Threats wont remove with Kaspersky

TwinHeadedEagle · Dec 4, 2013

Can you now boot normally, and post fresh FRST report...

dsgreen87 · Dec 4, 2013

OK so in normal boot mode here is the FRST report. It also did an addition.txt, would you like that as well?

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-12-2013
Ran by Owner (administrator) on OWNER-VAIO on 04-12-2013 16:13:57
Running from D:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
(Symantec Corporation) C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe
(ALPS) C:\Program Files\Apoint\Apvfb.exe
(Lexmark International, Inc.) C:\Program Files (x86)\Lexmark 7300 Series\lxcimon.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe
(Lexmark International Inc.) C:\Program Files (x86)\Lexmark 7300 Series\ezprint.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
(Facebook Inc.) C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VAIOCareService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
(Spotify Ltd) C:\Users\Owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
() C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
( ) C:\Windows\System32\lxcicoms.exe
() C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe
() C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Sony Corporation) C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Symantec Corporation) C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCsystray.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(McAfee, Inc.) C:\Program Files\McAfee\MAT\McPvTray.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESGfxMgr.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Farbar) D:\FRST64 (3).exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apoint] - C:\Program Files\Apoint\Apoint.exe [208384 2009-08-03] (Alps Electric Co., Ltd.)
HKLM\...\Run: [lxcimon.exe] - C:\Program Files (x86)\Lexmark 7300 Series\lxcimon.exe [205744 2007-05-11] (Lexmark International, Inc.)
HKLM\...\Run: [EzPrint] - C:\Program Files (x86)\Lexmark 7300 Series\ezprint.exe [103344 2007-05-11] (Lexmark International Inc.)
HKLM\...\Run: [LXCICATS] - rundll32 \3\LXCItime.dll,RunDLLEntry
HKLM-x32\...\Winlogon: [Userinit] C:\Windows\sysWOW64\userinit.exe [26624 2010-11-20] (Microsoft Corporation)
HKLM-x32\...\Winlogon: [Shell] cmd.exe [302592 2010-11-20] (Microsoft Corporation) <=== ATTENTION
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [UseDefaultTile] 0
HKLM\...\Policies\Explorer: [NoWelcomeScreen] 0
HKLM-x32\...\Command Processor: "C:\Users\Owner\AppData\Local\azNMZr5Em\l9CQ7M8mo0.exe" <======= ATTENTION
HKCU\...\Run: [Xvid] - C:\Program Files (x86)\Xvid\CheckUpdate.exe [8192 2011-01-17] ()
HKCU\...\Run: [Google Update] - C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-03-21] (Google Inc.)
HKCU\...\Run: [Facebook Update] - C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-11] (Facebook Inc.)
HKCU\...\Run: [AmazonMP3DownloaderHelper] - C:\Users\Owner\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-09] ()
HKCU\...\Run: [Spotify] - C:\Users\Owner\AppData\Roaming\Spotify\spotify.exe [5955072 2013-11-26] (Spotify Ltd)
HKCU\...\Run: [Spotify Web Helper] - C:\Users\Owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1168896 2013-11-26] (Spotify Ltd)
HKCU\...\Run: [l9CQ7M8mo0.exe] - C:\Users\Owner\AppData\Local\azNMZr5Em\l9CQ7M8mo0.exe [107192 2013-12-03] (Microsoft Corporation)
HKCU\...\Winlogon: [Shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation) <==== ATTENTION
HKCU\...\Command Processor: "C:\Users\Owner\AppData\Local\azNMZr5Em\l9CQ7M8mo0.exe" <======= ATTENTION
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [NoDispCPL] 0
HKCU\...\Policies\system: [NoDispAppearancePage] 0
HKCU\...\Policies\system: [NoDispBackgroundPage] 0
HKCU\...\Policies\system: [NoDispScrSavPage] 0
HKCU\...\Policies\system: [NoDispSettingsPage] 0
HKCU\...\Policies\system: [NoColorChoice] 0
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 0
HKCU\...\Policies\system: [DisableLockWorkstation] 0
HKCU\...\Policies\system: [DisableChangePassword] 0
HKCU\...\Policies\system: [HideLogonScripts] 0
HKCU\...\Policies\system: [HideLogoffScripts] 0
HKCU\...\Policies\system: [HideLegacyLogonScripts] 0
HKCU\...\Policies\Explorer: [NoThemesTab] 0
HKCU\...\Policies\Explorer: [NoAddPrinter] 0
HKCU\...\Policies\Explorer: [NoDeletePrinter] 0
HKCU\...\Policies\Explorer: [RestrictCpl] 0
HKCU\...\Policies\Explorer: [DisallowCpl] 0
HKCU\...\Policies\Explorer: [NoViewOnDrive] 0
HKCU\...\Policies\Explorer: [NoDrivesInSendToMenu] 0
HKCU\...\Policies\Explorer: [RestrictRun] 0
HKCU\...\Policies\Explorer: [DisallowRun] 0
HKCU\...\Policies\Explorer: [NoRecycleFiles] 0
HKCU\...\Policies\Explorer: [PreventItemCreationInUsersFilesFolder] 0
HKCU\...\Policies\Explorer: [NoReadingPane] 0
HKCU\...\Policies\Explorer: [NoPreviewPane] 0
HKCU\...\Policies\Explorer: [DontSetAutoplayCheckbox] 0
HKCU\...\Policies\Explorer: [NoPropertiesMyDocuments] 0
HKCU\...\Policies\Explorer: [NoPropertiesRecycleBin] 0
HKCU\...\Policies\Explorer: [NoManageMyComputerVerb] 0
HKCU\...\Policies\Explorer: [ClassicShell] 0
HKCU\...\Policies\Explorer: [NoControlPanel] 0
HKCU\...\Policies\Explorer: [NoCustomizeWebView] 0
HKCU\...\Policies\Explorer: [NoViewContextMenu] 0
HKCU\...\Policies\Explorer: [NoFileMenu] 0
HKCU\...\Policies\Explorer: [NoWinKeys] 0
HKCU\...\Policies\Explorer: [NoDFSTab] 0
HKCU\...\Policies\Explorer: [NoHardwareTab] 0
HKCU\...\Policies\Explorer: [NoSecurityTab] 0
HKCU\...\Policies\Explorer: [DisableThumbnails] 0
HKCU\...\Policies\Explorer: [DisableThumbnailsOnNetworkFolders] 0
HKCU\...\Policies\Explorer: [NoInstrumentation] 0
HKCU\...\Policies\Explorer: [NoCustomizeThisFolder] 0
HKCU\...\Policies\Explorer: [NoWebView] 0
HKCU\...\Policies\Explorer: [DontShowSuperHidden] 0
HKCU\...\Policies\Explorer: [NoOnlinePrintsWizard] 0
HKCU\...\Policies\Explorer: [NoPublishingWizard] 0
HKCU\...\Policies\Explorer: [AlwaysShowClassicMenu] 0
HKCU\...\Policies\Explorer: [ClearRecentProgForNewUserInStartMenu] 0
HKCU\...\Policies\Explorer: [NoUserFolderInStartMenu] 0
HKCU\...\Policies\Explorer: [NoSearchComputerLinkInStartMenu] 0
HKCU\...\Policies\Explorer: [NoSearchProgramsInStartMenu] 0
HKCU\...\Policies\Explorer: [NoSearchInternetInStartMenu] 0
HKCU\...\Policies\Explorer: [NoSearchFilesInStartMenu] 0
HKCU\...\Policies\Explorer: [NoSearchCommInStartMenu] 0
HKCU\...\Policies\Explorer: [NoSetTaskbar] 0
HKCU\...\Policies\Explorer: [NoSMConfigurePrograms] 0
HKCU\...\Policies\Explorer: [NoRecentDocsMenu] 0
HKCU\...\Policies\Explorer: [NoSMMyPictures] 0
HKCU\...\Policies\Explorer: [NoStartMenuMyMusic] 0
HKCU\...\Policies\Explorer: [NoSMMyDocs] 0
HKCU\...\Policies\Explorer: [NoStartMenuNetworkPlaces] 0
HKCU\...\Policies\Explorer: [NoFavoritesMenu] 0
HKCU\...\Policies\Explorer: [NoHelp] 0
HKCU\...\Policies\Explorer: [NoNetworkConnections] 0
HKCU\...\Policies\Explorer: [NoFind] 0
HKCU\...\Policies\Explorer: [NoCommonGroups] 0
HKCU\...\Policies\Explorer: [NoWindowsUpdate] 0
HKCU\...\Policies\Explorer: [NoFolderOptions] 0
HKCU\...\Policies\Explorer: [NoChangeStartMenu] 0
HKCU\...\Policies\Explorer: [NoStartMenuMFUprogramsList] 0
HKCU\...\Policies\Explorer: [NoStartMenuPinnedList] 0
HKCU\...\Policies\Explorer: [NoStartMenuMorePrograms] 0
HKCU\...\Policies\Explorer: [NoStartMenuEjectPC] 0
HKCU\...\Policies\Explorer: [NoSimpleStartMenu] 0
HKCU\...\Policies\Explorer: [ForceStartMenuLogoff] 0
HKCU\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKCU\...\Policies\Explorer: [NoDisconnect] 0
HKCU\...\Policies\Explorer: [NoNtSecurity] 0
HKCU\...\Policies\Explorer: [NoSetFolders] 0
HKCU\...\Policies\Explorer: [GreyMSIAds] 0
HKCU\...\Policies\Explorer: [ForceMaxRecentDocs] 0
HKCU\...\Policies\Explorer: [NoStartMenuMyGames] 0
HKCU\...\Policies\Explorer: [NoSMBalloonTip] 0
HKCU\...\Policies\Explorer: [NoSMBalloonTips] 0
HKCU\...\Policies\Explorer: [NoTrayContextMenu] 0
HKCU\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKCU\...\Policies\Explorer: [LockTaskbar] 0
HKCU\...\Policies\Explorer: [HideClock] 0
HKCU\...\Policies\Explorer: [HideSCAVolume] 0
HKCU\...\Policies\Explorer: [HideSCANetwork] 0
HKCU\...\Policies\Explorer: [HideSCAPower] 0
HKCU\...\Policies\Explorer: [HideSCABattery] 0
HKCU\...\Policies\Explorer: [TaskbarNoNotification] 0
HKCU\...\Policies\Explorer: [NoToolbarsOnTaskbar] 0
HKCU\...\Policies\Explorer: [NoTaskGrouping] 0
HKCU\...\Policies\Explorer: [TaskbarNoThumbnail] 0
HKCU\...\Policies\Explorer: [TaskbarLockAll] 0
HKCU\...\Policies\Explorer: [TaskbarNoResize] 0
HKCU\...\Policies\Explorer: [TaskbarNoAddRemoveToolbar] 0
HKCU\...\Policies\Explorer: [TaskbarNoDragToolbar] 0
HKCU\...\Policies\Explorer: [TaskbarNoRedock] 0
HKCU\...\Policies\Explorer: [RestrictWelcomeCenter] 0
HKCU\...\Policies\Explorer: [NoWebServices] 0
HKCU\...\Policies\Explorer: [NoFileUrl] 0
HKCU\...\Policies\Explorer: [NoInternetIcon] 0
HKCU\...\Policies\Explorer: [NoBandCustomize] 0
HKCU\...\Policies\Explorer: [NoToolbarCustomize] 0
HKCU\...\Policies\Explorer: [SpecifyDefaultButtons] 0
HKCU\...\Policies\Explorer: [NoInplaceSharing] 0
HKCU\...\Policies\Explorer: [NoNetHood] 0
HKCU\...\Policies\Explorer: [NoNetConnectDisconnect] 0
HKCU\...\Policies\Explorer: [UseFoldersInStartMenu] 0
HKCU\...\Policies\Explorer: [TurnOffSPIAnimations] 0
HKCU\...\Policies\Explorer: [EnforceShellExtensionSecurity] 0
HKCU\...\Policies\Explorer: [NoLogOff] 0
HKCU\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKCU\...\Policies\Explorer: [PromptRunasInstallNetPath] 1
HKCU\...\Policies\Explorer: [NoResolveSearch] 0
HKCU\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0
HKCU\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKCU\...\Policies\Explorer: [NoDesktopCleanupWizard] 0
HKCU\...\Policies\Explorer: [NoThumbnailCache] 0
HKCU\...\Policies\Explorer: [ForceCopyAclwithFile] 0
HKCU\...\Policies\Explorer: [StartRunNoHOMEPATH] 0
HKLM-x32\...\Run: [SmartWiHelper] - C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe [79872 2009-08-26] (Sony Electronics Corporation)
HKLM-x32\...\Run: [ISBMgr.exe] - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [317288 2009-05-26] (Sony Corporation)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe [35760 2010-09-23] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AppleSyncNotifier] - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [58656 2011-04-20] (Apple Inc.)
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [273528 2011-09-17] (RealNetworks, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [ROC_roc_dec12] - "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
HKLM-x32\...\Run: [ccApp] - C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe [115560 2009-07-08] (Symantec Corporation)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKLM-x32\...\Run: [mcpltui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [537512 2013-08-06] (McAfee, Inc.)
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-28] ()
HKLM-x32\...\Run: [5ElDeUzAp.exe] - "C:\Users\Owner\AppData\Local\XtfJ5ZXIEO4\5ElDeUzAp.exe"
HKLM-x32\...\Run: [XhYbIiqqD.exe] - "C:\Windows\system32\config\systemprofile\AppData\Local\EhItiq0rXCm\XhYbIiqqD.exe"
HKLM-x32\...\Run: [9br2OEaskS.exe] - "C:\Users\Owner\AppData\Local\0hgc3i53s8G\9br2OEaskS.exe"
HKLM-x32\...\Run: [1vZcSiax.exe] - "C:\Users\Owner\AppData\Local\wMv9BNGl\1vZcSiax.exe"
HKLM-x32\...\Run: [l9CQ7M8mo0.exe] - C:\Users\Owner\AppData\Local\azNMZr5Em\l9CQ7M8mo0.exe [107192 2013-12-03] (Microsoft Corporation)
HKU\Guest\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKU\Guest\...\Policies\system: [NoDispCPL] 0
HKU\Guest\...\Policies\system: [NoDispAppearancePage] 0
HKU\Guest\...\Policies\system: [NoDispBackgroundPage] 0
HKU\Guest\...\Policies\system: [NoDispScrSavPage] 0
HKU\Guest\...\Policies\system: [NoDispSettingsPage] 0
HKU\Guest\...\Policies\system: [NoColorChoice] 0
HKU\Guest\...\Policies\system: [DontDisplayLogonHoursWarnings] 0
HKU\Guest\...\Policies\system: [DisableLockWorkstation] 0
HKU\Guest\...\Policies\system: [DisableChangePassword] 0
HKU\Guest\...\Policies\system: [HideLogonScripts] 0
HKU\Guest\...\Policies\system: [HideLogoffScripts] 0
HKU\Guest\...\Policies\system: [HideLegacyLogonScripts] 0
HKU\Guest Access\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKU\Guest Access\...\Policies\system: [LogonHoursAction] 2
HKU\Guest Access\...\Policies\system: [NoDispCPL] 0
HKU\Guest Access\...\Policies\system: [NoDispAppearancePage] 0
HKU\Guest Access\...\Policies\system: [NoDispBackgroundPage] 0
HKU\Guest Access\...\Policies\system: [NoDispScrSavPage] 0
HKU\Guest Access\...\Policies\system: [NoDispSettingsPage] 0
HKU\Guest Access\...\Policies\system: [NoColorChoice] 0
HKU\Guest Access\...\Policies\system: [DontDisplayLogonHoursWarnings] 0
HKU\Guest Access\...\Policies\system: [DisableLockWorkstation] 0
HKU\Guest Access\...\Policies\system: [DisableChangePassword] 0
HKU\Guest Access\...\Policies\system: [HideLogonScripts] 0
HKU\Guest Access\...\Policies\system: [HideLogoffScripts] 0
HKU\Guest Access\...\Policies\system: [HideLegacyLogonScripts] 0
AppInit_DLLs-x32: c:\progra~3\bitguard\271832~1.68\{c16c1~1\bitguard.dll [ ] ()
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.delta-search.com/?affID=119776&tt=gc_190513_215&babsrc=HP_ss&mntrId=0E0506265EFB260B
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www1.delta-search.com/?affID=119776&tt=gc_190513_215&babsrc=HP_ss&mntrId=0E0506265EFB260B
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://searchab.com/?aff=7&uid=7be30fc0-6911-11e2-8e65-0024be7853db
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKCU - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://searchab.com/?aff=7&uid=7be30fc0-6911-11e2-8e65-0024be7853db&q={searchTerms}
SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www1.delta-search.com/?q={searchTerms}&affID=119776&tt=gc_190513_215&babsrc=SP_ss&mntrId=0E0506265EFB260B
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://searchab.com/?aff=7&uid=7be30fc0-6911-11e2-8e65-0024be7853db&q={searchTerms}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={9A7894ED-3406-46E8-B54F-FE8C13C134FE}&mid=94b73e5d671547d1b2cad16df89cba28-d02a467b1f8c70683fabe06c95f820a38c34789b&lang=en&ds=AVG&pr=fr&d=2012-01-30 13:13:19&v=9.0.0.23&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {A86CB93C-AF88-B5FE-F4D9-E79E5C6A4474} URL = http://www.bing.com/search?q={searchTerms}&pc=ZUGO&form=ZGAIDF
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Facetheme - {27a220b7-bb43-4faf-b27b-f803d18eea28} - C:\Program Files (x86)\Object\bho_project.dll (InternetEngine)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Zoomex - {8F4753DF-0E4A-DA24-34CF-7790AC624DDF} - C:\ProgramData\Zoomex\51061c70c8584.dll ()
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Skype Plug-In - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.21.5\bh\delta.dll (Delta-search.com)
BHO-x32: wxDfast Class - {CFD75BD7-373F-9AE4-2B22-ACBE23F39F59} - C:\ProgramData\wxDfast\bhoclass.dll No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.21.5\deltaTlbr.dll (Delta-search.com)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
DPF: HKLM-x32 {195538FD-1C39-44B1-A7C3-5D7137A8A8F1} https://securera.edwardjones.com/vdesk/terminal/f5opswati.cab#Version=7060,2012,1129,22
DPF: HKLM-x32 {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} https://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: HKLM-x32 {30CF9713-6614-4556-B5F5-66F8C7F9DEF1} https://securera.edwardjones.com/vdesk/terminal/f5opswati.cab#Version=7060,2012,1129,22
DPF: HKLM-x32 {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} https://securera.edwardjones.com/vdesk/terminal/f5tunsrv.cab#version=7000,2012,1019,1308
DPF: HKLM-x32 {45B69029-F3AB-4204-92DE-D5140C3E8E74} https://securera.edwardjones.com/vdesk/terminal/InstallerControl.cab#version=7000,2012,1019,1322
DPF: HKLM-x32 {49EC7987-E331-44E3-B170-748B58A268B9} https://securera.edwardjones.com/vdesk/terminal/f5opswati.cab#Version=7060,2012,1129,22
DPF: HKLM-x32 {57C76689-F052-487B-A19F-855AFDDF28EE} https://securera.edwardjones.com/vdesk/terminal/f5InspectionHost.cab#version=7000,2012,1019,1254
DPF: HKLM-x32 {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} https://crestedg.century21.com/EDGDOTNET/ImageUploader/ImageUploader5.cab
DPF: HKLM-x32 {644E432F-49D3-41A1-8DD5-E099162EEEC5} https://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: HKLM-x32 {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab
DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
DPF: HKLM-x32 {E0FF21FA-B857-45C5-8621-F120A0C17FF2} https://securera.edwardjones.com/vdesk/terminal/urxhost.cab#version=7000,2012,1019,1321
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} https://securera.edwardjones.com/policy/download_binary.php/win32/f5syschk.cab#Version=7000,2012,1019,1308
DPF: HKLM-x32 {EBDC91CB-F23F-477D-B152-3F7243760D04} https://securera.edwardjones.com/vdesk/terminal/f5opswati.cab#Version=7060,2012,1129,22
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\crkgst8z.default
FF user.js: detected! => C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\crkgst8z.default\user.js
FF NewTab: hxxp://www1.delta-search.com/?affID=119776&tt=gc_190513_215&babsrc=NT_ss&mntrId=0E0506265EFB260B
FF DefaultSearchEngine: Delta Search
FF SearchEngineOrder.1: Privitize VPN
FF SearchEngineOrder.user_pref("browser.search.order.1,S", "");: user_pref("browser.search.order.1,S", "");
FF SelectedSearchEngine: Delta Search
FF Homepage: hxxp://www1.delta-search.com/?affID=119776&tt=gc_190513_215&babsrc=HP_ss&mntrId=0E0506265EFB260B
FF Keyword.URL: hxxp://searchab.com/?aff=7&uid=7be30fc0-6911-11e2-8e65-0024be7853db&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 - C:\Program Files (x86)\Virtual Earth 3D\ ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @mcafee.com/SAFFPlugin - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/VirtualEarth3D,version=4.0 - C:\Program Files (x86)\Virtual Earth 3D\ ()
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=12.0.1.669 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=12.0.1.669 - c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=12.0.1.669 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=12.0.1.669 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=12.0.1.669 - c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @facebook.com/FBPlugin,version=1.0.3 - C:\Users\Owner\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Owner\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Owner\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Owner\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\Owner\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\crkgst8z.default\searchplugins\babylon.xml
FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\crkgst8z.default\searchplugins\delta.xml
FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\crkgst8z.default\searchplugins\Searchab.xml
FF Extension: Zoomex - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\crkgst8z.default\Extensions\51061c70c83f1@51061c70c842b.com
FF Extension: Delta Toolbar - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\crkgst8z.default\Extensions\ffxtlbr@delta.com
FF Extension: Yontoo - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\crkgst8z.default\Extensions\plugin@yontoo.com
FF Extension: torntv2 - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\crkgst8z.default\Extensions\torntv2@torntv.com.xpi
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [crossriderapp435@crossrider.com] - C:\ProgramData\CodecCheck\firefox
FF Extension: Premiumplay Codec-C - C:\ProgramData\CodecCheck\firefox
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK

Chrome:
=======
CHR HomePage: hxxp://www1.delta-search.com/?affID=119776&tt=gc_190513_215&babsrc=HP_ss&mntrId=0E0506265EFB260B
CHR RestoreOnStartup: "hxxp://www1.delta-search.com/?affID=119776&tt=gc_190513_215&babsrc=HP_ss&mntrId=0E0506265EFB260B"
CHR DefaultSearchURL: (Delta Search) - http://www1.delta-search.com/?q={searchTerms}&affID=119776&tt=gc_190513_215&babsrc=SP_ss&mntrId=0E0506265EFB260B
CHR DefaultSuggestURL: (Delta Search) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Users\Owner\AppData\Local\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Owner\AppData\Local\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Owner\AppData\Local\Google\Chrome\Application\29.0.1547.66\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U29) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live\u00AE Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Owner\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Google Update) - C:\Users\Owner\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Facebook Plugin) - C:\Users\Owner\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealJukebox NS Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
CHR Extension: (SiteAdvisor) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.6.4.1311_0
CHR Extension: (wxDfast) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gejjhngmialkbkocgbhpjdlgogaceapd\1.0_0
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0
CHR Extension: (Codec-V) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho\1.25.75_0
CHR Extension: (Torntv 2) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbmafkdmkkckhggblphicnnhlgljnoje\1.0_0
CHR Extension: (Yontoo) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.3_0
CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR HKLM-x32\...\Chrome\Extension: [eooncjejnppfjjklapaamhcdmjbilmde] - C:\Users\Owner\AppData\Roaming\BabSolution\CR\Delta.crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx
CHR HKLM-x32\...\Chrome\Extension: [gejjhngmialkbkocgbhpjdlgogaceapd] - C:\ProgramData\wxDfast\gejjhngmialkbkocgbhpjdlgogaceapd.crx
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx
CHR HKLM-x32\...\Chrome\Extension: [jpnbdefcbnoefmmcpelplabbkfmfhlho] - C:\ProgramData\CodecCheck\chrome\codec_check.crx
CHR HKLM-x32\...\Chrome\Extension: [nbmafkdmkkckhggblphicnnhlgljnoje] - C:\Program Files (x86)\TornTV.com\torn2_10.crx
CHR HKLM-x32\...\Chrome\Extension: [niapdbllcanepiiimjjndipklodoedlc] - C:\Program Files (x86)\Yontoo Layers Runtime\YontooLayers.crx
CHR StartMenuInternet: Google Chrome - C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 ccEvtMgr; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [108392 2009-07-08] (Symantec Corporation)
R2 ccSetMgr; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [108392 2009-07-08] (Symantec Corporation)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 LiveUpdate; C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE [3093880 2009-07-13] (Symantec Corporation)
R2 lxci_device; C:\Windows\system32\lxcicoms.exe [566192 2007-02-01] ( )
R2 lxci_device; C:\Windows\SysWow64\lxcicoms.exe [537520 2007-02-01] ( )
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178048 2013-08-06] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1017016 2013-08-05] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-08-07] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-08-07] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 Roxio UPnP Renderer 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [313840 2009-06-26] (Sonic Solutions)
S2 Roxio Upnp Server 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2009-06-26] (Sonic Solutions)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [189984 2009-07-23] (Realtek Semiconductor)
S3 SampleCollector; C:\Program Files\Sony\VAIO Care\collsvc.exe [167424 2009-09-16] (Intel Corporation)
R2 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe [3197256 2009-09-17] (Symantec Corporation)
S4 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE [411976 2009-09-17] (Symantec Corporation)
S3 SOHDBSvr; C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [70952 2009-07-27] (Sony Corporation)
S3 SOHPlMgr; C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [91432 2009-07-27] (Sony Corporation)
R2 Symantec AntiVirus; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2477304 2009-09-17] (Symantec Corporation)
R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [69632 2009-07-23] (Sony Corporation)
R2 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [642920 2009-07-22] (Sony Corporation)
R3 Vcsw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [313264 2009-07-23] (Sony Corporation)
R2 VzCdbSvc; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [206336 2009-07-23] (Sony Corporation)

==================== Drivers (Whitelisted) ====================

R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-08-07] (McAfee, Inc.)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-08] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-12-17] (Symantec Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197264 2012-05-28] (McAfee, Inc.)
R2 McPvDrv; C:\Windows\system32\drivers\McPvDrv.sys [74560 2013-09-09] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179664 2013-08-07] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [310224 2013-08-07] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [519064 2013-08-07] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [776168 2013-08-07] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [377040 2013-07-09] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [95984 2013-07-09] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [343568 2013-08-07] (McAfee, Inc.)
R3 NAVENG; C:\ProgramData\Symantec\Definitions\VirusDefs\20130319.018\eng64.sys [126192 2013-02-14] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Symantec\Definitions\VirusDefs\20130319.018\ex64.sys [2087664 2013-02-14] (Symantec Corporation)
R2 risdptsk; C:\Windows\system32\DRIVERS\risdsn64.sys [76288 2009-07-31] (REDC)
R1 SRTSP; C:\Windows\System32\Drivers\SRTSP64.SYS [443952 2009-08-25] (Symantec Corporation)
R1 SRTSP; C:\Windows\SysWow64\Drivers\SRTSP64.SYS [443952 2009-08-25] (Symantec Corporation)
S3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL64.SYS [481840 2009-08-25] (Symantec Corporation)
S3 SRTSPL; C:\Windows\SysWow64\Drivers\SRTSPL64.SYS [481840 2009-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX64.SYS [32304 2009-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\SysWow64\Drivers\SRTSPX64.SYS [32304 2009-08-25] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [172592 2012-06-13] (Symantec Corporation)
R3 Teefer2; C:\Windows\System32\DRIVERS\teefer2.sys [62512 2009-05-27] (Symantec Corporation)
S0 TfFsMon; No ImagePath
S0 TFSysMon; No ImagePath
R1 WPS; C:\Windows\system32\drivers\wpsdrvnt.sys [52784 2009-09-17] (Symantec Corporation)
R3 WpsHelper; C:\Windows\system32\drivers\WpsHelper.sys [233120 2012-10-05] (Symantec Corporation)
S1 A2DDA; \??\C:\Users\Owner\Downloads\EmsisoftEmergencyKit\Run\a2ddax64.sys [x]
S3 TfNetMon; \??\C:\Windows\system32\drivers\TfNetMon.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-12-03 16:59 - 2013-12-04 16:14 - 00000000 ____D C:\Users\Owner\AppData\Local\azNMZr5Em
2013-12-03 09:04 - 2013-12-03 09:04 - 00300544 _____ C:\ProgramData\lRocxhKe56g
2013-12-02 15:14 - 2013-12-02 15:14 - 00300544 _____ C:\ProgramData\mB12fY5Y
2013-12-02 11:33 - 2013-12-04 16:13 - 00000000 ____D C:\FRST
2013-12-02 11:33 - 2013-12-03 13:53 - 00000000 ____D C:\Users\Owner\Desktop\Quarantine
2013-11-29 23:37 - 2013-11-29 23:36 - 00300544 _____ C:\ProgramData\IBmKcIAW
2013-11-29 23:32 - 2013-11-29 23:32 - 00000000 __SHD C:\found.002
2013-11-29 23:28 - 2013-11-29 23:28 - 17226632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-11-29 23:28 - 2013-11-29 23:27 - 00300544 _____ C:\ProgramData\HL704fsmTx
2013-11-29 18:24 - 2013-11-29 18:24 - 00300544 _____ C:\ProgramData\g0NOzZAXdWP
2013-11-28 23:06 - 2013-11-28 23:06 - 00300544 _____ C:\ProgramData\zuqstZys
2013-11-28 22:58 - 2013-11-28 22:58 - 00300544 _____ C:\ProgramData\Pz0no2Izf
2013-11-28 22:54 - 2013-11-28 22:54 - 00299520 _____ C:\ProgramData\xtY8QRL8
2013-11-26 16:33 - 2013-11-26 16:33 - 00000000 ____D C:\Users\Owner\AppData\Local\avgchrome
2013-11-26 16:00 - 2013-11-26 16:00 - 00003288 ____N C:\bootsqm.dat
2013-11-26 15:59 - 2013-11-26 15:59 - 00000000 __SHD C:\found.001
2013-11-23 09:28 - 2013-11-23 09:28 - 00000000 ____D C:\Users\Owner\AppData\Local\DDMSettings
2013-11-23 09:24 - 2013-11-23 09:24 - 00000000 _____ C:\END

==================== One Month Modified Files and Folders =======

2013-12-04 16:14 - 2013-12-03 16:59 - 00000000 ____D C:\Users\Owner\AppData\Local\azNMZr5Em
2013-12-04 16:13 - 2013-12-02 11:33 - 00000000 ____D C:\FRST
2013-12-04 16:13 - 2013-01-20 14:48 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-04 16:13 - 2012-04-08 20:15 - 00000928 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1852901859-1596894870-3629313328-1000UA.job
2013-12-04 16:13 - 2012-03-31 10:28 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1852901859-1596894870-3629313328-1000UA.job
2013-12-04 16:13 - 2009-11-29 14:56 - 00031532 _____ C:\test.xml
2013-12-04 16:13 - 2009-10-14 22:30 - 01801488 _____ C:\Windows\WindowsUpdate.log
2013-12-03 17:08 - 2009-07-13 20:45 - 00014144 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-03 17:08 - 2009-07-13 20:45 - 00014144 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-03 17:07 - 2009-07-13 21:13 - 00005348 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-03 17:03 - 2013-10-02 18:51 - 00001844 _____ C:\Users\Public\Desktop\McAfee Total Protection.lnk
2013-12-03 17:02 - 2013-10-02 18:50 - 00000000 __RSD C:\Users\Owner\Documents\McAfee Vaults
2013-12-03 17:00 - 2013-09-25 16:02 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Spotify
2013-12-03 16:58 - 2013-01-27 22:12 - 00000362 ____H C:\Windows\Tasks\ZoomExUpdaterTask{F1DD2CB4-2ED9-4508-A1BD-EE123798A1FD}.job
2013-12-03 16:58 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-03 16:57 - 2013-03-20 13:49 - 00013832 _____ C:\Windows\setupact.log
2013-12-03 15:57 - 2011-02-15 17:40 - 00000000 ____D C:\ProgramData\McAfee
2013-12-03 13:53 - 2013-12-02 11:33 - 00000000 ____D C:\Users\Owner\Desktop\Quarantine
2013-12-03 09:04 - 2013-12-03 09:04 - 00300544 _____ C:\ProgramData\lRocxhKe56g
2013-12-03 06:01 - 2013-10-02 17:00 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
2013-12-03 06:01 - 2009-09-03 01:28 - 00000000 ____D C:\ProgramData\Norton
2013-12-02 15:14 - 2013-12-02 15:14 - 00300544 _____ C:\ProgramData\mB12fY5Y
2013-12-02 11:33 - 2012-06-19 13:18 - 00000000 ____D C:\Users\Guest Access
2013-12-02 11:33 - 2010-01-31 09:26 - 00000000 ____D C:\Users\Guest
2013-12-02 11:33 - 2009-11-12 20:15 - 00000000 ____D C:\Users\Owner
2013-11-30 00:53 - 2013-03-11 14:00 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FrostWire 5
2013-11-30 00:53 - 2013-01-31 13:04 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-11-30 00:53 - 2013-01-31 13:04 - 00000000 ____D C:\Program Files\iTunes
2013-11-30 00:53 - 2013-01-31 13:00 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-11-30 00:53 - 2013-01-27 22:12 - 00000000 ____D C:\ProgramData\Zoomex
2013-11-30 00:53 - 2012-06-30 11:21 - 00000000 ____D C:\Program Files (x86)\wxDownload Fast
2013-11-30 00:53 - 2012-06-19 13:18 - 00000000 ___RD C:\Users\Guest Access\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-30 00:53 - 2012-06-19 13:18 - 00000000 ___RD C:\Users\Guest Access\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-11-30 00:53 - 2012-06-19 13:18 - 00000000 ___RD C:\Users\Guest Access\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-11-30 00:53 - 2012-06-19 13:18 - 00000000 ___RD C:\Users\Guest Access\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-11-30 00:53 - 2012-06-13 23:22 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2013-11-30 00:53 - 2012-03-31 10:28 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2013-11-30 00:53 - 2012-01-20 23:16 - 00000000 ____D C:\Users\Owner\AppData\Roaming\BitTorrent
2013-11-30 00:53 - 2011-12-29 12:07 - 00000000 ____D C:\Program Files (x86)\Xvid
2013-11-30 00:53 - 2011-12-29 11:53 - 00000000 ____D C:\Program Files (x86)\Object
2013-11-30 00:53 - 2011-12-27 20:35 - 00000000 ____D C:\ProgramData\MFAData
2013-11-30 00:53 - 2011-12-27 19:22 - 00000000 ____D C:\ProgramData\WRData
2013-11-30 00:53 - 2011-12-27 18:39 - 00000000 ____D C:\ProgramData\F5 Networks
2013-11-30 00:53 - 2011-11-19 13:34 - 00000000 ____D C:\Program Files\Bonjour
2013-11-30 00:53 - 2011-03-10 12:50 - 00000000 ____D C:\Program Files (x86)\PCiPod
2013-11-30 00:53 - 2011-03-09 20:21 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Audacity
2013-11-30 00:53 - 2011-03-09 18:57 - 00000000 ____D C:\Users\Owner\AppData\Roaming\FreeAudioPack
2013-11-30 00:53 - 2010-10-27 18:26 - 00000000 ____D C:\Program Files (x86)\Shareaza
2013-11-30 00:53 - 2010-10-27 18:14 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Azureus
2013-11-30 00:53 - 2010-10-16 13:14 - 00000000 ____D C:\Program Files\Lx_cats
2013-11-30 00:53 - 2010-10-16 13:13 - 00000000 ____D C:\Program Files\Lexmark 7300 Series
2013-11-30 00:53 - 2010-10-16 13:13 - 00000000 ____D C:\Program Files (x86)\Lexmark 7300 Series
2013-11-30 00:53 - 2010-08-21 19:00 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-11-30 00:53 - 2010-08-03 12:50 - 00000000 ____D C:\Program Files (x86)\Virtual Earth 3D
2013-11-30 00:53 - 2010-06-21 00:13 - 00000000 ____D C:\Program Files (x86)\Quicken
2013-11-30 00:53 - 2010-03-29 12:05 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Facebook
2013-11-30 00:53 - 2010-01-31 09:26 - 00000000 ___RD C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-30 00:53 - 2010-01-31 09:26 - 00000000 ___RD C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-11-30 00:53 - 2010-01-31 09:26 - 00000000 ___RD C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-11-30 00:53 - 2010-01-31 09:26 - 00000000 ___RD C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-11-30 00:53 - 2010-01-20 18:39 - 00000000 ____D C:\Users\Owner\Documents\Cucusoft
2013-11-30 00:53 - 2009-11-29 20:18 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Skype
2013-11-30 00:53 - 2009-11-29 20:17 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-11-30 00:53 - 2009-11-14 07:16 - 00000000 ___RD C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-30 00:53 - 2009-11-14 07:16 - 00000000 ___RD C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-11-30 00:53 - 2009-11-12 20:15 - 00000000 ___RD C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-11-30 00:53 - 2009-11-12 20:15 - 00000000 ___RD C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-11-30 00:53 - 2009-09-03 01:25 - 00000000 ____D C:\Program Files\SPHE BD-Live
2013-11-30 00:53 - 2009-09-03 01:21 - 00000000 ____D C:\Program Files (x86)\Windows Live SkyDrive
2013-11-30 00:53 - 2009-09-03 01:01 - 00000000 ___HD C:\SPLASH.SYS
2013-11-30 00:53 - 2009-09-03 00:41 - 00000000 ____D C:\Program Files\PlayReady
2013-11-30 00:53 - 2009-09-03 00:38 - 00000000 ____D C:\Program Files (x86)\Microsoft Office Suite Activation Assistant
2013-11-30 00:53 - 2009-09-03 00:37 - 00000000 ___RD C:\Users\Owner\Desktop\Microsoft Office
2013-11-30 00:53 - 2009-09-03 00:31 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
2013-11-30 00:53 - 2009-08-18 15:40 - 00000000 ____D C:\Program Files\Apoint
2013-11-30 00:53 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2013-11-30 00:53 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2013-11-30 00:53 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\MSBuild
2013-11-30 00:53 - 2009-07-13 19:20 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-11-30 00:53 - 2009-07-13 19:20 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-11-30 00:53 - 2009-07-13 19:20 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-11-30 00:53 - 2009-07-13 19:20 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-11-30 00:52 - 2013-10-02 18:50 - 00000000 ____D C:\Program Files (x86)\McAfee.com
2013-11-30 00:52 - 2013-10-02 18:50 - 00000000 ____D C:\Program Files (x86)\McAfee
2013-11-30 00:52 - 2013-10-02 18:42 - 00000000 ____D C:\Program Files\Common Files\McAfee
2013-11-30 00:52 - 2013-10-02 18:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-30 00:52 - 2013-05-20 15:06 - 00000000 ____D C:\Program Files (x86)\Delta
2013-11-30 00:52 - 2013-05-20 15:05 - 00000000 ____D C:\Program Files (x86)\TornTV.com
2013-11-30 00:52 - 2013-03-17 15:05 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-11-30 00:52 - 2013-01-27 22:12 - 00000000 ____D C:\Program Files (x86)\ZoomEx
2013-11-30 00:52 - 2012-06-30 14:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-30 00:52 - 2012-06-28 08:15 - 00000000 ____D C:\Program Files (x86)\FrostWire 5
2013-11-30 00:52 - 2012-06-15 16:21 - 00000000 ____D C:\Program Files (x86)\Free M4a to MP3 Converter
2013-11-30 00:52 - 2011-12-29 11:53 - 00000000 ____D C:\Program Files (x86)\Yontoo Layers Runtime
2013-11-30 00:52 - 2011-11-19 13:34 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-11-30 00:52 - 2011-11-06 19:54 - 00000000 ____D C:\Program Files (x86)\eMusic Download Manager
2013-11-30 00:52 - 2011-10-01 14:49 - 00000000 ____D C:\Program Files\DivX
2013-11-30 00:52 - 2011-10-01 14:46 - 00000000 ____D C:\Program Files (x86)\Graboid
2013-11-30 00:52 - 2011-09-08 18:15 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-11-30 00:52 - 2011-03-12 17:52 - 00000000 ____D C:\Program Files (x86)\DivX
2013-11-30 00:52 - 2010-10-27 17:27 - 00000000 ____D C:\Program Files (x86)\FrostWire
2013-11-30 00:52 - 2009-11-29 14:57 - 00000000 ____D C:\Netgear
2013-11-30 00:52 - 2009-09-03 00:39 - 00000000 ____D C:\Nobu_Icon
2013-11-30 00:51 - 2013-10-02 18:50 - 00000000 ____D C:\Program Files\McAfee
2013-11-30 00:51 - 2013-09-20 13:54 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
2013-11-30 00:51 - 2013-07-13 22:07 - 00000000 ____D C:\Users\Owner\AppData\Roaming\File Scout
2013-11-30 00:51 - 2013-05-20 15:05 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com
2013-11-30 00:51 - 2013-03-27 19:20 - 00000000 ____D C:\Users\Owner\Desktop\EmsisoftEmergencyKit
2013-11-30 00:51 - 2013-03-17 15:05 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-11-30 00:51 - 2012-06-30 11:20 - 00000000 ____D C:\ProgramData\wxDfast
2013-11-30 00:51 - 2012-06-27 17:56 - 00000000 ____D C:\Users\Owner\AppData\Roaming\vlc
2013-11-30 00:51 - 2011-09-10 11:43 - 00000000 ____D C:\Users\Owner\.frostwire5
2013-11-30 00:51 - 2011-04-26 17:46 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2013-11-30 00:51 - 2011-03-12 18:03 - 00000000 ____D C:\ProgramData\DivX
2013-11-30 00:51 - 2011-03-09 19:19 - 00000000 ____D C:\ProgramData\Real
2013-11-30 00:51 - 2009-09-03 00:36 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-30 00:51 - 2009-08-18 17:46 - 00000000 ____D C:\ProgramData\Sony Corporation
2013-11-30 00:50 - 2013-10-02 17:00 - 00000000 ____D C:\Users\Public\Downloads\Norton
2013-11-30 00:50 - 2010-02-18 13:07 - 00000000 ____D C:\Users\Owner\ZipForm
2013-11-30 00:50 - 2009-08-19 10:30 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-11-30 00:50 - 2009-08-19 10:30 - 00000000 ____D C:\Windows\ShellNew
2013-11-30 00:50 - 2009-08-18 15:13 - 00000000 ____D C:\Windows\InstDrvs
2013-11-30 00:50 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\Offline Web Pages
2013-11-30 00:50 - 2009-07-13 19:20 - 00000000 __RSD C:\Windows\Media
2013-11-30 00:50 - 2009-07-13 19:20 - 00000000 __RHD C:\Users\Public\Libraries
2013-11-30 00:50 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Help
2013-11-30 00:49 - 2012-02-27 12:03 - 00000000 ____D C:\Windows\SysWOW64\Drivers\AVG
2013-11-30 00:49 - 2011-12-27 20:40 - 00000000 ____D C:\Windows\system32\Drivers\AVG
2013-11-30 00:49 - 2011-12-27 19:35 - 00000000 ____D C:\Windows\system32\SPReview
2013-11-30 00:49 - 2011-12-27 19:34 - 00000000 ____D C:\Windows\system32\EventProviders
2013-11-30 00:49 - 2010-01-30 12:06 - 00000000 ____D C:\Windows\system32\TVUAx
2013-11-30 00:49 - 2010-01-30 12:05 - 00000000 ____D C:\Windows\SysWOW64\TVUAx
2013-11-30 00:49 - 2009-09-03 01:15 - 00000000 ____D C:\Windows\System32\Tasks\SONY
2013-11-30 00:49 - 2009-09-03 00:53 - 00000000 ____D C:\Windows\{AEC0FEE6-3A76-44E1-97A2-5DA325DFC41C}
2013-11-30 00:49 - 2009-09-03 00:25 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2013-11-30 00:49 - 2009-08-18 15:37 - 00000000 ____D C:\Windows\SysWOW64\SDA
2013-11-30 00:49 - 2009-08-18 15:19 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2013-11-30 00:49 - 2009-08-18 15:18 - 00000000 ____D C:\Windows\SysWOW64\x64
2013-11-30 00:49 - 2009-07-13 19:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2013-11-30 00:49 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\TAPI
2013-11-30 00:49 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\Recovery
2013-11-30 00:49 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\oobe
2013-11-30 00:49 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system32\sysprep
2013-11-30 00:49 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system32\NDF
2013-11-30 00:49 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system32\Msdtc
2013-11-30 00:49 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system
2013-11-29 23:36 - 2013-11-29 23:37 - 00300544 _____ C:\ProgramData\IBmKcIAW
2013-11-29 23:32 - 2013-11-29 23:32 - 00000000 __SHD C:\found.002
2013-11-29 23:28 - 2013-11-29 23:28 - 17226632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-11-29 23:28 - 2011-09-06 17:53 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-29 23:27 - 2013-11-29 23:28 - 00300544 _____ C:\ProgramData\HL704fsmTx
2013-11-29 18:53 - 2013-09-20 13:54 - 00003420 _____ C:\Windows\System32\Tasks\BitGuard
2013-11-29 18:24 - 2013-11-29 18:24 - 00300544 _____ C:\ProgramData\g0NOzZAXdWP
2013-11-28 23:10 - 2013-03-20 13:48 - 00116916 _____ C:\Windows\PFRO.log
2013-11-28 23:06 - 2013-11-28 23:06 - 00300544 _____ C:\ProgramData\zuqstZys
2013-11-28 22:58 - 2013-11-28 22:58 - 00300544 _____ C:\ProgramData\Pz0no2Izf
2013-11-28 22:54 - 2013-11-28 22:54 - 00299520 _____ C:\ProgramData\xtY8QRL8
2013-11-26 16:41 - 2013-09-25 16:03 - 00000000 ____D C:\Users\Owner\AppData\Local\Spotify
2013-11-26 16:33 - 2013-11-26 16:33 - 00000000 ____D C:\Users\Owner\AppData\Local\avgchrome
2013-11-26 16:33 - 2013-10-02 17:00 - 00001295 _____ C:\Users\Owner\Desktop\Norton Installation Files.lnk
2013-11-26 16:06 - 2009-11-12 20:16 - 00118312 _____ C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-26 16:00 - 2013-11-26 16:00 - 00003288 ____N C:\bootsqm.dat
2013-11-26 15:59 - 2013-11-26 15:59 - 00000000 __SHD C:\found.001
2013-11-24 18:35 - 2009-07-13 20:45 - 00456640 _____ C:\Windows\system32\FNTCACHE.DAT
2013-11-23 09:28 - 2013-11-23 09:28 - 00000000 ____D C:\Users\Owner\AppData\Local\DDMSettings
2013-11-23 09:24 - 2013-11-23 09:24 - 00000000 _____ C:\END

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-03-10 23:36

==================== End Of Log ============================

TwinHeadedEagle · Dec 5, 2013

Download attached fixlist.txt on the same location as FRST (otherwise the fix won't work)

Open FRST, and click Fix. Attach me that report after it is finished.

1. Please download ComboFix by sUBs from here and save it to your Desktop.
If you are unsure how ComboFix works please read this guidehttp://www.bleepingcomputer.com/combofix/how-to-use-combofix carefully.
Note: ComboFix must be downloaded to your Desktop.

--------------------------------------------------------------------
2. Temporarily disable your AntiVirus program.
If you are unsure how to do this please read http://www.techsupportforum.com/forums/f50/how-to-disable-your-security-applications-490111.htmlthis or this Instruction.

Instructions how to disable avast:

Right-click on the avast! icon in the lower right corner of the screen and choose Open Avast! User Interface.
In the window that opens on the top right corner, click Settings.
In a new window that opens, choose the option Troubleshooting, Uncheck Enable avast! self-defense, and click OK.
=> Again, right-click on the avast! icon in the lower right corner of the screen and select avast! shield controls .
In the menu that appears, choose Disable Permanently. When you are prompted to turn off security, click Yes.

Note: Do not forget to turn on this option after the cleaning.

--------------------------------------------------------------------
3. Run ComboFix. Click on I Agree!

ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.
ComboFix will display DISCLAIMER OF WARRANTY ON SOFTWARE.
Click Yes to allow ComboFix to continue.
If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console.
Note:Do not mouse-click Combofix's window while it is running.
If you see a message like "Illegal operation attempted on a registry key that has been marked for deletion" just restart computer once more.

--------------------------------------------------------------------
4. When the tool is finished, it will produce a log report for you. (typical location: C:\ComboFix.txt )
Attach log reports ( ComboFix.txt) back to topic.

dsgreen87 · Dec 5, 2013

Ok, I performed all necessary steps. The fix log and the combofix.txt are both attached to this message. My computer seems to be doing much better. You have been very kind and helpful. Please advise on any necessary next steps.

TwinHeadedEagle · Dec 5, 2013

Glad to hear it

We're not yet done here, still there are some things to remove:

Open notepad and copy/paste the text present inside the code box below:

Code:

Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{8F4753DF-0E4A-DA24-34CF-7790AC624DDF}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
[-HKEY_CLASSES_ROOT\clsid\{82e1477c-b154-48d3-9891-33d83c26bcd3}]
[-HKEY_CLASSES_ROOT\delta.deltadskBnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[-HKEY_CLASSES_ROOT\delta.deltadskBnd]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"XhYbIiqqD.exe"=-

File::
c:\windows\system32\config\systemprofile\AppData\Local\EhItiq0rXCm\XhYbIiqqD.exe

Folder::
c:\programdata\Zoomex
c:\program files (x86)\Delta
c:\windows\system32\config\systemprofile\AppData\Local\EhItiq0rXCm

Firefox::
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\crkgst8z.default\
FF - prefs.js: browser.search.defaulturl - 
FF - user.js: extensions.delta.tlbrSrchUrl - 
FF - user.js: extensions.delta.id - 0e05d0fe00000000000006265efb260b
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15845
FF - user.js: extensions.delta.vrsn - 1.8.21.5
FF - user.js: extensions.delta.vrsni - 1.8.21.5
FF - user.js: extensions.delta.vrsnTs - 1.8.21.516:06
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=119776&tt=gc_190513_215
FF - user.js: extensions.delta_i.babExt - 
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false

ClearJavaCache::

Save this as CFScript.txt

Close all browser windows and refering to the picture above.

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will will re-run. When finished, it will produce a log for you.
Attach the contents of the log in your next reply. (typical location: C:\ComboFix.txt )

dsgreen87 · Dec 5, 2013

Attached is the new log you requested.

TwinHeadedEagle · Dec 5, 2013

Good, virus is now completely removed. This was a very stubborn malware, cause it was needed several fixes to be completely removed. We need to do just a short final check if everything is ok now...

Please download TFC by OldTimer to your desktop

Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
It will close all programs when run, so make sure you have saved all your work before you begin.
Click the Start button to begin the process. Depending on how often you clean temp
files, execution time should be anywhere from a few seconds to a minute
or two. Let it run uninterrupted to completion.
Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

Please download AdwCleaner by Xplode and save to your Desktop.

Double click on AdwCleaner.exe to run the tool.

Click on the Scan button.
After the scan has finished click on the Clean button.

Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.

After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
Post logfile will also be saved in the C:\AdwCleaner folder.

Re-run FRST, check Addition.txt and press Scan. Attach both reports...

dsgreen87 · Dec 5, 2013

Did all necessary steps and attached are the reports you requested.

TwinHeadedEagle · Dec 6, 2013

You're clean, how are the things now? Any problems?

dsgreen87 · Dec 6, 2013

No, I am not experiencing any problems so far. Much much better! Thank you so much for your willingness to help!

I only have one more question. What in your opinion are the best virus and malware programs to get the help prevent that from happening again? Would one of them be the AdwCleaner you had me download?

TwinHeadedEagle · Dec 6, 2013

You already have two antivirus products installed:
- Symantec
- McAfee

Remove one of them, only one is good, problems could happend when using more than one.

If you want to try another free Antivirus, you can use Avast. It is very good, maybe the best among free products.

Adwcleaner is only the tool for removing Adware and PUP

dsgreen87 · Dec 6, 2013

Great. I went ahead and removed one. Thank you so much for your help! You raised my computer from the dead.

TwinHeadedEagle · Dec 6, 2013

Good, then we're done here. Uninstall Adobe Reader and all Java versions, and download latest versions.

Please download DelFix by "Xplode" to your Desktop.

Run the tool and check the following boxes below;

Remove disinfection tools
Create registry backup
Purge System Restore

Now click on "Run" button. Wait for the programme completes his work.
All the tools we used should be gone.
Tool will create and open an log report (DelFix.txt)
Note: The report will also be stored on C:\DelFix.txt

> I don't need DelFix log report.

Search

Threats wont remove with Kaspersky

TwinHeadedEagle

Level 41

dsgreen87

New Member

TwinHeadedEagle

Level 41

Attachments

dsgreen87

New Member

Attachments

TwinHeadedEagle

Level 41

dsgreen87

New Member

Attachments

TwinHeadedEagle

Level 41

dsgreen87

New Member

Attachments

TwinHeadedEagle

Level 41

dsgreen87

New Member

TwinHeadedEagle

Level 41

dsgreen87

New Member

TwinHeadedEagle

Level 41

Similar threads