Jump to content

Computer Issues


Recommended Posts

Computer has just been running slow and doing all sorts of weird things....just random freezes, windows that want to open 100 times, ie not working as it should, etc. See if one of you fine people can help me out once more. You guys did an awesome job a few years ago. I'm a web designer and this is my main PC so when it's a little under the weather it makes work a bit more frustrating. :(

THANKS IN ADVANCE! - oh and I tip for your service too. :)

 

I am running the following:

 

Malwarebytes PRO - db version 2013.10.02.02

SUPERAntiSpyware Pro db version 10806

 

here are my logs:

 

dds....

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16686  BrowserJavaVersion: 10.21.2
Run by James at 23:40:53 on 2013-10-02
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8183.3279 [GMT -5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Apache\bin\httpd.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Users\James\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CrashPlan\CrashPlanService.exe
C:\Users\James\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\CMS Peripherals\BounceBack Express\BBLauncher.exe
C:\Program Files\CrashPlan\CrashPlanTray.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\James\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe
C:\Users\James\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeUpdater.exe
C:\Apache\bin\httpd.exe
c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSAS10.MSSQLSERVER\OLAP\bin\msmdsrv.exe
C:\MYSQL\bin\mysqld.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft SQL Server\MSRS10.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe
c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdhost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Users\James\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelper.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\Macromed\Flash\FlashUtil64_11_8_800_175_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\Explorer.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.

uSearch Bar = Preserve

BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} -
BHO: ShopAtHome.com Cash Back Helper: {66516A07-F617-488A-90CF-4E690CFB3C5F} - C:\Users\James\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: IEExtension.VDownloaderBHO: {7b523e7c-f096-4e36-a0cb-7efeb5c675c1} -
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: ShopAtHome.com Toolbar: {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - C:\Users\James\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
TB: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: ShopAtHome.com Toolbar: {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - C:\Users\James\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
uRun: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
uRun: [Akamai NetSession Interface] "C:\Users\James\AppData\Local\Akamai\netsession_win.exe"
uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [Google Update] "C:\Users\James\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [shwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
mRun: [sPIRunE] Rundll32 SPIRunE.dll,RunDLLEntry
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [bounceBack Setup] "C:\Program Files (x86)\CMS Peripherals\BounceBack Express\AppLaunch.exe" /Launchit
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
mRun: [Adobe_ID0EYTHM] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
mRun: [Aimersoft Helper Compact.exe] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
mRun: [EaseUS EPM tray] C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.1 Home Edition\bin\EpmNews.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [shopAtHomeWatcher] C:\Users\James\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe
mRun: [shopAtHomeUpdater] C:\Users\James\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeUpdater.exe
StartupFolder: C:\Users\James\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe
StartupFolder: C:\Users\James\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\Users\James\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\VDOWNL~1.LNK - C:\Program Files (x86)\VDownloader\VDownloader.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEA~1.LNK - C:\Windows\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEA~2.LNK - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BOUNCE~1.LNK - C:\Program Files (x86)\CMS Peripherals\BounceBack Express\BBLauncher.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CRASHP~1.LNK - C:\Program Files\CrashPlan\CrashPlanTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\Apache\bin\ApacheMonitor.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
Trusted Zone: harmonytx.org
Trusted Zone: mesquiteisd.org
Trusted Zone: myharmonytx.org





TCP: NameServer = 192.168.1.254
TCP: Interfaces\{68CF1513-A706-4EF5-A048-F4BDFF7B2011} : DHCPNameServer = 192.168.1.254
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
x64-BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} -
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll



x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-mASetup: {12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\Windows\System32\ieudinit.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\72zwrn9e.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Web Search


FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\James\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\72zwrn9e.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\plugins\np-mswmp.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-11-18 55280]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-7-18 140672]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 27136]
R2 Apache2.2;Apache2.2;C:\Apache\bin\httpd.exe [2010-7-30 24645]
R2 CrashPlanService;CrashPlan Backup Service;C:\Program Files\CrashPlan\CrashPlanService.exe [2012-3-26 222720]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
R2 Freedom Scientific Kernel Manager {D2B4C7A7-7605-4039-89E4-DE5CC69BBE9D};Freedom Scientific Kernel Manager;C:\Windows\System32\fsKMgr.dll [2010-4-13 23584]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-13 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-13 701512]
R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2010-3-25 517632]
R2 MsDtsServer100;SQL Server Integration Services 10.0;C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [2012-8-24 220112]
R2 ReportServer;SQL Server Reporting Services (MSSQLSERVER);C:\Program Files\Microsoft SQL Server\MSRS10.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2011-9-22 2084712]
R2 Sentinel64;Sentinel64;C:\Windows\System32\drivers\sentinel64.sys [2010-5-9 145448]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-1-18 383264]
R3 fsvidmir;fsvidmir;C:\Windows\System32\drivers\fsvidmir.sys [2010-4-13 10784]
R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2009-8-6 320040]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2010-10-27 25928]
R3 MSSQLFDLauncher;SQL Full-text Filter Daemon Launcher (MSSQLSERVER);C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [2008-7-10 34840]
R3 t3;Sound Blaster X-Fi Xtreme Audio;C:\Windows\System32\drivers\t3.sys [2009-11-18 639512]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys [2011-9-17 29288]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);C:\Windows\System32\drivers\WsAudio_DeviceS(2).sys [2011-9-17 29288]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);C:\Windows\System32\drivers\WsAudio_DeviceS(3).sys [2011-9-17 29288]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);C:\Windows\System32\drivers\WsAudio_DeviceS(4).sys [2011-9-17 29288]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);C:\Windows\System32\drivers\WsAudio_DeviceS(5).sys [2011-9-17 29288]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SessionLauncher;SessionLauncher;c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe --> c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [?]
S3 BrowseEmAll Updater Service;BrowseEmAll Updater Service;C:\Program Files (x86)\BrowseEmAll\BrowseEmAll.Updater.Service.exe [2013-8-13 15968]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2009-11-18 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-11-18 79360]
S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2013-3-4 17480]
S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2013-3-4 9800]
S3 hitmanpro36;Hitman Pro 3.5 Support Driver;C:\Windows\System32\drivers\hitmanpro36.sys [2012-7-22 30496]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-4-25 19456]
S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe [2009-6-26 1124848]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-4-25 57856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-3-29 1255736]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2008-7-10 61976]
S4 RsFx0105;RsFx0105 Driver;C:\Windows\System32\drivers\RsFx0105.sys [2011-9-22 311144]
.
=============== File Associations ===============
.
FileExt: .scr: DWGTrueViewScriptFile=C:\Windows\System32\notepad.exe "%1"
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS3\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2013-10-01 09:45:07 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CFE11B28-D3ED-4770-A1B7-CA542DDA5588}\offreg.dll
2013-10-01 09:43:49 9694160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CFE11B28-D3ED-4770-A1B7-CA542DDA5588}\mpengine.dll
2013-09-26 18:51:57 -------- d-----w- C:\Users\James\AppData\Local\{4928ACAF-E717-4133-919E-5DBDB0E8815A}
2013-09-20 05:22:02 3723656 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2013-09-13 04:24:07 -------- d-----w- C:\Users\James\AppData\Roaming\Keynote Systems
2013-09-11 20:06:45 -------- d-----w- C:\Users\James\AppData\Roaming\ShopAtHome
.
==================== Find3M  ====================
.
2013-09-20 05:22:17 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-20 05:22:17 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-08-10 05:22:18 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-08-10 05:20:59 3959296 ----a-w- C:\Windows\System32\jscript9.dll
2013-08-10 05:20:55 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-08-10 05:20:55 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-08-10 03:59:10 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-08-10 03:58:09 2876928 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-08-10 03:58:06 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-08-10 03:58:06 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-08-10 03:17:38 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-08-10 03:07:50 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-08-10 02:27:59 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-08-10 02:17:19 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-08-08 01:20:43 3155456 ----a-w- C:\Windows\System32\win32k.sys
2013-08-07 09:22:02 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-08-05 02:25:45 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys
2013-08-02 02:23:53 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-08-02 02:15:44 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-08-02 02:15:03 362496 ----a-w- C:\Windows\System32\wow64win.dll
2013-08-02 02:15:03 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-08-02 02:15:03 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2013-08-02 02:14:57 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-08-02 02:14:11 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2013-08-02 02:13:34 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2013-08-02 01:59:30 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-02 01:59:30 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-08-02 01:51:23 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-08-02 01:50:42 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-08-02 01:50:42 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2013-08-02 01:09:17 338432 ----a-w- C:\Windows\System32\conhost.exe
2013-08-02 00:59:09 112640 ----a-w- C:\Windows\System32\smss.exe
2013-08-02 00:45:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-08-02 00:45:36 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-08-02 00:45:35 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-08-02 00:45:34 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-08-02 00:43:05 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43:05 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43:05 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43:05 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58:42 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-07-19 01:41:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-07-09 05:52:52 224256 ----a-w- C:\Windows\System32\wintrust.dll
2013-07-09 05:51:16 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll
2013-07-09 05:46:20 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-07-09 05:46:20 1472512 ----a-w- C:\Windows\System32\crypt32.dll
2013-07-09 05:46:20 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-07-09 04:52:33 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2013-07-09 04:52:10 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll
2013-07-09 04:46:31 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-07-09 04:46:31 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-07-09 04:46:31 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-07-06 06:03:53 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-09-16 20:12:04 143240 ----a-w- C:\Program Files (x86)\Common Files\ApnStub.exe
.
============= FINISH: 23:41:20.85 ===============

 

attach....

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 11/21/2009 10:45:59 PM
System Uptime: 9/27/2013 10:55:57 PM (121 hours ago)
.
Motherboard: Dell Inc. |  | 0X231R
Processor: Intel® Core i7 CPU         860  @ 2.80GHz | CPU 1 | 2793/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 684 GiB total, 306.811 GiB free.
D: is CDROM (CDFS)
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
N: is Removable
O: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description:
Device ID: ACPI\PNP0C0F\1
Manufacturer:
Name:
PNP Device ID: ACPI\PNP0C0F\1
Service:
.
==== System Restore Points ===================
.
RP534: 9/24/2013 2:23:01 AM - Windows Update
RP535: 9/27/2013 4:33:31 AM - Windows Update
RP536: 10/1/2013 4:43:15 AM - Windows Update
.
==== Installed Programs ======================
.
 Update for Microsoft Office 2007 (KB2508958)
Acrobat.com
Add or Remove Adobe Creative Suite 3 Web Premium
Adobe Acrobat 8 Professional
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Contribute CS3
Adobe Creative Suite 3 Web Premium
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Fireworks CS3
Adobe Flash CS3
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader 9.3
Adobe Setup
Adobe Shockwave Player 11.5
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Version Cue CS3 Server
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
AHV content for Acrobat and Flash
Aimersoft DRM Media Converter(Build 1.4.7.2)
Aimersoft DVD Creator(Build 2.6.5)
AimOne Video Joiner 1.35
AimOne Video Splitter 1.42
Akamai NetSession Interface
Akamai NetSession Interface Service
Apache HTTP Server 2.2.16
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AT&T U-verse Setup
AutoBookmark Standard Plug-In, v. 4.0 (TRIAL VERSION)
AviSynth 2.5
Bonjour
BookSmart® 2.9.4 2.9.4
BrowseEmAll version 4.0.0.0
Camtasia Studio 7
Consumer In-Home Service Agreement
CopyTrans Suite Remove Only
Coupon Printer for Windows
CrashPlan
Creative Audio Control Panel
Creative Software AutoUpdate
Creative Sound Blaster Properties x64 Edition
Crystal Reports Basic for Visual Studio 2008
Crystal Reports Basic Runtime for Visual Studio 2008 (x64)
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell DataSafe Online
Dell Dock
Dell Edoc Viewer
Dell Getting Started Guide
DirectXInstallService
Doxillion Document Converter
DWG TrueView 2012
EaseUS MobiSaver Free 2.0
EaseUS Partition Master 9.2.1 Home Edition
EMC 10 Content
EMCGadgets64
ffdshow v1.1.3572 [2010-09-13]
FileZilla Client 3.7.1.1
Font Management System
Free YouTube Downloader 3.5.128
Freedom Scientific Braille
Freedom Scientific Document Server
Freedom Scientific Elevation
Freedom Scientific FSReader 2.0
Freedom Scientific Synth
Freedom Scientific Synthesizer Eloquence
Freedom Scientific Talking Installer 11.0
Freedom Scientific Utilities
Freedom Scientific Video Intercept
Freedom Scientific WOW64 Proxy
GameSpy Arcade
GDR 5512 for SQL Server 2008 (KB2716436) (64-bit)
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Host OpenAL
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB2538241)
Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB971091)
Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB971092)
Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB973674)
Internet Explorer Toolbar 4.8 by SweetPacks
iTunes
Java 7 Update 21
Java Auto Updater
Java 6 Update 14 (64-bit)
Junk Mail filter update
Keynote Connector
Malwarebytes Anti-Malware version 1.75.0.1300
Market Samurai
Microsoft .NET Compact Framework 2.0 SP2
Microsoft .NET Compact Framework 3.5
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Access 2010 Runtime Service Pack 1 (SP1)
Microsoft Access Runtime 2010
Microsoft Application Error Reporting
Microsoft Device Emulator (64 bit) version 3.0 - ENU
Microsoft Document Explorer 2008
Microsoft Halo
Microsoft Mouse and Keyboard Center
Microsoft Office 2003 Web Components
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Runtime 2010
Microsoft Office Access Runtime MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
Microsoft Office Ultimate 2007
Microsoft Office Visual Web Developer 2007
Microsoft Office Visual Web Developer MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server 2008 (64-bit)
Microsoft SQL Server 2008 Analysis Services
Microsoft SQL Server 2008 BI Development Studio
Microsoft SQL Server 2008 Books Online (English)
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Client Tools
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Full text search
Microsoft SQL Server 2008 Integration Services
Microsoft SQL Server 2008 Management Objects
Microsoft SQL Server 2008 Management Studio
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 Policies
Microsoft SQL Server 2008 Reporting Services
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server Compact 3.5 for Devices ENU
Microsoft SQL Server Compact 3.5 SP1 Design Tools English
Microsoft SQL Server Compact 3.5 SP1 English
Microsoft SQL Server Compact 3.5 SP1 Query Tools English
Microsoft SQL Server Database Publishing Wizard 1.3
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Sync Framework Runtime v1.0 (x64)
Microsoft Sync Services for ADO.NET v2.0 (x64)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Visual Studio 2008 Professional Edition - ENU
Microsoft Visual Studio 2008 Professional Edition - ENU Service Pack 1 (KB945140)
Microsoft Visual Studio 2008 Remote Debugger - ENU
Microsoft Visual Studio 2008 Remote Debugger - ENU Service Pack 1 (KB945140)
Microsoft Visual Studio 2008 Shell (integrated mode) - ENU
Microsoft Visual Studio Tools for Applications 2.0 - ENU
Microsoft Visual Studio Web Authoring Component
Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools - enu
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
Microsoft Windows SDK for Visual Studio 2008 SP1 Tools
Microsoft Windows SDK for Visual Studio 2008 SP1 Win32 Tools
MobileMe Control Panel
Mozilla Firefox 22.0 (x86 en-US)
Mozilla Maintenance Service
MSDN Library for Visual Studio 2008 - ENU
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Multimedia Card Reader
MySQL Server 5.1
Notepad++
NVIDIA 3D Vision Driver 311.06
NVIDIA Control Panel 311.06
NVIDIA Graphics Driver 311.06
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.10.0514
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.11.3
NVIDIA Update Components
Octoshape add-in for Adobe Flash Player
Opera 12.15
PDF Settings
PowerDVD DX
QuickTime
Roxio Activation Module
Roxio BackOnTrack
Roxio Central Audio
Roxio Central Copy
Roxio Central Core
Roxio Central Data
Roxio Central Tools
Roxio Easy CD and DVD Burning
Roxio Express Labeler 3
Roxio File Backup
Roxio Update Manager
Safari
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760588) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760823) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687276) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2760583) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office Outlook 2007 (KB2825999) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Word 2007 (KB2767773) 32-Bit Edition
Security Update for Microsoft Visual Studio 2008 Professional Edition - ENU (KB2251487)
Security Update for Microsoft Visual Studio 2008 Professional Edition - ENU (KB2669970)
Security Update for Microsoft Visual Studio 2008 Professional Edition - ENU (KB972222)
Security Update for Microsoft Visual Studio 2008 Professional Edition - ENU (KB973675)
Sentinel System Driver Installer 7.5.0
Service Pack 3 for SQL Server 2008 (KB2546951) (64-bit)
Shared C Run-time for x64
ShopAtHome.com Helper
ShopAtHome.com Toolbar
SmartFTP Client
Sonic CinePlayer Decoder Pack
Sound Blaster X-Fi
Sql Server Customer Experience Improvement Program
SQL Server System CLR Types
SUPERAntiSpyware
Switch Sound File Converter
TeamSpeak 3 Client
Total Validator Tool
Tune4win M4V Converter 1.0.4
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office 2010 (KB2553157) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760758) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2825641) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Update for Microsoft Visual Studio 2008 Professional Edition - ENU (KB972221)
Update for Microsoft Visual Studio Web Authoring Component (KB945140)
VC Runtimes MSI
VD64Inst
Ventrilo Client for Windows x64
Visual C++ 2008 IA64 Runtime - (v9.0.30729)
Visual C++ 2008 IA64 Runtime - v9.0.30729.01
Visual C++ 2008 x64 Runtime - (v9.0.30729)
Visual C++ 2008 x64 Runtime - (v9.0.30729.4148)
Visual C++ 2008 x64 Runtime - (v9.0.30729.6161)
Visual C++ 2008 x64 Runtime - v9.0.30729.01
Visual C++ 2008 x64 Runtime - v9.0.30729.4148
Visual C++ 2008 x64 Runtime - v9.0.30729.6161
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - (v9.0.30729.4148)
Visual C++ 2008 x86 Runtime - (v9.0.30729.6161)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual C++ 2008 x86 Runtime - v9.0.30729.4148
Visual C++ 2008 x86 Runtime - v9.0.30729.6161
Visual Studio .NET Prerequisites - English
Visual Studio 2005 Tools for Office Second Edition Runtime
Visual Studio Tools for the Office system 3.0 Runtime
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258)
WavePad Sound Editor
WinAce Archiver
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Mobile 5.0 SDK R2 for Pocket PC
Windows Mobile 5.0 SDK R2 for Smartphone
Windows Movie Maker 2.6
Windows XP Mode
WinSCP 4.2.8
WinZip 15.5
Wondershare Dr.Fone (iPhone 3GS)(Build 2.0.1.3)
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
Zinio Reader 4
.
==== Event Viewer Messages From Past Week ========
.
9/29/2013 10:07:00 PM, Error: Microsoft-Windows-DistributedCOM [10016]  - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID  {9BA05972-F6A8-11CF-A442-00A0C90A8F39}  and APPID  {9BA05972-F6A8-11CF-A442-00A0C90A8F39}  to the user James-PC\James SID (S-1-5-21-2482222888-3877877194-96238860-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
9/27/2013 11:02:29 PM, Error: Service Control Manager [7038]  - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:  Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
9/27/2013 11:02:29 PM, Error: Service Control Manager [7000]  - The NVIDIA Update Service Daemon service failed to start due to the following error:  The service did not start due to a logon failure.
9/27/2013 11:00:28 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  RxFilter
9/27/2013 10:59:03 PM, Error: Service Control Manager [7000]  - The SessionLauncher service failed to start due to the following error:  The system cannot find the file specified.
10/1/2013 11:41:43 AM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {D3DCB472-7261-43CE-924B-0704BD730D5F}  and APPID  {D3DCB472-7261-43CE-924B-0704BD730D5F}  to the user James-PC\James SID (S-1-5-21-2482222888-3877877194-96238860-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
10/1/2013 11:41:43 AM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {145B4335-FE2A-4927-A040-7C35AD3180EF}  and APPID  {145B4335-FE2A-4927-A040-7C35AD3180EF}  to the user James-PC\James SID (S-1-5-21-2482222888-3877877194-96238860-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
.
==== End Of File ===========================
 

Link to post
Share on other sites

  • Root Admin

Hello and :welcome:

 

Please uninstall ALL versions of Java.

 

Please download JavaRa-1.16 and save it to your computer.

  • Double click to open the zip file and then select all and choose Copy.
  • Create a new folder on your Desktop named RemoveJava and paste the files into this new folder.
  • Quit all browsers and other running applications.
  • Right-click on JavaRa.exe in RemoveJava folder and choose Run as administrator to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location and post it in your next reply.

 

 

 

Then restart the computer and run the following.  Make sure you disable your antivirus long enough to stay off after a reboot.

 

 

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file.  Please be patient as it can take some time to load.
  • Please attach that log file to your next reply.
  • If needed the file can be located here:  C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.


 

Link to post
Share on other sites

Ron,

 

Thanks for the help. As you requested the JavaRa.txt file is posted below and the combofix.txt file is attached to the post.

 

 

JavaRa 1.16 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Thu Oct 03 08:59:57 2013

Found and removed: C:\Program Files (x86)\Java\jre6

Found and removed: Applications\java.exe

Found and removed: Applications\javaw.exe

Found and removed: CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0017-0000-FFFF-ABCDEFFEDCBA}

Found and removed: Software\JavaSoft\Java Update

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

Found and removed: SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}

Found and removed: SOFTWARE\Classes\CLSID\{5852F5ED-8BF4-11D4-A245-0080C6F74284}

Found and removed: SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

Found and removed: SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}

Found and removed: SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}

Found and removed: SOFTWARE\Classes\Installer\Features\F60730A4A66673047777F5728467D401

Found and removed: SOFTWARE\Classes\Installer\Products\F60730A4A66673047777F5728467D401

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\6C5ADB75C34456D42B338232391207FF

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\A5CCAAC40F5B69B47777ACF82566467C

Found and removed: SOFTWARE\Classes\Interface\{5852F5EC-8BF4-11D4-A245-0080C6F74284}

Found and removed: SOFTWARE\Classes\MIME\Database\Content Type\application/java-deployment-toolkit

Found and removed: SOFTWARE\Classes\MIME\Database\Content Type\application/x-java-applet

Found and removed: SOFTWARE\Classes\MIME\Database\Content Type\application/x-java-jnlp-file

Found and removed: SOFTWARE\Classes\TypeLib\{5852F5E0-8BF4-11D4-A245-0080C6F74284}

Found and removed: SOFTWARE\Classes\.jar

Found and removed: SOFTWARE\Classes\.jnlp

Found and removed: SOFTWARE\Classes\jarfile

Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled

Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.7.0.0

Found and removed: SOFTWARE\Classes\JNLPFile

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\javaws.exe

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}

Found and removed: SOFTWARE\JavaSoft

Found and removed: SOFTWARE\JreMetrics

Found and removed: SOFTWARE\MozillaPlugins

------------------------------------

Finished reporting.

 

 

combofix.txt

Link to post
Share on other sites

  • Root Admin

Thanks for those logs.  Please go ahead and run through the following steps and post back the logs when ready.

STEP 03
Please download Malwarebytes Anti-Rootkit from here

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

STEP 04
Please download Junkware Removal Tool to your desktop.
  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus



STEP 05
Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.



STEP 06
button_eos.gif

Please go here to run the online antivirus scannner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology

    [*]Click Scan [*]Wait for the scan to finish [*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.



STEP 07
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.


 

Link to post
Share on other sites

Ok when I unzipped mbar folder my computer immediately threw a blue screen of death and shut down. When I restarted it, after the login screen it sat at a black screen for a good 2-3 minutes before the desktop came up (which is unusual). After everything loaded I opened the unzipped folder and then ran the mbar.exe file. Immediately upon clicking on it though my computer threw another blue screen of death and shut down. Not sure what's causing that...I havent had any BSoDs on this computer in quite some time.

Link to post
Share on other sites

STEP 03

 

- skipped due to blue screen of death -

 

STEP 04

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.3 (09.27.2013:1)
OS: Windows 7 Home Premium x64
Ran by James on Thu 10/03/2013 at 12:58:34.01
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\tbcommonutils.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\tbhelper.exe
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1663C10B-0D55-438D-8496-19A3DBAEC0E4}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitsearchscopes
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\updater by sweetpacks
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\applications\ilividsetupv1.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\comobject.deskbarenabler.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\tbcommonutils.commonutils
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\tbcommonutils.commonutils.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\tbhelper.tbdownloadmanager
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\tbhelper.tbdownloadmanager.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\tbhelper.tbpropertymanager
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\tbhelper.tbpropertymanager.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\tbhelper.tbrequest
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\tbhelper.tbrequest.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\tbhelper.tbtask
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\tbhelper.tbtask.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\tbhelper.toolbarhelper
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\tbhelper.toolbarhelper.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolbar3.contextmenunotifier
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolbar3.contextmenunotifier.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolbar3.custominternetsecurityimpl
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolbar3.custominternetsecurityimpl.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolbar3.searchprovidermanager
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolbar3.searchprovidermanager.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\urlsearchhook.toolbarurlsearchhook
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\urlsearchhook.toolbarurlsearchhook.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\conduitinstaller_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\conduitinstaller_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ilividsetupv1_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ilividsetupv1_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\searchqumediabar_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\searchqumediabar_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\setupdatamngr_searchqu_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\setupdatamngr_searchqu_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{dd85d6bf-4787-4a93-99a5-3f0cf0ae8834}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT2304157
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askChecker_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askChecker_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\PricePeepInstaller-IronSource_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\PricePeepInstaller-IronSource_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_windows-movie-maker_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_windows-movie-maker_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\askChecker_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\askChecker_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\PricePeepInstaller-IronSource_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\PricePeepInstaller-IronSource_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_windows-movie-maker_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_windows-movie-maker_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}

 

~~~ Files

Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npcouponprinter.dll"
Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npmozcouponprinter.dll"

 

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\Users\James\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\James\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\James\appdata\locallow\datamngr"
Successfully deleted: [Folder] "C:\Users\James\appdata\locallow\somototoolbar"
Successfully deleted: [Folder] "C:\Users\James\appdata\locallow\sweetim"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"
Successfully deleted: [Folder] "C:\Program Files (x86)\free youtube downloader"
Successfully deleted: [Folder] "C:\Program Files (x86)\somototoolbar"
Successfully deleted: [Folder] "C:\Program Files (x86)\sweetim"
Successfully deleted: [Folder] "C:\Program Files (x86)\Common Files\wondershare"
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{008E6E04-5371-46AF-926C-E1B5CC8663CB}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{07D3419F-51AD-437C-9385-D9287346653C}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{1A9747FF-8F2B-4FEE-A28C-A9BFE2DDCE82}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{1F91DBCA-0A4B-4F28-8FF8-37EC9EF4A013}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{1FBB5EFE-B59D-4BCA-AD96-EF45C42BCA79}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{232235E7-5B82-4F3B-9CA8-EECB5254B80B}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{258D5485-582D-42BE-A4D2-DF0471F5E243}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{2EC9C73F-5054-4BB8-B14F-BE7215D5D73B}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{30BA6402-D473-4BD7-9BA3-8DA2BE465137}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{390CAE21-9E5F-4FBE-8B51-646BDD826615}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{4928ACAF-E717-4133-919E-5DBDB0E8815A}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{4D3A8A65-5396-4E7B-A3B4-25B05DB8EA66}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{57957991-71E6-4877-A10D-B756DE102C39}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{5C1150E8-5CE6-4AF3-A57C-457CAC2F9F3F}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{5F8EA4B7-8F17-47F8-9DD1-AD5A3349065D}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{783EBCFE-2440-4A31-BDB1-DF14FF1965D8}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{7C112C22-9FBA-4CEA-91C6-F835AF43BF59}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{85FCBFC6-9FA7-474A-8336-43747A970621}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{8D7FDE13-388A-406C-9A82-1349D3554EB3}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{9672D48D-B77C-4174-8DFA-DAA1C0693016}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{9A89935E-F3C8-4F3D-B491-BB88D017B514}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{9BC7646C-3BC6-4DD0-B194-5305B6FB1722}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{A1B51A35-74BE-48DC-85F7-B5272D034C13}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{A92CE0B3-489D-4022-BEDA-C89BC572511D}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{AD3EA5FE-CBBC-4F33-A382-808F252E3400}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{B0559119-6632-40EA-826D-974592510912}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{B3EF93C8-6709-448F-9EF8-9B6072BB82FD}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{BFAE9EFA-654F-49A5-BC4D-8F3E21A13783}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{C755F6FD-F53B-4054-960A-771076AA9730}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{D4EB7628-80A2-4881-AB3F-C6CAC05E6CE5}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{DA9C893B-0F88-47F3-B687-5E7D3E4E7022}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{DC044F9B-11F0-47A9-AC72-2CEB4ADF6435}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{E2F20E05-C1DC-43F0-B8CF-5855E5EC0577}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{F117CB5E-8EB0-4552-8049-05BFA61F9077}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{FCC1E0BD-E02B-473D-A097-7462FC4811EB}
Successfully deleted: [Empty Folder] C:\Users\James\appdata\local\{FCFA949C-1AB2-4A3C-9465-AC141C3969D6}

 

~~~ FireFox

Failed to delete: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\search_results.xml"
Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\search_results.xml"
Successfully deleted: [File] C:\Users\James\AppData\Roaming\mozilla\firefox\profiles\72zwrn9e.default\user.js
Successfully deleted: [File] C:\Users\James\AppData\Roaming\mozilla\firefox\profiles\72zwrn9e.default\extensions\{eee6c361-6118-11dc-9c72-001320c79847}.xpi
Successfully deleted: [File] C:\Users\James\AppData\Roaming\mozilla\firefox\profiles\72zwrn9e.default\searchplugins\search_results.xml
Successfully deleted: [File] C:\Users\James\AppData\Roaming\mozilla\firefox\profiles\72zwrn9e.default\searchplugins\sweetim.xml
Successfully deleted: [Folder] C:\Users\James\AppData\Roaming\mozilla\firefox\profiles\72zwrn9e.default\conduitcommon
Successfully deleted: [Folder] C:\Users\James\AppData\Roaming\mozilla\firefox\profiles\72zwrn9e.default\sweetpackstoolbardata
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\lesstabs@lesstabs.com
Successfully deleted the following from C:\Users\James\AppData\Roaming\mozilla\firefox\profiles\72zwrn9e.default\prefs.js






user_pref("CT2304157.InstallationType", "ConduitXPEIntegration");

user_pref("CT2304157.SearchCaption", "XfireXO Customized Web Search");
user_pref("CT2304157.SearchEngineBeforeUnload", "XfireXO Customized Web Search");





user_pref("CT2304157.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com
user_pref("CT2304157.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlP



user_pref("CommunityToolbar.ConduitSearchList", "XfireXO Customized Web Search");



















user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\James\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\72zwrn9e.default\\conduitCommon\\modules\\3.19.0.3");
user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.19.0.3");

user_pref("CommunityToolbar.ToolbarsList", "CT2304157");
user_pref("CommunityToolbar.ToolbarsList2", "CT2304157");
user_pref("CommunityToolbar.ToolbarsList4", "CT2304157");
user_pref("CommunityToolbar.globalUserId", "5903f409-b0f4-4a15-b746-5e1cbbf1e041");
user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2304157");
user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Tue Sep 24 2013 21:14:21 GMT-0500 (Central Standard Time)");
user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Tue Sep 24 2013 21:14:28 GMT-0500 (Central Standard Time)");

user_pref("CommunityToolbar.notifications.locale", "en");
user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Tue Sep 24 2013 21:14:20 GMT-0500 (Central Standard Time)");
user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);

user_pref("CommunityToolbar.notifications.showTrayIcon", false);
user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
user_pref("CommunityToolbar.notifications.userId", "9fb48dfc-eb84-429c-9be1-ff1957db3fdf");
user_pref("CommunityToolbar.originalHomepage", "about:blank");
user_pref("CommunityToolbar.originalSearchEngine", "Search The Web");
user_pref("CommunityToolbar.twitter.user_21817319.LastCheckTime", "Thu Apr 25 2013 21:47:04 GMT-0500 (Central Daylight Time)");
user_pref("browser.search.defaultthis.engineName", "XfireXO Customized Web Search");
user_pref("browser.search.order.1", "Search Results");
user_pref("browser.search.selectedEngine", "Web Search");

user_pref("extensions.sahtb.searchEngineNameCurrent", "Web Search");
user_pref("extensions.sahtb.searchEngineNameSAH", "Web Search");
user_pref("extensions.sahtb.url.merchants.data", "<?xml version=\"1.0\" ?><MerchantSettings><v n=\"436\" /><GlobalSuppresses><s u=\".cab\" g=\"13\" i=\"1342\" /><s u=\".eot\"


user_pref("sweetim.toolbar.RevertDialog.enable", "false");
user_pref("sweetim.toolbar.SearchBoxLogo", "bing.png");
user_pref("sweetim.toolbar.SearchBoxText", "Search with Bing");
user_pref("sweetim.toolbar.UserSelectedSaveSettings", "true");
user_pref("sweetim.toolbar.Visibility.VisibilityGuardLastUnHide", "0");
user_pref("sweetim.toolbar.Visibility.enable", "true");
user_pref("sweetim.toolbar.Visibility.intervaldays", "7");
user_pref("sweetim.toolbar.cargo", "3.5000006.10045");
user_pref("sweetim.toolbar.cda.DisableOveride.enable", "false");
user_pref("sweetim.toolbar.cda.HideOveride.enable", "false");
user_pref("sweetim.toolbar.cda.RemoveOveride.enable", "false");
user_pref("sweetim.toolbar.defaultProvider", "bng");
user_pref("sweetim.toolbar.dialogs.0.enable", "true");

user_pref("sweetim.toolbar.dialogs.0.height", "335");
user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog");
user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;");

user_pref("sweetim.toolbar.dialogs.0.width", "761");
user_pref("sweetim.toolbar.dialogs.1.enable", "true");

user_pref("sweetim.toolbar.dialogs.1.height", "300");
user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog");
user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog");

user_pref("sweetim.toolbar.dialogs.1.width", "500");
user_pref("sweetim.toolbar.dialogs.2.enable", "true");

user_pref("sweetim.toolbar.dialogs.2.height", "150");
user_pref("sweetim.toolbar.dialogs.2.id", "id_dialog_hide_disable_remove");
user_pref("sweetim.toolbar.dialogs.2.title", "Option Dialog");

user_pref("sweetim.toolbar.dialogs.2.width", "530");
user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*|.*.facebook.com/.*|.*.google.com/.*|.*.google.co.in/.*|.*.google.com.br/.*|.*.google.es/.*|.*.youtube
user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
user_pref("sweetim.toolbar.keywordUrlGuard.enable", "false");
user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
user_pref("sweetim.toolbar.mode.debug", "false");
user_pref("sweetim.toolbar.newtab.created", "true");
user_pref("sweetim.toolbar.newtab.enable", "true");

user_pref("sweetim.toolbar.previous.browser.newtab.url", "about:newtab");
user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "Search Results");

user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "Google");

user_pref("sweetim.toolbar.previous.keyword.URL", "");

user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true");
user_pref("sweetim.toolbar.scripts.0.callback", "simVerification");
user_pref("sweetim.toolbar.scripts.0.domain-blacklist", "");
www.|apps.)?facebook\\.com.*");
user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb");
user_pref("sweetim.toolbar.scripts.0.enable", "false");
user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb");

user_pref("sweetim.toolbar.scripts.1.addcontextdiv", "true");
user_pref("sweetim.toolbar.scripts.1.callback", "simVerification");
user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
www.|apps.)?facebook\\.com.*");
user_pref("sweetim.toolbar.scripts.1.elementid", "id_script_sim_fb");
user_pref("sweetim.toolbar.scripts.1.enable", "false");
user_pref("sweetim.toolbar.scripts.1.id", "id_script_fb_hxxpS");

user_pref("sweetim.toolbar.scripts.2.addcontextdiv", "false");
user_pref("sweetim.toolbar.scripts.2.callback", "");
user_pref("sweetim.toolbar.scripts.2.domain-blacklist", ".*.google..*|.*.bing..*|.*.live..*|.*.msn..*|.*.yahoo..*|.*.youtube.com.*|.*ask.com.*|.*.sweetim.com.*");
user_pref("sweetim.toolbar.scripts.2.domain-whitelist", "");
user_pref("sweetim.toolbar.scripts.2.elementid", "id_predict_include_script");
user_pref("sweetim.toolbar.scripts.2.enable", "false");
user_pref("sweetim.toolbar.scripts.2.id", "id_script_prad");


user_pref("sweetim.toolbar.search.history.capacity", "10");
user_pref("sweetim.toolbar.searchguard.enable", "false");
user_pref("sweetim.toolbar.searchguard.initialized_by_rc", "true");
user_pref("sweetim.toolbar.simapp_id", "{B0B57689-B656-11E2-92BB-002564DF34D9}");






user_pref("sweetim.toolbar.version", "1.13.0.1");
Emptied folder: C:\Users\James\AppData\Roaming\mozilla\firefox\profiles\72zwrn9e.default\minidumps [10 files]

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 10/03/2013 at 13:02:46.80
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

STEP 05

 

# AdwCleaner v3.006 - Report created 03/10/2013 at 13:05:01
# Updated 01/10/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : James - JAMES-PC
# Running from : C:\Users\James\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

File Found : C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\72zwrn9e.default\searchplugins\web-search.xml
Folder Found : C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\72zwrn9e.default\Extensions\{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3}
Folder Found : C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\72zwrn9e.default\Extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
Folder Found : C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\72zwrn9e.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Folder Found C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\72zwrn9e.default\CT2304157

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Somoto Toolbar
Key Found : [x64] HKCU\Software\Somoto Toolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Found : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Found : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Found : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Found : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Found : [x64] HKLM\SOFTWARE\Description
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16686

-\\ Mozilla Firefox v22.0 (en-US)

[ File : C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\72zwrn9e.default\prefs.js ]

Line Found : user_pref("CT2304157..clientLogIsEnabled", true);
Line Found : user_pref("CT2304157.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Line Found : user_pref("CT2304157.AppTrackingLastCheckTime", "Mon Aug 20 2012 01:05:11 GMT-0500 (Central Daylight Time)");

Line Found : user_pref("CT2304157.CTID", "CT2304157");
Line Found : user_pref("CT2304157.ConfigurationLastCheckTime", "Sat Sep 28 2013 16:22:09 GMT-0500 (Central Standard Time)");
Line Found : user_pref("CT2304157.CurrentServerDate", "29-9-2013");
Line Found : user_pref("CT2304157.DSChangedManually", false);
Line Found : user_pref("CT2304157.DSInstall", true);
Line Found : user_pref("CT2304157.DSProtectChoice", true);
Line Found : user_pref("CT2304157.DSProtectCount", 1);
Line Found : user_pref("CT2304157.DialogsAlignMode", "LTR");
Line Found : user_pref("CT2304157.DialogsGetterLastCheckTime", "Tue Sep 24 2013 21:14:20 GMT-0500 (Central Standard Time)");
Line Found : user_pref("CT2304157.DownloadReferralCookieData", "");
Line Found : user_pref("CT2304157.FeedLastCount129078895246717929", 50);
Line Found : user_pref("CT2304157.FeedLastCount129095439763593837", 0);
Line Found : user_pref("CT2304157.FeedPollDate129078895250311712", "Thu Apr 25 2013 21:47:02 GMT-0500 (Central Daylight Time)");
Line Found : user_pref("CT2304157.FeedPollDate129095439763593837", "Thu Apr 25 2013 21:47:02 GMT-0500 (Central Daylight Time)");
Line Found : user_pref("CT2304157.FeedPollDate129604942912022444", "Thu Apr 25 2013 21:47:02 GMT-0500 (Central Daylight Time)");
Line Found : user_pref("CT2304157.FeedTTL129078895250311712", 40);
Line Found : user_pref("CT2304157.FirstServerDate", "29-2-2012");
Line Found : user_pref("CT2304157.FirstTime", true);
Line Found : user_pref("CT2304157.FirstTimeFF3", true);
Line Found : user_pref("CT2304157.FixPageNotFoundErrors", true);
Line Found : user_pref("CT2304157.GroupingServerCheckInterval", 1440);
Line Found : user_pref("CT2304157.HPChangedManually", true);
Line Found : user_pref("CT2304157.HPInstall", true);
Line Found : user_pref("CT2304157.HPProtectChoice", true);
Line Found : user_pref("CT2304157.HPProtectCount", 1);
Line Found : user_pref("CT2304157.HasUserGlobalKeys", true);
Line Found : user_pref("CT2304157.HomePageProtectorEnabled", false);
Line Found : user_pref("CT2304157.Initialize", true);
Line Found : user_pref("CT2304157.InitializeCommonPrefs", true);
Line Found : user_pref("CT2304157.InstallationAndCookieDataSentCount", 3);
Line Found : user_pref("CT2304157.InstallationId", "xfcore");
Line Found : user_pref("CT2304157.InstalledDate", "Tue Feb 28 2012 21:28:28 GMT-0600 (Central Standard Time)");
Line Found : user_pref("CT2304157.IsAlertDBUpdated", true);
Line Found : user_pref("CT2304157.IsGrouping", false);
Line Found : user_pref("CT2304157.IsInitSetupIni", true);
Line Found : user_pref("CT2304157.IsMulticommunity", false);
Line Found : user_pref("CT2304157.IsOpenThankYouPage", false);
Line Found : user_pref("CT2304157.IsOpenUninstallPage", true);
Line Found : user_pref("CT2304157.IsProtectorsInit", true);
Line Found : user_pref("CT2304157.LanguagePackLastCheckTime", "Sat Sep 28 2013 16:22:13 GMT-0500 (Central Standard Time)");
Line Found : user_pref("CT2304157.LanguagePackReloadIntervalMM", 1440);
Line Found : user_pref("CT2304157.LastLogin_3.15.1.0", "Thu Apr 25 2013 21:47:02 GMT-0500 (Central Daylight Time)");
Line Found : user_pref("CT2304157.LastLogin_3.18.0.7", "Wed Jul 17 2013 12:18:59 GMT-0500 (Central Standard Time)");
Line Found : user_pref("CT2304157.LastLogin_3.19.0.3", "Tue Sep 24 2013 21:14:44 GMT-0500 (Central Standard Time)");
Line Found : user_pref("CT2304157.LastLogin_3.20.0.4", "Sat Sep 28 2013 16:22:13 GMT-0500 (Central Standard Time)");
Line Found : user_pref("CT2304157.LastLogin_3.9.0.3", "Sat Aug 25 2012 16:36:37 GMT-0500 (Central Daylight Time)");
Line Found : user_pref("CT2304157.LatestVersion", "3.20.0.4");
Line Found : user_pref("CT2304157.Locale", "en");
Line Found : user_pref("CT2304157.MCDetectTooltipHeight", "83");

Line Found : user_pref("CT2304157.MCDetectTooltipWidth", "295");
Line Found : user_pref("CT2304157.MyStuffEnabledAtInstallation", true);
Line Found : user_pref("CT2304157.OriginalFirstVersion", "3.9.0.3");
Line Found : user_pref("CT2304157.SavedHomepage", "about:blank");
Line Found : user_pref("CT2304157.SearchAPILastCheckTime", "Sat Sep 28 2013 16:22:13 GMT-0500 (Central Standard Time)");
Line Found : user_pref("CT2304157.SearchFromAddressBarIsInit", true);
Line Found : user_pref("CT2304157.SearchInNewTabEnabled", true);
Line Found : user_pref("CT2304157.SearchInNewTabIntervalMM", 1440);
Line Found : user_pref("CT2304157.SearchInNewTabLastCheckTime", "Tue Sep 24 2013 21:14:17 GMT-0500 (Central Standard Time)");
Line Found : user_pref("CT2304157.SearchProtectorEnabled", false);
Line Found : user_pref("CT2304157.SearchProtectorToolbarDisabled", false);
Line Found : user_pref("CT2304157.SendProtectorDataViaLogin", true);
Line Found : user_pref("CT2304157.ServiceMapLastCheckTime", "Sat Sep 28 2013 16:22:12 GMT-0500 (Central Standard Time)");
Line Found : user_pref("CT2304157.SettingsLastCheckTime", "Sat Sep 28 2013 16:22:08 GMT-0500 (Central Standard Time)");
Line Found : user_pref("CT2304157.SettingsLastUpdate", "1380352915");
Line Found : user_pref("CT2304157.ThirdPartyComponentsInterval", 504);
Line Found : user_pref("CT2304157.ThirdPartyComponentsLastCheck", "Tue Sep 24 2013 21:14:16 GMT-0500 (Central Standard Time)");
Line Found : user_pref("CT2304157.ThirdPartyComponentsLastUpdate", "1331805997");
Line Found : user_pref("CT2304157.ToolbarShrinkedFromSetup", false);
Line Found : user_pref("CT2304157.UserID", "UN33047129861186086");
Line Found : user_pref("CT2304157.ValidationData_Search", 1);
Line Found : user_pref("CT2304157.ValidationData_Toolbar", 0);
Line Found : user_pref("CT2304157.alertChannelId", "700614");
Line Found : user_pref("CT2304157.backendstorage.2304157a129604967990223179000000paramsgk2", "7B2275706461746552657154696D65223A313336323238303131363430312C227570646174655265737054696D65223A31333632323830313136393[...]
Line Found : user_pref("CT2304157.countryCode", "US");

Line Found : user_pref("CT2304157.globalFirstTimeInfoLastCheckTime", "Tue Sep 24 2013 21:14:20 GMT-0500 (Central Standard Time)");
Line Found : user_pref("CT2304157.homepageProtectorEnableByLogin", true);
Line Found : user_pref("CT2304157.initDone", true);
Line Found : user_pref("CT2304157.isAppTrackingManagerOn", false);
Line Found : user_pref("CT2304157.myStuffEnabled", true);
Line Found : user_pref("CT2304157.myStuffPublihserMinWidth", 400);
Line Found : user_pref("CT2304157.myStuffServiceIntervalMM", 1440);
Line Found : user_pref("CT2304157.oldAppsList", "128883653123969059,128883653123969060,111,128883659132094175,129605088190464378,129604976926455284,129604961880467453,129604111228560478,129605074722423533,12909543[...]
Line Found : user_pref("CT2304157.revertSettingsEnabled", true);
Line Found : user_pref("CT2304157.searchProtectorDialogDelayInSec", 10);
Line Found : user_pref("CT2304157.searchProtectorEnableByLogin", true);
Line Found : user_pref("CT2304157.testingCtid", "");
Line Found : user_pref("CT2304157.toolbarAppMetaDataLastCheckTime", "Sat Sep 28 2013 16:22:13 GMT-0500 (Central Standard Time)");
Line Found : user_pref("CT2304157.toolbarContextMenuLastCheckTime", "Tue Sep 24 2013 21:14:20 GMT-0500 (Central Standard Time)");
Line Found : user_pref("CT2304157.usagesFlag", 2);











Line Found : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\James\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\72zwrn9e.default\\conduitCommon\\modules\\3.19.0.3");

www.|apps.)?facebook\\.com.*");
www.|apps.)?facebook\\.com.*");

-\\ Google Chrome v

[ File : C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found : homepage
Found : search_url
Found : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [16716 octets] - [03/10/2013 13:05:01]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [16777 octets] ##########

 

 

STEP 06

 

C:\Users\James\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\393d04e9-3323485a Java/Exploit.Agent.NVX trojan
C:\Users\James\Downloads\OrbitDownloaderSetup.exe Win32/OpenCandy application

 

 

STEP 07

 

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by James (administrator) on JAMES-PC on 03-10-2013 15:07:38
Running from C:\Users\James\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Apache Software Foundation) C:\Apache\bin\httpd.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CrashPlan) C:\Program Files\CrashPlan\CrashPlanService.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe
(Apache Software Foundation) C:\Apache\bin\httpd.exe
(Microsoft Corporation) c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSAS10.MSSQLSERVER\OLAP\bin\msmdsrv.exe
() C:\MYSQL\bin\mysqld.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSRS10.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe
(Microsoft Corporation) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdhost.exe
(Akamai Technologies, Inc.) C:\Users\James\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\James\AppData\Local\Akamai\netsession_win.exe
(Alcor Micro Corp.) C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
() C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(ShopAtHome.com) C:\Users\James\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe
(ShopAtHome.com) C:\Users\James\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeUpdater.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Macrovision Europe Ltd.) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
() C:\Program Files (x86)\CMS Peripherals\BounceBack Express\BBLauncher.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
(Code 42 Software, Inc.) C:\Program Files\CrashPlan\CrashPlanTray.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
(ShopAtHome.com) C:\Users\James\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelper.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe

==================== Registry (Whitelisted) ==================

HKCU\...\Run: [Messenger (Yahoo!)] - C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKCU\...\Run: [DAEMON Tools Pro Agent] - C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [427328 2010-04-15] (DT Soft Ltd)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\James\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [sUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6581488 2013-08-19] (SUPERAntiSpyware)
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-08-28] (Google Inc.)
HKLM-x32\...\Run: [shwiconXP9106] - C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2009-07-17] (Alcor Micro Corp.)
HKLM-x32\...\Run: [VolPanel] - C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe [237693 2009-02-03] (Creative Technology Ltd)
HKLM-x32\...\Run: [sPIRunE] - C:\Windows\\SysWOW64\SPIRunE.dll [18432 2009-07-27] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Dell DataSafe Online] - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe [1779952 2009-07-07] ()
HKLM-x32\...\Run: [PDVDDXSrv] - C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-06-24] (CyberLink Corp.)
HKLM-x32\...\Run: [AppleSyncNotifier] - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [58656 2011-04-20] (Apple Inc.)
HKLM-x32\...\Run: [bounceBack Setup] - "C:\Program Files (x86)\CMS Peripherals\BounceBack Express\AppLaunch.exe" /Launchit
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2009-12-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [948672 2009-12-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [620152 2006-10-22] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Adobe_ID0EYTHM] - C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe [1884160 2007-03-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] - C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [1666560 2012-02-20] (AimerSoft)
HKLM-x32\...\Run: [EaseUS EPM tray] - C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.1 Home Edition\bin\EpmNews.exe [2086984 2012-11-29] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [shopAtHomeWatcher] - C:\Users\James\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe [140944 2013-08-20] (ShopAtHome.com)
HKLM-x32\...\Run: [shopAtHomeUpdater] - C:\Users\James\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeUpdater.exe [179856 2013-08-20] (ShopAtHome.com)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&appid=363&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll (Adobe Systems Incorporated.)
Toolbar: HKLM-x32 -  No Name - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -  No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - ShopAtHome.com Toolbar - {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - C:\Users\James\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll (ShopAtHome.com)
Toolbar: HKCU -  No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKCU -  No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU -  No Name - {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} -  No File
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {50647AB5-18FD-4142-82B0-5852478DD0D5} http://webeffective.keynote.com/applications/pconnector/download/ConnectorLauncher.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab
Winsock: Catalog5 03 %SystemRoot%\System32\mswsock.dll [232448] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 04 %SystemRoot%\System32\nwprovau.dll File Not found ()
Winsock: Catalog9 25 %SystemRoot%\system32\rsvpsp.dll File Not found ()
Winsock: Catalog9 26 %SystemRoot%\system32\rsvpsp.dll File Not found ()
Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [326144] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\72zwrn9e.default
FF NewTab: about:blank
FF DefaultSearchEngine: Bing
FF NetworkProxy: "no_proxies_on", "*.local"
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\James\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\James\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: vitzo.com/VDownloader - C:\Program Files (x86)\VDownloader\Addons\npVDownloader.dll No File
FF SearchPlugin: C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\72zwrn9e.default\searchplugins\web-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\answers.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\creativecommons.xml
FF Extension: No Name - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\72zwrn9e.default\Extensions\accessext@cita.uiuc.edu
FF Extension: Cache Status - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\72zwrn9e.default\Extensions\cache@status.org
FF Extension: CodeBurner for Firebug - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\72zwrn9e.default\Extensions\firebug@tools.sitepoint.com
FF Extension: FireRainbow - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\72zwrn9e.default\Extensions\firerainbow@hildebrand.cz
FF Extension: Font Finder - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\72zwrn9e.default\Extensions\fontfinder@bendodson.com
FF Extension: Pixel Perfect - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\72zwrn9e.default\Extensions\pixelperfectplugin@openhouseconcepts.com
FF Extension: ShopAtHome.com Toolbar - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\72zwrn9e.default\Extensions\toolbar@shopathome.com
FF Extension: MacOSX Theme - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\72zwrn9e.default\Extensions\{00352F14-3F76-4e4d-ACFF-9972D7E4B3B9}
FF Extension: No Name - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\72zwrn9e.default\Extensions\{21D01944-2878-4eb3-A72A-83E8D1E6D4A6}
FF Extension: Juicy Studio Colour Contrast Analyser - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\72zwrn9e.default\Extensions\{34c51bf3-5fb2-4799-8cca-d5b8567cf7ef}
FF Extension: BrowseToolE0170 Community Toolbar - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\72zwrn9e.default\Extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
FF Extension: Yahoo! Toolbar - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\72zwrn9e.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF Extension: CacheViewer - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\72zwrn9e.default\Extensions\{71328583-3CA7-4809-B4BA-570A85818FBB}
FF Extension: Somoto Toolbar - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\72zwrn9e.default\Extensions\{c3721e85-f0ac-4b7e-ae4c-3e738011dc9d}
FF Extension: firebug - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\72zwrn9e.default\Extensions\firebug@software.joehewitt.com.xpi
FF Extension: FirePHPExtension-Build - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\72zwrn9e.default\Extensions\FirePHPExtension-Build@firephp.org.xpi
FF Extension: yslow - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\72zwrn9e.default\Extensions\yslow@yahoo-inc.com.xpi
FF Extension: No Name - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\72zwrn9e.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi
FF HKLM\...\Firefox\Extensions: [{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}] - C:\Program Files\Updater By SweetPacks\Firefox
FF HKLM-x32\...\Firefox\Extensions: [support@vdownloader.com] - C:\Program Files (x86)\VDownloader\Addons\FireFox
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome:
=======


CHR DefaultSearchURL: (Bing) - http://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10045&barid={B0B57689-B656-11E2-92BB-002564DF34D9}
CHR DefaultSuggestURL: (Bing) -       "suggest_url": ""
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\James\AppData\Local\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\James\AppData\Local\Google\Chrome\Application\29.0.1547.76\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\James\AppData\Local\Google\Chrome\Application\29.0.1547.76\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.300.12) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java Platform SE 6 U30) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll (Catalina Marketing Corporation)
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll No File
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (VDownloader) - C:\Program Files (x86)\VDownloader\Addons\npVDownloader.dll No File
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll No File
CHR Extension: (LessTabs) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekmkdkefndbeciggfanobcemjnppbbb\1.7.0.0_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR HKLM-x32\...\Chrome\Extension: [bmbpbcpokffodhpcdjaoopolhdlbconi] - C:\Users\James\AppData\Local\Temp\ccex.crx
CHR HKLM-x32\...\Chrome\Extension: [cekmkdkefndbeciggfanobcemjnppbbb] - C:\Program Files (x86)\LessTabs\Chrome\cekmkdkefndbeciggfanobcemjnppbbb.crx
CHR HKLM-x32\...\Chrome\Extension: [eoccbpoodnckjdnackiffhjfkogfhnhh] - C:\Program Files (x86)\VDownloader\Addons\Chrome.crx

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-09-07] (SUPERAntiSpyware.com)
R2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)
R2 Apache2.2; C:\Apache\bin\httpd.exe [24645 2010-07-30] (Apache Software Foundation)
S3 BrowseEmAll Updater Service; C:\Program Files (x86)\BrowseEmAll\BrowseEmAll.Updater.Service.exe [15968 2013-08-01] (BMW Group)
R2 CrashPlanService; C:\Program Files\CrashPlan\CrashPlanService.exe [222720 2012-03-26] (CrashPlan)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2009-09-03] (Alcatel-Lucent)
R2 MsDtsServer100; C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [220112 2012-08-24] (Microsoft Corporation)
R2 MSSQL$SQLEXPRESS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R2 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [58389968 2012-08-24] (Microsoft Corporation)
R2 MSSQLServerOLAPService; C:\Program Files\Microsoft SQL Server\MSAS10.MSSQLSERVER\OLAP\bin\msmdsrv.exe [43801448 2011-09-22] (Microsoft Corporation)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4737024 2008-07-29] (Microsoft Corporation)
R2 MySQL; C:\MYSQL\my.ini [8889 2010-08-22] ()
R2 ReportServer; C:\Program Files\Microsoft SQL Server\MSRS10.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2084712 2011-09-22] (Microsoft Corporation)
R2 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [440784 2012-08-24] (Microsoft Corporation)
R3 MSSQLFDLauncher; "C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe" -s MSSQL10.MSSQLSERVER [x]
S2 SessionLauncher; c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]

==================== Drivers (Whitelisted) ====================

S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [17480 2012-12-21] ()
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [17480 2012-12-21] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9800 2012-12-21] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9800 2012-12-21] ()
R2 Freedom Scientific Kernel Manager {D2B4C7A7-7605-4039-89E4-DE5CC69BBE9D}; C:\Windows\system32\fsKMgr.dll [23584 2010-04-13] (Freedom Scientific BLV Group, LLC.)
R3 fsvidmir; C:\Windows\System32\DRIVERS\fsvidmir.sys [10784 2010-04-13] (Microsoft Corporation)
S3 hitmanpro36; C:\Windows\system32\drivers\hitmanpro36.sys [30496 2012-07-22] ()
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [92376 2013-10-03] (MalwareBytes)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [92376 2013-10-03] (MalwareBytes)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 MREMP50; C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [21248 2009-09-03] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MREMP50; C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [21248 2009-09-03] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MREMP50a64; C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [43008 2009-09-03] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [20096 2009-09-03] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [20096 2009-09-03] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50a64; C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [40960 2009-09-03] (Printing Communications Assoc., Inc. (PCAUSA))
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2008-07-11] (SafeNet, Inc.)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [828912 2010-07-01] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S1 RxFilter; system32\DRIVERS\RxFilter.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-10-03 15:07 - 2013-10-03 15:07 - 01954124 _____ (Farbar) C:\Users\James\Desktop\FRST64.exe
2013-10-03 15:07 - 2013-10-03 15:07 - 00000000 ____D C:\FRST
2013-10-03 15:06 - 2013-10-03 15:06 - 00000193 _____ C:\Users\James\Desktop\eset.txt
2013-10-03 13:22 - 2013-10-03 13:22 - 00000000 ____D C:\Program Files (x86)\ESET
2013-10-03 13:20 - 2013-10-03 13:20 - 00016934 _____ C:\Users\James\Desktop\AdwCleaner.txt
2013-10-03 13:04 - 2013-10-03 13:05 - 00000000 ____D C:\AdwCleaner
2013-10-03 13:04 - 2013-10-03 13:04 - 01045226 _____ C:\Users\James\Desktop\AdwCleaner.exe
2013-10-03 13:02 - 2013-10-03 13:02 - 00030567 _____ C:\Users\James\Desktop\JRT.txt
2013-10-03 12:58 - 2013-10-03 12:58 - 01030305 _____ (Thisisu) C:\Users\James\Desktop\JRT.exe
2013-10-03 12:58 - 2013-10-03 12:58 - 00000000 ____D C:\Windows\ERUNT
2013-10-03 12:52 - 2013-10-03 12:53 - 00286000 _____ C:\Windows\Minidump\100313-25599-01.dmp
2013-10-03 12:42 - 2013-10-03 12:42 - 00285184 _____ C:\Windows\Minidump\100313-26379-01.dmp
2013-10-03 12:41 - 2013-10-03 12:41 - 00000000 ____D C:\Users\James\Desktop\mbar
2013-10-03 12:32 - 2013-10-03 12:32 - 00285568 _____ C:\Windows\Minidump\100313-35661-01.dmp
2013-10-03 12:25 - 2013-10-03 12:25 - 00291376 _____ C:\Windows\Minidump\100313-31746-01.dmp
2013-10-03 12:24 - 2013-10-03 12:24 - 00092376 _____ (MalwareBytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-10-03 12:23 - 2013-10-03 12:23 - 12907592 _____ (Malwarebytes Corp.) C:\Users\James\Desktop\mbar-1.07.0.1005.exe
2013-10-03 11:33 - 2013-10-03 11:37 - 00000034 _____ C:\Users\James\Desktop\savings.txt
2013-10-03 10:14 - 2013-10-03 10:14 - 00025843 _____ C:\Users\James\Desktop\combofix.txt
2013-10-03 09:47 - 2013-10-03 09:47 - 00025843 _____ C:\ComboFix.txt
2013-10-03 09:00 - 2013-10-03 09:01 - 05130107 ____R (Swearware) C:\Users\James\Desktop\ComboFix.exe
2013-10-03 09:00 - 2013-10-03 09:00 - 00003024 _____ C:\Users\James\Desktop\JavaRa.log
2013-10-03 08:59 - 2013-10-03 08:59 - 00003024 _____ C:\JavaRa.log
2013-10-03 08:58 - 2013-10-03 08:58 - 00165483 _____ C:\Users\James\Desktop\JavaRa-1.16-28-5-13.zip
2013-10-03 08:58 - 2013-10-03 08:58 - 00000000 ____D C:\Users\James\Desktop\RemoveJava
2013-10-03 00:41 - 2013-10-03 00:41 - 00000212 _____ C:\Users\James\Desktop\Computer Issues - Malware Removal Help - Malwarebytes Forum.url
2013-10-02 23:41 - 2013-10-02 23:41 - 00026563 ____N C:\Users\James\Desktop\dds.txt
2013-10-02 23:41 - 2013-10-02 23:41 - 00022766 ____N C:\Users\James\Desktop\attach.txt
2013-10-02 23:40 - 2013-10-02 23:40 - 00688992 ____R (Swearware) C:\Users\James\Desktop\dds.com
2013-10-02 23:32 - 2013-10-02 23:32 - 00000197 ____N C:\Users\James\Desktop\MyStudyBible.com.url
2013-10-02 10:21 - 2013-10-03 00:48 - 00000149 ____N C:\Users\James\Desktop\wed to do.txt
2013-09-30 15:41 - 2013-09-30 15:41 - 00000194 ____N C:\Users\James\Desktop\Firewheel Bible Fellowship Garland, TX.url
2013-09-28 18:16 - 2013-09-28 18:16 - 00000214 ____N C:\Users\James\Desktop\Introducing solid food  BabyCenter.url
2013-09-28 18:11 - 2013-09-28 18:11 - 00000240 ____N C:\Users\James\Desktop\Foods that can be unsafe for your baby  BabyCenter.url
2013-09-28 09:59 - 2013-09-28 09:59 - 00000306 ____N C:\Users\James\Desktop\It's Your Turn To Thrive.  Discover Infusionsoft.url
2013-09-26 16:54 - 2013-09-26 16:54 - 00000170 ____N C:\Users\James\Desktop\Internet Marketing Houston  SEO Company & Web Design  Zizinya Website Marketing Solutions  Houston TX.url
2013-09-26 11:11 - 2013-09-26 11:11 - 00000189 ____N C:\Users\James\Desktop\Improve your Brain Health - Lumosity.url
2013-09-25 17:31 - 2013-09-25 17:31 - 00000484 ____N C:\Users\James\Desktop\12 Ways To Disappoint Your Design Clients - SitePoint.url
2013-09-20 00:22 - 2013-09-20 00:22 - 03723656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-09-18 09:18 - 2013-09-25 00:37 - 00000550 ____N C:\Users\James\Desktop\wed.txt
2013-09-18 08:50 - 2013-09-18 08:50 - 00000070 ____N C:\Users\James\Documents\BIRTHDAYS.txt
2013-09-17 20:36 - 2013-09-17 20:36 - 00000219 ____N C:\Users\James\Desktop\Developmental milestones Teething  BabyCenter.url
2013-09-17 09:32 - 2013-09-17 09:32 - 00000260 ____N C:\Users\James\Desktop\AutoTweet NG - Joomla! Extensions Directory.url
2013-09-17 09:31 - 2013-09-17 09:31 - 00000260 ____N C:\Users\James\Desktop\JoomShareBar Pro - Joomla! Extensions Directory.url
2013-09-17 09:27 - 2013-09-17 09:27 - 00000202 ____N C:\Users\James\Desktop\Ekklesia 360 - Church and Ministry Websites and CMS.url
2013-09-17 09:26 - 2013-09-17 09:26 - 00000204 ____N C:\Users\James\Desktop\Dallas Northway  The Village Church.url
2013-09-16 12:27 - 2013-09-16 12:27 - 00000218 ____N C:\Users\James\Desktop\Doctor visit worksheet The 4-month checkup  BabyCenter.url
2013-09-12 23:24 - 2013-09-12 23:24 - 00000099 _____ C:\Connector_Info.log
2013-09-12 23:24 - 2013-09-12 23:24 - 00000000 ____D C:\Users\James\AppData\Roaming\Keynote Systems
2013-09-12 04:01 - 2013-08-10 00:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-12 04:01 - 2013-08-10 00:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-12 04:01 - 2013-08-10 00:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-12 04:01 - 2013-08-10 00:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-12 04:01 - 2013-08-10 00:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-12 04:01 - 2013-08-09 22:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-12 04:01 - 2013-08-09 22:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-12 04:01 - 2013-08-09 22:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-12 04:01 - 2013-08-09 22:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-12 04:01 - 2013-08-09 22:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-12 04:01 - 2013-08-09 22:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-12 04:01 - 2013-08-09 22:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-12 04:01 - 2013-08-09 21:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-12 04:01 - 2013-08-09 21:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-12 04:00 - 2013-08-10 00:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-12 04:00 - 2013-08-10 00:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-12 04:00 - 2013-08-10 00:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-12 04:00 - 2013-08-10 00:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-12 04:00 - 2013-08-10 00:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-12 04:00 - 2013-08-10 00:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-12 04:00 - 2013-08-10 00:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-12 04:00 - 2013-08-10 00:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-12 04:00 - 2013-08-10 00:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-12 04:00 - 2013-08-09 22:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-12 04:00 - 2013-08-09 22:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-12 04:00 - 2013-08-09 22:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-12 04:00 - 2013-08-09 22:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-12 04:00 - 2013-08-09 22:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-12 04:00 - 2013-08-09 22:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-12 04:00 - 2013-08-09 22:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-12 04:00 - 2013-08-09 22:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-11 15:06 - 2013-09-11 15:06 - 00000116 _____ C:\Users\Public\Documents\SAH_Install.ini
2013-09-11 15:06 - 2013-09-11 15:06 - 00000000 ____D C:\Users\James\AppData\Roaming\ShopAtHome
2013-09-11 13:56 - 2013-09-11 13:56 - 00000210 ____N C:\Users\James\Desktop\AT&T Trade-in Program - Get an AT&T promotion card when you trade in your cell phone.url
2013-09-11 09:03 - 2013-08-07 20:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-11 09:03 - 2013-08-04 21:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-11 09:03 - 2013-08-01 21:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-11 09:03 - 2013-08-01 21:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-11 09:03 - 2013-08-01 21:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-09-11 09:03 - 2013-08-01 21:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-09-11 09:03 - 2013-08-01 21:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-09-11 09:03 - 2013-08-01 21:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-11 09:03 - 2013-08-01 21:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-09-11 09:03 - 2013-08-01 21:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-11 09:03 - 2013-08-01 21:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-11 09:03 - 2013-08-01 21:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-11 09:03 - 2013-08-01 21:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-11 09:03 - 2013-08-01 21:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 21:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 21:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 21:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 21:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 21:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 21:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 21:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 20:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-11 09:03 - 2013-08-01 20:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-11 09:03 - 2013-08-01 20:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-11 09:03 - 2013-08-01 20:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-11 09:03 - 2013-08-01 20:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-11 09:03 - 2013-08-01 20:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-11 09:03 - 2013-08-01 20:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-11 09:03 - 2013-08-01 20:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 20:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 20:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-11 09:03 - 2013-08-01 19:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-11 09:03 - 2013-08-01 19:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-11 09:03 - 2013-08-01 19:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-11 09:03 - 2013-08-01 19:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-11 09:03 - 2013-08-01 19:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-11 09:03 - 2013-08-01 19:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 19:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 19:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 19:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-11 09:03 - 2013-07-25 21:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-11 09:03 - 2013-07-25 21:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-11 09:03 - 2013-07-25 20:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-11 09:03 - 2013-07-25 20:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-09-11 07:13 - 2013-09-11 07:13 - 00000221 ____N C:\Users\James\Desktop\Ultimate WordPress Theme Builder Plugin deal - MightyDeals.url
2013-09-11 01:27 - 2013-09-11 01:27 - 00000244 ____N C:\Users\James\Desktop\529 plans becoming top savings option - USATODAY.com.url
2013-09-09 22:14 - 2013-09-25 16:16 - 00000000 ____D C:\Users\James\Desktop\Young Adults
2013-09-08 14:50 - 2013-09-15 16:42 - 00000000 ____D C:\Users\James\Documents\RAs
2013-09-08 14:20 - 2013-09-11 15:17 - 00000000 ____D C:\Users\James\Desktop\Coupons
2013-09-07 14:00 - 2013-09-12 23:17 - 00000000 ____D C:\Users\James\Desktop\Surveys

==================== One Month Modified Files and Folders =======

2013-10-03 15:07 - 2013-10-03 15:07 - 01954124 _____ (Farbar) C:\Users\James\Desktop\FRST64.exe
2013-10-03 15:07 - 2013-10-03 15:07 - 00000000 ____D C:\FRST
2013-10-03 15:06 - 2013-10-03 15:06 - 00000193 _____ C:\Users\James\Desktop\eset.txt
2013-10-03 15:00 - 2010-05-02 01:33 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2482222888-3877877194-96238860-1000UA.job
2013-10-03 14:55 - 2009-07-14 00:10 - 01479751 _____ C:\Windows\WindowsUpdate.log
2013-10-03 14:23 - 2010-08-28 23:59 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-03 14:22 - 2012-06-05 14:52 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-03 13:22 - 2013-10-03 13:22 - 00000000 ____D C:\Program Files (x86)\ESET
2013-10-03 13:20 - 2013-10-03 13:20 - 00016934 _____ C:\Users\James\Desktop\AdwCleaner.txt
2013-10-03 13:05 - 2013-10-03 13:04 - 00000000 ____D C:\AdwCleaner
2013-10-03 13:04 - 2013-10-03 13:04 - 01045226 _____ C:\Users\James\Desktop\AdwCleaner.exe
2013-10-03 13:02 - 2013-10-03 13:02 - 00030567 _____ C:\Users\James\Desktop\JRT.txt
2013-10-03 13:02 - 2009-07-13 23:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-03 13:02 - 2009-07-13 23:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-03 12:58 - 2013-10-03 12:58 - 01030305 _____ (Thisisu) C:\Users\James\Desktop\JRT.exe
2013-10-03 12:58 - 2013-10-03 12:58 - 00000000 ____D C:\Windows\ERUNT
2013-10-03 12:54 - 2010-08-28 23:59 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-03 12:53 - 2013-10-03 12:52 - 00286000 _____ C:\Windows\Minidump\100313-25599-01.dmp
2013-10-03 12:53 - 2012-03-11 02:00 - 00010317 _____ C:\Windows\setupact.log
2013-10-03 12:53 - 2009-11-18 12:33 - 00000000 ____D C:\ProgramData\NVIDIA
2013-10-03 12:53 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-03 12:52 - 2010-07-04 10:16 - 00000000 ____D C:\Windows\Minidump
2013-10-03 12:52 - 2010-07-04 10:15 - 656046795 _____ C:\Windows\MEMORY.DMP
2013-10-03 12:42 - 2013-10-03 12:42 - 00285184 _____ C:\Windows\Minidump\100313-26379-01.dmp
2013-10-03 12:41 - 2013-10-03 12:41 - 00000000 ____D C:\Users\James\Desktop\mbar
2013-10-03 12:32 - 2013-10-03 12:32 - 00285568 _____ C:\Windows\Minidump\100313-35661-01.dmp
2013-10-03 12:25 - 2013-10-03 12:25 - 00291376 _____ C:\Windows\Minidump\100313-31746-01.dmp
2013-10-03 12:25 - 2009-11-18 14:28 - 00635342 _____ C:\Windows\PFRO.log
2013-10-03 12:24 - 2013-10-03 12:24 - 00092376 _____ (MalwareBytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-10-03 12:23 - 2013-10-03 12:23 - 12907592 _____ (Malwarebytes Corp.) C:\Users\James\Desktop\mbar-1.07.0.1005.exe
2013-10-03 11:37 - 2013-10-03 11:33 - 00000034 _____ C:\Users\James\Desktop\savings.txt
2013-10-03 10:14 - 2013-10-03 10:14 - 00025843 _____ C:\Users\James\Desktop\combofix.txt
2013-10-03 09:47 - 2013-10-03 09:47 - 00025843 _____ C:\ComboFix.txt
2013-10-03 09:47 - 2012-08-08 00:38 - 00000000 ____D C:\Qoobox
2013-10-03 09:46 - 2009-11-21 23:46 - 00000000 ___RD C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-03 09:45 - 2009-07-13 21:34 - 00000215 _____ C:\Windows\system.ini
2013-10-03 09:36 - 2009-07-13 22:20 - 00000000 __RHD C:\Users\Default
2013-10-03 09:01 - 2013-10-03 09:00 - 05130107 ____R (Swearware) C:\Users\James\Desktop\ComboFix.exe
2013-10-03 09:00 - 2013-10-03 09:00 - 00003024 _____ C:\Users\James\Desktop\JavaRa.log
2013-10-03 08:59 - 2013-10-03 08:59 - 00003024 _____ C:\JavaRa.log
2013-10-03 08:59 - 2009-11-18 12:34 - 00000000 ____D C:\Program Files (x86)\Java
2013-10-03 08:58 - 2013-10-03 08:58 - 00165483 _____ C:\Users\James\Desktop\JavaRa-1.16-28-5-13.zip
2013-10-03 08:58 - 2013-10-03 08:58 - 00000000 ____D C:\Users\James\Desktop\RemoveJava
2013-10-03 08:00 - 2010-05-02 01:33 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2482222888-3877877194-96238860-1000Core.job
2013-10-03 07:45 - 2012-05-13 23:45 - 00000510 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 6b76aca1-24e7-4e75-a3c3-b5e5e6079c7b.job
2013-10-03 02:00 - 2012-05-13 23:45 - 00000510 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task f7bc7068-c2fd-4a47-9975-b63ad374073a.job
2013-10-03 00:48 - 2013-10-02 10:21 - 00000149 ____N C:\Users\James\Desktop\wed to do.txt
2013-10-03 00:41 - 2013-10-03 00:41 - 00000212 _____ C:\Users\James\Desktop\Computer Issues - Malware Removal Help - Malwarebytes Forum.url
2013-10-02 23:41 - 2013-10-02 23:41 - 00026563 ____N C:\Users\James\Desktop\dds.txt
2013-10-02 23:41 - 2013-10-02 23:41 - 00022766 ____N C:\Users\James\Desktop\attach.txt
2013-10-02 23:40 - 2013-10-02 23:40 - 00688992 ____R (Swearware) C:\Users\James\Desktop\dds.com
2013-10-02 23:32 - 2013-10-02 23:32 - 00000197 ____N C:\Users\James\Desktop\MyStudyBible.com.url
2013-10-02 22:41 - 2010-04-18 18:01 - 00000000 ____D C:\Users\James\Documents\Dave Ramsey
2013-10-02 12:53 - 2011-02-20 21:15 - 00000000 ____D C:\Users\James\Documents\Ragan
2013-10-01 08:25 - 2011-10-06 11:15 - 00000000 ____D C:\Users\James\Documents\FSCEN
2013-09-30 15:41 - 2013-09-30 15:41 - 00000194 ____N C:\Users\James\Desktop\Firewheel Bible Fellowship Garland, TX.url
2013-09-30 15:21 - 2012-11-07 20:32 - 00000000 ____D C:\Users\James\Documents\Bills
2013-09-28 18:16 - 2013-09-28 18:16 - 00000214 ____N C:\Users\James\Desktop\Introducing solid food  BabyCenter.url
2013-09-28 18:11 - 2013-09-28 18:11 - 00000240 ____N C:\Users\James\Desktop\Foods that can be unsafe for your baby  BabyCenter.url
2013-09-28 09:59 - 2013-09-28 09:59 - 00000306 ____N C:\Users\James\Desktop\It's Your Turn To Thrive.  Discover Infusionsoft.url
2013-09-27 01:05 - 2009-11-21 13:13 - 00000000 ____D C:\Users\James\AppData\Roaming\Adobe
2013-09-26 16:54 - 2013-09-26 16:54 - 00000170 ____N C:\Users\James\Desktop\Internet Marketing Houston  SEO Company & Web Design  Zizinya Website Marketing Solutions  Houston TX.url
2013-09-26 11:11 - 2013-09-26 11:11 - 00000189 ____N C:\Users\James\Desktop\Improve your Brain Health - Lumosity.url
2013-09-25 22:37 - 2009-07-14 00:13 - 01012152 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-25 17:31 - 2013-09-25 17:31 - 00000484 ____N C:\Users\James\Desktop\12 Ways To Disappoint Your Design Clients - SitePoint.url
2013-09-25 16:16 - 2013-09-09 22:14 - 00000000 ____D C:\Users\James\Desktop\Young Adults
2013-09-25 00:37 - 2013-09-18 09:18 - 00000550 ____N C:\Users\James\Desktop\wed.txt
2013-09-24 13:14 - 2013-08-08 23:20 - 00000000 ____D C:\Users\James\Desktop\Review
2013-09-20 00:22 - 2013-09-20 00:22 - 03723656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-09-20 00:22 - 2012-06-05 14:52 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-20 00:22 - 2012-06-05 14:52 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-20 00:22 - 2011-09-11 23:18 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-18 08:50 - 2013-09-18 08:50 - 00000070 ____N C:\Users\James\Documents\BIRTHDAYS.txt
2013-09-17 20:36 - 2013-09-17 20:36 - 00000219 ____N C:\Users\James\Desktop\Developmental milestones Teething  BabyCenter.url
2013-09-17 09:32 - 2013-09-17 09:32 - 00000260 ____N C:\Users\James\Desktop\AutoTweet NG - Joomla! Extensions Directory.url
2013-09-17 09:31 - 2013-09-17 09:31 - 00000260 ____N C:\Users\James\Desktop\JoomShareBar Pro - Joomla! Extensions Directory.url
2013-09-17 09:27 - 2013-09-17 09:27 - 00000202 ____N C:\Users\James\Desktop\Ekklesia 360 - Church and Ministry Websites and CMS.url
2013-09-17 09:26 - 2013-09-17 09:26 - 00000204 ____N C:\Users\James\Desktop\Dallas Northway  The Village Church.url
2013-09-16 12:27 - 2013-09-16 12:27 - 00000218 ____N C:\Users\James\Desktop\Doctor visit worksheet The 4-month checkup  BabyCenter.url
2013-09-15 16:42 - 2013-09-08 14:50 - 00000000 ____D C:\Users\James\Documents\RAs
2013-09-13 19:33 - 2012-07-15 16:30 - 00000000 ____D C:\Users\James\AppData\Roaming\TS3Client
2013-09-13 03:09 - 2009-11-18 12:40 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-12 23:24 - 2013-09-12 23:24 - 00000099 _____ C:\Connector_Info.log
2013-09-12 23:24 - 2013-09-12 23:24 - 00000000 ____D C:\Users\James\AppData\Roaming\Keynote Systems
2013-09-12 23:17 - 2013-09-07 14:00 - 00000000 ____D C:\Users\James\Desktop\Surveys
2013-09-12 14:50 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2013-09-12 08:50 - 2012-01-30 07:22 - 00000000 ___RD C:\Users\James\Virtual Machines
2013-09-12 08:50 - 2009-11-21 23:46 - 00000000 ___RD C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-12 04:23 - 2009-07-13 23:45 - 02437776 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-12 04:00 - 2013-07-13 03:13 - 00000000 ____D C:\Windows\system32\MRT
2013-09-12 03:53 - 2010-03-30 17:38 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-11 23:21 - 2009-11-21 23:46 - 00146024 _____ C:\Users\James\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-11 15:17 - 2013-09-08 14:20 - 00000000 ____D C:\Users\James\Desktop\Coupons
2013-09-11 15:06 - 2013-09-11 15:06 - 00000116 _____ C:\Users\Public\Documents\SAH_Install.ini
2013-09-11 15:06 - 2013-09-11 15:06 - 00000000 ____D C:\Users\James\AppData\Roaming\ShopAtHome
2013-09-11 13:56 - 2013-09-11 13:56 - 00000210 ____N C:\Users\James\Desktop\AT&T Trade-in Program - Get an AT&T promotion card when you trade in your cell phone.url
2013-09-11 08:18 - 2013-09-01 23:20 - 00022531 ____N C:\Users\James\Desktop\august.xlsx
2013-09-11 07:13 - 2013-09-11 07:13 - 00000221 ____N C:\Users\James\Desktop\Ultimate WordPress Theme Builder Plugin deal - MightyDeals.url
2013-09-11 01:27 - 2013-09-11 01:27 - 00000244 ____N C:\Users\James\Desktop\529 plans becoming top savings option - USATODAY.com.url
2013-09-09 17:38 - 2013-03-04 16:28 - 00000000 ____D C:\Users\James\Documents\To do Charts
2013-09-08 15:51 - 2013-05-23 13:23 - 00000000 ____D C:\Users\James\Desktop\elijah

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-10-01 00:29

==================== End Of Log ============================

 

 

Addition.txt

 

- attached per instructions

Addition.txt

Link to post
Share on other sites

Ok I found a Java 6 and Java 7 I uninstalled in the Programs section.

 

Ran AdwCleaner again, rescan and CLEAN, then reboot (new file below)

 

# AdwCleaner v3.006 - Report created 03/10/2013 at 16:32:27
# Updated 01/10/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : James - JAMES-PC
# Running from : C:\Users\James\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\72zwrn9e.default\CT2304157
Folder Deleted : C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\72zwrn9e.default\Extensions\{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3}
Folder Deleted : C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\72zwrn9e.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
File Deleted : C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\72zwrn9e.default\searchplugins\web-search.xml

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2008\Microsoft Visual Studio 2008 Documentation.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Developer Network\MSDN Library for Visual Studio 2008 - ENU.lnk

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKCU\Software\Somoto Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16686

-\\ Mozilla Firefox v22.0 (en-US)

[ File : C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\72zwrn9e.default\prefs.js ]

Line Deleted : user_pref("CT2304157..clientLogIsEnabled", true);
Line Deleted : user_pref("CT2304157.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Line Deleted : user_pref("CT2304157.AppTrackingLastCheckTime", "Mon Aug 20 2012 01:05:11 GMT-0500 (Central Daylight Time)");

Line Deleted : user_pref("CT2304157.CTID", "CT2304157");
Line Deleted : user_pref("CT2304157.ConfigurationLastCheckTime", "Sat Sep 28 2013 16:22:09 GMT-0500 (Central Standard Time)");
Line Deleted : user_pref("CT2304157.CurrentServerDate", "29-9-2013");
Line Deleted : user_pref("CT2304157.DSChangedManually", false);
Line Deleted : user_pref("CT2304157.DSInstall", true);
Line Deleted : user_pref("CT2304157.DSProtectChoice", true);
Line Deleted : user_pref("CT2304157.DSProtectCount", 1);
Line Deleted : user_pref("CT2304157.DialogsAlignMode", "LTR");
Line Deleted : user_pref("CT2304157.DialogsGetterLastCheckTime", "Tue Sep 24 2013 21:14:20 GMT-0500 (Central Standard Time)");
Line Deleted : user_pref("CT2304157.DownloadReferralCookieData", "");
Line Deleted : user_pref("CT2304157.FeedLastCount129078895246717929", 50);
Line Deleted : user_pref("CT2304157.FeedLastCount129095439763593837", 0);
Line Deleted : user_pref("CT2304157.FeedPollDate129078895250311712", "Thu Apr 25 2013 21:47:02 GMT-0500 (Central Daylight Time)");
Line Deleted : user_pref("CT2304157.FeedPollDate129095439763593837", "Thu Apr 25 2013 21:47:02 GMT-0500 (Central Daylight Time)");
Line Deleted : user_pref("CT2304157.FeedPollDate129604942912022444", "Thu Apr 25 2013 21:47:02 GMT-0500 (Central Daylight Time)");
Line Deleted : user_pref("CT2304157.FeedTTL129078895250311712", 40);
Line Deleted : user_pref("CT2304157.FirstServerDate", "29-2-2012");
Line Deleted : user_pref("CT2304157.FirstTime", true);
Line Deleted : user_pref("CT2304157.FirstTimeFF3", true);
Line Deleted : user_pref("CT2304157.FixPageNotFoundErrors", true);
Line Deleted : user_pref("CT2304157.GroupingServerCheckInterval", 1440);
Line Deleted : user_pref("CT2304157.HPChangedManually", true);
Line Deleted : user_pref("CT2304157.HPInstall", true);
Line Deleted : user_pref("CT2304157.HPProtectChoice", true);
Line Deleted : user_pref("CT2304157.HPProtectCount", 1);
Line Deleted : user_pref("CT2304157.HasUserGlobalKeys", true);
Line Deleted : user_pref("CT2304157.HomePageProtectorEnabled", false);
Line Deleted : user_pref("CT2304157.Initialize", true);
Line Deleted : user_pref("CT2304157.InitializeCommonPrefs", true);
Line Deleted : user_pref("CT2304157.InstallationAndCookieDataSentCount", 3);
Line Deleted : user_pref("CT2304157.InstallationId", "xfcore");
Line Deleted : user_pref("CT2304157.InstalledDate", "Tue Feb 28 2012 21:28:28 GMT-0600 (Central Standard Time)");
Line Deleted : user_pref("CT2304157.IsAlertDBUpdated", true);
Line Deleted : user_pref("CT2304157.IsGrouping", false);
Line Deleted : user_pref("CT2304157.IsInitSetupIni", true);
Line Deleted : user_pref("CT2304157.IsMulticommunity", false);
Line Deleted : user_pref("CT2304157.IsOpenThankYouPage", false);
Line Deleted : user_pref("CT2304157.IsOpenUninstallPage", true);
Line Deleted : user_pref("CT2304157.IsProtectorsInit", true);
Line Deleted : user_pref("CT2304157.LanguagePackLastCheckTime", "Sat Sep 28 2013 16:22:13 GMT-0500 (Central Standard Time)");
Line Deleted : user_pref("CT2304157.LanguagePackReloadIntervalMM", 1440);
Line Deleted : user_pref("CT2304157.LastLogin_3.15.1.0", "Thu Apr 25 2013 21:47:02 GMT-0500 (Central Daylight Time)");
Line Deleted : user_pref("CT2304157.LastLogin_3.18.0.7", "Wed Jul 17 2013 12:18:59 GMT-0500 (Central Standard Time)");
Line Deleted : user_pref("CT2304157.LastLogin_3.19.0.3", "Tue Sep 24 2013 21:14:44 GMT-0500 (Central Standard Time)");
Line Deleted : user_pref("CT2304157.LastLogin_3.20.0.4", "Sat Sep 28 2013 16:22:13 GMT-0500 (Central Standard Time)");
Line Deleted : user_pref("CT2304157.LastLogin_3.9.0.3", "Sat Aug 25 2012 16:36:37 GMT-0500 (Central Daylight Time)");
Line Deleted : user_pref("CT2304157.LatestVersion", "3.20.0.4");
Line Deleted : user_pref("CT2304157.Locale", "en");
Line Deleted : user_pref("CT2304157.MCDetectTooltipHeight", "83");

Line Deleted : user_pref("CT2304157.MCDetectTooltipWidth", "295");
Line Deleted : user_pref("CT2304157.MyStuffEnabledAtInstallation", true);
Line Deleted : user_pref("CT2304157.OriginalFirstVersion", "3.9.0.3");
Line Deleted : user_pref("CT2304157.SavedHomepage", "about:blank");
Line Deleted : user_pref("CT2304157.SearchAPILastCheckTime", "Sat Sep 28 2013 16:22:13 GMT-0500 (Central Standard Time)");
Line Deleted : user_pref("CT2304157.SearchFromAddressBarIsInit", true);
Line Deleted : user_pref("CT2304157.SearchInNewTabEnabled", true);
Line Deleted : user_pref("CT2304157.SearchInNewTabIntervalMM", 1440);
Line Deleted : user_pref("CT2304157.SearchInNewTabLastCheckTime", "Tue Sep 24 2013 21:14:17 GMT-0500 (Central Standard Time)");
Line Deleted : user_pref("CT2304157.SearchProtectorEnabled", false);
Line Deleted : user_pref("CT2304157.SearchProtectorToolbarDisabled", false);
Line Deleted : user_pref("CT2304157.SendProtectorDataViaLogin", true);
Line Deleted : user_pref("CT2304157.ServiceMapLastCheckTime", "Sat Sep 28 2013 16:22:12 GMT-0500 (Central Standard Time)");
Line Deleted : user_pref("CT2304157.SettingsLastCheckTime", "Sat Sep 28 2013 16:22:08 GMT-0500 (Central Standard Time)");
Line Deleted : user_pref("CT2304157.SettingsLastUpdate", "1380352915");
Line Deleted : user_pref("CT2304157.ThirdPartyComponentsInterval", 504);
Line Deleted : user_pref("CT2304157.ThirdPartyComponentsLastCheck", "Tue Sep 24 2013 21:14:16 GMT-0500 (Central Standard Time)");
Line Deleted : user_pref("CT2304157.ThirdPartyComponentsLastUpdate", "1331805997");
Line Deleted : user_pref("CT2304157.ToolbarShrinkedFromSetup", false);
Line Deleted : user_pref("CT2304157.UserID", "UN33047129861186086");
Line Deleted : user_pref("CT2304157.ValidationData_Search", 1);
Line Deleted : user_pref("CT2304157.ValidationData_Toolbar", 0);
Line Deleted : user_pref("CT2304157.alertChannelId", "700614");
Line Deleted : user_pref("CT2304157.backendstorage.2304157a129604967990223179000000paramsgk2", "7B2275706461746552657154696D65223A313336323238303131363430312C227570646174655265737054696D65223A31333632323830313136393[...]
Line Deleted : user_pref("CT2304157.countryCode", "US");

Line Deleted : user_pref("CT2304157.globalFirstTimeInfoLastCheckTime", "Tue Sep 24 2013 21:14:20 GMT-0500 (Central Standard Time)");
Line Deleted : user_pref("CT2304157.homepageProtectorEnableByLogin", true);
Line Deleted : user_pref("CT2304157.initDone", true);
Line Deleted : user_pref("CT2304157.isAppTrackingManagerOn", false);
Line Deleted : user_pref("CT2304157.myStuffEnabled", true);
Line Deleted : user_pref("CT2304157.myStuffPublihserMinWidth", 400);
Line Deleted : user_pref("CT2304157.myStuffServiceIntervalMM", 1440);
Line Deleted : user_pref("CT2304157.oldAppsList", "128883653123969059,128883653123969060,111,128883659132094175,129605088190464378,129604976926455284,129604961880467453,129604111228560478,129605074722423533,12909543[...]
Line Deleted : user_pref("CT2304157.revertSettingsEnabled", true);
Line Deleted : user_pref("CT2304157.searchProtectorDialogDelayInSec", 10);
Line Deleted : user_pref("CT2304157.searchProtectorEnableByLogin", true);
Line Deleted : user_pref("CT2304157.testingCtid", "");
Line Deleted : user_pref("CT2304157.toolbarAppMetaDataLastCheckTime", "Sat Sep 28 2013 16:22:13 GMT-0500 (Central Standard Time)");
Line Deleted : user_pref("CT2304157.toolbarContextMenuLastCheckTime", "Tue Sep 24 2013 21:14:20 GMT-0500 (Central Standard Time)");
Line Deleted : user_pref("CT2304157.usagesFlag", 2);











Line Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\James\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\72zwrn9e.default\\conduitCommon\\modules\\3.19.0.3");

www.|apps.)?facebook\\.com.*");
www.|apps.)?facebook\\.com.*");

-\\ Google Chrome v

[ File : C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage
Deleted : search_url
Deleted : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [16934 octets] - [03/10/2013 13:05:01]
AdwCleaner[R1].txt - [16950 octets] - [03/10/2013 16:31:43]
AdwCleaner[s0].txt - [16787 octets] - [03/10/2013 16:32:27]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [16848 octets] ##########

 

 

reran FRST64 and new logs below

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by James (administrator) on JAMES-PC on 03-10-2013 16:42:25
Running from C:\Users\James\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Apache Software Foundation) C:\Apache\bin\httpd.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CrashPlan) C:\Program Files\CrashPlan\CrashPlanService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Apache Software Foundation) C:\Apache\bin\httpd.exe
(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Akamai Technologies, Inc.) C:\Users\James\AppData\Local\Akamai\netsession_win.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Akamai Technologies, Inc.) C:\Users\James\AppData\Local\Akamai\netsession_win.exe
(Alcor Micro Corp.) C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
() C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.1 Home Edition\bin\EpmNews.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(ShopAtHome.com) C:\Users\James\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe
(ShopAtHome.com) C:\Users\James\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeUpdater.exe
() C:\Program Files (x86)\CMS Peripherals\BounceBack Express\BBLauncher.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSAS10.MSSQLSERVER\OLAP\bin\msmdsrv.exe
(Code 42 Software, Inc.) C:\Program Files\CrashPlan\CrashPlanTray.exe
(Apache Software Foundation) C:\Apache\bin\ApacheMonitor.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
() C:\MYSQL\bin\mysqld.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSRS10.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe
(Microsoft Corporation) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
(Macrovision Europe Ltd.) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ShopAtHome.com) C:\Users\James\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelper.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe

==================== Registry (Whitelisted) ==================

HKCU\...\Run: [Messenger (Yahoo!)] - C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKCU\...\Run: [DAEMON Tools Pro Agent] - C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [427328 2010-04-15] (DT Soft Ltd)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\James\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [sUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6588144 2013-10-03] (SUPERAntiSpyware)
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-08-28] (Google Inc.)
HKLM-x32\...\Run: [shwiconXP9106] - C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2009-07-17] (Alcor Micro Corp.)
HKLM-x32\...\Run: [VolPanel] - C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe [237693 2009-02-03] (Creative Technology Ltd)
HKLM-x32\...\Run: [sPIRunE] - C:\Windows\\SysWOW64\SPIRunE.dll [18432 2009-07-27] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Dell DataSafe Online] - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe [1779952 2009-07-07] ()
HKLM-x32\...\Run: [PDVDDXSrv] - C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-06-24] (CyberLink Corp.)
HKLM-x32\...\Run: [AppleSyncNotifier] - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [58656 2011-04-20] (Apple Inc.)
HKLM-x32\...\Run: [bounceBack Setup] - "C:\Program Files (x86)\CMS Peripherals\BounceBack Express\AppLaunch.exe" /Launchit
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2009-12-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [948672 2009-12-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [620152 2006-10-22] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Adobe_ID0EYTHM] - C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe [1884160 2007-03-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] - C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [1666560 2012-02-20] (AimerSoft)
HKLM-x32\...\Run: [EaseUS EPM tray] - C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.1 Home Edition\bin\EpmNews.exe [2086984 2012-11-29] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
HKLM-x32\...\Run: [shopAtHomeWatcher] - C:\Users\James\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe [140944 2013-08-20] (ShopAtHome.com)
HKLM-x32\...\Run: [shopAtHomeUpdater] - C:\Users\James\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeUpdater.exe [179856 2013-08-20] (ShopAtHome.com)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {3A259F2F-F705-4771-A4F8-140738A76CB8} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll (Adobe Systems Incorporated.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - ShopAtHome.com Toolbar - {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - C:\Users\James\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll (ShopAtHome.com)
Toolbar: HKCU -  No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKCU -  No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU -  No Name - {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} -  No File
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {50647AB5-18FD-4142-82B0-5852478DD0D5} http://webeffective.keynote.com/applications/pconnector/download/ConnectorLauncher.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab
Winsock: Catalog5 03 %SystemRoot%\System32\mswsock.dll [232448] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 04 %SystemRoot%\System32\nwprovau.dll File Not found ()
Winsock: Catalog9 25 %SystemRoot%\system32\rsvpsp.dll File Not found ()
Winsock: Catalog9 26 %SystemRoot%\system32\rsvpsp.dll File Not found ()
Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [326144] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\72zwrn9e.default
FF NewTab: about:blank
FF DefaultSearchEngine: Bing
FF NetworkProxy: "no_proxies_on", "*.local"
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\James\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\James\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: vitzo.com/VDownloader - C:\Program Files (x86)\VDownloader\Addons\npVDownloader.dll No File
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\answers.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\creativecommons.xml
FF Extension: No Name - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\72zwrn9e.default\Extensions\accessext@cita.uiuc.edu
FF Extension: Cache Status - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\72zwrn9e.default\Extensions\cache@status.org
FF Extension: CodeBurner for Firebug - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\72zwrn9e.default\Extensions\firebug@tools.sitepoint.com
FF Extension: FireRainbow - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\72zwrn9e.default\Extensions\firerainbow@hildebrand.cz
FF Extension: Font Finder - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\72zwrn9e.default\Extensions\fontfinder@bendodson.com
FF Extension: Pixel Perfect - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\72zwrn9e.default\Extensions\pixelperfectplugin@openhouseconcepts.com
FF Extension: ShopAtHome.com Toolbar - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\72zwrn9e.default\Extensions\toolbar@shopathome.com
FF Extension: MacOSX Theme - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\72zwrn9e.default\Extensions\{00352F14-3F76-4e4d-ACFF-9972D7E4B3B9}
FF Extension: No Name - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\72zwrn9e.default\Extensions\{21D01944-2878-4eb3-A72A-83E8D1E6D4A6}
FF Extension: Juicy Studio Colour Contrast Analyser - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\72zwrn9e.default\Extensions\{34c51bf3-5fb2-4799-8cca-d5b8567cf7ef}
FF Extension: CacheViewer - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\72zwrn9e.default\Extensions\{71328583-3CA7-4809-B4BA-570A85818FBB}
FF Extension: Somoto Toolbar - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\72zwrn9e.default\Extensions\{c3721e85-f0ac-4b7e-ae4c-3e738011dc9d}
FF Extension: firebug - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\72zwrn9e.default\Extensions\firebug@software.joehewitt.com.xpi
FF Extension: FirePHPExtension-Build - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\72zwrn9e.default\Extensions\FirePHPExtension-Build@firephp.org.xpi
FF Extension: yslow - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\72zwrn9e.default\Extensions\yslow@yahoo-inc.com.xpi
FF Extension: No Name - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\72zwrn9e.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi
FF HKLM\...\Firefox\Extensions: [{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}] - C:\Program Files\Updater By SweetPacks\Firefox
FF HKLM-x32\...\Firefox\Extensions: [support@vdownloader.com] - C:\Program Files (x86)\VDownloader\Addons\FireFox
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome:
=======


CHR DefaultSearchURL: (Bing) - http://www.google.com
CHR DefaultSuggestURL: (Bing) -       "suggest_url": ""
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\James\AppData\Local\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\James\AppData\Local\Google\Chrome\Application\29.0.1547.76\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\James\AppData\Local\Google\Chrome\Application\29.0.1547.76\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.300.12) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java Platform SE 6 U30) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll (Catalina Marketing Corporation)
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll No File
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (VDownloader) - C:\Program Files (x86)\VDownloader\Addons\npVDownloader.dll No File
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll No File
CHR Extension: (LessTabs) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekmkdkefndbeciggfanobcemjnppbbb\1.7.0.0_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR HKLM-x32\...\Chrome\Extension: [bmbpbcpokffodhpcdjaoopolhdlbconi] - C:\Users\James\AppData\Local\Temp\ccex.crx
CHR HKLM-x32\...\Chrome\Extension: [cekmkdkefndbeciggfanobcemjnppbbb] - C:\Program Files (x86)\LessTabs\Chrome\cekmkdkefndbeciggfanobcemjnppbbb.crx
CHR HKLM-x32\...\Chrome\Extension: [eoccbpoodnckjdnackiffhjfkogfhnhh] - C:\Program Files (x86)\VDownloader\Addons\Chrome.crx

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-09-07] (SUPERAntiSpyware.com)
R2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)
R2 Apache2.2; C:\Apache\bin\httpd.exe [24645 2010-07-30] (Apache Software Foundation)
S3 BrowseEmAll Updater Service; C:\Program Files (x86)\BrowseEmAll\BrowseEmAll.Updater.Service.exe [15968 2013-08-01] (BMW Group)
R2 CrashPlanService; C:\Program Files\CrashPlan\CrashPlanService.exe [222720 2012-03-26] (CrashPlan)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2009-09-03] (Alcatel-Lucent)
R2 MsDtsServer100; C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [220112 2012-08-24] (Microsoft Corporation)
R2 MSSQL$SQLEXPRESS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S2 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [58389968 2012-08-24] (Microsoft Corporation)
R2 MSSQLServerOLAPService; C:\Program Files\Microsoft SQL Server\MSAS10.MSSQLSERVER\OLAP\bin\msmdsrv.exe [43801448 2011-09-22] (Microsoft Corporation)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4737024 2008-07-29] (Microsoft Corporation)
R2 MySQL; C:\MYSQL\my.ini [8889 2010-08-22] ()
R2 ReportServer; C:\Program Files\Microsoft SQL Server\MSRS10.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2084712 2011-09-22] (Microsoft Corporation)
S2 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [440784 2012-08-24] (Microsoft Corporation)
S3 MSSQLFDLauncher; "C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe" -s MSSQL10.MSSQLSERVER [x]
S2 SessionLauncher; c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]

==================== Drivers (Whitelisted) ====================

S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [17480 2012-12-21] ()
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [17480 2012-12-21] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9800 2012-12-21] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9800 2012-12-21] ()
R2 Freedom Scientific Kernel Manager {D2B4C7A7-7605-4039-89E4-DE5CC69BBE9D}; C:\Windows\system32\fsKMgr.dll [23584 2010-04-13] (Freedom Scientific BLV Group, LLC.)
R3 fsvidmir; C:\Windows\System32\DRIVERS\fsvidmir.sys [10784 2010-04-13] (Microsoft Corporation)
S3 hitmanpro36; C:\Windows\system32\drivers\hitmanpro36.sys [30496 2012-07-22] ()
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [92376 2013-10-03] (MalwareBytes)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [92376 2013-10-03] (MalwareBytes)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 MREMP50; C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [21248 2009-09-03] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MREMP50; C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [21248 2009-09-03] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MREMP50a64; C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [43008 2009-09-03] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [20096 2009-09-03] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [20096 2009-09-03] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50a64; C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [40960 2009-09-03] (Printing Communications Assoc., Inc. (PCAUSA))
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2008-07-11] (SafeNet, Inc.)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [828912 2010-07-01] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S1 RxFilter; system32\DRIVERS\RxFilter.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-10-03 15:07 - 2013-10-03 15:07 - 01954124 _____ (Farbar) C:\Users\James\Desktop\FRST64.exe
2013-10-03 15:07 - 2013-10-03 15:07 - 00000000 ____D C:\FRST
2013-10-03 15:06 - 2013-10-03 15:06 - 00000193 _____ C:\Users\James\Desktop\eset.txt
2013-10-03 13:22 - 2013-10-03 13:22 - 00000000 ____D C:\Program Files (x86)\ESET
2013-10-03 13:20 - 2013-10-03 16:41 - 00016997 _____ C:\Users\James\Desktop\AdwCleaner.txt
2013-10-03 13:04 - 2013-10-03 16:32 - 00000000 ____D C:\AdwCleaner
2013-10-03 13:04 - 2013-10-03 13:04 - 01045226 _____ C:\Users\James\Desktop\AdwCleaner.exe
2013-10-03 13:02 - 2013-10-03 13:02 - 00030567 _____ C:\Users\James\Desktop\JRT.txt
2013-10-03 12:58 - 2013-10-03 12:58 - 01030305 _____ (Thisisu) C:\Users\James\Desktop\JRT.exe
2013-10-03 12:58 - 2013-10-03 12:58 - 00000000 ____D C:\Windows\ERUNT
2013-10-03 12:52 - 2013-10-03 12:53 - 00286000 _____ C:\Windows\Minidump\100313-25599-01.dmp
2013-10-03 12:42 - 2013-10-03 12:42 - 00285184 _____ C:\Windows\Minidump\100313-26379-01.dmp
2013-10-03 12:41 - 2013-10-03 12:41 - 00000000 ____D C:\Users\James\Desktop\mbar
2013-10-03 12:32 - 2013-10-03 12:32 - 00285568 _____ C:\Windows\Minidump\100313-35661-01.dmp
2013-10-03 12:25 - 2013-10-03 12:25 - 00291376 _____ C:\Windows\Minidump\100313-31746-01.dmp
2013-10-03 12:24 - 2013-10-03 12:24 - 00092376 _____ (MalwareBytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-10-03 12:23 - 2013-10-03 12:23 - 12907592 _____ (Malwarebytes Corp.) C:\Users\James\Desktop\mbar-1.07.0.1005.exe
2013-10-03 11:33 - 2013-10-03 11:37 - 00000034 _____ C:\Users\James\Desktop\savings.txt
2013-10-03 10:14 - 2013-10-03 10:14 - 00025843 _____ C:\Users\James\Desktop\combofix.txt
2013-10-03 09:47 - 2013-10-03 09:47 - 00025843 _____ C:\ComboFix.txt
2013-10-03 09:00 - 2013-10-03 09:01 - 05130107 ____R (Swearware) C:\Users\James\Desktop\ComboFix.exe
2013-10-03 09:00 - 2013-10-03 09:00 - 00003024 _____ C:\Users\James\Desktop\JavaRa.log
2013-10-03 08:59 - 2013-10-03 08:59 - 00003024 _____ C:\JavaRa.log
2013-10-03 08:58 - 2013-10-03 08:58 - 00165483 _____ C:\Users\James\Desktop\JavaRa-1.16-28-5-13.zip
2013-10-03 08:58 - 2013-10-03 08:58 - 00000000 ____D C:\Users\James\Desktop\RemoveJava
2013-10-03 00:41 - 2013-10-03 00:41 - 00000212 _____ C:\Users\James\Desktop\Computer Issues - Malware Removal Help - Malwarebytes Forum.url
2013-10-02 23:41 - 2013-10-02 23:41 - 00026563 ____N C:\Users\James\Desktop\dds.txt
2013-10-02 23:41 - 2013-10-02 23:41 - 00022766 ____N C:\Users\James\Desktop\attach.txt
2013-10-02 23:40 - 2013-10-02 23:40 - 00688992 ____R (Swearware) C:\Users\James\Desktop\dds.com
2013-10-02 23:32 - 2013-10-02 23:32 - 00000197 ____N C:\Users\James\Desktop\MyStudyBible.com.url
2013-10-02 10:21 - 2013-10-03 00:48 - 00000149 ____N C:\Users\James\Desktop\wed to do.txt
2013-09-30 15:41 - 2013-09-30 15:41 - 00000194 ____N C:\Users\James\Desktop\Firewheel Bible Fellowship Garland, TX.url
2013-09-28 18:16 - 2013-09-28 18:16 - 00000214 ____N C:\Users\James\Desktop\Introducing solid food  BabyCenter.url
2013-09-28 18:11 - 2013-09-28 18:11 - 00000240 ____N C:\Users\James\Desktop\Foods that can be unsafe for your baby  BabyCenter.url
2013-09-28 09:59 - 2013-09-28 09:59 - 00000306 ____N C:\Users\James\Desktop\It's Your Turn To Thrive.  Discover Infusionsoft.url
2013-09-26 16:54 - 2013-09-26 16:54 - 00000170 ____N C:\Users\James\Desktop\Internet Marketing Houston  SEO Company & Web Design  Zizinya Website Marketing Solutions  Houston TX.url
2013-09-26 11:11 - 2013-09-26 11:11 - 00000189 ____N C:\Users\James\Desktop\Improve your Brain Health - Lumosity.url
2013-09-25 17:31 - 2013-09-25 17:31 - 00000484 ____N C:\Users\James\Desktop\12 Ways To Disappoint Your Design Clients - SitePoint.url
2013-09-20 00:22 - 2013-09-20 00:22 - 03723656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-09-18 09:18 - 2013-09-25 00:37 - 00000550 ____N C:\Users\James\Desktop\wed.txt
2013-09-18 08:50 - 2013-09-18 08:50 - 00000070 ____N C:\Users\James\Documents\BIRTHDAYS.txt
2013-09-17 20:36 - 2013-09-17 20:36 - 00000219 ____N C:\Users\James\Desktop\Developmental milestones Teething  BabyCenter.url
2013-09-17 09:32 - 2013-09-17 09:32 - 00000260 ____N C:\Users\James\Desktop\AutoTweet NG - Joomla! Extensions Directory.url
2013-09-17 09:31 - 2013-09-17 09:31 - 00000260 ____N C:\Users\James\Desktop\JoomShareBar Pro - Joomla! Extensions Directory.url
2013-09-17 09:27 - 2013-09-17 09:27 - 00000202 ____N C:\Users\James\Desktop\Ekklesia 360 - Church and Ministry Websites and CMS.url
2013-09-17 09:26 - 2013-09-17 09:26 - 00000204 ____N C:\Users\James\Desktop\Dallas Northway  The Village Church.url
2013-09-16 12:27 - 2013-09-16 12:27 - 00000218 ____N C:\Users\James\Desktop\Doctor visit worksheet The 4-month checkup  BabyCenter.url
2013-09-12 23:24 - 2013-09-12 23:24 - 00000099 _____ C:\Connector_Info.log
2013-09-12 23:24 - 2013-09-12 23:24 - 00000000 ____D C:\Users\James\AppData\Roaming\Keynote Systems
2013-09-12 04:01 - 2013-08-10 00:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-12 04:01 - 2013-08-10 00:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-12 04:01 - 2013-08-10 00:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-12 04:01 - 2013-08-10 00:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-12 04:01 - 2013-08-10 00:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-12 04:01 - 2013-08-09 22:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-12 04:01 - 2013-08-09 22:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-12 04:01 - 2013-08-09 22:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-12 04:01 - 2013-08-09 22:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-12 04:01 - 2013-08-09 22:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-12 04:01 - 2013-08-09 22:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-12 04:01 - 2013-08-09 22:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-12 04:01 - 2013-08-09 21:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-12 04:01 - 2013-08-09 21:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-12 04:00 - 2013-08-10 00:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-12 04:00 - 2013-08-10 00:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-12 04:00 - 2013-08-10 00:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-12 04:00 - 2013-08-10 00:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-12 04:00 - 2013-08-10 00:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-12 04:00 - 2013-08-10 00:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-12 04:00 - 2013-08-10 00:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-12 04:00 - 2013-08-10 00:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-12 04:00 - 2013-08-10 00:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-12 04:00 - 2013-08-09 22:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-12 04:00 - 2013-08-09 22:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-12 04:00 - 2013-08-09 22:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-12 04:00 - 2013-08-09 22:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-12 04:00 - 2013-08-09 22:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-12 04:00 - 2013-08-09 22:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-12 04:00 - 2013-08-09 22:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-12 04:00 - 2013-08-09 22:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-11 15:06 - 2013-09-11 15:06 - 00000116 _____ C:\Users\Public\Documents\SAH_Install.ini
2013-09-11 15:06 - 2013-09-11 15:06 - 00000000 ____D C:\Users\James\AppData\Roaming\ShopAtHome
2013-09-11 13:56 - 2013-09-11 13:56 - 00000210 ____N C:\Users\James\Desktop\AT&T Trade-in Program - Get an AT&T promotion card when you trade in your cell phone.url
2013-09-11 09:03 - 2013-08-07 20:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-11 09:03 - 2013-08-04 21:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-11 09:03 - 2013-08-01 21:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-11 09:03 - 2013-08-01 21:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-11 09:03 - 2013-08-01 21:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-09-11 09:03 - 2013-08-01 21:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-09-11 09:03 - 2013-08-01 21:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-09-11 09:03 - 2013-08-01 21:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-11 09:03 - 2013-08-01 21:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-09-11 09:03 - 2013-08-01 21:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-11 09:03 - 2013-08-01 21:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-11 09:03 - 2013-08-01 21:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-11 09:03 - 2013-08-01 21:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-11 09:03 - 2013-08-01 21:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 21:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 21:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 21:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 21:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 21:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 21:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 21:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 20:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-11 09:03 - 2013-08-01 20:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-11 09:03 - 2013-08-01 20:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-11 09:03 - 2013-08-01 20:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-11 09:03 - 2013-08-01 20:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-11 09:03 - 2013-08-01 20:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-11 09:03 - 2013-08-01 20:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-11 09:03 - 2013-08-01 20:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 20:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 20:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-11 09:03 - 2013-08-01 19:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-11 09:03 - 2013-08-01 19:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-11 09:03 - 2013-08-01 19:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-11 09:03 - 2013-08-01 19:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-11 09:03 - 2013-08-01 19:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-11 09:03 - 2013-08-01 19:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 19:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 19:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 19:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-11 09:03 - 2013-07-25 21:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-11 09:03 - 2013-07-25 21:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-11 09:03 - 2013-07-25 20:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-11 09:03 - 2013-07-25 20:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-09-11 07:13 - 2013-09-11 07:13 - 00000221 ____N C:\Users\James\Desktop\Ultimate WordPress Theme Builder Plugin deal - MightyDeals.url
2013-09-11 01:27 - 2013-09-11 01:27 - 00000244 ____N C:\Users\James\Desktop\529 plans becoming top savings option - USATODAY.com.url
2013-09-09 22:14 - 2013-09-25 16:16 - 00000000 ____D C:\Users\James\Desktop\Young Adults
2013-09-08 14:50 - 2013-09-15 16:42 - 00000000 ____D C:\Users\James\Documents\RAs
2013-09-08 14:20 - 2013-09-11 15:17 - 00000000 ____D C:\Users\James\Desktop\Coupons
2013-09-07 14:00 - 2013-09-12 23:17 - 00000000 ____D C:\Users\James\Desktop\Surveys

==================== One Month Modified Files and Folders =======

2013-10-03 16:41 - 2013-10-03 13:20 - 00016997 _____ C:\Users\James\Desktop\AdwCleaner.txt
2013-10-03 16:35 - 2010-08-28 23:59 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-03 16:34 - 2012-03-11 02:00 - 00010429 _____ C:\Windows\setupact.log
2013-10-03 16:34 - 2009-11-18 12:33 - 00000000 ____D C:\ProgramData\NVIDIA
2013-10-03 16:34 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-03 16:32 - 2013-10-03 13:04 - 00000000 ____D C:\AdwCleaner
2013-10-03 16:32 - 2009-07-14 00:10 - 01498751 _____ C:\Windows\WindowsUpdate.log
2013-10-03 16:23 - 2010-08-28 23:59 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-03 16:22 - 2012-06-05 14:52 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-03 16:20 - 2010-11-22 02:11 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-10-03 16:15 - 2009-07-13 23:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-03 16:15 - 2009-07-13 23:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-03 16:00 - 2010-05-02 01:33 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2482222888-3877877194-96238860-1000UA.job
2013-10-03 15:45 - 2012-05-13 23:45 - 00000510 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 6b76aca1-24e7-4e75-a3c3-b5e5e6079c7b.job
2013-10-03 15:07 - 2013-10-03 15:07 - 01954124 _____ (Farbar) C:\Users\James\Desktop\FRST64.exe
2013-10-03 15:07 - 2013-10-03 15:07 - 00000000 ____D C:\FRST
2013-10-03 15:06 - 2013-10-03 15:06 - 00000193 _____ C:\Users\James\Desktop\eset.txt
2013-10-03 13:22 - 2013-10-03 13:22 - 00000000 ____D C:\Program Files (x86)\ESET
2013-10-03 13:04 - 2013-10-03 13:04 - 01045226 _____ C:\Users\James\Desktop\AdwCleaner.exe
2013-10-03 13:02 - 2013-10-03 13:02 - 00030567 _____ C:\Users\James\Desktop\JRT.txt
2013-10-03 12:58 - 2013-10-03 12:58 - 01030305 _____ (Thisisu) C:\Users\James\Desktop\JRT.exe
2013-10-03 12:58 - 2013-10-03 12:58 - 00000000 ____D C:\Windows\ERUNT
2013-10-03 12:53 - 2013-10-03 12:52 - 00286000 _____ C:\Windows\Minidump\100313-25599-01.dmp
2013-10-03 12:52 - 2010-07-04 10:16 - 00000000 ____D C:\Windows\Minidump
2013-10-03 12:52 - 2010-07-04 10:15 - 656046795 _____ C:\Windows\MEMORY.DMP
2013-10-03 12:42 - 2013-10-03 12:42 - 00285184 _____ C:\Windows\Minidump\100313-26379-01.dmp
2013-10-03 12:41 - 2013-10-03 12:41 - 00000000 ____D C:\Users\James\Desktop\mbar
2013-10-03 12:32 - 2013-10-03 12:32 - 00285568 _____ C:\Windows\Minidump\100313-35661-01.dmp
2013-10-03 12:25 - 2013-10-03 12:25 - 00291376 _____ C:\Windows\Minidump\100313-31746-01.dmp
2013-10-03 12:25 - 2009-11-18 14:28 - 00635342 _____ C:\Windows\PFRO.log
2013-10-03 12:24 - 2013-10-03 12:24 - 00092376 _____ (MalwareBytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-10-03 12:23 - 2013-10-03 12:23 - 12907592 _____ (Malwarebytes Corp.) C:\Users\James\Desktop\mbar-1.07.0.1005.exe
2013-10-03 11:37 - 2013-10-03 11:33 - 00000034 _____ C:\Users\James\Desktop\savings.txt
2013-10-03 10:14 - 2013-10-03 10:14 - 00025843 _____ C:\Users\James\Desktop\combofix.txt
2013-10-03 09:47 - 2013-10-03 09:47 - 00025843 _____ C:\ComboFix.txt
2013-10-03 09:47 - 2012-08-08 00:38 - 00000000 ____D C:\Qoobox
2013-10-03 09:46 - 2009-11-21 23:46 - 00000000 ___RD C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-03 09:45 - 2009-07-13 21:34 - 00000215 _____ C:\Windows\system.ini
2013-10-03 09:36 - 2009-07-13 22:20 - 00000000 __RHD C:\Users\Default
2013-10-03 09:01 - 2013-10-03 09:00 - 05130107 ____R (Swearware) C:\Users\James\Desktop\ComboFix.exe
2013-10-03 09:00 - 2013-10-03 09:00 - 00003024 _____ C:\Users\James\Desktop\JavaRa.log
2013-10-03 08:59 - 2013-10-03 08:59 - 00003024 _____ C:\JavaRa.log
2013-10-03 08:59 - 2009-11-18 12:34 - 00000000 ____D C:\Program Files (x86)\Java
2013-10-03 08:58 - 2013-10-03 08:58 - 00165483 _____ C:\Users\James\Desktop\JavaRa-1.16-28-5-13.zip
2013-10-03 08:58 - 2013-10-03 08:58 - 00000000 ____D C:\Users\James\Desktop\RemoveJava
2013-10-03 08:00 - 2010-05-02 01:33 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2482222888-3877877194-96238860-1000Core.job
2013-10-03 02:00 - 2012-05-13 23:45 - 00000510 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task f7bc7068-c2fd-4a47-9975-b63ad374073a.job
2013-10-03 00:48 - 2013-10-02 10:21 - 00000149 ____N C:\Users\James\Desktop\wed to do.txt
2013-10-03 00:41 - 2013-10-03 00:41 - 00000212 _____ C:\Users\James\Desktop\Computer Issues - Malware Removal Help - Malwarebytes Forum.url
2013-10-02 23:41 - 2013-10-02 23:41 - 00026563 ____N C:\Users\James\Desktop\dds.txt
2013-10-02 23:41 - 2013-10-02 23:41 - 00022766 ____N C:\Users\James\Desktop\attach.txt
2013-10-02 23:40 - 2013-10-02 23:40 - 00688992 ____R (Swearware) C:\Users\James\Desktop\dds.com
2013-10-02 23:32 - 2013-10-02 23:32 - 00000197 ____N C:\Users\James\Desktop\MyStudyBible.com.url
2013-10-02 22:41 - 2010-04-18 18:01 - 00000000 ____D C:\Users\James\Documents\Dave Ramsey
2013-10-02 12:53 - 2011-02-20 21:15 - 00000000 ____D C:\Users\James\Documents\Ragan
2013-10-01 08:25 - 2011-10-06 11:15 - 00000000 ____D C:\Users\James\Documents\FSCEN
2013-09-30 15:41 - 2013-09-30 15:41 - 00000194 ____N C:\Users\James\Desktop\Firewheel Bible Fellowship Garland, TX.url
2013-09-30 15:21 - 2012-11-07 20:32 - 00000000 ____D C:\Users\James\Documents\Bills
2013-09-28 18:16 - 2013-09-28 18:16 - 00000214 ____N C:\Users\James\Desktop\Introducing solid food  BabyCenter.url
2013-09-28 18:11 - 2013-09-28 18:11 - 00000240 ____N C:\Users\James\Desktop\Foods that can be unsafe for your baby  BabyCenter.url
2013-09-28 09:59 - 2013-09-28 09:59 - 00000306 ____N C:\Users\James\Desktop\It's Your Turn To Thrive.  Discover Infusionsoft.url
2013-09-27 01:05 - 2009-11-21 13:13 - 00000000 ____D C:\Users\James\AppData\Roaming\Adobe
2013-09-26 16:54 - 2013-09-26 16:54 - 00000170 ____N C:\Users\James\Desktop\Internet Marketing Houston  SEO Company & Web Design  Zizinya Website Marketing Solutions  Houston TX.url
2013-09-26 11:11 - 2013-09-26 11:11 - 00000189 ____N C:\Users\James\Desktop\Improve your Brain Health - Lumosity.url
2013-09-25 22:37 - 2009-07-14 00:13 - 01012152 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-25 17:31 - 2013-09-25 17:31 - 00000484 ____N C:\Users\James\Desktop\12 Ways To Disappoint Your Design Clients - SitePoint.url
2013-09-25 16:16 - 2013-09-09 22:14 - 00000000 ____D C:\Users\James\Desktop\Young Adults
2013-09-25 00:37 - 2013-09-18 09:18 - 00000550 ____N C:\Users\James\Desktop\wed.txt
2013-09-24 13:14 - 2013-08-08 23:20 - 00000000 ____D C:\Users\James\Desktop\Review
2013-09-20 00:22 - 2013-09-20 00:22 - 03723656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-09-20 00:22 - 2012-06-05 14:52 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-20 00:22 - 2012-06-05 14:52 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-20 00:22 - 2011-09-11 23:18 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-18 08:50 - 2013-09-18 08:50 - 00000070 ____N C:\Users\James\Documents\BIRTHDAYS.txt
2013-09-17 20:36 - 2013-09-17 20:36 - 00000219 ____N C:\Users\James\Desktop\Developmental milestones Teething  BabyCenter.url
2013-09-17 09:32 - 2013-09-17 09:32 - 00000260 ____N C:\Users\James\Desktop\AutoTweet NG - Joomla! Extensions Directory.url
2013-09-17 09:31 - 2013-09-17 09:31 - 00000260 ____N C:\Users\James\Desktop\JoomShareBar Pro - Joomla! Extensions Directory.url
2013-09-17 09:27 - 2013-09-17 09:27 - 00000202 ____N C:\Users\James\Desktop\Ekklesia 360 - Church and Ministry Websites and CMS.url
2013-09-17 09:26 - 2013-09-17 09:26 - 00000204 ____N C:\Users\James\Desktop\Dallas Northway  The Village Church.url
2013-09-16 12:27 - 2013-09-16 12:27 - 00000218 ____N C:\Users\James\Desktop\Doctor visit worksheet The 4-month checkup  BabyCenter.url
2013-09-15 16:42 - 2013-09-08 14:50 - 00000000 ____D C:\Users\James\Documents\RAs
2013-09-13 19:33 - 2012-07-15 16:30 - 00000000 ____D C:\Users\James\AppData\Roaming\TS3Client
2013-09-13 03:09 - 2009-11-18 12:40 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-12 23:24 - 2013-09-12 23:24 - 00000099 _____ C:\Connector_Info.log
2013-09-12 23:24 - 2013-09-12 23:24 - 00000000 ____D C:\Users\James\AppData\Roaming\Keynote Systems
2013-09-12 23:17 - 2013-09-07 14:00 - 00000000 ____D C:\Users\James\Desktop\Surveys
2013-09-12 14:50 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2013-09-12 08:50 - 2012-01-30 07:22 - 00000000 ___RD C:\Users\James\Virtual Machines
2013-09-12 08:50 - 2009-11-21 23:46 - 00000000 ___RD C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-12 04:23 - 2009-07-13 23:45 - 02437776 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-12 04:00 - 2013-07-13 03:13 - 00000000 ____D C:\Windows\system32\MRT
2013-09-12 03:53 - 2010-03-30 17:38 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-11 23:21 - 2009-11-21 23:46 - 00146024 _____ C:\Users\James\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-11 15:17 - 2013-09-08 14:20 - 00000000 ____D C:\Users\James\Desktop\Coupons
2013-09-11 15:06 - 2013-09-11 15:06 - 00000116 _____ C:\Users\Public\Documents\SAH_Install.ini
2013-09-11 15:06 - 2013-09-11 15:06 - 00000000 ____D C:\Users\James\AppData\Roaming\ShopAtHome
2013-09-11 13:56 - 2013-09-11 13:56 - 00000210 ____N C:\Users\James\Desktop\AT&T Trade-in Program - Get an AT&T promotion card when you trade in your cell phone.url
2013-09-11 08:18 - 2013-09-01 23:20 - 00022531 ____N C:\Users\James\Desktop\august.xlsx
2013-09-11 07:13 - 2013-09-11 07:13 - 00000221 ____N C:\Users\James\Desktop\Ultimate WordPress Theme Builder Plugin deal - MightyDeals.url
2013-09-11 01:27 - 2013-09-11 01:27 - 00000244 ____N C:\Users\James\Desktop\529 plans becoming top savings option - USATODAY.com.url
2013-09-09 17:38 - 2013-03-04 16:28 - 00000000 ____D C:\Users\James\Documents\To do Charts
2013-09-08 15:51 - 2013-05-23 13:23 - 00000000 ____D C:\Users\James\Desktop\elijah

Some content of TEMP:
====================
C:\Users\James\AppData\Local\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-10-01 00:29

==================== End Of Log ============================

 

 

Addition.txt

 

- attached to post.

 

Addition.txt

Link to post
Share on other sites

  • Root Admin

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.
 

fixlist.txt

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-10-2013
Ran by James at 2013-10-03 17:15:41 Run:1
Running from C:\Users\James\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {3A259F2F-F705-4771-A4F8-140738A76CB8} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
Toolbar: HKCU -  No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKCU -  No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU -  No Name - {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} -  No File
Winsock: Catalog5 03 %SystemRoot%\System32\mswsock.dll [232448] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [326144] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
FF Extension: Somoto Toolbar - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\72zwrn9e.default\Extensions\{c3721e85-f0ac-4b7e-ae4c-3e738011dc9d}

*****************

HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3A259F2F-F705-4771-A4F8-140738A76CB8} => Key deleted successfully.
HKCR\CLSID\{3A259F2F-F705-4771-A4F8-140738A76CB8} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key deleted successfully.
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key deleted successfully.
HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Value deleted successfully.
HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Value deleted successfully.
HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} => Value deleted successfully.
HKCR\CLSID\{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} => Key not found.
Winsock: Catalog5 entry 000000000003\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5-x64 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\72zwrn9e.default\Extensions\{c3721e85-f0ac-4b7e-ae4c-3e738011dc9d} => Moved successfully.

==== End of Fixlog ====

Link to post
Share on other sites

Yeah I thought so...8 people using it...but not anymore! They have their own family computer now! haha...again appreciate the help...

 

New Log file

 

ComboFix 13-10-03.03 - James 10/03/2013  18:07:05.3.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8183.5659 [GMT -5:00]
Running from: C:\Users\James\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

(((((((((((((((((((((((((   Files Created from 2013-09-03 to 2013-10-03  )))))))))))))))))))))))))))))))

2013-10-03 23:18:24 . 2013-10-03 23:18:24 -------- d-----w- C:\Users\UpdatusUser\AppData\Local\temp
2013-10-03 23:18:24 . 2013-10-03 23:18:24 -------- d-----w- C:\Users\Public\AppData\Local\temp
2013-10-03 23:18:24 . 2013-10-03 23:18:24 -------- d-----w- C:\Users\Default\AppData\Local\temp
2013-10-03 23:05:50 . 2013-10-03 23:05:50 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CFE11B28-D3ED-4770-A1B7-CA542DDA5588}\offreg.dll
2013-10-03 20:07:31 . 2013-10-03 20:07:31 -------- d-----w- C:\FRST
2013-10-03 18:22:07 . 2013-10-03 18:22:07 -------- d-----w- C:\Program Files (x86)\ESET
2013-10-03 18:04:31 . 2013-10-03 21:32:38 -------- d-----w- C:\AdwCleaner
2013-10-03 17:58:31 . 2013-10-03 17:58:31 -------- d-----w- C:\Windows\ERUNT
2013-10-03 17:24:12 . 2013-10-03 17:24:12 92376 ----a-w- C:\Windows\system32\drivers\mbamchameleon.sys
2013-10-01 09:43:49 . 2013-09-05 05:32:08 9694160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CFE11B28-D3ED-4770-A1B7-CA542DDA5588}\mpengine.dll
2013-09-20 05:22:02 . 2013-09-20 05:22:02 3723656 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2013-09-13 04:24:07 . 2013-09-13 04:24:07 -------- d-----w- C:\Users\James\AppData\Roaming\Keynote Systems
2013-09-12 09:00:54 . 2013-08-10 05:20:55 2647040 ----a-w- C:\Windows\system32\iertutil.dll
2013-09-11 20:06:45 . 2013-09-11 20:06:52 -------- d-----w- C:\Users\James\AppData\Roaming\ShopAtHome
.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

2013-09-20 05:22:17 . 2012-06-05 19:52:43 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-09-20 05:22:17 . 2011-09-12 04:18:06 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-12 08:53:22 . 2010-03-30 22:38:03 79143768 ----a-w- C:\Windows\system32\MRT.exe
2013-08-07 09:22:02 . 2013-04-25 17:43:04 278800 ------w- C:\Windows\system32\MpSigStub.exe
2013-08-02 01:48:11 . 2013-09-11 14:03:19 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-07-25 09:25:54 . 2013-08-14 22:37:15 1888768 ----a-w- C:\Windows\system32\WMVDECOD.DLL
2013-07-25 08:57:27 . 2013-08-14 22:37:15 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58:42 . 2013-08-14 22:37:03 2048 ----a-w- C:\Windows\system32\tzres.dll
2013-07-19 01:41:01 . 2013-08-14 22:37:03 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-07-09 05:52:52 . 2013-08-14 22:37:48 224256 ----a-w- C:\Windows\system32\wintrust.dll
2013-07-09 05:51:16 . 2013-08-14 22:37:17 1217024 ----a-w- C:\Windows\system32\rpcrt4.dll
2013-07-09 05:46:20 . 2013-08-14 22:37:49 1472512 ----a-w- C:\Windows\system32\crypt32.dll
2013-07-09 05:46:20 . 2013-08-14 22:37:48 184320 ----a-w- C:\Windows\system32\cryptsvc.dll
2013-07-09 05:46:20 . 2013-08-14 22:37:48 139776 ----a-w- C:\Windows\system32\cryptnet.dll
2013-07-09 04:52:33 . 2013-08-14 22:37:17 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2013-07-09 04:52:10 . 2013-08-14 22:37:48 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll
2013-07-09 04:46:31 . 2013-08-14 22:37:48 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-07-09 04:46:31 . 2013-08-14 22:37:48 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-07-09 04:46:31 . 2013-08-14 22:37:48 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-07-06 06:03:53 . 2013-08-14 22:37:11 1910208 ----a-w- C:\Windows\system32\drivers\tcpip.sys
2011-09-16 20:12:04 . 2012-02-23 06:38:38 143240 ----a-w- C:\Program Files (x86)\Common Files\ApnStub.exe

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{311B58DC-A4DC-4B04-B1B5-60299AD3D803}"= "C:\Users\James\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll" [2013-08-20 21:57:28 2572944]

[HKEY_CLASSES_ROOT\clsid\{311b58dc-a4dc-4b04-b1b5-60299ad3d803}]
[HKEY_CLASSES_ROOT\ShopAtHome.ShopAtHome.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\ShopAtHome.ShopAtHome]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" [2012-05-25 10:25:02 6595928]
"DAEMON Tools Pro Agent"="C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" [2010-04-15 08:17:14 427328]
"Akamai NetSession Interface"="C:\Users\James\AppData\Local\Akamai\netsession_win.exe" [2013-06-05 06:01:52 4489472]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-10-03 21:20:37 6588144]
"swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-08-29 04:59:02 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ShwiconXP9106"="C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2009-07-17 22:07:58 237568]
"VolPanel"="C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2009-02-03 17:48:32 237693]
"SPIRunE"="SPIRunE.dll" [2009-07-27 06:50:14 18432]
"Dell DataSafe Online"="C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-07-07 16:23:00 1779952]
"PDVDDXSrv"="C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 02:19:50 140520]
"AppleSyncNotifier"="C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 17:48:18 58656]
"BounceBack Setup"="C:\Program Files (x86)\CMS Peripherals\BounceBack Express\AppLaunch.exe" [bU]
"Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 06:57:28 35760]
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 20:57:56 948672]
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 18:08:14 59720]
"Acrobat Assistant 8.0"="C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-23 04:24:02 620152]
"Aimersoft Helper Compact.exe"="C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe" [2012-02-20 20:54:08 1666560]
"EaseUS EPM tray"="C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.1 Home Edition\bin\EpmNews.exe" [2012-11-29 16:32:16 2086984]
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe" [2012-10-25 08:12:14 421888]
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 17:35:28 152392]
"ShopAtHomeWatcher"="C:\Users\James\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe" [2013-08-20 21:57:42 140944]
"ShopAtHomeUpdater"="C:\Users\James\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeUpdater.exe" [2013-08-20 21:57:40 179856]

C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - C:\Program Files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\Windows\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe [2012-7-12 295606]
Adobe Acrobat Synchronizer.lnk - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]
BounceBack Launcher.lnk - C:\Program Files (x86)\CMS Peripherals\BounceBack Express\BBLauncher.exe [2010-4-18 98304]
CrashPlan Tray.lnk - C:\Program Files\CrashPlan\CrashPlanTray.exe [2012-3-26 217088]
Monitor Apache Servers.lnk - C:\Apache\bin\ApacheMonitor.exe [2010-7-30 41051]

C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - C:\Program Files\Dell\DellDock\DellDock.exe /firstrun [2009-6-30 1316192]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer5"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SessionLauncher;SessionLauncher;c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe;c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]
R3 BrowseEmAll Updater Service;BrowseEmAll Updater Service;C:\Program Files (x86)\BrowseEmAll\BrowseEmAll.Updater.Service.exe;C:\Program Files (x86)\BrowseEmAll\BrowseEmAll.Updater.Service.exe [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);C:\Windows\system32\DRIVERS\dc3d.sys;C:\Windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
R3 epmntdrv;epmntdrv;C:\Windows\system32\epmntdrv.sys;C:\Windows\SYSNATIVE\epmntdrv.sys [x]
R3 EuGdiDrv;EuGdiDrv;C:\Windows\system32\EuGdiDrv.sys;C:\Windows\SYSNATIVE\EuGdiDrv.sys [x]
R3 hitmanpro36;Hitman Pro 3.5 Support Driver;C:\Windows\system32\drivers\hitmanpro36.sys;C:\Windows\SYSNATIVE\drivers\hitmanpro36.sys [x]
R3 mbamchameleon;mbamchameleon;C:\Windows\system32\drivers\mbamchameleon.sys;C:\Windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;C:\Windows\system32\DRIVERS\point64.sys;C:\Windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys;C:\Windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RoxMediaDB10;RoxMediaDB10;c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe;c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [x]
R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys;C:\Windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys;C:\Windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe;C:\Windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 RsFx0105;RsFx0105 Driver;C:\Windows\system32\DRIVERS\RsFx0105.sys;C:\Windows\SYSNATIVE\DRIVERS\RsFx0105.sys [x]
S0 PxHlpa64;PxHlpa64;C:\Windows\System32\Drivers\PxHlpa64.sys;C:\Windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 sptd;sptd;C:\Windows\System32\Drivers\sptd.sys;C:\Windows\SYSNATIVE\Drivers\sptd.sys [x]
S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS;C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS;C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe;C:\Windows\SYSNATIVE\svchost.exe [x]
S2 Apache2.2;Apache2.2;C:\Apache\bin\httpd.exe;C:\Apache\bin\httpd.exe [x]
S2 CrashPlanService;CrashPlan Backup Service;C:\Program Files\CrashPlan\CrashPlanService.exe;C:\Program Files\CrashPlan\CrashPlanService.exe [x]
S2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe;C:\Program Files\Dell\DellDock\DockLogin.exe [x]
S2 Freedom Scientific Kernel Manager {D2B4C7A7-7605-4039-89E4-DE5CC69BBE9D};Freedom Scientific Kernel Manager;C:\Windows\system32\fsKMgr.dll;C:\Windows\SYSNATIVE\fsKMgr.dll [x]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe;C:\Program Files\Common Files\Motive\McciCMService.exe [x]
S2 MsDtsServer100;SQL Server Integration Services 10.0;C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe;C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [x]
S2 ReportServer;SQL Server Reporting Services (MSSQLSERVER);C:\Program Files\Microsoft SQL Server\MSRS10.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe;C:\Program Files\Microsoft SQL Server\MSRS10.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [x]
S2 Sentinel64;Sentinel64;C:\Windows\System32\Drivers\Sentinel64.sys;C:\Windows\SYSNATIVE\Drivers\Sentinel64.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 fsvidmir;fsvidmir;C:\Windows\system32\DRIVERS\fsvidmir.sys;C:\Windows\SYSNATIVE\DRIVERS\fsvidmir.sys [x]
S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys;C:\Windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 MBAMProtector;MBAMProtector;C:\Windows\system32\drivers\mbam.sys;C:\Windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MSSQLFDLauncher;SQL Full-text Filter Daemon Launcher (MSSQLSERVER);C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe;C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [x]
S3 t3;Sound Blaster X-Fi Xtreme Audio;C:\Windows\system32\drivers\t3.sys;C:\Windows\SYSNATIVE\drivers\t3.sys [x]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys;C:\Windows\SYSNATIVE\drivers\WsAudio_DeviceS(1).sys [x]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys;C:\Windows\SYSNATIVE\drivers\WsAudio_DeviceS(2).sys [x]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys;C:\Windows\SYSNATIVE\drivers\WsAudio_DeviceS(3).sys [x]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);C:\Windows\system32\drivers\WsAudio_DeviceS(4).sys;C:\Windows\SYSNATIVE\drivers\WsAudio_DeviceS(4).sys [x]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);C:\Windows\system32\drivers\WsAudio_DeviceS(5).sys;C:\Windows\SYSNATIVE\drivers\WsAudio_DeviceS(5).sys [x]

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ    Akamai

Contents of the 'Scheduled Tasks' folder

2013-10-03 C:\Windows\Tasks\Adobe Flash Player Updater.job
- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-05 19:52:44 . 2013-09-20 05:22:18]

2013-10-03 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-08-29 04:59:09 . 2010-08-29 04:59:04]

2013-10-03 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-08-29 04:59:09 . 2010-08-29 04:59:04]

2013-10-03 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2482222888-3877877194-96238860-1000Core.job
- C:\Users\James\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-02 06:33:03 . 2010-05-02 06:33:00]

2013-10-03 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2482222888-3877877194-96238860-1000UA.job
- C:\Users\James\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-02 06:33:03 . 2010-05-02 06:33:00]

2013-10-03 C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 6b76aca1-24e7-4e75-a3c3-b5e5e6079c7b.job
- C:\Program Files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52:29 . 2011-05-04 17:52:29]

2013-10-03 C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task f7bc7068-c2fd-4a47-9975-b63ad374073a.job
- C:\Program Files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52:29 . 2011-05-04 17:52:29]

--------- X64 Entries -----------

------- Supplementary Scan -------

uLocal Page = C:\Windows\system32\blank.htm


mLocal Page = C:\Windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
Trusted Zone: harmonytx.org
Trusted Zone: mesquiteisd.org
Trusted Zone: mesquiteisd.org\elearn2
Trusted Zone: mesquiteisd.org\www
Trusted Zone: myharmonytx.org
Trusted Zone: twixt.us\be
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\72zwrn9e.default\
FF - prefs.js: browser.search.defaulturl -

- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
Toolbar-10 - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
AddRemove-Coupon Printer for Windows5.0.0.2 - C:\Program Files (x86)\Coupons\uninstall.exe
AddRemove-{A7E19604-93AF-4611-8C9F-CE509C2B286F}_is1 - C:\Program Files (x86)\Free YouTube Downloader\unins000.exe

 

Link to post
Share on other sites

  • Root Admin

Please run this

 

Please Run TFC by OldTimer to clear temporary files:

  • Download TFC from here and save it to your desktop.
  • http://oldtimer.geekstogo.com/TFC.exe
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

 

Then restart the computer and run Combofix again and post back the new log.

Link to post
Share on other sites

  • Root Admin

Okay most of the actual infections and adware have been removed.  However the computer still has a ton of software that probably falls into one of these categories.  OLD/USELESS/OBSOLETE
 
I would recommend going to your Control Panel, Add/Remove Programs and uninstall anything that you know you're no longer using.  If in doubt go ahead and ask.
 
At this point it's more so general PC maintenance that's needed now.
 
But let's do one more antivirus scan before you do that.
 

dr_web_cureit_zpse80d87bf.jpg

  • Please download Dr.Web CureIt! antivirus and save it to your computer. The file size is in excess of 100MB
  • NOTE: Free usage of Dr.Web CureIt! for business purposes is illegal.
  • Internet Explorer may show a warning when downloading - the file is safe to download from the provided link.
  • Shutdown your antivirus to avoid any conflicts while scanning.
  • Once the scans have completed please re-enable your antivirus.
  • If using Malwarebytes Anti-Malware PRO you can right click over the tray icon and disable the Protection Modules
  • If needed you can also temporarily disable it from starting with Windows
  • Temporarily turn off any other security add-ons or applications you may also have.
  • Once you have downloaded Dr.Web CureIt! you should right click over it and choose Properties and verify it has a Digital Signature.
  • If it does not have a Digital Signature then do not run it.
  • Close all open programs including all Web browsers and then double-click on drweb-cureit.exe to start the installer.
  • You should have your User Account Control (UAC) enabled for improved security and which should then produce a dialog box asking for approval to run the installer.
  • Click on the Yes button to start the installer.
  • Click OK to scan your computer in the Enhanced Protection Mode
  • Click on the check box to agree to participate in their software improvement program.
  • Then if needed choose your Language by clicking on the small globe like icon in the upper right corner by the wrench.
  • Then click on the Continue button and then click on the Select objects for scanning link just below the "Start scanning" button.
  • Place a check mark on all the items except for Temporary files and System restore points - those items should not have a check mark on them.
  • Then click on the Start scanning button.
  • If a threat is found you can click on the Action column in the program.
  • Your options will be Cure or Ignore
  • If you see an item that you are absolutely sure is OK, then un-check the check box for that item, otherwise keep it on Cure.
  • Then click on the Neutralize button.
  • Once completed click on the green Open Report link. It will open the report in NOTEPAD
  • Save the report to your desktop. The report will be called Cureit.log
  • Close Dr.Web Cureit!
  • Reboot your computer to allow files that were in use to be moved/deleted during reboot.
  • After reboot, attach the log Cureit.log you saved previously in your next reply.
  • Re-Enable your antivirus and other security programs when all done.
Link to post
Share on other sites

  • Root Admin

Okay let's run this again then.

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

 

 

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by James (administrator) on JAMES-PC on 04-10-2013 06:58:39
Running from C:\Users\James\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Apache Software Foundation) C:\Apache\bin\httpd.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CrashPlan) C:\Program Files\CrashPlan\CrashPlanService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
(Akamai Technologies, Inc.) C:\Users\James\AppData\Local\Akamai\netsession_win.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe
(Akamai Technologies, Inc.) C:\Users\James\AppData\Local\Akamai\netsession_win.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files (x86)\CMS Peripherals\BounceBack Express\BBLauncher.exe
(Code 42 Software, Inc.) C:\Program Files\CrashPlan\CrashPlanTray.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
(Microsoft Corporation) c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Apache Software Foundation) C:\Apache\bin\httpd.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSAS10.MSSQLSERVER\OLAP\bin\msmdsrv.exe
() C:\MYSQL\bin\mysqld.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSRS10.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe
(Microsoft Corporation) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdhost.exe
(Yahoo! Inc.) C:\PROGRA~2\Yahoo!\MESSEN~1\YAHOOM~1.EXE
(Yahoo! Inc.) C:\PROGRA~2\Yahoo!\MESSEN~1\YAHOOM~1.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe

==================== Registry (Whitelisted) ==================

HKCU\...\Run: [Messenger (Yahoo!)] - C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKCU\...\Run: [DAEMON Tools Pro Agent] - C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [427328 2010-04-15] (DT Soft Ltd)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\James\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [sUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6588144 2013-10-03] (SUPERAntiSpyware)
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-08-28] (Google Inc.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Internet (Whitelisted) ====================

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {3A259F2F-F705-4771-A4F8-140738A76CB8} URL =
BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll (Adobe Systems Incorporated.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {50647AB5-18FD-4142-82B0-5852478DD0D5} http://webeffective.keynote.com/applications/pconnector/download/ConnectorLauncher.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab
Winsock: Catalog5 04 %SystemRoot%\System32\nwprovau.dll File Not found ()
Winsock: Catalog9 25 %SystemRoot%\system32\rsvpsp.dll File Not found ()
Winsock: Catalog9 26 %SystemRoot%\system32\rsvpsp.dll File Not found ()
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\72zwrn9e.default
FF NewTab: about:blank
FF DefaultSearchEngine: Bing
FF NetworkProxy: "no_proxies_on", "*.local"
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\James\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\James\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: vitzo.com/VDownloader - C:\Program Files (x86)\VDownloader\Addons\npVDownloader.dll No File
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\answers.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\creativecommons.xml
FF Extension: No Name - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\72zwrn9e.default\Extensions\accessext@cita.uiuc.edu
FF Extension: Cache Status - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\72zwrn9e.default\Extensions\cache@status.org
FF Extension: CodeBurner for Firebug - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\72zwrn9e.default\Extensions\firebug@tools.sitepoint.com
FF Extension: FireRainbow - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\72zwrn9e.default\Extensions\firerainbow@hildebrand.cz
FF Extension: Font Finder - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\72zwrn9e.default\Extensions\fontfinder@bendodson.com
FF Extension: Pixel Perfect - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\72zwrn9e.default\Extensions\pixelperfectplugin@openhouseconcepts.com
FF Extension: ShopAtHome.com Toolbar - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\72zwrn9e.default\Extensions\toolbar@shopathome.com
FF Extension: MacOSX Theme - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\72zwrn9e.default\Extensions\{00352F14-3F76-4e4d-ACFF-9972D7E4B3B9}
FF Extension: No Name - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\72zwrn9e.default\Extensions\{21D01944-2878-4eb3-A72A-83E8D1E6D4A6}
FF Extension: Juicy Studio Colour Contrast Analyser - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\72zwrn9e.default\Extensions\{34c51bf3-5fb2-4799-8cca-d5b8567cf7ef}
FF Extension: CacheViewer - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\72zwrn9e.default\Extensions\{71328583-3CA7-4809-B4BA-570A85818FBB}
FF Extension: firebug - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\72zwrn9e.default\Extensions\firebug@software.joehewitt.com.xpi
FF Extension: FirePHPExtension-Build - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\72zwrn9e.default\Extensions\FirePHPExtension-Build@firephp.org.xpi
FF Extension: yslow - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\72zwrn9e.default\Extensions\yslow@yahoo-inc.com.xpi
FF Extension: No Name - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\72zwrn9e.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi
FF HKLM\...\Firefox\Extensions: [{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}] - C:\Program Files\Updater By SweetPacks\Firefox
FF HKLM-x32\...\Firefox\Extensions: [support@vdownloader.com] - C:\Program Files (x86)\VDownloader\Addons\FireFox
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome:
=======


CHR DefaultSearchURL: (Bing) - http://www.google.com
CHR DefaultSuggestURL: (Bing) -       "suggest_url": ""
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\James\AppData\Local\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\James\AppData\Local\Google\Chrome\Application\29.0.1547.76\pdf.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\James\AppData\Local\Google\Chrome\Application\29.0.1547.76\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.300.12) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java Platform SE 6 U30) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll (Catalina Marketing Corporation)
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll No File
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (VDownloader) - C:\Program Files (x86)\VDownloader\Addons\npVDownloader.dll No File
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll No File
CHR Extension: (LessTabs) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekmkdkefndbeciggfanobcemjnppbbb\1.7.0.0_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR HKLM-x32\...\Chrome\Extension: [bmbpbcpokffodhpcdjaoopolhdlbconi] - C:\Users\James\AppData\Local\Temp\ccex.crx
CHR HKLM-x32\...\Chrome\Extension: [cekmkdkefndbeciggfanobcemjnppbbb] - C:\Program Files (x86)\LessTabs\Chrome\cekmkdkefndbeciggfanobcemjnppbbb.crx
CHR HKLM-x32\...\Chrome\Extension: [eoccbpoodnckjdnackiffhjfkogfhnhh] - C:\Program Files (x86)\VDownloader\Addons\Chrome.crx

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-09-07] (SUPERAntiSpyware.com)
R2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)
R2 Apache2.2; C:\Apache\bin\httpd.exe [24645 2010-07-30] (Apache Software Foundation)
S3 BrowseEmAll Updater Service; C:\Program Files (x86)\BrowseEmAll\BrowseEmAll.Updater.Service.exe [15968 2013-08-01] (BMW Group)
R2 CrashPlanService; C:\Program Files\CrashPlan\CrashPlanService.exe [222720 2012-03-26] (CrashPlan)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2009-09-03] (Alcatel-Lucent)
R2 MsDtsServer100; C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [220112 2012-08-24] (Microsoft Corporation)
R2 MSSQL$SQLEXPRESS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R2 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [58389968 2012-08-24] (Microsoft Corporation)
R2 MSSQLServerOLAPService; C:\Program Files\Microsoft SQL Server\MSAS10.MSSQLSERVER\OLAP\bin\msmdsrv.exe [43801448 2011-09-22] (Microsoft Corporation)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4737024 2008-07-29] (Microsoft Corporation)
R2 MySQL; C:\MYSQL\my.ini [8889 2010-08-22] ()
R2 ReportServer; C:\Program Files\Microsoft SQL Server\MSRS10.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2084712 2011-09-22] (Microsoft Corporation)
R2 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [440784 2012-08-24] (Microsoft Corporation)
R3 MSSQLFDLauncher; "C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe" -s MSSQL10.MSSQLSERVER [x]
S2 SessionLauncher; c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]

==================== Drivers (Whitelisted) ====================

R2 Freedom Scientific Kernel Manager {D2B4C7A7-7605-4039-89E4-DE5CC69BBE9D}; C:\Windows\system32\fsKMgr.dll [23584 2010-04-13] (Freedom Scientific BLV Group, LLC.)
R3 fsvidmir; C:\Windows\System32\DRIVERS\fsvidmir.sys [10784 2010-04-13] (Microsoft Corporation)
S3 hitmanpro36; C:\Windows\system32\drivers\hitmanpro36.sys [30496 2012-07-22] ()
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [92376 2013-10-03] (MalwareBytes)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [92376 2013-10-03] (MalwareBytes)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 MREMP50; C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [21248 2009-09-03] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MREMP50; C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [21248 2009-09-03] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MREMP50a64; C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [43008 2009-09-03] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [20096 2009-09-03] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [20096 2009-09-03] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50a64; C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [40960 2009-09-03] (Printing Communications Assoc., Inc. (PCAUSA))
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2008-07-11] (SafeNet, Inc.)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [828912 2010-07-01] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S1 RxFilter; system32\DRIVERS\RxFilter.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-10-04 06:58 - 2013-10-04 06:58 - 01954124 _____ (Farbar) C:\Users\James\Desktop\FRST64.exe
2013-10-03 22:17 - 2013-10-03 22:44 - 00000000 ____D C:\Users\James\Doctor Web
2013-10-03 22:07 - 2013-10-03 22:09 - 131606136 ____N C:\Users\James\Desktop\drweb-cureit.exe
2013-10-03 21:52 - 2013-10-03 21:52 - 00025425 _____ C:\ComboFix.txt
2013-10-03 21:26 - 2013-10-03 21:26 - 00448512 ____N (OldTimer Tools) C:\Users\James\Desktop\TFC.exe
2013-10-03 18:25 - 2013-10-03 21:53 - 00025425 ____N C:\Users\James\Desktop\ComboFix.txt
2013-10-03 15:07 - 2013-10-03 15:07 - 00000000 ____D C:\FRST
2013-10-03 15:06 - 2013-10-03 15:06 - 00000193 ____N C:\Users\James\Desktop\eset.txt
2013-10-03 13:22 - 2013-10-03 13:22 - 00000000 ____D C:\Program Files (x86)\ESET
2013-10-03 13:20 - 2013-10-03 16:41 - 00016997 ____N C:\Users\James\Desktop\AdwCleaner.txt
2013-10-03 13:04 - 2013-10-03 16:32 - 00000000 ____D C:\AdwCleaner
2013-10-03 13:04 - 2013-10-03 13:04 - 01045226 ____N C:\Users\James\Desktop\AdwCleaner.exe
2013-10-03 13:02 - 2013-10-03 13:02 - 00030567 ____N C:\Users\James\Desktop\JRT.txt
2013-10-03 12:58 - 2013-10-03 12:58 - 01030305 ____N (Thisisu) C:\Users\James\Desktop\JRT.exe
2013-10-03 12:58 - 2013-10-03 12:58 - 00000000 ____D C:\Windows\ERUNT
2013-10-03 12:52 - 2013-10-03 12:53 - 00286000 _____ C:\Windows\Minidump\100313-25599-01.dmp
2013-10-03 12:42 - 2013-10-03 12:42 - 00285184 _____ C:\Windows\Minidump\100313-26379-01.dmp
2013-10-03 12:41 - 2013-10-03 12:41 - 00000000 ____D C:\Users\James\Desktop\mbar
2013-10-03 12:32 - 2013-10-03 12:32 - 00285568 _____ C:\Windows\Minidump\100313-35661-01.dmp
2013-10-03 12:25 - 2013-10-03 12:25 - 00291376 _____ C:\Windows\Minidump\100313-31746-01.dmp
2013-10-03 12:24 - 2013-10-03 12:24 - 00092376 _____ (MalwareBytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-10-03 12:23 - 2013-10-03 12:23 - 12907592 ____N (Malwarebytes Corp.) C:\Users\James\Desktop\mbar-1.07.0.1005.exe
2013-10-03 11:33 - 2013-10-03 11:37 - 00000034 ____N C:\Users\James\Desktop\savings.txt
2013-10-03 09:00 - 2013-10-03 09:01 - 05130107 ____R (Swearware) C:\Users\James\Desktop\ComboFix.exe
2013-10-03 09:00 - 2013-10-03 09:00 - 00003024 ____N C:\Users\James\Desktop\JavaRa.log
2013-10-03 08:59 - 2013-10-03 08:59 - 00003024 _____ C:\JavaRa.log
2013-10-03 08:58 - 2013-10-03 08:58 - 00165483 ____N C:\Users\James\Desktop\JavaRa-1.16-28-5-13.zip
2013-10-03 08:58 - 2013-10-03 08:58 - 00000000 ____D C:\Users\James\Desktop\RemoveJava
2013-10-03 00:41 - 2013-10-03 00:41 - 00000212 ____N C:\Users\James\Desktop\Computer Issues - Malware Removal Help - Malwarebytes Forum.url
2013-10-02 23:41 - 2013-10-02 23:41 - 00026563 ____N C:\Users\James\Desktop\dds.txt
2013-10-02 23:41 - 2013-10-02 23:41 - 00022766 ____N C:\Users\James\Desktop\attach.txt
2013-10-02 23:40 - 2013-10-02 23:40 - 00688992 ____R (Swearware) C:\Users\James\Desktop\dds.com
2013-10-02 23:32 - 2013-10-02 23:32 - 00000197 ____N C:\Users\James\Desktop\MyStudyBible.com.url
2013-10-02 10:21 - 2013-10-03 00:48 - 00000149 ____N C:\Users\James\Desktop\wed to do.txt
2013-09-30 15:41 - 2013-09-30 15:41 - 00000194 ____N C:\Users\James\Desktop\Firewheel Bible Fellowship Garland, TX.url
2013-09-28 18:16 - 2013-09-28 18:16 - 00000214 ____N C:\Users\James\Desktop\Introducing solid food  BabyCenter.url
2013-09-28 18:11 - 2013-09-28 18:11 - 00000240 ____N C:\Users\James\Desktop\Foods that can be unsafe for your baby  BabyCenter.url
2013-09-28 09:59 - 2013-09-28 09:59 - 00000306 ____N C:\Users\James\Desktop\It's Your Turn To Thrive.  Discover Infusionsoft.url
2013-09-26 16:54 - 2013-09-26 16:54 - 00000170 ____N C:\Users\James\Desktop\Internet Marketing Houston  SEO Company & Web Design  Zizinya Website Marketing Solutions  Houston TX.url
2013-09-26 11:11 - 2013-09-26 11:11 - 00000189 ____N C:\Users\James\Desktop\Improve your Brain Health - Lumosity.url
2013-09-25 17:31 - 2013-09-25 17:31 - 00000484 ____N C:\Users\James\Desktop\12 Ways To Disappoint Your Design Clients - SitePoint.url
2013-09-20 00:22 - 2013-09-20 00:22 - 03723656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-09-18 09:18 - 2013-09-25 00:37 - 00000550 ____N C:\Users\James\Desktop\wed.txt
2013-09-18 08:50 - 2013-09-18 08:50 - 00000070 ____N C:\Users\James\Documents\BIRTHDAYS.txt
2013-09-17 20:36 - 2013-09-17 20:36 - 00000219 ____N C:\Users\James\Desktop\Developmental milestones Teething  BabyCenter.url
2013-09-17 09:32 - 2013-09-17 09:32 - 00000260 ____N C:\Users\James\Desktop\AutoTweet NG - Joomla! Extensions Directory.url
2013-09-17 09:31 - 2013-09-17 09:31 - 00000260 ____N C:\Users\James\Desktop\JoomShareBar Pro - Joomla! Extensions Directory.url
2013-09-17 09:27 - 2013-09-17 09:27 - 00000202 ____N C:\Users\James\Desktop\Ekklesia 360 - Church and Ministry Websites and CMS.url
2013-09-17 09:26 - 2013-09-17 09:26 - 00000204 ____N C:\Users\James\Desktop\Dallas Northway  The Village Church.url
2013-09-16 12:27 - 2013-09-16 12:27 - 00000218 ____N C:\Users\James\Desktop\Doctor visit worksheet The 4-month checkup  BabyCenter.url
2013-09-12 23:24 - 2013-09-12 23:24 - 00000099 _____ C:\Connector_Info.log
2013-09-12 23:24 - 2013-09-12 23:24 - 00000000 ____D C:\Users\James\AppData\Roaming\Keynote Systems
2013-09-12 04:01 - 2013-08-10 00:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-12 04:01 - 2013-08-10 00:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-12 04:01 - 2013-08-10 00:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-12 04:01 - 2013-08-10 00:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-12 04:01 - 2013-08-10 00:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-12 04:01 - 2013-08-09 22:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-12 04:01 - 2013-08-09 22:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-12 04:01 - 2013-08-09 22:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-12 04:01 - 2013-08-09 22:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-12 04:01 - 2013-08-09 22:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-12 04:01 - 2013-08-09 22:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-12 04:01 - 2013-08-09 22:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-12 04:01 - 2013-08-09 21:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-12 04:01 - 2013-08-09 21:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-12 04:00 - 2013-08-10 00:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-12 04:00 - 2013-08-10 00:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-12 04:00 - 2013-08-10 00:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-12 04:00 - 2013-08-10 00:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-12 04:00 - 2013-08-10 00:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-12 04:00 - 2013-08-10 00:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-12 04:00 - 2013-08-10 00:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-12 04:00 - 2013-08-10 00:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-12 04:00 - 2013-08-10 00:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-12 04:00 - 2013-08-09 22:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-12 04:00 - 2013-08-09 22:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-12 04:00 - 2013-08-09 22:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-12 04:00 - 2013-08-09 22:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-12 04:00 - 2013-08-09 22:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-12 04:00 - 2013-08-09 22:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-12 04:00 - 2013-08-09 22:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-12 04:00 - 2013-08-09 22:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-11 15:06 - 2013-09-11 15:06 - 00000116 _____ C:\Users\Public\Documents\SAH_Install.ini
2013-09-11 13:56 - 2013-09-11 13:56 - 00000210 ____N C:\Users\James\Desktop\AT&T Trade-in Program - Get an AT&T promotion card when you trade in your cell phone.url
2013-09-11 09:03 - 2013-08-07 20:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-11 09:03 - 2013-08-04 21:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-11 09:03 - 2013-08-01 21:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-11 09:03 - 2013-08-01 21:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-11 09:03 - 2013-08-01 21:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-09-11 09:03 - 2013-08-01 21:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-09-11 09:03 - 2013-08-01 21:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-09-11 09:03 - 2013-08-01 21:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-11 09:03 - 2013-08-01 21:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-09-11 09:03 - 2013-08-01 21:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-11 09:03 - 2013-08-01 21:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-11 09:03 - 2013-08-01 21:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-11 09:03 - 2013-08-01 21:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-11 09:03 - 2013-08-01 21:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 21:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 21:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 21:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 21:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 21:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 21:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 21:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 20:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-11 09:03 - 2013-08-01 20:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-11 09:03 - 2013-08-01 20:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-11 09:03 - 2013-08-01 20:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-11 09:03 - 2013-08-01 20:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-11 09:03 - 2013-08-01 20:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-11 09:03 - 2013-08-01 20:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-11 09:03 - 2013-08-01 20:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 20:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 20:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-11 09:03 - 2013-08-01 19:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-11 09:03 - 2013-08-01 19:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-11 09:03 - 2013-08-01 19:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-11 09:03 - 2013-08-01 19:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-11 09:03 - 2013-08-01 19:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-11 09:03 - 2013-08-01 19:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 19:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 19:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-11 09:03 - 2013-08-01 19:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-11 09:03 - 2013-07-25 21:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-11 09:03 - 2013-07-25 21:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-11 09:03 - 2013-07-25 20:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-11 09:03 - 2013-07-25 20:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-09-11 07:13 - 2013-09-11 07:13 - 00000221 ____N C:\Users\James\Desktop\Ultimate WordPress Theme Builder Plugin deal - MightyDeals.url
2013-09-11 01:27 - 2013-09-11 01:27 - 00000244 ____N C:\Users\James\Desktop\529 plans becoming top savings option - USATODAY.com.url
2013-09-09 22:14 - 2013-09-25 16:16 - 00000000 ____D C:\Users\James\Desktop\Young Adults
2013-09-08 14:50 - 2013-09-15 16:42 - 00000000 ____D C:\Users\James\Documents\RAs
2013-09-08 14:20 - 2013-09-11 15:17 - 00000000 ____D C:\Users\James\Desktop\Coupons
2013-09-07 14:00 - 2013-09-12 23:17 - 00000000 ____D C:\Users\James\Desktop\Surveys

==================== One Month Modified Files and Folders =======

2013-10-04 06:58 - 2013-10-04 06:58 - 01954124 _____ (Farbar) C:\Users\James\Desktop\FRST64.exe
2013-10-04 06:51 - 2009-07-14 00:10 - 01617085 _____ C:\Windows\WindowsUpdate.log
2013-10-04 06:23 - 2010-08-28 23:59 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-04 06:22 - 2012-06-05 14:52 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-04 06:00 - 2010-05-02 01:33 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2482222888-3877877194-96238860-1000UA.job
2013-10-04 02:00 - 2012-05-13 23:45 - 00000510 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task f7bc7068-c2fd-4a47-9975-b63ad374073a.job
2013-10-03 23:45 - 2012-05-13 23:45 - 00000510 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 6b76aca1-24e7-4e75-a3c3-b5e5e6079c7b.job
2013-10-03 22:59 - 2009-07-13 23:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-03 22:59 - 2009-07-13 23:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-03 22:50 - 2010-08-28 23:59 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-03 22:49 - 2012-03-11 02:00 - 00010597 _____ C:\Windows\setupact.log
2013-10-03 22:49 - 2009-11-18 14:28 - 00751314 _____ C:\Windows\PFRO.log
2013-10-03 22:49 - 2009-11-18 12:33 - 00000000 ____D C:\ProgramData\NVIDIA
2013-10-03 22:49 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-03 22:44 - 2013-10-03 22:17 - 00000000 ____D C:\Users\James\Doctor Web
2013-10-03 22:17 - 2009-11-21 23:46 - 00000000 ____D C:\Users\James
2013-10-03 22:09 - 2013-10-03 22:07 - 131606136 ____N C:\Users\James\Desktop\drweb-cureit.exe
2013-10-03 22:03 - 2012-07-15 16:27 - 00000000 ____D C:\Users\James\AppData\Local\TeamSpeak 3 Client
2013-10-03 22:03 - 2011-06-18 16:11 - 00000000 ____D C:\Program Files (x86)\NCH Swift Sound
2013-10-03 22:01 - 2013-06-25 22:05 - 00000000 ____D C:\Program Files (x86)\Wondershare
2013-10-03 21:53 - 2013-10-03 18:25 - 00025425 ____N C:\Users\James\Desktop\ComboFix.txt
2013-10-03 21:52 - 2013-10-03 21:52 - 00025425 _____ C:\ComboFix.txt
2013-10-03 21:52 - 2012-08-08 00:38 - 00000000 ____D C:\Qoobox
2013-10-03 21:50 - 2009-07-13 21:34 - 00000215 _____ C:\Windows\system.ini
2013-10-03 21:26 - 2013-10-03 21:26 - 00448512 ____N (OldTimer Tools) C:\Users\James\Desktop\TFC.exe
2013-10-03 18:11 - 2013-08-07 07:17 - 00011304 ____N C:\Users\James\Documents\Children DVDs.xlsx
2013-10-03 16:41 - 2013-10-03 13:20 - 00016997 ____N C:\Users\James\Desktop\AdwCleaner.txt
2013-10-03 16:32 - 2013-10-03 13:04 - 00000000 ____D C:\AdwCleaner
2013-10-03 16:20 - 2010-11-22 02:11 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-10-03 15:07 - 2013-10-03 15:07 - 00000000 ____D C:\FRST
2013-10-03 15:06 - 2013-10-03 15:06 - 00000193 ____N C:\Users\James\Desktop\eset.txt
2013-10-03 13:22 - 2013-10-03 13:22 - 00000000 ____D C:\Program Files (x86)\ESET
2013-10-03 13:04 - 2013-10-03 13:04 - 01045226 ____N C:\Users\James\Desktop\AdwCleaner.exe
2013-10-03 13:02 - 2013-10-03 13:02 - 00030567 ____N C:\Users\James\Desktop\JRT.txt
2013-10-03 12:58 - 2013-10-03 12:58 - 01030305 ____N (Thisisu) C:\Users\James\Desktop\JRT.exe
2013-10-03 12:58 - 2013-10-03 12:58 - 00000000 ____D C:\Windows\ERUNT
2013-10-03 12:53 - 2013-10-03 12:52 - 00286000 _____ C:\Windows\Minidump\100313-25599-01.dmp
2013-10-03 12:52 - 2010-07-04 10:16 - 00000000 ____D C:\Windows\Minidump
2013-10-03 12:52 - 2010-07-04 10:15 - 656046795 _____ C:\Windows\MEMORY.DMP
2013-10-03 12:42 - 2013-10-03 12:42 - 00285184 _____ C:\Windows\Minidump\100313-26379-01.dmp
2013-10-03 12:41 - 2013-10-03 12:41 - 00000000 ____D C:\Users\James\Desktop\mbar
2013-10-03 12:32 - 2013-10-03 12:32 - 00285568 _____ C:\Windows\Minidump\100313-35661-01.dmp
2013-10-03 12:25 - 2013-10-03 12:25 - 00291376 _____ C:\Windows\Minidump\100313-31746-01.dmp
2013-10-03 12:24 - 2013-10-03 12:24 - 00092376 _____ (MalwareBytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-10-03 12:23 - 2013-10-03 12:23 - 12907592 ____N (Malwarebytes Corp.) C:\Users\James\Desktop\mbar-1.07.0.1005.exe
2013-10-03 11:37 - 2013-10-03 11:33 - 00000034 ____N C:\Users\James\Desktop\savings.txt
2013-10-03 09:46 - 2009-11-21 23:46 - 00000000 ___RD C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-03 09:36 - 2009-07-13 22:20 - 00000000 __RHD C:\Users\Default
2013-10-03 09:01 - 2013-10-03 09:00 - 05130107 ____R (Swearware) C:\Users\James\Desktop\ComboFix.exe
2013-10-03 09:00 - 2013-10-03 09:00 - 00003024 ____N C:\Users\James\Desktop\JavaRa.log
2013-10-03 08:59 - 2013-10-03 08:59 - 00003024 _____ C:\JavaRa.log
2013-10-03 08:59 - 2009-11-18 12:34 - 00000000 ____D C:\Program Files (x86)\Java
2013-10-03 08:58 - 2013-10-03 08:58 - 00165483 ____N C:\Users\James\Desktop\JavaRa-1.16-28-5-13.zip
2013-10-03 08:58 - 2013-10-03 08:58 - 00000000 ____D C:\Users\James\Desktop\RemoveJava
2013-10-03 08:00 - 2010-05-02 01:33 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2482222888-3877877194-96238860-1000Core.job
2013-10-03 00:48 - 2013-10-02 10:21 - 00000149 ____N C:\Users\James\Desktop\wed to do.txt
2013-10-03 00:41 - 2013-10-03 00:41 - 00000212 ____N C:\Users\James\Desktop\Computer Issues - Malware Removal Help - Malwarebytes Forum.url
2013-10-02 23:41 - 2013-10-02 23:41 - 00026563 ____N C:\Users\James\Desktop\dds.txt
2013-10-02 23:41 - 2013-10-02 23:41 - 00022766 ____N C:\Users\James\Desktop\attach.txt
2013-10-02 23:40 - 2013-10-02 23:40 - 00688992 ____R (Swearware) C:\Users\James\Desktop\dds.com
2013-10-02 23:32 - 2013-10-02 23:32 - 00000197 ____N C:\Users\James\Desktop\MyStudyBible.com.url
2013-10-02 22:41 - 2010-04-18 18:01 - 00000000 ____D C:\Users\James\Documents\Dave Ramsey
2013-10-02 12:53 - 2011-02-20 21:15 - 00000000 ____D C:\Users\James\Documents\Ragan
2013-10-01 08:25 - 2011-10-06 11:15 - 00000000 ____D C:\Users\James\Documents\FSCEN
2013-09-30 15:41 - 2013-09-30 15:41 - 00000194 ____N C:\Users\James\Desktop\Firewheel Bible Fellowship Garland, TX.url
2013-09-30 15:21 - 2012-11-07 20:32 - 00000000 ____D C:\Users\James\Documents\Bills
2013-09-28 18:16 - 2013-09-28 18:16 - 00000214 ____N C:\Users\James\Desktop\Introducing solid food  BabyCenter.url
2013-09-28 18:11 - 2013-09-28 18:11 - 00000240 ____N C:\Users\James\Desktop\Foods that can be unsafe for your baby  BabyCenter.url
2013-09-28 09:59 - 2013-09-28 09:59 - 00000306 ____N C:\Users\James\Desktop\It's Your Turn To Thrive.  Discover Infusionsoft.url
2013-09-27 01:05 - 2009-11-21 13:13 - 00000000 ____D C:\Users\James\AppData\Roaming\Adobe
2013-09-26 16:54 - 2013-09-26 16:54 - 00000170 ____N C:\Users\James\Desktop\Internet Marketing Houston  SEO Company & Web Design  Zizinya Website Marketing Solutions  Houston TX.url
2013-09-26 11:11 - 2013-09-26 11:11 - 00000189 ____N C:\Users\James\Desktop\Improve your Brain Health - Lumosity.url
2013-09-25 22:37 - 2009-07-14 00:13 - 01012152 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-25 17:31 - 2013-09-25 17:31 - 00000484 ____N C:\Users\James\Desktop\12 Ways To Disappoint Your Design Clients - SitePoint.url
2013-09-25 16:16 - 2013-09-09 22:14 - 00000000 ____D C:\Users\James\Desktop\Young Adults
2013-09-25 00:37 - 2013-09-18 09:18 - 00000550 ____N C:\Users\James\Desktop\wed.txt
2013-09-24 13:14 - 2013-08-08 23:20 - 00000000 ____D C:\Users\James\Desktop\Review
2013-09-20 00:22 - 2013-09-20 00:22 - 03723656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-09-20 00:22 - 2012-06-05 14:52 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-20 00:22 - 2012-06-05 14:52 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-20 00:22 - 2011-09-11 23:18 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-18 08:50 - 2013-09-18 08:50 - 00000070 ____N C:\Users\James\Documents\BIRTHDAYS.txt
2013-09-17 20:36 - 2013-09-17 20:36 - 00000219 ____N C:\Users\James\Desktop\Developmental milestones Teething  BabyCenter.url
2013-09-17 09:32 - 2013-09-17 09:32 - 00000260 ____N C:\Users\James\Desktop\AutoTweet NG - Joomla! Extensions Directory.url
2013-09-17 09:31 - 2013-09-17 09:31 - 00000260 ____N C:\Users\James\Desktop\JoomShareBar Pro - Joomla! Extensions Directory.url
2013-09-17 09:27 - 2013-09-17 09:27 - 00000202 ____N C:\Users\James\Desktop\Ekklesia 360 - Church and Ministry Websites and CMS.url
2013-09-17 09:26 - 2013-09-17 09:26 - 00000204 ____N C:\Users\James\Desktop\Dallas Northway  The Village Church.url
2013-09-16 12:27 - 2013-09-16 12:27 - 00000218 ____N C:\Users\James\Desktop\Doctor visit worksheet The 4-month checkup  BabyCenter.url
2013-09-15 16:42 - 2013-09-08 14:50 - 00000000 ____D C:\Users\James\Documents\RAs
2013-09-13 03:09 - 2009-11-18 12:40 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-12 23:24 - 2013-09-12 23:24 - 00000099 _____ C:\Connector_Info.log
2013-09-12 23:24 - 2013-09-12 23:24 - 00000000 ____D C:\Users\James\AppData\Roaming\Keynote Systems
2013-09-12 23:17 - 2013-09-07 14:00 - 00000000 ____D C:\Users\James\Desktop\Surveys
2013-09-12 14:50 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2013-09-12 08:50 - 2012-01-30 07:22 - 00000000 ___RD C:\Users\James\Virtual Machines
2013-09-12 08:50 - 2009-11-21 23:46 - 00000000 ___RD C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-12 04:23 - 2009-07-13 23:45 - 02437776 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-12 04:00 - 2013-07-13 03:13 - 00000000 ____D C:\Windows\system32\MRT
2013-09-12 03:53 - 2010-03-30 17:38 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-11 23:21 - 2009-11-21 23:46 - 00146024 _____ C:\Users\James\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-11 15:17 - 2013-09-08 14:20 - 00000000 ____D C:\Users\James\Desktop\Coupons
2013-09-11 15:06 - 2013-09-11 15:06 - 00000116 _____ C:\Users\Public\Documents\SAH_Install.ini
2013-09-11 13:56 - 2013-09-11 13:56 - 00000210 ____N C:\Users\James\Desktop\AT&T Trade-in Program - Get an AT&T promotion card when you trade in your cell phone.url
2013-09-11 08:18 - 2013-09-01 23:20 - 00022531 ____N C:\Users\James\Desktop\august.xlsx
2013-09-11 07:13 - 2013-09-11 07:13 - 00000221 ____N C:\Users\James\Desktop\Ultimate WordPress Theme Builder Plugin deal - MightyDeals.url
2013-09-11 01:27 - 2013-09-11 01:27 - 00000244 ____N C:\Users\James\Desktop\529 plans becoming top savings option - USATODAY.com.url
2013-09-09 17:38 - 2013-03-04 16:28 - 00000000 ____D C:\Users\James\Documents\To do Charts
2013-09-08 15:51 - 2013-05-23 13:23 - 00000000 ____D C:\Users\James\Desktop\elijah

Some content of TEMP:
====================
C:\Users\James\AppData\Local\Temp\uninst.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-10-01 00:29

==================== End Of Log ============================

Addition.txt

Link to post
Share on other sites

  • Root Admin

Okay nothing evil found there. So up to you but as said I would look at uninstalling software no longer used and disabling the automatic startup of programs that start every time the computer starts. If you'd like to do that and want help let me know otherwise we should be about done here.

Link to post
Share on other sites

Yeah I'm going through all the software and moving some that I only use 1-2 time a year to an external drive to clean some of this up and only keep the stuff I use regularly on this computer.

 

Do you have any good tutorial about cleaning up the auto startup of programs? That I would be curious to find out.

 

Appreciate the help and if you have a paypal account please PM your email for it. I'd like to give you a little something so you can go have a meal on me. Thx.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.