Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
Threats wont remove with Kaspersky
Message
<blockquote data-quote="dsgreen87" data-source="post: 146828" data-attributes="member: 15396"><p>OK so in normal boot mode here is the FRST report. It also did an addition.txt, would you like that as well?</p><p></p><p>Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-12-2013</p><p>Ran by Owner (administrator) on OWNER-VAIO on 04-12-2013 16:13:57</p><p>Running from D:\</p><p>Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)</p><p>Internet Explorer Version 9</p><p>Boot Mode: Normal</p><p></p><p>==================== Processes (Whitelisted) =================</p><p></p><p>(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe</p><p>(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe</p><p>(Symantec Corporation) C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe</p><p>(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe</p><p>(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe</p><p>(ALPS) C:\Program Files\Apoint\Apvfb.exe</p><p>(Lexmark International, Inc.) C:\Program Files (x86)\Lexmark 7300 Series\lxcimon.exe</p><p>(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe</p><p>(Lexmark International Inc.) C:\Program Files (x86)\Lexmark 7300 Series\ezprint.exe</p><p>(Google Inc.) C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe</p><p>(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe</p><p>(Facebook Inc.) C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe</p><p>(Sony Corporation) C:\Program Files\Sony\VAIO Care\VAIOCareService.exe</p><p>(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe</p><p>(Sony Corporation) C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe</p><p>(Spotify Ltd) C:\Users\Owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe</p><p>(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE</p><p>() C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe</p><p>(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe</p><p>(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe</p><p>(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe</p><p>( ) C:\Windows\System32\lxcicoms.exe</p><p>() C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe</p><p>() C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe</p><p>(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe</p><p>(Sony Corporation) C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe</p><p>(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe</p><p>(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe</p><p>(Symantec Corporation) C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe</p><p>(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe</p><p>(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe</p><p>(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe</p><p>() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe</p><p>(McAfee, Inc.) C:\Windows\System32\mfevtps.exe</p><p>(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCsystray.exe</p><p>(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe</p><p>(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe</p><p>(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe</p><p>(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe</p><p>(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe</p><p>(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe</p><p>(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe</p><p>(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe</p><p>(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE</p><p>(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe</p><p>(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe</p><p>(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE</p><p>(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe</p><p>(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe</p><p>(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe</p><p>(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe</p><p>(McAfee, Inc.) C:\Program Files\McAfee\MAT\McPvTray.exe</p><p>(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe</p><p>(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe</p><p>(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESGfxMgr.exe</p><p>(Intel Corporation) C:\Windows\System32\igfxext.exe</p><p>(Intel Corporation) C:\Windows\System32\igfxsrvc.exe</p><p>(Farbar) D:\FRST64 (3).exe</p><p></p><p>==================== Registry (Whitelisted) ==================</p><p></p><p>HKLM\...\Run: [Apoint] - C:\Program Files\Apoint\Apoint.exe [208384 2009-08-03] (Alps Electric Co., Ltd.)</p><p>HKLM\...\Run: [lxcimon.exe] - C:\Program Files (x86)\Lexmark 7300 Series\lxcimon.exe [205744 2007-05-11] (Lexmark International, Inc.)</p><p>HKLM\...\Run: [EzPrint] - C:\Program Files (x86)\Lexmark 7300 Series\ezprint.exe [103344 2007-05-11] (Lexmark International Inc.)</p><p>HKLM\...\Run: [LXCICATS] - rundll32 \3\LXCItime.dll,RunDLLEntry</p><p>HKLM-x32\...\Winlogon: [Userinit] C:\Windows\sysWOW64\userinit.exe [26624 2010-11-20] (Microsoft Corporation)</p><p>HKLM-x32\...\Winlogon: [Shell] cmd.exe [302592 2010-11-20] (Microsoft Corporation) <=== ATTENTION</p><p>Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)</p><p>HKLM\...\Policies\Explorer: [UseDefaultTile] 0</p><p>HKLM\...\Policies\Explorer: [NoWelcomeScreen] 0</p><p>HKLM-x32\...\Command Processor: "C:\Users\Owner\AppData\Local\azNMZr5Em\l9CQ7M8mo0.exe" <======= ATTENTION</p><p>HKCU\...\Run: [Xvid] - C:\Program Files (x86)\Xvid\CheckUpdate.exe [8192 2011-01-17] ()</p><p>HKCU\...\Run: [Google Update] - C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-03-21] (Google Inc.)</p><p>HKCU\...\Run: [Facebook Update] - C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-11] (Facebook Inc.)</p><p>HKCU\...\Run: [AmazonMP3DownloaderHelper] - C:\Users\Owner\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-09] ()</p><p>HKCU\...\Run: [Spotify] - C:\Users\Owner\AppData\Roaming\Spotify\spotify.exe [5955072 2013-11-26] (Spotify Ltd)</p><p>HKCU\...\Run: [Spotify Web Helper] - C:\Users\Owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1168896 2013-11-26] (Spotify Ltd)</p><p>HKCU\...\Run: [l9CQ7M8mo0.exe] - C:\Users\Owner\AppData\Local\azNMZr5Em\l9CQ7M8mo0.exe [107192 2013-12-03] (Microsoft Corporation)</p><p>HKCU\...\Winlogon: [Shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation) <==== ATTENTION </p><p>HKCU\...\Command Processor: "C:\Users\Owner\AppData\Local\azNMZr5Em\l9CQ7M8mo0.exe" <======= ATTENTION</p><p>HKCU\...\Policies\system: [LogonHoursAction] 2</p><p>HKCU\...\Policies\system: [NoDispCPL] 0</p><p>HKCU\...\Policies\system: [NoDispAppearancePage] 0</p><p>HKCU\...\Policies\system: [NoDispBackgroundPage] 0</p><p>HKCU\...\Policies\system: [NoDispScrSavPage] 0</p><p>HKCU\...\Policies\system: [NoDispSettingsPage] 0</p><p>HKCU\...\Policies\system: [NoColorChoice] 0</p><p>HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 0</p><p>HKCU\...\Policies\system: [DisableLockWorkstation] 0</p><p>HKCU\...\Policies\system: [DisableChangePassword] 0</p><p>HKCU\...\Policies\system: [HideLogonScripts] 0</p><p>HKCU\...\Policies\system: [HideLogoffScripts] 0</p><p>HKCU\...\Policies\system: [HideLegacyLogonScripts] 0</p><p>HKCU\...\Policies\Explorer: [NoThemesTab] 0</p><p>HKCU\...\Policies\Explorer: [NoAddPrinter] 0</p><p>HKCU\...\Policies\Explorer: [NoDeletePrinter] 0</p><p>HKCU\...\Policies\Explorer: [RestrictCpl] 0</p><p>HKCU\...\Policies\Explorer: [DisallowCpl] 0</p><p>HKCU\...\Policies\Explorer: [NoViewOnDrive] 0</p><p>HKCU\...\Policies\Explorer: [NoDrivesInSendToMenu] 0</p><p>HKCU\...\Policies\Explorer: [RestrictRun] 0</p><p>HKCU\...\Policies\Explorer: [DisallowRun] 0</p><p>HKCU\...\Policies\Explorer: [NoRecycleFiles] 0</p><p>HKCU\...\Policies\Explorer: [PreventItemCreationInUsersFilesFolder] 0</p><p>HKCU\...\Policies\Explorer: [NoReadingPane] 0</p><p>HKCU\...\Policies\Explorer: [NoPreviewPane] 0</p><p>HKCU\...\Policies\Explorer: [DontSetAutoplayCheckbox] 0</p><p>HKCU\...\Policies\Explorer: [NoPropertiesMyDocuments] 0</p><p>HKCU\...\Policies\Explorer: [NoPropertiesRecycleBin] 0</p><p>HKCU\...\Policies\Explorer: [NoManageMyComputerVerb] 0</p><p>HKCU\...\Policies\Explorer: [ClassicShell] 0</p><p>HKCU\...\Policies\Explorer: [NoControlPanel] 0</p><p>HKCU\...\Policies\Explorer: [NoCustomizeWebView] 0</p><p>HKCU\...\Policies\Explorer: [NoViewContextMenu] 0</p><p>HKCU\...\Policies\Explorer: [NoFileMenu] 0</p><p>HKCU\...\Policies\Explorer: [NoWinKeys] 0</p><p>HKCU\...\Policies\Explorer: [NoDFSTab] 0</p><p>HKCU\...\Policies\Explorer: [NoHardwareTab] 0</p><p>HKCU\...\Policies\Explorer: [NoSecurityTab] 0</p><p>HKCU\...\Policies\Explorer: [DisableThumbnails] 0</p><p>HKCU\...\Policies\Explorer: [DisableThumbnailsOnNetworkFolders] 0</p><p>HKCU\...\Policies\Explorer: [NoInstrumentation] 0</p><p>HKCU\...\Policies\Explorer: [NoCustomizeThisFolder] 0</p><p>HKCU\...\Policies\Explorer: [NoWebView] 0</p><p>HKCU\...\Policies\Explorer: [DontShowSuperHidden] 0</p><p>HKCU\...\Policies\Explorer: [NoOnlinePrintsWizard] 0</p><p>HKCU\...\Policies\Explorer: [NoPublishingWizard] 0</p><p>HKCU\...\Policies\Explorer: [AlwaysShowClassicMenu] 0</p><p>HKCU\...\Policies\Explorer: [ClearRecentProgForNewUserInStartMenu] 0</p><p>HKCU\...\Policies\Explorer: [NoUserFolderInStartMenu] 0</p><p>HKCU\...\Policies\Explorer: [NoSearchComputerLinkInStartMenu] 0</p><p>HKCU\...\Policies\Explorer: [NoSearchProgramsInStartMenu] 0</p><p>HKCU\...\Policies\Explorer: [NoSearchInternetInStartMenu] 0</p><p>HKCU\...\Policies\Explorer: [NoSearchFilesInStartMenu] 0</p><p>HKCU\...\Policies\Explorer: [NoSearchCommInStartMenu] 0</p><p>HKCU\...\Policies\Explorer: [NoSetTaskbar] 0</p><p>HKCU\...\Policies\Explorer: [NoSMConfigurePrograms] 0</p><p>HKCU\...\Policies\Explorer: [NoRecentDocsMenu] 0</p><p>HKCU\...\Policies\Explorer: [NoSMMyPictures] 0</p><p>HKCU\...\Policies\Explorer: [NoStartMenuMyMusic] 0</p><p>HKCU\...\Policies\Explorer: [NoSMMyDocs] 0</p><p>HKCU\...\Policies\Explorer: [NoStartMenuNetworkPlaces] 0</p><p>HKCU\...\Policies\Explorer: [NoFavoritesMenu] 0</p><p>HKCU\...\Policies\Explorer: [NoHelp] 0</p><p>HKCU\...\Policies\Explorer: [NoNetworkConnections] 0</p><p>HKCU\...\Policies\Explorer: [NoFind] 0</p><p>HKCU\...\Policies\Explorer: [NoCommonGroups] 0</p><p>HKCU\...\Policies\Explorer: [NoWindowsUpdate] 0</p><p>HKCU\...\Policies\Explorer: [NoFolderOptions] 0</p><p>HKCU\...\Policies\Explorer: [NoChangeStartMenu] 0</p><p>HKCU\...\Policies\Explorer: [NoStartMenuMFUprogramsList] 0</p><p>HKCU\...\Policies\Explorer: [NoStartMenuPinnedList] 0</p><p>HKCU\...\Policies\Explorer: [NoStartMenuMorePrograms] 0</p><p>HKCU\...\Policies\Explorer: [NoStartMenuEjectPC] 0</p><p>HKCU\...\Policies\Explorer: [NoSimpleStartMenu] 0</p><p>HKCU\...\Policies\Explorer: [ForceStartMenuLogoff] 0</p><p>HKCU\...\Policies\Explorer: [NoStartMenuSubFolders] 0</p><p>HKCU\...\Policies\Explorer: [NoDisconnect] 0</p><p>HKCU\...\Policies\Explorer: [NoNtSecurity] 0</p><p>HKCU\...\Policies\Explorer: [NoSetFolders] 0</p><p>HKCU\...\Policies\Explorer: [GreyMSIAds] 0</p><p>HKCU\...\Policies\Explorer: [ForceMaxRecentDocs] 0</p><p>HKCU\...\Policies\Explorer: [NoStartMenuMyGames] 0</p><p>HKCU\...\Policies\Explorer: [NoSMBalloonTip] 0</p><p>HKCU\...\Policies\Explorer: [NoSMBalloonTips] 0</p><p>HKCU\...\Policies\Explorer: [NoTrayContextMenu] 0</p><p>HKCU\...\Policies\Explorer: [NoTrayItemsDisplay] 0</p><p>HKCU\...\Policies\Explorer: [LockTaskbar] 0</p><p>HKCU\...\Policies\Explorer: [HideClock] 0</p><p>HKCU\...\Policies\Explorer: [HideSCAVolume] 0</p><p>HKCU\...\Policies\Explorer: [HideSCANetwork] 0</p><p>HKCU\...\Policies\Explorer: [HideSCAPower] 0</p><p>HKCU\...\Policies\Explorer: [HideSCABattery] 0</p><p>HKCU\...\Policies\Explorer: [TaskbarNoNotification] 0</p><p>HKCU\...\Policies\Explorer: [NoToolbarsOnTaskbar] 0</p><p>HKCU\...\Policies\Explorer: [NoTaskGrouping] 0</p><p>HKCU\...\Policies\Explorer: [TaskbarNoThumbnail] 0</p><p>HKCU\...\Policies\Explorer: [TaskbarLockAll] 0</p><p>HKCU\...\Policies\Explorer: [TaskbarNoResize] 0</p><p>HKCU\...\Policies\Explorer: [TaskbarNoAddRemoveToolbar] 0</p><p>HKCU\...\Policies\Explorer: [TaskbarNoDragToolbar] 0</p><p>HKCU\...\Policies\Explorer: [TaskbarNoRedock] 0</p><p>HKCU\...\Policies\Explorer: [RestrictWelcomeCenter] 0</p><p>HKCU\...\Policies\Explorer: [NoWebServices] 0</p><p>HKCU\...\Policies\Explorer: [NoFileUrl] 0</p><p>HKCU\...\Policies\Explorer: [NoInternetIcon] 0</p><p>HKCU\...\Policies\Explorer: [NoBandCustomize] 0</p><p>HKCU\...\Policies\Explorer: [NoToolbarCustomize] 0</p><p>HKCU\...\Policies\Explorer: [SpecifyDefaultButtons] 0</p><p>HKCU\...\Policies\Explorer: [NoInplaceSharing] 0</p><p>HKCU\...\Policies\Explorer: [NoNetHood] 0</p><p>HKCU\...\Policies\Explorer: [NoNetConnectDisconnect] 0</p><p>HKCU\...\Policies\Explorer: [UseFoldersInStartMenu] 0</p><p>HKCU\...\Policies\Explorer: [TurnOffSPIAnimations] 0</p><p>HKCU\...\Policies\Explorer: [EnforceShellExtensionSecurity] 0</p><p>HKCU\...\Policies\Explorer: [NoLogOff] 0</p><p>HKCU\...\Policies\Explorer: [NoRunasInstallPrompt] 0</p><p>HKCU\...\Policies\Explorer: [PromptRunasInstallNetPath] 1</p><p>HKCU\...\Policies\Explorer: [NoResolveSearch] 0</p><p>HKCU\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0</p><p>HKCU\...\Policies\Explorer: [NoDevMgrUpdate] 0</p><p>HKCU\...\Policies\Explorer: [NoDesktopCleanupWizard] 0</p><p>HKCU\...\Policies\Explorer: [NoThumbnailCache] 0</p><p>HKCU\...\Policies\Explorer: [ForceCopyAclwithFile] 0</p><p>HKCU\...\Policies\Explorer: [StartRunNoHOMEPATH] 0</p><p>HKLM-x32\...\Run: [SmartWiHelper] - C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe [79872 2009-08-26] (Sony Electronics Corporation)</p><p>HKLM-x32\...\Run: [ISBMgr.exe] - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [317288 2009-05-26] (Sony Corporation)</p><p>HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)</p><p>HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe [35760 2010-09-23] (Adobe Systems Incorporated)</p><p>HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-02] (Adobe Systems Incorporated)</p><p>HKLM-x32\...\Run: [AppleSyncNotifier] - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [58656 2011-04-20] (Apple Inc.)</p><p>HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [273528 2011-09-17] (RealNetworks, Inc.)</p><p>HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2011-06-09] (Sun Microsystems, Inc.)</p><p>HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)</p><p>HKLM-x32\...\Run: [ROC_roc_dec12] - "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12</p><p>HKLM-x32\...\Run: [ccApp] - C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe [115560 2009-07-08] (Symantec Corporation)</p><p>HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)</p><p>HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)</p><p>HKLM-x32\...\Run: [mcpltui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [537512 2013-08-06] (McAfee, Inc.)</p><p>HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-28] ()</p><p>HKLM-x32\...\Run: [5ElDeUzAp.exe] - "C:\Users\Owner\AppData\Local\XtfJ5ZXIEO4\5ElDeUzAp.exe"</p><p>HKLM-x32\...\Run: [XhYbIiqqD.exe] - "C:\Windows\system32\config\systemprofile\AppData\Local\EhItiq0rXCm\XhYbIiqqD.exe"</p><p>HKLM-x32\...\Run: [9br2OEaskS.exe] - "C:\Users\Owner\AppData\Local\0hgc3i53s8G\9br2OEaskS.exe"</p><p>HKLM-x32\...\Run: [1vZcSiax.exe] - "C:\Users\Owner\AppData\Local\wMv9BNGl\1vZcSiax.exe"</p><p>HKLM-x32\...\Run: [l9CQ7M8mo0.exe] - C:\Users\Owner\AppData\Local\azNMZr5Em\l9CQ7M8mo0.exe [107192 2013-12-03] (Microsoft Corporation)</p><p>HKU\Guest\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)</p><p>HKU\Guest\...\Policies\system: [NoDispCPL] 0</p><p>HKU\Guest\...\Policies\system: [NoDispAppearancePage] 0</p><p>HKU\Guest\...\Policies\system: [NoDispBackgroundPage] 0</p><p>HKU\Guest\...\Policies\system: [NoDispScrSavPage] 0</p><p>HKU\Guest\...\Policies\system: [NoDispSettingsPage] 0</p><p>HKU\Guest\...\Policies\system: [NoColorChoice] 0</p><p>HKU\Guest\...\Policies\system: [DontDisplayLogonHoursWarnings] 0</p><p>HKU\Guest\...\Policies\system: [DisableLockWorkstation] 0</p><p>HKU\Guest\...\Policies\system: [DisableChangePassword] 0</p><p>HKU\Guest\...\Policies\system: [HideLogonScripts] 0</p><p>HKU\Guest\...\Policies\system: [HideLogoffScripts] 0</p><p>HKU\Guest\...\Policies\system: [HideLegacyLogonScripts] 0</p><p>HKU\Guest Access\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)</p><p>HKU\Guest Access\...\Policies\system: [LogonHoursAction] 2</p><p>HKU\Guest Access\...\Policies\system: [NoDispCPL] 0</p><p>HKU\Guest Access\...\Policies\system: [NoDispAppearancePage] 0</p><p>HKU\Guest Access\...\Policies\system: [NoDispBackgroundPage] 0</p><p>HKU\Guest Access\...\Policies\system: [NoDispScrSavPage] 0</p><p>HKU\Guest Access\...\Policies\system: [NoDispSettingsPage] 0</p><p>HKU\Guest Access\...\Policies\system: [NoColorChoice] 0</p><p>HKU\Guest Access\...\Policies\system: [DontDisplayLogonHoursWarnings] 0</p><p>HKU\Guest Access\...\Policies\system: [DisableLockWorkstation] 0</p><p>HKU\Guest Access\...\Policies\system: [DisableChangePassword] 0</p><p>HKU\Guest Access\...\Policies\system: [HideLogonScripts] 0</p><p>HKU\Guest Access\...\Policies\system: [HideLogoffScripts] 0</p><p>HKU\Guest Access\...\Policies\system: [HideLegacyLogonScripts] 0</p><p>AppInit_DLLs-x32: c:\progra~3\bitguard\271832~1.68\{c16c1~1\bitguard.dll [ ] ()</p><p>Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk</p><p>ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)</p><p></p><p>==================== Internet (Whitelisted) ====================</p><p></p><p>HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.delta-search.com/?affID=119776&tt=gc_190513_215&babsrc=HP_ss&mntrId=0E0506265EFB260B</p><p>HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT</p><p>HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT</p><p>HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www1.delta-search.com/?affID=119776&tt=gc_190513_215&babsrc=HP_ss&mntrId=0E0506265EFB260B</p><p>HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT</p><p>HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://searchab.com/?aff=7&uid=7be30fc0-6911-11e2-8e65-0024be7853db</p><p>StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe</p><p>SearchScopes: HKLM-x32 - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = </p><p>SearchScopes: HKCU - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://searchab.com/?aff=7&uid=7be30fc0-6911-11e2-8e65-0024be7853db&q={searchTerms}</p><p>SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}</p><p>SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www1.delta-search.com/?q={searchTerms}&affID=119776&tt=gc_190513_215&babsrc=SP_ss&mntrId=0E0506265EFB260B</p><p>SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://searchab.com/?aff=7&uid=7be30fc0-6911-11e2-8e65-0024be7853db&q={searchTerms}</p><p>SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={9A7894ED-3406-46E8-B54F-FE8C13C134FE}&mid=94b73e5d671547d1b2cad16df89cba28-d02a467b1f8c70683fabe06c95f820a38c34789b&lang=en&ds=AVG&pr=fr&d=2012-01-30 13:13:19&v=9.0.0.23&sap=dsp&q={searchTerms}</p><p>SearchScopes: HKCU - {A86CB93C-AF88-B5FE-F4D9-E79E5C6A4474} URL = http://www.bing.com/search?q={searchTerms}&pc=ZUGO&form=ZGAIDF</p><p>BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)</p><p>BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)</p><p>BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)</p><p>BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)</p><p>BHO-x32: Facetheme - {27a220b7-bb43-4faf-b27b-f803d18eea28} - C:\Program Files (x86)\Object\bho_project.dll (InternetEngine)</p><p>BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)</p><p>BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)</p><p>BHO-x32: Zoomex - {8F4753DF-0E4A-DA24-34CF-7790AC624DDF} - C:\ProgramData\Zoomex\51061c70c8584.dll ()</p><p>BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)</p><p>BHO-x32: Skype Plug-In - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)</p><p>BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)</p><p>BHO-x32: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.21.5\bh\delta.dll (Delta-search.com)</p><p>BHO-x32: wxDfast Class - {CFD75BD7-373F-9AE4-2B22-ACBE23F39F59} - C:\ProgramData\wxDfast\bhoclass.dll No File</p><p>BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)</p><p>Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)</p><p>Toolbar: HKLM-x32 - Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.21.5\deltaTlbr.dll (Delta-search.com)</p><p>Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)</p><p>DPF: HKLM-x32 {195538FD-1C39-44B1-A7C3-5D7137A8A8F1} https://securera.edwardjones.com/vdesk/terminal/f5opswati.cab#Version=7060,2012,1129,22</p><p>DPF: HKLM-x32 {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} https://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab</p><p>DPF: HKLM-x32 {30CF9713-6614-4556-B5F5-66F8C7F9DEF1} https://securera.edwardjones.com/vdesk/terminal/f5opswati.cab#Version=7060,2012,1129,22</p><p>DPF: HKLM-x32 {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} https://securera.edwardjones.com/vdesk/terminal/f5tunsrv.cab#version=7000,2012,1019,1308</p><p>DPF: HKLM-x32 {45B69029-F3AB-4204-92DE-D5140C3E8E74} https://securera.edwardjones.com/vdesk/terminal/InstallerControl.cab#version=7000,2012,1019,1322</p><p>DPF: HKLM-x32 {49EC7987-E331-44E3-B170-748B58A268B9} https://securera.edwardjones.com/vdesk/terminal/f5opswati.cab#Version=7060,2012,1129,22</p><p>DPF: HKLM-x32 {57C76689-F052-487B-A19F-855AFDDF28EE} https://securera.edwardjones.com/vdesk/terminal/f5InspectionHost.cab#version=7000,2012,1019,1254</p><p>DPF: HKLM-x32 {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} https://crestedg.century21.com/EDGDOTNET/ImageUploader/ImageUploader5.cab</p><p>DPF: HKLM-x32 {644E432F-49D3-41A1-8DD5-E099162EEEC5} https://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab</p><p>DPF: HKLM-x32 {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab</p><p>DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx</p><p>DPF: HKLM-x32 {E0FF21FA-B857-45C5-8621-F120A0C17FF2} https://securera.edwardjones.com/vdesk/terminal/urxhost.cab#version=7000,2012,1019,1321</p><p>DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab</p><p>DPF: HKLM-x32 {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} https://securera.edwardjones.com/policy/download_binary.php/win32/f5syschk.cab#Version=7000,2012,1019,1308</p><p>DPF: HKLM-x32 {EBDC91CB-F23F-477D-B152-3F7243760D04} https://securera.edwardjones.com/vdesk/terminal/f5opswati.cab#Version=7060,2012,1129,22</p><p>Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)</p><p>Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)</p><p>Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File</p><p>Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)</p><p>Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)</p><p>Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)</p><p>Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)</p><p>Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)</p><p>Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)</p><p>Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)</p><p>Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)</p><p></p><p>FireFox:</p><p>========</p><p>FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\crkgst8z.default</p><p>FF user.js: detected! => C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\crkgst8z.default\user.js</p><p>FF NewTab: hxxp://www1.delta-search.com/?affID=119776&tt=gc_190513_215&babsrc=NT_ss&mntrId=0E0506265EFB260B</p><p>FF DefaultSearchEngine: Delta Search</p><p>FF SearchEngineOrder.1: Privitize VPN</p><p>FF SearchEngineOrder.user_pref("browser.search.order.1,S", "");: user_pref("browser.search.order.1,S", "");</p><p>FF SelectedSearchEngine: Delta Search</p><p>FF Homepage: hxxp://www1.delta-search.com/?affID=119776&tt=gc_190513_215&babsrc=HP_ss&mntrId=0E0506265EFB260B</p><p>FF Keyword.URL: hxxp://searchab.com/?aff=7&uid=7be30fc0-6911-11e2-8e65-0024be7853db&q=</p><p>FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll ()</p><p>FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)</p><p>FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()</p><p>FF Plugin: @microsoft.com/GENUINE - disabled No File</p><p>FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)</p><p>FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 - C:\Program Files (x86)\Virtual Earth 3D\ ()</p><p>FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()</p><p>FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()</p><p>FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)</p><p>FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)</p><p>FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)</p><p>FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()</p><p>FF Plugin-x32: @mcafee.com/SAFFPlugin - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)</p><p>FF Plugin-x32: @microsoft.com/GENUINE - disabled No File</p><p>FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)</p><p>FF Plugin-x32: @microsoft.com/VirtualEarth3D,version=4.0 - C:\Program Files (x86)\Virtual Earth 3D\ ()</p><p>FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)</p><p>FF Plugin-x32: @real.com/nppl3260;version=12.0.1.669 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)</p><p>FF Plugin-x32: @real.com/nprjplug;version=12.0.1.669 - c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)</p><p>FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=12.0.1.669 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)</p><p>FF Plugin-x32: @real.com/nprphtml5videoshim;version=12.0.1.669 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)</p><p>FF Plugin-x32: @real.com/nprpjplug;version=12.0.1.669 - c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)</p><p>FF Plugin-x32: @videolan.org/vlc,version=2.0.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)</p><p>FF Plugin HKCU: @facebook.com/FBPlugin,version=1.0.3 - C:\Users\Owner\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )</p><p>FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Owner\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)</p><p>FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Owner\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)</p><p>FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Owner\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)</p><p>FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\Owner\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)</p><p>FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\crkgst8z.default\searchplugins\babylon.xml</p><p>FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\crkgst8z.default\searchplugins\delta.xml</p><p>FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\crkgst8z.default\searchplugins\Searchab.xml</p><p>FF Extension: Zoomex - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\crkgst8z.default\Extensions\51061c70c83f1@51061c70c842b.com</p><p>FF Extension: Delta Toolbar - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\crkgst8z.default\Extensions\ffxtlbr@delta.com</p><p>FF Extension: Yontoo - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\crkgst8z.default\Extensions\plugin@yontoo.com</p><p>FF Extension: torntv2 - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\crkgst8z.default\Extensions\torntv2@torntv.com.xpi</p><p>FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext</p><p>FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext</p><p>FF HKLM-x32\...\Firefox\Extensions: [crossriderapp435@crossrider.com] - C:\ProgramData\CodecCheck\firefox</p><p>FF Extension: Premiumplay Codec-C - C:\ProgramData\CodecCheck\firefox</p><p>FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor</p><p>FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor</p><p>FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK</p><p>FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK</p><p></p><p>Chrome: </p><p>=======</p><p>CHR HomePage: hxxp://www1.delta-search.com/?affID=119776&tt=gc_190513_215&babsrc=HP_ss&mntrId=0E0506265EFB260B</p><p>CHR RestoreOnStartup: "hxxp://www1.delta-search.com/?affID=119776&tt=gc_190513_215&babsrc=HP_ss&mntrId=0E0506265EFB260B"</p><p>CHR DefaultSearchURL: (Delta Search) - http://www1.delta-search.com/?q={searchTerms}&affID=119776&tt=gc_190513_215&babsrc=SP_ss&mntrId=0E0506265EFB260B</p><p>CHR DefaultSuggestURL: (Delta Search) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}</p><p>CHR Plugin: (Shockwave Flash) - C:\Users\Owner\AppData\Local\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll ()</p><p>CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer</p><p>CHR Plugin: (Native Client) - C:\Users\Owner\AppData\Local\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll ()</p><p>CHR Plugin: (Chrome PDF Viewer) - C:\Users\Owner\AppData\Local\Google\Chrome\Application\29.0.1547.66\pdf.dll ()</p><p>CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)</p><p>CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)</p><p>CHR Plugin: (Java(TM) Platform SE 6 U29) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)</p><p>CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)</p><p>CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)</p><p>CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)</p><p>CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)</p><p>CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)</p><p>CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)</p><p>CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)</p><p>CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)</p><p>CHR Plugin: (Windows Live\u00AE Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)</p><p>CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()</p><p>CHR Plugin: (RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)</p><p>CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)</p><p>CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Owner\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)</p><p>CHR Plugin: (Google Update) - C:\Users\Owner\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File</p><p>CHR Plugin: (Facebook Plugin) - C:\Users\Owner\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )</p><p>CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll No File</p><p>CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File</p><p>CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)</p><p>CHR Plugin: (RealJukebox NS Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)</p><p>CHR Plugin: (RealPlayer Version Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)</p><p>CHR Extension: (SiteAdvisor) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.6.4.1311_0</p><p>CHR Extension: (wxDfast) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gejjhngmialkbkocgbhpjdlgogaceapd\1.0_0</p><p>CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0</p><p>CHR Extension: (Codec-V) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho\1.25.75_0</p><p>CHR Extension: (Torntv 2) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbmafkdmkkckhggblphicnnhlgljnoje\1.0_0</p><p>CHR Extension: (Yontoo) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.3_0</p><p>CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0</p><p>CHR HKLM-x32\...\Chrome\Extension: [eooncjejnppfjjklapaamhcdmjbilmde] - C:\Users\Owner\AppData\Roaming\BabSolution\CR\Delta.crx</p><p>CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx</p><p>CHR HKLM-x32\...\Chrome\Extension: [gejjhngmialkbkocgbhpjdlgogaceapd] - C:\ProgramData\wxDfast\gejjhngmialkbkocgbhpjdlgogaceapd.crx</p><p>CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx</p><p>CHR HKLM-x32\...\Chrome\Extension: [jpnbdefcbnoefmmcpelplabbkfmfhlho] - C:\ProgramData\CodecCheck\chrome\codec_check.crx</p><p>CHR HKLM-x32\...\Chrome\Extension: [nbmafkdmkkckhggblphicnnhlgljnoje] - C:\Program Files (x86)\TornTV.com\torn2_10.crx</p><p>CHR HKLM-x32\...\Chrome\Extension: [niapdbllcanepiiimjjndipklodoedlc] - C:\Program Files (x86)\Yontoo Layers Runtime\YontooLayers.crx</p><p>CHR StartMenuInternet: Google Chrome - C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe</p><p></p><p>==================== Services (Whitelisted) =================</p><p></p><p>S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)</p><p>R2 ccEvtMgr; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [108392 2009-07-08] (Symantec Corporation)</p><p>R2 ccSetMgr; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [108392 2009-07-08] (Symantec Corporation)</p><p>R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)</p><p>S3 LiveUpdate; C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE [3093880 2009-07-13] (Symantec Corporation)</p><p>R2 lxci_device; C:\Windows\system32\lxcicoms.exe [566192 2007-02-01] ( )</p><p>R2 lxci_device; C:\Windows\SysWow64\lxcicoms.exe [537520 2007-02-01] ( )</p><p>R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)</p><p>R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178048 2013-08-06] (McAfee, Inc.)</p><p>S2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)</p><p>R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)</p><p>R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)</p><p>R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1017016 2013-08-05] (McAfee, Inc.)</p><p>R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-08-07] (McAfee, Inc.)</p><p>R2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-08-07] (McAfee, Inc.)</p><p>R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)</p><p>S3 Roxio UPnP Renderer 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [313840 2009-06-26] (Sonic Solutions)</p><p>S2 Roxio Upnp Server 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2009-06-26] (Sonic Solutions)</p><p>R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [189984 2009-07-23] (Realtek Semiconductor)</p><p>S3 SampleCollector; C:\Program Files\Sony\VAIO Care\collsvc.exe [167424 2009-09-16] (Intel Corporation)</p><p>R2 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe [3197256 2009-09-17] (Symantec Corporation)</p><p>S4 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE [411976 2009-09-17] (Symantec Corporation)</p><p>S3 SOHDBSvr; C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [70952 2009-07-27] (Sony Corporation)</p><p>S3 SOHPlMgr; C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [91432 2009-07-27] (Sony Corporation)</p><p>R2 Symantec AntiVirus; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2477304 2009-09-17] (Symantec Corporation)</p><p>R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)</p><p>S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [69632 2009-07-23] (Sony Corporation)</p><p>R2 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [642920 2009-07-22] (Sony Corporation)</p><p>R3 Vcsw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [313264 2009-07-23] (Sony Corporation)</p><p>R2 VzCdbSvc; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [206336 2009-07-23] (Sony Corporation)</p><p></p><p>==================== Drivers (Whitelisted) ====================</p><p></p><p>R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)</p><p>S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-08-07] (McAfee, Inc.)</p><p>R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-08] (Symantec Corporation)</p><p>R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-12-17] (Symantec Corporation)</p><p>S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197264 2012-05-28] (McAfee, Inc.)</p><p>R2 McPvDrv; C:\Windows\system32\drivers\McPvDrv.sys [74560 2013-09-09] (McAfee, Inc.)</p><p>R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179664 2013-08-07] (McAfee, Inc.)</p><p>R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [310224 2013-08-07] (McAfee, Inc.)</p><p>R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [519064 2013-08-07] (McAfee, Inc.)</p><p>R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [776168 2013-08-07] (McAfee, Inc.)</p><p>R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [377040 2013-07-09] (McAfee, Inc.)</p><p>S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [95984 2013-07-09] (McAfee, Inc.)</p><p>R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [343568 2013-08-07] (McAfee, Inc.)</p><p>R3 NAVENG; C:\ProgramData\Symantec\Definitions\VirusDefs\20130319.018\eng64.sys [126192 2013-02-14] (Symantec Corporation)</p><p>R3 NAVEX15; C:\ProgramData\Symantec\Definitions\VirusDefs\20130319.018\ex64.sys [2087664 2013-02-14] (Symantec Corporation)</p><p>R2 risdptsk; C:\Windows\system32\DRIVERS\risdsn64.sys [76288 2009-07-31] (REDC)</p><p>R1 SRTSP; C:\Windows\System32\Drivers\SRTSP64.SYS [443952 2009-08-25] (Symantec Corporation)</p><p>R1 SRTSP; C:\Windows\SysWow64\Drivers\SRTSP64.SYS [443952 2009-08-25] (Symantec Corporation)</p><p>S3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL64.SYS [481840 2009-08-25] (Symantec Corporation)</p><p>S3 SRTSPL; C:\Windows\SysWow64\Drivers\SRTSPL64.SYS [481840 2009-08-25] (Symantec Corporation)</p><p>R1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX64.SYS [32304 2009-08-25] (Symantec Corporation)</p><p>R1 SRTSPX; C:\Windows\SysWow64\Drivers\SRTSPX64.SYS [32304 2009-08-25] (Symantec Corporation)</p><p>R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [172592 2012-06-13] (Symantec Corporation)</p><p>R3 Teefer2; C:\Windows\System32\DRIVERS\teefer2.sys [62512 2009-05-27] (Symantec Corporation)</p><p>S0 TfFsMon; No ImagePath</p><p>S0 TFSysMon; No ImagePath</p><p>R1 WPS; C:\Windows\system32\drivers\wpsdrvnt.sys [52784 2009-09-17] (Symantec Corporation)</p><p>R3 WpsHelper; C:\Windows\system32\drivers\WpsHelper.sys [233120 2012-10-05] (Symantec Corporation)</p><p>S1 A2DDA; \??\C:\Users\Owner\Downloads\EmsisoftEmergencyKit\Run\a2ddax64.sys [x]</p><p>S3 TfNetMon; \??\C:\Windows\system32\drivers\TfNetMon.sys [x]</p><p></p><p>==================== NetSvcs (Whitelisted) ===================</p><p></p><p></p><p>==================== One Month Created Files and Folders ========</p><p></p><p>2013-12-03 16:59 - 2013-12-04 16:14 - 00000000 ____D C:\Users\Owner\AppData\Local\azNMZr5Em</p><p>2013-12-03 09:04 - 2013-12-03 09:04 - 00300544 _____ C:\ProgramData\lRocxhKe56g</p><p>2013-12-02 15:14 - 2013-12-02 15:14 - 00300544 _____ C:\ProgramData\mB12fY5Y</p><p>2013-12-02 11:33 - 2013-12-04 16:13 - 00000000 ____D C:\FRST</p><p>2013-12-02 11:33 - 2013-12-03 13:53 - 00000000 ____D C:\Users\Owner\Desktop\Quarantine</p><p>2013-11-29 23:37 - 2013-11-29 23:36 - 00300544 _____ C:\ProgramData\IBmKcIAW</p><p>2013-11-29 23:32 - 2013-11-29 23:32 - 00000000 __SHD C:\found.002</p><p>2013-11-29 23:28 - 2013-11-29 23:28 - 17226632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe</p><p>2013-11-29 23:28 - 2013-11-29 23:27 - 00300544 _____ C:\ProgramData\HL704fsmTx</p><p>2013-11-29 18:24 - 2013-11-29 18:24 - 00300544 _____ C:\ProgramData\g0NOzZAXdWP</p><p>2013-11-28 23:06 - 2013-11-28 23:06 - 00300544 _____ C:\ProgramData\zuqstZys</p><p>2013-11-28 22:58 - 2013-11-28 22:58 - 00300544 _____ C:\ProgramData\Pz0no2Izf</p><p>2013-11-28 22:54 - 2013-11-28 22:54 - 00299520 _____ C:\ProgramData\xtY8QRL8</p><p>2013-11-26 16:33 - 2013-11-26 16:33 - 00000000 ____D C:\Users\Owner\AppData\Local\avgchrome</p><p>2013-11-26 16:00 - 2013-11-26 16:00 - 00003288 ____N C:\bootsqm.dat</p><p>2013-11-26 15:59 - 2013-11-26 15:59 - 00000000 __SHD C:\found.001</p><p>2013-11-23 09:28 - 2013-11-23 09:28 - 00000000 ____D C:\Users\Owner\AppData\Local\DDMSettings</p><p>2013-11-23 09:24 - 2013-11-23 09:24 - 00000000 _____ C:\END</p><p></p><p>==================== One Month Modified Files and Folders =======</p><p></p><p>2013-12-04 16:14 - 2013-12-03 16:59 - 00000000 ____D C:\Users\Owner\AppData\Local\azNMZr5Em</p><p>2013-12-04 16:13 - 2013-12-02 11:33 - 00000000 ____D C:\FRST</p><p>2013-12-04 16:13 - 2013-01-20 14:48 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job</p><p>2013-12-04 16:13 - 2012-04-08 20:15 - 00000928 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1852901859-1596894870-3629313328-1000UA.job</p><p>2013-12-04 16:13 - 2012-03-31 10:28 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1852901859-1596894870-3629313328-1000UA.job</p><p>2013-12-04 16:13 - 2009-11-29 14:56 - 00031532 _____ C:\test.xml</p><p>2013-12-04 16:13 - 2009-10-14 22:30 - 01801488 _____ C:\Windows\WindowsUpdate.log</p><p>2013-12-03 17:08 - 2009-07-13 20:45 - 00014144 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0</p><p>2013-12-03 17:08 - 2009-07-13 20:45 - 00014144 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0</p><p>2013-12-03 17:07 - 2009-07-13 21:13 - 00005348 _____ C:\Windows\system32\PerfStringBackup.INI</p><p>2013-12-03 17:03 - 2013-10-02 18:51 - 00001844 _____ C:\Users\Public\Desktop\McAfee Total Protection.lnk</p><p>2013-12-03 17:02 - 2013-10-02 18:50 - 00000000 __RSD C:\Users\Owner\Documents\McAfee Vaults</p><p>2013-12-03 17:00 - 2013-09-25 16:02 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Spotify</p><p>2013-12-03 16:58 - 2013-01-27 22:12 - 00000362 ____H C:\Windows\Tasks\ZoomExUpdaterTask{F1DD2CB4-2ED9-4508-A1BD-EE123798A1FD}.job</p><p>2013-12-03 16:58 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT</p><p>2013-12-03 16:57 - 2013-03-20 13:49 - 00013832 _____ C:\Windows\setupact.log</p><p>2013-12-03 15:57 - 2011-02-15 17:40 - 00000000 ____D C:\ProgramData\McAfee</p><p>2013-12-03 13:53 - 2013-12-02 11:33 - 00000000 ____D C:\Users\Owner\Desktop\Quarantine</p><p>2013-12-03 09:04 - 2013-12-03 09:04 - 00300544 _____ C:\ProgramData\lRocxhKe56g</p><p>2013-12-03 06:01 - 2013-10-02 17:00 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton</p><p>2013-12-03 06:01 - 2009-09-03 01:28 - 00000000 ____D C:\ProgramData\Norton</p><p>2013-12-02 15:14 - 2013-12-02 15:14 - 00300544 _____ C:\ProgramData\mB12fY5Y</p><p>2013-12-02 11:33 - 2012-06-19 13:18 - 00000000 ____D C:\Users\Guest Access</p><p>2013-12-02 11:33 - 2010-01-31 09:26 - 00000000 ____D C:\Users\Guest</p><p>2013-12-02 11:33 - 2009-11-12 20:15 - 00000000 ____D C:\Users\Owner</p><p>2013-11-30 00:53 - 2013-03-11 14:00 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FrostWire 5</p><p>2013-11-30 00:53 - 2013-01-31 13:04 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69</p><p>2013-11-30 00:53 - 2013-01-31 13:04 - 00000000 ____D C:\Program Files\iTunes</p><p>2013-11-30 00:53 - 2013-01-31 13:00 - 00000000 ____D C:\Program Files (x86)\QuickTime</p><p>2013-11-30 00:53 - 2013-01-27 22:12 - 00000000 ____D C:\ProgramData\Zoomex</p><p>2013-11-30 00:53 - 2012-06-30 11:21 - 00000000 ____D C:\Program Files (x86)\wxDownload Fast</p><p>2013-11-30 00:53 - 2012-06-19 13:18 - 00000000 ___RD C:\Users\Guest Access\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup</p><p>2013-11-30 00:53 - 2012-06-19 13:18 - 00000000 ___RD C:\Users\Guest Access\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance</p><p>2013-11-30 00:53 - 2012-06-19 13:18 - 00000000 ___RD C:\Users\Guest Access\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools</p><p>2013-11-30 00:53 - 2012-06-19 13:18 - 00000000 ___RD C:\Users\Guest Access\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories</p><p>2013-11-30 00:53 - 2012-06-13 23:22 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared</p><p>2013-11-30 00:53 - 2012-03-31 10:28 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome</p><p>2013-11-30 00:53 - 2012-01-20 23:16 - 00000000 ____D C:\Users\Owner\AppData\Roaming\BitTorrent</p><p>2013-11-30 00:53 - 2011-12-29 12:07 - 00000000 ____D C:\Program Files (x86)\Xvid</p><p>2013-11-30 00:53 - 2011-12-29 11:53 - 00000000 ____D C:\Program Files (x86)\Object</p><p>2013-11-30 00:53 - 2011-12-27 20:35 - 00000000 ____D C:\ProgramData\MFAData</p><p>2013-11-30 00:53 - 2011-12-27 19:22 - 00000000 ____D C:\ProgramData\WRData</p><p>2013-11-30 00:53 - 2011-12-27 18:39 - 00000000 ____D C:\ProgramData\F5 Networks</p><p>2013-11-30 00:53 - 2011-11-19 13:34 - 00000000 ____D C:\Program Files\Bonjour</p><p>2013-11-30 00:53 - 2011-03-10 12:50 - 00000000 ____D C:\Program Files (x86)\PCiPod</p><p>2013-11-30 00:53 - 2011-03-09 20:21 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Audacity</p><p>2013-11-30 00:53 - 2011-03-09 18:57 - 00000000 ____D C:\Users\Owner\AppData\Roaming\FreeAudioPack</p><p>2013-11-30 00:53 - 2010-10-27 18:26 - 00000000 ____D C:\Program Files (x86)\Shareaza</p><p>2013-11-30 00:53 - 2010-10-27 18:14 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Azureus</p><p>2013-11-30 00:53 - 2010-10-16 13:14 - 00000000 ____D C:\Program Files\Lx_cats</p><p>2013-11-30 00:53 - 2010-10-16 13:13 - 00000000 ____D C:\Program Files\Lexmark 7300 Series</p><p>2013-11-30 00:53 - 2010-10-16 13:13 - 00000000 ____D C:\Program Files (x86)\Lexmark 7300 Series</p><p>2013-11-30 00:53 - 2010-08-21 19:00 - 00000000 ____D C:\Program Files (x86)\iTunes</p><p>2013-11-30 00:53 - 2010-08-03 12:50 - 00000000 ____D C:\Program Files (x86)\Virtual Earth 3D</p><p>2013-11-30 00:53 - 2010-06-21 00:13 - 00000000 ____D C:\Program Files (x86)\Quicken</p><p>2013-11-30 00:53 - 2010-03-29 12:05 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Facebook</p><p>2013-11-30 00:53 - 2010-01-31 09:26 - 00000000 ___RD C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup</p><p>2013-11-30 00:53 - 2010-01-31 09:26 - 00000000 ___RD C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance</p><p>2013-11-30 00:53 - 2010-01-31 09:26 - 00000000 ___RD C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools</p><p>2013-11-30 00:53 - 2010-01-31 09:26 - 00000000 ___RD C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories</p><p>2013-11-30 00:53 - 2010-01-20 18:39 - 00000000 ____D C:\Users\Owner\Documents\Cucusoft</p><p>2013-11-30 00:53 - 2009-11-29 20:18 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Skype</p><p>2013-11-30 00:53 - 2009-11-29 20:17 - 00000000 ___RD C:\Program Files (x86)\Skype</p><p>2013-11-30 00:53 - 2009-11-14 07:16 - 00000000 ___RD C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup</p><p>2013-11-30 00:53 - 2009-11-14 07:16 - 00000000 ___RD C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools</p><p>2013-11-30 00:53 - 2009-11-12 20:15 - 00000000 ___RD C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance</p><p>2013-11-30 00:53 - 2009-11-12 20:15 - 00000000 ___RD C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories</p><p>2013-11-30 00:53 - 2009-09-03 01:25 - 00000000 ____D C:\Program Files\SPHE BD-Live</p><p>2013-11-30 00:53 - 2009-09-03 01:21 - 00000000 ____D C:\Program Files (x86)\Windows Live SkyDrive</p><p>2013-11-30 00:53 - 2009-09-03 01:01 - 00000000 ___HD C:\SPLASH.SYS</p><p>2013-11-30 00:53 - 2009-09-03 00:41 - 00000000 ____D C:\Program Files\PlayReady</p><p>2013-11-30 00:53 - 2009-09-03 00:38 - 00000000 ____D C:\Program Files (x86)\Microsoft Office Suite Activation Assistant</p><p>2013-11-30 00:53 - 2009-09-03 00:37 - 00000000 ___RD C:\Users\Owner\Desktop\Microsoft Office</p><p>2013-11-30 00:53 - 2009-09-03 00:31 - 00000000 ____D C:\Program Files (x86)\Microsoft Works</p><p>2013-11-30 00:53 - 2009-08-18 15:40 - 00000000 ____D C:\Program Files\Apoint</p><p>2013-11-30 00:53 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Sidebar</p><p>2013-11-30 00:53 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar</p><p>2013-11-30 00:53 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\MSBuild</p><p>2013-11-30 00:53 - 2009-07-13 19:20 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance</p><p>2013-11-30 00:53 - 2009-07-13 19:20 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories</p><p>2013-11-30 00:53 - 2009-07-13 19:20 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance</p><p>2013-11-30 00:53 - 2009-07-13 19:20 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories</p><p>2013-11-30 00:52 - 2013-10-02 18:50 - 00000000 ____D C:\Program Files (x86)\McAfee.com</p><p>2013-11-30 00:52 - 2013-10-02 18:50 - 00000000 ____D C:\Program Files (x86)\McAfee</p><p>2013-11-30 00:52 - 2013-10-02 18:42 - 00000000 ____D C:\Program Files\Common Files\McAfee</p><p>2013-11-30 00:52 - 2013-10-02 18:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox</p><p>2013-11-30 00:52 - 2013-05-20 15:06 - 00000000 ____D C:\Program Files (x86)\Delta</p><p>2013-11-30 00:52 - 2013-05-20 15:05 - 00000000 ____D C:\Program Files (x86)\TornTV.com</p><p>2013-11-30 00:52 - 2013-03-17 15:05 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight</p><p>2013-11-30 00:52 - 2013-01-27 22:12 - 00000000 ____D C:\Program Files (x86)\ZoomEx</p><p>2013-11-30 00:52 - 2012-06-30 14:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service</p><p>2013-11-30 00:52 - 2012-06-28 08:15 - 00000000 ____D C:\Program Files (x86)\FrostWire 5</p><p>2013-11-30 00:52 - 2012-06-15 16:21 - 00000000 ____D C:\Program Files (x86)\Free M4a to MP3 Converter</p><p>2013-11-30 00:52 - 2011-12-29 11:53 - 00000000 ____D C:\Program Files (x86)\Yontoo Layers Runtime</p><p>2013-11-30 00:52 - 2011-11-19 13:34 - 00000000 ____D C:\Program Files (x86)\Bonjour</p><p>2013-11-30 00:52 - 2011-11-06 19:54 - 00000000 ____D C:\Program Files (x86)\eMusic Download Manager</p><p>2013-11-30 00:52 - 2011-10-01 14:49 - 00000000 ____D C:\Program Files\DivX</p><p>2013-11-30 00:52 - 2011-10-01 14:46 - 00000000 ____D C:\Program Files (x86)\Graboid</p><p>2013-11-30 00:52 - 2011-09-08 18:15 - 00000000 ____D C:\Program Files (x86)\Apple Software Update</p><p>2013-11-30 00:52 - 2011-03-12 17:52 - 00000000 ____D C:\Program Files (x86)\DivX</p><p>2013-11-30 00:52 - 2010-10-27 17:27 - 00000000 ____D C:\Program Files (x86)\FrostWire</p><p>2013-11-30 00:52 - 2009-11-29 14:57 - 00000000 ____D C:\Netgear</p><p>2013-11-30 00:52 - 2009-09-03 00:39 - 00000000 ____D C:\Nobu_Icon</p><p>2013-11-30 00:51 - 2013-10-02 18:50 - 00000000 ____D C:\Program Files\McAfee</p><p>2013-11-30 00:51 - 2013-09-20 13:54 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard</p><p>2013-11-30 00:51 - 2013-07-13 22:07 - 00000000 ____D C:\Users\Owner\AppData\Roaming\File Scout</p><p>2013-11-30 00:51 - 2013-05-20 15:05 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com</p><p>2013-11-30 00:51 - 2013-03-27 19:20 - 00000000 ____D C:\Users\Owner\Desktop\EmsisoftEmergencyKit</p><p>2013-11-30 00:51 - 2013-03-17 15:05 - 00000000 ____D C:\Program Files\Microsoft Silverlight</p><p>2013-11-30 00:51 - 2012-06-30 11:20 - 00000000 ____D C:\ProgramData\wxDfast</p><p>2013-11-30 00:51 - 2012-06-27 17:56 - 00000000 ____D C:\Users\Owner\AppData\Roaming\vlc</p><p>2013-11-30 00:51 - 2011-09-10 11:43 - 00000000 ____D C:\Users\Owner\.frostwire5</p><p>2013-11-30 00:51 - 2011-04-26 17:46 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon</p><p>2013-11-30 00:51 - 2011-03-12 18:03 - 00000000 ____D C:\ProgramData\DivX</p><p>2013-11-30 00:51 - 2011-03-09 19:19 - 00000000 ____D C:\ProgramData\Real</p><p>2013-11-30 00:51 - 2009-09-03 00:36 - 00000000 ____D C:\ProgramData\Microsoft Help</p><p>2013-11-30 00:51 - 2009-08-18 17:46 - 00000000 ____D C:\ProgramData\Sony Corporation</p><p>2013-11-30 00:50 - 2013-10-02 17:00 - 00000000 ____D C:\Users\Public\Downloads\Norton</p><p>2013-11-30 00:50 - 2010-02-18 13:07 - 00000000 ____D C:\Users\Owner\ZipForm</p><p>2013-11-30 00:50 - 2009-08-19 10:30 - 00000000 ___RD C:\Users\Public\Recorded TV</p><p>2013-11-30 00:50 - 2009-08-19 10:30 - 00000000 ____D C:\Windows\ShellNew</p><p>2013-11-30 00:50 - 2009-08-18 15:13 - 00000000 ____D C:\Windows\InstDrvs</p><p>2013-11-30 00:50 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\Offline Web Pages</p><p>2013-11-30 00:50 - 2009-07-13 19:20 - 00000000 __RSD C:\Windows\Media</p><p>2013-11-30 00:50 - 2009-07-13 19:20 - 00000000 __RHD C:\Users\Public\Libraries</p><p>2013-11-30 00:50 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Help</p><p>2013-11-30 00:49 - 2012-02-27 12:03 - 00000000 ____D C:\Windows\SysWOW64\Drivers\AVG</p><p>2013-11-30 00:49 - 2011-12-27 20:40 - 00000000 ____D C:\Windows\system32\Drivers\AVG</p><p>2013-11-30 00:49 - 2011-12-27 19:35 - 00000000 ____D C:\Windows\system32\SPReview</p><p>2013-11-30 00:49 - 2011-12-27 19:34 - 00000000 ____D C:\Windows\system32\EventProviders</p><p>2013-11-30 00:49 - 2010-01-30 12:06 - 00000000 ____D C:\Windows\system32\TVUAx</p><p>2013-11-30 00:49 - 2010-01-30 12:05 - 00000000 ____D C:\Windows\SysWOW64\TVUAx</p><p>2013-11-30 00:49 - 2009-09-03 01:15 - 00000000 ____D C:\Windows\System32\Tasks\SONY</p><p>2013-11-30 00:49 - 2009-09-03 00:53 - 00000000 ____D C:\Windows\{AEC0FEE6-3A76-44E1-97A2-5DA325DFC41C}</p><p>2013-11-30 00:49 - 2009-09-03 00:25 - 00000000 ____D C:\Windows\SysWOW64\Macromed</p><p>2013-11-30 00:49 - 2009-08-18 15:37 - 00000000 ____D C:\Windows\SysWOW64\SDA</p><p>2013-11-30 00:49 - 2009-08-18 15:19 - 00000000 ____D C:\Windows\SysWOW64\RTCOM</p><p>2013-11-30 00:49 - 2009-08-18 15:18 - 00000000 ____D C:\Windows\SysWOW64\x64</p><p>2013-11-30 00:49 - 2009-07-13 19:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy</p><p>2013-11-30 00:49 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\TAPI</p><p>2013-11-30 00:49 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\Recovery</p><p>2013-11-30 00:49 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\oobe</p><p>2013-11-30 00:49 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system32\sysprep</p><p>2013-11-30 00:49 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system32\NDF</p><p>2013-11-30 00:49 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system32\Msdtc</p><p>2013-11-30 00:49 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system</p><p>2013-11-29 23:36 - 2013-11-29 23:37 - 00300544 _____ C:\ProgramData\IBmKcIAW</p><p>2013-11-29 23:32 - 2013-11-29 23:32 - 00000000 __SHD C:\found.002</p><p>2013-11-29 23:28 - 2013-11-29 23:28 - 17226632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe</p><p>2013-11-29 23:28 - 2011-09-06 17:53 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl</p><p>2013-11-29 23:27 - 2013-11-29 23:28 - 00300544 _____ C:\ProgramData\HL704fsmTx</p><p>2013-11-29 18:53 - 2013-09-20 13:54 - 00003420 _____ C:\Windows\System32\Tasks\BitGuard</p><p>2013-11-29 18:24 - 2013-11-29 18:24 - 00300544 _____ C:\ProgramData\g0NOzZAXdWP</p><p>2013-11-28 23:10 - 2013-03-20 13:48 - 00116916 _____ C:\Windows\PFRO.log</p><p>2013-11-28 23:06 - 2013-11-28 23:06 - 00300544 _____ C:\ProgramData\zuqstZys</p><p>2013-11-28 22:58 - 2013-11-28 22:58 - 00300544 _____ C:\ProgramData\Pz0no2Izf</p><p>2013-11-28 22:54 - 2013-11-28 22:54 - 00299520 _____ C:\ProgramData\xtY8QRL8</p><p>2013-11-26 16:41 - 2013-09-25 16:03 - 00000000 ____D C:\Users\Owner\AppData\Local\Spotify</p><p>2013-11-26 16:33 - 2013-11-26 16:33 - 00000000 ____D C:\Users\Owner\AppData\Local\avgchrome</p><p>2013-11-26 16:33 - 2013-10-02 17:00 - 00001295 _____ C:\Users\Owner\Desktop\Norton Installation Files.lnk</p><p>2013-11-26 16:06 - 2009-11-12 20:16 - 00118312 _____ C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT</p><p>2013-11-26 16:00 - 2013-11-26 16:00 - 00003288 ____N C:\bootsqm.dat</p><p>2013-11-26 15:59 - 2013-11-26 15:59 - 00000000 __SHD C:\found.001</p><p>2013-11-24 18:35 - 2009-07-13 20:45 - 00456640 _____ C:\Windows\system32\FNTCACHE.DAT</p><p>2013-11-23 09:28 - 2013-11-23 09:28 - 00000000 ____D C:\Users\Owner\AppData\Local\DDMSettings</p><p>2013-11-23 09:24 - 2013-11-23 09:24 - 00000000 _____ C:\END</p><p></p><p>==================== Bamital & volsnap Check =================</p><p></p><p>C:\Windows\System32\winlogon.exe => MD5 is legit</p><p>C:\Windows\System32\wininit.exe => MD5 is legit</p><p>C:\Windows\SysWOW64\wininit.exe => MD5 is legit</p><p>C:\Windows\explorer.exe => MD5 is legit</p><p>C:\Windows\SysWOW64\explorer.exe => MD5 is legit</p><p>C:\Windows\System32\svchost.exe => MD5 is legit</p><p>C:\Windows\SysWOW64\svchost.exe => MD5 is legit</p><p>C:\Windows\System32\services.exe => MD5 is legit</p><p>C:\Windows\System32\User32.dll => MD5 is legit</p><p>C:\Windows\SysWOW64\User32.dll => MD5 is legit</p><p>C:\Windows\System32\userinit.exe => MD5 is legit</p><p>C:\Windows\SysWOW64\userinit.exe => MD5 is legit</p><p>C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit</p><p></p><p></p><p>LastRegBack: 2013-03-10 23:36</p><p></p><p>==================== End Of Log ============================</p></blockquote><p></p>
[QUOTE="dsgreen87, post: 146828, member: 15396"] OK so in normal boot mode here is the FRST report. It also did an addition.txt, would you like that as well? Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-12-2013 Ran by Owner (administrator) on OWNER-VAIO on 04-12-2013 16:13:57 Running from D:\ Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation) C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe (ALPS) C:\Program Files\Apoint\Apvfb.exe (Lexmark International, Inc.) C:\Program Files (x86)\Lexmark 7300 Series\lxcimon.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe (Lexmark International Inc.) C:\Program Files (x86)\Lexmark 7300 Series\ezprint.exe (Google Inc.) C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe (Facebook Inc.) C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe (Sony Corporation) C:\Program Files\Sony\VAIO Care\VAIOCareService.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Sony Corporation) C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe (Spotify Ltd) C:\Users\Owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE () C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe (Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe ( ) C:\Windows\System32\lxcicoms.exe () C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe () C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (Sony Corporation) C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe (Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (Symantec Corporation) C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCsystray.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe (ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (McAfee, Inc.) C:\Program Files\McAfee\MAT\McPvTray.exe (Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe (Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESGfxMgr.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Farbar) D:\FRST64 (3).exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Apoint] - C:\Program Files\Apoint\Apoint.exe [208384 2009-08-03] (Alps Electric Co., Ltd.) HKLM\...\Run: [lxcimon.exe] - C:\Program Files (x86)\Lexmark 7300 Series\lxcimon.exe [205744 2007-05-11] (Lexmark International, Inc.) HKLM\...\Run: [EzPrint] - C:\Program Files (x86)\Lexmark 7300 Series\ezprint.exe [103344 2007-05-11] (Lexmark International Inc.) HKLM\...\Run: [LXCICATS] - rundll32 \3\LXCItime.dll,RunDLLEntry HKLM-x32\...\Winlogon: [Userinit] C:\Windows\sysWOW64\userinit.exe [26624 2010-11-20] (Microsoft Corporation) HKLM-x32\...\Winlogon: [Shell] cmd.exe [302592 2010-11-20] (Microsoft Corporation) <=== ATTENTION Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer: [UseDefaultTile] 0 HKLM\...\Policies\Explorer: [NoWelcomeScreen] 0 HKLM-x32\...\Command Processor: "C:\Users\Owner\AppData\Local\azNMZr5Em\l9CQ7M8mo0.exe" <======= ATTENTION HKCU\...\Run: [Xvid] - C:\Program Files (x86)\Xvid\CheckUpdate.exe [8192 2011-01-17] () HKCU\...\Run: [Google Update] - C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-03-21] (Google Inc.) HKCU\...\Run: [Facebook Update] - C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-11] (Facebook Inc.) HKCU\...\Run: [AmazonMP3DownloaderHelper] - C:\Users\Owner\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-09] () HKCU\...\Run: [Spotify] - C:\Users\Owner\AppData\Roaming\Spotify\spotify.exe [5955072 2013-11-26] (Spotify Ltd) HKCU\...\Run: [Spotify Web Helper] - C:\Users\Owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1168896 2013-11-26] (Spotify Ltd) HKCU\...\Run: [l9CQ7M8mo0.exe] - C:\Users\Owner\AppData\Local\azNMZr5Em\l9CQ7M8mo0.exe [107192 2013-12-03] (Microsoft Corporation) HKCU\...\Winlogon: [Shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation) <==== ATTENTION HKCU\...\Command Processor: "C:\Users\Owner\AppData\Local\azNMZr5Em\l9CQ7M8mo0.exe" <======= ATTENTION HKCU\...\Policies\system: [LogonHoursAction] 2 HKCU\...\Policies\system: [NoDispCPL] 0 HKCU\...\Policies\system: [NoDispAppearancePage] 0 HKCU\...\Policies\system: [NoDispBackgroundPage] 0 HKCU\...\Policies\system: [NoDispScrSavPage] 0 HKCU\...\Policies\system: [NoDispSettingsPage] 0 HKCU\...\Policies\system: [NoColorChoice] 0 HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 0 HKCU\...\Policies\system: [DisableLockWorkstation] 0 HKCU\...\Policies\system: [DisableChangePassword] 0 HKCU\...\Policies\system: [HideLogonScripts] 0 HKCU\...\Policies\system: [HideLogoffScripts] 0 HKCU\...\Policies\system: [HideLegacyLogonScripts] 0 HKCU\...\Policies\Explorer: [NoThemesTab] 0 HKCU\...\Policies\Explorer: [NoAddPrinter] 0 HKCU\...\Policies\Explorer: [NoDeletePrinter] 0 HKCU\...\Policies\Explorer: [RestrictCpl] 0 HKCU\...\Policies\Explorer: [DisallowCpl] 0 HKCU\...\Policies\Explorer: [NoViewOnDrive] 0 HKCU\...\Policies\Explorer: [NoDrivesInSendToMenu] 0 HKCU\...\Policies\Explorer: [RestrictRun] 0 HKCU\...\Policies\Explorer: [DisallowRun] 0 HKCU\...\Policies\Explorer: [NoRecycleFiles] 0 HKCU\...\Policies\Explorer: [PreventItemCreationInUsersFilesFolder] 0 HKCU\...\Policies\Explorer: [NoReadingPane] 0 HKCU\...\Policies\Explorer: [NoPreviewPane] 0 HKCU\...\Policies\Explorer: [DontSetAutoplayCheckbox] 0 HKCU\...\Policies\Explorer: [NoPropertiesMyDocuments] 0 HKCU\...\Policies\Explorer: [NoPropertiesRecycleBin] 0 HKCU\...\Policies\Explorer: [NoManageMyComputerVerb] 0 HKCU\...\Policies\Explorer: [ClassicShell] 0 HKCU\...\Policies\Explorer: [NoControlPanel] 0 HKCU\...\Policies\Explorer: [NoCustomizeWebView] 0 HKCU\...\Policies\Explorer: [NoViewContextMenu] 0 HKCU\...\Policies\Explorer: [NoFileMenu] 0 HKCU\...\Policies\Explorer: [NoWinKeys] 0 HKCU\...\Policies\Explorer: [NoDFSTab] 0 HKCU\...\Policies\Explorer: [NoHardwareTab] 0 HKCU\...\Policies\Explorer: [NoSecurityTab] 0 HKCU\...\Policies\Explorer: [DisableThumbnails] 0 HKCU\...\Policies\Explorer: [DisableThumbnailsOnNetworkFolders] 0 HKCU\...\Policies\Explorer: [NoInstrumentation] 0 HKCU\...\Policies\Explorer: [NoCustomizeThisFolder] 0 HKCU\...\Policies\Explorer: [NoWebView] 0 HKCU\...\Policies\Explorer: [DontShowSuperHidden] 0 HKCU\...\Policies\Explorer: [NoOnlinePrintsWizard] 0 HKCU\...\Policies\Explorer: [NoPublishingWizard] 0 HKCU\...\Policies\Explorer: [AlwaysShowClassicMenu] 0 HKCU\...\Policies\Explorer: [ClearRecentProgForNewUserInStartMenu] 0 HKCU\...\Policies\Explorer: [NoUserFolderInStartMenu] 0 HKCU\...\Policies\Explorer: [NoSearchComputerLinkInStartMenu] 0 HKCU\...\Policies\Explorer: [NoSearchProgramsInStartMenu] 0 HKCU\...\Policies\Explorer: [NoSearchInternetInStartMenu] 0 HKCU\...\Policies\Explorer: [NoSearchFilesInStartMenu] 0 HKCU\...\Policies\Explorer: [NoSearchCommInStartMenu] 0 HKCU\...\Policies\Explorer: [NoSetTaskbar] 0 HKCU\...\Policies\Explorer: [NoSMConfigurePrograms] 0 HKCU\...\Policies\Explorer: [NoRecentDocsMenu] 0 HKCU\...\Policies\Explorer: [NoSMMyPictures] 0 HKCU\...\Policies\Explorer: [NoStartMenuMyMusic] 0 HKCU\...\Policies\Explorer: [NoSMMyDocs] 0 HKCU\...\Policies\Explorer: [NoStartMenuNetworkPlaces] 0 HKCU\...\Policies\Explorer: [NoFavoritesMenu] 0 HKCU\...\Policies\Explorer: [NoHelp] 0 HKCU\...\Policies\Explorer: [NoNetworkConnections] 0 HKCU\...\Policies\Explorer: [NoFind] 0 HKCU\...\Policies\Explorer: [NoCommonGroups] 0 HKCU\...\Policies\Explorer: [NoWindowsUpdate] 0 HKCU\...\Policies\Explorer: [NoFolderOptions] 0 HKCU\...\Policies\Explorer: [NoChangeStartMenu] 0 HKCU\...\Policies\Explorer: [NoStartMenuMFUprogramsList] 0 HKCU\...\Policies\Explorer: [NoStartMenuPinnedList] 0 HKCU\...\Policies\Explorer: [NoStartMenuMorePrograms] 0 HKCU\...\Policies\Explorer: [NoStartMenuEjectPC] 0 HKCU\...\Policies\Explorer: [NoSimpleStartMenu] 0 HKCU\...\Policies\Explorer: [ForceStartMenuLogoff] 0 HKCU\...\Policies\Explorer: [NoStartMenuSubFolders] 0 HKCU\...\Policies\Explorer: [NoDisconnect] 0 HKCU\...\Policies\Explorer: [NoNtSecurity] 0 HKCU\...\Policies\Explorer: [NoSetFolders] 0 HKCU\...\Policies\Explorer: [GreyMSIAds] 0 HKCU\...\Policies\Explorer: [ForceMaxRecentDocs] 0 HKCU\...\Policies\Explorer: [NoStartMenuMyGames] 0 HKCU\...\Policies\Explorer: [NoSMBalloonTip] 0 HKCU\...\Policies\Explorer: [NoSMBalloonTips] 0 HKCU\...\Policies\Explorer: [NoTrayContextMenu] 0 HKCU\...\Policies\Explorer: [NoTrayItemsDisplay] 0 HKCU\...\Policies\Explorer: [LockTaskbar] 0 HKCU\...\Policies\Explorer: [HideClock] 0 HKCU\...\Policies\Explorer: [HideSCAVolume] 0 HKCU\...\Policies\Explorer: [HideSCANetwork] 0 HKCU\...\Policies\Explorer: [HideSCAPower] 0 HKCU\...\Policies\Explorer: [HideSCABattery] 0 HKCU\...\Policies\Explorer: [TaskbarNoNotification] 0 HKCU\...\Policies\Explorer: [NoToolbarsOnTaskbar] 0 HKCU\...\Policies\Explorer: [NoTaskGrouping] 0 HKCU\...\Policies\Explorer: [TaskbarNoThumbnail] 0 HKCU\...\Policies\Explorer: [TaskbarLockAll] 0 HKCU\...\Policies\Explorer: [TaskbarNoResize] 0 HKCU\...\Policies\Explorer: [TaskbarNoAddRemoveToolbar] 0 HKCU\...\Policies\Explorer: [TaskbarNoDragToolbar] 0 HKCU\...\Policies\Explorer: [TaskbarNoRedock] 0 HKCU\...\Policies\Explorer: [RestrictWelcomeCenter] 0 HKCU\...\Policies\Explorer: [NoWebServices] 0 HKCU\...\Policies\Explorer: [NoFileUrl] 0 HKCU\...\Policies\Explorer: [NoInternetIcon] 0 HKCU\...\Policies\Explorer: [NoBandCustomize] 0 HKCU\...\Policies\Explorer: [NoToolbarCustomize] 0 HKCU\...\Policies\Explorer: [SpecifyDefaultButtons] 0 HKCU\...\Policies\Explorer: [NoInplaceSharing] 0 HKCU\...\Policies\Explorer: [NoNetHood] 0 HKCU\...\Policies\Explorer: [NoNetConnectDisconnect] 0 HKCU\...\Policies\Explorer: [UseFoldersInStartMenu] 0 HKCU\...\Policies\Explorer: [TurnOffSPIAnimations] 0 HKCU\...\Policies\Explorer: [EnforceShellExtensionSecurity] 0 HKCU\...\Policies\Explorer: [NoLogOff] 0 HKCU\...\Policies\Explorer: [NoRunasInstallPrompt] 0 HKCU\...\Policies\Explorer: [PromptRunasInstallNetPath] 1 HKCU\...\Policies\Explorer: [NoResolveSearch] 0 HKCU\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0 HKCU\...\Policies\Explorer: [NoDevMgrUpdate] 0 HKCU\...\Policies\Explorer: [NoDesktopCleanupWizard] 0 HKCU\...\Policies\Explorer: [NoThumbnailCache] 0 HKCU\...\Policies\Explorer: [ForceCopyAclwithFile] 0 HKCU\...\Policies\Explorer: [StartRunNoHOMEPATH] 0 HKLM-x32\...\Run: [SmartWiHelper] - C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe [79872 2009-08-26] (Sony Electronics Corporation) HKLM-x32\...\Run: [ISBMgr.exe] - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [317288 2009-05-26] (Sony Corporation) HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe [35760 2010-09-23] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-02] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AppleSyncNotifier] - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [58656 2011-04-20] (Apple Inc.) HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [273528 2011-09-17] (RealNetworks, Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2011-06-09] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.) HKLM-x32\...\Run: [ROC_roc_dec12] - "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 HKLM-x32\...\Run: [ccApp] - C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe [115560 2009-07-08] (Symantec Corporation) HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.) HKLM-x32\...\Run: [mcpltui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [537512 2013-08-06] (McAfee, Inc.) HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-28] () HKLM-x32\...\Run: [5ElDeUzAp.exe] - "C:\Users\Owner\AppData\Local\XtfJ5ZXIEO4\5ElDeUzAp.exe" HKLM-x32\...\Run: [XhYbIiqqD.exe] - "C:\Windows\system32\config\systemprofile\AppData\Local\EhItiq0rXCm\XhYbIiqqD.exe" HKLM-x32\...\Run: [9br2OEaskS.exe] - "C:\Users\Owner\AppData\Local\0hgc3i53s8G\9br2OEaskS.exe" HKLM-x32\...\Run: [1vZcSiax.exe] - "C:\Users\Owner\AppData\Local\wMv9BNGl\1vZcSiax.exe" HKLM-x32\...\Run: [l9CQ7M8mo0.exe] - C:\Users\Owner\AppData\Local\azNMZr5Em\l9CQ7M8mo0.exe [107192 2013-12-03] (Microsoft Corporation) HKU\Guest\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.) HKU\Guest\...\Policies\system: [NoDispCPL] 0 HKU\Guest\...\Policies\system: [NoDispAppearancePage] 0 HKU\Guest\...\Policies\system: [NoDispBackgroundPage] 0 HKU\Guest\...\Policies\system: [NoDispScrSavPage] 0 HKU\Guest\...\Policies\system: [NoDispSettingsPage] 0 HKU\Guest\...\Policies\system: [NoColorChoice] 0 HKU\Guest\...\Policies\system: [DontDisplayLogonHoursWarnings] 0 HKU\Guest\...\Policies\system: [DisableLockWorkstation] 0 HKU\Guest\...\Policies\system: [DisableChangePassword] 0 HKU\Guest\...\Policies\system: [HideLogonScripts] 0 HKU\Guest\...\Policies\system: [HideLogoffScripts] 0 HKU\Guest\...\Policies\system: [HideLegacyLogonScripts] 0 HKU\Guest Access\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.) HKU\Guest Access\...\Policies\system: [LogonHoursAction] 2 HKU\Guest Access\...\Policies\system: [NoDispCPL] 0 HKU\Guest Access\...\Policies\system: [NoDispAppearancePage] 0 HKU\Guest Access\...\Policies\system: [NoDispBackgroundPage] 0 HKU\Guest Access\...\Policies\system: [NoDispScrSavPage] 0 HKU\Guest Access\...\Policies\system: [NoDispSettingsPage] 0 HKU\Guest Access\...\Policies\system: [NoColorChoice] 0 HKU\Guest Access\...\Policies\system: [DontDisplayLogonHoursWarnings] 0 HKU\Guest Access\...\Policies\system: [DisableLockWorkstation] 0 HKU\Guest Access\...\Policies\system: [DisableChangePassword] 0 HKU\Guest Access\...\Policies\system: [HideLogonScripts] 0 HKU\Guest Access\...\Policies\system: [HideLogoffScripts] 0 HKU\Guest Access\...\Policies\system: [HideLegacyLogonScripts] 0 AppInit_DLLs-x32: c:\progra~3\bitguard\271832~1.68\{c16c1~1\bitguard.dll [ ] () Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.delta-search.com/?affID=119776&tt=gc_190513_215&babsrc=HP_ss&mntrId=0E0506265EFB260B HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www1.delta-search.com/?affID=119776&tt=gc_190513_215&babsrc=HP_ss&mntrId=0E0506265EFB260B HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://searchab.com/?aff=7&uid=7be30fc0-6911-11e2-8e65-0024be7853db StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM-x32 - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = SearchScopes: HKCU - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://searchab.com/?aff=7&uid=7be30fc0-6911-11e2-8e65-0024be7853db&q={searchTerms} SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www1.delta-search.com/?q={searchTerms}&affID=119776&tt=gc_190513_215&babsrc=SP_ss&mntrId=0E0506265EFB260B SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://searchab.com/?aff=7&uid=7be30fc0-6911-11e2-8e65-0024be7853db&q={searchTerms} SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={9A7894ED-3406-46E8-B54F-FE8C13C134FE}&mid=94b73e5d671547d1b2cad16df89cba28-d02a467b1f8c70683fabe06c95f820a38c34789b&lang=en&ds=AVG&pr=fr&d=2012-01-30 13:13:19&v=9.0.0.23&sap=dsp&q={searchTerms} SearchScopes: HKCU - {A86CB93C-AF88-B5FE-F4D9-E79E5C6A4474} URL = http://www.bing.com/search?q={searchTerms}&pc=ZUGO&form=ZGAIDF BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Facetheme - {27a220b7-bb43-4faf-b27b-f803d18eea28} - C:\Program Files (x86)\Object\bho_project.dll (InternetEngine) BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO-x32: Zoomex - {8F4753DF-0E4A-DA24-34CF-7790AC624DDF} - C:\ProgramData\Zoomex\51061c70c8584.dll () BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: Skype Plug-In - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) BHO-x32: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.21.5\bh\delta.dll (Delta-search.com) BHO-x32: wxDfast Class - {CFD75BD7-373F-9AE4-2B22-ACBE23F39F59} - C:\ProgramData\wxDfast\bhoclass.dll No File BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) Toolbar: HKLM-x32 - Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.21.5\deltaTlbr.dll (Delta-search.com) Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) DPF: HKLM-x32 {195538FD-1C39-44B1-A7C3-5D7137A8A8F1} https://securera.edwardjones.com/vdesk/terminal/f5opswati.cab#Version=7060,2012,1129,22 DPF: HKLM-x32 {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} https://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab DPF: HKLM-x32 {30CF9713-6614-4556-B5F5-66F8C7F9DEF1} https://securera.edwardjones.com/vdesk/terminal/f5opswati.cab#Version=7060,2012,1129,22 DPF: HKLM-x32 {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} https://securera.edwardjones.com/vdesk/terminal/f5tunsrv.cab#version=7000,2012,1019,1308 DPF: HKLM-x32 {45B69029-F3AB-4204-92DE-D5140C3E8E74} https://securera.edwardjones.com/vdesk/terminal/InstallerControl.cab#version=7000,2012,1019,1322 DPF: HKLM-x32 {49EC7987-E331-44E3-B170-748B58A268B9} https://securera.edwardjones.com/vdesk/terminal/f5opswati.cab#Version=7060,2012,1129,22 DPF: HKLM-x32 {57C76689-F052-487B-A19F-855AFDDF28EE} https://securera.edwardjones.com/vdesk/terminal/f5InspectionHost.cab#version=7000,2012,1019,1254 DPF: HKLM-x32 {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} https://crestedg.century21.com/EDGDOTNET/ImageUploader/ImageUploader5.cab DPF: HKLM-x32 {644E432F-49D3-41A1-8DD5-E099162EEEC5} https://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab DPF: HKLM-x32 {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx DPF: HKLM-x32 {E0FF21FA-B857-45C5-8621-F120A0C17FF2} https://securera.edwardjones.com/vdesk/terminal/urxhost.cab#version=7000,2012,1019,1321 DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: HKLM-x32 {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} https://securera.edwardjones.com/policy/download_binary.php/win32/f5syschk.cab#Version=7000,2012,1019,1308 DPF: HKLM-x32 {EBDC91CB-F23F-477D-B152-3F7243760D04} https://securera.edwardjones.com/vdesk/terminal/f5opswati.cab#Version=7060,2012,1129,22 Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.) Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.) FireFox: ======== FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\crkgst8z.default FF user.js: detected! => C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\crkgst8z.default\user.js FF NewTab: hxxp://www1.delta-search.com/?affID=119776&tt=gc_190513_215&babsrc=NT_ss&mntrId=0E0506265EFB260B FF DefaultSearchEngine: Delta Search FF SearchEngineOrder.1: Privitize VPN FF SearchEngineOrder.user_pref("browser.search.order.1,S", "");: user_pref("browser.search.order.1,S", ""); FF SelectedSearchEngine: Delta Search FF Homepage: hxxp://www1.delta-search.com/?affID=119776&tt=gc_190513_215&babsrc=HP_ss&mntrId=0E0506265EFB260B FF Keyword.URL: hxxp://searchab.com/?aff=7&uid=7be30fc0-6911-11e2-8e65-0024be7853db&q= FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 - C:\Program Files (x86)\Virtual Earth 3D\ () FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC) FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL () FF Plugin-x32: @mcafee.com/SAFFPlugin - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/VirtualEarth3D,version=4.0 - C:\Program Files (x86)\Virtual Earth 3D\ () FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @real.com/nppl3260;version=12.0.1.669 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprjplug;version=12.0.1.669 - c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=12.0.1.669 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprphtml5videoshim;version=12.0.1.669 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpjplug;version=12.0.1.669 - c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin HKCU: @facebook.com/FBPlugin,version=1.0.3 - C:\Users\Owner\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( ) FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Owner\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Owner\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Owner\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\Owner\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.) FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\crkgst8z.default\searchplugins\babylon.xml FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\crkgst8z.default\searchplugins\delta.xml FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\crkgst8z.default\searchplugins\Searchab.xml FF Extension: Zoomex - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\crkgst8z.default\Extensions\51061c70c83f1@51061c70c842b.com FF Extension: Delta Toolbar - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\crkgst8z.default\Extensions\ffxtlbr@delta.com FF Extension: Yontoo - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\crkgst8z.default\Extensions\plugin@yontoo.com FF Extension: torntv2 - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\crkgst8z.default\Extensions\torntv2@torntv.com.xpi FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF HKLM-x32\...\Firefox\Extensions: [crossriderapp435@crossrider.com] - C:\ProgramData\CodecCheck\firefox FF Extension: Premiumplay Codec-C - C:\ProgramData\CodecCheck\firefox FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK Chrome: ======= CHR HomePage: hxxp://www1.delta-search.com/?affID=119776&tt=gc_190513_215&babsrc=HP_ss&mntrId=0E0506265EFB260B CHR RestoreOnStartup: "hxxp://www1.delta-search.com/?affID=119776&tt=gc_190513_215&babsrc=HP_ss&mntrId=0E0506265EFB260B" CHR DefaultSearchURL: (Delta Search) - http://www1.delta-search.com/?q={searchTerms}&affID=119776&tt=gc_190513_215&babsrc=SP_ss&mntrId=0E0506265EFB260B CHR DefaultSuggestURL: (Delta Search) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR Plugin: (Shockwave Flash) - C:\Users\Owner\AppData\Local\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Users\Owner\AppData\Local\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Users\Owner\AppData\Local\Google\Chrome\Application\29.0.1547.66\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.) CHR Plugin: (Java(TM) Platform SE 6 U29) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.) CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) CHR Plugin: (Windows Live\u00AE Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Owner\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) CHR Plugin: (Google Update) - C:\Users\Owner\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File CHR Plugin: (Facebook Plugin) - C:\Users\Owner\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( ) CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll No File CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) CHR Plugin: (RealJukebox NS Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) CHR Plugin: (RealPlayer Version Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) CHR Extension: (SiteAdvisor) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.6.4.1311_0 CHR Extension: (wxDfast) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gejjhngmialkbkocgbhpjdlgogaceapd\1.0_0 CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0 CHR Extension: (Codec-V) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho\1.25.75_0 CHR Extension: (Torntv 2) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbmafkdmkkckhggblphicnnhlgljnoje\1.0_0 CHR Extension: (Yontoo) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.3_0 CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0 CHR HKLM-x32\...\Chrome\Extension: [eooncjejnppfjjklapaamhcdmjbilmde] - C:\Users\Owner\AppData\Roaming\BabSolution\CR\Delta.crx CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx CHR HKLM-x32\...\Chrome\Extension: [gejjhngmialkbkocgbhpjdlgogaceapd] - C:\ProgramData\wxDfast\gejjhngmialkbkocgbhpjdlgogaceapd.crx CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx CHR HKLM-x32\...\Chrome\Extension: [jpnbdefcbnoefmmcpelplabbkfmfhlho] - C:\ProgramData\CodecCheck\chrome\codec_check.crx CHR HKLM-x32\...\Chrome\Extension: [nbmafkdmkkckhggblphicnnhlgljnoje] - C:\Program Files (x86)\TornTV.com\torn2_10.crx CHR HKLM-x32\...\Chrome\Extension: [niapdbllcanepiiimjjndipklodoedlc] - C:\Program Files (x86)\Yontoo Layers Runtime\YontooLayers.crx CHR StartMenuInternet: Google Chrome - C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Services (Whitelisted) ================= S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) R2 ccEvtMgr; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [108392 2009-07-08] (Symantec Corporation) R2 ccSetMgr; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [108392 2009-07-08] (Symantec Corporation) R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) S3 LiveUpdate; C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE [3093880 2009-07-13] (Symantec Corporation) R2 lxci_device; C:\Windows\system32\lxcicoms.exe [566192 2007-02-01] ( ) R2 lxci_device; C:\Windows\SysWow64\lxcicoms.exe [537520 2007-02-01] ( ) R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178048 2013-08-06] (McAfee, Inc.) S2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1017016 2013-08-05] (McAfee, Inc.) R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-08-07] (McAfee, Inc.) R2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-08-07] (McAfee, Inc.) R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) S3 Roxio UPnP Renderer 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [313840 2009-06-26] (Sonic Solutions) S2 Roxio Upnp Server 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2009-06-26] (Sonic Solutions) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [189984 2009-07-23] (Realtek Semiconductor) S3 SampleCollector; C:\Program Files\Sony\VAIO Care\collsvc.exe [167424 2009-09-16] (Intel Corporation) R2 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe [3197256 2009-09-17] (Symantec Corporation) S4 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE [411976 2009-09-17] (Symantec Corporation) S3 SOHDBSvr; C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [70952 2009-07-27] (Sony Corporation) S3 SOHPlMgr; C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [91432 2009-07-27] (Sony Corporation) R2 Symantec AntiVirus; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2477304 2009-09-17] (Symantec Corporation) R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.) S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [69632 2009-07-23] (Sony Corporation) R2 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [642920 2009-07-22] (Sony Corporation) R3 Vcsw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [313264 2009-07-23] (Sony Corporation) R2 VzCdbSvc; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [206336 2009-07-23] (Sony Corporation) ==================== Drivers (Whitelisted) ==================== R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.) S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-08-07] (McAfee, Inc.) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-08] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-12-17] (Symantec Corporation) S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197264 2012-05-28] (McAfee, Inc.) R2 McPvDrv; C:\Windows\system32\drivers\McPvDrv.sys [74560 2013-09-09] (McAfee, Inc.) R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179664 2013-08-07] (McAfee, Inc.) R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [310224 2013-08-07] (McAfee, Inc.) R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [519064 2013-08-07] (McAfee, Inc.) R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [776168 2013-08-07] (McAfee, Inc.) R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [377040 2013-07-09] (McAfee, Inc.) S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [95984 2013-07-09] (McAfee, Inc.) R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [343568 2013-08-07] (McAfee, Inc.) R3 NAVENG; C:\ProgramData\Symantec\Definitions\VirusDefs\20130319.018\eng64.sys [126192 2013-02-14] (Symantec Corporation) R3 NAVEX15; C:\ProgramData\Symantec\Definitions\VirusDefs\20130319.018\ex64.sys [2087664 2013-02-14] (Symantec Corporation) R2 risdptsk; C:\Windows\system32\DRIVERS\risdsn64.sys [76288 2009-07-31] (REDC) R1 SRTSP; C:\Windows\System32\Drivers\SRTSP64.SYS [443952 2009-08-25] (Symantec Corporation) R1 SRTSP; C:\Windows\SysWow64\Drivers\SRTSP64.SYS [443952 2009-08-25] (Symantec Corporation) S3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL64.SYS [481840 2009-08-25] (Symantec Corporation) S3 SRTSPL; C:\Windows\SysWow64\Drivers\SRTSPL64.SYS [481840 2009-08-25] (Symantec Corporation) R1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX64.SYS [32304 2009-08-25] (Symantec Corporation) R1 SRTSPX; C:\Windows\SysWow64\Drivers\SRTSPX64.SYS [32304 2009-08-25] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [172592 2012-06-13] (Symantec Corporation) R3 Teefer2; C:\Windows\System32\DRIVERS\teefer2.sys [62512 2009-05-27] (Symantec Corporation) S0 TfFsMon; No ImagePath S0 TFSysMon; No ImagePath R1 WPS; C:\Windows\system32\drivers\wpsdrvnt.sys [52784 2009-09-17] (Symantec Corporation) R3 WpsHelper; C:\Windows\system32\drivers\WpsHelper.sys [233120 2012-10-05] (Symantec Corporation) S1 A2DDA; \??\C:\Users\Owner\Downloads\EmsisoftEmergencyKit\Run\a2ddax64.sys [x] S3 TfNetMon; \??\C:\Windows\system32\drivers\TfNetMon.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-12-03 16:59 - 2013-12-04 16:14 - 00000000 ____D C:\Users\Owner\AppData\Local\azNMZr5Em 2013-12-03 09:04 - 2013-12-03 09:04 - 00300544 _____ C:\ProgramData\lRocxhKe56g 2013-12-02 15:14 - 2013-12-02 15:14 - 00300544 _____ C:\ProgramData\mB12fY5Y 2013-12-02 11:33 - 2013-12-04 16:13 - 00000000 ____D C:\FRST 2013-12-02 11:33 - 2013-12-03 13:53 - 00000000 ____D C:\Users\Owner\Desktop\Quarantine 2013-11-29 23:37 - 2013-11-29 23:36 - 00300544 _____ C:\ProgramData\IBmKcIAW 2013-11-29 23:32 - 2013-11-29 23:32 - 00000000 __SHD C:\found.002 2013-11-29 23:28 - 2013-11-29 23:28 - 17226632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2013-11-29 23:28 - 2013-11-29 23:27 - 00300544 _____ C:\ProgramData\HL704fsmTx 2013-11-29 18:24 - 2013-11-29 18:24 - 00300544 _____ C:\ProgramData\g0NOzZAXdWP 2013-11-28 23:06 - 2013-11-28 23:06 - 00300544 _____ C:\ProgramData\zuqstZys 2013-11-28 22:58 - 2013-11-28 22:58 - 00300544 _____ C:\ProgramData\Pz0no2Izf 2013-11-28 22:54 - 2013-11-28 22:54 - 00299520 _____ C:\ProgramData\xtY8QRL8 2013-11-26 16:33 - 2013-11-26 16:33 - 00000000 ____D C:\Users\Owner\AppData\Local\avgchrome 2013-11-26 16:00 - 2013-11-26 16:00 - 00003288 ____N C:\bootsqm.dat 2013-11-26 15:59 - 2013-11-26 15:59 - 00000000 __SHD C:\found.001 2013-11-23 09:28 - 2013-11-23 09:28 - 00000000 ____D C:\Users\Owner\AppData\Local\DDMSettings 2013-11-23 09:24 - 2013-11-23 09:24 - 00000000 _____ C:\END ==================== One Month Modified Files and Folders ======= 2013-12-04 16:14 - 2013-12-03 16:59 - 00000000 ____D C:\Users\Owner\AppData\Local\azNMZr5Em 2013-12-04 16:13 - 2013-12-02 11:33 - 00000000 ____D C:\FRST 2013-12-04 16:13 - 2013-01-20 14:48 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-12-04 16:13 - 2012-04-08 20:15 - 00000928 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1852901859-1596894870-3629313328-1000UA.job 2013-12-04 16:13 - 2012-03-31 10:28 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1852901859-1596894870-3629313328-1000UA.job 2013-12-04 16:13 - 2009-11-29 14:56 - 00031532 _____ C:\test.xml 2013-12-04 16:13 - 2009-10-14 22:30 - 01801488 _____ C:\Windows\WindowsUpdate.log 2013-12-03 17:08 - 2009-07-13 20:45 - 00014144 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-12-03 17:08 - 2009-07-13 20:45 - 00014144 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-12-03 17:07 - 2009-07-13 21:13 - 00005348 _____ C:\Windows\system32\PerfStringBackup.INI 2013-12-03 17:03 - 2013-10-02 18:51 - 00001844 _____ C:\Users\Public\Desktop\McAfee Total Protection.lnk 2013-12-03 17:02 - 2013-10-02 18:50 - 00000000 __RSD C:\Users\Owner\Documents\McAfee Vaults 2013-12-03 17:00 - 2013-09-25 16:02 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Spotify 2013-12-03 16:58 - 2013-01-27 22:12 - 00000362 ____H C:\Windows\Tasks\ZoomExUpdaterTask{F1DD2CB4-2ED9-4508-A1BD-EE123798A1FD}.job 2013-12-03 16:58 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-12-03 16:57 - 2013-03-20 13:49 - 00013832 _____ C:\Windows\setupact.log 2013-12-03 15:57 - 2011-02-15 17:40 - 00000000 ____D C:\ProgramData\McAfee 2013-12-03 13:53 - 2013-12-02 11:33 - 00000000 ____D C:\Users\Owner\Desktop\Quarantine 2013-12-03 09:04 - 2013-12-03 09:04 - 00300544 _____ C:\ProgramData\lRocxhKe56g 2013-12-03 06:01 - 2013-10-02 17:00 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton 2013-12-03 06:01 - 2009-09-03 01:28 - 00000000 ____D C:\ProgramData\Norton 2013-12-02 15:14 - 2013-12-02 15:14 - 00300544 _____ C:\ProgramData\mB12fY5Y 2013-12-02 11:33 - 2012-06-19 13:18 - 00000000 ____D C:\Users\Guest Access 2013-12-02 11:33 - 2010-01-31 09:26 - 00000000 ____D C:\Users\Guest 2013-12-02 11:33 - 2009-11-12 20:15 - 00000000 ____D C:\Users\Owner 2013-11-30 00:53 - 2013-03-11 14:00 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FrostWire 5 2013-11-30 00:53 - 2013-01-31 13:04 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-11-30 00:53 - 2013-01-31 13:04 - 00000000 ____D C:\Program Files\iTunes 2013-11-30 00:53 - 2013-01-31 13:00 - 00000000 ____D C:\Program Files (x86)\QuickTime 2013-11-30 00:53 - 2013-01-27 22:12 - 00000000 ____D C:\ProgramData\Zoomex 2013-11-30 00:53 - 2012-06-30 11:21 - 00000000 ____D C:\Program Files (x86)\wxDownload Fast 2013-11-30 00:53 - 2012-06-19 13:18 - 00000000 ___RD C:\Users\Guest Access\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-11-30 00:53 - 2012-06-19 13:18 - 00000000 ___RD C:\Users\Guest Access\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2013-11-30 00:53 - 2012-06-19 13:18 - 00000000 ___RD C:\Users\Guest Access\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2013-11-30 00:53 - 2012-06-19 13:18 - 00000000 ___RD C:\Users\Guest Access\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2013-11-30 00:53 - 2012-06-13 23:22 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared 2013-11-30 00:53 - 2012-03-31 10:28 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome 2013-11-30 00:53 - 2012-01-20 23:16 - 00000000 ____D C:\Users\Owner\AppData\Roaming\BitTorrent 2013-11-30 00:53 - 2011-12-29 12:07 - 00000000 ____D C:\Program Files (x86)\Xvid 2013-11-30 00:53 - 2011-12-29 11:53 - 00000000 ____D C:\Program Files (x86)\Object 2013-11-30 00:53 - 2011-12-27 20:35 - 00000000 ____D C:\ProgramData\MFAData 2013-11-30 00:53 - 2011-12-27 19:22 - 00000000 ____D C:\ProgramData\WRData 2013-11-30 00:53 - 2011-12-27 18:39 - 00000000 ____D C:\ProgramData\F5 Networks 2013-11-30 00:53 - 2011-11-19 13:34 - 00000000 ____D C:\Program Files\Bonjour 2013-11-30 00:53 - 2011-03-10 12:50 - 00000000 ____D C:\Program Files (x86)\PCiPod 2013-11-30 00:53 - 2011-03-09 20:21 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Audacity 2013-11-30 00:53 - 2011-03-09 18:57 - 00000000 ____D C:\Users\Owner\AppData\Roaming\FreeAudioPack 2013-11-30 00:53 - 2010-10-27 18:26 - 00000000 ____D C:\Program Files (x86)\Shareaza 2013-11-30 00:53 - 2010-10-27 18:14 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Azureus 2013-11-30 00:53 - 2010-10-16 13:14 - 00000000 ____D C:\Program Files\Lx_cats 2013-11-30 00:53 - 2010-10-16 13:13 - 00000000 ____D C:\Program Files\Lexmark 7300 Series 2013-11-30 00:53 - 2010-10-16 13:13 - 00000000 ____D C:\Program Files (x86)\Lexmark 7300 Series 2013-11-30 00:53 - 2010-08-21 19:00 - 00000000 ____D C:\Program Files (x86)\iTunes 2013-11-30 00:53 - 2010-08-03 12:50 - 00000000 ____D C:\Program Files (x86)\Virtual Earth 3D 2013-11-30 00:53 - 2010-06-21 00:13 - 00000000 ____D C:\Program Files (x86)\Quicken 2013-11-30 00:53 - 2010-03-29 12:05 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Facebook 2013-11-30 00:53 - 2010-01-31 09:26 - 00000000 ___RD C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-11-30 00:53 - 2010-01-31 09:26 - 00000000 ___RD C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2013-11-30 00:53 - 2010-01-31 09:26 - 00000000 ___RD C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2013-11-30 00:53 - 2010-01-31 09:26 - 00000000 ___RD C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2013-11-30 00:53 - 2010-01-20 18:39 - 00000000 ____D C:\Users\Owner\Documents\Cucusoft 2013-11-30 00:53 - 2009-11-29 20:18 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Skype 2013-11-30 00:53 - 2009-11-29 20:17 - 00000000 ___RD C:\Program Files (x86)\Skype 2013-11-30 00:53 - 2009-11-14 07:16 - 00000000 ___RD C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-11-30 00:53 - 2009-11-14 07:16 - 00000000 ___RD C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2013-11-30 00:53 - 2009-11-12 20:15 - 00000000 ___RD C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2013-11-30 00:53 - 2009-11-12 20:15 - 00000000 ___RD C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2013-11-30 00:53 - 2009-09-03 01:25 - 00000000 ____D C:\Program Files\SPHE BD-Live 2013-11-30 00:53 - 2009-09-03 01:21 - 00000000 ____D C:\Program Files (x86)\Windows Live SkyDrive 2013-11-30 00:53 - 2009-09-03 01:01 - 00000000 ___HD C:\SPLASH.SYS 2013-11-30 00:53 - 2009-09-03 00:41 - 00000000 ____D C:\Program Files\PlayReady 2013-11-30 00:53 - 2009-09-03 00:38 - 00000000 ____D C:\Program Files (x86)\Microsoft Office Suite Activation Assistant 2013-11-30 00:53 - 2009-09-03 00:37 - 00000000 ___RD C:\Users\Owner\Desktop\Microsoft Office 2013-11-30 00:53 - 2009-09-03 00:31 - 00000000 ____D C:\Program Files (x86)\Microsoft Works 2013-11-30 00:53 - 2009-08-18 15:40 - 00000000 ____D C:\Program Files\Apoint 2013-11-30 00:53 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Sidebar 2013-11-30 00:53 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar 2013-11-30 00:53 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\MSBuild 2013-11-30 00:53 - 2009-07-13 19:20 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2013-11-30 00:53 - 2009-07-13 19:20 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2013-11-30 00:53 - 2009-07-13 19:20 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2013-11-30 00:53 - 2009-07-13 19:20 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2013-11-30 00:52 - 2013-10-02 18:50 - 00000000 ____D C:\Program Files (x86)\McAfee.com 2013-11-30 00:52 - 2013-10-02 18:50 - 00000000 ____D C:\Program Files (x86)\McAfee 2013-11-30 00:52 - 2013-10-02 18:42 - 00000000 ____D C:\Program Files\Common Files\McAfee 2013-11-30 00:52 - 2013-10-02 18:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-11-30 00:52 - 2013-05-20 15:06 - 00000000 ____D C:\Program Files (x86)\Delta 2013-11-30 00:52 - 2013-05-20 15:05 - 00000000 ____D C:\Program Files (x86)\TornTV.com 2013-11-30 00:52 - 2013-03-17 15:05 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2013-11-30 00:52 - 2013-01-27 22:12 - 00000000 ____D C:\Program Files (x86)\ZoomEx 2013-11-30 00:52 - 2012-06-30 14:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-11-30 00:52 - 2012-06-28 08:15 - 00000000 ____D C:\Program Files (x86)\FrostWire 5 2013-11-30 00:52 - 2012-06-15 16:21 - 00000000 ____D C:\Program Files (x86)\Free M4a to MP3 Converter 2013-11-30 00:52 - 2011-12-29 11:53 - 00000000 ____D C:\Program Files (x86)\Yontoo Layers Runtime 2013-11-30 00:52 - 2011-11-19 13:34 - 00000000 ____D C:\Program Files (x86)\Bonjour 2013-11-30 00:52 - 2011-11-06 19:54 - 00000000 ____D C:\Program Files (x86)\eMusic Download Manager 2013-11-30 00:52 - 2011-10-01 14:49 - 00000000 ____D C:\Program Files\DivX 2013-11-30 00:52 - 2011-10-01 14:46 - 00000000 ____D C:\Program Files (x86)\Graboid 2013-11-30 00:52 - 2011-09-08 18:15 - 00000000 ____D C:\Program Files (x86)\Apple Software Update 2013-11-30 00:52 - 2011-03-12 17:52 - 00000000 ____D C:\Program Files (x86)\DivX 2013-11-30 00:52 - 2010-10-27 17:27 - 00000000 ____D C:\Program Files (x86)\FrostWire 2013-11-30 00:52 - 2009-11-29 14:57 - 00000000 ____D C:\Netgear 2013-11-30 00:52 - 2009-09-03 00:39 - 00000000 ____D C:\Nobu_Icon 2013-11-30 00:51 - 2013-10-02 18:50 - 00000000 ____D C:\Program Files\McAfee 2013-11-30 00:51 - 2013-09-20 13:54 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard 2013-11-30 00:51 - 2013-07-13 22:07 - 00000000 ____D C:\Users\Owner\AppData\Roaming\File Scout 2013-11-30 00:51 - 2013-05-20 15:05 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com 2013-11-30 00:51 - 2013-03-27 19:20 - 00000000 ____D C:\Users\Owner\Desktop\EmsisoftEmergencyKit 2013-11-30 00:51 - 2013-03-17 15:05 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-11-30 00:51 - 2012-06-30 11:20 - 00000000 ____D C:\ProgramData\wxDfast 2013-11-30 00:51 - 2012-06-27 17:56 - 00000000 ____D C:\Users\Owner\AppData\Roaming\vlc 2013-11-30 00:51 - 2011-09-10 11:43 - 00000000 ____D C:\Users\Owner\.frostwire5 2013-11-30 00:51 - 2011-04-26 17:46 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon 2013-11-30 00:51 - 2011-03-12 18:03 - 00000000 ____D C:\ProgramData\DivX 2013-11-30 00:51 - 2011-03-09 19:19 - 00000000 ____D C:\ProgramData\Real 2013-11-30 00:51 - 2009-09-03 00:36 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-11-30 00:51 - 2009-08-18 17:46 - 00000000 ____D C:\ProgramData\Sony Corporation 2013-11-30 00:50 - 2013-10-02 17:00 - 00000000 ____D C:\Users\Public\Downloads\Norton 2013-11-30 00:50 - 2010-02-18 13:07 - 00000000 ____D C:\Users\Owner\ZipForm 2013-11-30 00:50 - 2009-08-19 10:30 - 00000000 ___RD C:\Users\Public\Recorded TV 2013-11-30 00:50 - 2009-08-19 10:30 - 00000000 ____D C:\Windows\ShellNew 2013-11-30 00:50 - 2009-08-18 15:13 - 00000000 ____D C:\Windows\InstDrvs 2013-11-30 00:50 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\Offline Web Pages 2013-11-30 00:50 - 2009-07-13 19:20 - 00000000 __RSD C:\Windows\Media 2013-11-30 00:50 - 2009-07-13 19:20 - 00000000 __RHD C:\Users\Public\Libraries 2013-11-30 00:50 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Help 2013-11-30 00:49 - 2012-02-27 12:03 - 00000000 ____D C:\Windows\SysWOW64\Drivers\AVG 2013-11-30 00:49 - 2011-12-27 20:40 - 00000000 ____D C:\Windows\system32\Drivers\AVG 2013-11-30 00:49 - 2011-12-27 19:35 - 00000000 ____D C:\Windows\system32\SPReview 2013-11-30 00:49 - 2011-12-27 19:34 - 00000000 ____D C:\Windows\system32\EventProviders 2013-11-30 00:49 - 2010-01-30 12:06 - 00000000 ____D C:\Windows\system32\TVUAx 2013-11-30 00:49 - 2010-01-30 12:05 - 00000000 ____D C:\Windows\SysWOW64\TVUAx 2013-11-30 00:49 - 2009-09-03 01:15 - 00000000 ____D C:\Windows\System32\Tasks\SONY 2013-11-30 00:49 - 2009-09-03 00:53 - 00000000 ____D C:\Windows\{AEC0FEE6-3A76-44E1-97A2-5DA325DFC41C} 2013-11-30 00:49 - 2009-09-03 00:25 - 00000000 ____D C:\Windows\SysWOW64\Macromed 2013-11-30 00:49 - 2009-08-18 15:37 - 00000000 ____D C:\Windows\SysWOW64\SDA 2013-11-30 00:49 - 2009-08-18 15:19 - 00000000 ____D C:\Windows\SysWOW64\RTCOM 2013-11-30 00:49 - 2009-08-18 15:18 - 00000000 ____D C:\Windows\SysWOW64\x64 2013-11-30 00:49 - 2009-07-13 19:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy 2013-11-30 00:49 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\TAPI 2013-11-30 00:49 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\Recovery 2013-11-30 00:49 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\oobe 2013-11-30 00:49 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system32\sysprep 2013-11-30 00:49 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system32\NDF 2013-11-30 00:49 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system32\Msdtc 2013-11-30 00:49 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system 2013-11-29 23:36 - 2013-11-29 23:37 - 00300544 _____ C:\ProgramData\IBmKcIAW 2013-11-29 23:32 - 2013-11-29 23:32 - 00000000 __SHD C:\found.002 2013-11-29 23:28 - 2013-11-29 23:28 - 17226632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2013-11-29 23:28 - 2011-09-06 17:53 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-11-29 23:27 - 2013-11-29 23:28 - 00300544 _____ C:\ProgramData\HL704fsmTx 2013-11-29 18:53 - 2013-09-20 13:54 - 00003420 _____ C:\Windows\System32\Tasks\BitGuard 2013-11-29 18:24 - 2013-11-29 18:24 - 00300544 _____ C:\ProgramData\g0NOzZAXdWP 2013-11-28 23:10 - 2013-03-20 13:48 - 00116916 _____ C:\Windows\PFRO.log 2013-11-28 23:06 - 2013-11-28 23:06 - 00300544 _____ C:\ProgramData\zuqstZys 2013-11-28 22:58 - 2013-11-28 22:58 - 00300544 _____ C:\ProgramData\Pz0no2Izf 2013-11-28 22:54 - 2013-11-28 22:54 - 00299520 _____ C:\ProgramData\xtY8QRL8 2013-11-26 16:41 - 2013-09-25 16:03 - 00000000 ____D C:\Users\Owner\AppData\Local\Spotify 2013-11-26 16:33 - 2013-11-26 16:33 - 00000000 ____D C:\Users\Owner\AppData\Local\avgchrome 2013-11-26 16:33 - 2013-10-02 17:00 - 00001295 _____ C:\Users\Owner\Desktop\Norton Installation Files.lnk 2013-11-26 16:06 - 2009-11-12 20:16 - 00118312 _____ C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT 2013-11-26 16:00 - 2013-11-26 16:00 - 00003288 ____N C:\bootsqm.dat 2013-11-26 15:59 - 2013-11-26 15:59 - 00000000 __SHD C:\found.001 2013-11-24 18:35 - 2009-07-13 20:45 - 00456640 _____ C:\Windows\system32\FNTCACHE.DAT 2013-11-23 09:28 - 2013-11-23 09:28 - 00000000 ____D C:\Users\Owner\AppData\Local\DDMSettings 2013-11-23 09:24 - 2013-11-23 09:24 - 00000000 _____ C:\END ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-03-10 23:36 ==================== End Of Log ============================ [/QUOTE]
Insert quotes…
Verification
Post reply
Top
