD16B367-7075-4CA6-8637-324DF1FDF2F9}" => Key deleted successfully.
C:\Windows\System32\Tasks\At40 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At40" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E6E08CA2-6A43-4A8D-9831-F4974140C447}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E6E08CA2-6A43-4A8D-9831-F4974140C447}" => Key deleted successfully.
C:\Windows\System32\Tasks\At7 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At7" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E8E3D505-A3D8-4289-B3B2-ADDE933921DD}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E8E3D505-A3D8-4289-B3B2-ADDE933921DD}" => Key deleted successfully.
C:\Windows\System32\Tasks\At37 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At37" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F3DC97A8-2600-41C6-B783-1E5AAF0D4843}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F3DC97A8-2600-41C6-B783-1E5AAF0D4843}" => Key deleted successfully.
C:\Windows\System32\Tasks\At10 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At10" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FA341BA4-61CE-469A-8553-07D86470E765}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA341BA4-61CE-469A-8553-07D86470E765}" => Key deleted successfully.
C:\Windows\System32\Tasks\At5 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At5" => Key deleted successfully.
C:\Windows\Tasks\At1.job => Moved successfully.
C:\Windows\Tasks\At10.job => Moved successfully.
C:\Windows\Tasks\At11.job => Moved successfully.
C:\Windows\Tasks\At12.job => Moved successfully.
C:\Windows\Tasks\At13.job => Moved successfully.
C:\Windows\Tasks\At14.job => Moved successfully.
C:\Windows\Tasks\At15.job => Moved successfully.
C:\Windows\Tasks\At16.job => Moved successfully.
C:\Windows\Tasks\At17.job => Moved successfully.
C:\Windows\Tasks\At18.job => Moved successfully.
C:\Windows\Tasks\At19.job => Moved successfully.
C:\Windows\Tasks\At2.job => Moved successfully.
C:\Windows\Tasks\At20.job => Moved successfully.
C:\Windows\Tasks\At21.job => Moved successfully.
C:\Windows\Tasks\At22.job => Moved successfully.
C:\Windows\Tasks\At23.job => Moved successfully.
C:\Windows\Tasks\At24.job => Moved successfully.
C:\Windows\Tasks\At25.job => Moved successfully.
C:\Windows\Tasks\At26.job => Moved successfully.
C:\Windows\Tasks\At27.job => Moved successfully.
C:\Windows\Tasks\At28.job => Moved successfully.
C:\Windows\Tasks\At29.job => Moved successfully.
C:\Windows\Tasks\At3.job => Moved successfully.
C:\Windows\Tasks\At30.job => Moved successfully.
C:\Windows\Tasks\At31.job => Moved successfully.
C:\Windows\Tasks\At32.job => Moved successfully.
C:\Windows\Tasks\At33.job => Moved successfully.
C:\Windows\Tasks\At34.job => Moved successfully.
C:\Windows\Tasks\At35.job => Moved successfully.
C:\Windows\Tasks\At36.job => Moved successfully.
C:\Windows\Tasks\At37.job => Moved successfully.
C:\Windows\Tasks\At38.job => Moved successfully.
C:\Windows\Tasks\At39.job => Moved successfully.
C:\Windows\Tasks\At4.job => Moved successfully.
C:\Windows\Tasks\At40.job => Moved successfully.
C:\Windows\Tasks\At41.job => Moved successfully.
C:\Windows\Tasks\At42.job => Moved successfully.
C:\Windows\Tasks\At43.job => Moved successfully.
C:\Windows\Tasks\At44.job => Moved successfully.
C:\Windows\Tasks\At45.job => Moved successfully.
C:\Windows\Tasks\At46.job => Moved successfully.
C:\Windows\Tasks\At47.job => Moved successfully.
C:\Windows\Tasks\At48.job => Moved successfully.
C:\Windows\Tasks\At5.job => Moved successfully.
C:\Windows\Tasks\At6.job => Moved successfully.
C:\Windows\Tasks\At7.job => Moved successfully.
C:\Windows\Tasks\At8.job => Moved successfully.
C:\Windows\Tasks\At9.job => Moved successfully.
C:\ProgramData\TEMP => ":417F5F46" ADS removed successfully.
C:\ProgramData\TEMP => ":9547F1DB" ADS removed successfully.
"AlternateDataStreams: C:\ProgramData\TEMP" => "AlternateDataStreams: C:\ProgramData\TEMP" ADS not found.
1B5B4F1 => Error: No automatic fix found for this entry.
"C:\Windows\system32\6h8MLO.com" => File/Directory not found.
"C:\Users\Jodi\AppData\Roaming\svc-lkpp.exe" => File/Directory not found.
C:\Windows\Installer\{4C271126-C295-4828-A901-5910AE0C258B} => Moved successfully.
C:\Users\Jodi\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} => Moved successfully.
"C:\Users\Jodi\AppData\Roaming\Mozilla\Firefox\Profiles\zfqxeaq8.default\Ext ensions\[email protected]" => File/Directory not found.
"C:\Users\Jodi\AppData\Roaming\Mozilla\Firefox\Profiles\zfqxeaq8.default\Ext ensions\[email protected]" => File/Directory not found.
"C:\Users\Jodi\AppData\Roaming\Mozilla\Firefox\Profiles\zfqxeaq8.default\Ext ensions\[email protected](65)" => File/Directory not found.
"C:\Users\Jodi\AppData\Roaming\Mozilla\Firefox\Profiles\zfqxeaq8.default\Ext ensions\{5835466c-49af-4cbe-b102-a8c8b6313749}" => File/Directory not found.
"C:\Users\Jodi\AppData\Roaming\Mozilla\Firefox\Profiles\zfqxeaq8.default\Ext ensions\{a8864317-e18b-4292-99d9-e6e65ab905d3}" => File/Directory not found.
"C:\Users\Jodi\AppData\Roaming\NetAssistant" => File/Directory not found.
"C:\Windows\Tasks\At16.job" => File/Directory not found.
"C:\Windows\Tasks\At15.job" => File/Directory not found.
"C:\Windows\Tasks\At14.job" => File/Directory not found.
"C:\Windows\Tasks\At13.job" => File/Directory not found.
"C:\Windows\Tasks\At12.job" => File/Directory not found.
"C:\Windows\Tasks\At11.job" => File/Directory not found.
"C:\Windows\Tasks\At10.job" => File/Directory not found.
"C:\Windows\Tasks\At9.job" => File/Directory not found.
"C:\Windows\Tasks\At8.job" => File/Directory not found.
"C:\Windows\Tasks\At7.job" => File/Directory not found.
"C:\Windows\Tasks\At6.job" => File/Directory not found.
"C:\Windows\Tasks\At5.job" => File/Directory not found.
"C:\Windows\Tasks\At4.job" => File/Directory not found.
"C:\Windows\Tasks\At3.job" => File/Directory not found.
"C:\Windows\Tasks\At2.job" => File/Directory not found.
"C:\Windows\Tasks\At1.job" => File/Directory not found.
"C:\Windows\Tasks\At48.job" => File/Directory not found.
"C:\Windows\Tasks\At47.job" => File/Directory not found.
"C:\Windows\Tasks\At46.job" => File/Directory not found.
"C:\Windows\Tasks\At45.job" => File/Directory not found.
"C:\Windows\Tasks\At44.job" => File/Directory not found.
"C:\Windows\Tasks\At43.job" => File/Directory not found.
"C:\Windows\Tasks\At42.job" => File/Directory not found.
"C:\Windows\Tasks\At41.job" => File/Directory not found.
"C:\Windows\Tasks\At40.job" => File/Directory not found.
"C:\Windows\Tasks\At39.job" => File/Directory not found.
"C:\Windows\Tasks\At38.job" => File/Directory not found.
"C:\Windows\Tasks\At37.job" => File/Directory not found.
"C:\Windows\Tasks\At36.job" => File/Directory not found.
"C:\Windows\Tasks\At35.job" => File/Directory not found.
"C:\Windows\Tasks\At34.job" => File/Directory not found.
"C:\Windows\Tasks\At33.job" => File/Directory not found.
C:\ProgramData\4aY7knLV.exe.b => Moved successfully.
C:\ProgramData\4aY7knLV.exe_.b => Moved successfully.
C:\ProgramData\kbkwknay.ayh => Moved successfully.
C:\ProgramData\WWgN12.dat => Moved successfully.
C:\Users\Jodi\jagex_cl_loginapplet_LIVE.dat => Moved successfully.
C:\Users\Jodi\jagex_cl_runescape_LIVE.dat => Moved successfully.
C:\Users\Jodi\jagex_cl_runescape_LIVE1.dat => Moved successfully.
C:\Users\Jodi\jagex_cl_runescape_LIVE2.dat => Moved successfully.
C:\Users\Jodi\random.dat => Moved successfully.
C:\Users\Jodi\taskmanager.exe => Moved successfully.
"C:\Windows\Tasks\At1.job" => File/Directory not found.
"C:\Windows\Tasks\At10.job" => File/Directory not found.
"C:\Windows\Tasks\At11.job" => File/Directory not found.
"C:\Windows\Tasks\At12.job" => File/Directory not found.
"C:\Windows\Tasks\At13.job" => File/Directory not found.
"C:\Windows\Tasks\At14.job" => File/Directory not found.
"C:\Windows\Tasks\At15.job" => File/Directory not found.
"C:\Windows\Tasks\At16.job" => File/Directory not found.
"C:\Windows\Tasks\At17.job" => File/Directory not found.
"C:\Windows\Tasks\At18.job" => File/Directory not found.
"C:\Windows\Tasks\At19.job" => File/Directory not found.
"C:\Windows\Tasks\At2.job" => File/Directory not found.
"C:\Windows\Tasks\At20.job" => File/Directory not found.
"C:\Windows\Tasks\At21.job" => File/Directory not found.
"C:\Windows\Tasks\At22.job" => File/Directory not found.
"C:\Windows\Tasks\At23.job" => File/Directory not found.
"C:\Windows\Tasks\At24.job" => File/Directory not found.
"C:\Windows\Tasks\At25.job" => File/Directory not found.
"C:\Windows\Tasks\At26.job" => File/Directory not found.
"C:\Windows\Tasks\At27.job" => File/Directory not found.
"C:\Windows\Tasks\At28.job" => File/Directory not found.
"C:\Windows\Tasks\At29.job" => File/Directory not found.
"C:\Windows\Tasks\At3.job" => File/Directory not found.
"C:\Windows\Tasks\At30.job" => File/Directory not found.
"C:\Windows\Tasks\At31.job" => File/Directory not found.
"C:\Windows\Tasks\At32.job" => File/Directory not found.
"C:\Windows\Tasks\At33.job" => File/Directory not found.
"C:\Windows\Tasks\At34.job" => File/Directory not found.
"C:\Windows\Tasks\At35.job" => File/Directory not found.
"C:\Windows\Tasks\At36.job" => File/Directory not found.
"C:\Windows\Tasks\At37.job" => File/Directory not found.
"C:\Windows\Tasks\At38.job" => File/Directory not found.
"C:\Windows\Tasks\At39.job" => File/Directory not found.
"C:\Windows\Tasks\At4.job" => File/Directory not found.
"C:\Windows\Tasks\At40.job" => File/Directory not found.
"C:\Windows\Tasks\At41.job" => File/Directory not found.
"C:\Windows\Tasks\At42.job" => File/Directory not found.
"C:\Windows\Tasks\At43.job" => File/Directory not found.
"C:\Windows\Tasks\At44.job" => File/Directory not found.
"C:\Windows\Tasks\At45.job" => File/Directory not found.
"C:\Windows\Tasks\At46.job" => File/Directory not found.
"C:\Windows\Tasks\At47.job" => File/Directory not found.
"C:\Windows\Tasks\At48.job" => File/Directory not found.
"C:\Windows\Tasks\At5.job" => File/Directory not found.
"C:\Windows\Tasks\At6.job" => File/Directory not found.
"C:\Windows\Tasks\At7.job" => File/Directory not found.
"C:\Windows\Tasks\At8.job" => File/Directory not found.
"C:\Windows\Tasks\At9.job" => File/Directory not found.
C:\Users\Jodi\AppData\Local\Temp\contentDATs.exe => Moved successfully.
C:\Users\Jodi\AppData\Local\Temp\dxwebsetup.exe => Moved successfully.
C:\Users\Jodi\AppData\Local\Temp\jre-8u31-windows-au.exe => Moved successfully.
C:\Users\Jodi\AppData\Local\Temp\MSNFB8D.exe => Moved successfully.
C:\Users\Jodi\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Jodi\AppData\Local\Temp\SecurityScan_Release.exe => Moved successfully.
C:\Users\Jodi\AppData\Local\Temp\sqlite3.dll => Moved successfully.
"C:\Remote Programs\Fish Tycoon\GPlrLanc.exe" => File/Directory not found.
C:\Program Files\GAMESweet\VideoGameTYCOON_GOLD => Moved successfully.

The system needed a reboot.

==== End of Fixlog 17:36:14 ====

blah321 · Jan 24, 2015

# AdwCleaner v4.109 - Report created 24/01/2015 at 18:21:08
# Updated 24/01/2015 by Xplode
# Database : 2015-01-24.3 [Local]
# Operating System : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Username : Jodi - JODI-PC
# Running from : C:\Users\Jodi\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>;*.local

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16599

-\\ Mozilla Firefox v33.1.1 (x86 en-US)

-\\ Google Chrome v40.0.2214.91

[C:\Users\Jodi\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Jodi\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

-\\ Chromium v

[C:\Users\Jodi\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Jodi\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [74903 octets] - [21/01/2015 16:02:06]
AdwCleaner[R1].txt - [1340 octets] - [24/01/2015 18:05:27]
AdwCleaner[S0].txt - [80117 octets] - [21/01/2015 16:13:35]
AdwCleaner[S1].txt - [1559 octets] - [24/01/2015 18:21:08]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1619 octets] ##########

dbreeze · Jan 24, 2015

How is your system running now?

Start Malwarebytes' Anti-Malware.

On the Dashboard tab, click the Update Now button, to update the definitions to the latest version.

Then click the Scan tab. Select Custom Scan and click the Start Scan button.

In the window that appears, check the box next to Scan for Rootkits. Also, select all drives, except for CD/DVD-drives. After you have done this, click Start Scan.

Follow the instructions given by Malwarebytes' Anti-Malware.

If any items were found during the scan process, Malwarebytes' Anti-Malware will ask you what you want to do with those items. Please quarantine all items.

It's possible the program asks you for permission to restart the computer. If so, please allow MBAM to do so immediately.

Save the logfile in txt-format and copy/paste it in your next reply.

Note: If you can't find the logfile, look at the "History" tab. Select the most recent logfile (you can see the creation date in the log's title).

blah321 · Jan 25, 2015

System is still SUPER slow.. Especially at start up..
I tried to run Malwarebytes last night and when I went to bed it was running for over an hour and had 48 infections, but when I woke up the computer had restarted, so I had to try to start again, but it has been hanging when I try to even open it. I have restarted a couple times. I have gotten it to open once, but then it went to Not Responding... I am not just getting into it again and finally got to the scan to start after a 1/2 hour or so of trying to get it to start, but it went to not responding after 1 second??
I am going to leave it, to see if it starts, but wanted to let you know why I havent posted anything yet.

I did notice a process in the Task Manager called StartManSvc, that was eating up ALOT of memory, but it has seem to slow down now, but in my search it sounded like there could be a virus possibly attached to that?? You would know better than me, so that is why I thought i would bring it up..

dbreeze · Jan 25, 2015

Let's move on to a bigger hammer, shall we?

For the time being, stop trying to scan with Malwarebytes; reboot the system if you have to to stop the process (Malwarebytes Antimalware that is).

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

-----------------------------------------------------------

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

-----------------------------------------------------------

Close any open browsers.

WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

-----------------------------------------------------------

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt" for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

blah321 · Jan 26, 2015

Ok, so I did what you said with Malwarebytes.. Then did the Combofix, but it ran for a couple hours before I went to bed and then when I went to bed I just left it. When I woke up the computer was locked, but it is still on the same screen at the same place as it was when I went to bed.
There is an attached picture of what the screen looks like.. I will not do anything to it til you tell me what I should do as I know you arent suppose to do anything while this program runs. If it does do anything else I will let you know as well.

blah321 · Jan 26, 2015

Just got a pop up on the bottom right saying Malwarebytes Scan Completed Malware detected??? I didnt disable any of this, just the AVG, but wanted to let you know that something else happened but the blue screen is still the same.

dbreeze · Jan 26, 2015

End this by powering down the system. Wait a few minutes and then start it again. Tell me what happens next.

blah321 · Jan 26, 2015

Came up with the screen where you have options on starting it, but just as I saw it it automatically selected to start windows normally... so that is what it did..

Very slow at starting up...but came to the desktop after waiting a few minutes.....

dbreeze · Jan 27, 2015

Please check and see if there is a C:\ComboFix.txt file. Please post this log file ( even though it may not be complete) if there is one.

Log in or Sign up

Please tell me if the computer is free of junk??

blah321 Thread Starter

dbreeze Malware Specialist

blah321 Thread Starter

blah321 Thread Starter

dbreeze Malware Specialist

Attached Files:

Fixlist.txt

blah321 Thread Starter

blah321 Thread Starter

dbreeze Malware Specialist

blah321 Thread Starter

dbreeze Malware Specialist

blah321 Thread Starter

Attached Files:

IMG_2680.jpg

blah321 Thread Starter

dbreeze Malware Specialist

blah321 Thread Starter

dbreeze Malware Specialist

Sponsor

Welcome to Tech Support Guy!

In Progress BocaMonitor how can i delete this Please and thank you

New Help Please

New Hacked - computer, phone. please advise on protection.

Log in or Sign up

Please tell me if the computer is free of junk??

blah321 Thread Starter

dbreeze Malware Specialist

blah321 Thread Starter

blah321 Thread Starter

dbreeze Malware Specialist

Attached Files:

Fixlist.txt

blah321 Thread Starter

blah321 Thread Starter

dbreeze Malware Specialist

blah321 Thread Starter

dbreeze Malware Specialist

blah321 Thread Starter

Attached Files:

IMG_2680.jpg

blah321 Thread Starter

dbreeze Malware Specialist

blah321 Thread Starter

dbreeze Malware Specialist

Sponsor

Welcome to Tech Support Guy!

In Progress BocaMonitor how can i delete this Please and thank you

New Help Please

New Hacked - computer, phone. please advise on protection.

Useful Searches