Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
can't connect online on any browser after running anti-malware.
Message
<blockquote data-quote="dnunez" data-source="post: 322136" data-attributes="member: 32414"><p>Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-12-2014</p><p>Ran by D-Black (administrator) on LACOCECHA on 27-12-2014 04:32:09</p><p>Running from C:\Users\D-Black\Downloads</p><p>Loaded Profile: D-Black (Available profiles: D-Black & Delaney)</p><p>Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: English (United States)</p><p>Internet Explorer Version 11</p><p>Boot Mode: Normal</p><p>Tutorial for Farbar Recovery Scan Tool: <a href="http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/" target="_blank">http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/</a></p><p></p><p>==================== Processes (Whitelisted) =================</p><p></p><p>(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)</p><p></p><p>(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe</p><p>(AMD) C:\Windows\System32\atiesrxx.exe</p><p>(Creative Technology Ltd) C:\Program Files\Creative\Shared Files\CTAudSvc.exe</p><p>(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe</p><p>(AMD) C:\Windows\System32\atieclxx.exe</p><p>(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe</p><p>(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe</p><p>(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe</p><p>(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe</p><p>() C:\Program Files\Froyo_Android_Driver\Bin\MonServiceUDisk.exe</p><p>(MicroStudio) C:\Program Files\Windows Network Accelerater\v3\winvxm.exe</p><p>(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE</p><p>(MicroTools) C:\Program Files\YouTube Downloader Services\P2\youtubeserv.exe</p><p>(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE</p><p>(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe</p><p>(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe</p><p>(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe</p><p>(Google Inc.) C:\Program Files\Google\Update\1.3.25.11\GoogleCrashHandler.exe</p><p>() C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe</p><p>(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe</p><p>(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe</p><p>(Creative Technology Ltd) C:\Windows\System32\Ctxfihlp.exe</p><p>(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe</p><p>(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe</p><p>(Microsoft Corporation) C:\Windows\System32\StikyNot.exe</p><p>(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Express Tray\ExpressTray.exe</p><p>() C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe</p><p>(Creative Technology Ltd) C:\Windows\System32\CTxfispi.exe</p><p>(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe</p><p>(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe</p><p>(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe</p><p>(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_235.exe</p><p>(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_235.exe</p><p>(Microsoft Corporation) C:\Windows\System32\dllhost.exe</p><p>(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe</p><p></p><p></p><p>==================== Registry (Whitelisted) ==================</p><p></p><p>(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)</p><p></p><p>HKLM\...\Run: [RoxWatchTray] => C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe [244208 2009-06-10] (Sonic Solutions)</p><p>HKLM\...\Run: [LogitechQuickCamRibbon] => C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] ()</p><p>HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)</p><p>HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)</p><p>HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2010-11-01] (Pixart Imaging Inc)</p><p>HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-08-19] (DivX, LLC)</p><p>HKLM\...\Run: [CTxfiHlp] => CTXFIHLP.EXE</p><p>HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)</p><p>HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)</p><p>HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)</p><p>HKU\S-1-5-21-2383511167-434876183-2691488376-1004\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [354304 2009-07-13] (Microsoft Corporation)</p><p>HKU\S-1-5-21-2383511167-434876183-2691488376-1004\...\Run: [Facebook Update] => C:\Users\D-Black\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-07-08] (Facebook Inc.)</p><p>HKU\S-1-5-21-2383511167-434876183-2691488376-1004\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries)</p><p>HKU\S-1-5-21-2383511167-434876183-2691488376-1004\...\Run: [Itibiti.exe] => C:\Program Files\Itibiti Soft Phone\Itibiti.exe</p><p>HKU\S-1-5-21-2383511167-434876183-2691488376-1004\...\Run: [PCKeeper2] => "C:\Program Files\Kromtech\PCKeeper\PCKeeper.exe" /autorun</p><p>HKU\S-1-5-21-2383511167-434876183-2691488376-1004\...\MountPoints2: {10abe97b-3a4f-11e4-b707-00219b1bee3d} - F:\Windows\AutoRun.exe</p><p>HKU\S-1-5-21-2383511167-434876183-2691488376-1004\...\MountPoints2: {7adb1515-4075-11e4-b6c3-00219b1bee3d} - F:\Windows\AutoRun.exe</p><p>HKU\S-1-5-21-2383511167-434876183-2691488376-1004\...\MountPoints2: {855517e7-b693-11e3-8295-00219b1bee3d} - F:\LaunchU3.exe -a</p><p>HKU\S-1-5-21-2383511167-434876183-2691488376-1004\...\MountPoints2: {859f627d-2c9f-11e3-b7b7-00219b1bee3d} - F:\N8000_ZTE.exe</p><p>HKU\S-1-5-21-2383511167-434876183-2691488376-1004\...\MountPoints2: {cdd59a84-84c7-11e4-961f-00219b1bee3d} - F:\Windows\AutoRun.exe</p><p>HKU\S-1-5-21-2383511167-434876183-2691488376-1004\...\MountPoints2: {cf6cf40c-2f00-11e4-b6be-00219b1bee3d} - F:\Windows\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2088.1.A01B06 PID_0083 {01D42BF0-ED08-463f-8A28-99EB6FEE962B}</p><p>HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"</p><p>GroupPolicy: Group Policy on Chrome detected <======= ATTENTION</p><p>CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION</p><p>CHR HKU\S-1-5-21-2383511167-434876183-2691488376-1004\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION</p><p></p><p>==================== Internet (Whitelisted) ====================</p><p></p><p>(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)</p><p></p><p>ProxyEnable: [HKLM] => ProxyEnable is set.</p><p>ProxyServer: [HKLM] => http=127.0.0.1:8800;https=127.0.0.1:8800</p><p>HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = <a href="http://www.msn.com/?pc=MSSE" target="_blank">http://www.msn.com/?pc=MSSE</a></p><p>HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = <a href="http://www.msn.com/?pc=MSSE" target="_blank">http://www.msn.com/?pc=MSSE</a></p><p>HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,First Home Page = <a href="http://go.microsoft.com/fwlink/?LinkID=226786&Mkt=en-US&Src=MSE&Tid=000328B9&OHP=http%3A%2F%2Fwww.google.com&OSP=" target="_blank">http://go.microsoft.com/fwlink/?LinkID=226786&Mkt=en-US&Src=MSE&Tid=000328B9&OHP=http://www.google.com&OSP=</a></p><p>HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = <a href="http://www.msn.com/?pc=MSSE" target="_blank">http://www.msn.com/?pc=MSSE</a></p><p>HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,First Home Page = <a href="http://go.microsoft.com/fwlink/?LinkID=226786&Mkt=en-US&Src=MSE&Tid=000328B9&OHP=http%3A%2F%2Fwww.google.com&OSP=" target="_blank">http://go.microsoft.com/fwlink/?LinkID=226786&Mkt=en-US&Src=MSE&Tid=000328B9&OHP=http://www.google.com&OSP=</a></p><p>HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = <a href="http://www.msn.com/?pc=MSSE" target="_blank">http://www.msn.com/?pc=MSSE</a></p><p>HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,First Home Page = <a href="http://go.microsoft.com/fwlink/?LinkID=226786&Mkt=en-US&Src=MSE&Tid=000328B9&OHP=http%3A%2F%2Fwww.google.com&OSP=" target="_blank">http://go.microsoft.com/fwlink/?LinkID=226786&Mkt=en-US&Src=MSE&Tid=000328B9&OHP=http://www.google.com&OSP=</a></p><p>HKU\S-1-5-21-2383511167-434876183-2691488376-1004\Software\Microsoft\Internet Explorer\Main,Start Page = <a href="http://www.msn.com/?pc=MSSE" target="_blank">http://www.msn.com/?pc=MSSE</a></p><p>HKU\S-1-5-21-2383511167-434876183-2691488376-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = <a href="http://www.msn.com/?ocid=iehp" target="_blank">http://www.msn.com/?ocid=iehp</a></p><p>SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =</p><p>SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =</p><p>SearchScopes: HKU\.DEFAULT -> {C34A3EC2-C7F1-4F62-A549-DCE7F7322A79} URL = <a href="http://www.queryexplorer.com/?prt=QUERYEXPLORER187&keywords={searchTerms}" target="_blank">http://www.queryexplorer.com/?prt=QUERYEXPLORER187&keywords={searchTerms}</a></p><p>SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =</p><p>SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =</p><p>SearchScopes: HKU\S-1-5-21-2383511167-434876183-2691488376-1004 -> {E54321DF-FEBD-440C-8AD9-39DBC23CCBD0} URL = <a href="http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}" target="_blank">http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}</a></p><p>BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)</p><p>BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)</p><p>Toolbar: HKU\S-1-5-21-2383511167-434876183-2691488376-1004 -> No Name - {78FAD561-2F55-4BCD-B896-786662704334} - No File</p><p>DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} <a href="http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab" target="_blank">http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab</a></p><p>DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} <a href="http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab" target="_blank">http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab</a></p><p>DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} <a href="http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab" target="_blank">http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab</a></p><p>DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} <a href="http://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab" target="_blank">http://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab</a></p><p>Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)</p><p>Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)</p><p>Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76</p><p></p><p>FireFox:</p><p>========</p><p>FF ProfilePath: C:\Users\D-Black\AppData\Roaming\Mozilla\Firefox\Profiles\6t2mz6rd.default</p><p>FF DefaultSearchEngine: Bing</p><p>FF DefaultSearchEngine,S:</p><p>FF SearchEngineOrder.1:</p><p>FF SearchEngineOrder.1,S:</p><p>FF SelectedSearchEngine,S:</p><p>FF NetworkProxy: "type", 0</p><p>FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll ()</p><p>FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()</p><p>FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)</p><p>FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)</p><p>FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)</p><p>FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)</p><p>FF Plugin: @microsoft.com/GENUINE -> disabled No File</p><p>FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)</p><p>FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)</p><p>FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)</p><p>FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)</p><p>FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)</p><p>FF Plugin: @raidcall.en/RCplugin -> C:\Users\D-Black\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)</p><p>FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)</p><p>FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)</p><p>FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)</p><p>FF Plugin HKU\S-1-5-21-2383511167-434876183-2691488376-1004: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\D-Black\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)</p><p>FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)</p><p>FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)</p><p>FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)</p><p>FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)</p><p>FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)</p><p>FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)</p><p>FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)</p><p>FF Extension: Diccionario de Español/México - C:\Users\D-Black\AppData\Roaming\Mozilla\Firefox\Profiles\6t2mz6rd.default\Extensions\<a href="mailto:es-MX@dictionaries.addons.mozilla.org">es-MX@dictionaries.addons.mozilla.org</a> [2014-05-22]</p><p>FF Extension: placesmaintenancebonardonetec8030f7c20a464f9b0e13a3a9e97384 - C:\Users\D-Black\AppData\Roaming\Mozilla\Firefox\Profiles\6t2mz6rd.default\Extensions\<a href="mailto:places-maintenance@bonardo.net">places-maintenance@bonardo.net</a>{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2014-12-24]</p><p>FF Extension: Garmin Communicator - C:\Users\D-Black\AppData\Roaming\Mozilla\Firefox\Profiles\6t2mz6rd.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2014-08-13]</p><p>FF Extension: Español (México) Language Pack - C:\Users\D-Black\AppData\Roaming\Mozilla\Firefox\Profiles\6t2mz6rd.default\Extensions\<a href="mailto:langpack-es-MX@firefox.mozilla.org.xpi">langpack-es-MX@firefox.mozilla.org.xpi</a> [2014-05-22]</p><p>FF Extension: Define Ext - C:\Program Files\Mozilla Firefox\extensions\<a href="mailto:umylsm@sqhjcpzmeselzlp.org">umylsm@sqhjcpzmeselzlp.org</a> [2014-09-25]</p><p></p><p>Chrome:</p><p>=======</p><p>CHR HomePage: Default -></p><p>CHR StartupUrls: Default -> "", "hxxp://search.conduit.com/?ctid=CT3279411&SearchSource=48&CUI=UN33300377413157814&UM=2", "hxxp://websearch.ezsearches.info/", "<a href="https://www.google.com/" target="_blank">https://www.google.com/</a>"</p><p>CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google<img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite115" alt=":p" title="Stick out tongue :p" loading="lazy" data-shortname=":p" />ageClassification}{google:searchVersion}{google:sessionToken}{google<img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite115" alt=":p" title="Stick out tongue :p" loading="lazy" data-shortname=":p" />refetchQuery}sugkey={google:suggestAPIKeyParameter}</p><p>CHR Profile: C:\Users\D-Black\AppData\Local\Google\Chrome\User Data\Default</p><p>CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\D-Black\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-20]</p><p>CHR Extension: (Adblock Plus) - C:\Users\D-Black\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-12-23]</p><p>CHR Extension: (AdBlock) - C:\Users\D-Black\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-12-20]</p><p>CHR Extension: (Google Wallet) - C:\Users\D-Black\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-20]</p><p>CHR HKU\S-1-5-21-2383511167-434876183-2691488376-1004\...\Chrome\Extension: [bmkckgpgekmanipelfidlhmkfcjicion] - No Path</p><p></p><p>========================== Services (Whitelisted) =================</p><p></p><p>(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>S3 Creative ALchemy AL6 Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2014-09-13] (Creative Labs) [File not signed]</p><p>S3 Creative Audio Engine Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2014-09-13] (Creative Labs) [File not signed]</p><p>R2 CTAudSvcService; C:\Program Files\Creative\Shared Files\CTAudSvc.exe [307200 2009-02-23] (Creative Technology Ltd) [File not signed]</p><p>R2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-08-07] (Garmin Ltd or its subsidiaries)</p><p>R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [106248 2014-12-26] (SurfRight B.V.)</p><p>R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)</p><p>R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)</p><p>S4 RoxLiveShare10; C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [309744 2009-06-10] (Sonic Solutions)</p><p>R2 UDisk Monitor; C:\Program Files\Froyo_Android_Driver\Bin\MonServiceUDisk.exe [517960 2012-04-20] ()</p><p>R2 WindowsVNT_R3; C:\Program Files\Windows Network Accelerater\v3\winvxm.exe [2973600 2014-10-20] (MicroStudio) [File not signed]</p><p>R2 YouTubeDownload_P2; C:\Program Files\YouTube Downloader Services\P2\youtubeserv.exe [2967160 2014-11-01] (MicroTools)</p><p></p><p>==================== Drivers (Whitelisted) ====================</p><p></p><p>(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>S3 FlyUsb; C:\Windows\System32\DRIVERS\FlyUsb.sys [19456 2011-11-12] (LeapFrog)</p><p>S3 Generalusbserialser20675; C:\Windows\System32\DRIVERS\CT_U_USBSER.sys [112456 2012-04-20] (Incorporated)</p><p>R3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25752 2009-10-07] ()</p><p>S3 MotioninJoyXFilter; C:\Windows\System32\DRIVERS\MijXfilt.sys [99400 2012-07-24] (MotioninJoy) [File not signed]</p><p>R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)</p><p>R3 t_mouse.sys; C:\Windows\System32\DRIVERS\t_mouse.sys [5120 2012-12-19] ()</p><p>S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2012-12-13] (Apple, Inc.) [File not signed]</p><p>S3 zghsmdm; C:\Windows\System32\DRIVERS\zghsmdm.sys [106752 2011-01-13] (ZTE Incorporated)</p><p>S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]</p><p></p><p>==================== NetSvcs (Whitelisted) ===================</p><p></p><p></p><p>(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)</p><p></p><p></p><p>==================== One Month Created Files and Folders ========</p><p></p><p>(If an entry is included in the fixlist, the file\folder will be moved.)</p><p></p><p>2014-12-27 04:32 - 2014-12-27 04:33 - 00018834 _____ () C:\Users\D-Black\Downloads\FRST.txt</p><p>2014-12-27 04:32 - 2014-12-27 04:32 - 01114112 _____ (Farbar) C:\Users\D-Black\Downloads\FRST(1).exe</p><p>2014-12-27 04:32 - 2014-12-27 04:32 - 00000000 ____D () C:\FRST</p><p>2014-12-27 04:27 - 2014-12-27 04:27 - 01114112 _____ (Farbar) C:\Users\D-Black\Downloads\FRST.exe</p><p>2014-12-27 01:29 - 2014-12-27 01:30 - 00002161 _____ () C:\Users\Delaney\Desktop\Google Chrome.lnk</p><p>2014-12-27 01:29 - 2014-12-27 01:29 - 00097064 _____ () C:\Users\Delaney\AppData\Local\GDIPFONTCACHEV1.DAT</p><p>2014-12-27 01:29 - 2014-12-27 01:29 - 00001373 _____ () C:\Users\Delaney\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk</p><p>2014-12-27 01:29 - 2014-12-27 01:29 - 00000258 __RSH () C:\Users\Delaney\ntuser.pol</p><p>2014-12-27 01:29 - 2014-12-27 01:29 - 00000020 ___SH () C:\Users\Delaney\ntuser.ini</p><p>2014-12-27 01:29 - 2014-12-27 01:29 - 00000000 ____D () C:\Users\Delaney\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome</p><p>2014-12-27 01:29 - 2014-12-27 01:29 - 00000000 ____D () C:\Users\Delaney\AppData\Roaming\Apple Computer</p><p>2014-12-27 01:29 - 2014-12-27 01:29 - 00000000 ____D () C:\Users\Delaney\AppData\Roaming\Adobe</p><p>2014-12-27 01:29 - 2014-12-27 01:29 - 00000000 ____D () C:\Users\Delaney\AppData\Local\VirtualStore</p><p>2014-12-27 01:29 - 2014-12-27 01:29 - 00000000 ____D () C:\Users\Delaney\AppData\Local\Google</p><p>2014-12-27 01:29 - 2014-12-27 01:29 - 00000000 ____D () C:\Users\Delaney</p><p>2014-12-27 01:29 - 2010-06-30 03:25 - 00000000 ____D () C:\Users\Delaney\AppData\Roaming\Macromedia</p><p>2014-12-27 01:29 - 2009-07-13 23:42 - 00000000 ___RD () C:\Users\Delaney\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories</p><p>2014-12-27 01:29 - 2009-07-13 23:37 - 00000000 ___RD () C:\Users\Delaney\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance</p><p>2014-12-27 01:01 - 2014-12-27 01:01 - 00005546 _____ () C:\Windows\system32\.crusader</p><p>2014-12-26 23:16 - 2014-12-26 23:16 - 00001766 _____ () C:\Users\D-Black\Desktop\JRT.txt</p><p>2014-12-26 22:53 - 2014-12-26 22:53 - 00001853 _____ () C:\Users\Public\Desktop\HitmanPro.lnk</p><p>2014-12-26 22:53 - 2014-12-26 22:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro</p><p>2014-12-26 22:53 - 2014-12-26 22:53 - 00000000 ____D () C:\Program Files\HitmanPro</p><p>2014-12-26 22:52 - 2014-12-27 01:01 - 00000000 ____D () C:\ProgramData\HitmanPro</p><p>2014-12-26 22:51 - 2014-12-26 22:52 - 10284408 _____ (SurfRight B.V.) C:\Users\D-Black\Downloads\HitmanPro.exe</p><p>2014-12-26 22:49 - 2014-12-26 22:49 - 00000000 ____D () C:\ProgramData\Malwarebytes</p><p>2014-12-26 22:48 - 2014-12-26 22:49 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\D-Black\Downloads\mbam-setup-2.0.4.1028 (1).exe</p><p>2014-12-26 22:42 - 2014-12-26 22:42 - 01707646 _____ (Thisisu) C:\Users\D-Black\Downloads\JRT.exe</p><p>2014-12-26 22:42 - 2014-12-26 22:42 - 00000000 ____D () C:\Windows\ERUNT</p><p>2014-12-26 22:41 - 2014-12-26 22:42 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\D-Black\Downloads\mbam-setup-2.0.4.1028.exe</p><p>2014-12-22 21:30 - 2014-12-27 04:33 - 00000352 _____ () C:\Windows\Tasks\CIMT_S-1-5-21-2383511167-434876183-2691488376-1004.job</p><p>2014-12-22 21:30 - 2014-12-26 21:30 - 00000386 _____ () C:\Windows\Tasks\CIMT_daily_S-1-5-21-2383511167-434876183-2691488376-1004.job</p><p>2014-12-22 21:30 - 2014-12-22 21:30 - 00000000 ____D () C:\Users\D-Black\AppData\Roaming\Compete</p><p>2014-12-22 21:15 - 2014-12-27 02:44 - 00000000 ____D () C:\AdwCleaner</p><p>2014-12-22 21:15 - 2014-12-22 21:15 - 02173952 _____ () C:\Users\D-Black\Downloads\AdwCleaner.exe</p><p>2014-12-21 22:12 - 2014-12-21 22:22 - 00002110 _____ () C:\Users\D-Black\Desktop\chrome.lnk</p><p>2014-12-21 12:31 - 2014-12-27 00:14 - 00000000 ____D () C:\Program Files\8dace22a-3f57-4c2e-bcd5-f03196cee2f3</p><p>2014-12-21 12:08 - 2014-12-21 12:08 - 00000000 ____D () C:\Program Files\Common Files\Java</p><p>2014-12-21 12:04 - 2014-12-21 12:04 - 00638888 _____ (Oracle Corporation) C:\Users\D-Black\Downloads\chromeinstall-8u25.exe</p><p>2014-12-21 10:39 - 2014-12-21 10:39 - 00000837 _____ () C:\Users\D-Black\Downloads\Unconfirmed 656290.crdownload</p><p>2014-12-21 10:15 - 2014-12-21 10:15 - 00000837 _____ () C:\Users\D-Black\Downloads\coupon_printer.jnlp</p><p>2014-12-21 09:42 - 2014-12-21 09:42 - 02119632 _____ (Valassis) C:\Users\D-Black\Downloads\P@H_prodcand-GscCTeaC.exe</p><p>2014-12-21 09:41 - 2014-12-21 09:41 - 02119632 _____ (Valassis) C:\Users\D-Black\Downloads\P@H_prodcand-xVWJ2i5c.exe</p><p>2014-12-20 12:28 - 2014-12-20 12:28 - 02119632 _____ (Valassis) C:\Users\D-Black\Downloads\P@H_prodcand-vJocDE6T.exe</p><p>2014-12-20 12:28 - 2014-12-20 12:28 - 00000000 ____D () C:\Users\D-Black\AppData\Local\Valassis</p><p>2014-12-20 12:26 - 2014-12-20 12:26 - 02119632 _____ (Valassis) C:\Users\D-Black\Downloads\P@H_prodcand-KyCCGBI1.exe</p><p>2014-12-20 11:58 - 2014-12-20 11:58 - 02080456 _____ (Coupons.com Incorporated) C:\Users\D-Black\Downloads\CouponPrinterCPS (3).exe</p><p>2014-12-20 11:56 - 2014-12-20 11:56 - 02080456 _____ (Coupons.com Incorporated) C:\Users\D-Black\Downloads\CouponPrinterCPS (2).exe</p><p>2014-12-20 11:55 - 2014-12-20 11:55 - 02080456 _____ (Coupons.com Incorporated) C:\Users\D-Black\Downloads\CouponPrinterCPS (1).exe</p><p>2014-12-20 10:59 - 2014-12-20 10:59 - 00001642 _____ () C:\ProgramData\tempimage.bmp</p><p>2014-12-20 01:40 - 2014-12-20 01:40 - 00628496 _____ (CMI Limited) C:\Users\D-Black\AppData\Local\nssA6E5.tmp</p><p>2014-12-20 00:35 - 2014-12-20 00:36 - 00880784 _____ (Google Inc.) C:\Users\D-Black\Downloads\ChromeSetup(1).exe</p><p>2014-12-20 00:28 - 2014-12-27 00:14 - 00000000 ____D () C:\ProgramData\FellowSky</p><p>2014-12-20 00:28 - 2014-12-14 10:53 - 00332568 _____ (CartCrunch Israel Ltd.) C:\Windows\system32\ColorMedia.dll</p><p>2014-12-20 00:27 - 2014-12-20 00:27 - 00002014 _____ () C:\Windows\patsearch.bin</p><p>2014-12-20 00:27 - 2014-12-20 00:27 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstrNewH_01009.Wdf</p><p>2014-12-18 13:22 - 2014-12-18 13:22 - 00000000 ____D () C:\Users\D-Black\AppData\Local\Zeoinsight</p><p>2014-12-18 13:22 - 2014-12-18 13:22 - 00000000 ____D () C:\Users\D-Black\AppData\Local\ZBAnalyticsCore</p><p>2014-12-18 02:06 - 2014-12-12 22:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe</p><p>2014-12-10 03:27 - 2014-12-10 03:27 - 00000000 ____D () C:\Windows\system32\appraiser</p><p>2014-12-10 03:10 - 2014-10-17 20:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll</p><p>2014-12-10 02:08 - 2014-12-03 23:38 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll</p><p>2014-12-10 02:08 - 2014-12-03 23:38 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll</p><p>2014-12-10 02:08 - 2014-12-03 23:38 - 00337920 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll</p><p>2014-12-10 02:08 - 2014-12-03 23:38 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll</p><p>2014-12-10 02:08 - 2014-12-03 23:38 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll</p><p>2014-12-10 02:08 - 2014-12-03 23:38 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll</p><p>2014-12-10 02:08 - 2014-12-03 23:34 - 00873984 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll</p><p>2014-12-10 02:08 - 2014-12-01 18:28 - 01160872 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe</p><p>2014-12-10 02:08 - 2014-11-26 20:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll</p><p>2014-12-10 02:08 - 2014-11-21 21:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll</p><p>2014-12-10 02:08 - 2014-11-21 21:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb</p><p>2014-12-10 02:08 - 2014-11-21 21:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll</p><p>2014-12-10 02:08 - 2014-11-21 21:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll</p><p>2014-12-10 02:08 - 2014-11-21 21:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll</p><p>2014-12-10 02:08 - 2014-11-21 21:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll</p><p>2014-12-10 02:08 - 2014-11-21 21:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll</p><p>2014-12-10 02:08 - 2014-11-21 21:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll</p><p>2014-12-10 02:08 - 2014-11-21 20:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll</p><p>2014-12-10 02:08 - 2014-11-21 20:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll</p><p>2014-12-10 02:08 - 2014-11-21 20:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll</p><p>2014-12-10 02:08 - 2014-11-21 20:55 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe</p><p>2014-12-10 02:08 - 2014-11-21 20:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll</p><p>2014-12-10 02:08 - 2014-11-21 20:48 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe</p><p>2014-12-10 02:08 - 2014-11-21 20:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll</p><p>2014-12-10 02:08 - 2014-11-21 20:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll</p><p>2014-12-10 02:08 - 2014-11-21 20:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll</p><p>2014-12-10 02:08 - 2014-11-21 20:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll</p><p>2014-12-10 02:08 - 2014-11-21 20:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll</p><p>2014-12-10 02:08 - 2014-11-21 20:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll</p><p>2014-12-10 02:08 - 2014-11-21 20:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll</p><p>2014-12-10 02:08 - 2014-11-21 20:23 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe</p><p>2014-12-10 02:08 - 2014-11-21 20:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl</p><p>2014-12-10 02:08 - 2014-11-21 20:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll</p><p>2014-12-10 02:08 - 2014-11-21 20:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll</p><p>2014-12-10 02:08 - 2014-11-21 20:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll</p><p>2014-12-10 02:08 - 2014-11-21 19:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll</p><p>2014-12-10 02:08 - 2014-11-21 19:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll</p><p>2014-12-10 02:08 - 2014-11-10 21:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll</p><p>2014-12-10 02:08 - 2014-11-10 20:32 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys</p><p>2014-12-10 02:08 - 2014-11-07 21:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll</p><p>2014-12-10 02:07 - 2014-10-29 20:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe</p><p>2014-12-10 02:07 - 2014-10-02 20:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll</p><p>2014-12-10 02:07 - 2014-10-02 20:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll</p><p>2014-12-10 02:07 - 2014-10-02 20:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll</p><p>2014-12-10 02:07 - 2014-10-02 20:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll</p><p>2014-12-10 02:07 - 2014-10-02 20:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe</p><p></p><p>==================== One Month Modified Files and Folders =======</p><p></p><p>(If an entry is included in the fixlist, the file\folder will be moved.)</p><p></p><p>2014-12-27 04:21 - 2010-07-01 02:12 - 01889295 _____ () C:\Windows\WindowsUpdate.log</p><p>2014-12-27 04:17 - 2010-06-30 02:44 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2383511167-434876183-2691488376-1001UA.job</p><p>2014-12-27 04:17 - 2009-07-13 23:34 - 00022576 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0</p><p>2014-12-27 04:17 - 2009-07-13 23:34 - 00022576 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0</p><p>2014-12-27 04:15 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\NDF</p><p>2014-12-27 04:10 - 2013-08-20 17:35 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job</p><p>2014-12-27 04:09 - 2010-08-03 02:16 - 00984446 _____ () C:\Windows\PFRO.log</p><p>2014-12-27 04:09 - 2009-07-13 23:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT</p><p>2014-12-27 04:09 - 2009-07-13 23:39 - 01216729 _____ () C:\Windows\setupact.log</p><p>2014-12-27 03:41 - 2013-08-20 17:35 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job</p><p>2014-12-27 03:40 - 2012-04-04 08:37 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job</p><p>2014-12-27 03:34 - 2013-07-08 20:29 - 00000936 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2383511167-434876183-2691488376-1004UA.job</p><p>2014-12-27 00:19 - 2010-07-01 03:09 - 00000000 ____D () C:\Windows\Panther</p><p>2014-12-27 00:15 - 2011-03-10 21:58 - 00000000 ____D () C:\ProgramData\InstallMate</p><p>2014-12-27 00:14 - 2014-04-17 23:38 - 00000000 ____D () C:\Program Files\OpenSoftwareUpdater</p><p>2014-12-26 23:07 - 2013-03-02 23:30 - 00000000 ____D () C:\Users\D-Black</p><p>2014-12-26 21:34 - 2013-07-08 20:29 - 00000914 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2383511167-434876183-2691488376-1004Core.job</p><p>2014-12-26 13:17 - 2010-06-30 02:44 - 00000864 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2383511167-434876183-2691488376-1001Core.job</p><p>2014-12-22 17:30 - 2013-04-16 02:58 - 00001139 _____ () C:\Users\D-Black\AppData\Roaming\Microsoft\Windows\Start Menu\GOM Player.lnk</p><p>2014-12-22 17:30 - 2013-04-16 02:58 - 00001115 _____ () C:\Users\Public\Desktop\GOM Player.lnk</p><p>2014-12-22 17:30 - 2010-08-15 22:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOM Player</p><p>2014-12-21 12:06 - 2014-08-16 18:25 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll</p><p>2014-12-21 12:06 - 2014-06-07 11:14 - 00000000 ____D () C:\ProgramData\Oracle</p><p>2014-12-21 12:06 - 2010-06-30 03:10 - 00000000 ____D () C:\Program Files\Java</p><p>2014-12-20 15:13 - 2009-07-13 21:04 - 00000505 _____ () C:\Windows\win.ini</p><p>2014-12-20 11:58 - 2013-04-20 20:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons</p><p>2014-12-19 21:35 - 2013-04-01 11:10 - 00000000 ____D () C:\Users\D-Black\AppData\Local\Adobe</p><p>2014-12-19 21:35 - 2012-04-04 08:37 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe</p><p>2014-12-19 21:35 - 2011-05-17 08:32 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl</p><p>2014-12-19 21:29 - 2013-04-29 21:48 - 00000000 ____D () C:\Users\D-Black\AppData\Local\Ares</p><p>2014-12-19 17:53 - 2013-09-09 20:29 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk</p><p>2014-12-16 20:25 - 2010-07-01 02:20 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI</p><p>2014-12-15 14:40 - 2013-06-27 11:36 - 01807360 ___SH () C:\Users\D-Black\Downloads\Thumbs.db</p><p>2014-12-15 14:26 - 2014-11-14 09:14 - 00000000 ____D () C:\ProgramData\Windows VXM</p><p>2014-12-10 19:29 - 2013-04-02 23:04 - 00009664 _____ () C:\Users\D-Black\AppData\Roaming\wklnhst.dat</p><p>2014-12-10 18:47 - 2009-07-13 23:52 - 00000000 ____D () C:\Windows\system32\FxsTmp</p><p>2014-12-10 04:06 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\rescache</p><p>2014-12-10 03:27 - 2014-05-07 02:17 - 00000000 ___SD () C:\Windows\system32\CompatTel</p><p>2014-12-10 03:27 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\AppCompat</p><p>2014-12-10 03:09 - 2013-07-23 19:37 - 00000000 ____D () C:\Windows\system32\MRT</p><p>2014-12-10 03:01 - 2010-07-27 20:30 - 109818608 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe</p><p>2014-12-07 21:10 - 2014-09-09 00:37 - 00022016 _____ () C:\Users\D-Black\Documents\Dnunez Resume.wps</p><p>2014-11-28 18:06 - 2013-03-02 23:37 - 00000000 ____D () C:\Users\D-Black\AppData\Roaming\uTorrent</p><p></p><p>Some content of TEMP:</p><p>====================</p><p>C:\Users\D-Black\AppData\Local\Temp\19E6D02F-51CC-C45B-A851-60BF4859F80C.dll</p><p>C:\Users\D-Black\AppData\Local\Temp\3D28_jre-7u21-windows-i586.exe</p><p>C:\Users\D-Black\AppData\Local\Temp\air7124.exe</p><p>C:\Users\D-Black\AppData\Local\Temp\airC82B.exe</p><p>C:\Users\D-Black\AppData\Local\Temp\APNSetup.exe</p><p>C:\Users\D-Black\AppData\Local\Temp\BlueStacks-SplitInstaller_native_b.exe</p><p>C:\Users\D-Black\AppData\Local\Temp\CloudBackup4938.exe</p><p>C:\Users\D-Black\AppData\Local\Temp\ConsumerInputSetup.exe</p><p>C:\Users\D-Black\AppData\Local\Temp\Couponscom.exe</p><p>C:\Users\D-Black\AppData\Local\Temp\DefaultPack.exe</p><p>C:\Users\D-Black\AppData\Local\Temp\DivXSetup.exe</p><p>C:\Users\D-Black\AppData\Local\Temp\DseShExt-x86.dll</p><p>C:\Users\D-Black\AppData\Local\Temp\DWPUpgradeInstaller.exe</p><p>C:\Users\D-Black\AppData\Local\Temp\essetup.exe</p><p>C:\Users\D-Black\AppData\Local\Temp\ExPromo.exe</p><p>C:\Users\D-Black\AppData\Local\Temp\ffsetup.exe</p><p>C:\Users\D-Black\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe</p><p>C:\Users\D-Black\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe</p><p>C:\Users\D-Black\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe</p><p>C:\Users\D-Black\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe</p><p>C:\Users\D-Black\AppData\Local\Temp\MouseKeyboardCenterx86_1033.exe</p><p>C:\Users\D-Black\AppData\Local\Temp\nspDE02.tmp.exe</p><p>C:\Users\D-Black\AppData\Local\Temp\OnlineBackup.exe</p><p>C:\Users\D-Black\AppData\Local\Temp\Quarantine.exe</p><p>C:\Users\D-Black\AppData\Local\Temp\RSPUpgradeInstaller.exe</p><p>C:\Users\D-Black\AppData\Local\Temp\SDShelEx-win32.dll</p><p>C:\Users\D-Black\AppData\Local\Temp\SfpcHelper_installFinish.exe</p><p>C:\Users\D-Black\AppData\Local\Temp\SfpcHelper_installStart.exe</p><p>C:\Users\D-Black\AppData\Local\Temp\SpOrder.dll</p><p>C:\Users\D-Black\AppData\Local\Temp\sqlite3.dll</p><p>C:\Users\D-Black\AppData\Local\Temp\tbappb.dll</p><p>C:\Users\D-Black\AppData\Local\Temp\tbInte.dll</p><p>C:\Users\D-Black\AppData\Local\Temp\tbuTor.dll</p><p>C:\Users\D-Black\AppData\Local\Temp\The_Weather_Channel_Application.exe</p><p>C:\Users\D-Black\AppData\Local\Temp\uninst1.exe</p><p>C:\Users\D-Black\AppData\Local\Temp\Update.exe</p><p>C:\Users\D-Black\AppData\Local\Temp\utt8A9.tmp.exe</p><p>C:\Users\D-Black\AppData\Local\Temp\uttC170.tmp.exe</p><p>C:\Users\D-Black\AppData\Local\Temp\vcredist_x86.exe</p><p>C:\Users\D-Black\AppData\Local\Temp\wget.exe</p><p></p><p></p><p>==================== Bamital & volsnap Check =================</p><p></p><p>(There is no automatic fix for files that do not pass verification.)</p><p></p><p>C:\Windows\explorer.exe => File is digitally signed</p><p>C:\Windows\system32\winlogon.exe => File is digitally signed</p><p>C:\Windows\system32\wininit.exe => File is digitally signed</p><p>C:\Windows\system32\svchost.exe => File is digitally signed</p><p>C:\Windows\system32\services.exe => File is digitally signed</p><p>C:\Windows\system32\User32.dll => File is digitally signed</p><p>C:\Windows\system32\userinit.exe => File is digitally signed</p><p>C:\Windows\system32\rpcss.dll => File is digitally signed</p><p>C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed</p><p></p><p></p><p>LastRegBack: 2014-12-25 00:44</p><p></p><p>==================== End Of Log ============================</p></blockquote><p></p>
[QUOTE="dnunez, post: 322136, member: 32414"] Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-12-2014 Ran by D-Black (administrator) on LACOCECHA on 27-12-2014 04:32:09 Running from C:\Users\D-Black\Downloads Loaded Profile: D-Black (Available profiles: D-Black & Delaney) Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: [url]http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/[/url] ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (AMD) C:\Windows\System32\atiesrxx.exe (Creative Technology Ltd) C:\Program Files\Creative\Shared Files\CTAudSvc.exe (SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe (AMD) C:\Windows\System32\atieclxx.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe (Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe () C:\Program Files\Froyo_Android_Driver\Bin\MonServiceUDisk.exe (MicroStudio) C:\Program Files\Windows Network Accelerater\v3\winvxm.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (MicroTools) C:\Program Files\YouTube Downloader Services\P2\youtubeserv.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Google Inc.) C:\Program Files\Google\Update\1.3.25.11\GoogleCrashHandler.exe () C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe (Creative Technology Ltd) C:\Windows\System32\Ctxfihlp.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Windows\System32\StikyNot.exe (Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Express Tray\ExpressTray.exe () C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe (Creative Technology Ltd) C:\Windows\System32\CTxfispi.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_235.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_235.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RoxWatchTray] => C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe [244208 2009-06-10] (Sonic Solutions) HKLM\...\Run: [LogitechQuickCamRibbon] => C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] () HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation) HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2010-11-01] (Pixart Imaging Inc) HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-08-19] (DivX, LLC) HKLM\...\Run: [CTxfiHlp] => CTXFIHLP.EXE HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation) HKU\S-1-5-21-2383511167-434876183-2691488376-1004\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [354304 2009-07-13] (Microsoft Corporation) HKU\S-1-5-21-2383511167-434876183-2691488376-1004\...\Run: [Facebook Update] => C:\Users\D-Black\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-07-08] (Facebook Inc.) HKU\S-1-5-21-2383511167-434876183-2691488376-1004\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries) HKU\S-1-5-21-2383511167-434876183-2691488376-1004\...\Run: [Itibiti.exe] => C:\Program Files\Itibiti Soft Phone\Itibiti.exe HKU\S-1-5-21-2383511167-434876183-2691488376-1004\...\Run: [PCKeeper2] => "C:\Program Files\Kromtech\PCKeeper\PCKeeper.exe" /autorun HKU\S-1-5-21-2383511167-434876183-2691488376-1004\...\MountPoints2: {10abe97b-3a4f-11e4-b707-00219b1bee3d} - F:\Windows\AutoRun.exe HKU\S-1-5-21-2383511167-434876183-2691488376-1004\...\MountPoints2: {7adb1515-4075-11e4-b6c3-00219b1bee3d} - F:\Windows\AutoRun.exe HKU\S-1-5-21-2383511167-434876183-2691488376-1004\...\MountPoints2: {855517e7-b693-11e3-8295-00219b1bee3d} - F:\LaunchU3.exe -a HKU\S-1-5-21-2383511167-434876183-2691488376-1004\...\MountPoints2: {859f627d-2c9f-11e3-b7b7-00219b1bee3d} - F:\N8000_ZTE.exe HKU\S-1-5-21-2383511167-434876183-2691488376-1004\...\MountPoints2: {cdd59a84-84c7-11e4-961f-00219b1bee3d} - F:\Windows\AutoRun.exe HKU\S-1-5-21-2383511167-434876183-2691488376-1004\...\MountPoints2: {cf6cf40c-2f00-11e4-b6be-00219b1bee3d} - F:\Windows\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2088.1.A01B06 PID_0083 {01D42BF0-ED08-463f-8A28-99EB6FEE962B} HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect" GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION CHR HKU\S-1-5-21-2383511167-434876183-2691488376-1004\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyEnable: [HKLM] => ProxyEnable is set. ProxyServer: [HKLM] => http=127.0.0.1:8800;https=127.0.0.1:8800 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.msn.com/?pc=MSSE[/url] HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.msn.com/?pc=MSSE[/url] HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,First Home Page = [url]http://go.microsoft.com/fwlink/?LinkID=226786&Mkt=en-US&Src=MSE&Tid=000328B9&OHP=http%3A%2F%2Fwww.google.com&OSP=[/url] HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.msn.com/?pc=MSSE[/url] HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,First Home Page = [url]http://go.microsoft.com/fwlink/?LinkID=226786&Mkt=en-US&Src=MSE&Tid=000328B9&OHP=http%3A%2F%2Fwww.google.com&OSP=[/url] HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.msn.com/?pc=MSSE[/url] HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,First Home Page = [url]http://go.microsoft.com/fwlink/?LinkID=226786&Mkt=en-US&Src=MSE&Tid=000328B9&OHP=http%3A%2F%2Fwww.google.com&OSP=[/url] HKU\S-1-5-21-2383511167-434876183-2691488376-1004\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.msn.com/?pc=MSSE[/url] HKU\S-1-5-21-2383511167-434876183-2691488376-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [url]http://www.msn.com/?ocid=iehp[/url] SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\.DEFAULT -> {C34A3EC2-C7F1-4F62-A549-DCE7F7322A79} URL = [url]http://www.queryexplorer.com/?prt=QUERYEXPLORER187&keywords={searchTerms}[/url] SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2383511167-434876183-2691488376-1004 -> {E54321DF-FEBD-440C-8AD9-39DBC23CCBD0} URL = [url]http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}[/url] BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKU\S-1-5-21-2383511167-434876183-2691488376-1004 -> No Name - {78FAD561-2F55-4BCD-B896-786662704334} - No File DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} [url]http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab[/url] DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [url]http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab[/url] DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} [url]http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab[/url] DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} [url]http://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab[/url] Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 FireFox: ======== FF ProfilePath: C:\Users\D-Black\AppData\Roaming\Mozilla\Firefox\Profiles\6t2mz6rd.default FF DefaultSearchEngine: Bing FF DefaultSearchEngine,S: FF SearchEngineOrder.1: FF SearchEngineOrder.1,S: FF SelectedSearchEngine,S: FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll () FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC) FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @raidcall.en/RCplugin -> C:\Users\D-Black\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-2383511167-434876183-2691488376-1004: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\D-Black\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.) FF Extension: Diccionario de Español/México - C:\Users\D-Black\AppData\Roaming\Mozilla\Firefox\Profiles\6t2mz6rd.default\Extensions\[email]es-MX@dictionaries.addons.mozilla.org[/email] [2014-05-22] FF Extension: placesmaintenancebonardonetec8030f7c20a464f9b0e13a3a9e97384 - C:\Users\D-Black\AppData\Roaming\Mozilla\Firefox\Profiles\6t2mz6rd.default\Extensions\[email]places-maintenance@bonardo.net[/email]{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2014-12-24] FF Extension: Garmin Communicator - C:\Users\D-Black\AppData\Roaming\Mozilla\Firefox\Profiles\6t2mz6rd.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2014-08-13] FF Extension: Español (México) Language Pack - C:\Users\D-Black\AppData\Roaming\Mozilla\Firefox\Profiles\6t2mz6rd.default\Extensions\[email]langpack-es-MX@firefox.mozilla.org.xpi[/email] [2014-05-22] FF Extension: Define Ext - C:\Program Files\Mozilla Firefox\extensions\[email]umylsm@sqhjcpzmeselzlp.org[/email] [2014-09-25] Chrome: ======= CHR HomePage: Default -> CHR StartupUrls: Default -> "", "hxxp://search.conduit.com/?ctid=CT3279411&SearchSource=48&CUI=UN33300377413157814&UM=2", "hxxp://websearch.ezsearches.info/", "[url]https://www.google.com/[/url]" CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter} CHR Profile: C:\Users\D-Black\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\D-Black\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-20] CHR Extension: (Adblock Plus) - C:\Users\D-Black\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-12-23] CHR Extension: (AdBlock) - C:\Users\D-Black\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-12-20] CHR Extension: (Google Wallet) - C:\Users\D-Black\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-20] CHR HKU\S-1-5-21-2383511167-434876183-2691488376-1004\...\Chrome\Extension: [bmkckgpgekmanipelfidlhmkfcjicion] - No Path ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 Creative ALchemy AL6 Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2014-09-13] (Creative Labs) [File not signed] S3 Creative Audio Engine Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2014-09-13] (Creative Labs) [File not signed] R2 CTAudSvcService; C:\Program Files\Creative\Shared Files\CTAudSvc.exe [307200 2009-02-23] (Creative Technology Ltd) [File not signed] R2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-08-07] (Garmin Ltd or its subsidiaries) R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [106248 2014-12-26] (SurfRight B.V.) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation) S4 RoxLiveShare10; C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [309744 2009-06-10] (Sonic Solutions) R2 UDisk Monitor; C:\Program Files\Froyo_Android_Driver\Bin\MonServiceUDisk.exe [517960 2012-04-20] () R2 WindowsVNT_R3; C:\Program Files\Windows Network Accelerater\v3\winvxm.exe [2973600 2014-10-20] (MicroStudio) [File not signed] R2 YouTubeDownload_P2; C:\Program Files\YouTube Downloader Services\P2\youtubeserv.exe [2967160 2014-11-01] (MicroTools) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 FlyUsb; C:\Windows\System32\DRIVERS\FlyUsb.sys [19456 2011-11-12] (LeapFrog) S3 Generalusbserialser20675; C:\Windows\System32\DRIVERS\CT_U_USBSER.sys [112456 2012-04-20] (Incorporated) R3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25752 2009-10-07] () S3 MotioninJoyXFilter; C:\Windows\System32\DRIVERS\MijXfilt.sys [99400 2012-07-24] (MotioninJoy) [File not signed] R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation) R3 t_mouse.sys; C:\Windows\System32\DRIVERS\t_mouse.sys [5120 2012-12-19] () S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2012-12-13] (Apple, Inc.) [File not signed] S3 zghsmdm; C:\Windows\System32\DRIVERS\zghsmdm.sys [106752 2011-01-13] (ZTE Incorporated) S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-27 04:32 - 2014-12-27 04:33 - 00018834 _____ () C:\Users\D-Black\Downloads\FRST.txt 2014-12-27 04:32 - 2014-12-27 04:32 - 01114112 _____ (Farbar) C:\Users\D-Black\Downloads\FRST(1).exe 2014-12-27 04:32 - 2014-12-27 04:32 - 00000000 ____D () C:\FRST 2014-12-27 04:27 - 2014-12-27 04:27 - 01114112 _____ (Farbar) C:\Users\D-Black\Downloads\FRST.exe 2014-12-27 01:29 - 2014-12-27 01:30 - 00002161 _____ () C:\Users\Delaney\Desktop\Google Chrome.lnk 2014-12-27 01:29 - 2014-12-27 01:29 - 00097064 _____ () C:\Users\Delaney\AppData\Local\GDIPFONTCACHEV1.DAT 2014-12-27 01:29 - 2014-12-27 01:29 - 00001373 _____ () C:\Users\Delaney\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-12-27 01:29 - 2014-12-27 01:29 - 00000258 __RSH () C:\Users\Delaney\ntuser.pol 2014-12-27 01:29 - 2014-12-27 01:29 - 00000020 ___SH () C:\Users\Delaney\ntuser.ini 2014-12-27 01:29 - 2014-12-27 01:29 - 00000000 ____D () C:\Users\Delaney\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-12-27 01:29 - 2014-12-27 01:29 - 00000000 ____D () C:\Users\Delaney\AppData\Roaming\Apple Computer 2014-12-27 01:29 - 2014-12-27 01:29 - 00000000 ____D () C:\Users\Delaney\AppData\Roaming\Adobe 2014-12-27 01:29 - 2014-12-27 01:29 - 00000000 ____D () C:\Users\Delaney\AppData\Local\VirtualStore 2014-12-27 01:29 - 2014-12-27 01:29 - 00000000 ____D () C:\Users\Delaney\AppData\Local\Google 2014-12-27 01:29 - 2014-12-27 01:29 - 00000000 ____D () C:\Users\Delaney 2014-12-27 01:29 - 2010-06-30 03:25 - 00000000 ____D () C:\Users\Delaney\AppData\Roaming\Macromedia 2014-12-27 01:29 - 2009-07-13 23:42 - 00000000 ___RD () C:\Users\Delaney\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-12-27 01:29 - 2009-07-13 23:37 - 00000000 ___RD () C:\Users\Delaney\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-12-27 01:01 - 2014-12-27 01:01 - 00005546 _____ () C:\Windows\system32\.crusader 2014-12-26 23:16 - 2014-12-26 23:16 - 00001766 _____ () C:\Users\D-Black\Desktop\JRT.txt 2014-12-26 22:53 - 2014-12-26 22:53 - 00001853 _____ () C:\Users\Public\Desktop\HitmanPro.lnk 2014-12-26 22:53 - 2014-12-26 22:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro 2014-12-26 22:53 - 2014-12-26 22:53 - 00000000 ____D () C:\Program Files\HitmanPro 2014-12-26 22:52 - 2014-12-27 01:01 - 00000000 ____D () C:\ProgramData\HitmanPro 2014-12-26 22:51 - 2014-12-26 22:52 - 10284408 _____ (SurfRight B.V.) C:\Users\D-Black\Downloads\HitmanPro.exe 2014-12-26 22:49 - 2014-12-26 22:49 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-12-26 22:48 - 2014-12-26 22:49 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\D-Black\Downloads\mbam-setup-2.0.4.1028 (1).exe 2014-12-26 22:42 - 2014-12-26 22:42 - 01707646 _____ (Thisisu) C:\Users\D-Black\Downloads\JRT.exe 2014-12-26 22:42 - 2014-12-26 22:42 - 00000000 ____D () C:\Windows\ERUNT 2014-12-26 22:41 - 2014-12-26 22:42 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\D-Black\Downloads\mbam-setup-2.0.4.1028.exe 2014-12-22 21:30 - 2014-12-27 04:33 - 00000352 _____ () C:\Windows\Tasks\CIMT_S-1-5-21-2383511167-434876183-2691488376-1004.job 2014-12-22 21:30 - 2014-12-26 21:30 - 00000386 _____ () C:\Windows\Tasks\CIMT_daily_S-1-5-21-2383511167-434876183-2691488376-1004.job 2014-12-22 21:30 - 2014-12-22 21:30 - 00000000 ____D () C:\Users\D-Black\AppData\Roaming\Compete 2014-12-22 21:15 - 2014-12-27 02:44 - 00000000 ____D () C:\AdwCleaner 2014-12-22 21:15 - 2014-12-22 21:15 - 02173952 _____ () C:\Users\D-Black\Downloads\AdwCleaner.exe 2014-12-21 22:12 - 2014-12-21 22:22 - 00002110 _____ () C:\Users\D-Black\Desktop\chrome.lnk 2014-12-21 12:31 - 2014-12-27 00:14 - 00000000 ____D () C:\Program Files\8dace22a-3f57-4c2e-bcd5-f03196cee2f3 2014-12-21 12:08 - 2014-12-21 12:08 - 00000000 ____D () C:\Program Files\Common Files\Java 2014-12-21 12:04 - 2014-12-21 12:04 - 00638888 _____ (Oracle Corporation) C:\Users\D-Black\Downloads\chromeinstall-8u25.exe 2014-12-21 10:39 - 2014-12-21 10:39 - 00000837 _____ () C:\Users\D-Black\Downloads\Unconfirmed 656290.crdownload 2014-12-21 10:15 - 2014-12-21 10:15 - 00000837 _____ () C:\Users\D-Black\Downloads\coupon_printer.jnlp 2014-12-21 09:42 - 2014-12-21 09:42 - 02119632 _____ (Valassis) C:\Users\D-Black\Downloads\P@H_prodcand-GscCTeaC.exe 2014-12-21 09:41 - 2014-12-21 09:41 - 02119632 _____ (Valassis) C:\Users\D-Black\Downloads\P@H_prodcand-xVWJ2i5c.exe 2014-12-20 12:28 - 2014-12-20 12:28 - 02119632 _____ (Valassis) C:\Users\D-Black\Downloads\P@H_prodcand-vJocDE6T.exe 2014-12-20 12:28 - 2014-12-20 12:28 - 00000000 ____D () C:\Users\D-Black\AppData\Local\Valassis 2014-12-20 12:26 - 2014-12-20 12:26 - 02119632 _____ (Valassis) C:\Users\D-Black\Downloads\P@H_prodcand-KyCCGBI1.exe 2014-12-20 11:58 - 2014-12-20 11:58 - 02080456 _____ (Coupons.com Incorporated) C:\Users\D-Black\Downloads\CouponPrinterCPS (3).exe 2014-12-20 11:56 - 2014-12-20 11:56 - 02080456 _____ (Coupons.com Incorporated) C:\Users\D-Black\Downloads\CouponPrinterCPS (2).exe 2014-12-20 11:55 - 2014-12-20 11:55 - 02080456 _____ (Coupons.com Incorporated) C:\Users\D-Black\Downloads\CouponPrinterCPS (1).exe 2014-12-20 10:59 - 2014-12-20 10:59 - 00001642 _____ () C:\ProgramData\tempimage.bmp 2014-12-20 01:40 - 2014-12-20 01:40 - 00628496 _____ (CMI Limited) C:\Users\D-Black\AppData\Local\nssA6E5.tmp 2014-12-20 00:35 - 2014-12-20 00:36 - 00880784 _____ (Google Inc.) C:\Users\D-Black\Downloads\ChromeSetup(1).exe 2014-12-20 00:28 - 2014-12-27 00:14 - 00000000 ____D () C:\ProgramData\FellowSky 2014-12-20 00:28 - 2014-12-14 10:53 - 00332568 _____ (CartCrunch Israel Ltd.) C:\Windows\system32\ColorMedia.dll 2014-12-20 00:27 - 2014-12-20 00:27 - 00002014 _____ () C:\Windows\patsearch.bin 2014-12-20 00:27 - 2014-12-20 00:27 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstrNewH_01009.Wdf 2014-12-18 13:22 - 2014-12-18 13:22 - 00000000 ____D () C:\Users\D-Black\AppData\Local\Zeoinsight 2014-12-18 13:22 - 2014-12-18 13:22 - 00000000 ____D () C:\Users\D-Black\AppData\Local\ZBAnalyticsCore 2014-12-18 02:06 - 2014-12-12 22:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-12-10 03:27 - 2014-12-10 03:27 - 00000000 ____D () C:\Windows\system32\appraiser 2014-12-10 03:10 - 2014-10-17 20:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll 2014-12-10 02:08 - 2014-12-03 23:38 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2014-12-10 02:08 - 2014-12-03 23:38 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2014-12-10 02:08 - 2014-12-03 23:38 - 00337920 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2014-12-10 02:08 - 2014-12-03 23:38 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2014-12-10 02:08 - 2014-12-03 23:38 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-12-10 02:08 - 2014-12-03 23:38 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2014-12-10 02:08 - 2014-12-03 23:34 - 00873984 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-12-10 02:08 - 2014-12-01 18:28 - 01160872 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe 2014-12-10 02:08 - 2014-11-26 20:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-12-10 02:08 - 2014-11-21 21:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-12-10 02:08 - 2014-11-21 21:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-12-10 02:08 - 2014-11-21 21:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-12-10 02:08 - 2014-11-21 21:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-12-10 02:08 - 2014-11-21 21:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-12-10 02:08 - 2014-11-21 21:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-12-10 02:08 - 2014-11-21 21:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-12-10 02:08 - 2014-11-21 21:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-12-10 02:08 - 2014-11-21 20:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-12-10 02:08 - 2014-11-21 20:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-12-10 02:08 - 2014-11-21 20:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-12-10 02:08 - 2014-11-21 20:55 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-12-10 02:08 - 2014-11-21 20:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-12-10 02:08 - 2014-11-21 20:48 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-12-10 02:08 - 2014-11-21 20:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-12-10 02:08 - 2014-11-21 20:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-12-10 02:08 - 2014-11-21 20:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-12-10 02:08 - 2014-11-21 20:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-12-10 02:08 - 2014-11-21 20:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-12-10 02:08 - 2014-11-21 20:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-12-10 02:08 - 2014-11-21 20:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-12-10 02:08 - 2014-11-21 20:23 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-12-10 02:08 - 2014-11-21 20:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-12-10 02:08 - 2014-11-21 20:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-12-10 02:08 - 2014-11-21 20:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-12-10 02:08 - 2014-11-21 20:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-12-10 02:08 - 2014-11-21 19:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-12-10 02:08 - 2014-11-21 19:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-12-10 02:08 - 2014-11-10 21:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-12-10 02:08 - 2014-11-10 20:32 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys 2014-12-10 02:08 - 2014-11-07 21:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-12-10 02:07 - 2014-10-29 20:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe 2014-12-10 02:07 - 2014-10-02 20:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll 2014-12-10 02:07 - 2014-10-02 20:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll 2014-12-10 02:07 - 2014-10-02 20:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll 2014-12-10 02:07 - 2014-10-02 20:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll 2014-12-10 02:07 - 2014-10-02 20:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-27 04:21 - 2010-07-01 02:12 - 01889295 _____ () C:\Windows\WindowsUpdate.log 2014-12-27 04:17 - 2010-06-30 02:44 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2383511167-434876183-2691488376-1001UA.job 2014-12-27 04:17 - 2009-07-13 23:34 - 00022576 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-12-27 04:17 - 2009-07-13 23:34 - 00022576 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-12-27 04:15 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\NDF 2014-12-27 04:10 - 2013-08-20 17:35 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-12-27 04:09 - 2010-08-03 02:16 - 00984446 _____ () C:\Windows\PFRO.log 2014-12-27 04:09 - 2009-07-13 23:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-12-27 04:09 - 2009-07-13 23:39 - 01216729 _____ () C:\Windows\setupact.log 2014-12-27 03:41 - 2013-08-20 17:35 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-12-27 03:40 - 2012-04-04 08:37 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-12-27 03:34 - 2013-07-08 20:29 - 00000936 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2383511167-434876183-2691488376-1004UA.job 2014-12-27 00:19 - 2010-07-01 03:09 - 00000000 ____D () C:\Windows\Panther 2014-12-27 00:15 - 2011-03-10 21:58 - 00000000 ____D () C:\ProgramData\InstallMate 2014-12-27 00:14 - 2014-04-17 23:38 - 00000000 ____D () C:\Program Files\OpenSoftwareUpdater 2014-12-26 23:07 - 2013-03-02 23:30 - 00000000 ____D () C:\Users\D-Black 2014-12-26 21:34 - 2013-07-08 20:29 - 00000914 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2383511167-434876183-2691488376-1004Core.job 2014-12-26 13:17 - 2010-06-30 02:44 - 00000864 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2383511167-434876183-2691488376-1001Core.job 2014-12-22 17:30 - 2013-04-16 02:58 - 00001139 _____ () C:\Users\D-Black\AppData\Roaming\Microsoft\Windows\Start Menu\GOM Player.lnk 2014-12-22 17:30 - 2013-04-16 02:58 - 00001115 _____ () C:\Users\Public\Desktop\GOM Player.lnk 2014-12-22 17:30 - 2010-08-15 22:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOM Player 2014-12-21 12:06 - 2014-08-16 18:25 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2014-12-21 12:06 - 2014-06-07 11:14 - 00000000 ____D () C:\ProgramData\Oracle 2014-12-21 12:06 - 2010-06-30 03:10 - 00000000 ____D () C:\Program Files\Java 2014-12-20 15:13 - 2009-07-13 21:04 - 00000505 _____ () C:\Windows\win.ini 2014-12-20 11:58 - 2013-04-20 20:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons 2014-12-19 21:35 - 2013-04-01 11:10 - 00000000 ____D () C:\Users\D-Black\AppData\Local\Adobe 2014-12-19 21:35 - 2012-04-04 08:37 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-12-19 21:35 - 2011-05-17 08:32 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-12-19 21:29 - 2013-04-29 21:48 - 00000000 ____D () C:\Users\D-Black\AppData\Local\Ares 2014-12-19 17:53 - 2013-09-09 20:29 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-12-16 20:25 - 2010-07-01 02:20 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-12-15 14:40 - 2013-06-27 11:36 - 01807360 ___SH () C:\Users\D-Black\Downloads\Thumbs.db 2014-12-15 14:26 - 2014-11-14 09:14 - 00000000 ____D () C:\ProgramData\Windows VXM 2014-12-10 19:29 - 2013-04-02 23:04 - 00009664 _____ () C:\Users\D-Black\AppData\Roaming\wklnhst.dat 2014-12-10 18:47 - 2009-07-13 23:52 - 00000000 ____D () C:\Windows\system32\FxsTmp 2014-12-10 04:06 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\rescache 2014-12-10 03:27 - 2014-05-07 02:17 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-12-10 03:27 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\AppCompat 2014-12-10 03:09 - 2013-07-23 19:37 - 00000000 ____D () C:\Windows\system32\MRT 2014-12-10 03:01 - 2010-07-27 20:30 - 109818608 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-12-07 21:10 - 2014-09-09 00:37 - 00022016 _____ () C:\Users\D-Black\Documents\Dnunez Resume.wps 2014-11-28 18:06 - 2013-03-02 23:37 - 00000000 ____D () C:\Users\D-Black\AppData\Roaming\uTorrent Some content of TEMP: ==================== C:\Users\D-Black\AppData\Local\Temp\19E6D02F-51CC-C45B-A851-60BF4859F80C.dll C:\Users\D-Black\AppData\Local\Temp\3D28_jre-7u21-windows-i586.exe C:\Users\D-Black\AppData\Local\Temp\air7124.exe C:\Users\D-Black\AppData\Local\Temp\airC82B.exe C:\Users\D-Black\AppData\Local\Temp\APNSetup.exe C:\Users\D-Black\AppData\Local\Temp\BlueStacks-SplitInstaller_native_b.exe C:\Users\D-Black\AppData\Local\Temp\CloudBackup4938.exe C:\Users\D-Black\AppData\Local\Temp\ConsumerInputSetup.exe C:\Users\D-Black\AppData\Local\Temp\Couponscom.exe C:\Users\D-Black\AppData\Local\Temp\DefaultPack.exe C:\Users\D-Black\AppData\Local\Temp\DivXSetup.exe C:\Users\D-Black\AppData\Local\Temp\DseShExt-x86.dll C:\Users\D-Black\AppData\Local\Temp\DWPUpgradeInstaller.exe C:\Users\D-Black\AppData\Local\Temp\essetup.exe C:\Users\D-Black\AppData\Local\Temp\ExPromo.exe C:\Users\D-Black\AppData\Local\Temp\ffsetup.exe C:\Users\D-Black\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe C:\Users\D-Black\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe C:\Users\D-Black\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe C:\Users\D-Black\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe C:\Users\D-Black\AppData\Local\Temp\MouseKeyboardCenterx86_1033.exe C:\Users\D-Black\AppData\Local\Temp\nspDE02.tmp.exe C:\Users\D-Black\AppData\Local\Temp\OnlineBackup.exe C:\Users\D-Black\AppData\Local\Temp\Quarantine.exe C:\Users\D-Black\AppData\Local\Temp\RSPUpgradeInstaller.exe C:\Users\D-Black\AppData\Local\Temp\SDShelEx-win32.dll C:\Users\D-Black\AppData\Local\Temp\SfpcHelper_installFinish.exe C:\Users\D-Black\AppData\Local\Temp\SfpcHelper_installStart.exe C:\Users\D-Black\AppData\Local\Temp\SpOrder.dll C:\Users\D-Black\AppData\Local\Temp\sqlite3.dll C:\Users\D-Black\AppData\Local\Temp\tbappb.dll C:\Users\D-Black\AppData\Local\Temp\tbInte.dll C:\Users\D-Black\AppData\Local\Temp\tbuTor.dll C:\Users\D-Black\AppData\Local\Temp\The_Weather_Channel_Application.exe C:\Users\D-Black\AppData\Local\Temp\uninst1.exe C:\Users\D-Black\AppData\Local\Temp\Update.exe C:\Users\D-Black\AppData\Local\Temp\utt8A9.tmp.exe C:\Users\D-Black\AppData\Local\Temp\uttC170.tmp.exe C:\Users\D-Black\AppData\Local\Temp\vcredist_x86.exe C:\Users\D-Black\AppData\Local\Temp\wget.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-12-25 00:44 ==================== End Of Log ============================ [/QUOTE]
Insert quotes…
Verification
Post reply
Top