Jump to content

Scorpion Saver, Metacrawler and Ividi Infection--related?


Sdart

Recommended Posts

Hi all,

I seem to have recently acquired a real nasty virus. Metacrawler pops up whenever I open Google Chrome and prohibits me from visiting most all websites. Ividi appears in another window and does the same. The message I receive is "SSL Connection Error." I go to my control panel to try and remove these bugs and nothing appears besides Scorpion Saver. Then, when I try to uninstall it, it says it cannot be found. I have run scans from Metacrawler and Spybot and they detect nothing. I am totally out of ideas. Clearly I am infected pretty badly. I have done my best to follow previous threads trying to troubleshoot this thing but to no avail. Can anyone please help me!?


What follows here are 2 scan results. The first from Adware and the second from Malware Bytes:

# AdwCleaner v3.012 - Report created 19/11/2013 at 16:37:08

# Updated 11/11/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Sean - LAPPY
# Running from : C:\Users\Sean\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\Program Files (x86)\BonanzaDeals
Folder Deleted : C:\Users\Sean\AppData\Local\apn
Folder Deleted : C:\Users\Sean\AppData\Local\webplayer
Folder Deleted : C:\Users\Sean\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Sean\AppData\LocalLow\Softonic
Folder Deleted : C:\Users\Sean\AppData\Roaming\MetaCrawler
Folder Deleted : C:\Users\Sean\AppData\Roaming\Systweak
File Deleted : C:\windows\System32\roboot64.exe
File Deleted : C:\windows\System32\Tasks\RegClean Pro

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateBatBrowse_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateBatBrowse_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\BI
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\Webplayer
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16686

-\\ Google Chrome v

[ File : C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [2563 octets] - [19/11/2013 16:35:16]
AdwCleaner[s0].txt - [2423 octets] - [19/11/2013 16:37:08]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2483 octets] ##########

 

And the Malware Bytes one:

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.17.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16686
Sean :: LAPPY [administrator]

Protection: Enabled

11/19/2013 4:43:18 PM
mbam-log-2013-11-19 (16-43-18).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 209401
Time elapsed: 4 minute(s), 33 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Sean\Downloads\SoftonicDownloader_for_erunt.exe (PUP.Optional.Softonic.A) -> Quarantined and deleted successfully.

(end)

Attached are my DDS and attach logs.
Thank you so much for your time!

Sean

attach.txt

dds.txt

Link to post
Share on other sites

Also, here is my RogueKiller report. FYI, I also ran Adwcleaner. Thank you!
 

RogueKiller V8.7.8 [Nov 14 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Sean [Admin rights]
Mode : Remove -- Date : 11/19/2013 11:39:47
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
 
¤¤¤ Scheduled tasks : 2 ¤¤¤
[V1][sUSP PATH] AffiliatedUpdate.job : C:\Users\Sean\AppData\Roaming\AFFILI~1\UPDATE~1\UPDATE~1.EXE - /Check [x] -> DELETED
[V2][sUSP PATH] AffiliatedUpdate : C:\Users\Sean\AppData\Roaming\AFFILI~1\UPDATE~1\UPDATE~1.EXE - /Check [x] -> DELETED
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
127.0.0.1 localhost
::1 localhost
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST750LM022 HN-M750MBB +++++
--- User ---
[MBR] 0288cfe5e78e82912419db760c3ff3b4
[bSP] 3461133055dd1b80a934ea334e80c3d7 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 20000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 41166848 | Size: 695302 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_D_11192013_113947.txt >>
RKreport[0]_S_11192013_113416.txt
 
 
Sean
Link to post
Share on other sites

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

   

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Next,

 

Download OTL from any of the following links and save to your desktop.

 

http://itxassociates.com/OT-Tools/OTL.com

http://oldtimer.geekstogo.com/OTL.exe

http://www.itxassociates.com/OT-Tools/OTL.scr

 

Double click the OTL icon to start the tool. (Note: If you are running on Vista or Windows 7 accept UAC alert)

 


  When the window appears, underneath Output at the top, make sure Standard output is selected.
Select Scan all users
Change Drivers to All
Under the Extra Registry section, check Use SafeList
In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
Click Run Scan and let the program run uninterrupted.
When the scan is complete, two text files will be created on your Desktop.
OTL.Txt <- this one will be opened
Extras.txt <- this one will be minimized

 

Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of OTL.Txt and the Extras.txt in your next reply.

Kevin...

Link to post
Share on other sites

Hiya Sean,

 

It would seem Combofix has been run on your system at some point, if you have recent CF log please post that. Maybe here C:\Combofix.txt

 

Next,

 

If Spybots teatimer is active please turn off for now:

 

1. Right click Spybot in the System Tray (looks like a calendar with a padlock symbol ) and choose Exit Spybot S&D Resident

2. Run Spybot S&D

3. Go to the Mode menu, and make sure Advanced Mode is selected.

4. On the left hand side, choose Tools > Resident > uncheck Resident TeaTimer and OK any prompt and Restart your computer.

 

Note: If TeaTimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.

 

Next,

 

Re-Run otlDesktopIcon.png  by double left click, Vista and Widows 7 users accept UAC alert.

  • Under the customFix.png box at the bottom, paste in the following, start with and include the colon plus OTL . :OTL

    :OTLIE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a=dsites&cd=2XzuyEtN2Y1L1QzuyCyE0DyE0D0AyCzz0FyCyCyEzzyC0DyEtN0D0Tzu0SyCzzzytN1L2XzutBtFtBtFtCtAtFtCtAtAzztN1L1CzutCtD1B1P1R&cr=399702877&ir=IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a=dsites&cd=2XzuyEtN2Y1L1QzuyCyE0DyE0D0AyCzz0FyCyCyEzzyC0DyEtN0D0Tzu0SyCzzzytN1L2XzutBtFtBtFtCtAtFtCtAtAzztN1L1CzutCtD1B1P1R&cr=399702877&ir=IE - HKU\S-1-5-21-2959331061-3114946027-3341037765-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a=dsites&cd=2XzuyEtN2Y1L1QzuyCyE0DyE0D0AyCzz0FyCyCyEzzyC0DyEtN0D0Tzu0SyCzzzytN1L2XzutBtFtBtFtCtAtFtCtAtAzztN1L1CzutCtD1B1P1R&cr=399702877&ir=IE - HKU\S-1-5-21-2959331061-3114946027-3341037765-1000\..\SearchScopes,DefaultScope = {77AA745B-F4F8-45DA-9B14-61D2D95054C8}IE - HKU\S-1-5-21-2959331061-3114946027-3341037765-1000\..\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}: "URL" = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites&cd=2XzuyEtN2Y1L1QzuyCyE0DyE0D0AyCzz0FyCyCyEzzyC0DyEtN0D0Tzu0SyCzzzytN1L2XzutBtFtBtFtCtAtFtCtAtAzztN1L1CzutCtD1B1P1R&cr=399702877&ir=CHR - Extension: BuzzSearch = C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhjjdgbhohaallcimgcmakfiobacimkm\1.0.0_0\CHR - Extension: MySearchDial New Tab = C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.1.1_0\O2 - BHO: (ScorpionSaver) - {10AD2C61-0898-4348-8600-14A342F22AC3} - C:\Program Files (x86)\ScorpionSaver\IECore.dll File not foundO2 - BHO: (BuzzSearch) - {5cf5a690-c8f4-488e-9d20-f21aef602d41} - C:\Program Files (x86)\BuzzSearch\BuzzSearchBHO.dll (BuzzSearch)O2 - BHO: (mysearchdial Helper Object) - {EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} - C:\Program Files (x86)\Mysearchdial\1.8.21.0\bh\mysearchdial.dll (Ironsource Israel (2011) LTD)O3 - HKLM\..\Toolbar: (mysearchdial Toolbar) - {3004627E-F8E9-4E8B-909D-316753CBA923} - C:\Program Files (x86)\Mysearchdial\1.8.21.0\mysearchdialTlbr.dll (Ironsource Israel (2011) LTD)[2013/11/19 20:27:35 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z[2013/11/19 20:27:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BuzzSearch[2013/11/19 20:25:42 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Roaming\mysearchdial[2013/11/19 20:25:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mysearchdial[2013/11/19 20:25:29 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Roaming\DigitalSite[2013/11/17 16:36:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ScorpionSaver[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ][1 C:\Users\Sean\Documents\*.tmp files -> C:\Users\Sean\Documents\*.tmp -> ][2013/11/20 16:02:02 | 000,000,288 | ---- | M] () -- C:\windows\tasks\MySearchDial.job[2013/11/20 16:02:02 | 000,000,288 | ---- | M] () -- C:\windows\tasks\DigitalSite.job[2013/11/19 20:25:43 | 000,000,385 | ---- | M] () -- C:\Users\Sean\Desktop\MySearchDial.url[2013/11/19 20:25:43 | 000,000,380 | ---- | M] () -- C:\Users\Sean\Desktop\FREE Games.url[2013/11/19 20:25:42 | 000,351,124 | ---- | M] () -- C:\Users\Sean\AppData\Local\mysearchdial-speeddial.crx[2013/11/19 20:25:46 | 000,000,288 | ---- | C] () -- C:\windows\tasks\MySearchDial.job[2013/11/19 20:25:45 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\mysearchdial[2013/11/20 16:08:57 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\uTorrent:Reg64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"BuzzSearch"=-[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{273E1F1A-7B1A-436C-A783-A4A8C97AD036}"=-"mysearchdial"=-[HKEY_USERS\S-1-5-21-2959331061-3114946027-3341037765-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"DigitalSite"=-:Commands[emptytemp][CREATERESTOREPOINT]
  • Then click runFixbutton.png button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply.



Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start > All Programs > Accessories > Notepad), click File > Open, in the File Name box enter  *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

 

Next,

 

Run Malwarebytes,  Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware,

Make sure that everything is checked, and click Remove Selected on any found items.

Post the produced log
 

Next,

 

Double click on OTL to run it again. Make sure all other windows are closed and to let it run uninterrupted.

When the main interface opens change the Standard Registry box to All

Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.

Please copy (Edit > Select All, Edit > Copy) the contents of this file and post it with your next reply.

 

Post those logs in next reply...

 

Kevin

Link to post
Share on other sites

Hi Kevin,

I got all the way through pasting the OTL log into OTL, but every time I tried to run the scan...my computer froze. The black text at the bottom of the screen says "processing Registry data 64bit:[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\windows\CurrentVersion\Uninstall]..." every time. I have tried running it with the default OTL settings and also your specified settings you sent me in the previous message. Freezes right at this part every time regardless. Any ideas?

Thank you! 


Sean

Link to post
Share on other sites

Re-Run otlDesktopIcon.png  by double left click, Vista and Widows 7 users accept UAC alert.



Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start > All Programs > Accessories > Notepad), click File > Open, in the File Name box enter  *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


Next,

 

Run Malwarebytes,  Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick FULL scan

Make sure that everything is checked, and click Remove Selected on any found items.

Post the produced log..

 

Next,

 

Download Security Check by screen317 from either of the following:
http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe
Save it to your Desktop. (If your security alerts either accept the alert, or turn the security off while Secuirity Check runs)
Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.
 

Let me see those logs, give an update on any remaining issues or concerns...

 

Kevin

 

 

Link to post
Share on other sites

Download Zoek.zip from here http://www.hijackthis.nl/smeenk/220813/zoek.zip and save that zip file to your Desktop.

 

Double click zip file and extract to your  Desktop:

 

 

Zoekd.jpg

 

 

you will now have 3 versions of the tool on the Desktop:

 

 

Zoeke.jpg

 

Before running Zoek make sure all Browsers are closed and Security is turned OFF.Check at the following link: http://www.techsupportforum.com/forums/f50/how-to-disable-your-security-applications-490111.html[/url

 

Double click on each in turn until one version of Zoek will run (accept UAC) The following window will open:

 

 

Zoekb.jpg

 

 

Copy and paste the following script from the code box and paste into the field.

emptyclsid;firefoxlook;FFdefaults;Chromelook;CHRdefaults;autoclean;iedefaults;filesrcm;startupall;silentrunners;

Select the "Run Script" tab. The following window will open:

 

 

 

Zoekc.jpg

 

 

 

Please be patient and do not use the PC when the scan is in progress.

 

When complete you maybe asked to re-boot your PC, if so please do

 

Zoekf.jpg

 

Post the produced log in your next reply…..

Link to post
Share on other sites

Good afternoon, Kevin, 

I ran the scan. Here are the results. Thank you so much for your time. 

Best, 

Sean

 

 
Zoek.exe Version 4.0.0.5 Updated 14-November-2013
Tool run by Sean on Fri 11/22/2013 at 11:12:18.01.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Sean\Desktop\zoek.exe [script inserted] 
 
==== System Restore Info ======================
 
11/22/2013 11:14:10 AM Zoek.exe System Restore Point Created Succesfully.
 
==== Deleting CLSID Registry Keys ======================
 
HKEY_USERS\S-1-5-21-2959331061-3114946027-3341037765-1000\Software\Microsoft\Internet Explorer\SearchScopes\{447E1E6C-2F74-4C2C-839B-B2E688AF0186} deleted successfully
 
==== Deleting CLSID Registry Values ======================
 
 
==== Deleting Services ======================
 
 
==== Deleting Files \ Folders ======================
 
C:\PROGRA~2\COMMON~1\DVDVideoSoft\bin deleted
C:\windows\SysNative\Tasks\MySearchDial deleted
C:\windows\SysNative\tasks\DigitalSite deleted
C:\Users\Sean\Desktop\My Documents\My Music\iLividSetupV1.exe deleted
C:\Users\Sean\Desktop\My Documents\My Videos\iLividSetupV1.exe deleted
 
==== Startup Registry Enabled ======================
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dell Webcam Central"="C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe /mode2"
"IAStorIcon"="C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe"
"Dell Registration"="C:\Program Files (x86)\System Registration\prodreg.exe /boot"
"RoxWatchTray"="c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
"Desktop Disc Tool"="c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
"Dell DataSafe Online"="C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe"
"Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime"
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"DivXMediaServer"="C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe"
"DivXUpdate"="C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe /CHECKNOW"
"AccuWeatherWidget"=""C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup"
 
==== Startup Registry Enabled x64 ======================
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"Apoint"="C:\Program Files\DellTPad\Apoint.exe"
"IntelTBRunOnce"="wscript.exe //b //nologo C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
"IntelPAN"="C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe /tf Intel PAN Tray"
"BTMTrayAgent"="rundll32.exe C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll,TrayApp"
"MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey"
"MacDrive 9 application"="C:\Program Files\Mediafour\MacDrive 9\MacDrive.exe"
"SysTrayApp"="C:\Program Files\IDT\WDM\sttray64.exe"
"DellStage"=""C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup"
 
==== Startup Folders ======================
 
2013-11-14 13:59:54 995 ----a-w- C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
 
==== Task Scheduler Jobs ======================
 
C:\windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [04/13/2012 07:34 PM]
C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2959331061-3114946027-3341037765-1000Core.job --a------ [undetermined Task]
 
==== Other Scheduled Tasks ======================
 
"C:\windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-2959331061-3114946027-3341037765-1000Core" [C:\Users\Sean\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-2959331061-3114946027-3341037765-1000UA" [C:\Users\Sean\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\windows\SysNative\tasks\PCDEventLauncherTask" ["C:\Program Files\My Dell\sessionchecker.exe"]
"C:\windows\SysNative\tasks\PCDoctorBackgroundMonitorTask" ["C:\Program Files\My Dell\uaclauncher.exe"]
"C:\windows\SysNative\tasks\SystemToolsDailyTest" ["uaclauncher.exe"]
"C:\windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]
"C:\windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]
 
==== Chrome Look ======================
 
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
hmhfbmpdiffkamakhdbcgojfnbnlcenm - C:\ProgramData\Microsoft\Windows\DRM\Server\notificatoin_1.0.0.crx[10/28/2013 03:01 PM]
jhjjdgbhohaallcimgcmakfiobacimkm - C:\Program Files (x86)\BuzzSearch\jhjjdgbhohaallcimgcmakfiobacimkm.crx[]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx[10/09/2013 10:59 AM]
 
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
hmhfbmpdiffkamakhdbcgojfnbnlcenm - C:\ProgramData\Microsoft\Windows\DRM\Server\notificatoin_1.0.0.crx[10/28/2013 03:01 PM]
 
Google Drive - Sean - Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Sean - Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Sean - Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Wallet - Sean - Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Sean - Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
 
==== Chrome Fix ======================
 
C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.softonic.com_0.localstorage deleted successfully
C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.softonic.com_0.localstorage-journal deleted successfully
 
==== Set IE to Default ======================
 
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
 
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
 
==== All HKCU SearchScopes ======================
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR"
{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} Unknown  Url="Not_Found"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
 
==== Reset Google Chrome ======================
 
C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
 
==== Deleting CLSID Registry Keys ======================
 
HKEY_USERS\S-1-5-21-2959331061-3114946027-3341037765-1000\Software\Microsoft\Internet Explorer\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} deleted successfully
 
==== Deleting CLSID Registry Values ======================
 
 
==== Deleting Registry Keys ======================
 
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\jhjjdgbhohaallcimgcmakfiobacimkm deleted successfully
 
==== Silent Runners ======================
 
"Silent Runners.vbs", revision 69.2, http://www.silentrunners.org/
Output limited to non-default values, except where indicated by "{++}"
 
 
Startup items buried in registry:
---------------------------------
 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
IgfxTray = C:\Windows\system32\igfxtray.exe [intel Corporation]
HotKeysCmds = C:\Windows\system32\hkcmd.exe [intel Corporation]
Persistence = C:\Windows\system32\igfxpers.exe [intel Corporation]
SysTrayApp = C:\Program Files\IDT\WDM\sttray64.exe
Apoint = C:\Program Files\DellTPad\Apoint.exe [Alps Electric Co., Ltd.]
IntelTBRunOnce = wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" [MS]
IntelPAN = "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray [intel® Corporation]
BTMTrayAgent = rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp [MS]
DellStage = "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup
MSC = "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [MS]
MacDrive 9 application = "C:\Program Files\Mediafour\MacDrive 9\MacDrive.exe" [Mediafour Corporation]
 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ {++}
Dell Webcam Central = "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [Creative Technology Ltd]
IAStorIcon = C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [null data]
Dell Registration = C:\Program Files (x86)\System Registration\prodreg.exe /boot [Dell, Inc.]
(Default) = (empty string) [file not found]
RoxWatchTray = "c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [sonic Solutions]
Desktop Disc Tool = "c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [null data]
Dell DataSafe Online = C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [Dell, Inc.]
Adobe Reader Speed Launcher = "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [Adobe Systems Incorporated]
Adobe ARM = "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [Adobe Systems Incorporated]
AccuWeatherWidget = "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
APSDaemon = "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [Apple Inc.]
SunJavaUpdateSched = "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [sun Microsystems, Inc.]
QuickTime Task = "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [Apple Inc.]
iTunesHelper = "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [Apple Inc.]
DivXMediaServer = C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [DivX, LLC]
DivXUpdate = "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [null data]
 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
 
{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
  -> {HKLM...CLSID} = Windows Live ID Sign-in Helper
                   \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS]
  -> {HKLM...Wow...CLSID} = Windows Live ID Sign-in Helper
                         \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS]
 
{B4F3A835-0E21-4959-BA22-42B3008E02FF}\(Default) = URLRedirectionBHO
  -> {HKLM...CLSID} = Office Document Cache Handler
                   \InProcServer32\(Default) = C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL [MS]
  -> {HKLM...Wow...CLSID} = Office Document Cache Handler
                         \InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [MS]
 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
 
{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
  -> {HKLM...CLSID} = Windows Live ID Sign-in Helper
                   \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS]
  -> {HKLM...Wow...CLSID} = Windows Live ID Sign-in Helper
                         \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS]
 
{B4F3A835-0E21-4959-BA22-42B3008E02FF}\(Default) = (no title provided)
  -> {HKLM...CLSID} = Office Document Cache Handler
                   \InProcServer32\(Default) = C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL [MS]
  -> {HKLM...Wow...CLSID} = Office Document Cache Handler
                         \InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [MS]
 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\
 
MacDriveVolumeIcon\(Default) = {6B21AF46-EE37-40D0-A707-C06C17D06CE9}
  -> {HKLM...CLSID} = MacDrive volume icons
                   \InProcServer32\(Default) = C:\Program Files\Mediafour\MacDrive 9\MDVolumeIcons.dll [Mediafour Corporation]
 
MacDriveVolumeIconReadOnly\(Default) = {E9BC4DCA-0A4E-4C65-9D40-621C9D0CDC5F}
  -> {HKLM...CLSID} = MacDrive volume icons (read-only)
                   \InProcServer32\(Default) = C:\Program Files\Mediafour\MacDrive 9\MDVolumeIcons.dll [Mediafour Corporation]
 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
 
{9D843851-50AA-46EE-829A-784DEBA4716C} = Bluetooth Property Page Extension
  -> {HKLM...CLSID} = CPropertySheetExtension Object
                   \InProcServer32\(Default) = C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [intel Corporation]
 
{B8DA2B41-7468-4E82-B62C-CB4A0C9158FE} = Bluetooth Context Menu Extension
  -> {HKLM...CLSID} = CContextMenuHandler Object
                   \InProcServer32\(Default) = C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [intel Corporation]
 
{0A7D34C2-E9DA-48A1-9E34-0CDFC2DE3B44} = Bluetooth Send To Wizard
  -> {HKLM...CLSID} = CSendToContextMenu Object
                   \InProcServer32\(Default) = C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [intel Corporation]
 
{7F67036B-66F1-411A-AD85-759FB9C5B0DB} = ShellViewRTF
  -> {HKLM...CLSID} = ShellViewRTF
                   \InProcServer32\(Default) = C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\PROTECTRP\Shellvrtf64.dll [XSS]
 
{09A47860-11B0-4DA5-AFA5-26D86198A780} = EPP
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = c:\PROGRA~1\MICROS~2\shellext.dll [MS]
 
{42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\MSOHEVI.DLL [MS]
 
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler
  -> {HKLM...CLSID} = Microsoft Office Metadata Handler
                   \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll [MS]
 
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler
  -> {HKLM...CLSID} = Microsoft Office Thumbnail Handler
                   \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll [MS]
 
{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} = Microsoft OneNote Namespace Extension for Windows Desktop Search
  -> {HKLM...CLSID} = Microsoft OneNote Namespace Extension for Windows Desktop Search
                   \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL [MS]
 
{506F4668-F13E-4AA1-BB04-B43203AB3CC0} = {506F4668-F13E-4AA1-BB04-B43203AB3CC0}
  -> {HKLM...CLSID} = ImageExtractorShellExt Class
                   \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\VISSHE.DLL [MS]
 
{D66DC78C-4F61-447F-942B-3FB6980118CF} = {D66DC78C-4F61-447F-942B-3FB6980118CF}
  -> {HKLM...CLSID} = CInfoTipShellExt Class
                   \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\VISSHE.DLL [MS]
 
{7CCA70DB-DE7A-4FB7-9B2B-52E2335A3B5A} = Nameext
  -> {HKLM...CLSID} = Enterprise Projects
                   \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\NAMEEXT.DLL [MS]
 
{0006F045-0000-0000-C000-000000000046} = Microsoft Outlook Custom Icon Handler
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\OLKFSTUB.DLL [MS]
 
{A454F2F5-BB5F-4ACE-AD9A-CC33353C7341} = Mediafour Mac file columns
  -> {HKLM...CLSID} = Mediafour Mac file columns
                   \InProcServer32\(Default) = C:\Program Files\Common Files\Mediafour\MACFPROP.DLL [Mediafour Corporation]
 
{E452F45B-DD18-4ADC-9C9A-2B26F85DABC0} = Mediafour Mac file properties
  -> {HKLM...CLSID} = Mediafour Mac file properties
                   \InProcServer32\(Default) = C:\Program Files\Common Files\Mediafour\MACFPROP.DLL [Mediafour Corporation]
 
{957386F4-1938-4561-B2C7-8CBE90D58E9D} = (no title provided)
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = C:\Program Files\Mediafour\MacDrive 9\MDShell.dll [Mediafour Corporation]
 
{FB64C555-646F-46C9-8333-2DA109AEA555} = (no title provided)
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = C:\Program Files\Mediafour\MacDrive 9\MDShell.dll [Mediafour Corporation]
 
{1E43FBD1-E5F9-4876-B7B2-6FF1823F3AB4} = (no title provided)
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = C:\Program Files\Mediafour\MacDrive 9\MDShell.dll [Mediafour Corporation]
 
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} = iTunes
  -> {HKLM...CLSID} = iTunes
                   \InProcServer32\(Default) = C:\Program Files\iTunes\iTunesMiniPlayer.dll [Apple Inc.]
 
{34CBB076-0260-416C-9FE4-765D66E89C15} = DVSShellContextMenu
  -> {HKLM...CLSID} = DVSShellContextMenu Class
                   \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\DVSShellContextMenuExtension64.dll [DVDVideoSoft Ltd.]
 
{40CC864B-947A-4e5d-A2E5-DB6777B55D8F} = DivX MKV file icon extension
  -> {HKLM...CLSID} = DivX MKV icon handler Class
                   \InProcServer32\(Default) = C:\Program Files (x86)\DivX\DivX Player\DPXIconHandler.dll [null data]
 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
 
{00F33137-EE26-412F-8D71-F84E4C2C6625} = (no title provided)
  -> {HKLM...Wow...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim
                         \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]
 
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} = Windows Live Photo Gallery Viewer Drop Target Shim
  -> {HKLM...Wow...CLSID} = Windows Live Photo Gallery Viewer Shim
                         \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]
 
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} = Windows Live Photo Gallery Editor Drop Target Shim
  -> {HKLM...Wow...CLSID} = Windows Live Photo Gallery Editor Shim
                         \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]
 
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} = Windows Live Photo Gallery Autoplay Drop Target Shim
  -> {HKLM...Wow...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim
                         \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]
 
{42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler
  -> {HKLM...Wow...CLSID} = (no title provided)
                         \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office14\msohevi.dll [MS]
 
{506F4668-F13E-4AA1-BB04-B43203AB3CC0} = {506F4668-F13E-4AA1-BB04-B43203AB3CC0}
  -> {HKLM...Wow...CLSID} = ImageExtractorShellExt Class
                         \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office14\VISSHE.DLL [MS]
 
{D66DC78C-4F61-447F-942B-3FB6980118CF} = {D66DC78C-4F61-447F-942B-3FB6980118CF}
  -> {HKLM...Wow...CLSID} = CInfoTipShellExt Class
                         \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office14\VISSHE.DLL [MS]
 
{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} = Microsoft OneNote Namespace Extension for Windows Desktop Search
  -> {HKLM...Wow...CLSID} = Microsoft OneNote Namespace Extension for Windows Desktop Search
                         \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office14\ONFILTER.DLL [MS]
 
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler
  -> {HKLM...Wow...CLSID} = Microsoft Office Metadata Handler
                         \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll [MS]
 
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler
  -> {HKLM...Wow...CLSID} = Microsoft Office Thumbnail Handler
                         \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll [MS]
 
{34CBB076-0260-416C-9FE4-765D66E89C15} = DVSShellContextMenu
  -> {HKLM...Wow...CLSID} = DVSShellContextMenu Class
                         \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\DVSShellContextMenuExtension.dll [DVDVideoSoft Ltd.]
 
{83238FAE-D346-4E12-8734-D42F7554B3E6} = DivX Thumbnail Provider
  -> {HKLM...Wow...CLSID} = DivX Thumbnail Provider
                         \InProcServer32\(Default) = C:\Program Files (x86)\DivX\DivX Media Foundation Components\DivXThumbnailProvider.dll [DivX, Inc.]
 
{D8D1CE8C-B1EB-4E95-B63B-1531BA60E992} = DivX Property Handler
  -> {HKLM...Wow...CLSID} = DivX Property Handler
                         \InProcServer32\(Default) = C:\Program Files (x86)\DivX\DivX Media Foundation Components\DivXPropertyHandler.dll [DivX, Inc.]
 
HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\
 
<<!>> text/xml\CLSID = {807573E5-5146-11D5-A672-00B0D022E945}
  -> {HKLM...CLSID} = Microsoft Office InfoPath XML Mime Filter
                   \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL [MS]
 
HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\
 
<<!>> skype-ie-addon-data\CLSID = {91774881-D725-4E58-B298-07617B9B86A8}
  -> {HKLM...CLSID} = Skype IE add-on Pluggable Protocol
                   \InProcServer32\(Default) = C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [skype Technologies S.A.]
 
HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
 
BTMSentToExt\(Default) = {0A7D34C2-E9DA-48A1-9E34-0CDFC2DE3B44}
  -> {HKLM...CLSID} = CSendToContextMenu Object
                   \InProcServer32\(Default) = C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [intel Corporation]
 
DVSShellContextMenu\(Default) = {34CBB076-0260-416C-9FE4-765D66E89C15}
  -> {HKLM...CLSID} = DVSShellContextMenu Class
                   \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\DVSShellContextMenuExtension64.dll [DVDVideoSoft Ltd.]
  -> {HKLM...Wow...CLSID} = DVSShellContextMenu Class
                         \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\DVSShellContextMenuExtension.dll [DVDVideoSoft Ltd.]
 
EPP\(Default) = {09A47860-11B0-4DA5-AFA5-26D86198A780}
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = c:\PROGRA~1\MICROS~2\shellext.dll [MS]
 
MagicISO\(Default) = {DB85C504-C730-49DD-BEC1-7B39C6103B7A}
  -> {HKLM...CLSID} = MShellExtMenu Class
                   \InProcServer32\(Default) = C:\Program Files (x86)\MagicISO\misosh64.dll [file not found]
 
Roxio Burn\(Default) = {E8CB9D53-A47A-42B5-9F5B-96B037C9DD4C}
  -> {HKLM...CLSID} = RBMenuHandler Class
                   \InProcServer32\(Default) = c:\Program Files\Roxio\Roxio Burn\RB_ContextMenu64.dll [TODO: <Company name>]
  -> {HKLM...Wow...CLSID} = RBMenuHandler Class
                         \InProcServer32\(Default) = c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RB_ContextMenu.dll [TODO: <Company name>]
 
{FB64C555-646F-46C9-8333-2DA109AEA555}\(Default) = (no title provided)
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = C:\Program Files\Mediafour\MacDrive 9\MDShell.dll [Mediafour Corporation]
 
HKLM\SOFTWARE\Classes\*\shellex\PropertySheetHandlers\
 
{E452F45B-DD18-4ADC-9C9A-2B26F85DABC0}\(Default) = Mediafour Mac file properties
  -> {HKLM...CLSID} = Mediafour Mac file properties
                   \InProcServer32\(Default) = C:\Program Files\Common Files\Mediafour\MACFPROP.DLL [Mediafour Corporation]
 
HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
 
MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
  -> {HKLM...CLSID} = MBAMShlExt Class
                   \InProcServer32\(Default) = C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll [Malwarebytes Corporation]
 
{1E43FBD1-E5F9-4876-B7B2-6FF1823F3AB4}\(Default) = (no title provided)
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = C:\Program Files\Mediafour\MacDrive 9\MDShell.dll [Mediafour Corporation]
 
HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
 
DVSShellContextMenu\(Default) = {34CBB076-0260-416C-9FE4-765D66E89C15}
  -> {HKLM...CLSID} = DVSShellContextMenu Class
                   \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\DVSShellContextMenuExtension64.dll [DVDVideoSoft Ltd.]
  -> {HKLM...Wow...CLSID} = DVSShellContextMenu Class
                         \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\DVSShellContextMenuExtension.dll [DVDVideoSoft Ltd.]
 
EPP\(Default) = {09A47860-11B0-4DA5-AFA5-26D86198A780}
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = c:\PROGRA~1\MICROS~2\shellext.dll [MS]
 
MagicISO\(Default) = {DB85C504-C730-49DD-BEC1-7B39C6103B7A}
  -> {HKLM...CLSID} = MShellExtMenu Class
                   \InProcServer32\(Default) = C:\Program Files (x86)\MagicISO\misosh64.dll [file not found]
 
HKLM\SOFTWARE\Classes\Directory\shellex\PropertySheetHandlers\
 
{E452F45B-DD18-4ADC-9C9A-2B26F85DABC0}\(Default) = Mediafour Mac file properties
  -> {HKLM...CLSID} = Mediafour Mac file properties
                   \InProcServer32\(Default) = C:\Program Files\Common Files\Mediafour\MACFPROP.DLL [Mediafour Corporation]
 
HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\
 
DVSShellContextMenu\(Default) = {34CBB076-0260-416C-9FE4-765D66E89C15}
  -> {HKLM...CLSID} = DVSShellContextMenu Class
                   \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\DVSShellContextMenuExtension64.dll [DVDVideoSoft Ltd.]
  -> {HKLM...Wow...CLSID} = DVSShellContextMenu Class
                         \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\DVSShellContextMenuExtension.dll [DVDVideoSoft Ltd.]
 
igfxcui\(Default) = {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4}
  -> {HKLM...CLSID} = GraphicsShellExt Class
                   \InProcServer32\(Default) = C:\Windows\system32\igfxpph.dll [intel Corporation]
 
HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
 
{A454F2F5-BB5F-4ACE-AD9A-CC33353C7341}\(Default) = Mediafour Mac file columns
  -> {HKLM...CLSID} = Mediafour Mac file columns
                   \InProcServer32\(Default) = C:\Program Files\Common Files\Mediafour\MACFPROP.DLL [Mediafour Corporation]
 
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = PDF Column Info
  -> {HKLM...Wow...CLSID} = PDF Shell Extension
                         \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll [Adobe Systems, Inc.]
 
HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
 
DVSShellContextMenu\(Default) = {34CBB076-0260-416C-9FE4-765D66E89C15}
  -> {HKLM...CLSID} = DVSShellContextMenu Class
                   \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\DVSShellContextMenuExtension64.dll [DVDVideoSoft Ltd.]
  -> {HKLM...Wow...CLSID} = DVSShellContextMenu Class
                         \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\DVSShellContextMenuExtension.dll [DVDVideoSoft Ltd.]
 
MagicISO\(Default) = {DB85C504-C730-49DD-BEC1-7B39C6103B7A}
  -> {HKLM...CLSID} = MShellExtMenu Class
                   \InProcServer32\(Default) = C:\Program Files (x86)\MagicISO\misosh64.dll [file not found]
 
MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
  -> {HKLM...CLSID} = MBAMShlExt Class
                   \InProcServer32\(Default) = C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll [Malwarebytes Corporation]
 
 
Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
 
Note: detected settings may not have any effect.
 
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
 
NoDrives = (REG_DWORD) dword:0x00000000
{unrecognized setting}
 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\
 
NoDrives = (REG_DWORD) dword:0x00000000
{unrecognized setting}
 
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\
 
DisableLockWorkstation = (REG_DWORD) dword:0x00000000
{unrecognized setting}
 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\
 
DisableRegistryTools = (REG_DWORD) dword:0x00000000
{unrecognized setting}
 
 
Active Desktop and Wallpaper:
-----------------------------
 
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
 
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
Wallpaper = C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
 
 
Windows Portable Device AutoPlay Handlers
-----------------------------------------
 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\
 
BasicBurnAdd\
Provider = Roxio Burn
InvokeProgID = BasicBurn.PLAYADD
InvokeVerb = Add
HKLM\SOFTWARE\Classes\BasicBurn.PLAYADD\shell\Add\Command\(Default) = "c:\Program Files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe" /BURN %L [null data]
 
BasicBurnCopy\
Provider = Roxio Burn
InvokeProgID = BasicBurn.PLAYCOPY
InvokeVerb = Copy
HKLM\SOFTWARE\Classes\BasicBurn.PLAYCOPY\shell\Copy\Command\(Default) = "c:\Program Files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe" /Copy %L [null data]
 
iTunesBurnCDOnArrival\
Provider = iTunes
InvokeProgID = iTunes.BurnCD
InvokeVerb = burn
HKLM\SOFTWARE\Classes\iTunes.BurnCD\shell\burn\command\(Default) = "C:\Program Files (x86)\iTunes\iTunes.exe" /AutoPlayBurn "%L" [Apple Inc.]
 
iTunesImportSongsOnArrival\
Provider = iTunes
InvokeProgID = iTunes.ImportSongsOnCD
InvokeVerb = import
HKLM\SOFTWARE\Classes\iTunes.ImportSongsOnCD\shell\import\command\(Default) = "C:\Program Files (x86)\iTunes\iTunes.exe" /AutoPlayImportSongs "%L" [Apple Inc.]
 
iTunesPlaySongsOnArrival\
Provider = iTunes
InvokeProgID = iTunes.PlaySongsOnCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\iTunes.PlaySongsOnCD\shell\play\command\(Default) = "C:\Program Files (x86)\iTunes\iTunes.exe" /playCD "%L" [Apple Inc.]
 
iTunesShowSongsOnArrival\
Provider = iTunes
InvokeProgID = iTunes.ShowSongsOnCD
InvokeVerb = showsongs
HKLM\SOFTWARE\Classes\iTunes.ShowSongsOnCD\shell\showsongs\command\(Default) = "C:\Program Files (x86)\iTunes\iTunes.exe" /AutoPlayShowSongs "%L" [Apple Inc.]
 
MacDrive9BurnCDOnArrival\
Provider = @C:\Program Files\Mediafour\MacDrive 9\MDCDBurn.exe,-133
InvokeProgID = MacDrive.BurnCD.9
InvokeVerb = burn
HKLM\SOFTWARE\Classes\MacDrive.BurnCD.9\shell\burn\command\(Default) = "C:\Program Files\Mediafour\MacDrive 9\MDCDBurn.exe" "/autoplayburn:%L" [Mediafour Corporation]
 
MacDrive9BurnDVDOnArrival\
Provider = @C:\Program Files\Mediafour\MacDrive 9\MDCDBurn.exe,-133
InvokeProgID = MacDrive.BurnCD.9
InvokeVerb = burn
HKLM\SOFTWARE\Classes\MacDrive.BurnCD.9\shell\burn\command\(Default) = "C:\Program Files\Mediafour\MacDrive 9\MDCDBurn.exe" "/autoplayburn:%L" [Mediafour Corporation]
 
MSLivePhotoAcquireDropHandler\
Provider = @%ProgramFiles(x86)%\Windows Live\Photo Gallery\regres.dll,-10
InvokeProgID = Microsoft.LivePhotoAcqDTShim.1
InvokeVerb = open
HKLM\SOFTWARE\Classes\Microsoft.LivePhotoAcqDTShim.1\shell\open\DropTarget\CLSID = {00F33137-EE26-412F-8D71-F84E4C2C6625}
  -> {HKLM...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim
                   \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShimx64.dll [MS]
 
MSLiveShowPicturesOnArrival\
Provider = @%ProgramFiles(x86)%\Windows Live\Photo Gallery\regres.dll,-10
InvokeProgID = Microsoft.Photos.LiveAutoplayShim.1
InvokeVerb = open
HKLM\SOFTWARE\Classes\Microsoft.Photos.LiveAutoplayShim.1\shell\open\DropTarget\CLSID = {00F30F90-3E96-453B-AFCD-D71989ECC2C7}
  -> {HKLM...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim
                   \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShimx64.dll [MS]
 
MSPlayCDAudioOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.AudioCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.AudioCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L" [MS]
 
MSPlayDVDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.DVD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.DVD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:DVD "%L" [MS]
 
MSPlaySuperVideoCDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.VCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS]
 
MSPlayVideoCDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.VCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS]
 
MSWMPBurnCDOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.BurnCD
InvokeVerb = Burn
HKLM\SOFTWARE\Classes\WMP.BurnCD\shell\Burn\Command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /Task:CDWrite /Device:"%L" [MS]
 
RoxioCreator12PlayCDAudioOnArrival\
Provider = Roxio Creator Classic
InvokeProgID = Creator12
InvokeVerb = open
HKLM\SOFTWARE\Classes\Creator12\shell\open\Command\(Default) = c:\Program Files (x86)\Roxio\OEM\Creator Classic 12\Creator12OEM.exe [sonic Solutions]
 
RoxioSCAudioCDTask50\
Provider = Roxio Home Audio
InvokeProgID = Roxio.RoxioCentral50
InvokeVerb = AudioCDTask
HKLM\SOFTWARE\Classes\Roxio.RoxioCentral50\shell\AudioCDTask\Command\(Default) = c:\Program Files (x86)\Roxio\OEM\Roxio Central 5\RoxioCentralFx.exe /Launch 10253C4C-229D-4c87-8D1D-169EFDFED869 [null data]
 
RoxioSCCopyCD50\
Provider = Roxio Home Copy
InvokeProgID = Roxio.RoxioCentral50
InvokeVerb = ExactCopyJob
HKLM\SOFTWARE\Classes\Roxio.RoxioCentral50\shell\ExactCopyJob\Command\(Default) = c:\Program Files (x86)\Roxio\OEM\Roxio Central 5\RoxioCentralFx.exe /Launch 20C35DAF-3B5B-4c2d-9DCD-5C866838F5CC [null data]
 
RoxioSCCopyDisc50\
Provider = Roxio Home Copy
InvokeProgID = Roxio.RoxioCentral50
InvokeVerb = ExactCopyJob
HKLM\SOFTWARE\Classes\Roxio.RoxioCentral50\shell\ExactCopyJob\Command\(Default) = c:\Program Files (x86)\Roxio\OEM\Roxio Central 5\RoxioCentralFx.exe /Launch 20C35DAF-3B5B-4c2d-9DCD-5C866838F5CC [null data]
 
RoxioSCDataProject50\
Provider = Roxio Home Data
InvokeProgID = Roxio.RoxioCentral50
InvokeVerb = DataGuide
HKLM\SOFTWARE\Classes\Roxio.RoxioCentral50\shell\DataGuide\Command\(Default) = c:\Program Files (x86)\Roxio\OEM\Roxio Central 5\RoxioCentralFx.exe /Launch 1FA905E4-5763-4ba8-999A-5E104D3CDE8C [null data]
 
RoxioSCDataTask50\
Provider = Roxio Home Data
InvokeProgID = Roxio.RoxioCentral50
InvokeVerb = DataTask
HKLM\SOFTWARE\Classes\Roxio.RoxioCentral50\shell\DataTask\Command\(Default) = c:\Program Files (x86)\Roxio\OEM\Roxio Central 5\RoxioCentralFx.exe /Launch 9CA0EEEE-5BC5-41e9-8242-BEE21643FFF0 [null data]
 
VLCPlayCDAudioOnArrival\
Provider = VideoLAN VLC media player
InvokeProgID = VLC.CDAudio
InvokeVerb = Open
 
VLCPlayDVDAudioOnArrival\
Provider = VideoLAN VLC media player
InvokeProgID = VLC.OPENFolder
InvokeVerb = Open
HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" %1 [VideoLAN]
 
VLCPlayDVDMovieOnArrival\
Provider = VideoLAN VLC media player
InvokeProgID = VLC.DVDMovie
InvokeVerb = Open
 
VLCPlayMusicFilesOnArrival\
Provider = VideoLAN VLC media player
InvokeProgID = VLC.OPENFolder
InvokeVerb = Open
HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" %1 [VideoLAN]
 
VLCPlaySVCDMovieOnArrival\
Provider = VideoLAN VLC media player
InvokeProgID = VLC.SVCDMovie
InvokeVerb = Open
 
VLCPlayVCDMovieOnArrival\
Provider = VideoLAN VLC media player
InvokeProgID = VLC.VCDMovie
InvokeVerb = Open
 
VLCPlayVideoFilesOnArrival\
Provider = VideoLAN VLC media player
InvokeProgID = VLC.OPENFolder
InvokeVerb = Open
HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" %1 [VideoLAN]
 
 
Startup items in "Sean" & "All Users" startup folders:
------------------------------------------------------
 
C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup {++}
MagicDisc -> shortcut to: C:\Program Files (x86)\MagicDisc\MagicDisc.exe [MagicISO, Inc.]
 
 
Non-disabled Scheduled Tasks: {++}
-----------------------------
 
C:\Windows\System32\Tasks
Adobe Flash Player Updater ->  launches: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [Adobe Systems Incorporated]
GoogleUpdateTaskUserS-1-5-21-2959331061-3114946027-3341037765-1000Core ->  launches: C:\Users\Sean\AppData\Local\Google\Update\GoogleUpdate.exe /c [Google Inc.]
GoogleUpdateTaskUserS-1-5-21-2959331061-3114946027-3341037765-1000UA ->  launches: C:\Users\Sean\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler [Google Inc.]
PCDEventLauncherTask ->  launches: "C:\Program Files\My Dell\sessionchecker.exe" [PC-Doctor, Inc.]
PCDoctorBackgroundMonitorTask ->  launches: "C:\Program Files\My Dell\uaclauncher.exe" -backgroundmon scripts\backgroundmon.xml -st PCDoctorBackgroundMonitorTask --ignoresecondarysplash --runsilently [PC-Doctor, Inc.]
SystemToolsDailyTest ->  launches: "uaclauncher.exe" -silentenumeration -st SystemToolsDailyTest --ignoresecondarysplash --runsilently [file not found]
{10315053-E0B0-4A40-B922-89999C0B63DD} ->  launches: C:\windows\system32\pcalua.exe -a "C:\Users\Sean\Local Settings\Application Data\Bundled software uninstaller\biclient.exe" -c /initurl http://bi.bisrv.com/:affid:/:sid:/:uid:? /affid uninstall /id uninstall /name "Bundled software uninstaller" [MS]
{5BE4FE81-28B7-4099-9BCD-3F9C422805B7} ->  launches: C:\windows\system32\pcalua.exe -a C:\Users\Sean\Desktop\zoek.scr -d C:\Users\Sean\Desktop -c /S [MS]
{C04D534E-97EE-4D3B-B2C8-3C0682B8D9ED} ->  launches: C:\windows\system32\pcalua.exe -a C:\Users\Sean\Desktop\erunt\ERUNT.EXE -d C:\Users\Sean\Desktop\erunt [MS]
{FBB3776E-4357-4149-8E30-1DF18647A013} ->  launches: C:\windows\system32\pcalua.exe -a C:\Users\Sean\Desktop\zoek.com -d C:\Users\Sean\Desktop [MS]
 
C:\Windows\System32\Tasks\Apple
AppleSoftwareUpdate ->  launches: C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe -task [Apple Inc.]
 
C:\Windows\System32\Tasks\Microsoft\Microsoft Antimalware
Microsoft Antimalware Scheduled Scan ->  launches: c:\Program Files\Microsoft Security Client\MpCmdRun.exe Scan -ScheduleJob -RestrictPrivileges [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client
AD RMS Rights Policy Template Management (Manual) ->  launches: {BF5CB148-7C77-4d8a-A53E-D81C70CF743C}
  -> {HKLM...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler
                   \InProcServer32\(Default) = C:\windows\system32\msdrm.dll [MS]
  -> {HKLM...Wow...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler
                         \InProcServer32\(Default) = C:\windows\system32\msdrm.dll [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience
AitAgent ->  launches: aitagent [MS]
ProgramDataUpdater ->  launches: %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Autochk
Proxy ->  launches: %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth
UninstallDeviceTask ->  launches: BthUdTask.exe $(Arg0) [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient
SystemTask ->  launches: {58fb76b9-ac85-4e55-ac04-427593b1d060}
  -> {HKLM...CLSID} = Certificate Services Client Task Handler
                   \InProcServer32\(Default) = C:\windows\system32\dimsjob.dll [MS]
  -> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler
                         \InProcServer32\(Default) = C:\windows\system32\dimsjob.dll [MS]
UserTask ->  launches: {58fb76b9-ac85-4e55-ac04-427593b1d060}
  -> {HKLM...CLSID} = Certificate Services Client Task Handler
                   \InProcServer32\(Default) = C:\windows\system32\dimsjob.dll [MS]
  -> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler
                         \InProcServer32\(Default) = C:\windows\system32\dimsjob.dll [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program
Consolidator ->  launches: %SystemRoot%\System32\wsqmcons.exe [MS]
KernelCeipTask -> (HIDDEN!) launches: {e7ed314f-2816-4c26-aeb5-54a34d02404c}
  -> {HKLM...CLSID} = KernelCeipCustomHandler
                   \InProcServer32\(Default) = C:\windows\System32\kernelceip.dll [MS]
UsbCeip -> (HIDDEN!) launches: {c27f6b1d-fe0b-45e4-9257-38799fa69bc8}
  -> {HKLM...CLSID} = UsbCeip
                   \InProcServer32\(Default) = C:\windows\System32\usbceip.dll [MS]
  -> {HKLM...Wow...CLSID} = UsbCeip
                         \InProcServer32\(Default) = C:\windows\System32\usbceip.dll [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Defrag
ScheduledDefrag ->  launches: %windir%\system32\defrag.exe -c [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Diagnosis
Scheduled -> (HIDDEN!) launches: {c1f85ef8-bcc2-4606-bb39-70c523715eb3}
  -> {HKLM...CLSID} = ScheduledDiagnosticCustomHandler
                   \InProcServer32\(Default) = C:\windows\System32\sdiagschd.dll [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Location
Notifications ->  launches: %windir%\System32\LocationNotifications.exe [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance
WinSAT ->  launches: {A9A33436-678B-4C9C-A211-7CC38785E79D}
  -> {HKLM...CLSID} = WinSAT Task Manger Task
                   \InProcServer32\(Default) = C:\windows\system32\WinSATAPI.dll [MS]
  -> {HKLM...Wow...CLSID} = WinSAT Task Manger Task
                         \InProcServer32\(Default) = C:\windows\system32\WinSATAPI.dll [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Media Center
ActivateWindowsSearch ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch [MS]
ConfigureInternetTimeService ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService [MS]
DispatchRecoveryTasks ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) [MS]
ehDRMInit ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /DRMInit [MS]
InstallPlayReady ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) [MS]
mcupdate ->  launches: %SystemRoot%\ehome\mcupdate $(Arg0) [MS]
MediaCenterRecoveryTask ->  launches: %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask [MS]
ObjectStoreRecoveryTask ->  launches: %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask [MS]
OCURActivate ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate [MS]
OCURDiscovery ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) [MS]
PBDADiscovery ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery [MS]
PBDADiscoveryW1 ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery [MS]
PBDADiscoveryW2 ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery [MS]
PvrRecoveryTask ->  launches: %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask [MS]
PvrScheduleTask ->  launches: %SystemRoot%\ehome\mcupdate.exe -PvrSchedule [MS]
RegisterSearch ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) [MS]
ReindexSearchRoot ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot [MS]
SqlLiteRecoveryTask ->  launches: %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask [MS]
UpdateRecordPath ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic
CorruptionDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2}
  -> {HKLM...CLSID} = MemoryDiagnosticCustomHandler
                   \InProcServer32\(Default) = C:\windows\System32\memdiag.dll [MS]
DecompressionFailureDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2}
  -> {HKLM...CLSID} = MemoryDiagnosticCustomHandler
                   \InProcServer32\(Default) = C:\windows\System32\memdiag.dll [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC
HotStart ->  launches: {06DA0625-9701-43da-BFD7-FBEEA2180A1E}
  -> {HKLM...CLSID} = HotStart User Agent
                   \InProcServer32\(Default) = C:\windows\System32\HotStartUserAgent.dll [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\MUI
LPRemove ->  launches: %windir%\system32\lpremove.exe [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia
SystemSoundsService ->  launches: {2DEA658F-54C1-4227-AF9B-260AB5FC3543}
  -> {HKLM...CLSID} = Microsoft PlaySoundService Class
                   \InProcServer32\(Default) = C:\windows\System32\PlaySndSrv.dll [MS]
  -> {HKLM...Wow...CLSID} = Microsoft PlaySoundService Class
                         \InProcServer32\(Default) = C:\windows\System32\PlaySndSrv.dll [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\NetTrace
GatherNetworkInfo ->  launches: %windir%\system32\gatherNetworkInfo.vbs [null data]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics
AnalyzeSystem ->  launches: %SystemRoot%\System32\powercfg.exe -energy -auto [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\RAC
RacTask -> (HIDDEN!) launches: {42060D27-CA53-41f5-96E4-B1E8169308A6}
  -> {HKLM...CLSID} = ReliabilityAnalysisCustomHandler
                   \InProcServer32\(Default) = C:\windows\system32\RacEngn.dll [MS]
  -> {HKLM...Wow...CLSID} = ReliabilityAnalysisCustomHandler
                         \InProcServer32\(Default) = C:\windows\system32\RacEngn.dll [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Ras
MobilityManager ->  launches: {c463a0fc-794f-4fdf-9201-01938ceacafa}
  -> {HKLM...CLSID} = RasMobilityManager
                   \InProcServer32\(Default) = C:\windows\system32\rasmbmgr.dll [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Registry
RegIdleBackup -> (HIDDEN!) launches: {ca767aa8-9157-4604-b64b-40747123d5f2}
  -> {HKLM...CLSID} = RegistryIdleBackupHandler
                   \InProcServer32\(Default) = C:\windows\System32\regidle.dll [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance
RemoteAssistanceTask -> (HIDDEN!) launches: %windir%\system32\RAServer.exe /offerraupdate [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\SideShow
GadgetManager ->  launches: {FF87090D-4A9A-4f47-879B-29A80C355D61}
  -> {HKLM...CLSID} = GadgetsManager Class
                   \InProcServer32\(Default) = C:\windows\System32\AuxiliaryDisplayServices.dll [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore
SR ->  launches: %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Task Manager
Interactive -> (HIDDEN!) launches: {855fec53-d2e4-4999-9e87-3414e9cf0ff4}
  -> {HKLM...CLSID} = RunTask
                   \InProcServer32\(Default) = C:\windows\system32\wdc.dll [MS]
  -> {HKLM...Wow...CLSID} = RunTask
                         \InProcServer32\(Default) = C:\windows\system32\wdc.dll [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip
IpAddressConflict1 ->  launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem [MS]
IpAddressConflict2 ->  launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework
MsCtfMonitor -> (HIDDEN!) launches: {01575cfe-9a55-4003-a5e1-f38d1ebdcbe1}
  -> {HKLM...CLSID} = MsCtfMonitor task handler
                   \InProcServer32\(Default) = C:\windows\system32\MsCtfMonitor.dll [MS]
  -> {HKLM...Wow...CLSID} = MsCtfMonitor task handler
                         \InProcServer32\(Default) = C:\windows\system32\MsCtfMonitor.dll [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization
SynchronizeTime ->  launches: %windir%\system32\sc.exe start w32time task_started [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\UPnP
UPnPHostConfig ->  launches: sc.exe config upnphost start= auto [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\WDI
ResolutionHost -> (HIDDEN!) launches: {900be39d-6be8-461a-bc4d-b0fa71f5ecb1}
  -> {HKLM...CLSID} = DiagnosticInfrastructureCustomHandler
                   \InProcServer32\(Default) = C:\windows\System32\wdi.dll [MS]
  -> {HKLM...Wow...CLSID} = DiagnosticInfrastructureCustomHandler
                         \InProcServer32\(Default) = C:\windows\System32\wdi.dll [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Activation Technologies
ValidationTask -> (HIDDEN!) launches: %SystemRoot%\system32\Wat\WatAdminSvc.exe /run [MS]
ValidationTaskDeadline -> (HIDDEN!) launches: %SystemRoot%\system32\schtasks.exe /run /I /TN "\Microsoft\Windows\Windows Activation Technologies\ValidationTask" [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting
QueueReporting ->  launches: %windir%\system32\wermgr.exe -queuereporting [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Filtering Platform
BfeOnServiceStartTypeChange -> (HIDDEN!) launches: %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Media Sharing
UpdateLibrary ->  launches: "%ProgramFiles%\Windows Media Player\wmpnscfg.exe" [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\WindowsBackup
ConfigNotification ->  launches: %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows\Wininet
CacheTask ->  launches: {0358b920-0ac7-461f-98f4-58e32cd89148}
  -> {HKLM...CLSID} = Wininet Cache task object
                   \InProcServer32\(Default) = C:\windows\system32\wininet.dll [MS]
  -> {HKLM...Wow...CLSID} = Wininet Cache task object
                         \InProcServer32\(Default) = C:\windows\system32\wininet.dll [MS]
 
C:\Windows\System32\Tasks\Microsoft\Windows Live\SOXE
Extractor Definitions Update Task ->  launches: {3519154C-227E-47F3-9CC9-12C3F05817F1}
  -> {HKLM...Wow...CLSID} = Windows Live Social Object Extractor Engine Definition Updater
                         \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\SOXE\wlsoxe.dll [MS]
 
C:\Windows\System32\Tasks\WPD
SqmUpload_S-1-5-21-2959331061-3114946027-3341037765-1000 -> (HIDDEN!) launches: %windir%\system32\rundll32.exe portabledeviceapi.dll,#1 [MS]
 
 
Winsock2 Service Provider DLLs:
-------------------------------
 
Namespace Service Providers
 
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS]
000000000002\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS]
000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000004\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000005\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]
000000000006\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS]
000000000007\LibraryPath = %SystemRoot%\system32\wshbth.dll [MS]
000000000008\LibraryPath = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS]
000000000009\LibraryPath = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS]
000000000010\LibraryPath = C:\Program Files (x86)\Bonjour\mdnsNSP.dll [Apple Inc.]
 
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\ {++}
000000000001\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS]
000000000002\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS]
000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000004\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000005\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]
000000000006\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS]
000000000007\LibraryPath = %SystemRoot%\system32\wshbth.dll [MS]
000000000008\LibraryPath = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS]
000000000009\LibraryPath = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS]
000000000010\LibraryPath = C:\Program Files\Bonjour\mdnsNSP.dll [Apple Inc.]
 
Transport Service Providers
 
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 11
 
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries64\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 11
 
 
Toolbars, Explorer Bars, Extensions:
------------------------------------
 
Extensions (Tools menu items, main toolbar menu buttons)
 
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{2670000A-7350-4F3C-8081-5663EE0C6C49}\
ButtonText = Send to OneNote
MenuText = Se&nd to OneNote
CLSIDExtension = {48E73304-E1D6-4330-914C-F5F514E3486C}
  -> {HKLM...CLSID} = Send to OneNote from Internet Explorer button
                   \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll [MS]
 
{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\
ButtonText = OneNote Lin&ked Notes
MenuText = OneNote Lin&ked Notes
CLSIDExtension = {FFFDC614-B694-4AE6-AB38-5D6374584B52}
  -> {HKLM...CLSID} = Linked Notes button
                   \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll [MS]
 
{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\
ButtonText = Skype Click to Call
CLSIDExtension = {898EA8C8-E7FF-479B-8935-AEC46303B9E5}
  -> {HKLM...CLSID} = Skype add-on for Internet Explorer (toolbar button)
                   \InProcServer32\(Default) = C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [skype Technologies S.A.]
 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\
{219C3416-8CB2-491A-A3C7-D9FCDDC9D600}\
ButtonText = @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004
MenuText = @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003
CLSIDExtension = {5F7B1267-94A9-47F5-98DB-E99415F33AEC}
  -> {HKLM...Wow...CLSID} = BlogThisToolbarButton Class
                         \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll [MS]
 
{2670000A-7350-4F3C-8081-5663EE0C6C49}\
ButtonText = Send to OneNote
MenuText = Se&nd to OneNote
CLSIDExtension = {48E73304-E1D6-4330-914C-F5F514E3486C}
  -> {HKLM...Wow...CLSID} = Send to OneNote from Internet Explorer button
                         \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll [MS]
 
{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\
ButtonText = OneNote Lin&ked Notes
MenuText = OneNote Lin&ked Notes
CLSIDExtension = {FFFDC614-B694-4AE6-AB38-5D6374584B52}
  -> {HKLM...Wow...CLSID} = Linked Notes button
                         \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll [MS]
 
{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\
ButtonText = Skype Click to Call
CLSIDExtension = {898EA8C8-E7FF-479B-8935-AEC46303B9E5}
  -> {HKLM...Wow...CLSID} = Skype Browser Helper
                         \InProcServer32\(Default) = C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [skype Technologies S.A.]
 
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\
MenuText = Spybot - Search && Destroy Configuration
CLSIDExtension = {53707962-6F74-2D53-2644-206D7942484F}
  -> {HKLM...Wow...CLSID} = Spybot-S&D IE Protection
                         \InProcServer32\(Default) = C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [safer Networking Limited]
 
 
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
 
Apple Mobile Device, Apple Mobile Device, "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" [Apple Inc.]
Bluetooth Device Monitor, Bluetooth Device Monitor, "C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe" [intel Corporation]
Bluetooth Media Service, Bluetooth Media Service, "C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe" [intel Corporation]
Bluetooth OBEX Service, Bluetooth OBEX Service, "C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe" [intel Corporation]
Bonjour Service, Bonjour Service, "C:\Program Files\Bonjour\mDNSResponder.exe" [Apple Inc.]
Dell DataSafe Online, NOBU, "C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe" SERVICE [Dell, Inc.]
Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service, BTHSSecurityMgr, "C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe" [intel® Corporation]
Intel® Management and Security Application Local Management Service, LMS, C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [intel Corporation]
Intel® Management and Security Application User Notification Service, UNS, "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [intel Corporation]
Intel® PROSet/Wireless Event Log, EvtEng, C:\Program Files\Intel\WiFi\bin\EvtEng.exe [intel® Corporation]
Intel® PROSet/Wireless Registry Service, RegSrvc, C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [intel® Corporation]
Intel® Rapid Storage Technology, IAStorDataMgrSvc, "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe" [null data]
Intelr Centrinor Wireless Bluetoothr 3.0 + High Speed Service, AMPPALR3, C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [intel Corporation]
Intelr PROSet/Wireless WiMAX Red Bend Device Management Service, DMAgent, "C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe" [Red Bend Ltd.]
Intelr PROSet/Wireless WiMAX Service, WiMAXAppSrv, "C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe" [intel® Corporation]
iPod Service, iPod Service, "C:\Program Files\iPod\bin\iPodService.exe" [Apple Inc.]
MacDrive 9 service, MacDrive9Service, "C:\Program Files\Mediafour\MacDrive 9\MacDrive9Service.exe" [Mediafour Corporation]
MBAMScheduler, MBAMScheduler, "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [Malwarebytes Corporation]
MBAMService, MBAMService, "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [Malwarebytes Corporation]
Microsoft Antimalware Service, MsMpSvc, "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [MS]
Office Software Protection Platform, osppsvc, "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE" [MS]
SBSD Security Center Service, SBSDWSCService, C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [safer Networking Ltd.]
Skype C2C Service, Skype C2C Service, "C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe" [skype Technologies S.A.]
SoftThinks Agent Service, SftService, "C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE" [softThinks SAS]
Windows Live ID Sign-in Assistant, wlidsvc, "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" [MS]
 
 
Safe Mode Drivers & Services (subkey name, subkey default value):
-----------------------------------------------------------------
 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\
 
<<!>> MCODS, 
<<!>> MsMpSvc, Service
<<!>> PEVSystemStart, Service
 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\
 
<<!>> MCODS, 
<<!>> MsMpSvc, Service
<<!>> PEVSystemStart, Service
 
 
Print Monitors:
---------------
 
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
Epson Inbox Language Monitor01\Driver = EP0SLM01.DLL [sEIKO EPSON CORPORATION]
PCL hpz3lw71\Driver = hpz3lw71.dll [Hewlett-Packard Corporation]
 
 
 
 
==== Empty IE Cache ======================
 
C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Sean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
 
==== Empty FireFox Cache ======================
 
No FireFox Profiles found
 
==== Empty Chrome Cache ======================
 
C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
 
==== Empty All Flash Cache ======================
 
No Flash Cache Found
 
==== Empty All Java Cache ======================
 
Java Cache cleared successfully
 
==== After Reboot ======================
 
==== Empty Temp Folders ======================
 
C:\windows\Temp successfully emptied
C:\Users\Sean\AppData\Local\Temp successfully emptied
 
==== Empty Recycle Bin ======================
 
C:\$RECYCLE.BIN successfully emptied
 
==== EOF on Fri 11/22/2013 at 11:24:05.72 ======================
Link to post
Share on other sites

Hi Kevin,
 
So...my laptop is not entirely responding. When I try to visit websites like yahoo and espn.com and nba.com, my internet allows me. However, when I try to go to gmail or Facebook, my Google Chrome freezes and says "Establishing Secure Connection" before saying "SSL Error." Additionally, Scorpion Saver is still on my programs list, and when I click uninstall on Scorpion Saver, it will not allow me. It says that the instillation source for the product is unavailable. Also my internet will not allow me to access malwarebytes.org. This all seems pretty strange to me...any ideas? Thank you so much, again, for your time and effort.

-Sean 
Link to post
Share on other sites

Uninstall ScorpionSaver with the following:

 

download and install Revo Uninstaller Free

 

  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • When prompted click on Yes and then on next.
  • Put a check on any folders that are found and select delete
  • When prompted select yes then on next
  • Once done click Finish.

 

Did that remove ScorpionSaver ok,

 

Link to post
Share on other sites

Hi Kevin,

Scorpion Saver uninstalled! However, it appears my connection is still hijacked. I cannot access Facebook or Gmail. The same registry error is popping up every time. SSL and error establishing secure connection. Any ideas? Sorry this is proving to be such a hassle.

Sean

Link to post
Share on other sites

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Link to post
Share on other sites

Hi Kevin,
Attached are the Addition log results, and FRST is copied below. Thank you for your help!
Sean

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-11-2013 03
Ran by Sean (administrator) on LAPPY on 24-11-2013 13:15:18
Running from C:\Users\Sean\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Mediafour Corporation) C:\Program Files\Mediafour\MacDrive 9\MacDrive9Service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Mediafour Corporation) C:\Program Files\Mediafour\MacDrive 9\MacDrive.exe
(MagicISO, Inc.) C:\Program Files (x86)\MagicDisc\MagicDisc.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [sysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe
HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [609144 2011-04-13] (Alps Electric Co., Ltd.)
HKLM\...\Run: [intelTBRunOnce] - C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs [4526 2010-11-29] ()
HKLM\...\Run: [intelPAN] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-09-16] (Intel® Corporation)
HKLM\...\Run: [bTMTrayAgent] - rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [DellStage] - C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj [483424 2012-02-01] ()
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-06-20] (Microsoft Corporation)
HKLM\...\Run: [MacDrive 9 application] - C:\Program Files\Mediafour\MacDrive 9\MacDrive.exe [507904 2012-05-31] (Mediafour Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Policies\system: [DisableLockWorkstation] 0
HKLM-x32\...\Run: [Dell Webcam Central] - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [503942 2011-04-13] (Creative Technology Ltd)
HKLM-x32\...\Run: [iAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation)
HKLM-x32\...\Run: [Dell Registration] - C:\Program Files (x86)\System Registration\prodreg.exe [4165440 2011-08-04] (Dell, Inc.)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [RoxWatchTray] - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [Dell DataSafe Online] - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-26] (Dell, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe [35736 2010-11-16] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-16] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AccuWeatherWidget] - C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj [2835443 2012-02-01] ()
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-22] (Apple Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252296 2012-01-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
Startup: C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
ShortcutTarget: MagicDisc.lnk -> C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = 
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites&cd=2XzuyEtN2Y1L1QzuyCyE0DyE0D0AyCzz0FyCyCyEzzyC0DyEtN0D0Tzu0SyCzzzytN1L2XzutBtFtBtFtCtAtFtCtAtAzztN1L1CzutCtD1B1P1R&cr=399702877&ir=
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 10.34.33.1
 
Chrome: 
=======
CHR Extension: (Docs) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: (Google Drive) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (YouTube) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (Google Wallet) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\Sean\AppData\Local\mysearchdial-speeddial.crx
CHR HKLM-x32\...\Chrome\Extension: [hmhfbmpdiffkamakhdbcgojfnbnlcenm] - C:\ProgramData\Microsoft\Windows\DRM\Server\notificatoin_1.0.0.crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR StartMenuInternet: Google Chrome - C:\Users\Sean\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
R2 MacDrive9Service; C:\Program Files\Mediafour\MacDrive 9\MacDrive9Service.exe [178176 2012-05-21] (Mediafour Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-06-20] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-09-16] ()
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-06-20] (Microsoft Corporation)
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
 
==================== Drivers (Whitelisted) ====================
 
R1 CBDisk; C:\windows\system32\drivers\CBDisk.sys [70344 2011-05-06] (EldoS Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MDFSYSNT; C:\Windows\System32\Drivers\MDFSYSNT.sys [317136 2012-06-06] (Mediafour Corporation)
R0 MDPMGRNT; C:\Windows\System32\DRIVERS\MDPMGRNT.SYS [32464 2012-06-06] (Mediafour Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 Delldiag; \??\C:\__de11ctstestfolder20120wdcsa__\n5110\WBT_W64\DDDriver.sys [x]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
S2 sbapifs; system32\DRIVERS\sbapifs.sys [x]
S3 STHDA; system32\DRIVERS\stwrt64.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-11-24 13:15 - 2013-11-24 13:15 - 00013564 _____ C:\Users\Sean\Downloads\FRST.txt
2013-11-24 13:15 - 2013-11-24 13:15 - 00000000 ____D C:\FRST
2013-11-24 13:14 - 2013-11-24 13:15 - 01958396 _____ (Farbar) C:\Users\Sean\Downloads\FRST64.exe
2013-11-24 13:14 - 2013-11-24 13:14 - 01091525 _____ (Farbar) C:\Users\Sean\Downloads\FRST.exe
2013-11-23 18:12 - 2013-11-23 18:12 - 03007700 _____ C:\Users\Sean\Downloads\revouninstaller.zip
2013-11-22 11:22 - 2013-11-22 11:12 - 00024064 _____ C:\windows\zoek-delete.exe
2013-11-22 11:13 - 2013-11-22 11:24 - 00065154 _____ C:\zoek-results.log
2013-11-22 11:10 - 2013-11-22 11:10 - 04044244 _____ C:\Users\Sean\Downloads\zoek (1).zip
2013-11-22 11:10 - 2013-11-22 11:10 - 00003108 _____ C:\windows\System32\Tasks\{5BE4FE81-28B7-4099-9BCD-3F9C422805B7}
2013-11-22 11:10 - 2013-11-22 11:10 - 00003096 _____ C:\windows\System32\Tasks\{FBB3776E-4357-4149-8E30-1DF18647A013}
2013-11-22 11:08 - 2013-11-22 11:20 - 00000000 ____D C:\zoek_backup
2013-11-22 11:06 - 2013-11-22 11:07 - 04044244 _____ C:\Users\Sean\Downloads\zoek.zip
2013-11-21 23:24 - 2013-11-20 18:55 - 3532989059 ____R C:\Users\Sean\Desktop\NBA.RS.2013.11.16.Nets@Clippers.720p60.chris11.mkv
2013-11-21 22:16 - 2013-11-21 17:13 - 2252901216 ____R C:\Users\Sean\Desktop\2013.11.20.LAC@MIN.720p.mkv
2013-11-21 15:08 - 2013-11-21 15:08 - 00891200 _____ C:\Users\Sean\Downloads\SecurityCheck.exe
2013-11-20 22:25 - 2013-11-20 22:25 - 00602112 _____ (OldTimer Tools) C:\Users\Sean\Downloads\OTL (3).exe
2013-11-20 22:22 - 2013-11-20 22:22 - 00602112 _____ (OldTimer Tools) C:\Users\Sean\Downloads\OTL (2).exe
2013-11-20 22:17 - 2013-11-20 22:17 - 00000000 ____D C:\_OTL
2013-11-20 22:13 - 2013-11-20 22:13 - 00602112 _____ (OldTimer Tools) C:\Users\Sean\Downloads\OTL (1).exe
2013-11-20 22:03 - 2013-11-23 18:25 - 00000000 ____D C:\Users\Sean\AppData\Local\CrashDumps
2013-11-20 16:24 - 2013-11-20 16:24 - 00073300 _____ C:\Users\Sean\Desktop\Extras.Txt
2013-11-20 16:23 - 2013-11-20 16:24 - 00202370 _____ C:\Users\Sean\Desktop\OTL.Txt
2013-11-20 16:19 - 2013-11-20 16:19 - 00073300 _____ C:\Users\Sean\Downloads\Extras.Txt
2013-11-20 16:18 - 2013-11-21 13:34 - 00153322 _____ C:\Users\Sean\Downloads\OTL.Txt
2013-11-20 16:12 - 2013-11-20 16:12 - 00602112 _____ (OldTimer Tools) C:\Users\Sean\Downloads\OTL.exe
2013-11-19 20:30 - 2013-11-19 20:31 - 00023142 _____ C:\Users\Sean\Desktop\dds.txt
2013-11-19 20:30 - 2013-11-19 20:30 - 00206223 _____ C:\Users\Sean\Desktop\attach.txt
2013-11-19 20:29 - 2013-11-19 20:29 - 00688992 ____R (Swearware) C:\Users\Sean\Downloads\dds.com
2013-11-19 20:28 - 2013-11-23 18:25 - 00000000 ____D C:\Program Files\DivX
2013-11-19 20:28 - 2013-11-21 23:23 - 00000000 ____D C:\Users\Sean\AppData\Roaming\DivX
2013-11-19 20:26 - 2013-11-23 19:02 - 00000000 ____D C:\ProgramData\DivX
2013-11-19 20:26 - 2013-11-23 18:25 - 00000000 ____D C:\Program Files (x86)\DivX
2013-11-19 20:26 - 2013-11-23 18:20 - 00000000 ____D C:\Program Files (x86)\DSP-worx
2013-11-19 20:26 - 2013-11-19 20:26 - 00000000 ____D C:\Users\Sean\AppData\Roaming\LavFilters
2013-11-19 20:26 - 2013-11-19 20:26 - 00000000 ____D C:\Users\Sean\AppData\Roaming\CDXReader
2013-11-19 16:41 - 2013-11-19 16:41 - 00002571 _____ C:\Users\Sean\Desktop\AdwCleaner[s0].txt
2013-11-19 16:35 - 2013-11-19 16:37 - 00000000 ____D C:\AdwCleaner
2013-11-19 16:34 - 2013-11-19 16:34 - 01085542 _____ C:\Users\Sean\Downloads\AdwCleaner.exe
2013-11-19 14:00 - 2013-11-19 14:00 - 00027004 _____ C:\ComboFix.txt
2013-11-19 13:27 - 2011-06-26 07:45 - 00256000 _____ C:\windows\PEV.exe
2013-11-19 13:27 - 2010-11-07 18:20 - 00208896 _____ C:\windows\MBR.exe
2013-11-19 13:27 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2013-11-19 13:27 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2013-11-19 13:27 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2013-11-19 13:27 - 2000-08-31 01:00 - 00098816 _____ C:\windows\sed.exe
2013-11-19 13:27 - 2000-08-31 01:00 - 00080412 _____ C:\windows\grep.exe
2013-11-19 13:27 - 2000-08-31 01:00 - 00068096 _____ C:\windows\zip.exe
2013-11-19 13:22 - 2013-11-19 14:00 - 00000000 ____D C:\Qoobox
2013-11-19 13:21 - 2013-11-19 13:36 - 05146522 ____R (Swearware) C:\Users\Sean\Downloads\ComboFix.exe
2013-11-19 11:39 - 2013-11-19 11:39 - 00001923 _____ C:\Users\Sean\Desktop\RKreport[0]_D_11192013_113947.txt
2013-11-19 11:34 - 2013-11-19 11:34 - 00001870 _____ C:\Users\Sean\Desktop\RKreport[0]_S_11192013_113416.txt
2013-11-19 11:32 - 2013-11-19 11:53 - 00000000 ____D C:\Users\Sean\Desktop\RK_Quarantine
2013-11-19 11:32 - 2013-11-19 11:32 - 03679744 _____ C:\Users\Sean\Downloads\RogueKiller.exe
2013-11-19 11:29 - 2013-11-19 13:59 - 00000000 ____D C:\windows\ERDNT
2013-11-19 11:29 - 2013-11-19 11:29 - 00003122 _____ C:\windows\System32\Tasks\{C04D534E-97EE-4D3B-B2C8-3C0682B8D9ED}
2013-11-19 11:28 - 2013-11-19 11:28 - 00000000 ____D C:\Users\Sean\Desktop\erunt
2013-11-19 11:27 - 2013-11-19 11:27 - 01898232 _____ (Bleeping Computer, LLC) C:\Users\Sean\Downloads\rkill (1).exe
2013-11-19 11:27 - 2013-11-19 11:27 - 00513320 _____ C:\Users\Sean\Desktop\erunt.zip
2013-11-19 11:23 - 2013-11-19 11:23 - 00513320 _____ C:\Users\Sean\Downloads\erunt.zip
2013-11-19 11:16 - 2013-11-19 11:27 - 00000000 ____D C:\Users\Sean\Desktop\rkill
2013-11-19 11:15 - 2013-11-19 11:28 - 00002380 _____ C:\Users\Sean\Desktop\Rkill.txt
2013-11-19 11:15 - 2013-11-19 11:15 - 01898232 _____ (Bleeping Computer, LLC) C:\Users\Sean\Downloads\rkill.exe
2013-11-18 13:36 - 2013-11-22 11:07 - 01397113 _____ C:\Users\Sean\Desktop\zoek.scr
2013-11-18 13:36 - 2013-11-22 11:07 - 01397113 _____ C:\Users\Sean\Desktop\zoek.com
2013-11-17 20:56 - 2013-11-17 20:56 - 00000000 ____D C:\Users\Sean\AppData\Roaming\Malwarebytes
2013-11-17 20:55 - 2013-11-17 20:55 - 00001115 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-17 20:55 - 2013-11-17 20:55 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-17 20:55 - 2013-11-17 20:55 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-17 20:55 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2013-11-17 20:54 - 2013-11-17 20:54 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Sean\Downloads\mbam-setup-1.75.0.1300.exe
2013-11-17 19:02 - 2013-11-17 19:05 - 00000880 _____ C:\windows\system32\Drivers\kgpcpy.cfg
2013-11-17 18:52 - 2013-11-17 18:52 - 00007597 _____ C:\Users\Sean\AppData\Local\Resmon.ResmonCfg
2013-11-17 18:18 - 2013-11-17 18:18 - 00707664 _____ (iS3, Inc.) C:\Users\Sean\Downloads\SZSetup_AID10121_AV.exe
2013-11-17 16:25 - 2013-11-17 16:25 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Sean\Downloads\SpyHunter-Installer (2).exe
2013-11-17 16:21 - 2013-11-17 16:21 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Sean\Downloads\SpyHunter-Installer (1).exe
2013-11-17 14:21 - 2013-11-17 14:21 - 00000000 _____ C:\autoexec.bat
2013-11-17 14:20 - 2013-11-17 14:20 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-11-17 14:17 - 2013-11-17 14:17 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Sean\Downloads\SpyHunter-Installer.exe
2013-11-16 21:33 - 2013-11-16 21:33 - 00036724 _____ C:\Users\Sean\Downloads\[kickass.to]rosetta.stone.french.audio.companion.torrent
2013-11-16 21:33 - 2013-11-16 21:33 - 00036724 _____ C:\Users\Sean\Downloads\[kickass.to]rosetta.stone.french.audio.companion (1).torrent
2013-11-16 21:13 - 2013-11-16 21:51 - 00000000 ____D C:\Users\Sean\Downloads\www.Torrenting.com - NBA.2013.11.15.Timberwolves.Vs.Nuggets.HDTV.x264-MATCH
2013-11-16 21:11 - 2013-11-16 21:11 - 00111661 _____ C:\Users\Sean\Downloads\[kickass.to]nba.2013.11.15.timberwolves.vs.nuggets.hdtv.x264.match.torrent
2013-11-16 11:30 - 2013-11-16 11:30 - 00000000 ____D C:\Users\Sean\Downloads\ANDREW BIRD - DISCOGRAPHY [CHANNEL NEO]
2013-11-16 11:29 - 2013-11-16 11:29 - 00066247 _____ C:\Users\Sean\Downloads\[kickass.to]andrew.bird.discography.channel.neo.torrent
2013-11-16 10:29 - 2013-11-16 10:29 - 00012288 _____ C:\Users\Sean\Downloads\[kickass.to]frank.ocean.channel.orange.explicit.version.2012.album.sw.torrent
2013-11-16 00:16 - 2013-11-17 12:29 - 00000000 ____D C:\Program Files (x86)\Notificatoin
2013-11-16 00:02 - 2013-11-16 00:05 - 00000000 ____D C:\Users\Sean\AppData\Roaming\DAEMON Tools Ultra
2013-11-16 00:02 - 2013-11-16 00:02 - 00000000 ____D C:\ProgramData\DAEMON Tools Ultra
2013-11-15 19:36 - 2013-11-15 19:36 - 00000000 ____D C:\Users\Sean\Downloads\Amelie [Amélie Poulain].2001.BRRip.x264.AAC[5.1]-VLiS
2013-11-15 19:35 - 2013-11-15 19:35 - 00056449 _____ C:\Users\Sean\Downloads\[kickass.to]amelie.amélie.poulain.2001.brrip.x264.aac.5.1.vlis.torrent
2013-11-15 13:12 - 2013-11-15 15:43 - 2097530937 _____ C:\Users\Sean\Downloads\2013.11.14.OKC@GSW.720p.mkv
2013-11-14 16:50 - 2013-11-14 16:50 - 00013156 _____ C:\Users\Sean\Downloads\[kickass.to]nba.13.11.2013.rs.thunder.clippers.h264.mkv.30fps.aac.720p.makar75 (1).torrent
2013-11-14 15:59 - 2013-11-14 15:59 - 00019911 _____ C:\Users\Sean\Downloads\[kickass.to]rosetta.stone.v3.french.speech.preinstalled.exe.lvl.1.5.torrent
2013-11-14 15:55 - 2013-11-14 15:55 - 00000000 ____D C:\ProgramData\Rosetta Stone
2013-11-14 15:55 - 2013-11-14 15:55 - 00000000 ____D C:\Program Files (x86)\Rosetta Stone
2013-11-14 15:51 - 2013-11-14 19:09 - 2609271863 _____ C:\Users\Sean\Downloads\13.11.13 OKC-LAC 720_30fps.mkv
2013-11-14 15:44 - 2013-11-14 15:44 - 00018020 _____ C:\Users\Sean\Downloads\[kickass.to]rosetta.stone.v3.4.7.preinstalled.exe.torrent
2013-11-14 15:40 - 2013-11-14 15:40 - 00013156 _____ C:\Users\Sean\Downloads\[kickass.to]nba.13.11.2013.rs.thunder.clippers.h264.mkv.30fps.aac.720p.makar75.torrent
2013-11-14 15:27 - 2013-11-14 15:27 - 00000000 ____D C:\Users\Sean\AppData\Roaming\dvdcss
2013-11-14 15:21 - 2013-11-14 15:21 - 00000000 ____D C:\windows\TempA9A3BDE3-0E98-20F3-BBE2-D9E242E06C18-Signatures
2013-11-14 14:59 - 2013-11-14 14:59 - 00000959 _____ C:\Users\Sean\Desktop\MagicDisc.lnk
2013-11-14 14:59 - 2013-11-14 14:59 - 00000000 ____D C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MagicDisc
2013-11-14 14:59 - 2013-11-14 14:59 - 00000000 ____D C:\Program Files (x86)\MagicDisc
2013-11-14 14:59 - 2009-02-24 18:35 - 00255552 _____ (MagicISO, Inc.) C:\windows\SysWOW64\Drivers\mcdbus.sys
2013-11-14 14:59 - 2009-02-24 18:35 - 00255552 _____ (MagicISO, Inc.) C:\windows\system32\Drivers\mcdbus.sys
2013-11-14 14:58 - 2013-11-14 14:59 - 01352435 _____ C:\Users\Sean\Downloads\setup_magicdisc.exe
2013-11-14 14:53 - 2013-11-14 14:53 - 03067400 _____ C:\Users\Sean\Downloads\Setup_MagicISO.exe
2013-11-13 12:40 - 2013-11-13 12:40 - 00012989 _____ C:\Users\Sean\Downloads\[kickass.to]rosetta.stone.spanish.la.jowder.torrent
2013-11-13 12:40 - 2013-11-13 12:40 - 00010903 _____ C:\Users\Sean\Downloads\[kickass.to]rosetta.stone.v3.spanish.la.v3.speech.preinstalled.exe.level.1.2.3.4.5.torrent
2013-11-13 11:56 - 2013-11-20 16:04 - 00000000 ____D C:\Users\Sean\Downloads\Rosetta Stone - French - Level 1, 2, 3, 4, 5
2013-11-13 11:51 - 2013-11-13 11:51 - 00020643 _____ C:\Users\Sean\Downloads\[kickass.to]rosetta.stone.french.level.1.2.3.4.5.torrent
2013-11-11 17:20 - 2013-11-11 17:20 - 00000000 ____D C:\ProgramData\Creative
2013-11-11 13:00 - 2013-11-11 13:17 - 00000000 ____D C:\Users\Sean\Downloads\Lucius-Wildewoman-CD-FLAC-2013-PERFECT
2013-11-11 12:55 - 2013-11-11 12:55 - 00023896 _____ C:\Users\Sean\Downloads\[kickass.to]lucius.wildewoman.2013.flac.torrent
2013-11-11 12:23 - 2013-11-11 16:49 - 00000000 ____D C:\Users\Sean\Downloads\[ www.Speed.Cd ] - Connected.An.Autoblogography.About.Love.Death.And.Technology.2011.DVDRip.XviD-WiDE
2013-11-10 21:17 - 2013-11-11 12:45 - 00000000 ____D C:\Users\Sean\Downloads\[ www.Torrenting.com ] - Ai.Weiwei.Never.Sorry.2012.LiMiTED.DVDRip.XviD-LPD
2013-11-10 20:46 - 2013-11-10 20:46 - 00056594 _____ C:\Users\Sean\Downloads\[kickass.to]ai.weiwei.never.sorry.2012.limited.dvdrip.xvid.lpd.torrent
2013-11-10 20:36 - 2013-11-10 20:36 - 00060694 _____ C:\Users\Sean\Downloads\[kickass.to]connected.an.autoblogography.about.love.death.and.technology.201.torrent
2013-11-10 20:32 - 2013-11-11 12:12 - 00000000 ____D C:\Users\Sean\Downloads\The.Art.of.The.Steal.LIMITED.DVDRip.XviD-SUBMERGE [NO-RAR] - [ www.torrentday.com ]
2013-11-10 20:31 - 2013-11-10 20:31 - 00057029 _____ C:\Users\Sean\Downloads\[kickass.to]the.art.of.the.steal.limited.dvdrip.xvid.submerge.torrent
2013-11-10 20:24 - 2013-11-10 20:29 - 00000000 ____D C:\Users\Sean\Downloads\Waste.Land.(2011).DvDRip.XviD.AC3.[MV.Group]-[GRG]-
2013-11-10 20:19 - 2013-11-10 20:19 - 00060371 _____ C:\Users\Sean\Downloads\[kickass.to]waste.land.2010.limited.subbed.docu.dvdrip.xvid.nodlabs.torrent
2013-11-10 20:19 - 2013-11-10 20:19 - 00012036 _____ C:\Users\Sean\Downloads\[kickass.to]waste.land.2011.dvdrip.xvid.ac3.mv.group.grg.torrent
2013-11-10 20:18 - 2013-11-10 21:24 - 00000000 ____D C:\Users\Sean\Downloads\[OurRelease.Org] - Something.from.Nothing!The.Art.Of.Rap.2012.DVDRip.XviD.AC3-4PlayHD
2013-11-10 20:17 - 2013-11-10 20:17 - 00063912 _____ C:\Users\Sean\Downloads\[kickass.to]something.from.nothing.the.art.of.rap.2012.dvdrip.xvid.ac3.4playhd.torrent
2013-11-10 20:06 - 2013-11-11 15:22 - 00000000 ____D C:\Users\Sean\Downloads\Spring.Awakening.PDTV.XviD-AMiGOS
2013-11-10 20:04 - 2013-11-11 13:12 - 2277905181 _____ C:\Users\Sean\Downloads\Jiro.Dreams.of.Sushi.720p.Bluray.x264.AC3.MVGroup.Forum.mkv
2013-11-10 20:00 - 2013-11-10 20:00 - 00011453 _____ C:\Users\Sean\Downloads\[kickass.to]jiro.dreams.of.sushi.720p.bluray.x264.ac3.mvgroup.torrent
2013-11-10 19:49 - 2013-11-10 20:11 - 00000000 ____D C:\Users\Sean\Downloads\Man.On.Wire.2008.Limited.720p.BRRip.x264.ogg.mkv-anoXmous
2013-11-10 19:48 - 2013-11-10 19:48 - 00014492 _____ C:\Users\Sean\Downloads\[kickass.to]man.on.wire.2008.limited.720p.brrip.anoxmous.torrent
2013-11-10 19:35 - 2013-11-10 19:35 - 00014698 _____ C:\Users\Sean\Downloads\[kickass.to]spring.awakening.pdtv.xvid.amigos.torrent
2013-11-10 13:07 - 2013-11-10 13:07 - 00017477 _____ C:\Users\Sean\Downloads\[kickass.to]nba.07.11.2013.rs.lakers.rockets.h264.ts.50fps.aac.720p.mr.drax.torrent
2013-11-08 09:27 - 2013-11-08 09:30 - 00000000 ____D C:\Users\Sean\Downloads\Nothing Was the Same
2013-11-08 09:27 - 2013-11-08 09:27 - 00015287 _____ C:\Users\Sean\Downloads\[kickass.to]drake.nothing.was.the.same.2013.album.torrent
2013-11-08 09:22 - 2013-11-08 09:22 - 00017127 _____ C:\Users\Sean\Downloads\[kickass.to]nba.07.11.2013.rs.clippers.heat.h264.mkv.60fps.aac.720p.chris11.torrent
2013-11-07 15:43 - 2013-11-07 15:43 - 00011261 _____ C:\Users\Sean\Downloads\[kickass.to]nba.06.11.2013.rs.mavericks.thunder.h264.mkv.30fps.aac.540p.ilvarsh.torrent
2013-11-05 14:48 - 2013-11-05 14:48 - 00011984 _____ C:\Users\Sean\Downloads\[kickass.to]nba.04.11.2013.rs.rockets.clippers.h264.mkv.30fps.aac.720p.mr.drax.torrent
2013-11-04 12:47 - 2013-11-04 12:47 - 00019477 _____ C:\Users\Sean\Downloads\[kickass.to]nba.2013.rs.01.nov.la.clippers.v.sac.kings.720p.60fps.torrent
2013-11-03 14:18 - 2013-11-03 14:23 - 00000000 ____D C:\Users\Sean\Downloads\Lana Del Ray - God Bless America-2012-MIXFIEND
2013-11-03 14:18 - 2013-11-03 14:18 - 00036840 _____ C:\Users\Sean\Downloads\[kickass.to]lana.del.ray.god.bless.america.2012.mixfiend.torrent
2013-11-03 13:34 - 2013-11-03 13:34 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-11-03 13:32 - 2013-11-03 13:32 - 01550496 _____ (Skype Technologies S.A.) C:\Users\Sean\Downloads\SkypeSetup.exe
2013-11-02 23:11 - 2013-11-02 23:11 - 00017790 _____ C:\Users\Sean\Downloads\[kickass.to]nba.2013.rs.01.nov.sa.spurs.v.la.lakers.720p.60fps.torrent
2013-11-02 23:10 - 2013-11-02 23:10 - 00017020 _____ C:\Users\Sean\Downloads\[kickass.to]nba.30.01.2013.rs.heat.nets.h264.mkv.60fps.aac.720p.m4rtyr (2).torrent
2013-11-02 15:49 - 2013-11-02 15:49 - 00017020 _____ C:\Users\Sean\Downloads\[kickass.to]nba.30.01.2013.rs.heat.nets.h264.mkv.60fps.aac.720p.m4rtyr (1).torrent
2013-11-02 15:48 - 2013-11-02 15:48 - 00014852 _____ C:\Users\Sean\Downloads\13.11.02-2013.11.01.MIA@BKN.540p.mkv.torrent
2013-11-02 15:46 - 2013-11-02 15:46 - 00014424 _____ C:\Users\Sean\Downloads\[kickass.to]nba.2013.rs.01.nov.mia.heat.v.bkn.nets.720p.torrent
2013-11-02 15:45 - 2013-11-02 15:45 - 00017020 _____ C:\Users\Sean\Downloads\[kickass.to]nba.30.01.2013.rs.heat.nets.h264.mkv.60fps.aac.720p.m4rtyr.torrent
2013-11-02 15:41 - 2013-11-02 15:41 - 00021472 _____ C:\Users\Sean\Downloads\13.11.02-NBA.RS.2013.11.01.Heat@Nets.720p60.chris11.mkv.torrent
2013-11-02 15:41 - 2013-11-02 15:41 - 00021472 _____ C:\Users\Sean\Downloads\13.11.02-NBA.RS.2013.11.01.Heat@Nets.720p60.chris11.mkv (1).torrent
2013-11-02 15:26 - 2013-11-02 15:55 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-11-02 15:26 - 2013-11-02 15:26 - 00001264 _____ C:\Users\Sean\Desktop\Spybot - Search & Destroy.lnk
2013-11-02 15:26 - 2013-11-02 15:26 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2013-11-02 15:23 - 2013-11-02 15:23 - 16409960 _____ (Safer Networking Limited                                    ) C:\Users\Sean\Downloads\spybotsd162.exe
2013-11-02 15:19 - 2013-11-02 15:20 - 40658208 _____ (Safer-Networking Ltd.                                       ) C:\Users\Sean\Downloads\spybot-2.2.exe
2013-11-02 15:10 - 2013-11-02 15:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-02 10:10 - 2013-11-02 10:10 - 00003406 _____ C:\windows\System32\Tasks\{10315053-E0B0-4A40-B922-89999C0B63DD}
2013-11-02 01:35 - 2013-11-02 12:34 - 00000000 ____D C:\Users\Sean\AppData\Roaming\AffiliatedUpdate
2013-11-02 01:35 - 2013-11-02 01:35 - 00000000 ____D C:\Program Files (x86)\FLV Player
2013-11-01 23:42 - 2013-11-14 15:22 - 00000000 ____D C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Feed2All
2013-11-01 23:42 - 2013-11-03 13:39 - 00000000 ____D C:\Program Files (x86)\Feed2All
2013-11-01 17:45 - 2013-11-22 11:07 - 01269760 _____ C:\Users\Sean\Desktop\zoek.exe
2013-11-01 15:45 - 2013-11-01 15:45 - 00000000 ____D C:\Users\Sean\AppData\Roaming\Roxio Log Files
2013-11-01 11:41 - 2013-11-01 11:43 - 00000000 ____D C:\Users\Sean\Downloads\The xx- (2012) Coexist  Projeto Chernobyl
2013-11-01 11:41 - 2013-11-01 11:41 - 00016569 _____ C:\Users\Sean\Downloads\[kickass.to]the.xx.2012.coexist.projeto.chernobyl.torrent
2013-11-01 10:00 - 2013-11-01 10:02 - 00000000 ____D C:\Users\Sean\Downloads\Arcade Fire - Reflektor [2013] 320
2013-11-01 09:59 - 2013-11-01 09:59 - 00014593 _____ C:\Users\Sean\Downloads\[kickass.to]arcade.fire.reflektor.2013.320.torrent
2013-10-29 22:55 - 2013-11-23 03:21 - 00000000 ____D C:\Users\Sean\AppData\Roaming\vlc
2013-10-29 22:52 - 2013-10-29 22:52 - 00001072 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-10-29 22:50 - 2013-10-29 22:50 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2013-10-29 22:49 - 2013-10-29 22:49 - 24278649 _____ C:\Users\Sean\Downloads\vlc-2.1.0-win32.exe
2013-10-29 22:17 - 2013-10-29 22:17 - 00000000 ____D C:\Users\Sean\AppData\Roaming\HandBrake
2013-10-28 17:51 - 2013-10-28 17:57 - 00000000 ____D C:\Users\Sean\Downloads\The Truman Show (1998)
2013-10-28 17:51 - 2013-10-28 17:51 - 00011936 _____ C:\Users\Sean\Downloads\[kickass.to]the.truman.show.1998.720p.mkv.550mb.yify.torrent
 
==================== One Month Modified Files and Folders =======
 
2013-11-24 13:15 - 2013-11-24 13:15 - 00013564 _____ C:\Users\Sean\Downloads\FRST.txt
2013-11-24 13:15 - 2013-11-24 13:15 - 00000000 ____D C:\FRST
2013-11-24 13:15 - 2013-11-24 13:14 - 01958396 _____ (Farbar) C:\Users\Sean\Downloads\FRST64.exe
2013-11-24 13:15 - 2012-04-13 19:22 - 01408567 _____ C:\windows\WindowsUpdate.log
2013-11-24 13:14 - 2013-11-24 13:14 - 01091525 _____ (Farbar) C:\Users\Sean\Downloads\FRST.exe
2013-11-24 13:07 - 2012-04-13 19:34 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2013-11-24 13:07 - 2012-04-13 19:34 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-11-24 13:07 - 2009-07-14 05:45 - 00020928 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-24 13:07 - 2009-07-14 05:45 - 00020928 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-24 13:01 - 2012-04-13 20:09 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2013-11-24 13:00 - 2012-04-13 20:21 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2013-11-24 13:00 - 2012-04-13 20:21 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2013-11-24 13:00 - 2009-07-14 06:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-11-24 13:00 - 2009-07-14 05:51 - 00068129 _____ C:\windows\setupact.log
2013-11-24 01:05 - 2012-07-07 02:35 - 00000904 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2959331061-3114946027-3341037765-1000UA.job
2013-11-23 20:50 - 2009-07-14 06:13 - 00778834 _____ C:\windows\system32\PerfStringBackup.INI
2013-11-23 19:05 - 2012-04-13 19:51 - 00000000 ____D C:\ProgramData\Sonic
2013-11-23 19:02 - 2013-11-19 20:26 - 00000000 ____D C:\ProgramData\DivX
2013-11-23 19:02 - 2010-11-21 04:47 - 00080106 _____ C:\windows\PFRO.log
2013-11-23 18:25 - 2013-11-20 22:03 - 00000000 ____D C:\Users\Sean\AppData\Local\CrashDumps
2013-11-23 18:25 - 2013-11-19 20:28 - 00000000 ____D C:\Program Files\DivX
2013-11-23 18:25 - 2013-11-19 20:26 - 00000000 ____D C:\Program Files (x86)\DivX
2013-11-23 18:20 - 2013-11-19 20:26 - 00000000 ____D C:\Program Files (x86)\DSP-worx
2013-11-23 18:12 - 2013-11-23 18:12 - 03007700 _____ C:\Users\Sean\Downloads\revouninstaller.zip
2013-11-23 03:21 - 2013-10-29 22:55 - 00000000 ____D C:\Users\Sean\AppData\Roaming\vlc
2013-11-22 11:24 - 2013-11-22 11:13 - 00065154 _____ C:\zoek-results.log
2013-11-22 11:20 - 2013-11-22 11:08 - 00000000 ____D C:\zoek_backup
2013-11-22 11:12 - 2013-11-22 11:22 - 00024064 _____ C:\windows\zoek-delete.exe
2013-11-22 11:10 - 2013-11-22 11:10 - 04044244 _____ C:\Users\Sean\Downloads\zoek (1).zip
2013-11-22 11:10 - 2013-11-22 11:10 - 00003108 _____ C:\windows\System32\Tasks\{5BE4FE81-28B7-4099-9BCD-3F9C422805B7}
2013-11-22 11:10 - 2013-11-22 11:10 - 00003096 _____ C:\windows\System32\Tasks\{FBB3776E-4357-4149-8E30-1DF18647A013}
2013-11-22 11:07 - 2013-11-22 11:06 - 04044244 _____ C:\Users\Sean\Downloads\zoek.zip
2013-11-22 11:07 - 2013-11-18 13:36 - 01397113 _____ C:\Users\Sean\Desktop\zoek.scr
2013-11-22 11:07 - 2013-11-18 13:36 - 01397113 _____ C:\Users\Sean\Desktop\zoek.com
2013-11-22 11:07 - 2013-11-01 17:45 - 01269760 _____ C:\Users\Sean\Desktop\zoek.exe
2013-11-21 23:23 - 2013-11-19 20:28 - 00000000 ____D C:\Users\Sean\AppData\Roaming\DivX
2013-11-21 17:13 - 2013-11-21 22:16 - 2252901216 ____R C:\Users\Sean\Desktop\2013.11.20.LAC@MIN.720p.mkv
2013-11-21 15:08 - 2013-11-21 15:08 - 00891200 _____ C:\Users\Sean\Downloads\SecurityCheck.exe
2013-11-21 13:58 - 2012-07-07 02:35 - 00000852 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2959331061-3114946027-3341037765-1000Core.job
2013-11-21 13:34 - 2013-11-20 16:18 - 00153322 _____ C:\Users\Sean\Downloads\OTL.Txt
2013-11-20 22:25 - 2013-11-20 22:25 - 00602112 _____ (OldTimer Tools) C:\Users\Sean\Downloads\OTL (3).exe
2013-11-20 22:22 - 2013-11-20 22:22 - 00602112 _____ (OldTimer Tools) C:\Users\Sean\Downloads\OTL (2).exe
2013-11-20 22:17 - 2013-11-20 22:17 - 00000000 ____D C:\_OTL
2013-11-20 22:13 - 2013-11-20 22:13 - 00602112 _____ (OldTimer Tools) C:\Users\Sean\Downloads\OTL (1).exe
2013-11-20 18:55 - 2013-11-21 23:24 - 3532989059 ____R C:\Users\Sean\Desktop\NBA.RS.2013.11.16.Nets@Clippers.720p60.chris11.mkv
2013-11-20 16:24 - 2013-11-20 16:24 - 00073300 _____ C:\Users\Sean\Desktop\Extras.Txt
2013-11-20 16:24 - 2013-11-20 16:23 - 00202370 _____ C:\Users\Sean\Desktop\OTL.Txt
2013-11-20 16:19 - 2013-11-20 16:19 - 00073300 _____ C:\Users\Sean\Downloads\Extras.Txt
2013-11-20 16:12 - 2013-11-20 16:12 - 00602112 _____ (OldTimer Tools) C:\Users\Sean\Downloads\OTL.exe
2013-11-20 16:04 - 2013-11-13 11:56 - 00000000 ____D C:\Users\Sean\Downloads\Rosetta Stone - French - Level 1, 2, 3, 4, 5
2013-11-20 16:02 - 2012-07-06 01:12 - 00103000 _____ C:\Users\Sean\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-20 16:01 - 2009-07-14 05:45 - 00407320 _____ C:\windows\system32\FNTCACHE.DAT
2013-11-19 20:31 - 2013-11-19 20:30 - 00023142 _____ C:\Users\Sean\Desktop\dds.txt
2013-11-19 20:30 - 2013-11-19 20:30 - 00206223 _____ C:\Users\Sean\Desktop\attach.txt
2013-11-19 20:29 - 2013-11-19 20:29 - 00688992 ____R (Swearware) C:\Users\Sean\Downloads\dds.com
2013-11-19 20:26 - 2013-11-19 20:26 - 00000000 ____D C:\Users\Sean\AppData\Roaming\LavFilters
2013-11-19 20:26 - 2013-11-19 20:26 - 00000000 ____D C:\Users\Sean\AppData\Roaming\CDXReader
2013-11-19 16:41 - 2013-11-19 16:41 - 00002571 _____ C:\Users\Sean\Desktop\AdwCleaner[s0].txt
2013-11-19 16:37 - 2013-11-19 16:35 - 00000000 ____D C:\AdwCleaner
2013-11-19 16:34 - 2013-11-19 16:34 - 01085542 _____ C:\Users\Sean\Downloads\AdwCleaner.exe
2013-11-19 14:00 - 2013-11-19 14:00 - 00027004 _____ C:\ComboFix.txt
2013-11-19 14:00 - 2013-11-19 13:22 - 00000000 ____D C:\Qoobox
2013-11-19 14:00 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Default
2013-11-19 13:59 - 2013-11-19 11:29 - 00000000 ____D C:\windows\ERDNT
2013-11-19 13:55 - 2009-07-14 03:34 - 00000215 _____ C:\windows\system.ini
2013-11-19 13:54 - 2009-07-14 03:34 - 77594624 _____ C:\windows\system32\config\software.bak
2013-11-19 13:54 - 2009-07-14 03:34 - 19922944 _____ C:\windows\system32\config\system.bak
2013-11-19 13:54 - 2009-07-14 03:34 - 00262144 _____ C:\windows\system32\config\security.bak
2013-11-19 13:54 - 2009-07-14 03:34 - 00262144 _____ C:\windows\system32\config\sam.bak
2013-11-19 13:54 - 2009-07-14 03:34 - 00262144 _____ C:\windows\system32\config\default.bak
2013-11-19 13:36 - 2013-11-19 13:21 - 05146522 ____R (Swearware) C:\Users\Sean\Downloads\ComboFix.exe
2013-11-19 11:53 - 2013-11-19 11:32 - 00000000 ____D C:\Users\Sean\Desktop\RK_Quarantine
2013-11-19 11:39 - 2013-11-19 11:39 - 00001923 _____ C:\Users\Sean\Desktop\RKreport[0]_D_11192013_113947.txt
2013-11-19 11:39 - 2013-06-22 18:31 - 00003440 _____ C:\windows\System32\Tasks\PCDEventLauncherTask
2013-11-19 11:34 - 2013-11-19 11:34 - 00001870 _____ C:\Users\Sean\Desktop\RKreport[0]_S_11192013_113416.txt
2013-11-19 11:32 - 2013-11-19 11:32 - 03679744 _____ C:\Users\Sean\Downloads\RogueKiller.exe
2013-11-19 11:29 - 2013-11-19 11:29 - 00003122 _____ C:\windows\System32\Tasks\{C04D534E-97EE-4D3B-B2C8-3C0682B8D9ED}
2013-11-19 11:29 - 2012-07-06 01:14 - 00000000 ____D C:\Users\Sean\AppData\Local\VirtualStore
2013-11-19 11:28 - 2013-11-19 11:28 - 00000000 ____D C:\Users\Sean\Desktop\erunt
2013-11-19 11:28 - 2013-11-19 11:15 - 00002380 _____ C:\Users\Sean\Desktop\Rkill.txt
2013-11-19 11:27 - 2013-11-19 11:27 - 01898232 _____ (Bleeping Computer, LLC) C:\Users\Sean\Downloads\rkill (1).exe
2013-11-19 11:27 - 2013-11-19 11:27 - 00513320 _____ C:\Users\Sean\Desktop\erunt.zip
2013-11-19 11:27 - 2013-11-19 11:16 - 00000000 ____D C:\Users\Sean\Desktop\rkill
2013-11-19 11:23 - 2013-11-19 11:23 - 00513320 _____ C:\Users\Sean\Downloads\erunt.zip
2013-11-19 11:15 - 2013-11-19 11:15 - 01898232 _____ (Bleeping Computer, LLC) C:\Users\Sean\Downloads\rkill.exe
2013-11-18 12:10 - 2012-04-13 20:03 - 00000000 ____D C:\Program Files (x86)\Windows Live
2013-11-17 20:56 - 2013-11-17 20:56 - 00000000 ____D C:\Users\Sean\AppData\Roaming\Malwarebytes
2013-11-17 20:55 - 2013-11-17 20:55 - 00001115 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-17 20:55 - 2013-11-17 20:55 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-17 20:55 - 2013-11-17 20:55 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-17 20:54 - 2013-11-17 20:54 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Sean\Downloads\mbam-setup-1.75.0.1300.exe
2013-11-17 19:05 - 2013-11-17 19:02 - 00000880 _____ C:\windows\system32\Drivers\kgpcpy.cfg
2013-11-17 18:52 - 2013-11-17 18:52 - 00007597 _____ C:\Users\Sean\AppData\Local\Resmon.ResmonCfg
2013-11-17 18:24 - 2013-01-11 01:23 - 00000000 ____D C:\windows\Minidump
2013-11-17 18:18 - 2013-11-17 18:18 - 00707664 _____ (iS3, Inc.) C:\Users\Sean\Downloads\SZSetup_AID10121_AV.exe
2013-11-17 16:25 - 2013-11-17 16:25 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Sean\Downloads\SpyHunter-Installer (2).exe
2013-11-17 16:21 - 2013-11-17 16:21 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Sean\Downloads\SpyHunter-Installer (1).exe
2013-11-17 15:28 - 2009-07-14 04:20 - 00000000 ____D C:\windows\system32\NDF
2013-11-17 14:21 - 2013-11-17 14:21 - 00000000 _____ C:\autoexec.bat
2013-11-17 14:20 - 2013-11-17 14:20 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-11-17 14:17 - 2013-11-17 14:17 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Sean\Downloads\SpyHunter-Installer.exe
2013-11-17 12:29 - 2013-11-16 00:16 - 00000000 ____D C:\Program Files (x86)\Notificatoin
2013-11-16 21:51 - 2013-11-16 21:13 - 00000000 ____D C:\Users\Sean\Downloads\www.Torrenting.com - NBA.2013.11.15.Timberwolves.Vs.Nuggets.HDTV.x264-MATCH
2013-11-16 21:33 - 2013-11-16 21:33 - 00036724 _____ C:\Users\Sean\Downloads\[kickass.to]rosetta.stone.french.audio.companion.torrent
2013-11-16 21:33 - 2013-11-16 21:33 - 00036724 _____ C:\Users\Sean\Downloads\[kickass.to]rosetta.stone.french.audio.companion (1).torrent
2013-11-16 21:11 - 2013-11-16 21:11 - 00111661 _____ C:\Users\Sean\Downloads\[kickass.to]nba.2013.11.15.timberwolves.vs.nuggets.hdtv.x264.match.torrent
2013-11-16 11:30 - 2013-11-16 11:30 - 00000000 ____D C:\Users\Sean\Downloads\ANDREW BIRD - DISCOGRAPHY [CHANNEL NEO]
2013-11-16 11:29 - 2013-11-16 11:29 - 00066247 _____ C:\Users\Sean\Downloads\[kickass.to]andrew.bird.discography.channel.neo.torrent
2013-11-16 10:29 - 2013-11-16 10:29 - 00012288 _____ C:\Users\Sean\Downloads\[kickass.to]frank.ocean.channel.orange.explicit.version.2012.album.sw.torrent
2013-11-16 10:05 - 2013-06-22 18:30 - 00000000 ____D C:\Program Files\My Dell
2013-11-16 10:05 - 2012-07-07 21:00 - 00000000 ____D C:\ProgramData\PCDr
2013-11-16 00:05 - 2013-11-16 00:02 - 00000000 ____D C:\Users\Sean\AppData\Roaming\DAEMON Tools Ultra
2013-11-16 00:02 - 2013-11-16 00:02 - 00000000 ____D C:\ProgramData\DAEMON Tools Ultra
2013-11-15 19:36 - 2013-11-15 19:36 - 00000000 ____D C:\Users\Sean\Downloads\Amelie [Amélie Poulain].2001.BRRip.x264.AAC[5.1]-VLiS
2013-11-15 19:35 - 2013-11-15 19:35 - 00056449 _____ C:\Users\Sean\Downloads\[kickass.to]amelie.amélie.poulain.2001.brrip.x264.aac.5.1.vlis.torrent
2013-11-15 15:43 - 2013-11-15 13:12 - 2097530937 _____ C:\Users\Sean\Downloads\2013.11.14.OKC@GSW.720p.mkv
2013-11-14 21:11 - 2012-07-06 01:15 - 00000000 ____D C:\Users\Sean\AppData\Roaming\Dell
2013-11-14 19:09 - 2013-11-14 15:51 - 2609271863 _____ C:\Users\Sean\Downloads\13.11.13 OKC-LAC 720_30fps.mkv
2013-11-14 16:50 - 2013-11-14 16:50 - 00013156 _____ C:\Users\Sean\Downloads\[kickass.to]nba.13.11.2013.rs.thunder.clippers.h264.mkv.30fps.aac.720p.makar75 (1).torrent
2013-11-14 15:59 - 2013-11-14 15:59 - 00019911 _____ C:\Users\Sean\Downloads\[kickass.to]rosetta.stone.v3.french.speech.preinstalled.exe.lvl.1.5.torrent
2013-11-14 15:55 - 2013-11-14 15:55 - 00000000 ____D C:\ProgramData\Rosetta Stone
2013-11-14 15:55 - 2013-11-14 15:55 - 00000000 ____D C:\Program Files (x86)\Rosetta Stone
2013-11-14 15:44 - 2013-11-14 15:44 - 00018020 _____ C:\Users\Sean\Downloads\[kickass.to]rosetta.stone.v3.4.7.preinstalled.exe.torrent
2013-11-14 15:40 - 2013-11-14 15:40 - 00013156 _____ C:\Users\Sean\Downloads\[kickass.to]nba.13.11.2013.rs.thunder.clippers.h264.mkv.30fps.aac.720p.makar75.torrent
2013-11-14 15:27 - 2013-11-14 15:27 - 00000000 ____D C:\Users\Sean\AppData\Roaming\dvdcss
2013-11-14 15:25 - 2012-07-06 20:14 - 00001945 _____ C:\windows\epplauncher.mif
2013-11-14 15:22 - 2013-11-01 23:42 - 00000000 ____D C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Feed2All
2013-11-14 15:22 - 2012-07-06 20:12 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-11-14 15:21 - 2013-11-14 15:21 - 00000000 ____D C:\windows\TempA9A3BDE3-0E98-20F3-BBE2-D9E242E06C18-Signatures
2013-11-14 15:21 - 2012-07-06 20:12 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-11-14 14:59 - 2013-11-14 14:59 - 00000959 _____ C:\Users\Sean\Desktop\MagicDisc.lnk
2013-11-14 14:59 - 2013-11-14 14:59 - 00000000 ____D C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MagicDisc
2013-11-14 14:59 - 2013-11-14 14:59 - 00000000 ____D C:\Program Files (x86)\MagicDisc
2013-11-14 14:59 - 2013-11-14 14:58 - 01352435 _____ C:\Users\Sean\Downloads\setup_magicdisc.exe
2013-11-14 14:59 - 2012-07-06 01:14 - 00000000 ___RD C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-14 14:53 - 2013-11-14 14:53 - 03067400 _____ C:\Users\Sean\Downloads\Setup_MagicISO.exe
2013-11-14 14:51 - 2012-07-06 01:15 - 00000000 ____D C:\Users\Sean\AppData\Roaming\Roxio
2013-11-14 14:51 - 2012-04-13 19:51 - 00000000 ____D C:\ProgramData\Roxio
2013-11-13 12:40 - 2013-11-13 12:40 - 00012989 _____ C:\Users\Sean\Downloads\[kickass.to]rosetta.stone.spanish.la.jowder.torrent
2013-11-13 12:40 - 2013-11-13 12:40 - 00010903 _____ C:\Users\Sean\Downloads\[kickass.to]rosetta.stone.v3.spanish.la.v3.speech.preinstalled.exe.level.1.2.3.4.5.torrent
2013-11-13 11:51 - 2013-11-13 11:51 - 00020643 _____ C:\Users\Sean\Downloads\[kickass.to]rosetta.stone.french.level.1.2.3.4.5.torrent
2013-11-12 00:04 - 2012-09-28 11:03 - 00000000 ____D C:\Users\Sean\AppData\Roaming\Skype
2013-11-11 17:20 - 2013-11-11 17:20 - 00000000 ____D C:\ProgramData\Creative
2013-11-11 16:49 - 2013-11-11 12:23 - 00000000 ____D C:\Users\Sean\Downloads\[ www.Speed.Cd ] - Connected.An.Autoblogography.About.Love.Death.And.Technology.2011.DVDRip.XviD-WiDE
2013-11-11 15:22 - 2013-11-10 20:06 - 00000000 ____D C:\Users\Sean\Downloads\Spring.Awakening.PDTV.XviD-AMiGOS
2013-11-11 13:17 - 2013-11-11 13:00 - 00000000 ____D C:\Users\Sean\Downloads\Lucius-Wildewoman-CD-FLAC-2013-PERFECT
2013-11-11 13:12 - 2013-11-10 20:04 - 2277905181 _____ C:\Users\Sean\Downloads\Jiro.Dreams.of.Sushi.720p.Bluray.x264.AC3.MVGroup.Forum.mkv
2013-11-11 12:55 - 2013-11-11 12:55 - 00023896 _____ C:\Users\Sean\Downloads\[kickass.to]lucius.wildewoman.2013.flac.torrent
2013-11-11 12:45 - 2013-11-10 21:17 - 00000000 ____D C:\Users\Sean\Downloads\[ www.Torrenting.com ] - Ai.Weiwei.Never.Sorry.2012.LiMiTED.DVDRip.XviD-LPD
2013-11-11 12:12 - 2013-11-10 20:32 - 00000000 ____D C:\Users\Sean\Downloads\The.Art.of.The.Steal.LIMITED.DVDRip.XviD-SUBMERGE [NO-RAR] - [ www.torrentday.com ]
2013-11-10 21:24 - 2013-11-10 20:18 - 00000000 ____D C:\Users\Sean\Downloads\[OurRelease.Org] - Something.from.Nothing!The.Art.Of.Rap.2012.DVDRip.XviD.AC3-4PlayHD
2013-11-10 20:46 - 2013-11-10 20:46 - 00056594 _____ C:\Users\Sean\Downloads\[kickass.to]ai.weiwei.never.sorry.2012.limited.dvdrip.xvid.lpd.torrent
2013-11-10 20:36 - 2013-11-10 20:36 - 00060694 _____ C:\Users\Sean\Downloads\[kickass.to]connected.an.autoblogography.about.love.death.and.technology.201.torrent
2013-11-10 20:31 - 2013-11-10 20:31 - 00057029 _____ C:\Users\Sean\Downloads\[kickass.to]the.art.of.the.steal.limited.dvdrip.xvid.submerge.torrent
2013-11-10 20:29 - 2013-11-10 20:24 - 00000000 ____D C:\Users\Sean\Downloads\Waste.Land.(2011).DvDRip.XviD.AC3.[MV.Group]-[GRG]-
2013-11-10 20:19 - 2013-11-10 20:19 - 00060371 _____ C:\Users\Sean\Downloads\[kickass.to]waste.land.2010.limited.subbed.docu.dvdrip.xvid.nodlabs.torrent
2013-11-10 20:19 - 2013-11-10 20:19 - 00012036 _____ C:\Users\Sean\Downloads\[kickass.to]waste.land.2011.dvdrip.xvid.ac3.mv.group.grg.torrent
2013-11-10 20:17 - 2013-11-10 20:17 - 00063912 _____ C:\Users\Sean\Downloads\[kickass.to]something.from.nothing.the.art.of.rap.2012.dvdrip.xvid.ac3.4playhd.torrent
2013-11-10 20:11 - 2013-11-10 19:49 - 00000000 ____D C:\Users\Sean\Downloads\Man.On.Wire.2008.Limited.720p.BRRip.x264.ogg.mkv-anoXmous
2013-11-10 20:00 - 2013-11-10 20:00 - 00011453 _____ C:\Users\Sean\Downloads\[kickass.to]jiro.dreams.of.sushi.720p.bluray.x264.ac3.mvgroup.torrent
2013-11-10 19:48 - 2013-11-10 19:48 - 00014492 _____ C:\Users\Sean\Downloads\[kickass.to]man.on.wire.2008.limited.720p.brrip.anoxmous.torrent
2013-11-10 19:35 - 2013-11-10 19:35 - 00014698 _____ C:\Users\Sean\Downloads\[kickass.to]spring.awakening.pdtv.xvid.amigos.torrent
2013-11-10 13:07 - 2013-11-10 13:07 - 00017477 _____ C:\Users\Sean\Downloads\[kickass.to]nba.07.11.2013.rs.lakers.rockets.h264.ts.50fps.aac.720p.mr.drax.torrent
2013-11-09 09:45 - 2009-07-14 06:08 - 00032630 _____ C:\windows\Tasks\SCHEDLGU.TXT
2013-11-08 09:30 - 2013-11-08 09:27 - 00000000 ____D C:\Users\Sean\Downloads\Nothing Was the Same
2013-11-08 09:27 - 2013-11-08 09:27 - 00015287 _____ C:\Users\Sean\Downloads\[kickass.to]drake.nothing.was.the.same.2013.album.torrent
2013-11-08 09:22 - 2013-11-08 09:22 - 00017127 _____ C:\Users\Sean\Downloads\[kickass.to]nba.07.11.2013.rs.clippers.heat.h264.mkv.60fps.aac.720p.chris11.torrent
2013-11-07 15:43 - 2013-11-07 15:43 - 00011261 _____ C:\Users\Sean\Downloads\[kickass.to]nba.06.11.2013.rs.mavericks.thunder.h264.mkv.30fps.aac.540p.ilvarsh.torrent
2013-11-05 14:48 - 2013-11-05 14:48 - 00011984 _____ C:\Users\Sean\Downloads\[kickass.to]nba.04.11.2013.rs.rockets.clippers.h264.mkv.30fps.aac.720p.mr.drax.torrent
2013-11-04 12:47 - 2013-11-04 12:47 - 00019477 _____ C:\Users\Sean\Downloads\[kickass.to]nba.2013.rs.01.nov.la.clippers.v.sac.kings.720p.60fps.torrent
2013-11-03 18:15 - 2012-04-13 19:28 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-11-03 14:23 - 2013-11-03 14:18 - 00000000 ____D C:\Users\Sean\Downloads\Lana Del Ray - God Bless America-2012-MIXFIEND
2013-11-03 14:18 - 2013-11-03 14:18 - 00036840 _____ C:\Users\Sean\Downloads\[kickass.to]lana.del.ray.god.bless.america.2012.mixfiend.torrent
2013-11-03 13:39 - 2013-11-01 23:42 - 00000000 ____D C:\Program Files (x86)\Feed2All
2013-11-03 13:34 - 2013-11-03 13:34 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-11-03 13:34 - 2012-04-13 20:02 - 00000000 ____D C:\ProgramData\Skype
2013-11-03 13:32 - 2013-11-03 13:32 - 01550496 _____ (Skype Technologies S.A.) C:\Users\Sean\Downloads\SkypeSetup.exe
2013-11-02 23:11 - 2013-11-02 23:11 - 00017790 _____ C:\Users\Sean\Downloads\[kickass.to]nba.2013.rs.01.nov.sa.spurs.v.la.lakers.720p.60fps.torrent
2013-11-02 23:10 - 2013-11-02 23:10 - 00017020 _____ C:\Users\Sean\Downloads\[kickass.to]nba.30.01.2013.rs.heat.nets.h264.mkv.60fps.aac.720p.m4rtyr (2).torrent
2013-11-02 15:55 - 2013-11-02 15:26 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-11-02 15:49 - 2013-11-02 15:49 - 00017020 _____ C:\Users\Sean\Downloads\[kickass.to]nba.30.01.2013.rs.heat.nets.h264.mkv.60fps.aac.720p.m4rtyr (1).torrent
2013-11-02 15:48 - 2013-11-02 15:48 - 00014852 _____ C:\Users\Sean\Downloads\13.11.02-2013.11.01.MIA@BKN.540p.mkv.torrent
2013-11-02 15:46 - 2013-11-02 15:46 - 00014424 _____ C:\Users\Sean\Downloads\[kickass.to]nba.2013.rs.01.nov.mia.heat.v.bkn.nets.720p.torrent
2013-11-02 15:45 - 2013-11-02 15:45 - 00017020 _____ C:\Users\Sean\Downloads\[kickass.to]nba.30.01.2013.rs.heat.nets.h264.mkv.60fps.aac.720p.m4rtyr.torrent
2013-11-02 15:41 - 2013-11-02 15:41 - 00021472 _____ C:\Users\Sean\Downloads\13.11.02-NBA.RS.2013.11.01.Heat@Nets.720p60.chris11.mkv.torrent
2013-11-02 15:41 - 2013-11-02 15:41 - 00021472 _____ C:\Users\Sean\Downloads\13.11.02-NBA.RS.2013.11.01.Heat@Nets.720p60.chris11.mkv (1).torrent
2013-11-02 15:26 - 2013-11-02 15:26 - 00001264 _____ C:\Users\Sean\Desktop\Spybot - Search & Destroy.lnk
2013-11-02 15:26 - 2013-11-02 15:26 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2013-11-02 15:23 - 2013-11-02 15:23 - 16409960 _____ (Safer Networking Limited                                    ) C:\Users\Sean\Downloads\spybotsd162.exe
2013-11-02 15:20 - 2013-11-02 15:19 - 40658208 _____ (Safer-Networking Ltd.                                       ) C:\Users\Sean\Downloads\spybot-2.2.exe
2013-11-02 15:10 - 2013-11-02 15:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-02 12:35 - 2012-07-06 01:11 - 00000000 ____D C:\Users\Sean
2013-11-02 12:34 - 2013-11-02 01:35 - 00000000 ____D C:\Users\Sean\AppData\Roaming\AffiliatedUpdate
2013-11-02 12:34 - 2012-04-13 19:48 - 00000000 ____D C:\Program Files (x86)\eBay
2013-11-02 12:34 - 2012-04-13 19:35 - 00000000 ____D C:\Program Files (x86)\Realtek
2013-11-02 12:34 - 2012-04-13 19:28 - 00000000 ____D C:\Program Files (x86)\Creative Live! Cam
2013-11-02 12:34 - 2009-07-14 04:20 - 00000000 ____D C:\windows\registration
2013-11-02 10:11 - 2012-04-13 19:38 - 00000000 ____D C:\ProgramData\Cozi
2013-11-02 10:10 - 2013-11-02 10:10 - 00003406 _____ C:\windows\System32\Tasks\{10315053-E0B0-4A40-B922-89999C0B63DD}
2013-11-02 01:35 - 2013-11-02 01:35 - 00000000 ____D C:\Program Files (x86)\FLV Player
2013-11-01 15:45 - 2013-11-01 15:45 - 00000000 ____D C:\Users\Sean\AppData\Roaming\Roxio Log Files
2013-11-01 15:45 - 2012-04-13 19:59 - 00000000 ____D C:\ProgramData\WildTangent
2013-11-01 11:43 - 2013-11-01 11:41 - 00000000 ____D C:\Users\Sean\Downloads\The xx- (2012) Coexist  Projeto Chernobyl
2013-11-01 11:41 - 2013-11-01 11:41 - 00016569 _____ C:\Users\Sean\Downloads\[kickass.to]the.xx.2012.coexist.projeto.chernobyl.torrent
2013-11-01 10:02 - 2013-11-01 10:00 - 00000000 ____D C:\Users\Sean\Downloads\Arcade Fire - Reflektor [2013] 320
2013-11-01 09:59 - 2013-11-01 09:59 - 00014593 _____ C:\Users\Sean\Downloads\[kickass.to]arcade.fire.reflektor.2013.320.torrent
2013-10-29 22:52 - 2013-10-29 22:52 - 00001072 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-10-29 22:50 - 2013-10-29 22:50 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2013-10-29 22:49 - 2013-10-29 22:49 - 24278649 _____ C:\Users\Sean\Downloads\vlc-2.1.0-win32.exe
2013-10-29 22:17 - 2013-10-29 22:17 - 00000000 ____D C:\Users\Sean\AppData\Roaming\HandBrake
2013-10-29 22:14 - 2013-10-16 08:07 - 00000000 ____D C:\Users\Sean\AppData\Roaming\DVDVideoSoft
2013-10-28 17:57 - 2013-10-28 17:51 - 00000000 ____D C:\Users\Sean\Downloads\The Truman Show (1998)
2013-10-28 17:51 - 2013-10-28 17:51 - 00011936 _____ C:\Users\Sean\Downloads\[kickass.to]the.truman.show.1998.720p.mkv.550mb.yify.torrent
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-11-23 21:15
 
==================== End Of Log ============================

Addition.txt

Link to post
Share on other sites

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.


The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Next,

 

Run Malwarebytes,  Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware,

Make sure that everything is checked, and click Remove Selected on any found items.

Post the produced log
 

Next,

 

Please download SystemLook from the following link below and save it to your Desktop.

 http://jpshortstuff.247fixes.com/SystemLook_x64.exe

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

    :filefind*Scorpion*:folderfind*Scorpion*:regfind*Scorpion*Scorpion
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.


Note: The log can also be found on your Desktop entitled SystemLook.txt

 

Let me see those logs, tell me what issues/concerns remain
 

 

fixlist.txt

Link to post
Share on other sites

Hi Kevin,

 

Ran all the scans. Here are the produced logs. It's saying Scorpion Saver is gone--which it looks like it is. However--my Google Chrome and my Internet Explorer will not grant me access to Facebook or Gmail. It says I have an unsecure connection. In other words, the same problem we have previously discussed. Ugh! Thanks again for your persistence.

 

-Sean

 


Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-11-2013

Ran by Sean at 2013-11-24 22:14:55 Run:1

Running from C:\Users\Sean\Desktop

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

Start

SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://start.mysearc...ults.php?f=4&q={searchTerms}&a=dsites&cd=2XzuyEtN2Y1L1QzuyCyE0DyE0D0AyCzz0FyCyCyEzzyC0DyEtN0D0Tzu0SyCzzzytN1L2XzutBtFtBtFtCtAtFtCtAtAzztN1L1CzutCtD1B1P1R&cr=399702877&ir=

CHR HKLM\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\Sean\AppData\Local\mysearchdial-speeddial.crx

End

 

 

 

*****************

 

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8} => Key deleted successfully.

HKCR\CLSID\{77AA745B-F4F8-45DA-9B14-61D2D95054C8} => Key not found.

HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff => Key deleted successfully.

"C:\Users\Sean\AppData\Local\mysearchdial-speeddial.crx" => File/Directory not found.

 

==== End of Fixlog ====

 

 

 


 


Malwarebytes Anti-Malware (Trial) 1.75.0.1300

www.malwarebytes.org

 

Database version: v2013.11.24.09

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16686

Sean :: LAPPY [administrator]

 

Protection: Enabled

 

11/24/2013 10:16:21 PM

mbam-log-2013-11-24 (22-16-21).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 211638

Time elapsed: 4 minute(s), 22 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 1

HKCU\SOFTWARE\ScorpionSaver (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)

 

Link to post
Share on other sites

Kevin, 

Here is the zoek log. Thank you! 
Sean 

 

 
Zoek.exe Version 4.0.0.5 Updated 26-October-2013
Tool run by Sean on Mon 11/25/2013 at  0:49:55.83.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode No Internet Access Detected
Launched: F:\Seandonis\zoek\zoek.exe [script inserted] 
 
==== Older Logs ======================
 
C:\zoek-results2013-11-22-102405.log 65154 bytes
 
==== Deleting CLSID Registry Keys ======================
 
 
==== Deleting CLSID Registry Values ======================
 
 
==== Running Processes ======================
 
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\MagicDisc\MagicDisc.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Users\Sean\AppData\Local\Google\Update\1.3.21.165\GoogleCrashHandler.exe
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\ATH.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
F:\Seandonis\zoek\zoek.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\SysWOW64\cmd.exe
 
==== Deleting Services ======================
 
 
==== System Specs ======================
 
Operating System: Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 64-bit
Manufacturer: Dell Inc. - Model: Inspiron N5110
Install Date: 7/6/2012 2:11:25 AM
Last Boot: 11/24/2013 2:48:14 PM
Processor: Intel® Core i5-2450M CPU @ 2.50GHz
Number of Processors: 4
Work Station
Bootmode: Normal boot
Total RAM: 6050 MB (free 3624 MB - 59)
Computername: LAPPY
Domain: WORKGROUP
User: Sean (Administrator account)
Local Disk:        C:\ - NTFS - 679 GB (free 498 GB)
CD \ DVD Drive:    D:\ 
CD \ DVD Drive:    E:\ 
Removable Disk:    F:\ - FAT32 - 7 GB (free 6 GB)
Bootdevice: \Device\HarddiskVolume2
Windows update: 
Country: United States 
Language: ENU 
 
==== System Specs (Software) ======================
 
Anti-Virus: Microsoft Security Essentials On-access scanning disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Anti-Spyware: Microsoft Security Essentials disabled (Outdated)
Internet Explorer Version: 10.0.9200.16686 
Google Chrome version: 31.0.1650.57
Adobe Reader version: 10.0.0.396
 
==== Files Recently Created / Modified ======================
 
====== C:\windows ====
2013-11-19 12:27:19 F042EE4C8D66248D9B86DCF52ABAE416 256000 ----a-w- C:\windows\PEV.exe
2013-11-19 12:27:19 9E05A9C264C8A908A8E79450FCBFF047 80412 ----a-w- C:\windows\grep.exe
2013-11-19 12:27:19 5E832F4FAF5F481F2EAF3B3A48F603B8 68096 ----a-w- C:\windows\zip.exe
2013-11-19 12:27:19 0297C72529807322B152F517FDB0A9FC 406528 ----a-w- C:\windows\SWSC.exe
2013-11-19 12:27:19 0277C027A26428DB64EF4F64F52BB4FD 208896 ----a-w- C:\windows\MBR.exe
====== C:\Users\Sean\AppData\Local\Temp ====
2013-11-23 17:26:37 A210F1AC135E5331C314CE5F394FB5A5 413276 ----a-w- C:\Users\Sean\AppData\Local\Temp\be29e7f1-71ae-4703-50cb-1d52be512f51\twapi-be29e7f1-71ae-4703-50cb-1d52be512f51.dll
2013-11-14 14:22:02 D6FEBE3BD93282B3ACD241EF1C0C8DD3 12828432 ----a-w- C:\windows\serviceprofiles\networkservice\AppData\Local\Temp\mpam-5df425c9.exe
====== Java Cache =====
====== C:\windows\SysWOW64 =====
====== C:\windows\SysWOW64\drivers =====
2013-11-14 13:59:16 79D51E7F5926E8CE1B3EBECEBAE28CFF 255552 ----a-w- C:\windows\SysWOW64\drivers\mcdbus.sys
====== C:\windows\Sysnative =====
====== C:\windows\Sysnative\drivers =====
2013-11-17 19:55:35 0BB97D43299910CBFBA59C461B99B910 25928 ----a-w- C:\windows\Sysnative\drivers\mbam.sys
2013-11-17 18:02:01 F74EB3464F1D51B70BB4A6F4A509B5FC 880 ----a-w- C:\windows\Sysnative\drivers\kgpcpy.cfg
2013-11-14 13:59:16 79D51E7F5926E8CE1B3EBECEBAE28CFF 255552 ----a-w- C:\windows\Sysnative\drivers\mcdbus.sys
====== C:\windows\Tasks ======
2013-11-22 10:10:04 94BB20C0039F2D832430D60369A5C50E 3108 ----a-w- C:\windows\Sysnative\Tasks\{5BE4FE81-28B7-4099-9BCD-3F9C422805B7}
2013-11-22 10:10:03 82BAADB543529D723F940CD9187ED050 3096 ----a-w- C:\windows\Sysnative\Tasks\{FBB3776E-4357-4149-8E30-1DF18647A013}
2013-11-19 10:29:43 60E4B0C5569FD7511BA684A8F5C34FCE 3122 ----a-w- C:\windows\Sysnative\Tasks\{C04D534E-97EE-4D3B-B2C8-3C0682B8D9ED}
2013-11-02 09:10:24 CEF3B553ED80509FB52D83A6416F0768 3406 ----a-w- C:\windows\Sysnative\Tasks\{10315053-E0B0-4A40-B922-89999C0B63DD}
====== C:\windows\Temp ======
======= C:\Program Files =====
2013-11-19 19:28:18 -------- d-----w- C:\Program Files\DivX
2013-11-17 13:20:31 -------- d-----w- C:\Program Files\Enigma Software Group
======= C:\PROGRA~2 =====
2013-11-19 19:28:13 -------- d-----w- C:\PROGRA~2\COMMON~1\DivX Shared
2013-11-19 19:26:30 -------- d-----w- C:\PROGRA~2\DivX
2013-11-19 19:26:15 -------- d-----w- C:\PROGRA~2\DSP-worx
2013-11-17 13:19:24 -------- d-----w- C:\PROGRA~2\COMMON~1\Wise Installation Wizard
2013-11-15 23:16:19 -------- d-----w- C:\PROGRA~2\Notificatoin
2013-11-14 14:55:49 -------- d-----w- C:\PROGRA~2\Rosetta Stone
2013-11-14 13:59:15 -------- d-----w- C:\PROGRA~2\MagicDisc
2013-11-03 12:34:21 -------- d-----w- C:\PROGRA~2\COMMON~1\Skype
2013-11-03 12:34:20 -------- d-----r- C:\PROGRA~2\Skype
2013-11-02 00:35:30 -------- d-----w- C:\PROGRA~2\FLV Player
2013-11-01 22:42:00 -------- d-----w- C:\PROGRA~2\Feed2All
2013-10-29 21:50:59 -------- d-----w- C:\PROGRA~2\VideoLAN
======= C: =====
2013-11-17 13:21:03 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\autoexec.bat
====== C:\Users\Sean\AppData\Roaming ======
2013-11-22 10:22:24 -------- d-----w- C:\Users\Sean\AppData\Local\Temp
2013-11-20 21:03:50 -------- d-----w- C:\Users\Sean\AppData\Local\CrashDumps
2013-11-19 19:28:26 -------- d-----w- C:\Users\Sean\AppData\Roaming\DivX
2013-11-19 19:26:17 -------- d-----w- C:\Users\Sean\AppData\Roaming\LavFilters
2013-11-19 19:26:17 -------- d-----w- C:\Users\Sean\AppData\Roaming\CDXReader
2013-11-19 13:00:54 -------- d-----w- C:\Users\Public\AppData\Local\temp
2013-11-19 13:00:54 -------- d-----w- C:\Users\Default\AppData\Local\temp
2013-11-19 13:00:54 -------- d-----w- C:\Users\Default User\AppData\Local\temp
2013-11-17 17:52:37 E63DAE89CAA83A1C5180CD522CC60550 7597 ----a-w- C:\Users\Sean\AppData\Local\Resmon.ResmonCfg
2013-11-15 23:02:59 -------- d-----w- C:\windows\sysWoW64\config\systemprofile\AppData\Roaming\DAEMON Tools Ultra
2013-11-15 23:02:45 -------- d-----w- C:\Users\Sean\AppData\Roaming\DAEMON Tools Ultra
2013-11-14 14:27:58 -------- d-----w- C:\Users\Sean\AppData\Roaming\dvdcss
2013-11-14 13:59:54 -------- d-----w- C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MagicDisc
2013-11-02 14:16:42 -------- d-----w- C:\Users\Sean\AppData\Locallow\Unitech LLC
2013-11-02 08:47:09 8C6D32433007026AACC0DFFF4290A7CE 103000 ----a-w- C:\windows\SysNative\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-02 00:35:17 -------- d-----w- C:\Users\Sean\AppData\Roaming\AffiliatedUpdate
2013-11-01 22:42:00 -------- d-----w- C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Feed2All
2013-10-29 21:55:17 -------- d-----w- C:\Users\Sean\AppData\Roaming\vlc
2013-10-29 21:17:41 -------- d-----w- C:\Users\Sean\AppData\Roaming\HandBrake
====== C:\Users\Sean ======
2013-11-24 21:13:51 E63621565FF693789CEF0EBF42B2BCC9 1958440 ----a-w- C:\Users\Sean\Desktop\FRST64.exe
2013-11-20 21:25:12 4ADCFEE16EE9978F06157634669D36FB 602112 ----a-w- C:\Users\Sean\Downloads\OTL (3).exe
2013-11-20 21:22:41 4ADCFEE16EE9978F06157634669D36FB 602112 ----a-w- C:\Users\Sean\Downloads\OTL (2).exe
2013-11-20 21:13:26 4ADCFEE16EE9978F06157634669D36FB 602112 ----a-w- C:\Users\Sean\Downloads\OTL (1).exe
2013-11-20 15:12:05 4ADCFEE16EE9978F06157634669D36FB 602112 ----a-w- C:\Users\Sean\Downloads\OTL.exe
2013-11-19 19:29:21 8B968045D75783A09592C3105F2865DA 688992 ------r- C:\Users\Sean\Downloads\dds.com
2013-11-19 19:26:15 -------- d-----w- C:\ProgramData\DivX
2013-11-19 15:34:51 9812917FE2FCDEA2FD800573D7842E5D 1085542 ----a-w- C:\Users\Sean\Downloads\AdwCleaner.exe
2013-11-19 13:00:54 -------- d-----w- C:\Users\Public\AppData
2013-11-19 10:32:01 150783407B4934EA4039F6C72EED5E51 3679744 ----a-w- C:\Users\Sean\Downloads\RogueKiller.exe
2013-11-19 10:27:28 F57BA27E40729955300DEE872646BDEB 1898232 ----a-w- C:\Users\Sean\Downloads\rkill (1).exe
2013-11-19 10:15:41 F57BA27E40729955300DEE872646BDEB 1898232 ----a-w- C:\Users\Sean\Downloads\rkill.exe
2013-11-17 19:54:39 683FDD3D773C58B262DC07CD0C6CE938 10285040 ----a-w- C:\Users\Sean\Downloads\mbam-setup-1.75.0.1300.exe
2013-11-17 17:18:35 8F41B14286A6667D7713E9D6B33A1EA2 707664 ----a-w- C:\Users\Sean\Downloads\SZSetup_AID10121_AV.exe
2013-11-17 15:25:18 9BEA4F6FFC292EE8647BAFC8B4CCFC4D 728960 ----a-w- C:\Users\Sean\Downloads\SpyHunter-Installer (2).exe
2013-11-17 15:21:09 9BEA4F6FFC292EE8647BAFC8B4CCFC4D 728960 ----a-w- C:\Users\Sean\Downloads\SpyHunter-Installer (1).exe
2013-11-17 13:17:29 29702C25639B549AC5221E546545D56B 728960 ----a-w- C:\Users\Sean\Downloads\SpyHunter-Installer.exe
2013-11-15 23:02:15 -------- d-----w- C:\ProgramData\DAEMON Tools Ultra
2013-11-14 14:55:55 -------- d-----w- C:\ProgramData\Rosetta Stone
2013-11-14 13:59:54 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicDisc
2013-11-14 13:58:55 22EAB34E639CF9596F62CA063486CAEF 1352435 ----a-w- C:\Users\Sean\Downloads\setup_magicdisc.exe
2013-11-14 13:54:21 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicISO
2013-11-14 13:53:48 B7830B3C60188D26E0AAD2BFD65ABC28 3067400 ----a-w- C:\Users\Sean\Downloads\Setup_MagicISO.exe
2013-11-11 16:20:07 -------- d-----w- C:\ProgramData\Creative
2013-11-03 12:34:21 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2013-10-29 21:52:07 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
 
====== C: exe-files ==
2013-11-24 21:13:51 E63621565FF693789CEF0EBF42B2BCC9 1958440 ----a-w- C:\Users\Sean\Desktop\FRST64.exe
2013-11-23 17:22:03 2B72AC6656600F3F8F5A65700DC3F384 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-2959331061-3114946027-3341037765-1000\$IWQZOT8.exe
2013-11-20 21:25:12 4ADCFEE16EE9978F06157634669D36FB 602112 ----a-w- C:\Users\Sean\Downloads\OTL (3).exe
2013-11-20 21:22:41 4ADCFEE16EE9978F06157634669D36FB 602112 ----a-w- C:\Users\Sean\Downloads\OTL (2).exe
2013-11-20 21:13:26 4ADCFEE16EE9978F06157634669D36FB 602112 ----a-w- C:\Users\Sean\Downloads\OTL (1).exe
2013-11-20 15:12:05 4ADCFEE16EE9978F06157634669D36FB 602112 ----a-w- C:\Users\Sean\Downloads\OTL.exe
2013-11-19 19:29:05 145945C46A622D57DD59B12EA4957F69 932704 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-2959331061-3114946027-3341037765-1000\$RWQZOT8.exe
2013-11-19 19:27:35 8C7FB9078A63B7E5E899E7A2DBB0DB53 1114624 ----a-w- C:\_OTL\MovedFiles\11202013_221752\C_Users\Sean\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z\Codec Pack Packages\uninstaller.exe
2013-11-19 19:27:24 E9380D6272F0D69DC0390581CB846DA2 241725 ----a-w- C:\_OTL\MovedFiles\11202013_221752\C_Program Files (x86)\BuzzSearch\BuzzSearchUninstall.exe
2013-11-19 19:25:42 D16AAB9D4EE36514436DD693C5BB390C 379096 ----a-w- C:\_OTL\MovedFiles\11202013_221752\C_Program Files (x86)\Mysearchdial\1.8.21.0\mysearchdialsrv.exe
2013-11-19 19:25:42 C49A588C476A6FAA2FA5E98EE8A5F533 305152 ----a-w- C:\_OTL\MovedFiles\11202013_221752\C_Program Files (x86)\Mysearchdial\1.8.21.0\uninstall.exe
2013-11-19 15:34:51 9812917FE2FCDEA2FD800573D7842E5D 1085542 ----a-w- C:\Users\Sean\Downloads\AdwCleaner.exe
2013-11-19 12:27:19 F042EE4C8D66248D9B86DCF52ABAE416 256000 ----a-w- C:\Windows\PEV.exe
2013-11-19 12:27:19 9E05A9C264C8A908A8E79450FCBFF047 80412 ----a-w- C:\Windows\grep.exe
2013-11-19 12:27:19 5E832F4FAF5F481F2EAF3B3A48F603B8 68096 ----a-w- C:\Windows\zip.exe
2013-11-19 12:27:19 0297C72529807322B152F517FDB0A9FC 406528 ----a-w- C:\Windows\SWSC.exe
2013-11-19 12:27:19 0277C027A26428DB64EF4F64F52BB4FD 208896 ----a-w- C:\Windows\MBR.exe
2013-11-19 10:32:01 150783407B4934EA4039F6C72EED5E51 3679744 ----a-w- C:\Users\Sean\Downloads\RogueKiller.exe
2013-11-19 10:27:28 F57BA27E40729955300DEE872646BDEB 1898232 ----a-w- C:\Users\Sean\Downloads\rkill (1).exe
2013-11-19 10:15:41 F57BA27E40729955300DEE872646BDEB 1898232 ----a-w- C:\Users\Sean\Downloads\rkill.exe
=== C: other files ==
2013-11-23 17:12:08 C581E60E67B83FC640741DF7197EAD86 3007700 ----a-w- C:\Users\Sean\Downloads\revouninstaller.zip
2013-11-19 19:29:21 8B968045D75783A09592C3105F2865DA 688992 ------r- C:\Users\Sean\Downloads\dds.com
2013-11-19 19:26:17 A68D2841F69D19C8B5E73DF72B090482 42 ----a-w- C:\Users\Sean\AppData\Roaming\LavFilters\install_audio.bat
2013-11-19 19:26:17 837B6A02B10F2AEA2F9995CBC8BA9D69 42 ----a-w- C:\Users\Sean\AppData\Roaming\LavFilters\install_video.bat
2013-11-19 19:26:17 812239ED42BE242DFA021C54AAA2FBE3 42 ----a-w- C:\Users\Sean\AppData\Roaming\LavFilters\uninstall_video.bat
2013-11-19 19:26:17 3B8D9245C90B82535C218EFD563E1851 42 ----a-w- C:\Users\Sean\AppData\Roaming\LavFilters\uninstall_audio.bat
2013-11-19 19:26:17 188026412D1AC9AD4C9B132791D87E48 45 ----a-w- C:\Users\Sean\AppData\Roaming\LavFilters\uninstall_splitter.bat
2013-11-19 19:26:17 179F7AA6CFEED6A865ABD9926552A82E 45 ----a-w- C:\Users\Sean\AppData\Roaming\LavFilters\install_splitter.bat
2013-11-19 19:25:45 F388FF1EE7F5C0E471EFB4249CF3732C 351124 ----a-w- C:\_OTL\MovedFiles\11202013_221752\C_Users\Sean\AppData\Local\mysearchdial-speeddial.crx
2013-11-19 10:27:04 AE4601865620541033E9F70FAB11AC51 513320 ----a-w- C:\Users\Sean\Desktop\erunt.zip
2013-11-19 10:23:44 AE4601865620541033E9F70FAB11AC51 513320 ----a-w- C:\Users\Sean\Downloads\erunt.zip
 
==== Startup Registry Enabled ======================
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dell Webcam Central"="C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe /mode2"
"IAStorIcon"="C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe"
"Dell Registration"="C:\Program Files (x86)\System Registration\prodreg.exe /boot"
"RoxWatchTray"="c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
"Desktop Disc Tool"="c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
"Dell DataSafe Online"="C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe"
"Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime"
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"DivXMediaServer"="C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe"
"AccuWeatherWidget"=""C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup"
 
==== Startup Registry Enabled x64 ======================
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"Apoint"="C:\Program Files\DellTPad\Apoint.exe"
"IntelTBRunOnce"="wscript.exe //b //nologo C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
"IntelPAN"="C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe /tf Intel PAN Tray"
"BTMTrayAgent"="rundll32.exe C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll,TrayApp"
"MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey"
"MacDrive 9 application"="C:\Program Files\Mediafour\MacDrive 9\MacDrive.exe"
"SysTrayApp"="C:\Program Files\IDT\WDM\sttray64.exe"
"DellStage"=""C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup"
 
==== Startup Folders ======================
 
2013-11-14 13:59:54 995 ----a-w- C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
 
==== Task Scheduler Jobs ======================
 
C:\windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [04/13/2012 07:34 PM]
C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2959331061-3114946027-3341037765-1000Core.job --a------ [undetermined Task]
C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2959331061-3114946027-3341037765-1000UA.job --a------ C:;C:\Users\Sean\AppData\Local\Google\Update\GoogleUpdate.exe []
 
==== Other Scheduled Tasks ======================
 
"C:\windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-2959331061-3114946027-3341037765-1000Core" [C:\Users\Sean\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-2959331061-3114946027-3341037765-1000UA" [C:\Users\Sean\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\windows\SysNative\tasks\PCDEventLauncherTask" ["C:\Program Files\My Dell\sessionchecker.exe"]
"C:\windows\SysNative\tasks\PCDoctorBackgroundMonitorTask" ["C:\Program Files\My Dell\uaclauncher.exe"]
"C:\windows\SysNative\tasks\SystemToolsDailyTest" ["uaclauncher.exe"]
"C:\windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]
"C:\windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]
 
==== Chrome Look ======================
 
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
hmhfbmpdiffkamakhdbcgojfnbnlcenm - C:\ProgramData\Microsoft\Windows\DRM\Server\notificatoin_1.0.0.crx[10/28/2013 03:01 PM]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx[10/09/2013 10:59 AM]
 
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
hmhfbmpdiffkamakhdbcgojfnbnlcenm - C:\ProgramData\Microsoft\Windows\DRM\Server\notificatoin_1.0.0.crx[10/28/2013 03:01 PM]
 
Docs - Sean - Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Sean - Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Sean - Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Sean - Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Wallet - Sean - Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Sean - Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
 
==== Set IE to Default ======================
 
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
 
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
 
==== All HKCU SearchScopes ======================
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
{77AA745B-F4F8-45DA-9B14-61D2D95054C8} Unknown  Url="Not_Found"
 
==== Deleting CLSID Registry Keys ======================
 
HKEY_USERS\S-1-5-21-2959331061-3114946027-3341037765-1000\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8} deleted successfully
 
==== Deleting CLSID Registry Values ======================
 
 
==== HijackThis Entries ======================
 
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe /boot
O4 - HKLM\..\Run: [RoxWatchTray] "c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
O4 - HKLM\..\Run: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
O4 - HKLM\..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service (AMPPALR3) - Intel Corporation - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bluetooth Device Monitor - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
O23 - Service: Bluetooth Media Service - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
O23 - Service: Bluetooth OBEX Service - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service (BTHSSecurityMgr) - Intel® Corporation - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
O23 - Service: Intel® PROSet/Wireless WiMAX Red Bend Device Management Service (DMAgent) - Red Bend Ltd. - C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: MacDrive 9 service (MacDrive9Service) - Mediafour Corporation - C:\Program Files\Mediafour\MacDrive 9\MacDrive9Service.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Dell DataSafe Online (NOBU) - Dell, Inc. - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: RoxMediaDB12OEM - Sonic Solutions - c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions - c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Intel® Turbo Boost Technology Monitor 2.0 (TurboBoost) - Intel® Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: Intel® PROSet/Wireless WiMAX Service (WiMAXAppSrv) - Intel® Corporation - C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
 
==== Empty IE Cache ======================
 
C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Sean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
 
==== Empty FireFox Cache ======================
 
No FireFox Profiles found
 
==== Empty Chrome Cache ======================
 
C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
 
==== Empty All Flash Cache ======================
 
Flash Cache Emptied Successfully
 
==== Empty All Java Cache ======================
 
Java Cache cleared successfully
 
==== After Reboot ======================
 
==== Empty Temp Folders ======================
 
C:\windows\Temp successfully emptied
C:\Users\Sean\AppData\Local\Temp successfully emptied
 
==== Empty Recycle Bin ======================
 
C:\$RECYCLE.BIN successfully emptied
 
==== EOF on Mon 11/25/2013 at  1:07:28.51 ======================
Link to post
Share on other sites

Hi Kevin,

I am still experiencing the same problem. Chrome will not allow me access to any website that requires password entry. Tumblr, Facebook, Gmail are all disabled, and my Chrome says “looking for secure connection” then “unable to establish secure connection” followed by, ultimately, “SSL ERROR.” Should I maybe uninstall then re-install chrome? Everything on my computer is working fine—no Scorpion Saver or weird programs are in my programs list. The only problem is this SSL certificate on my web browser. Thank you again for your continued efforts. Any ideas where to go from here?

Sean

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.