[Solved] Adware on Win8

jimmyedwards · June 30, 2014

I just did a MBAM scan and here are the results, if I can figure out how to send it as a attachment.

MBAM 6-30-2014.txt

KenB · July 1, 2014

I will post the log for you - it is easier for our security guys :)

==============================

Malwarebytes Anti-Malware

www.malwarebytes.org

Scan Date: 6/30/2014

Scan Time: 6:18:27 PM

Logfile: MBAM 6-30-2014.txt

Administrator: Yes

Version: 2.00.2.1012

Malware Database: v2014.06.30.10

Rootkit Database: v2014.06.30.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled

OS: Windows 8

CPU: x64

File System: NTFS

User: Ray

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 313662

Time Elapsed: 7 min, 47 sec

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Warn

PUM: Enabled

Processes: 0

(No malicious items detected)

Modules: 0

(No malicious items detected)

Registry Keys: 44

PUP.Optional.Freecorder.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{B15BBE59-42F5-4206-B3F0-BE98F5DC4B93}, , [475b621c08730d29e8f96cddfc061fe1],

PUP.Optional.Freecorder.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{C9B4F046-2A8C-46BD-B1A1-CF0EAE5EA521}, , [475b621c08730d29e8f96cddfc061fe1],

PUP.Optional.Freecorder.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{D7A5AD8C-E276-4EC1-A1C7-39F6C969DD92}, , [475b621c08730d29e8f96cddfc061fe1],

PUP.Optional.Freecorder.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{D7A5AD8C-E276-4EC1-A1C7-39F6C969DD92}, , [475b621c08730d29e8f96cddfc061fe1],

PUP.Optional.Freecorder.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{B15BBE59-42F5-4206-B3F0-BE98F5DC4B93}, , [475b621c08730d29e8f96cddfc061fe1],

PUP.Optional.Freecorder.A, HKU\S-1-5-21-2801032338-2342425128-3870613798-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{B15BBE59-42F5-4206-B3F0-BE98F5DC4B93}, , [475b621c08730d29e8f96cddfc061fe1],

PUP.Optional.Freecorder.A, HKU\S-1-5-21-2801032338-2342425128-3870613798-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{B15BBE59-42F5-4206-B3F0-BE98F5DC4B93}, , [475b621c08730d29e8f96cddfc061fe1],

PUP.Optional.Freecorder.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{93B6FCF3-8A88-49A9-B6BF-9BBDAFBA5229}, , [465c80fe8af14beb205b198c9f63bb45],

PUP.Optional.Freecorder.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{045F91B3-695F-423A-98C7-8DE3C47AA020}, , [465c80fe8af14beb205b198c9f63bb45],

PUP.Optional.Freecorder.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{1348BD1B-C32A-41A7-9BD4-5377AA1AB925}, , [465c80fe8af14beb205b198c9f63bb45],

PUP.Optional.Freecorder.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{395AFE6E-8308-48DB-89BE-ED5F4AA3D3EC}, , [465c80fe8af14beb205b198c9f63bb45],

PUP.Optional.Freecorder.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}, , [465c80fe8af14beb205b198c9f63bb45],

PUP.Optional.Freecorder.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{43B390F0-6BA2-45CA-ABF2-5DB0CEE9B49D}, , [465c80fe8af14beb205b198c9f63bb45],

PUP.Optional.Freecorder.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{94CADA2E-1D3F-419F-8A3D-06C58EDF53C8}, , [465c80fe8af14beb205b198c9f63bb45],

PUP.Optional.Freecorder.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{9E52EB8B-8DD9-4605-AD36-D352BCD482F2}, , [465c80fe8af14beb205b198c9f63bb45],

PUP.Optional.Freecorder.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{A1440EC3-F0FA-407A-B811-DE6668C06D29}, , [465c80fe8af14beb205b198c9f63bb45],

PUP.Optional.Freecorder.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B9A84AD0-5777-46FD-8B8F-1EBD06750FBC}, , [465c80fe8af14beb205b198c9f63bb45],

PUP.Optional.Freecorder.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{BBBE01ED-0F1E-44DB-88C1-5CC1AEE3B462}, , [465c80fe8af14beb205b198c9f63bb45],

PUP.Optional.Freecorder.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{C1995F88-1C7F-40D7-B0FA-6F107F6308B8}, , [465c80fe8af14beb205b198c9f63bb45],

PUP.Optional.Freecorder.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{C815E3DA-0823-49B0-9270-D1771D58B317}, , [465c80fe8af14beb205b198c9f63bb45],

PUP.Optional.Freecorder.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E4A994B0-5550-4680-A4C6-B9470B888069}, , [465c80fe8af14beb205b198c9f63bb45],

PUP.Optional.Freecorder.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{EE95078D-518C-4FD2-8093-FD1D4E33D3CA}, , [465c80fe8af14beb205b198c9f63bb45],

PUP.Optional.Freecorder.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{F9EB11AB-9384-4736-9B33-993940F88895}, , [465c80fe8af14beb205b198c9f63bb45],

PUP.Optional.Freecorder.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{045F91B3-695F-423A-98C7-8DE3C47AA020}, , [465c80fe8af14beb205b198c9f63bb45],

PUP.Optional.Freecorder.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{1348BD1B-C32A-41A7-9BD4-5377AA1AB925}, , [465c80fe8af14beb205b198c9f63bb45],

PUP.Optional.Freecorder.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{395AFE6E-8308-48DB-89BE-ED5F4AA3D3EC}, , [465c80fe8af14beb205b198c9f63bb45],

PUP.Optional.Freecorder.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}, , [465c80fe8af14beb205b198c9f63bb45],

PUP.Optional.Freecorder.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{43B390F0-6BA2-45CA-ABF2-5DB0CEE9B49D}, , [465c80fe8af14beb205b198c9f63bb45],

PUP.Optional.Freecorder.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{94CADA2E-1D3F-419F-8A3D-06C58EDF53C8}, , [465c80fe8af14beb205b198c9f63bb45],

PUP.Optional.Freecorder.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{9E52EB8B-8DD9-4605-AD36-D352BCD482F2}, , [465c80fe8af14beb205b198c9f63bb45],

PUP.Optional.Freecorder.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{A1440EC3-F0FA-407A-B811-DE6668C06D29}, , [465c80fe8af14beb205b198c9f63bb45],

PUP.Optional.Freecorder.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B9A84AD0-5777-46FD-8B8F-1EBD06750FBC}, , [465c80fe8af14beb205b198c9f63bb45],

PUP.Optional.Freecorder.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{BBBE01ED-0F1E-44DB-88C1-5CC1AEE3B462}, , [465c80fe8af14beb205b198c9f63bb45],

PUP.Optional.Freecorder.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{C1995F88-1C7F-40D7-B0FA-6F107F6308B8}, , [465c80fe8af14beb205b198c9f63bb45],

PUP.Optional.Freecorder.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{C815E3DA-0823-49B0-9270-D1771D58B317}, , [465c80fe8af14beb205b198c9f63bb45],

PUP.Optional.Freecorder.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E4A994B0-5550-4680-A4C6-B9470B888069}, , [465c80fe8af14beb205b198c9f63bb45],

PUP.Optional.Freecorder.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{EE95078D-518C-4FD2-8093-FD1D4E33D3CA}, , [465c80fe8af14beb205b198c9f63bb45],

PUP.Optional.Freecorder.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{F9EB11AB-9384-4736-9B33-993940F88895}, , [465c80fe8af14beb205b198c9f63bb45],

PUP.Optional.Freecorder.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{93B6FCF3-8A88-49A9-B6BF-9BBDAFBA5229}, , [465c80fe8af14beb205b198c9f63bb45],

PUP.Optional.Freecorder.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{E1F9C9F5-F9AB-486B-B68B-5B2E1BA5C90B}, , [465c80fe8af14beb205b198c9f63bb45],

PUP.Optional.Freecorder.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{E1F9C9F5-F9AB-486B-B68B-5B2E1BA5C90B}, , [465c80fe8af14beb205b198c9f63bb45],

PUP.Optional.Freecorder.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{6C65F1F0-8088-414B-828C-813207ADE75A}, , [465c80fe8af14beb205b198c9f63bb45],

PUP.Optional.Freecorder.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{31CA2193-C364-44A3-8D41-847FAB1975DF}, , [465c80fe8af14beb205b198c9f63bb45],

PUP.Optional.Freecorder.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{31CA2193-C364-44A3-8D41-847FAB1975DF}, , [465c80fe8af14beb205b198c9f63bb45],

Registry Values: 0

(No malicious items detected)

Registry Data: 0

(No malicious items detected)

Folders: 3

PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension, , [465c80fe8af14beb205b198c9f63bb45],

PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\img, , [465c80fe8af14beb205b198c9f63bb45],

PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\js, , [465c80fe8af14beb205b198c9f63bb45],

Files: 26

PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\ScriptHost.dll, , [475b621c08730d29e8f96cddfc061fe1],

PUP.Optional.Besttoolbars, C:\Users\Ray\AppData\Local\Temp\_ir_sf_temp_0\freecorder.ie.exe, , [356d235b0873f04650a62a654db4fc04],

PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\config.xml, , [465c80fe8af14beb205b198c9f63bb45],

PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\AddonsFramework.Typelib.dll, , [465c80fe8af14beb205b198c9f63bb45],

PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\AddonsFramework.Typelib64.dll, , [465c80fe8af14beb205b198c9f63bb45],

PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\background.html, , [465c80fe8af14beb205b198c9f63bb45],

PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\BackgroundHost.exe, , [465c80fe8af14beb205b198c9f63bb45],

PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\BackgroundHost64.exe, , [465c80fe8af14beb205b198c9f63bb45],

PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\ButtonSite.dll, , [465c80fe8af14beb205b198c9f63bb45],

PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\ButtonSite64.dll, , [465c80fe8af14beb205b198c9f63bb45],

PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\icon.ico, , [465c80fe8af14beb205b198c9f63bb45],

PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\jquery-1.9.1.min.js, , [465c80fe8af14beb205b198c9f63bb45],

PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\json2.min.js, , [465c80fe8af14beb205b198c9f63bb45],

PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\options.htm, , [465c80fe8af14beb205b198c9f63bb45],

PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\RegistryHelper.dll, , [465c80fe8af14beb205b198c9f63bb45],

PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\RegistryHelper64.dll, , [465c80fe8af14beb205b198c9f63bb45],

PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\ScriptHost64.dll, , [465c80fe8af14beb205b198c9f63bb45],

PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\updater.js, , [465c80fe8af14beb205b198c9f63bb45],

PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\updaterWrapper.js, , [465c80fe8af14beb205b198c9f63bb45],

PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\img\fc7_toolbar_icon-128.png, , [465c80fe8af14beb205b198c9f63bb45],

PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\img\fc7_toolbar_icon-16.png, , [465c80fe8af14beb205b198c9f63bb45],

PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\img\fc7_toolbar_icon-18.png, , [465c80fe8af14beb205b198c9f63bb45],

PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\img\fc7_toolbar_icon-48.png, , [465c80fe8af14beb205b198c9f63bb45],

PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\js\bg.js, , [465c80fe8af14beb205b198c9f63bb45],

PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\js\content.js, , [465c80fe8af14beb205b198c9f63bb45],

PUP.Optional.GreatArcadeHits.A, C:\Users\Ray\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "homepage_url": "http://www.greatarcadehits.com",), ,[e3bfb0ce82f943f367009329e1238e72]

Physical Sectors: 0

(No malicious items detected)

(end)

jimmyedwards · July 1, 2014

Thanks for posting it for me, I don't why freecorder is showing I don't have it on my computer. It was on here but I deleted it with Revo uninstaller.

Starbuck · July 1, 2014

I'd recommend running some Adware cleaners to make sure there's nothing else.

Step 1

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator.
Click on the Scan button.
AdwCleaner will begin to scan your computer.
After the scan has finished...
Click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
Copy and paste the contents of that logfile in your next reply.
A copy of that logfile will also be saved in the C:\AdwCleaner folder.

jimmyedwards · July 2, 2014

Here is the jrt scan I will restart and do the awdcleaner next

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.4 (04.06.2014:1)

OS: Windows 8 x64

Ran by Ray on Wed 07/02/2014 at 9:39:51.90

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin.1

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{DCA1528D-A3C0-4A9F-AA6E-DCE643F91495}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installedbrowserextensions

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\zugo

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110411901174}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip"

~~~ Files

Successfully deleted: [File] "C:\end"

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader"

Successfully deleted: [Folder] "C:\Users\Ray\AppData\Roaming\search protection"

Successfully deleted: [Folder] "C:\Users\Ray\appdata\locallow\iac"

Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader"

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Wed 07/02/2014 at 9:43:16.55

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

JRT.txt

jimmyedwards · July 2, 2014

I ran the adwcleaner and now I cant get on internet explorer I am using chrome right now. When I try to open anything on IE I get the message IE has stopped a problem caused the program to stop working correctly.windows will close the program and notify you if a solution is available . Here is adwcleaner log

# AdwCleaner v3.214 - Report created 02/07/2014 at 10:04:04

# Updated 29/06/2014 by Xplode

# Operating System : Windows 8 (64 bits)

# Username : Ray - JIMMY

# Running from : C:\Users\Ray\Desktop\AdwCleaner.exe

# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\GreenTree Applications

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{42D79B50-CC4A-4A8E-860F-BE674AF053A2}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{42D79B50-CC4A-4A8E-860F-BE674AF053A2}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{42D79B50-CC4A-4A8E-860F-BE674AF053A2}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{42D79B50-CC4A-4A8E-860F-BE674AF053A2}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFB904C4-C255-4540-B97E-A75A34F1FFB0}

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

Key Deleted : HKCU\Software\Ask&Record

Key Deleted : HKCU\Software\ClickConnect

Key Deleted : HKCU\Software\WEDLMNGR

Key Deleted : HKLM\Software\PIP

Key Deleted : [x64] HKLM\SOFTWARE\Conduit

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16921

-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\98hj6l78.default\prefs.js ]

-\\ Google Chrome v35.0.1916.153

[ File : C:\Users\Ray\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [2243 octets] - [02/07/2014 10:01:01]

AdwCleaner[s0].txt - [2058 octets] - [02/07/2014 10:04:04]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2118 octets] ##########

jimmyedwards · July 2, 2014

Heres another adw log

# AdwCleaner v3.214 - Report created 02/07/2014 at 10:01:01

# Updated 29/06/2014 by Xplode

# Operating System : Windows 8 (64 bits)

# Username : Ray - JIMMY

# Running from : C:\Users\Ray\Desktop\AdwCleaner.exe

# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Found : C:\Program Files (x86)\GreenTree Applications

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\Ask&Record

Key Found : HKCU\Software\ClickConnect

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{42D79B50-CC4A-4A8E-860F-BE674AF053A2}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{42D79B50-CC4A-4A8E-860F-BE674AF053A2}

Key Found : HKCU\Software\WEDLMNGR

Key Found : [x64] HKCU\Software\Ask&Record

Key Found : [x64] HKCU\Software\ClickConnect

Key Found : [x64] HKCU\Software\WEDLMNGR

Key Found : HKLM\SOFTWARE\Classes\CLSID\{42D79B50-CC4A-4A8E-860F-BE674AF053A2}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFB904C4-C255-4540-B97E-A75A34F1FFB0}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{42D79B50-CC4A-4A8E-860F-BE674AF053A2}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Found : HKLM\Software\PIP

Key Found : [x64] HKLM\SOFTWARE\Conduit

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16921

-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\98hj6l78.default\prefs.js ]

-\\ Google Chrome v35.0.1916.153

[ File : C:\Users\Ray\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [2087 octets] - [02/07/2014 10:01:01]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2147 octets] ##########

Starbuck · July 2, 2014

Hi Jimmy

I ran the adwcleaner and now I cant get on internet explorer I am using chrome right now

We may need to clean up a few other things, so we'll look into the Internet Explorer problem at the same time.

Using Chrome is fine.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to your Desktop.

Double-click the downloaded icon to run the tool. Vista/Windows 7/8 users right-click and select Run As Administrator

http://img.photobucket.com/albums/v708/starbuck50/frsticon_zpsdc3cbdc3.png
When the tool opens click Yes to disclaimer.

http://img.photobucket.com/albums/v708/starbuck50/frstdis_zps7f598f12.png
Make sure that Addition.txt is selected at the bottom
Press Scan button.

http://img.photobucket.com/albums/v708/starbuck50/newfrst_zpsa63ffa3d.png
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply also.

.

Note:

As you are running Win8, the Windows Smart Screen may throw up this warning when trying to run FRST:

http://img.photobucket.com/albums/v708/starbuck50/winmes_zps057aa5b0.png

The program is perfectly ok.

Just click on More Info.

On the next screen click on Run anyway.

http://img.photobucket.com/albums/v708/starbuck50/winmes1_zpsee6b4776.png

Please post both reports from FRST in your next reply.

Thanks

jimmyedwards · July 2, 2014

Here are the results of FRST

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-07-2014

Ran by Ray (administrator) on JIMMY on 02-07-2014 13:24:43

Running from C:\Users\Ray\Desktop

Platform: Windows 8 (X64) OS Language: English (United States)

Internet Explorer Version 10

Boot Mode: Normal

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe

(Microsoft Corporation) C:\Windows\System32\dasHost.exe

(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe

() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe

(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe

(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe

(Amazon.com) C:\Users\Ray\Desktop\My Documents\Downloads from Google ETC\ADVWindowsClientService.exe

(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe

(johnsadventures.com) C:\Program Files (x86)\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe

(BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe

() C:\Users\Ray\AppData\Roaming\Dashlane\Dashlane.exe

(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Program Files\Windows NT\Accessories\wordpad.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft® Corporation) C:\Program Files (x86)\Microsoft Works\WkDStore.exe

(Microsoft® Corporation) C:\Program Files (x86)\Microsoft Works\wkgdcach.exe

(Microsoft Corporation) C:\Windows\splwow64.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor)

HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)

HKLM-x32\...\Run: [iMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [133440 2012-07-19] (Intel Corporation)

HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation)

HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [102928 2012-10-23] (CyberLink Corp.)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-21-2801032338-2342425128-3870613798-1001\...\Run: [backgroundSwitcher] => C:\Program Files (x86)\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe [117400 2014-06-25] (johnsadventures.com)

HKU\S-1-5-21-2801032338-2342425128-3870613798-1001\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [455744 2013-12-10] (BillP Studios)

HKU\S-1-5-21-2801032338-2342425128-3870613798-1001\...\Run: [Dashlane] => C:\Users\Ray\AppData\Roaming\Dashlane\Dashlane.exe [219832 2014-05-27] ()

HKU\S-1-5-21-2801032338-2342425128-3870613798-1001\...\Run: [PCShowServer] => C:\Users\Ray\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe [1723760 2014-03-26] (NDS Technologies)

HKU\S-1-5-21-2801032338-2342425128-3870613798-1001\...\MountPoints2: {6faa9800-2894-11e3-be6d-c81f66038689} - "D:\WD SmartWare.exe" autoplay=true

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Unbox.lnk

ShortcutTarget: Amazon Unbox.lnk -> C:\Users\Ray\Desktop\My Documents\Downloads from Google ETC\ADVWindowsClientSystemTray.exe (Amazon.com)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

ShellIconOverlayIdentifiers: DBARFileBackuped -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)

ShellIconOverlayIdentifiers: DBARFileNotBackuped -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)

ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File

ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File

ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File

ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File

ShellIconOverlayIdentifiers: ShareOverlay -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)

ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File

ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File

ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File

ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 2 (GFS Stub) -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 3 (GFS Folder) -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

ShellIconOverlayIdentifiers-x32: ShareOverlay -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

URLSearchHook: HKCU - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)

SearchScopes: HKLM - DefaultScope {9E00ED14-DDAB-4086-B889-8ACD884A8ECF} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=DCJB

SearchScopes: HKLM - {9E00ED14-DDAB-4086-B889-8ACD884A8ECF} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=DCJB

SearchScopes: HKLM-x32 - DefaultScope value is missing.

SearchScopes: HKLM-x32 - {9E00ED14-DDAB-4086-B889-8ACD884A8ECF} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=DCJB

SearchScopes: HKCU - {2CC37BC9-F801-4F29-9333-67CC3827F182} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=501549&p={searchTerms}

SearchScopes: HKCU - {9E00ED14-DDAB-4086-B889-8ACD884A8ECF} URL =

BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)

BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)

BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)

BHO: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)

BHO-x32: Ant.com browser helper (video detector) - {346FDE31-DFF9-418A-90C8-BA31DC9FF2EF} - C:\Program Files (x86)\Ant.com\IE add-on\Download.dll (Ant.com)

BHO-x32: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)

BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre8\bin\ssv.dll (Oracle Corporation)

BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)

Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)

Toolbar: HKLM-x32 - Ant.com Video Downloader toolbar - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files (x86)\Ant.com\IE add-on\AntToolbar.dll (Ant.com)

Toolbar: HKLM-x32 - Dashlane Toolbar - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\Users\Ray\AppData\Roaming\Dashlane\ie\KWIEBar.dll (Dashlane)

Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)

Toolbar: HKCU - No Name - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - No File

DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 208.180.42.68 208.180.42.100

FireFox:

========

FF ProfilePath: C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\98hj6l78.default

FF Homepage: hxxp://www.yahoo.com/

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()

FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)

FF Plugin: @java.com/DTPlugin,version=11.5.2 - C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=11.5.2 - C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()

FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1211151.dll (Adobe Systems, Inc.)

FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)

FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File

FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=11.5.2 - C:\Program Files (x86)\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.5.2 - C:\Program Files (x86)\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\Win32\npPDFXCviewNPPlugin.dll No File

FF Plugin HKCU: @nds.com/PlayerPlugin - C:\Users\Ray\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (DIRECTV)

FF Plugin HKCU: NDS.com/PlayerPlugin - C:\Users\Ray\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (DIRECTV)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)

FF SearchPlugin: C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\98hj6l78.default\searchplugins\yahoo_ff.xml

Chrome:

=======

CHR HomePage: hxxp://www.yahoo.com/

CHR StartupUrls: "https://www.google.com/settings/plus", "hxxp://www.better-search.net/?barid=1651636109402308607&src=10&crg=&ppd=content,40812461583,,,amv-converter-studio.software.informer.com,c,0,,,www.videosconverter.net?lpver=121&did=10757&st=23&st=23", "hxxp://search.yahoo.com/?type=501549&fr=spigot-yhp-ch", "hxxp://search.yahoo.com/?type=937811&fr=spigot-yhp-ch"

CHR Extension: (Google Docs) - C:\Users\Ray\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-30]

CHR Extension: (Google Drive) - C:\Users\Ray\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-30]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Ray\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]

CHR Extension: (YouTube) - C:\Users\Ray\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-30]

CHR Extension: (Google Search) - C:\Users\Ray\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-30]

CHR Extension: (Google Wallet) - C:\Users\Ray\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-30]

CHR Extension: (Gmail) - C:\Users\Ray\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-30]

==================== Services (Whitelisted) =================

R2 ADVService; C:\Users\Ray\Desktop\My Documents\Downloads from Google ETC\ADVWindowsClientService.exe [25704 2011-11-23] (Amazon.com) [File not signed]

R2 HPSLPSVC; C:\Users\Ray\AppData\Local\Temp\7zS291B\hpslpsvc64.dll [1039360 2013-07-19] (Hewlett-Packard Co.) [File not signed]

R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-07-19] (Intel Corporation)

R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]

R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]

R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()

R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1915480 2013-05-23] (SoftThinks SAS)

R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)

R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [77824 2012-06-19] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)

R3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)

R3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)

S3 ghsdiagMDM; C:\Windows\system32\DRIVERS\ghsdiagMDM.sys [122496 2011-11-28] (HS Incorporated)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-07-02 13:24 - 2014-07-02 13:25 - 00019645 _____ () C:\Users\Ray\Desktop\FRST.txt

2014-07-02 13:24 - 2014-07-02 13:24 - 00000000 ____D () C:\FRST

2014-07-02 13:23 - 2014-07-02 13:23 - 02083840 _____ (Farbar) C:\Users\Ray\Desktop\FRST64.exe

2014-07-02 10:01 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll

2014-07-02 10:00 - 2014-07-02 10:04 - 00000000 ____D () C:\AdwCleaner

2014-07-02 09:43 - 2014-07-02 09:43 - 00002796 _____ () C:\Users\Ray\Desktop\JRT.txt

2014-07-02 09:39 - 2014-07-02 09:39 - 00000000 ____D () C:\Windows\ERUNT

2014-07-01 20:05 - 2014-07-01 20:05 - 01346519 _____ () C:\Users\Ray\Desktop\AdwCleaner.exe

2014-07-01 20:04 - 2014-07-01 20:04 - 01016261 _____ (Thisisu) C:\Users\Ray\Desktop\JRT.exe

2014-06-30 19:03 - 2014-06-30 19:03 - 00000355 _____ () C:\Users\Ray\Desktop\HP Slate 10 HD 10in Display 16GB Memory Android Tablet Tablet Tablet & iPad Computers & Tablets All ppc Site.url

2014-06-30 19:02 - 2014-06-30 19:02 - 00000352 _____ () C:\Users\Ray\Desktop\Dell Venue 7 7in Display 16GB Memory Android Tablet Tablet Tablet & iPad Computers & Tablets All ppc Site.url

2014-06-30 18:18 - 2014-06-30 18:31 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-06-30 18:17 - 2014-06-30 18:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-06-30 18:17 - 2014-06-30 18:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-06-30 18:17 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-06-30 09:28 - 2014-06-30 09:31 - 00001470 _____ () C:\Users\Ray\Downloads\home.asp

2014-06-25 22:52 - 2014-06-25 22:52 - 00000000 ____D () C:\Users\Ray\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\johnsadventures.com

2014-06-22 16:49 - 2014-06-22 16:49 - 00000255 _____ () C:\Users\Ray\Desktop\Lizzy the Lezzy Quotes.url

2014-06-22 13:30 - 2014-06-22 13:30 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01007.Wdf

2014-06-22 10:29 - 2014-06-22 10:29 - 00000000 ____D () C:\Users\Ray\AppData\Roaming\freecorder

2014-06-22 10:24 - 2014-06-22 10:24 - 00000000 ____D () C:\Users\Ray\AppData\Local\FLVService

2014-06-22 08:59 - 2014-06-22 08:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom

2014-06-11 13:49 - 2014-06-16 08:30 - 00000000 ____D () C:\Users\Ray\Documents\Everio MediaBrowser 4

2014-06-11 07:51 - 2014-06-11 07:51 - 00000265 _____ () C:\Users\Ray\Desktop\Internet Explorer 9 privacy statement - Microsoft Windows.url

2014-06-11 02:07 - 2014-05-23 22:48 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-06-11 02:07 - 2014-05-23 22:47 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-06-11 02:07 - 2014-05-23 22:47 - 01366016 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-06-11 02:07 - 2014-05-23 22:47 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll

2014-06-11 02:07 - 2014-05-23 22:47 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll

2014-06-11 02:07 - 2014-05-23 22:46 - 19290112 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-06-11 02:07 - 2014-05-23 22:46 - 15368704 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-06-11 02:07 - 2014-05-23 22:46 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-06-11 02:07 - 2014-05-23 22:46 - 02650112 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-06-11 02:07 - 2014-05-23 22:46 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2014-06-11 02:07 - 2014-05-23 22:46 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-06-11 02:07 - 2014-05-23 22:46 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-06-11 02:07 - 2014-05-23 22:46 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2014-06-11 02:07 - 2014-05-23 22:46 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-06-11 02:07 - 2014-05-23 22:46 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-06-11 02:07 - 2014-05-23 22:46 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-06-11 02:07 - 2014-05-23 22:46 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-06-11 02:07 - 2014-05-23 22:45 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-06-11 02:07 - 2014-05-23 22:45 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-06-11 02:07 - 2014-05-23 22:45 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-06-11 02:07 - 2014-05-23 21:26 - 14365696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-06-11 02:07 - 2014-05-23 21:26 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-06-11 02:07 - 2014-05-23 21:26 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-06-11 02:07 - 2014-05-23 21:26 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-06-11 02:07 - 2014-05-23 21:26 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-06-11 02:07 - 2014-05-23 21:26 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-06-11 02:07 - 2014-05-23 21:26 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll

2014-06-11 02:07 - 2014-05-23 21:25 - 13731328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-06-11 02:07 - 2014-05-23 21:25 - 02862080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-06-11 02:07 - 2014-05-23 21:25 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-06-11 02:07 - 2014-05-23 21:25 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-06-11 02:07 - 2014-05-23 21:25 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2014-06-11 02:07 - 2014-05-23 21:25 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-06-11 02:07 - 2014-05-23 21:25 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-06-11 02:07 - 2014-05-23 21:25 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2014-06-11 02:07 - 2014-05-23 21:25 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-06-11 02:07 - 2014-05-23 21:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-06-11 02:07 - 2014-05-23 21:25 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-06-11 02:07 - 2014-05-23 21:09 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-06-11 02:07 - 2014-05-23 21:03 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-06-11 02:07 - 2014-05-23 18:37 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll

2014-06-11 02:07 - 2014-05-03 01:47 - 03246592 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll

2014-06-11 02:07 - 2014-05-02 23:34 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll

2014-06-11 02:07 - 2014-04-29 18:32 - 01301504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2014-06-11 02:07 - 2014-04-29 18:22 - 01023488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

2014-06-11 02:07 - 2014-04-03 07:19 - 00328024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys

2014-06-11 02:07 - 2014-04-02 23:44 - 00619008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys

2014-06-11 02:07 - 2014-03-31 18:08 - 00387268 _____ () C:\Windows\system32\ApnDatabase.xml

2014-06-11 02:07 - 2014-03-24 19:42 - 00305152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wusa.exe

2014-06-11 02:07 - 2014-03-24 18:56 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\wusa.exe

2014-06-11 02:05 - 2014-04-03 07:22 - 02233176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys

2014-06-11 02:05 - 2014-03-06 20:47 - 01419264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

2014-06-11 02:05 - 2014-03-06 20:08 - 01845760 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll

2014-06-06 17:50 - 2014-06-06 17:50 - 00000123 _____ () C:\Users\Ray\Desktop\Badger Badger Badger.com! The Original Dancing Badgers!.url

==================== One Month Modified Files and Folders =======

2014-07-02 13:25 - 2014-07-02 13:24 - 00019645 _____ () C:\Users\Ray\Desktop\FRST.txt

2014-07-02 13:24 - 2014-07-02 13:24 - 00000000 ____D () C:\FRST

2014-07-02 13:23 - 2014-07-02 13:23 - 02083840 _____ (Farbar) C:\Users\Ray\Desktop\FRST64.exe

2014-07-02 13:20 - 2013-12-28 20:23 - 00000000 ____D () C:\Users\Ray\AppData\Roaming\ClassicShell

2014-07-02 13:19 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\system32\FxsTmp

2014-07-02 13:00 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\system32\sru

2014-07-02 12:48 - 2014-04-15 08:48 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-07-02 12:35 - 2013-12-30 02:05 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-07-02 10:34 - 2013-12-28 19:11 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2801032338-2342425128-3870613798-1001

2014-07-02 10:18 - 2014-01-28 22:01 - 01742876 _____ () C:\Windows\WindowsUpdate.log

2014-07-02 10:10 - 2012-07-26 03:28 - 00850046 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-07-02 10:08 - 2013-09-24 18:44 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery

2014-07-02 10:05 - 2014-02-12 14:16 - 00030954 _____ () C:\Windows\PFRO.log

2014-07-02 10:05 - 2013-12-30 02:05 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-07-02 10:05 - 2012-07-26 03:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-07-02 10:04 - 2014-07-02 10:00 - 00000000 ____D () C:\AdwCleaner

2014-07-02 09:58 - 2012-07-26 01:26 - 00262144 ___SH () C:\Windows\system32\config\BBI

2014-07-02 09:43 - 2014-07-02 09:43 - 00002796 _____ () C:\Users\Ray\Desktop\JRT.txt

2014-07-02 09:39 - 2014-07-02 09:39 - 00000000 ____D () C:\Windows\ERUNT

2014-07-01 20:05 - 2014-07-01 20:05 - 01346519 _____ () C:\Users\Ray\Desktop\AdwCleaner.exe

2014-07-01 20:04 - 2014-07-01 20:04 - 01016261 _____ (Thisisu) C:\Users\Ray\Desktop\JRT.exe

2014-07-01 11:18 - 2012-07-26 01:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM

2014-06-30 19:03 - 2014-06-30 19:03 - 00000355 _____ () C:\Users\Ray\Desktop\HP Slate 10 HD 10in Display 16GB Memory Android Tablet Tablet Tablet & iPad Computers & Tablets All ppc Site.url

2014-06-30 19:02 - 2014-06-30 19:02 - 00000352 _____ () C:\Users\Ray\Desktop\Dell Venue 7 7in Display 16GB Memory Android Tablet Tablet Tablet & iPad Computers & Tablets All ppc Site.url

2014-06-30 18:31 - 2014-06-30 18:18 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-06-30 18:28 - 2014-02-03 00:37 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-06-30 18:27 - 2012-07-26 04:12 - 00000000 ___RD () C:\Windows\DesktopTileResources

2014-06-30 18:17 - 2014-06-30 18:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-06-30 18:17 - 2014-06-30 18:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-06-30 18:17 - 2013-12-29 19:07 - 00000000 ____D () C:\Users\Ray\AppData\Roaming\Malwarebytes

2014-06-30 18:17 - 2013-12-29 19:07 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-06-30 18:17 - 2013-12-29 19:07 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware

2014-06-30 14:31 - 2013-12-30 01:21 - 00014306 _____ () C:\Users\Ray\AppData\Roaming\wklnhst.dat

2014-06-30 14:01 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\AUInstallAgent

2014-06-30 09:31 - 2014-06-30 09:28 - 00001470 _____ () C:\Users\Ray\Downloads\home.asp

2014-06-27 11:15 - 2013-09-28 22:02 - 00000000 ____D () C:\Users\Ray\Desktop\My Shared Folder

2014-06-25 22:52 - 2014-06-25 22:52 - 00000000 ____D () C:\Users\Ray\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\johnsadventures.com

2014-06-25 22:11 - 2014-02-11 21:03 - 00012878 _____ () C:\Windows\setupact.log

2014-06-25 10:55 - 2014-01-02 17:07 - 00000000 ____D () C:\Users\Ray\AppData\Roaming\vlc

2014-06-25 07:56 - 2013-12-28 19:01 - 00000000 ____D () C:\Users\Ray

2014-06-23 16:48 - 2014-04-18 15:16 - 00000000 ____D () C:\Users\Ray\AppData\Roaming\BitTorrent

2014-06-22 16:49 - 2014-06-22 16:49 - 00000255 _____ () C:\Users\Ray\Desktop\Lizzy the Lezzy Quotes.url

2014-06-22 13:30 - 2014-06-22 13:30 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01007.Wdf

2014-06-22 10:43 - 2014-03-24 10:41 - 00000000 ____D () C:\Users\Ray\AppData\Local\Jaksta_Technologies_Pty_L

2014-06-22 10:43 - 2014-03-18 09:54 - 00000000 ____D () C:\Program Files (x86)\Applian Technologies

2014-06-22 10:29 - 2014-06-22 10:29 - 00000000 ____D () C:\Users\Ray\AppData\Roaming\freecorder

2014-06-22 10:24 - 2014-06-22 10:24 - 00000000 ____D () C:\Users\Ray\AppData\Local\FLVService

2014-06-22 08:59 - 2014-06-22 08:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom

2014-06-22 08:59 - 2014-01-01 22:34 - 00000000 ____D () C:\Program Files (x86)\TomTom HOME 2

2014-06-22 08:58 - 2014-01-01 22:37 - 00000000 ____D () C:\Users\Ray\AppData\Local\Downloaded Installations

2014-06-19 03:30 - 2013-12-30 02:05 - 00003876 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2014-06-19 03:30 - 2013-12-30 02:05 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2014-06-16 08:31 - 2013-09-24 18:38 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information

2014-06-16 08:30 - 2014-06-11 13:49 - 00000000 ____D () C:\Users\Ray\Documents\Everio MediaBrowser 4

2014-06-14 19:39 - 2014-03-26 08:51 - 00000000 ____D () C:\ProgramData\Roxio

2014-06-11 16:04 - 2014-05-08 16:13 - 00000000 ____D () C:\Users\Ray\AppData\Local\Windows Live

2014-06-11 08:13 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\rescache

2014-06-11 07:51 - 2014-06-11 07:51 - 00000265 _____ () C:\Users\Ray\Desktop\Internet Explorer 9 privacy statement - Microsoft Windows.url

2014-06-11 04:22 - 2014-04-18 15:48 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-06-11 04:22 - 2012-07-26 03:59 - 00000000 ____D () C:\Windows\CbsTemp

2014-06-11 04:21 - 2013-12-28 21:55 - 00000000 ____D () C:\Windows\system32\MRT

2014-06-11 04:18 - 2013-12-28 21:55 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-06-06 17:50 - 2014-06-06 17:50 - 00000123 _____ () C:\Users\Ray\Desktop\Badger Badger Badger.com! The Original Dancing Badgers!.url

2014-06-03 08:43 - 2014-02-03 18:48 - 00000000 ____D () C:\Users\Ray\Desktop\Delete soon

Some content of TEMP:

====================

C:\Users\Ray\AppData\Local\Temp\ose00000.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-06-30 03:00

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-07-2014

Ran by Ray at 2014-07-02 13:25:21

Running from C:\Users\Ray\Desktop

Boot Mode: Normal

==========================================================

==================== Security Center ========================

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

4500_G510af_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden

4500G510af (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden

4500G510af_Software_Min (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden

Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)

Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.1.151 - Adobe Systems, Inc.)

Aimersoft Audio Converter(Build 1.1.41) (HKLM-x32\...\Aimersoft Audio Converter_is1) (Version: - Aimersoft Software)

Aimersoft DVD Creator(Build 1.1.22) (HKLM-x32\...\Aimersoft DVD Creator_is1) (Version: - Aimersoft Software)

Aimersoft DVD Ripper(Build 1.1.41) (HKLM-x32\...\Aimersoft DVD Ripper_is1) (Version: - Aimersoft Software)

Aimersoft DVD Studio Pack(Build 1.1.41) (HKLM-x32\...\Aimersoft DVD Studio Pack_is1) (Version: - Aimersoft Software)

Aimersoft Video Converter(Build 1.1.41) (HKLM-x32\...\Aimersoft Video Converter_is1) (Version: - Aimersoft Software)

Amazon Unbox Video (HKLM-x32\...\InstallShield_{54A4839E-87F8-4BD1-9682-A349E9943F0A}) (Version: 2.2.0.153 - Amazon.com)

Amazon Unbox Video (x32 Version: 2.2.0.153 - Amazon.com) Hidden

Ant.com IE add-on (HKLM-x32\...\{B905CAA1-D6FF-4D21-8858-F8C610491C0B}) (Version: 2.2.4.1076 - Ant.com)

Any Video Converter 5.5.9 (HKLM-x32\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com)

Ashampoo Burning Studio 6 FREE v.6.84 (HKLM-x32\...\{91B33C97-3ED1-03EA-A67B-244AA4D7B559}_is1) (Version: 6.8.4 - Ashampoo GmbH & Co. KG)

BitTorrent (HKCU\...\BitTorrent) (Version: 7.9.1.31141 - BitTorrent Inc.)

BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden

CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform)

Chicken Invaders: Revenge of the Yolk (Christmas Edition) v3.20 (HKLM-x32\...\Chicken Invaders: Revenge of the Yolk (Christmas Edition)_is1) (Version: - InterAction studios)

Chikka Messenger (HKCU\...\Chikka Messenger) (Version: - )

Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)

Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

CyberLink LabelPrint 2.5 (x32 Version: 2.5.5415 - CyberLink Corp.) Hidden

CyberLink Media Suite 10 (x32 Version: 10.0.1.2417 - CyberLink Corp.) Hidden

CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)

CyberLink Power2Go 8 (x32 Version: 8.0.0.2126 - CyberLink Corp.) Hidden

CyberLink PowerDirector 10 (x32 Version: 10.0.1.2413 - CyberLink Corp.) Hidden

CyberLink PowerDVD 10 (x32 Version: 10.0.4828.52 - CyberLink Corp.) Hidden

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Dashlane (HKCU\...\Dashlane) (Version: 2.4.1.63897 - Dashlane SAS)

Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.5.0.0 - Dell Inc.)

Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.5.0.0 - Dell Inc.)

Dell Digital Delivery (HKLM-x32\...\{B96348BD-6B0D-42E3-80B1-FA6718067BFE}) (Version: 2.8.1000.0 - Dell Products, LP)

Dell Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.16.1 - Dell Inc.)

Dell Wireless Driver Installation (HKLM-x32\...\{451517F1-7E41-400B-AA36-FB7E2563526D}) (Version: 10.0 - Dell)

Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden

DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden

DIRECTV Player (HKLM-x32\...\{dbaba6a3-366e-43a7-8f4e-b0a868c06ab3}) (Version: 10.0 - DIRECTV)

DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden

Dropbox (HKCU\...\Dropbox) (Version: 2.6.29 - Dropbox, Inc.)

DSC/AA Factory Installer (Version: 3.3.6261.27 - PC-Doctor, Inc.) Hidden

Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden

FormatFactory 3.2.1.0 (HKLM-x32\...\FormatFactory) (Version: 3.2.1.0 - Free Time)

Free Hide Folder (HKLM-x32\...\Free Hide Folder) (Version: - )

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)

Google Earth (HKLM-x32\...\{0A844D8F-A965-11E2-9E77-B8AC6F98CCE3}) (Version: 7.1.1.1580 - Google)

Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden

GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden

HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)

HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)

HP Officejet 4500 G510a-f 14.0 Rel. 6 (HKLM\...\{A49C5804-8F24-433C-99B2-9F9F541090C7}) (Version: 14.0 - HP)

HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)

HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)

HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden

HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden

HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden

Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2849 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation)

Intel® Trusted Connect Service Client (Version: 1.24.738.1 - Intel Corporation) Hidden

Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version: - )

Java 8 Update 5 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418005FF}) (Version: 8.0.50 - Oracle Corporation)

Java 8 Update 5 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218005FF}) (Version: 8.0.50 - Oracle Corporation)

Java Auto Updater (x32 Version: 2.8.05.13 - Oracle, Inc.) Hidden

John's Background Switcher 4.9 (HKLM-x32\...\{DD3DAD13-289E-440E-A5D3-3EFB25305018}_is1) (Version: 4.9 - johnsadventures.com)

Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)

MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden

Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden

Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)

Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden

Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden

Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)

Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden

Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)

Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Mozilla Firefox 27.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)

MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden

MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden

MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden

My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)

MyPadlock Password Manager (HKCU\...\e1c3488942f1ae2a) (Version: 1.0.0.32 - MyPadlock)

OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)

PandoraRecovery (Remove Only) (HKLM-x32\...\PandoraRecovery) (Version: - )

PDF-Viewer (HKLM\...\{8D273DE5-ABFA-4BD0-A9D7-EE9C971438C4}_is1) (Version: 2.0.50.0 - Tracker Software Products Ltd)

Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

PySolFC Solitaire (a freeware Solitaire Game) version 1.1 (HKLM-x32\...\PySolFC Solitaire_is1) (Version: - )

Quit Counter (HKLM-x32\...\Quit Counter_is1) (Version: 1.2 - Xarka Software)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)

Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.30136 - Realtek Semiconductor Corp.)

Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)

Roxio Creator Audio (x32 Version: 3.7.0 - Roxio) Hidden

Roxio Creator Copy (x32 Version: 3.7.0 - Roxio) Hidden

Roxio Creator Data (x32 Version: 3.7.0 - Roxio) Hidden

Roxio Creator DE (HKLM-x32\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - Roxio)

Roxio Creator DE (x32 Version: 3.7.0 - Roxio) Hidden

Roxio Creator Tools (x32 Version: 3.7.0 - Roxio) Hidden

Roxio Express Labeler 3 (x32 Version: 3.2.1 - Roxio) Hidden

Roxio Update Manager (x32 Version: 6.0.0 - Roxio) Hidden

Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden

Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)

SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden

Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden

swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

TomTom HOME (HKLM-x32\...\{7A2BB1C8-903D-4585-9F3B-CADD67D07D37}) (Version: 2.9.8 - TomTom)

TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)

Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden

TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden

Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)

Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)

Update for Microsoft Office Access 2007 Help (KB963663) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version: - Microsoft)

Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft)

Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version: - Microsoft)

Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version: - Microsoft)

Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version: - Microsoft)

Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version: - Microsoft)

Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version: - Microsoft)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2881065) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{B7EF38F7-1D58-4085-A9A4-0F6C69A5AA1E}) (Version: - Microsoft)

Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft)

Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version: - Microsoft)

Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft)

Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft)

VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)

WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden

Windows Live Communications Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

Windows Live Essentials (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Windows Live Installer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Windows Live Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Windows Live PIMT Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Windows Live SOXE (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Windows Live SOXE Definitions (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Windows Live UX Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Windows Live UX Platform Language Pack (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

WinPatrol (HKLM\...\{84481A87-2316-4923-8FAB-3BA8CA29323D}) (Version: 29.2.2013 - BillP Studios)

WinRAR 5.00 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)

Xilisoft DVD Copy Express (HKLM-x32\...\Xilisoft DVD Copy Express) (Version: 1.1.23.0824 - Xilisoft)

Xilisoft DVD Creator (HKLM-x32\...\Xilisoft DVD Creator) (Version: 3.0.39.1121 - Xilisoft)

Yahoo Toolbar (HKLM-x32\...\Yahoo! Companion) (Version: - Yahoo Inc.)

YTD Video Downloader 4.8.1 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 4.8.1 - GreenTree Applications SRL)

==================== Restore Points =========================

16-06-2014 12:31:21 Revo Uninstaller's restore point - Everio MediaBrowser 4

18-06-2014 15:08:03 Revo Uninstaller's restore point - Coupon Printer for Windows

21-06-2014 14:04:13 Revo Uninstaller's restore point - Software Version Updater

22-06-2014 14:39:15 Revo Uninstaller's restore point - Freecorder 5

30-06-2014 07:09:03 Scheduled Checkpoint

==================== Hosts content: ==========================

2012-07-26 01:26 - 2014-04-24 15:43 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0EEB9603-9FD3-4922-8109-99EA2F9657FB} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.)

Task: {10905780-7EC6-4456-ACCD-4A5FC3C2C099} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-12-03] (CyberLink Corp.)

Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask

Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList

Task: {2ECA87D1-5583-46E3-A6CD-3243C01B611C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd)

Task: {4C874592-A1F9-4D5D-84FC-12271CCDCED5} - System32\Tasks\Dell\Dell System Registration => C:\Program Files (x86)\System Registration\prodreg.exe [2012-07-09] (Dell, Inc.)

Task: {6E1CF784-24E6-482E-881C-E2F37510C03B} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-04-19] (Microsoft Corporation)

Task: {933EDF99-C184-494D-BF8D-710600E07C57} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-06-11] (Microsoft Corporation)

Task: {A15F7824-5DDA-4926-A120-9DD8763138BB} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-12-03] (CyberLink)

Task: {A1DC4E90-6901-4159-BE96-C0DB6B8409BC} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-31] (PC-Doctor, Inc.)

Task: {A397B440-536C-4C6D-ABFE-F46A76B4D3A1} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe

Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing

Task: {C2FED4B9-9050-441A-B286-C040896C3C9D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-13] (Adobe Systems Incorporated)

Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState

Task: {D14D091F-DD47-4B0D-90AE-14F0CA03A882} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-30] (Google Inc.)

Task: {D2F99976-04BE-47C8-9739-AE5F293A2571} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-30] (Google Inc.)

Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-09-24 18:45 - 2013-04-19 18:51 - 00020256 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIcon.dll

2013-09-24 18:45 - 2013-04-19 18:52 - 00049440 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\STCommonShellIntegration.dll

2013-09-24 18:45 - 2013-04-19 18:51 - 00019232 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayNotBackuped.dll

2013-09-24 18:45 - 2013-04-19 18:51 - 00034080 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRShellExtension.dll

2013-09-24 18:43 - 2012-04-24 22:43 - 00254512 _____ () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

2013-09-24 18:53 - 2013-06-05 19:43 - 00176048 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll

2014-02-14 08:50 - 2014-05-27 10:38 - 00219832 _____ () C:\Users\Ray\AppData\Roaming\Dashlane\Dashlane.exe

2011-11-23 21:21 - 2011-11-23 21:21 - 00105576 ____R () C:\Users\Ray\Desktop\My Documents\Downloads from Google ETC\LimelightDownloadManager.dll

2013-12-30 02:40 - 2013-07-15 13:29 - 00620718 _____ () C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll

2014-05-27 10:38 - 2014-05-27 10:38 - 00255160 _____ () C:\Users\Ray\AppData\Roaming\Dashlane\2.4.1.63897\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebugDll_win32.2.4.1.63897.dll

2014-05-27 10:38 - 2014-05-27 10:38 - 00363704 _____ () C:\Users\Ray\AppData\Roaming\Dashlane\2.4.1.63897\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebug.2.4.1.63897.dll

2014-05-27 10:38 - 2014-05-27 10:38 - 00423608 _____ () C:\Users\Ray\AppData\Roaming\Dashlane\2.4.1.63897\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWUtils.2.4.1.63897.dll

2014-05-27 10:38 - 2014-05-27 10:38 - 28239544 _____ () C:\Users\Ray\AppData\Roaming\Dashlane\2.4.1.63897\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWExternLib.2.4.1.63897.dll

2014-05-27 10:38 - 2014-05-27 10:38 - 00263352 _____ () C:\Users\Ray\AppData\Roaming\Dashlane\2.4.1.63897\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib_win.2.4.1.63897.dll

2014-05-27 10:38 - 2014-05-27 10:38 - 04805304 _____ () C:\Users\Ray\AppData\Roaming\Dashlane\2.4.1.63897\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWData.2.4.1.63897.dll

2014-05-27 10:37 - 2014-05-27 10:37 - 04319416 _____ () C:\Users\Ray\AppData\Roaming\Dashlane\2.4.1.63897\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWApplication.2.4.1.63897.dll

2013-09-24 18:41 - 2012-06-07 23:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll

2012-06-08 14:34 - 2012-06-08 14:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll

2014-02-15 10:25 - 2014-02-15 10:25 - 00017920 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\PSIClient\b7497ee745bead9869f53a314470edeb\PSIClient.ni.dll

2013-09-24 18:37 - 2012-07-18 15:55 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

2014-06-11 18:31 - 2014-06-05 09:58 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libglesv2.dll

2014-06-11 18:31 - 2014-06-05 09:58 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libegl.dll

2014-06-11 18:31 - 2014-06-05 09:58 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll

2014-06-11 18:31 - 2014-06-05 09:58 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll

2014-06-11 18:31 - 2014-06-05 09:58 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll

2014-06-11 18:31 - 2014-06-05 09:58 - 14612296 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll

2013-07-10 19:07 - 2013-07-10 19:07 - 00756888 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

==================== EXE Association (whitelisted) =============

==================== MSCONFIG/TASK MANAGER disabled items =========

HKLM\...\StartupApproved\StartupFolder: => "HP Digital Imaging Monitor.lnk"

HKLM\...\StartupApproved\StartupFolder: => "Amazon Unbox.lnk"

HKLM\...\StartupApproved\StartupFolder: => "Device Monitor 4.lnk"

HKLM\...\StartupApproved\Run32: => "IAStorIcon"

HKLM\...\StartupApproved\Run32: => "IMSS"

HKLM\...\StartupApproved\Run32: => "RemoteControl10"

HKLM\...\StartupApproved\Run32: => "HP Software Update"

HKLM\...\StartupApproved\Run32: => "Adobe ARM"

HKLM\...\StartupApproved\Run32: => "GrooveMonitor"

HKCU\...\StartupApproved\Run: => "BitTorrent"

HKCU\...\StartupApproved\Run: => "PCShowServer"

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:

==================

Error: (07/02/2014 01:19:23 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: WksWP.exe, version: 9.7.613.0, time stamp: 0x466fad27

Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000

Exception code: 0xc0000005

Fault offset: 0x00000000

Faulting process id: 0xd58

Faulting application start time: 0xWksWP.exe0

Faulting application path: WksWP.exe1

Faulting module path: WksWP.exe2

Report Id: WksWP.exe3

Faulting package full name: WksWP.exe4

Faulting package-relative application ID: WksWP.exe5

Error: (07/02/2014 01:19:21 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: WksWP.exe, version: 9.7.613.0, time stamp: 0x466fad27

Faulting module name: msvcrt.dll, version: 7.0.9200.16384, time stamp: 0x5010ae12

Exception code: 0xc0000005

Fault offset: 0x0000992e

Faulting process id: 0xd58

Faulting application start time: 0xWksWP.exe0

Faulting application path: WksWP.exe1

Faulting module path: WksWP.exe2

Report Id: WksWP.exe3

Faulting package full name: WksWP.exe4

Faulting package-relative application ID: WksWP.exe5

Error: (07/02/2014 01:07:42 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16921, time stamp: 0x537fc9dc

Faulting module name: KWIEBar.dll, version: 2.4.1.63897, time stamp: 0x5384a309

Exception code: 0xc0000005

Fault offset: 0x00002f92

Faulting process id: 0xa80

Faulting application start time: 0xIEXPLORE.EXE0

Faulting application path: IEXPLORE.EXE1

Faulting module path: IEXPLORE.EXE2

Report Id: IEXPLORE.EXE3

Faulting package full name: IEXPLORE.EXE4

Faulting package-relative application ID: IEXPLORE.EXE5

Error: (07/02/2014 01:07:29 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16921, time stamp: 0x537fc9dc

Faulting module name: KWIEBar.dll, version: 2.4.1.63897, time stamp: 0x5384a309

Exception code: 0xc0000005

Fault offset: 0x00002f92

Faulting process id: 0xac0

Faulting application start time: 0xIEXPLORE.EXE0

Faulting application path: IEXPLORE.EXE1

Faulting module path: IEXPLORE.EXE2

Report Id: IEXPLORE.EXE3

Faulting package full name: IEXPLORE.EXE4

Faulting package-relative application ID: IEXPLORE.EXE5

Error: (07/02/2014 01:07:25 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16921, time stamp: 0x537fc9dc

Faulting module name: KWIEBar.dll, version: 2.4.1.63897, time stamp: 0x5384a309

Exception code: 0xc0000005

Fault offset: 0x00002f92

Faulting process id: 0xe68

Faulting application start time: 0xIEXPLORE.EXE0

Faulting application path: IEXPLORE.EXE1

Faulting module path: IEXPLORE.EXE2

Report Id: IEXPLORE.EXE3

Faulting package full name: IEXPLORE.EXE4

Faulting package-relative application ID: IEXPLORE.EXE5

Error: (07/02/2014 01:07:21 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16921, time stamp: 0x537fc9dc

Faulting module name: KWIEBar.dll, version: 2.4.1.63897, time stamp: 0x5384a309

Exception code: 0xc0000005

Fault offset: 0x00002f92

Faulting process id: 0x13d4

Faulting application start time: 0xIEXPLORE.EXE0

Faulting application path: IEXPLORE.EXE1

Faulting module path: IEXPLORE.EXE2

Report Id: IEXPLORE.EXE3

Faulting package full name: IEXPLORE.EXE4

Faulting package-relative application ID: IEXPLORE.EXE5

Error: (07/02/2014 01:07:20 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16921, time stamp: 0x537fc9dc

Faulting module name: KWIEBar.dll, version: 2.4.1.63897, time stamp: 0x5384a309

Exception code: 0xc0000005

Fault offset: 0x00002f92

Faulting process id: 0x1248

Faulting application start time: 0xIEXPLORE.EXE0

Faulting application path: IEXPLORE.EXE1

Faulting module path: IEXPLORE.EXE2

Report Id: IEXPLORE.EXE3

Faulting package full name: IEXPLORE.EXE4

Faulting package-relative application ID: IEXPLORE.EXE5

Error: (07/02/2014 01:07:19 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16921, time stamp: 0x537fc9dc

Faulting module name: KWIEBar.dll, version: 2.4.1.63897, time stamp: 0x5384a309

Exception code: 0xc0000005

Fault offset: 0x00002f92

Faulting process id: 0x13ac

Faulting application start time: 0xIEXPLORE.EXE0

Faulting application path: IEXPLORE.EXE1

Faulting module path: IEXPLORE.EXE2

Report Id: IEXPLORE.EXE3

Faulting package full name: IEXPLORE.EXE4

Faulting package-relative application ID: IEXPLORE.EXE5

Error: (07/02/2014 01:07:18 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16921, time stamp: 0x537fc9dc

Faulting module name: KWIEBar.dll, version: 2.4.1.63897, time stamp: 0x5384a309

Exception code: 0xc0000005

Fault offset: 0x00002f92

Faulting process id: 0x1160

Faulting application start time: 0xIEXPLORE.EXE0

Faulting application path: IEXPLORE.EXE1

Faulting module path: IEXPLORE.EXE2

Report Id: IEXPLORE.EXE3

Faulting package full name: IEXPLORE.EXE4

Faulting package-relative application ID: IEXPLORE.EXE5

Error: (07/02/2014 01:07:17 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16921, time stamp: 0x537fc9dc

Faulting module name: KWIEBar.dll, version: 2.4.1.63897, time stamp: 0x5384a309

Exception code: 0xc0000005

Fault offset: 0x00002f92

Faulting process id: 0xa80

Faulting application start time: 0xIEXPLORE.EXE0

Faulting application path: IEXPLORE.EXE1

Faulting module path: IEXPLORE.EXE2

Report Id: IEXPLORE.EXE3

Faulting package full name: IEXPLORE.EXE4

Faulting package-relative application ID: IEXPLORE.EXE5

System errors:

=============

Error: (07/02/2014 10:11:10 AM) (Source: DCOM) (EventID: 10010) (User: JIMMY)

Description: {0002DF01-0000-0000-C000-000000000046}

Error: (07/02/2014 09:59:13 AM) (Source: DCOM) (EventID: 10016) (User: JIMMY)

Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}JimmyRayS-1-5-21-2801032338-2342425128-3870613798-1001LocalHost (Using LRPC)UnavailableUnavailable

Microsoft Office Sessions:

=========================

==================== Memory info ===========================

Percentage of memory in use: 32%

Total physical RAM: 8066.05 MB

Available physical RAM: 5415.16 MB

Total Pagefile: 9282.05 MB

Available Pagefile: 6439.01 MB

Total Virtual: 8192 MB

Available Virtual: 8191.77 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:918.77 GB) (Free:607.82 GB) NTFS

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (Size: 932 GB) (Disk ID: 6AA7D01A)

Partition: GPT Partition Type.

==================== End Of Log ============================

FRST.txt

Addition.txt

Edited July 2, 2014 by Starbuck

Starbuck · July 2, 2014

Hi Jimmy,

Is IE working now?

Ok, let's get the bad out of the way first!!

P2P Warning

Please note that as long as you're using any form of Peer-to-Peer networking ( Frostwire, *********, Bit Torrent etc.) and downloading files from non-documented sources, you can expect infestations of malware to occur.

P2P programmes form a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their wares onto your computer. Further to that, if your P2P programme is not configured correctly you may be sharing more files than you realise. There have been cases where people's Passwords, Address Books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured programme.

Many of the programmes come bundled with other unwanted programmes, but even the ones free of any bundled software are not safe to use.

When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections.

You may decide to continue P2P sharing, but keep in mind that this practice may be the source of future malware infestation.

If we clean your computer of infection, and you return to us a short time later with an infection contracted by the use of P2P programmes, we may refuse to help you.

If you do decide (unwisely) to keep these programs, please refrain from using them until we have finished cleaning your system.

----------------

I also see you have Dashlane installed:

I know they say:

Dashlane works with most browsers (Chrome, Firefox, Safari, and IE).

But don't believe everything you read.

Take a look at your error logs:

Error: (07/02/2014 01:07:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16921, time stamp: 0x537fc9dc
Faulting module name: KWIEBar.dll, version: 2.4.1.63897, time stamp: 0x5384a309
Exception code: 0xc0000005
Fault offset: 0x00002f92
Faulting process id: 0xa80
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5

Error: (07/02/2014 01:07:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16921, time stamp: 0x537fc9dc
Faulting module name: KWIEBar.dll, version: 2.4.1.63897, time stamp: 0x5384a309
Exception code: 0xc0000005
Fault offset: 0x00002f92
Faulting process id: 0xac0
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5

Error: (07/02/2014 01:07:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16921, time stamp: 0x537fc9dc
Faulting module name: KWIEBar.dll, version: 2.4.1.63897, time stamp: 0x5384a309
Exception code: 0xc0000005
Fault offset: 0x00002f92
Faulting process id: 0xe68
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5

Error: (07/02/2014 01:07:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16921, time stamp: 0x537fc9dc
Faulting module name: KWIEBar.dll, version: 2.4.1.63897, time stamp: 0x5384a309
Exception code: 0xc0000005
Fault offset: 0x00002f92
Faulting process id: 0x13d4
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5

Error: (07/02/2014 01:07:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16921, time stamp: 0x537fc9dc
Faulting module name: KWIEBar.dll, version: 2.4.1.63897, time stamp: 0x5384a309
Exception code: 0xc0000005
Fault offset: 0x00002f92
Faulting process id: 0x1248
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5

Error: (07/02/2014 01:07:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16921, time stamp: 0x537fc9dc
Faulting module name: KWIEBar.dll, version: 2.4.1.63897, time stamp: 0x5384a309
Exception code: 0xc0000005
Fault offset: 0x00002f92
Faulting process id: 0x13ac
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5

Error: (07/02/2014 01:07:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16921, time stamp: 0x537fc9dc
Faulting module name: KWIEBar.dll, version: 2.4.1.63897, time stamp: 0x5384a309
Exception code: 0xc0000005
Fault offset: 0x00002f92
Faulting process id: 0x1160
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5

Error: (07/02/2014 01:07:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16921, time stamp: 0x537fc9dc
Faulting module name: KWIEBar.dll, version: 2.4.1.63897, time stamp: 0x5384a309
Exception code: 0xc0000005
Fault offset: 0x00002f92
Faulting process id: 0xa80
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5

These are all IE errors relating to Dashlane.

Did you also read this:

Operating Systems:
Windows XP/Vista/7

Does not work with Windows 8 and Chrome Too many issues

I recommend you uninstall this program.

Your browsers will remember your passwords anyway..... why install an extra program to do this?

Step 1

Please download the attached fixlist.txt file (bottom of this post) and save it to the Desktop.

NOTE.

It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine.

Running this on another machine may cause damage to your operating system

Re-run FRST/FRST64 (which ever is installed ) and press the Fix button just once and wait.

http://img.photobucket.com/albums/v708/starbuck50/frstfix_zps7db0c905.png

The tool will make a log on the Desktop (Fixlog.txt). Please post this in your next reply.

Step 2

I'd like you to do an ESET OnlineScan

64Bit users, please see note at the bottom.

You may find it beneficial to close your resident AV program before running the scan.

It's been found that on some systems the Eset's Online Scan fails during the database download ( around 20% )

To prevent this happening:

When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):

Enable Anti-Stealth technology

http://img.photobucket.com/albums/v708/starbuck50/eset.png

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button.
If asked, allow the activex control to install
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer.
  Save it to your desktop.
- Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop.
[*]Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png
[*]Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button.
[*]Accept any security warnings from your browser.
[*]Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png
[*] Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked
[*]Click the Start button.
[*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
[*]When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png
[*]Click http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as ESETScan.
Include the contents of this report in your next reply.
[*]Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button.
[*]Click http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Note:

As you are running a 64bit system:

The ESET Online Scanner is a 32-bit application, which means it must be run through in the 32-bit version of Internet Explorer.

As you are using IE10, the chances are that you are running a 32bit version.

To check......

Open Internet Explorer 10

Click the Settings cog up the top right corner of the window,

Click the Advanced tab,

Scroll down until you see Enable Enhanced Protected Mode*

If it's ticked.... you are running a 64bit version.

Untick it to run a 32bit version.

Chrome or Firefox will be 32bit, so you can use those instead.

In your next reply, please submit:

Fixlog.txt

Eset scan report

Thanks.

fixlist.txt

jimmyedwards · July 2, 2014

I will do as you suggest ,should I delete dashlane and bit torrent first or wait until after the scan? Also IE still is not working and I cant even remove the warning message. I will try but I may not be able to get back until Thursday.

Starbuck · July 2, 2014

I will do as you suggest ,should I delete dashlane and bit torrent first or wait until after the scan?

You can remove them before or after, it doesn't matter.

IE still is not working and I cant even remove the warning message

Ok then.

Reset IE back to the defaults.

Close any Internet Explorer or Windows Explorer windows that are currently open.
Open Internet Explorer by clicking the Start button, and then clicking Internet Explorer.
Click the Tools button, and then click Internet Options.
Click the Advanced tab, and then click Reset.
Select the Delete personal settings check box if you would like to remove browsing history, search providers, Accelerators, home pages, and InPrivate Filtering data.
In the Reset Internet Explorer Settings dialog box, click Reset.
When Internet Explorer finishes applying default settings, click Close, and then click OK.
Close Internet Explorer.
Your changes will take effect the next time you open Internet Explorer.

I will try but I may not be able to get back until Thursday.

No problem, just reply when you can.... i'll still be here. :)

jimmyedwards · July 3, 2014

I did the FRST and Fixlog.txt and will try to send them now. I cannot do anything with IE no matter what I try it keeps showing the IE has stopped working message and I can't get past that to even reset it.

Fixlog.txt

FRST.txt

jimmyedwards · July 3, 2014

Here is the Eset scan I didnt know all that was on my pc

ESETSCAN.txt

Starbuck · July 3, 2014

Hi Jimmy,

Here is the Eset scan I didnt know all that was on my pc

It's surprising what is lurking out of view.

I'll go through the reports properly after food.

I cannot do anything with IE no matter what I try it keeps showing the IE has stopped working message and I can't get past that to even reset it.

That's not a big problem, we can reset IE without opening it.

Right click on the Start screen and select All Apps.

On the Apps screen, swipe or scroll to the right and find the Windows System category.

Press or click on the Control Panel icon under Windows System.

Windows 8 will switch to the Desktop and open the Control Panel.

Click on Network and Internet.

Click Internet Options.

Click the Advanced tab.

The Reset Internet Explorer Settings are at the bottom ..... click Reset.

When Internet Explorer finishes applying the default settings, tap or click Close, and then tap or click OK.

Exit and then start Internet Explorer.

Let me know if this helps to get IE running again.

jimmyedwards · July 3, 2014

Thanks I now have IE back ,I have been playing with it a little. I have found out if I use dashlane without the toolbar it is ok ,if I try to enable dashlane toolbar it starts back with the IE has stopped working message.

I will wait and see what you get from Eset before I delete anything else I have uninstalled bit torrent.

Starbuck · July 3, 2014

Hi Jimmy,

Thanks I now have IE back

That's good to hear..... saves us going to plan B :)

I have found out if I use dashlane without the toolbar it is ok ,if I try to enable dashlane toolbar it starts back with the IE has stopped working message

That's probably what all those error log entries were pointing to.

At least you now know what was the cause of the IE problem.

Thanks for posting that, it may well help another member suffering the same problem.

I have uninstalled bit torrent

Nice one.

Most of what Eset found is relating to Pup's.

That is why it looks like legit programs have been flagged up.

It's not the programs themselves that get flagged, it's the addons that they include.

There was a lot of dodgy temp files, so we'll clean all of those:

Download TFC by OldTimer to your desktop

Please double-click TFC.exe to run it. (Note: If you are running on Vista/Win7/Win8, right-click on the file and choose Run As Administrator).
It will close all programs when run, so make sure you have saved all your work before you begin.
Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

It will produce a report.... but not one that you can post.

Let me know how the system is running after TFC.

Thanks

jimmyedwards · July 4, 2014

I did TFC and all I can say is so far everything is back to normal, Thanks do I mark this as solved or can you do it.

Starbuck · July 4, 2014

Hi Jimmy,

Thanks do I mark this as solved or can you do it.

I can take care of that for you.

We just need to complete a few final steps.

Let's finish the cleaning process and remove the tools we have used.

We'll also set you a fresh restore point.

Step 1

Restart MBAM.

Click on the History tab >> Quarantine

Tick to select any items and then click the Delete button.

Close MBAM.

Step 2

Download Delfix and save it to your desktop.

Ensure Remove disinfection tools is checked.
Also place a checkmark next to:
Create registry backup
Purge system restore

http://img.photobucket.com/albums/v708/starbuck50/delf_zpsb39a5ff3.png
.
Click the Run button.

When the tool has finished, a log will open in notepad.... but i don't actually need this report

Step 3

Eset can be uninstalled by using the Remove Programs feature in Control Panel.

To find out how you may have been infected....read this topic:

How did i get infected?

Glad I was able to help.

Safe surfing. http://fc08.deviantart.net/fs71/f/2010/033/b/3/Computer_addict__by_Sinister_Starfeesh.gif

Sign In

[Solved] Adware on Win8

Recommended Posts

jimmyedwards

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

KenB

jimmyedwards

Starbuck

jimmyedwards

jimmyedwards

jimmyedwards

Starbuck

jimmyedwards

Starbuck

jimmyedwards

Starbuck

jimmyedwards

jimmyedwards

Starbuck

jimmyedwards

Starbuck

jimmyedwards

Starbuck

Join the conversation

Browse

Activity

Site Info