Jump to content

Recommended Posts

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-08-2014
Ran by Josh (administrator) on MININT-1AQNII0 on 12-08-2014 23:10:18
Running from C:\Users\Josh\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Safe Mode (with Networking)

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware.premium\mbam.exe
(Microsoft Corporation) C:\Windows\hh.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [609144 2011-04-12] (Alps Electric Co., Ltd.)
HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-04-18] (IDT, Inc.)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3668336 2011-02-10] (Dell Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [brStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-19\...\Run: [sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-3549984760-4111436229-1632221161-1004\...\Run: [uniPrint Client Init] => C:\Users\Josh\AppData\Roaming\UniPrint Suite\Client\UPCInit.exe [203624 2011-11-28] (UniPrint)
HKU\S-1-5-21-3549984760-4111436229-1632221161-1004\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-07-20] (Google Inc.)
HKU\S-1-5-21-3549984760-4111436229-1632221161-1004\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [1967616 2014-04-17] (AMD)
HKU\S-1-5-21-3549984760-4111436229-1632221161-1004\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-3549984760-4111436229-1632221161-1004\...\MountPoints2: {773235c1-e62b-11e3-b24a-e4d53d5ea98c} - F:\LaunchU3.exe -a
HKU\S-1-5-21-3549984760-4111436229-1632221161-1004\...\MountPoints2: {ecb00756-ed24-11e2-a9c2-e4d53d5ea98c} - "G:\WD Drive Unlock.exe" autoplay=true
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Josh\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Josh\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Josh\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Josh\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Josh\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Josh\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Josh\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO-x32: No Name -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} ->  No File
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM {CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA} http://javadl-esd.sun.com/update/1.6.0/jinstall-6u21-windows-i586.cab
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\kckk8v11.default
FF Homepage: yahoo.com
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\Josh\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF user.js: detected! => C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\kckk8v11.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\kckk8v11.default\searchplugins\safesearch.xml
FF Extension: WebSlingPlayer - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\kckk8v11.default\Extensions\{9EB34849-81D3-4841-939D-666D522B889A} [2013-06-30]
FF Extension: Fancy - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\kckk8v11.default\Extensions\fancy.firefox@thingd.com.xpi [2013-02-06]
FF Extension: QuickResponse - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\kckk8v11.default\Extensions\QuickResponse@dougt.org.xpi [2012-11-29]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-06-17]

Chrome:
=======
CHR HomePage: hxxp://www.holasearch.com/?affID=121962&babsrc=HP_ss&mntrId=2C6F86D53D5EA98B
CHR RestoreOnStartup: "hxxp://www.holasearch.com/?affID=121962&babsrc=HP_ss&mntrId=2C6F86D53D5EA98B"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll No File
CHR Plugin: (Skype Click to Call) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.5.0.11422_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Norton Identity Safe) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.2.1.36_0\npcoplgn.dll (Symantec Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java Platform SE 7 U11) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Extension: (Logitech SetPoint) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd [2013-06-28]
CHR Extension: (SearchGBY) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmijdhkcgeclpfjmibnginbbkfcbpep [2013-04-16]
CHR Extension: (Skype Click to Call) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-08-24]
CHR Extension: (Norton Identity Protection) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2012-07-30]
CHR HKCU\...\Chrome\Extension: [cgpimkfhjdaobobdomcikioipaenlhke] - C:\Users\Josh\AppData\Local\CRE\cgpimkfhjdaobobdomcikioipaenlhke.crx [2013-04-13]
CHR HKLM-x32\...\Chrome\Extension: [cgpimkfhjdaobobdomcikioipaenlhke] - C:\Users\Josh\AppData\Local\CRE\cgpimkfhjdaobobdomcikioipaenlhke.crx [2013-04-13]
CHR HKLM-x32\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx [2013-06-17]
CHR HKLM-x32\...\Chrome\Extension: [icmijdhkcgeclpfjmibnginbbkfcbpep] - C:\Program Files (x86)\SearchGBY\Extensions\Chrome\searchgby.chrome.crx [2013-04-16]
CHR HKLM-x32\...\Chrome\Extension: [mhfnfmkdkiiginjadpmmhehjjccjghjp] - C:\ProgramData\Bcool\mhfnfmkdkiiginjadpmmhehjjccjghjp.crx [2013-04-16]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-17] (Advanced Micro Devices, Inc.) [File not signed]
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware.premium\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware.premium\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [52320 2012-11-29] (http://libusb-win32.sourceforge.net)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
S3 motmodem; system32\DRIVERS\motmodem.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-12 19:54 - 2014-03-09 14:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-12 19:54 - 2014-03-09 14:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-12 19:54 - 2014-03-09 14:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-12 19:54 - 2014-03-09 14:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-12 19:53 - 2014-06-30 15:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-12 19:53 - 2014-06-30 15:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-12 19:53 - 2014-06-05 23:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-12 19:53 - 2014-06-05 23:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-12 19:51 - 2014-08-12 19:51 - 00001144 _____ () C:\Users\Josh\Documents\cc_20140812_195116.reg
2014-08-12 18:37 - 2014-08-12 18:37 - 00003724 _____ () C:\Users\Josh\Documents\startup.txt
2014-08-12 18:34 - 2014-08-12 18:34 - 00134600 _____ () C:\Users\Josh\Documents\cc_20140812_183448.reg
2014-08-12 15:25 - 2014-08-06 19:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-12 15:25 - 2014-08-06 19:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-12 14:37 - 2014-08-12 22:38 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-12 14:32 - 2014-08-12 22:10 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-12 14:32 - 2014-08-12 14:32 - 00001172 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-12 14:32 - 2014-08-12 14:32 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware.premium
2014-08-12 14:32 - 2014-05-12 08:19 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-12 14:32 - 2014-05-12 08:19 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-12 14:31 - 2014-08-12 14:31 - 17291904 _____ (Malwarebytes Corporation ) C:\Users\Josh\Desktop\mbam_premium.exe
2014-08-12 14:19 - 2014-08-12 14:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-12 14:19 - 2014-08-12 14:31 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware.2
2014-08-12 14:18 - 2014-08-12 14:18 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Josh\Desktop\mbam-setup-2.0.2.1012.1.exe
2014-08-12 13:23 - 2014-08-12 14:16 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware.1
2014-08-12 13:22 - 2014-08-12 13:22 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Josh\Desktop\mbam-setup-2.0.2.1012.exe
2014-08-12 12:47 - 2014-08-12 12:47 - 00000000 ____D () C:\Windows\System32\Tasks\Norton 360
2014-08-12 12:27 - 2014-08-12 23:06 - 00041446 _____ () C:\Users\Josh\Desktop\Shortcut.txt
2014-08-12 12:03 - 2014-08-12 23:06 - 00036046 _____ () C:\Users\Josh\Desktop\Addition.txt
2014-08-12 12:02 - 2014-08-12 23:10 - 00018415 _____ () C:\Users\Josh\Desktop\FRST.txt
2014-08-12 12:02 - 2014-08-12 23:10 - 00000000 ____D () C:\FRST
2014-08-12 12:02 - 2014-08-12 22:23 - 02100224 _____ (Farbar) C:\Users\Josh\Desktop\FRST64.exe
2014-08-12 11:49 - 2014-08-12 11:49 - 00000000 ____D () C:\NPE
2014-08-12 11:47 - 2014-08-12 12:00 - 00000000 ____D () C:\Users\Josh\AppData\Local\NPE
2014-08-12 08:48 - 2014-08-12 08:49 - 00000000 ____D () C:\Users\Josh\AppData\Local\{297E61C2-ED84-40FF-986E-161D278FE61F}
2014-08-11 18:44 - 2014-08-11 18:44 - 00000000 _____ () C:\Windows\SysWOW64\shoED56.tmp
2014-08-11 13:46 - 2014-08-11 13:46 - 00004028 _____ () C:\Users\Josh\Documents\cc_20140811_134559.reg
2014-08-11 12:47 - 2014-08-11 12:47 - 00003134 _____ () C:\Windows\System32\Tasks\{484FAE28-6F2A-4532-9143-3EDCAD8978AC}
2014-08-11 10:53 - 2014-08-11 10:54 - 00000000 ____D () C:\Users\Josh\AppData\Local\{C6D06883-ED4E-43D6-8DEA-112DEF2CA46F}
2014-08-10 17:29 - 2014-08-10 17:29 - 00002410 _____ () C:\Users\Josh\Documents\2.wlmp
2014-08-10 16:55 - 2014-08-10 16:55 - 00002255 _____ () C:\Users\Josh\Documents\My Movie.wlmp
2014-08-10 16:41 - 2014-08-10 16:41 - 00000000 ____D () C:\Users\Josh\AppData\Local\{8B5B8C6D-FB5F-4ED9-BEB8-09F546B296E4}
2014-08-10 13:56 - 2014-08-10 13:56 - 00014398 _____ () C:\Users\Josh\Documents\cc_20140810_135608.reg
2014-08-10 13:18 - 2014-08-12 15:15 - 00070144 _____ () C:\Windows\SysWOW64\tasks.dll
2014-08-10 03:30 - 2014-08-10 03:31 - 00890744 _____ (AMD) C:\Users\Josh\Downloads\amddriverdownloader(1).exe
2014-08-09 21:55 - 2014-08-12 15:06 - 00000439 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-08-09 18:43 - 2014-08-09 18:43 - 00000000 ____D () C:\Users\Josh\AppData\Local\Skype
2014-08-09 18:39 - 2014-08-09 18:39 - 35595360 _____ (Skype Technologies S.A.) C:\Users\Josh\Downloads\SkypeSetupFull.exe
2014-08-09 18:39 - 2014-08-09 18:39 - 00003146 _____ () C:\Windows\System32\Tasks\{022C34B4-A31F-4274-AE54-7B83C738199E}
2014-08-09 18:38 - 2014-08-09 18:40 - 00362029 _____ () C:\Users\Josh\Downloads\sqlite3.dll
2014-08-09 18:36 - 2014-08-09 18:36 - 01677928 _____ (Skype Technologies S.A.) C:\Users\Josh\Downloads\SkypeSetup(1).exe
2014-08-09 18:09 - 2014-08-09 18:13 - 00000000 ____D () C:\Users\Josh\Tracing
2014-08-09 18:09 - 2014-08-09 18:10 - 00000000 ____D () C:\Users\Josh\AppData\Local\{F617CA72-4353-45F8-9B31-F42872581F18}
2014-08-09 17:45 - 2014-08-09 17:45 - 00000000 ____D () C:\Windows\en
2014-08-09 17:40 - 2014-08-09 17:40 - 00001311 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
2014-08-09 17:38 - 2014-08-09 17:39 - 00001380 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
2014-08-09 17:08 - 2014-08-09 17:08 - 00000345 _____ () C:\Windows\DirectX.log
2014-08-09 17:07 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2014-08-09 17:07 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2014-08-09 17:05 - 2014-08-11 10:58 - 00000000 ____D () C:\Users\Josh\AppData\Local\Windows Live
2014-08-09 17:00 - 2014-08-09 17:01 - 31037288 _____ (Microsoft Corporation) C:\Users\Josh\Downloads\wlsetup-idcrl.exe
2014-08-09 16:31 - 2014-08-09 16:31 - 00001723 _____ () C:\Users\Josh\Downloads\HdmiCec.py
2014-08-09 16:11 - 2014-08-09 16:11 - 00000000 ____D () C:\Users\Josh\Sync
2014-08-09 16:09 - 2014-08-11 12:44 - 00000000 ____D () C:\Users\Josh\AppData\Roaming\BitTorrent Sync
2014-08-09 16:07 - 2014-08-09 16:08 - 03025512 _____ (BitTorrent, Inc.) C:\Users\Josh\Downloads\BTSync.exe
2014-08-09 13:51 - 2014-08-11 12:47 - 00000000 ____D () C:\Users\Josh\AppData\Roaming\uTorrent
2014-08-09 13:50 - 2014-08-09 13:50 - 01936720 _____ (BitTorrent Inc.) C:\Users\Josh\Downloads\uTorrent.exe
2014-08-09 13:18 - 2014-08-09 13:18 - 00003266 _____ () C:\Windows\System32\Tasks\GPUP
2014-08-09 13:18 - 2014-08-09 13:18 - 00000000 ____D () C:\Users\Josh\AppData\Roaming\GetPrivate
2014-08-09 13:18 - 2014-08-09 13:18 - 00000000 ____D () C:\Program Files (x86)\GetPrivate
2014-08-09 11:33 - 2014-08-09 11:33 - 27239623 _____ () C:\Users\Josh\Downloads\torbrowser-install-3.6.3_en-US.exe
2014-08-09 10:52 - 2014-08-09 10:52 - 00000000 _____ () C:\Windows\SysWOW64\shoB388.tmp
2014-08-09 10:39 - 2014-08-12 18:03 - 00007099 _____ () C:\Windows\LDPINST.LOG
2014-08-09 10:30 - 2014-08-09 10:31 - 74637872 _____ (Logitech, Inc.) C:\Users\Josh\Downloads\lws251.exe
2014-08-09 10:27 - 2014-08-09 10:27 - 00002968 _____ () C:\Windows\System32\Tasks\{660168F9-8F38-47E2-9BF7-4CE3E4784377}
2014-08-09 10:26 - 2014-08-09 10:26 - 00002968 _____ () C:\Windows\System32\Tasks\{88F95346-9CBB-460F-BEEC-D0C81781040F}
2014-08-09 09:34 - 2014-08-09 09:34 - 00002968 _____ () C:\Windows\System32\Tasks\{C5C79E1A-C212-4C76-B908-82700374E04F}
2014-08-09 09:20 - 2014-08-09 09:20 - 00003070 _____ () C:\Windows\System32\Tasks\{B6F5240B-76A0-45AF-AED5-93229C2331F8}
2014-08-09 09:16 - 2014-08-09 09:16 - 00002968 _____ () C:\Windows\System32\Tasks\{7B57F5CC-BB47-436B-8C95-59708EDC024D}
2014-08-09 07:04 - 2014-08-09 07:05 - 00263592 _____ () C:\Windows\msxml4-KB2758694-enu.LOG
2014-08-09 04:04 - 2014-08-09 04:04 - 03441528 _____ (Solvusoft Corporation ) C:\Users\Josh\Downloads\Motorola_MOTOPEBL_U6_Driver_Update_06-2014.exe
2014-08-09 03:59 - 2014-08-09 04:00 - 18430402 _____ () C:\Users\Josh\Downloads\Handset_USB_Driver_32_v2.6.2.0.zip
2014-08-09 03:51 - 2014-08-09 03:51 - 00000000 ____D () C:\ProgramData\Motorola
2014-08-09 03:45 - 2014-08-09 03:45 - 33586888 _____ (Motorola Mobility) C:\Users\Josh\Downloads\MotorolaDeviceManager_2.4.5(1).exe
2014-08-09 03:35 - 2014-08-09 03:35 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_motmodem_01009.Wdf
2014-08-09 03:32 - 2014-08-12 15:08 - 00000000 ____D () C:\Temp
2014-08-09 03:32 - 2014-08-09 03:32 - 00000000 ____D () C:\Users\Josh\AppData\Roaming\Motorola Mobility
2014-08-09 03:31 - 2014-08-09 03:49 - 00000000 ____D () C:\Program Files (x86)\Motorola Mobility
2014-08-09 03:31 - 2014-08-09 03:31 - 00000000 ____D () C:\Program Files (x86)\Motorola
2014-08-09 03:29 - 2014-08-09 03:29 - 00000000 ____D () C:\Program Files\Common Files\Motorola Shared
2014-08-09 03:27 - 2014-08-09 03:27 - 00000000 ____D () C:\Users\Josh\AppData\Roaming\Motorola
2014-08-09 03:23 - 2014-08-09 03:23 - 33586888 _____ (Motorola Mobility) C:\Users\Josh\Downloads\MotorolaDeviceManager_2.4.5.exe
2014-08-08 18:56 - 2014-08-08 18:56 - 00001789 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-08-08 18:56 - 2014-08-08 18:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-08 18:55 - 2014-08-11 02:27 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-08 18:55 - 2014-08-08 18:56 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-08 18:55 - 2014-08-08 18:56 - 00000000 ____D () C:\Program Files\iTunes
2014-08-08 18:55 - 2014-08-08 18:55 - 00000000 ____D () C:\Program Files\iPod
2014-08-07 10:04 - 2014-08-07 10:04 - 00007566 _____ () C:\Users\Josh\Documents\cc_20140807_100442.reg
2014-08-05 14:36 - 2014-08-05 14:35 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-05 14:35 - 2014-08-05 14:35 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-05 14:35 - 2014-08-05 14:35 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-05 14:35 - 2014-08-05 14:35 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-05 14:35 - 2014-08-05 14:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-05 14:34 - 2014-08-05 14:34 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-05 14:20 - 2014-08-05 14:21 - 00918952 _____ (Oracle Corporation) C:\Users\Josh\Downloads\jxpiinstall(7).exe
2014-08-01 17:56 - 2014-08-01 17:56 - 00011642 _____ () C:\Users\Josh\Documents\cc_20140801_175631.reg
2014-07-31 21:52 - 2014-05-14 09:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-07-31 21:52 - 2014-05-14 09:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-07-31 21:52 - 2014-05-14 09:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-07-31 21:52 - 2014-05-14 09:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-07-31 21:51 - 2014-05-14 09:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-07-31 21:51 - 2014-05-14 09:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-07-31 21:51 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-07-31 21:51 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-07-31 21:51 - 2014-05-14 09:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-07-31 21:51 - 2014-05-14 09:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-07-31 21:51 - 2014-05-14 09:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-07-31 21:51 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-07-31 21:51 - 2014-05-14 09:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-07-31 21:51 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-07-31 12:56 - 2014-07-31 13:01 - 00000128 _____ () C:\Windows\Reimage.ini
2014-07-31 12:56 - 2014-07-31 12:56 - 65294248 _____ (Sling Media Inc.) C:\Users\Josh\Downloads\SlingPlayer-2.0.3508-Setup-US.exe
2014-07-31 12:53 - 2014-07-31 12:53 - 00699016 _____ (CNET Download.com) C:\Users\Josh\Downloads\cbsidlm-cbsi213-SlingPlayer-SEO-10573277.exe
2014-07-30 17:36 - 2014-07-30 17:36 - 00007566 _____ () C:\Users\Josh\Documents\cc_20140730_173605.reg
2014-07-30 09:20 - 2014-07-30 09:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-28 09:37 - 2014-07-28 09:37 - 00007566 _____ () C:\Users\Josh\Documents\cc_20140728_093701.reg
2014-07-26 18:29 - 2014-08-12 21:02 - 01607808 _____ () C:\Windows\PFRO.log
2014-07-26 18:29 - 2014-08-12 15:05 - 00003028 _____ () C:\Windows\setupact.log
2014-07-26 18:29 - 2014-07-26 18:29 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-26 18:21 - 2014-07-26 18:21 - 00002976 _____ () C:\Windows\System32\Tasks\{EE28E693-8C67-4EDA-B275-69D27BDBE042}
2014-07-26 13:27 - 2014-07-26 13:27 - 00007968 _____ () C:\Users\Josh\Documents\cc_20140726_132658.reg
2014-07-26 08:10 - 2014-07-26 08:10 - 00000000 ____D () C:\Users\Josh\AppData\Local\Apps\2.0
2014-07-26 08:01 - 2014-07-26 08:01 - 00002976 _____ () C:\Windows\System32\Tasks\{8C18CB92-1B64-4998-B54C-41B4587A134C}
2014-07-25 11:13 - 2014-07-25 11:13 - 00000000 _____ () C:\Windows\SysWOW64\shoEAC8.tmp
2014-07-25 10:54 - 2014-07-25 10:54 - 00003010 _____ () C:\Windows\System32\Tasks\{D76C4729-3C25-4BB7-97D3-FEC8ADA7DE39}
2014-07-25 10:53 - 2014-07-25 10:53 - 00003010 _____ () C:\Windows\System32\Tasks\{06E6648F-F140-42D2-929D-8FAC7FE6DFE6}
2014-07-25 10:39 - 2014-07-25 10:39 - 02253208 _____ (Microsoft Corporation) C:\Users\Josh\Downloads\WcPlugin.exe
2014-07-25 10:29 - 2014-07-25 10:31 - 00000000 ____D () C:\Windows\SysWOW64\Adobe
2014-07-25 09:40 - 2014-07-25 09:41 - 00032758 _____ () C:\Users\Josh\Documents\cc_20140725_094035.reg
2014-07-24 09:45 - 2014-07-24 09:45 - 00007566 _____ () C:\Users\Josh\Documents\cc_20140724_094511.reg
2014-07-24 09:41 - 2014-07-24 09:42 - 04813544 _____ (Piriform Ltd) C:\Users\Josh\Downloads\ccsetup416.exe
2014-07-23 20:05 - 2014-07-23 20:05 - 00007566 _____ () C:\Users\Josh\Documents\cc_20140723_200541.reg
2014-07-22 08:53 - 2014-07-22 08:53 - 00007932 _____ () C:\Users\Josh\Documents\cc_20140722_085309.reg
2014-07-21 14:17 - 2014-07-21 14:17 - 00016250 _____ () C:\Users\Josh\Downloads\GenerateAgreement(7)
2014-07-21 14:15 - 2014-07-21 14:15 - 00016250 _____ () C:\Users\Josh\Downloads\GenerateAgreement(6)
2014-07-21 12:48 - 2014-07-21 12:48 - 00007566 _____ () C:\Users\Josh\Documents\cc_20140721_124817.reg
2014-07-20 22:57 - 2014-07-20 22:57 - 00007566 _____ () C:\Users\Josh\Documents\cc_20140720_225612.reg
2014-07-18 12:40 - 2014-07-18 12:40 - 00007566 _____ () C:\Users\Josh\Documents\cc_20140718_124048.reg
2014-07-17 16:21 - 2014-07-17 16:22 - 00004133 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-17 16:08 - 2014-07-17 16:08 - 00918440 _____ (Oracle Corporation) C:\Users\Josh\Downloads\jxpiinstall(6).exe
2014-07-17 10:15 - 2014-07-17 10:15 - 00003696 _____ () C:\Users\Josh\Documents\cc_20140717_101507.reg
2014-07-17 09:32 - 2014-07-17 09:32 - 00000000 ____D () C:\Users\Josh\AppData\Roaming\ATI
2014-07-17 09:32 - 2014-07-17 09:32 - 00000000 ____D () C:\Users\Josh\AppData\Local\ATI
2014-07-17 09:32 - 2014-07-17 09:32 - 00000000 ____D () C:\Users\Josh\AppData\Local\AMD
2014-07-17 09:32 - 2014-07-17 09:32 - 00000000 ____D () C:\ProgramData\ATI
2014-07-17 09:17 - 2014-07-17 09:17 - 00000000 ____D () C:\Users\Josh\AppData\Roaming\library_dir
2014-07-17 09:16 - 2014-08-12 17:59 - 00000000 ____D () C:\Program Files (x86)\Raptr
2014-07-17 09:16 - 2014-07-17 09:24 - 00000000 ____D () C:\ProgramData\AMD
2014-07-17 09:16 - 2014-07-17 09:16 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-07-17 09:15 - 2014-07-17 09:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2014-07-17 09:15 - 2014-07-17 09:15 - 00000000 ____D () C:\Program Files (x86)\AMD
2014-07-17 09:13 - 2014-07-17 09:15 - 00000000 ____D () C:\Program Files\AMD
2014-07-17 09:09 - 2014-07-17 09:09 - 00000000 ____D () C:\Program Files\Common Files\ATI Technologies
2014-07-17 09:08 - 2014-07-17 09:15 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2014-07-17 09:08 - 2014-07-17 09:08 - 00000000 ____D () C:\ProgramData\Package Cache
2014-07-17 09:07 - 2014-07-17 09:14 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-07-17 09:07 - 2014-07-17 09:07 - 00000000 ____D () C:\Program Files\ATI
2014-07-17 09:05 - 2014-07-17 09:05 - 00000000 ____D () C:\AMD
2014-07-17 08:58 - 2014-07-17 08:58 - 00890744 _____ (AMD) C:\Users\Josh\Downloads\amddriverdownloader.exe
2014-07-17 08:29 - 2014-07-17 08:29 - 01046528 _____ () C:\Users\Josh\Downloads\MicrosoftFixit50848.msi
2014-07-16 23:52 - 2014-07-26 13:22 - 00000000 ____D () C:\Windows\Minidump
2014-07-16 23:15 - 2014-07-16 23:15 - 00003616 _____ () C:\Users\Josh\Documents\cc_20140716_231522.reg
2014-07-16 11:36 - 2014-07-16 11:36 - 00007566 _____ () C:\Users\Josh\Documents\cc_20140716_113606.reg
2014-07-13 11:36 - 2014-07-13 11:37 - 00001546 _____ () C:\Users\Josh\Documents\cc_20140713_113543.reg

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-12 23:10 - 2014-08-12 12:02 - 00018415 _____ () C:\Users\Josh\Desktop\FRST.txt
2014-08-12 23:10 - 2014-08-12 12:02 - 00000000 ____D () C:\FRST
2014-08-12 23:06 - 2014-08-12 12:27 - 00041446 _____ () C:\Users\Josh\Desktop\Shortcut.txt
2014-08-12 23:06 - 2014-08-12 12:03 - 00036046 _____ () C:\Users\Josh\Desktop\Addition.txt
2014-08-12 22:38 - 2014-08-12 14:37 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-12 22:23 - 2014-08-12 12:02 - 02100224 _____ (Farbar) C:\Users\Josh\Desktop\FRST64.exe
2014-08-12 22:10 - 2014-08-12 14:32 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-12 21:10 - 2009-07-13 21:45 - 00322312 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-12 21:08 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-12 21:02 - 2014-07-26 18:29 - 01607808 _____ () C:\Windows\PFRO.log
2014-08-12 20:24 - 2012-03-30 20:02 - 01368670 _____ () C:\Windows\WindowsUpdate.log
2014-08-12 20:20 - 2012-07-20 00:38 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-12 19:53 - 2014-04-23 10:19 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-12 19:51 - 2014-08-12 19:51 - 00001144 _____ () C:\Users\Josh\Documents\cc_20140812_195116.reg
2014-08-12 19:51 - 2013-03-27 15:40 - 00000000 ___RD () C:\Users\Josh\Dropbox
2014-08-12 19:38 - 2013-04-17 02:55 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-12 18:37 - 2014-08-12 18:37 - 00003724 _____ () C:\Users\Josh\Documents\startup.txt
2014-08-12 18:34 - 2014-08-12 18:34 - 00134600 _____ () C:\Users\Josh\Documents\cc_20140812_183448.reg
2014-08-12 18:32 - 2014-03-21 15:43 - 00000000 ____D () C:\Users\Josh\AppData\Local\Citrix
2014-08-12 18:31 - 2013-04-10 11:04 - 00000000 ____D () C:\Program Files (x86)\HP
2014-08-12 18:29 - 2012-09-08 17:13 - 00000000 ____D () C:\Users\Josh\AppData\Local\Cyberlink
2014-08-12 18:29 - 2012-09-08 17:13 - 00000000 ____D () C:\ProgramData\CyberLink
2014-08-12 18:29 - 2012-03-30 20:05 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-08-12 18:24 - 2014-03-21 15:44 - 00000000 ____D () C:\Program Files (x86)\Citrix
2014-08-12 18:13 - 2013-04-10 11:04 - 00000000 ____D () C:\ProgramData\HP
2014-08-12 18:03 - 2014-08-09 10:39 - 00007099 _____ () C:\Windows\LDPINST.LOG
2014-08-12 18:03 - 2012-07-30 21:41 - 00021238 _____ () C:\Windows\system32\lvcoinst.log
2014-08-12 18:03 - 2012-07-30 21:41 - 00000000 ____D () C:\Program Files\Common Files\logishrd
2014-08-12 18:02 - 2012-07-30 21:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2014-08-12 18:02 - 2012-07-30 21:41 - 00000000 ____D () C:\Program Files (x86)\Logitech
2014-08-12 18:01 - 2012-07-30 21:46 - 00000000 ____D () C:\Users\Josh\AppData\Local\LogiShrd
2014-08-12 17:59 - 2014-07-17 09:16 - 00000000 ____D () C:\Program Files (x86)\Raptr
2014-08-12 17:57 - 2012-08-20 05:37 - 00000000 ____D () C:\ProgramData\Skype
2014-08-12 17:51 - 2013-07-13 15:38 - 00000000 ____D () C:\ProgramData\Western Digital
2014-08-12 17:48 - 2012-03-30 20:39 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-08-12 17:47 - 2012-08-02 03:59 - 00000000 ____D () C:\ProgramData\Yahoo!
2014-08-12 17:47 - 2012-08-02 03:57 - 00000000 ____D () C:\Program Files (x86)\Yahoo!
2014-08-12 16:14 - 2012-07-20 00:39 - 00002189 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-12 15:15 - 2014-08-10 13:18 - 00070144 _____ () C:\Windows\SysWOW64\tasks.dll
2014-08-12 15:12 - 2009-07-13 21:45 - 00020880 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-12 15:12 - 2009-07-13 21:45 - 00020880 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-12 15:08 - 2014-08-09 03:32 - 00000000 ____D () C:\Temp
2014-08-12 15:08 - 2013-03-27 15:32 - 00000000 ____D () C:\Users\Josh\AppData\Roaming\Dropbox
2014-08-12 15:08 - 2012-07-20 00:38 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-12 15:06 - 2014-08-09 21:55 - 00000439 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-08-12 15:05 - 2014-07-26 18:29 - 00003028 _____ () C:\Windows\setupact.log
2014-08-12 15:05 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-12 15:03 - 2009-07-13 22:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-08-12 15:03 - 2009-07-13 22:32 - 00000000 ____D () C:\Program Files\Windows Sidebar
2014-08-12 15:03 - 2009-07-13 20:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-08-12 14:32 - 2014-08-12 14:32 - 00001172 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-12 14:32 - 2014-08-12 14:32 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware.premium
2014-08-12 14:32 - 2014-08-12 14:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-12 14:31 - 2014-08-12 14:31 - 17291904 _____ (Malwarebytes Corporation ) C:\Users\Josh\Desktop\mbam_premium.exe
2014-08-12 14:31 - 2014-08-12 14:19 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware.2
2014-08-12 14:18 - 2014-08-12 14:18 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Josh\Desktop\mbam-setup-2.0.2.1012.1.exe
2014-08-12 14:16 - 2014-08-12 13:23 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware.1
2014-08-12 13:22 - 2014-08-12 13:22 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Josh\Desktop\mbam-setup-2.0.2.1012.exe
2014-08-12 13:21 - 2012-07-30 21:53 - 00000000 ____D () C:\ProgramData\Norton
2014-08-12 12:52 - 2014-05-20 20:24 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-12 12:47 - 2014-08-12 12:47 - 00000000 ____D () C:\Windows\System32\Tasks\Norton 360
2014-08-12 12:03 - 2010-11-21 00:16 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-08-12 12:03 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\registration
2014-08-12 12:00 - 2014-08-12 11:47 - 00000000 ____D () C:\Users\Josh\AppData\Local\NPE
2014-08-12 11:49 - 2014-08-12 11:49 - 00000000 ____D () C:\NPE
2014-08-12 11:40 - 2012-08-28 16:38 - 00000000 ____D () C:\Users\Josh\AppData\Local\CrashDumps
2014-08-12 11:06 - 2012-07-19 23:21 - 00000000 ____D () C:\Users\Josh
2014-08-12 08:52 - 2012-08-23 05:09 - 00003946 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{14A0583D-EB8C-4F70-ABC6-4D5EDD0F52DF}
2014-08-12 08:49 - 2014-08-12 08:48 - 00000000 ____D () C:\Users\Josh\AppData\Local\{297E61C2-ED84-40FF-986E-161D278FE61F}
2014-08-11 18:44 - 2014-08-11 18:44 - 00000000 _____ () C:\Windows\SysWOW64\shoED56.tmp
2014-08-11 17:46 - 2013-03-11 11:07 - 00000000 ____D () C:\Users\Josh\Documents\Matte Grey
2014-08-11 15:56 - 2013-04-10 11:05 - 00000000 ____D () C:\Users\Josh\AppData\Roaming\HpUpdate
2014-08-11 13:46 - 2014-08-11 13:46 - 00004028 _____ () C:\Users\Josh\Documents\cc_20140811_134559.reg
2014-08-11 12:47 - 2014-08-11 12:47 - 00003134 _____ () C:\Windows\System32\Tasks\{484FAE28-6F2A-4532-9143-3EDCAD8978AC}
2014-08-11 12:47 - 2014-08-09 13:51 - 00000000 ____D () C:\Users\Josh\AppData\Roaming\uTorrent
2014-08-11 12:44 - 2014-08-09 16:09 - 00000000 ____D () C:\Users\Josh\AppData\Roaming\BitTorrent Sync
2014-08-11 10:58 - 2014-08-09 17:05 - 00000000 ____D () C:\Users\Josh\AppData\Local\Windows Live
2014-08-11 10:54 - 2014-08-11 10:53 - 00000000 ____D () C:\Users\Josh\AppData\Local\{C6D06883-ED4E-43D6-8DEA-112DEF2CA46F}
2014-08-11 08:48 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-08-11 02:27 - 2014-08-08 18:55 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-10 17:29 - 2014-08-10 17:29 - 00002410 _____ () C:\Users\Josh\Documents\2.wlmp
2014-08-10 16:55 - 2014-08-10 16:55 - 00002255 _____ () C:\Users\Josh\Documents\My Movie.wlmp
2014-08-10 16:41 - 2014-08-10 16:41 - 00000000 ____D () C:\Users\Josh\AppData\Local\{8B5B8C6D-FB5F-4ED9-BEB8-09F546B296E4}
2014-08-10 13:56 - 2014-08-10 13:56 - 00014398 _____ () C:\Users\Josh\Documents\cc_20140810_135608.reg
2014-08-10 09:05 - 2009-07-13 22:13 - 00783400 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-10 03:31 - 2014-08-10 03:30 - 00890744 _____ (AMD) C:\Users\Josh\Downloads\amddriverdownloader(1).exe
2014-08-10 02:54 - 2012-10-15 12:40 - 00004608 _____ () C:\Users\Josh\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-08-09 22:34 - 2009-07-13 20:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-08-09 18:55 - 2012-08-20 05:37 - 00000000 ____D () C:\Users\Josh\AppData\Roaming\Skype
2014-08-09 18:43 - 2014-08-09 18:43 - 00000000 ____D () C:\Users\Josh\AppData\Local\Skype
2014-08-09 18:40 - 2014-08-09 18:38 - 00362029 _____ () C:\Users\Josh\Downloads\sqlite3.dll
2014-08-09 18:39 - 2014-08-09 18:39 - 35595360 _____ (Skype Technologies S.A.) C:\Users\Josh\Downloads\SkypeSetupFull.exe
2014-08-09 18:39 - 2014-08-09 18:39 - 00003146 _____ () C:\Windows\System32\Tasks\{022C34B4-A31F-4274-AE54-7B83C738199E}
2014-08-09 18:36 - 2014-08-09 18:36 - 01677928 _____ (Skype Technologies S.A.) C:\Users\Josh\Downloads\SkypeSetup(1).exe
2014-08-09 18:13 - 2014-08-09 18:09 - 00000000 ____D () C:\Users\Josh\Tracing
2014-08-09 18:10 - 2014-08-09 18:09 - 00000000 ____D () C:\Users\Josh\AppData\Local\{F617CA72-4353-45F8-9B31-F42872581F18}
2014-08-09 17:45 - 2014-08-09 17:45 - 00000000 ____D () C:\Windows\en
2014-08-09 17:40 - 2014-08-09 17:40 - 00001311 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
2014-08-09 17:39 - 2014-08-09 17:38 - 00001380 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
2014-08-09 17:10 - 2009-07-13 20:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-08-09 17:08 - 2014-08-09 17:08 - 00000345 _____ () C:\Windows\DirectX.log
2014-08-09 17:01 - 2014-08-09 17:00 - 31037288 _____ (Microsoft Corporation) C:\Users\Josh\Downloads\wlsetup-idcrl.exe
2014-08-09 16:31 - 2014-08-09 16:31 - 00001723 _____ () C:\Users\Josh\Downloads\HdmiCec.py
2014-08-09 16:11 - 2014-08-09 16:11 - 00000000 ____D () C:\Users\Josh\Sync
2014-08-09 16:08 - 2014-08-09 16:07 - 03025512 _____ (BitTorrent, Inc.) C:\Users\Josh\Downloads\BTSync.exe
2014-08-09 13:50 - 2014-08-09 13:50 - 01936720 _____ (BitTorrent Inc.) C:\Users\Josh\Downloads\uTorrent.exe
2014-08-09 13:18 - 2014-08-09 13:18 - 00003266 _____ () C:\Windows\System32\Tasks\GPUP
2014-08-09 13:18 - 2014-08-09 13:18 - 00000000 ____D () C:\Users\Josh\AppData\Roaming\GetPrivate
2014-08-09 13:18 - 2014-08-09 13:18 - 00000000 ____D () C:\Program Files (x86)\GetPrivate
2014-08-09 11:33 - 2014-08-09 11:33 - 27239623 _____ () C:\Users\Josh\Downloads\torbrowser-install-3.6.3_en-US.exe
2014-08-09 11:03 - 2012-07-31 13:58 - 00000000 ____D () C:\Users\Josh\AppData\Roaming\Apple Computer
2014-08-09 10:52 - 2014-08-09 10:52 - 00000000 _____ () C:\Windows\SysWOW64\shoB388.tmp
2014-08-09 10:31 - 2014-08-09 10:30 - 74637872 _____ (Logitech, Inc.) C:\Users\Josh\Downloads\lws251.exe
2014-08-09 10:27 - 2014-08-09 10:27 - 00002968 _____ () C:\Windows\System32\Tasks\{660168F9-8F38-47E2-9BF7-4CE3E4784377}
2014-08-09 10:26 - 2014-08-09 10:26 - 00002968 _____ () C:\Windows\System32\Tasks\{88F95346-9CBB-460F-BEEC-D0C81781040F}
2014-08-09 09:34 - 2014-08-09 09:34 - 00002968 _____ () C:\Windows\System32\Tasks\{C5C79E1A-C212-4C76-B908-82700374E04F}
2014-08-09 09:20 - 2014-08-09 09:20 - 00003070 _____ () C:\Windows\System32\Tasks\{B6F5240B-76A0-45AF-AED5-93229C2331F8}
2014-08-09 09:16 - 2014-08-09 09:16 - 00002968 _____ () C:\Windows\System32\Tasks\{7B57F5CC-BB47-436B-8C95-59708EDC024D}
2014-08-09 07:05 - 2014-08-09 07:04 - 00263592 _____ () C:\Windows\msxml4-KB2758694-enu.LOG
2014-08-09 04:04 - 2014-08-09 04:04 - 03441528 _____ (Solvusoft Corporation ) C:\Users\Josh\Downloads\Motorola_MOTOPEBL_U6_Driver_Update_06-2014.exe
2014-08-09 04:00 - 2014-08-09 03:59 - 18430402 _____ () C:\Users\Josh\Downloads\Handset_USB_Driver_32_v2.6.2.0.zip
2014-08-09 03:51 - 2014-08-09 03:51 - 00000000 ____D () C:\ProgramData\Motorola
2014-08-09 03:49 - 2014-08-09 03:31 - 00000000 ____D () C:\Program Files (x86)\Motorola Mobility
2014-08-09 03:45 - 2014-08-09 03:45 - 33586888 _____ (Motorola Mobility) C:\Users\Josh\Downloads\MotorolaDeviceManager_2.4.5(1).exe
2014-08-09 03:35 - 2014-08-09 03:35 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_motmodem_01009.Wdf
2014-08-09 03:32 - 2014-08-09 03:32 - 00000000 ____D () C:\Users\Josh\AppData\Roaming\Motorola Mobility
2014-08-09 03:31 - 2014-08-09 03:31 - 00000000 ____D () C:\Program Files (x86)\Motorola
2014-08-09 03:30 - 2012-07-20 00:09 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-08-09 03:29 - 2014-08-09 03:29 - 00000000 ____D () C:\Program Files\Common Files\Motorola Shared
2014-08-09 03:27 - 2014-08-09 03:27 - 00000000 ____D () C:\Users\Josh\AppData\Roaming\Motorola
2014-08-09 03:23 - 2014-08-09 03:23 - 33586888 _____ (Motorola Mobility) C:\Users\Josh\Downloads\MotorolaDeviceManager_2.4.5.exe
2014-08-09 03:10 - 2012-07-31 13:58 - 00000000 ____D () C:\Users\Josh\AppData\Local\Apple Computer
2014-08-08 18:56 - 2014-08-08 18:56 - 00001789 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-08-08 18:56 - 2014-08-08 18:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-08 18:56 - 2014-08-08 18:55 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-08 18:56 - 2014-08-08 18:55 - 00000000 ____D () C:\Program Files\iTunes
2014-08-08 18:55 - 2014-08-08 18:55 - 00000000 ____D () C:\Program Files\iPod
2014-08-07 18:01 - 2012-09-08 16:30 - 00000000 ____D () C:\Users\Josh\AppData\Roaming\SoftGrid Client
2014-08-07 10:04 - 2014-08-07 10:04 - 00007566 _____ () C:\Users\Josh\Documents\cc_20140807_100442.reg
2014-08-06 19:06 - 2014-08-12 15:25 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-06 19:01 - 2014-08-12 15:25 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-05 14:38 - 2013-10-16 13:08 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-05 14:35 - 2014-08-05 14:36 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-05 14:35 - 2014-08-05 14:35 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-05 14:35 - 2014-08-05 14:35 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-05 14:35 - 2014-08-05 14:35 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-05 14:35 - 2014-08-05 14:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-05 14:34 - 2014-08-05 14:34 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-05 14:21 - 2014-08-05 14:20 - 00918952 _____ (Oracle Corporation) C:\Users\Josh\Downloads\jxpiinstall(7).exe
2014-08-01 17:56 - 2014-08-01 17:56 - 00011642 _____ () C:\Users\Josh\Documents\cc_20140801_175631.reg
2014-07-31 13:01 - 2014-07-31 12:56 - 00000128 _____ () C:\Windows\Reimage.ini
2014-07-31 12:56 - 2014-07-31 12:56 - 65294248 _____ (Sling Media Inc.) C:\Users\Josh\Downloads\SlingPlayer-2.0.3508-Setup-US.exe
2014-07-31 12:53 - 2014-07-31 12:53 - 00699016 _____ (CNET Download.com) C:\Users\Josh\Downloads\cbsidlm-cbsi213-SlingPlayer-SEO-10573277.exe
2014-07-31 01:22 - 2012-09-01 01:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-30 17:36 - 2014-07-30 17:36 - 00007566 _____ () C:\Users\Josh\Documents\cc_20140730_173605.reg
2014-07-30 09:21 - 2014-07-30 09:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-28 09:37 - 2014-07-28 09:37 - 00007566 _____ () C:\Users\Josh\Documents\cc_20140728_093701.reg
2014-07-26 18:29 - 2014-07-26 18:29 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-26 18:21 - 2014-07-26 18:21 - 00002976 _____ () C:\Windows\System32\Tasks\{EE28E693-8C67-4EDA-B275-69D27BDBE042}
2014-07-26 13:27 - 2014-07-26 13:27 - 00007968 _____ () C:\Users\Josh\Documents\cc_20140726_132658.reg
2014-07-26 13:22 - 2014-07-16 23:52 - 00000000 ____D () C:\Windows\Minidump
2014-07-26 08:10 - 2014-07-26 08:10 - 00000000 ____D () C:\Users\Josh\AppData\Local\Apps\2.0
2014-07-26 08:01 - 2014-07-26 08:01 - 00002976 _____ () C:\Windows\System32\Tasks\{8C18CB92-1B64-4998-B54C-41B4587A134C}
2014-07-25 11:34 - 2012-03-30 20:07 - 00000000 ____D () C:\Program Files (x86)\Creative
2014-07-25 11:13 - 2014-07-25 11:13 - 00000000 _____ () C:\Windows\SysWOW64\shoEAC8.tmp
2014-07-25 10:54 - 2014-07-25 10:54 - 00003010 _____ () C:\Windows\System32\Tasks\{D76C4729-3C25-4BB7-97D3-FEC8ADA7DE39}
2014-07-25 10:53 - 2014-07-25 10:53 - 00003010 _____ () C:\Windows\System32\Tasks\{06E6648F-F140-42D2-929D-8FAC7FE6DFE6}
2014-07-25 10:39 - 2014-07-25 10:39 - 02253208 _____ (Microsoft Corporation) C:\Users\Josh\Downloads\WcPlugin.exe
2014-07-25 10:31 - 2014-07-25 10:29 - 00000000 ____D () C:\Windows\SysWOW64\Adobe
2014-07-25 09:41 - 2014-07-25 09:40 - 00032758 _____ () C:\Users\Josh\Documents\cc_20140725_094035.reg
2014-07-24 23:41 - 2012-08-15 01:42 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-24 23:41 - 2012-08-15 01:42 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-24 17:35 - 2012-08-15 01:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-24 09:46 - 2012-07-25 11:29 - 00000828 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-07-24 09:46 - 2012-07-25 11:29 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-24 09:45 - 2014-07-24 09:45 - 00007566 _____ () C:\Users\Josh\Documents\cc_20140724_094511.reg
2014-07-24 09:42 - 2014-07-24 09:41 - 04813544 _____ (Piriform Ltd) C:\Users\Josh\Downloads\ccsetup416.exe
2014-07-24 02:59 - 2013-03-27 15:40 - 00001028 _____ () C:\Users\Josh\Desktop\Dropbox.lnk
2014-07-24 02:59 - 2013-03-27 15:33 - 00000000 ____D () C:\Users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-07-23 20:05 - 2014-07-23 20:05 - 00007566 _____ () C:\Users\Josh\Documents\cc_20140723_200541.reg
2014-07-22 08:53 - 2014-07-22 08:53 - 00007932 _____ () C:\Users\Josh\Documents\cc_20140722_085309.reg
2014-07-21 14:17 - 2014-07-21 14:17 - 00016250 _____ () C:\Users\Josh\Downloads\GenerateAgreement(7)
2014-07-21 14:15 - 2014-07-21 14:15 - 00016250 _____ () C:\Users\Josh\Downloads\GenerateAgreement(6)
2014-07-21 13:32 - 2012-07-20 01:51 - 00075256 _____ () C:\Users\Josh\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-21 12:48 - 2014-07-21 12:48 - 00007566 _____ () C:\Users\Josh\Documents\cc_20140721_124817.reg
2014-07-20 22:57 - 2014-07-20 22:57 - 00007566 _____ () C:\Users\Josh\Documents\cc_20140720_225612.reg
2014-07-18 12:40 - 2014-07-18 12:40 - 00007566 _____ () C:\Users\Josh\Documents\cc_20140718_124048.reg
2014-07-17 16:22 - 2014-07-17 16:21 - 00004133 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-17 16:08 - 2014-07-17 16:08 - 00918440 _____ (Oracle Corporation) C:\Users\Josh\Downloads\jxpiinstall(6).exe
2014-07-17 10:15 - 2014-07-17 10:15 - 00003696 _____ () C:\Users\Josh\Documents\cc_20140717_101507.reg
2014-07-17 09:37 - 2013-04-09 16:23 - 00000000 ____D () C:\Program Files (x86)\Browny02
2014-07-17 09:32 - 2014-07-17 09:32 - 00000000 ____D () C:\Users\Josh\AppData\Roaming\ATI
2014-07-17 09:32 - 2014-07-17 09:32 - 00000000 ____D () C:\Users\Josh\AppData\Local\ATI
2014-07-17 09:32 - 2014-07-17 09:32 - 00000000 ____D () C:\Users\Josh\AppData\Local\AMD
2014-07-17 09:32 - 2014-07-17 09:32 - 00000000 ____D () C:\ProgramData\ATI
2014-07-17 09:24 - 2014-07-17 09:16 - 00000000 ____D () C:\ProgramData\AMD
2014-07-17 09:17 - 2014-07-17 09:17 - 00000000 ____D () C:\Users\Josh\AppData\Roaming\library_dir
2014-07-17 09:16 - 2014-07-17 09:16 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-07-17 09:15 - 2014-07-17 09:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2014-07-17 09:15 - 2014-07-17 09:15 - 00000000 ____D () C:\Program Files (x86)\AMD
2014-07-17 09:15 - 2014-07-17 09:13 - 00000000 ____D () C:\Program Files\AMD
2014-07-17 09:15 - 2014-07-17 09:08 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2014-07-17 09:14 - 2014-07-17 09:07 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-07-17 09:09 - 2014-07-17 09:09 - 00000000 ____D () C:\Program Files\Common Files\ATI Technologies
2014-07-17 09:08 - 2014-07-17 09:08 - 00000000 ____D () C:\ProgramData\Package Cache
2014-07-17 09:07 - 2014-07-17 09:07 - 00000000 ____D () C:\Program Files\ATI
2014-07-17 09:05 - 2014-07-17 09:05 - 00000000 ____D () C:\AMD
2014-07-17 08:58 - 2014-07-17 08:58 - 00890744 _____ (AMD) C:\Users\Josh\Downloads\amddriverdownloader.exe
2014-07-17 08:29 - 2014-07-17 08:29 - 01046528 _____ () C:\Users\Josh\Downloads\MicrosoftFixit50848.msi
2014-07-16 23:15 - 2014-07-16 23:15 - 00003616 _____ () C:\Users\Josh\Documents\cc_20140716_231522.reg
2014-07-16 11:36 - 2014-07-16 11:36 - 00007566 _____ () C:\Users\Josh\Documents\cc_20140716_113606.reg
2014-07-16 03:06 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2014-07-13 11:37 - 2014-07-13 11:36 - 00001546 _____ () C:\Users\Josh\Documents\cc_20140713_113543.reg

Some content of TEMP:
====================
C:\Users\Josh\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp0y5isx.dll
C:\Users\Josh\AppData\Local\Temp\SpotifyUninstall.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-26 10:36

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-08-2014
Ran by Josh at 2014-08-12 23:10:53
Running from C:\Users\Josh\Desktop
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
AMD Accelerated Video Transcoding (Version: 13.30.100.40417 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{3FAEEEBE-48F4-84C1-2B49-96AE73E67E3E}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Fuel (Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
AMD Steady Video Plug-In  (Version: 2.07.0000 - AMD) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.15 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon MX870 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX870_series) (Version:  - )
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1209.101.204 - ALPS ELECTRIC CO., LTD.)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
DraftDominator Version 13.0m (HKLM-x32\...\DraftDominator_is1) (Version:  - )
Dropbox (HKCU\...\Dropbox) (Version: 2.10.3 - Dropbox, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
HL-2270DW (HKLM-x32\...\{E2A97415-BD97-4867-B906-05E39E9EE51F}) (Version: 1.0.7.0 - Brother Industries, Ltd.)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HydraVision (x32 Version: 4.2.252.0 - Advanced Micro Devices, Inc.) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6333.0 - IDT)
iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Logitech SetPoint 6.52 (HKLM\...\sp6) (Version: 6.52.74 - Logitech)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 en-US)) (Version: 24.6.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
myfantasyleague.com Game Day 2012 (HKLM-x32\...\mflGameDay_is1) (Version: 1.0 - Sideline Software, Inc.)
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.09.22 - Dell Inc.)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Roxio Activation Module (x32 Version: 1.0 - Roxio) Hidden
Roxio BackOnTrack (x32 Version: 1.3.3 - Roxio) Hidden
Roxio Burn (x32 Version: 1.8 - Roxio) Hidden
Roxio Central Audio (x32 Version: 3.8.0 - Roxio) Hidden
Roxio Central Core (x32 Version: 3.8.0 - Roxio) Hidden
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio Creator Starter (x32 Version: 1.0.439 - Roxio) Hidden
Roxio Creator Starter (x32 Version: 5.0.0 - Roxio) Hidden
Roxio Easy LP to MP3 (HKLM-x32\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.3 - Roxio)
Roxio Easy LP to MP3 (x32 Version: 10.3.104 - Roxio) Hidden
Roxio Easy LP to MP3 (x32 Version: 3.8.0 - Roxio) Hidden
Roxio Express Labeler 3 (x32 Version: 3.2.2 - Roxio) Hidden
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
Roxio Update Manager (x32 Version: 6.0.0 - Roxio) Hidden
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
UniPrint Client 5.0 (HKLM-x32\...\{1C6BF09D-6356-4EAE-97D9-556119A2C69C}) (Version: 5.0.0 - UniPrint)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3549984760-4111436229-1632221161-1004_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Josh\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3549984760-4111436229-1632221161-1004_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\1082\G2MOutlookAddin64.dll No File
CustomCLSID: HKU\S-1-5-21-3549984760-4111436229-1632221161-1004_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Josh\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3549984760-4111436229-1632221161-1004_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Josh\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3549984760-4111436229-1632221161-1004_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Josh\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3549984760-4111436229-1632221161-1004_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Josh\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3549984760-4111436229-1632221161-1004_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Josh\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3549984760-4111436229-1632221161-1004_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Josh\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3549984760-4111436229-1632221161-1004_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Josh\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3549984760-4111436229-1632221161-1004_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Josh\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

10-08-2014 10:49:08 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
11-08-2014 22:54:48 Installed HP Update.
12-08-2014 17:03:54 Removed WD SmartWare
12-08-2014 17:17:17 Removed WD SmartWare
13-08-2014 00:40:41 Windows Live Essentials
13-08-2014 00:41:29 WLSetup
13-08-2014 00:47:27 Removed Windows Media Player Firefox Plugin
13-08-2014 00:48:16 Removed Windows Live Sync
13-08-2014 00:49:39 Removed WD SmartWare
13-08-2014 00:51:42 Removed WD Security
13-08-2014 00:53:01 Removed WD Drive Utilities
13-08-2014 00:57:03 Removed Skype™ 6.18
13-08-2014 00:57:47 Removed Skype Click to Call
13-08-2014 01:00:19 Removed Motorola Device Manager
13-08-2014 01:03:42 Removed HP Update.
13-08-2014 01:08:12 Removed HP Officejet 4620 series Product Improvement Study
13-08-2014 01:08:38 Removed HP Officejet 4620 series Help
13-08-2014 01:11:56 Removed Microsoft SQL Server 2005 Compact Edition [ENU]
13-08-2014 01:12:30 Removed HP Officejet 4620 series Basic Device Software
13-08-2014 01:27:03 Configured PowerDVD
13-08-2014 01:30:45 Removed HP FWUpdateEDO2
13-08-2014 01:32:06 Removed Citrix Online Launcher
13-08-2014 02:52:37 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {03A837B0-8D9F-4737-8555-D3689FF53483} - System32\Tasks\{06E6648F-F140-42D2-929D-8FAC7FE6DFE6} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2013-10-09] (ATI Technologies Inc.)
Task: {0467A7D9-F9D6-46F2-B985-0BF9554E256D} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {183D2950-8A6B-44DF-8E1B-A0174B407C09} - System32\Tasks\GPUP => C:\Program Files (x86)\GetPrivate\gpup.exe [2014-08-09] ()
Task: {28F1FD39-5CA3-4C10-BF52-E59AA838A85C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-20] (Google Inc.)
Task: {332754C9-35E0-43AA-AD5D-B008AA97D5F4} - System32\Tasks\{E6F26263-58B3-45F0-8D7A-3A2CE181BABE} => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [2009-06-24] (Creative Technology Ltd)
Task: {382ED2BA-87DE-4E3C-9212-3F80319F0E29} - System32\Tasks\{88F95346-9CBB-460F-BEEC-D0C81781040F} => C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
Task: {392492BA-D351-47F9-A80C-92CDFD9CC615} - System32\Tasks\{82362F1D-725E-47CC-A246-15CD8C10B6CC} => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
Task: {40F02248-0D6A-4EBD-BB32-0C4BAC548F2D} - System32\Tasks\{2D6EA496-220E-419A-81AF-DEA801535F9A} => C:\Program Files (x86)\iTunes\iTunes.exe [2014-08-01] (Apple Inc.)
Task: {512D7F61-5FF5-40E6-884F-F07862D4F23F} - System32\Tasks\{D76C4729-3C25-4BB7-97D3-FEC8ADA7DE39} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2013-10-09] (ATI Technologies Inc.)
Task: {54ACD54A-425D-490F-9322-0E7E50357B99} - System32\Tasks\{767C0008-7AE3-4E27-B23B-E2DA8B356D57} => C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE [2013-07-23] (Microsoft Corporation)
Task: {68EB2588-8411-4ED9-915D-8CE56D50450C} - System32\Tasks\{B6F5240B-76A0-45AF-AED5-93229C2331F8} => C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\HelpMain\launchershortcut.exe
Task: {6F79313F-1283-4B03-9EC6-494AD925A0A1} - System32\Tasks\{8C18CB92-1B64-4998-B54C-41B4587A134C} => Firefox.exe
Task: {761C5399-7C14-4343-B2F6-F5A011CB6042} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)
Task: {809FC27C-85EF-4B46-9DC6-A29F68B803F7} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\SymErr.exe
Task: {82E5CCC2-D65F-46AF-971E-C87E4A83AFB9} - System32\Tasks\{D1EEB578-4EB9-4FCE-AA44-92C6527D9660} => C:\Program Files (x86)\iTunes\iTunes.exe [2014-08-01] (Apple Inc.)
Task: {9A30D821-C567-423B-BA74-5EFEAD2CADD5} - System32\Tasks\{660168F9-8F38-47E2-9BF7-4CE3E4784377} => C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
Task: {9CD32630-E457-4C8F-9202-F33590B65CAA} - System32\Tasks\{7D5368EE-77ED-4F5C-88FE-0E3CEF0BE4B8} => Firefox.exe
Task: {A2574B62-2508-4643-BA12-B17509142595} - System32\Tasks\{BFCF907E-C783-4BCF-8A8B-1B4A38813ED2} => C:\Program Files (x86)\iTunes\iTunes.exe [2014-08-01] (Apple Inc.)
Task: {A25D17AE-EDF0-458F-9048-10308023BE58} - System32\Tasks\{4FDAC1D1-951B-4444-B702-29C84C25A688} => C:\Program Files (x86)\iTunes\iTunes.exe [2014-08-01] (Apple Inc.)
Task: {A75FEF02-6732-4B99-AC54-56CE6FE204BF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated)
Task: {AAF07A04-1728-44A2-B878-BEDF6B3EEB67} - System32\Tasks\{022C34B4-A31F-4274-AE54-7B83C738199E} => Firefox.exe http://www.skype.com/go/downloading?source=lightinstaller&ver=6.18.0.106&LastError=12002
Task: {BF001228-8193-42FE-BAB0-4474E0B0E347} - System32\Tasks\{952881B0-5BAE-4BE5-AAC4-D02982FFC93A} => C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE [2013-07-23] (Microsoft Corporation)
Task: {C2D7227D-6E9A-4313-98E9-4ADC4CDCBB5B} - System32\Tasks\{53A73539-7C3E-4D65-8086-261696051E3C} => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [2009-06-24] (Creative Technology Ltd)
Task: {D3A03B4D-D9DE-4D61-A9A5-2B300F2769ED} - System32\Tasks\{E529B0A5-717C-4B87-9111-64376832E992} => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [2009-06-24] (Creative Technology Ltd)
Task: {D3D33BD3-3AB1-4AD8-A97C-403FA7727D96} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\SymErr.exe
Task: {D3E44FE5-50BE-4ACF-870D-1445AA40AEFC} - System32\Tasks\{2F1275DD-DE6D-4539-B2A8-B347ABA39D7D} => C:\Program Files (x86)\iTunes\iTunes.exe [2014-08-01] (Apple Inc.)
Task: {D78C2920-EEAF-42BA-9C0B-B9939C80CE82} - System32\Tasks\{C5C79E1A-C212-4C76-B908-82700374E04F} => C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
Task: {DACBF3B3-95B9-470F-9BE5-1826679E2259} - System32\Tasks\{0DFB1D0A-C6D9-4499-9ED8-6CFA529992C7} => C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE [2013-07-23] (Microsoft Corporation)
Task: {DC17362C-55C6-422F-BCA6-547ABF961D4E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-20] (Google Inc.)
Task: {E36B67E6-0CC8-4EB8-9694-338A2145E97A} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2013-11-20] (Apple Inc.)
Task: {EAAFD6D1-532E-44A7-A80D-497C138A9F06} - System32\Tasks\{7B57F5CC-BB47-436B-8C95-59708EDC024D} => C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
Task: {EF5DF773-B6B8-4E62-AF6E-EBC00B43864B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {F322C0F6-7E33-428F-BE3E-2DDE071C7DE9} - System32\Tasks\{EE28E693-8C67-4EDA-B275-69D27BDBE042} => Firefox.exe
Task: {F8D7EFA5-3931-4B32-8249-4C9E9E4BD839} - System32\Tasks\{2D77B97F-6E78-47F6-ABE7-445E49B660D8} => C:\Program Files (x86)\iTunes\iTunes.exe [2014-08-01] (Apple Inc.)
Task: {FDCD7DD4-C55F-41B8-ABEA-7DA746FD1471} - System32\Tasks\{2DE020E0-E7CF-46C9-A4CF-5752029B5D1C} => C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe [2014-05-08] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-11-10 20:53 - 2010-11-10 20:53 - 00817136 _____ () C:\Program Files\Roxio\Roxio Burn\RBVirtualFolder64.dll
2014-07-30 09:21 - 2014-07-30 09:21 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-07-08 21:23 - 2014-07-08 21:23 - 17029808 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR410 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Dell Webcam Central => "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
MSCONFIG\startupreg: RoxWatchTray => "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"

==================== Faulty Device Manager Devices =============

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/12/2014 05:50:53 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: WDRulesEngine.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ObjectDisposedException
Stack:
   at System.Data.SQLite.SQLiteConnection.CheckDisposed()
   at System.Data.SQLite.SQLiteConnection.get_State()
   at BackupRulesDB.Close()
   at BackupRulesDB.Dispose(Boolean)
   at BackupRulesDB.Finalize()

Error: (08/12/2014 05:41:28 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: MININT-1AQNII0)
Description: Application or service 'Windows Search' could not be shut down.

Error: (08/12/2014 03:06:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WDBackupEngine.exe, version: 1.6.4.4, time stamp: 0x505a9648
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x53159a86
Exception code: 0xe0434352
Fault offset: 0x0000c42d
Faulting process id: 0xacc
Faulting application start time: 0xWDBackupEngine.exe0
Faulting application path: WDBackupEngine.exe1
Faulting module path: WDBackupEngine.exe2
Report Id: WDBackupEngine.exe3

Error: (08/12/2014 03:06:00 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: WDBackupEngine.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ObjectDisposedException
Stack:
   at System.Data.SQLite.SQLiteConnection.CheckDisposed()
   at System.Data.SQLite.SQLiteConnection.get_State()
   at WDIO.DBFile.Close()
   at WDIO.ManifestManager.!ManifestManager()
   at WDIO.ManifestManager.Dispose(Boolean)
   at WDIO.ManifestManager.Finalize()

Error: (08/12/2014 03:03:09 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\servicing\TrustedInstaller.exe; Description = Windows Modules Installer; Error = 0x8007043c).

Error: (08/12/2014 00:49:52 PM) (Source: Microsoft-Windows-EFS) (EventID: 4376) (User: NT AUTHORITY)
Description: EFS Service failed to start. Error code: 0x80070013.

Error: (08/12/2014 11:44:35 AM) (Source: Application Virtualization Client) (EventID: 2010) (User: )
Description: The Application Virtualization Core Service could not start because a driver failed to respond.

Error: (08/12/2014 11:44:35 AM) (Source: Application Virtualization Client) (EventID: 3030) (User: )
Description: {tid=CC4}
Client core could not be initialized (rc 10302504-00000A17)

Error: (08/12/2014 11:39:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: firefox.exe, version: 31.0.0.5310, time stamp: 0x53c75e72
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x3682fb40
Faulting process id: 0x810
Faulting application start time: 0xfirefox.exe0
Faulting application path: firefox.exe1
Faulting module path: firefox.exe2
Report Id: firefox.exe3

Error: (08/12/2014 11:17:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WDBackupEngine.exe, version: 1.6.4.4, time stamp: 0x505a9648
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x53159a86
Exception code: 0xe0434352
Fault offset: 0x0000c42d
Faulting process id: 0x1930
Faulting application start time: 0xWDBackupEngine.exe0
Faulting application path: WDBackupEngine.exe1
Faulting module path: WDBackupEngine.exe2
Report Id: WDBackupEngine.exe3


System errors:
=============
Error: (08/12/2014 11:10:11 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/12/2014 11:10:11 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/12/2014 11:08:27 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/12/2014 11:08:27 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/12/2014 11:08:27 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/12/2014 11:08:27 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/12/2014 11:05:11 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/12/2014 11:05:11 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/12/2014 11:03:03 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/12/2014 11:03:03 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================
Error: (08/12/2014 05:50:53 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: WDRulesEngine.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ObjectDisposedException
Stack:
   at System.Data.SQLite.SQLiteConnection.CheckDisposed()
   at System.Data.SQLite.SQLiteConnection.get_State()
   at BackupRulesDB.Close()
   at BackupRulesDB.Dispose(Boolean)
   at BackupRulesDB.Finalize()

Error: (08/12/2014 05:41:28 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: MININT-1AQNII0)
Description: 1SearchIndexer.exeWindows Search03026216154920

Error: (08/12/2014 03:06:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: WDBackupEngine.exe1.6.4.4505a9648KERNELBASE.dll6.1.7601.1840953159a86e04343520000c42dacc01cfb679952237e2C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exeC:\Windows\syswow64\KERNELBASE.dlle0a260f7-226c-11e4-8f16-e4d53d5ea98c

Error: (08/12/2014 03:06:00 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: WDBackupEngine.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ObjectDisposedException
Stack:
   at System.Data.SQLite.SQLiteConnection.CheckDisposed()
   at System.Data.SQLite.SQLiteConnection.get_State()
   at WDIO.DBFile.Close()
   at WDIO.ManifestManager.!ManifestManager()
   at WDIO.ManifestManager.Dispose(Boolean)
   at WDIO.ManifestManager.Finalize()

Error: (08/12/2014 03:03:09 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\servicing\TrustedInstaller.exeWindows Modules Installer0x8007043c

Error: (08/12/2014 00:49:52 PM) (Source: Microsoft-Windows-EFS) (EventID: 4376) (User: NT AUTHORITY)
Description: 181750x80070013

Error: (08/12/2014 11:44:35 AM) (Source: Application Virtualization Client) (EventID: 2010) (User: )
Description:

Error: (08/12/2014 11:44:35 AM) (Source: Application Virtualization Client) (EventID: 3030) (User: )
Description: {tid=CC4}
10302504-00000A17

Error: (08/12/2014 11:39:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: firefox.exe31.0.0.531053c75e72unknown0.0.0.000000000c00000053682fb4081001cfb659a103d1aaC:\Program Files (x86)\Mozilla Firefox\firefox.exeunknownedb569d7-224f-11e4-b637-e4d53d5ea98c

Error: (08/12/2014 11:17:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: WDBackupEngine.exe1.6.4.4505a9648KERNELBASE.dll6.1.7601.1840953159a86e04343520000c42d193001cfb65999a8e94dC:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exeC:\Windows\syswow64\KERNELBASE.dlldf60a96f-224c-11e4-b637-e4d53d5ea98c


==================== Memory info ===========================

Processor: AMD A4-3300M APU with Radeon HD Graphics
Percentage of memory in use: 35%
Total physical RAM: 3559.99 MB
Available physical RAM: 2299.44 MB
Total Pagefile: 7118.16 MB
Available Pagefile: 5975.95 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (OSDisk) (Fixed) (Total:452.09 GB) (Free:367.58 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Recovery) (Fixed) (Total:13.67 GB) (Free:7.15 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 0409B778)
Partition 1: (Active) - (Size=452 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=14 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Link to post
Share on other sites

Welcome to the forum. (Do what you can)

General P2P/Piracy Warning:

 

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

2. If you have illegal/cracked software (MS Office, Adobe Products), cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

Please run a Quick Scan with Malwarebytes

For Malwarebytes ver: 1.75

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Post the log

For Malwarebytes 2.0, please run a Threat Scan

Click on Settings > Detection and Protection > Non-Malware Protection > PUP (Potentially Unwanted Program) detections > Make sure it's set to Treat detections as malware

Same for PUM (Potentially Unwanted Modifications)

Quarantine all that's found

Post the log

Then.......

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Wait for the Prescan to finish

Click Scan to scan the system.

When the scan completes > Don't Fix anything! > Click on the Report Button and post the Report back here.

Don't run any other options, they're not all bad!!!!!!!

RogueKiller logs will also be located here:

%programdata%/RogueKiller/Logs <-------W7

C:\Documents and Settings\All Users\Application Data\RogueKiller\Logs <-------XP

(please don't put logs in code or quotes and use the default font)

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running. Create a new restore point

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear".

------->Your topic will be closed if you haven't replied within 3 days!<--------

If I don't respond within 24 hours, please send me a PM

Link to post
Share on other sites

RogueKiller V9.2.6.0 (x64) [Jul 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Safe mode with network support
User : Josh [Admin rights]
Mode : Scan -- Date : 08/13/2014  21:42:00

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤
[suspicious.Path] (X64) HKEY_USERS\S-1-5-21-3549984760-4111436229-1632221161-1004\Software\Microsoft\Windows\CurrentVersion\Run | UniPrint Client Init : C:\Users\Josh\AppData\Roaming\UniPrint Suite\Client\UPCInit.exe  -> FOUND
[suspicious.Path] (X86) HKEY_USERS\S-1-5-21-3549984760-4111436229-1632221161-1004\Software\Microsoft\Windows\CurrentVersion\Run | UniPrint Client Init : C:\Users\Josh\AppData\Roaming\UniPrint Suite\Client\UPCInit.exe  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: NOT LOADED [0xc000035f]) ¤¤¤

¤¤¤ Web browsers : 2 ¤¤¤
[PUM.Proxy][FIREFX:Config] kckk8v11.default : user_pref("network.proxy.type", 4); -> FOUND
[PUP][CHROME:Addon] Default : SearchGBY [icmijdhkcgeclpfjmibnginbbkfcbpep] -> FOUND

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST950032 5AS SATA Disk Device +++++
--- User ---
[MBR] 1691cc93417d779f591c115911c15950
[bSP] 1007af5c1a51b769ca7be6cdfb7af553 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 462937 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 948097024 | Size: 14001 MB
User = LL1 ... OK
User = LL2 ... OK
 

Link to post
Share on other sites

Make sure you have created a restore point and.....
bwebb7v.jpgDownload Delfix from Here and save it to your desktop.

  • Place a check mark in front of .......
  • Create registry backup <---only!
  • Uncheck the rest!
  • Click the Run button.

    Close the tool out when it's done....we'll use it later.

    ====================

    Download the attached fixlist.txt to the same folder as FRST.exe/FRST64.exe.
    Run FRST.exe/FRST64.exe and click Fix only once and wait
    The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

    ====================

    Please download AdwCleaner from HERE or HERE to your desktop.
    • Double click on AdwCleaner.exe to run the tool.
      Vista/Windows 7/8 users right-click and select Run As Administrator
    • Click on the Scan button.
    • AdwCleaner will begin...be patient as the scan may take some time to complete.
    • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
    • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
    • Look over the log especially under Files/Folders for any program you want to save.
    • If there's a program you may want to save, just uncheck it from AdwCleaner.
    • If you're not sure, post the log for review. (all items found are either adware/spyware/foistware)
    • If you're ready to clean it all up.....click the Clean button.
    • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
    • Copy and paste the contents of that logfile in your next reply.
    • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
    • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
    • To restore an item that has been deleted:
    • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
    Next..................

    thisisujrt.gif Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
    Next.........

    Reset these Chrome pages:
    CHR HomePage: hxxp://www.holasearch.com/?affID=121962&babsrc=HP_ss&mntrId=2C6F86D53D5EA98B
    CHR RestoreOnStartup: "hxxp://www.holasearch.com/?affID=121962&babsrc=HP_ss&mntrId=2C6F86D53D5EA98B"

     



    These links will help:
    https://support.google.com/chrome/answer/95314?hl=en <<<----Home page
    https://support.google.com/chrome/answer/95421?hl=en <<<---CHR StartupUrls

    Last:

    If you're using Malwarebytes 2.0, please run a Threat Scan
    Click on settings > Detection and Protection > Non-Malware Protection > PUP (Potentially Unwanted Program) detections > Make sure it's set to Treat detections as malware
    Same for PUM (Potentially Unwanted Modifications)
    Quarantine All that's found

    MrC
Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-08-2014
Ran by Josh at 2014-08-14 09:17:51 Run:1
Running from C:\Users\Josh\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CHR Extension: (SearchGBY) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmijdhkcgeclpfjmibnginbbkfcbpep [2013-04-16]
CHR HKCU\...\Chrome\Extension: [cgpimkfhjdaobobdomcikioipaenlhke] - C:\Users\Josh\AppData\Local\CRE\cgpimkfhjdaobobdomcikioipaenlhke.crx [2013-04-13]
CHR HKLM-x32\...\Chrome\Extension: [cgpimkfhjdaobobdomcikioipaenlhke] - C:\Users\Josh\AppData\Local\CRE\cgpimkfhjdaobobdomcikioipaenlhke.crx [2013-04-13]
CHR HKLM-x32\...\Chrome\Extension: [icmijdhkcgeclpfjmibnginbbkfcbpep] - C:\Program Files (x86)\SearchGBY\Extensions\Chrome\searchgby.chrome.crx [2013-04-16]
CHR HKLM-x32\...\Chrome\Extension: [mhfnfmkdkiiginjadpmmhehjjccjghjp] - C:\ProgramData\Bcool\mhfnfmkdkiiginjadpmmhehjjccjghjp.crx [2013-04-16]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
C:\Users\Josh\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp0y5isx.dll
C:\Users\Josh\AppData\Local\Temp\SpotifyUninstall.exe

*****************

C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmijdhkcgeclpfjmibnginbbkfcbpep => Moved successfully.
"HKCU\SOFTWARE\Google\Chrome\Extensions\cgpimkfhjdaobobdomcikioipaenlhke" => Key deleted successfully.
C:\Users\Josh\AppData\Local\CRE\cgpimkfhjdaobobdomcikioipaenlhke.crx => Moved successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cgpimkfhjdaobobdomcikioipaenlhke" => Key deleted successfully.
"C:\Users\Josh\AppData\Local\CRE\cgpimkfhjdaobobdomcikioipaenlhke.crx" => File/Directory not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\icmijdhkcgeclpfjmibnginbbkfcbpep" => Key deleted successfully.
C:\Program Files (x86)\SearchGBY\Extensions\Chrome\searchgby.chrome.crx => Moved successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mhfnfmkdkiiginjadpmmhehjjccjghjp" => Key deleted successfully.
"C:\ProgramData\Bcool\mhfnfmkdkiiginjadpmmhehjjccjghjp.crx" => File/Directory not found.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
C:\Users\Josh\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp0y5isx.dll => Moved successfully.
C:\Users\Josh\AppData\Local\Temp\SpotifyUninstall.exe => Moved successfully.

==== End of Fixlog ====

Link to post
Share on other sites

# AdwCleaner v3.305 - Report created 14/08/2014 at 09:23:25
# Updated 14/08/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Josh - MININT-1AQNII0
# Running from : C:\Users\Josh\Desktop\adwcleaner_3.305.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\Program Files (x86)\1ClickDownload
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\GetPrivate
Folder Deleted : C:\Users\Josh\AppData\Local\Conduit
Folder Deleted : C:\Users\Josh\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\Josh\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Josh\AppData\Roaming\GetPrivate
Folder Deleted : C:\Users\Josh\AppData\Roaming\PerformerSoft
File Deleted : C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\kckk8v11.default\searchplugins\safesearch.xml
File Deleted : C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\kckk8v11.default\user.js

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Deleted : HKLM\SOFTWARE\Classes\oneclick
Key Deleted : HKLM\SOFTWARE\Classes\oneclickmg
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Key Deleted : HKCU\Software\5955d88fbc3fed45
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{8D5CFE57-B0FD-4396-97A2-DFD0B7DA935B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\filescout
Key Deleted : HKCU\Software\holasearch LTD
Key Deleted : HKCU\Software\Tutorials
Key Deleted : HKCU\Software\AppDataLow\Software\LyricsContainer
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17207


-\\ Mozilla Firefox v31.0 (x86 en-US)

[ File : C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\kckk8v11.default\prefs.js ]

Line Deleted : user_pref("CT3241284_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1366155739846,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "Search Spin Customized Web Search");
Line Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3241284&SearchSource=2&CUI=UN42260351121255746&UM=2&q=");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3241284");
Line Deleted : user_pref("aol_toolbar.default.homepage.check", false);
Line Deleted : user_pref("aol_toolbar.default.search.check", false);
Line Deleted : user_pref("avg.install.userHPSettings", "hxxp://www.holasearch.com/?affID=121962&babsrc=HP_ss&mntrId=2C6F86D53D5EA98B");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "Search Spin Customized Web Search");
Line Deleted : user_pref("extensions.5036f8f1ac6bc.scode", "(function(){try{if('mystart.incredibar.com,premiumreports.info,search.babylon.com,search.funmoods.com,search.gboxapp.com,search.sweetim.com'.indexOf(window[...]
Line Deleted : user_pref("extensions.holasearch.admin", false);
Line Deleted : user_pref("extensions.holasearch.aflt", "babsst");
Line Deleted : user_pref("extensions.holasearch.appId", "{8D5CFE57-B0FD-4396-97A2-DFD0B7DA935B}");
Line Deleted : user_pref("extensions.holasearch.autoRvrt", "false");
Line Deleted : user_pref("extensions.holasearch.bbDpng", "16");
Line Deleted : user_pref("extensions.holasearch.cntry", "US");
Line Deleted : user_pref("extensions.holasearch.dfltLng", "en");
Line Deleted : user_pref("extensions.holasearch.excTlbr", false);
Line Deleted : user_pref("extensions.holasearch.ffxUnstlRst", false);
Line Deleted : user_pref("extensions.holasearch.hdrMd5", "DA268EF28A37312360B6706B4FE71ABB");
Line Deleted : user_pref("extensions.holasearch.id", "2c6f831400000000000086d53d5ea98b");
Line Deleted : user_pref("extensions.holasearch.instlDay", "15811");
Line Deleted : user_pref("extensions.holasearch.instlRef", "sst");
Line Deleted : user_pref("extensions.holasearch.lastVrsnTs", "1.8.16.1615:28:11");
Line Deleted : user_pref("extensions.holasearch.newTab", false);
Line Deleted : user_pref("extensions.holasearch.prdct", "holasearch");
Line Deleted : user_pref("extensions.holasearch.prtnrId", "holasearch");
Line Deleted : user_pref("extensions.holasearch.rvrt", "false");
Line Deleted : user_pref("extensions.holasearch.sg", "tzb");
Line Deleted : user_pref("extensions.holasearch.smplGrp", "none");
Line Deleted : user_pref("extensions.holasearch.tlbrId", "base");
Line Deleted : user_pref("extensions.holasearch.tlbrSrchUrl", "");
Line Deleted : user_pref("extensions.holasearch.vrsn", "1.8.16.16");
Line Deleted : user_pref("extensions.holasearch.vrsnTs", "1.8.16.1615:28:11");
Line Deleted : user_pref("extensions.holasearch.vrsni", "1.8.16.16");
Line Deleted : user_pref("smartbar.machineId", "CSOX6NTKJU05+KMX+LUVX43NS95JMKHZTHUUHUZQHY8VZWAUF2DILPKDDWPFA32I6PXBDL6XQPJZOETJMUL1MW");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.enable", "");

-\\ Google Chrome v36.0.1985.143

[ File : C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [search Provider] : hxxp://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN10506&l=dis&prt=360&chn=retail&geo=US&ver=20&locale=en_US&gct=sb&qsrc=2869
Deleted [search Provider] : hxxp://www.holasearch.com/?q={searchTerms}&affID=121962&babsrc=SP_ss&mntrId=2C6F86D53D5EA98B
Deleted [search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&cui=UN22937215998042821&ctid=CT3241284&UM=2
Deleted [Homepage] : hxxp://www.holasearch.com/?affID=121962&babsrc=HP_ss&mntrId=2C6F86D53D5EA98B
Deleted [Extension] : abfmigjiaapipflmopkaaooigcjjdojh
Deleted [Extension] : icmijdhkcgeclpfjmibnginbbkfcbpep

*************************

AdwCleaner[R0].txt - [8412 octets] - [14/08/2014 09:20:36]
AdwCleaner[s0].txt - [8299 octets] - [14/08/2014 09:23:25]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [8359 octets] ##########
 

Link to post
Share on other sites

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Josh on Thu 08/14/2014 at  9:31:35.19
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3549984760-4111436229-1632221161-1004\Software\sweetim



~~~ Files

Successfully deleted: [File] C:\Windows\syswow64\sho1528.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho1DD5.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho29E.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho665F.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho8377.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoB388.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoEAC8.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoED56.tmp



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Josh\appdata\local\{297E61C2-ED84-40FF-986E-161D278FE61F}
Successfully deleted: [Empty Folder] C:\Users\Josh\appdata\local\{8B5B8C6D-FB5F-4ED9-BEB8-09F546B296E4}
Successfully deleted: [Empty Folder] C:\Users\Josh\appdata\local\{C6D06883-ED4E-43D6-8DEA-112DEF2CA46F}
Successfully deleted: [Empty Folder] C:\Users\Josh\appdata\local\{F617CA72-4353-45F8-9B31-F42872581F18}



~~~ FireFox

Successfully deleted the following from C:\Users\Josh\AppData\Roaming\mozilla\firefox\profiles\kckk8v11.default\prefs.js

user_pref("extensions.searchgby.data", "{    \"v\":\"1.1\",    \"help\": \"hxxp://searchgby.com/pages/help/\",    \"news\":{    \"news\":[    \"hxxp://www.cnn.com/\",    \"hxxp://cbsnews.com/\"
user_pref("extensions.searchgby.injurl", "//www.analytic-s.com/pop/ga/?subid=sgby&&icmp=sp130316");
user_pref("extensions.searchgby.lastupdate", "1366151439279");
user_pref("extensions.searchgby.updateVersion", "2.0.71");
Emptied folder: C:\Users\Josh\AppData\Roaming\mozilla\firefox\profiles\kckk8v11.default\minidumps [272 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 08/14/2014 at  9:41:20.55
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Link to post
Share on other sites

Good......

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter. (it may look like CF is re-installing but it's not)

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)

---------------------------------

bwebb7v.jpgDownload Delfix from here and save it to your desktop. (you may already have this)

  • Ensure Remove disinfection tools is checked.
  • Click the Run button.
  • Reboot
Any other programs or logs that are still remaining, you can manually delete. (right click.....Delete)

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST folder, FRST-OlderVersion folder, MBAR folder, etc....AdwCleaner > just run the program and click uninstall.

Note:

If you used FRST and can't delete the quarantine folder:

Download the fixlist.txt to the same folder as FRST.exe.

Run FRST.exe and click Fix only once and wait

That will delete the quarantine folder created by FRST.

The rest you can manually delete.

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

It seems right before I could reboot after I ran Remove disinfection tools with Delfix, I was getting unauthorized access blocks in Norton, and it looks like my firewall settings were changed before I could reboot.

I'm not sure what you mean???

Is it OK now????

MrC

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.