Possible infection Spybot can't remove [Archive]

View Full Version : Possible infection Spybot can't remove

Nightwingsgurl

2014-09-14, 02:16

Hi, I have been dealing with a potential infection all summer and can't seem to get it removed. As per advice earlier this year, I ran HiJack this (though I don't think I removed anything, because it scared me, haha) and AdwCleaner. I also regularly run CCleaner, Spybot, Malwarebytes and Windows Security Essentials. I just ran WSE and it came up clean, but Spybot always lists the same threats that it says it 'fixed' in the previous scan, even if they're back-to-back. And sometimes Google seems to re-direct. (Note-- I didn't see any, but if you see any email addresses or other personal info, please alert me so that I can edit them out.) Thank you!

Oh, I'll post the logs required in the "Before You Post" thread, but I can't figure out how to disable TeaTimer in Spybot-- I didn't see anywhere to check advanced settings? I have a log from a scan I ran less than an hour ago, though. Please let me know if I need to do something different. I DID back up my registry with Tweaking.com's thing, and will post my other logs here.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
Ran by Imari (administrator) on IMARI-PC on 13-09-2014 18:19:24
Running from C:\Users\Imari\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\TiMiniService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\TiResumeSrv.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(ASUS) C:\Program Files\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Spotify Ltd) C:\Users\Imari\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Apple Inc.) D:\iTunesHelper.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(ASUS) C:\Windows\AsScrPro.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [VizorHtmlDialog.exe] => C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe [1123664 2010-10-08] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [192520 2010-10-12] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Titanium] => C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe [322384 2010-09-17] (Trend Micro Inc.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2587944 2010-12-31] (ELAN Microelectronics Corp.)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [361984 2011-03-21] (Alcor Micro Corp.)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2226280 2011-06-03] (Realtek Semiconductor)
HKLM\...\Run: [Setwallpaper] => c:\programdata\SetWallpaper.cmd
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Nuance PDF Reader-reminder] => C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe [328992 2008-11-03] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [2018032 2011-04-02] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe [731472 2011-02-23] (ecareme)
HKLM-x32\...\Run: [SonicMasterTray] => C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe [984400 2010-07-10] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-23] ()
HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => D:\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
HKU\S-1-5-21-1487551961-3572496284-799048130-1000\...\Run: [MobileDocuments] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
HKU\S-1-5-21-1487551961-3572496284-799048130-1000\...\Run: [Spotify Web Helper] => C:\Users\Imari\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-01-18] (Spotify Ltd)
HKU\S-1-5-21-1487551961-3572496284-799048130-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1487551961-3572496284-799048130-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-1487551961-3572496284-799048130-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-1487551961-3572496284-799048130-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3666224 2013-09-20] (Safer-Networking Ltd.)
HKU\S-1-5-21-1487551961-3572496284-799048130-1000\...\Run: [Google Update] => C:\Users\Imari\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-07-04] (Google Inc.)
HKU\S-1-5-21-1487551961-3572496284-799048130-1000\...\MountPoints2: {d0100140-3593-11e1-ae05-806e6f6e6963} - G:\LaunchBOPC1.exe
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe (ASUSTeK Computer Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_94E3CE3704FE82FBF49A6A.exe ()
Startup: C:\Users\Imari\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Imari\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Imari\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> D:\Program Files (x86)\program\quickstart.exe ()
ShellIconOverlayIdentifiers: AsusWSShellExt_B -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: AsusWSShellExt_O -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Imari\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Imari\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Imari\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Imari\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Imari\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Imari\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Imari\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll (Dropbox, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll (Trend Micro Inc.)
BHO-x32: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (Trend Micro Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll (Trend Micro Inc.)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (Trend Micro Inc.)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Imari\AppData\Roaming\Mozilla\Firefox\Profiles\j3c4jgnx.default
FF Keyword.URL: https://www.mypoints.com/emp/u/mysearch.vm?st=mypWeb&fctb.dns=1&q=
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @Musicnotes.com/Musicnotes Viewer -> C:\Program Files\Musicnotes\npmusicn64.dll (Musicnotes, Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> D:\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @Musicnotes.com/Musicnotes Viewer -> C:\Program Files (x86)\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\Imari\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\Imari\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Imari\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Imari\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Imari\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Imari\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: Adblock Plus - C:\Users\Imari\AppData\Roaming\Mozilla\Firefox\Profiles\j3c4jgnx.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-01-11]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-08-02]
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension
FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension [2011-04-02]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/ig/redirectdomain?brand=ASUT&bmod=ASUT
CHR StartupUrls: Default -> "hxxp://www.google.com/ig/redirectdomain?brand=ASUT&bmod=ASUT", "hxxp://search.conduit.com/?ctid=CT2260173&SearchSource=48&CUI=UN64620605553500358&UM=2"
CHR DefaultSearchKeyword: Default -> 7DE471496509B5E9AB1E1945A15502F1540DC2E271BE5A7A8AE30F6123D4D166
CHR DefaultSearchURL: Default -> https://mail.google.com/mail/?extsrc=mailto&url=%s
CHR Profile: C:\Users\Imari\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Imari\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-29]
CHR Extension: (AdBlock) - C:\Users\Imari\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2012-12-03]
CHR Extension: (History Eraser) - C:\Users\Imari\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjieilkfnnjoihjjonajndjldjoagffm [2012-11-23]
CHR Extension: (Swagbucks Extension) - C:\Users\Imari\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngocbkfmikdgphklgmmehbjjlfgdemm [2014-02-05]
CHR Extension: (Webcam Toy) - C:\Users\Imari\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfbgimoladefibpklnfmkpknadbklade [2013-11-28]
CHR Extension: (Google Wallet) - C:\Users\Imari\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-04]
CHR HKCU\...\Chrome\Extension: [apjkpjchfbckhjhokinlgdbmibpbbjak] - C:\Users\Imari\AppData\Local\CRE\apjkpjchfbckhjhokinlgdbmibpbbjak.crx []

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TiMiniService; C:\Program Files\Trend Micro\Titanium\TiMiniService.exe [241488 2010-09-17] (Trend Micro Inc.)
S3 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32512 2014-03-31] ()
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R1 MpKsla0287fb5; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0AE40DB4-AD9E-4DA0-B4DA-2F6C8873B43E}\MpKsla0287fb5.sys [45352 2014-09-13] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [530488 2012-01-02] () [File not signed]
R2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [90704 2010-09-17] (Trend Micro Inc.)
R2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [144464 2010-09-17] (Trend Micro Inc.)
R2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [67664 2010-09-17] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105552 2010-09-17] (Trend Micro Inc.)
U3 ag27l0wr; C:\Windows\System32\Drivers\ag27l0wr.sys [0 ] (Intel Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-13 18:19 - 2014-09-13 18:20 - 00024901 _____ () C:\Users\Imari\Desktop\FRST.txt
2014-09-13 18:18 - 2014-09-13 18:19 - 00000000 ____D () C:\FRST
2014-09-13 18:16 - 2014-09-13 18:16 - 02105856 _____ (Farbar) C:\Users\Imari\Desktop\FRST64.exe
2014-09-13 18:15 - 2014-09-13 18:15 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-IMARI-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
2014-09-13 18:13 - 2014-09-13 18:13 - 00002237 _____ () C:\Users\Imari\Desktop\Tweaking.com - Registry Backup.lnk
2014-09-13 18:13 - 2014-09-13 18:13 - 00000000 ____D () C:\Users\Imari\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-09-13 18:13 - 2014-09-13 18:13 - 00000000 ____D () C:\RegBackup
2014-09-13 18:12 - 2014-09-13 18:12 - 04057608 _____ () C:\Users\Imari\Downloads\tweaking.com_registry_backup_setup.exe
2014-09-13 18:12 - 2014-09-13 18:12 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-09-13 17:03 - 2014-09-13 17:03 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-09-13 17:03 - 2014-09-13 17:03 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-09-13 13:17 - 2014-06-26 22:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-13 13:17 - 2014-06-26 21:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-10 22:13 - 2014-06-23 23:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-10 22:13 - 2014-06-23 22:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-10 22:12 - 2014-09-04 22:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-10 22:12 - 2014-09-04 22:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-10 22:12 - 2014-07-06 22:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-10 22:12 - 2014-07-06 22:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-10 22:12 - 2014-07-06 21:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-10 22:12 - 2014-07-06 21:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-10 22:12 - 2014-07-06 21:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-06 22:15 - 2014-09-06 22:18 - 00000000 ____D () C:\Users\Imari\Desktop\Football 9-5-14
2014-09-01 14:29 - 2014-09-01 14:30 - 04901352 _____ (Piriform Ltd) C:\Users\Imari\Downloads\ccsetup417(1).exe
2014-09-01 13:35 - 2014-09-01 13:39 - 04901352 _____ (Piriform Ltd) C:\Users\Imari\Downloads\ccsetup417.exe
2014-09-01 13:30 - 2014-09-13 14:34 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-01 13:29 - 2014-09-01 13:29 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-01 13:29 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-01 13:29 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-31 21:57 - 2014-08-31 21:57 - 00105141 _____ () C:\Users\Imari\Downloads\image (16).jpeg
2014-08-31 21:57 - 2014-08-31 21:57 - 00100395 _____ () C:\Users\Imari\Downloads\image (15).jpeg
2014-08-31 21:56 - 2014-08-31 21:56 - 00109149 _____ () C:\Users\Imari\Downloads\image (13).jpeg
2014-08-31 21:56 - 2014-08-31 21:56 - 00106083 _____ () C:\Users\Imari\Downloads\image (14).jpeg
2014-08-31 21:37 - 2014-08-31 21:37 - 00118926 _____ () C:\Users\Imari\Downloads\image (10).jpeg
2014-08-31 21:37 - 2014-08-31 21:37 - 00105853 _____ () C:\Users\Imari\Downloads\image (12).jpeg
2014-08-31 21:37 - 2014-08-31 21:37 - 00080680 _____ () C:\Users\Imari\Downloads\image (11).jpeg
2014-08-31 21:19 - 2014-08-31 21:19 - 00120997 _____ () C:\Users\Imari\Downloads\image (5).jpeg
2014-08-31 21:19 - 2014-08-31 21:19 - 00114634 _____ () C:\Users\Imari\Downloads\image (9).jpeg
2014-08-31 21:19 - 2014-08-31 21:19 - 00114634 _____ () C:\Users\Imari\Downloads\image (6).jpeg
2014-08-31 21:19 - 2014-08-31 21:19 - 00110813 _____ () C:\Users\Imari\Downloads\image (7).jpeg
2014-08-31 21:19 - 2014-08-31 21:19 - 00106874 _____ () C:\Users\Imari\Downloads\image (8).jpeg
2014-08-31 19:37 - 2014-08-31 19:37 - 00109077 _____ () C:\Users\Imari\Downloads\image (4).jpeg
2014-08-31 19:36 - 2014-08-31 19:36 - 00119566 _____ () C:\Users\Imari\Downloads\image (3).jpeg
2014-08-31 19:30 - 2014-08-31 19:30 - 01364600 _____ () C:\Users\Imari\Downloads\ebaypics.zip
2014-08-31 19:30 - 2014-08-31 19:30 - 01364600 _____ () C:\Users\Imari\Downloads\ebaypics (2).zip
2014-08-31 19:30 - 2014-08-31 19:30 - 01364600 _____ () C:\Users\Imari\Downloads\ebaypics (1).zip
2014-08-31 19:27 - 2014-08-31 19:27 - 00119566 _____ () C:\Users\Imari\Downloads\image (2).jpeg
2014-08-31 19:25 - 2014-08-31 19:25 - 00119566 _____ () C:\Users\Imari\Downloads\image.jpeg
2014-08-31 19:25 - 2014-08-31 19:25 - 00119566 _____ () C:\Users\Imari\Downloads\image (1).jpeg
2014-08-27 21:35 - 2014-08-22 22:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-27 21:35 - 2014-08-22 21:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-27 21:35 - 2014-08-22 20:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-14 11:40 - 2014-06-30 18:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-14 11:40 - 2014-06-30 18:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-14 11:40 - 2014-03-09 17:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-14 11:40 - 2014-03-09 17:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-14 11:40 - 2014-03-09 17:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-14 11:40 - 2014-03-09 17:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-14 11:39 - 2014-06-06 02:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-14 11:39 - 2014-06-06 02:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-13 18:20 - 2014-09-13 18:19 - 00024901 _____ () C:\Users\Imari\Desktop\FRST.txt
2014-09-13 18:19 - 2014-09-13 18:18 - 00000000 ____D () C:\FRST
2014-09-13 18:17 - 2014-07-04 13:12 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1487551961-3572496284-799048130-1000UA.job
2014-09-13 18:16 - 2014-09-13 18:16 - 02105856 _____ (Farbar) C:\Users\Imari\Desktop\FRST64.exe
2014-09-13 18:15 - 2014-09-13 18:15 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-IMARI-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
2014-09-13 18:13 - 2014-09-13 18:13 - 00002237 _____ () C:\Users\Imari\Desktop\Tweaking.com - Registry Backup.lnk
2014-09-13 18:13 - 2014-09-13 18:13 - 00000000 ____D () C:\Users\Imari\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-09-13 18:13 - 2014-09-13 18:13 - 00000000 ____D () C:\RegBackup
2014-09-13 18:12 - 2014-09-13 18:12 - 04057608 _____ () C:\Users\Imari\Downloads\tweaking.com_registry_backup_setup.exe
2014-09-13 18:12 - 2014-09-13 18:12 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-09-13 18:04 - 2014-02-20 21:16 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-13 18:04 - 2012-12-14 18:11 - 00260096 ___SH () C:\Users\Imari\Desktop\Thumbs.db
2014-09-13 17:39 - 2011-04-02 00:36 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-13 17:06 - 2012-01-02 20:08 - 00000000 ____D () C:\Users\Imari\Desktop\Games
2014-09-13 17:04 - 2013-09-21 23:20 - 00000000 ____D () C:\ProgramData\Oracle
2014-09-13 17:03 - 2014-09-13 17:03 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-09-13 17:03 - 2014-09-13 17:03 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-09-13 17:03 - 2014-08-02 14:00 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-09-13 17:03 - 2014-08-02 14:00 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-09-13 17:03 - 2012-01-06 20:05 - 00000000 ____D () C:\Program Files (x86)\Java
2014-09-13 16:39 - 2011-04-02 00:36 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-13 14:37 - 2014-01-02 23:27 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-09-13 14:34 - 2014-09-01 13:30 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-13 14:32 - 2013-11-27 23:09 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-09-13 14:29 - 2009-07-14 00:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-13 14:29 - 2009-07-14 00:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-13 14:03 - 2012-12-30 16:37 - 01071834 ____N () C:\Windows\WindowsUpdate.log
2014-09-13 13:39 - 2012-05-31 13:11 - 00000000 ____D () C:\Users\Imari\AppData\Roaming\Dropbox
2014-09-13 13:39 - 2011-12-21 22:49 - 00000000 ___HD () C:\ASUS.DAT
2014-09-13 13:36 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-13 13:21 - 2011-12-26 04:51 - 00000000 ____D () C:\Users\Imari\AppData\Local\Adobe
2014-09-13 13:17 - 2014-07-04 13:12 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1487551961-3572496284-799048130-1000Core.job
2014-09-13 13:17 - 2014-05-09 07:12 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-12 19:23 - 2011-12-22 20:40 - 00000000 ____D () C:\Users\Imari\AppData\Roaming\Skype
2014-09-10 20:29 - 2014-03-23 16:52 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-09-10 20:29 - 2011-12-22 20:39 - 00000000 ____D () C:\ProgramData\Skype
2014-09-09 23:39 - 2009-07-14 03:45 - 00000000 ____D () C:\Windows\ShellNew
2014-09-09 10:03 - 2009-07-14 01:13 - 00811678 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-06 22:19 - 2012-05-16 19:36 - 03033088 ___SH () C:\Users\Imari\Downloads\Thumbs.db
2014-09-06 22:18 - 2014-09-06 22:15 - 00000000 ____D () C:\Users\Imari\Desktop\Football 9-5-14
2014-09-04 22:10 - 2014-09-10 22:12 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-04 22:05 - 2014-09-10 22:12 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-01 14:31 - 2012-01-02 20:08 - 00000000 ____D () C:\Users\Imari\Desktop\Maintenance
2014-09-01 14:30 - 2014-09-01 14:29 - 04901352 _____ (Piriform Ltd) C:\Users\Imari\Downloads\ccsetup417(1).exe
2014-09-01 14:30 - 2011-12-29 14:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-09-01 14:30 - 2011-12-29 14:36 - 00000000 ____D () C:\Program Files\CCleaner
2014-09-01 13:58 - 2012-01-15 23:39 - 00000000 ____D () C:\Windows\Minidump
2014-09-01 13:39 - 2014-09-01 13:35 - 04901352 _____ (Piriform Ltd) C:\Users\Imari\Downloads\ccsetup417.exe
2014-09-01 13:29 - 2014-09-01 13:29 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-01 13:29 - 2011-12-30 14:24 - 00000000 ____D () C:\Users\Imari\AppData\Roaming\Malwarebytes
2014-09-01 13:29 - 2011-12-30 14:24 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-31 21:57 - 2014-08-31 21:57 - 00105141 _____ () C:\Users\Imari\Downloads\image (16).jpeg
2014-08-31 21:57 - 2014-08-31 21:57 - 00100395 _____ () C:\Users\Imari\Downloads\image (15).jpeg
2014-08-31 21:56 - 2014-08-31 21:56 - 00109149 _____ () C:\Users\Imari\Downloads\image (13).jpeg
2014-08-31 21:56 - 2014-08-31 21:56 - 00106083 _____ () C:\Users\Imari\Downloads\image (14).jpeg
2014-08-31 21:37 - 2014-08-31 21:37 - 00118926 _____ () C:\Users\Imari\Downloads\image (10).jpeg
2014-08-31 21:37 - 2014-08-31 21:37 - 00105853 _____ () C:\Users\Imari\Downloads\image (12).jpeg
2014-08-31 21:37 - 2014-08-31 21:37 - 00080680 _____ () C:\Users\Imari\Downloads\image (11).jpeg
2014-08-31 21:19 - 2014-08-31 21:19 - 00120997 _____ () C:\Users\Imari\Downloads\image (5).jpeg
2014-08-31 21:19 - 2014-08-31 21:19 - 00114634 _____ () C:\Users\Imari\Downloads\image (9).jpeg
2014-08-31 21:19 - 2014-08-31 21:19 - 00114634 _____ () C:\Users\Imari\Downloads\image (6).jpeg
2014-08-31 21:19 - 2014-08-31 21:19 - 00110813 _____ () C:\Users\Imari\Downloads\image (7).jpeg
2014-08-31 21:19 - 2014-08-31 21:19 - 00106874 _____ () C:\Users\Imari\Downloads\image (8).jpeg
2014-08-31 19:37 - 2014-08-31 19:37 - 00109077 _____ () C:\Users\Imari\Downloads\image (4).jpeg
2014-08-31 19:36 - 2014-08-31 19:36 - 00119566 _____ () C:\Users\Imari\Downloads\image (3).jpeg
2014-08-31 19:30 - 2014-08-31 19:30 - 01364600 _____ () C:\Users\Imari\Downloads\ebaypics.zip
2014-08-31 19:30 - 2014-08-31 19:30 - 01364600 _____ () C:\Users\Imari\Downloads\ebaypics (2).zip
2014-08-31 19:30 - 2014-08-31 19:30 - 01364600 _____ () C:\Users\Imari\Downloads\ebaypics (1).zip
2014-08-31 19:27 - 2014-08-31 19:27 - 00119566 _____ () C:\Users\Imari\Downloads\image (2).jpeg
2014-08-31 19:27 - 2014-06-09 20:12 - 00000000 ____D () C:\Users\Imari\Desktop\Ebay- yoyos
2014-08-31 19:25 - 2014-08-31 19:25 - 00119566 _____ () C:\Users\Imari\Downloads\image.jpeg
2014-08-31 19:25 - 2014-08-31 19:25 - 00119566 _____ () C:\Users\Imari\Downloads\image (1).jpeg
2014-08-28 20:39 - 2009-07-14 00:45 - 04914096 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-23 10:40 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-08-22 22:07 - 2014-08-27 21:35 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-22 21:45 - 2014-08-27 21:35 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-22 20:59 - 2014-08-27 21:35 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-17 22:28 - 2012-06-14 23:37 - 00000000 ____D () C:\Users\Imari\Documents\Crown Financial
2014-08-17 21:52 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-08-14 21:36 - 2011-12-21 22:49 - 00045056 _____ () C:\Windows\system32\acovcnt.exe
2014-08-14 21:02 - 2012-04-28 13:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-14 21:00 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-14 20:27 - 2013-08-11 18:16 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-14 11:50 - 2012-02-18 17:18 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Some content of TEMP:
====================
C:\Users\Imari\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-09-09 21:49

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-09-2014
Ran by Imari at 2014-09-13 18:21:26
Running from C:\Users\Imari\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AV: Trend Micro Titanium Internet Security (Disabled - Out of date) {68F968AC-2AA0-091D-848C-803E83E35902}
AS: Trend Micro Titanium Internet Security (Disabled - Out of date) {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.2.0.2070 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.2.0.2070 - Adobe Systems Incorporated) Hidden
Adobe Digital Editions (HKLM-x32\...\Digital Editions) (Version: - )
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.3.300.257 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Help Manager (x32 Version: 4.0.244 - Adobe Systems Incorporated) Hidden
Adobe InDesign CS6 (HKLM-x32\...\{CFB770D7-8D43-1014-922B-CC2715FADE3F}) (Version: 8.0 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)
Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version: - Hidden Path Entertainment, Ensemble Studios)
Age of Empires® III: Complete Collection (HKLM-x32\...\Steam App 105450) (Version: - Ensemble Studios)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 1.2.0117.08443 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.2.0117.08443 - Alcor Micro Corp.) Hidden
American Conquest (HKLM-x32\...\American Conquest) (Version: - )
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.12.5.0 - Asmedia Technology)
ASUS AI Recovery (HKLM-x32\...\{38253529-D97D-4901-AE53-5CC9736D3A2E}) (Version: 1.0.13 - ASUS)
ASUS FancyStart (HKLM-x32\...\{2B81872B-A054-48DA-BE3B-FA5C164C303A}) (Version: 1.1.0 - ASUSTeK Computer Inc.)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.25 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.0.6 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.1.44 - ASUS)
ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0011 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0033 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.21 - asus)
ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 3.0.84.161 - eCareme Technologies, Inc.)
ASUS_Screensaver (HKLM-x32\...\ASUS_Screensaver) (Version: - )
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.10.168 - ASUSTEK)
Atheros Driver Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Atheros)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0008 - ASUS)
BioShock (HKLM-x32\...\Steam App 7670) (Version: - 2K Boston)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Breath of Death VII (HKLM-x32\...\Steam App 107300) (Version: - Zeboyd Games)
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
Cthulhu Saves the World (HKLM-x32\...\Steam App 107310) (Version: - Zeboyd Games)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1908 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.1908 - CyberLink Corp.) Hidden
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.)
CyberLink Power2Go (x32 Version: 6.1.3602c - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.45.1.0236 - DT Soft Ltd)
Dead Pixels (HKLM-x32\...\Steam App 222980) (Version: - CSR-Studios)
Dropbox (HKCU\...\Dropbox) (Version: 1.6.18 - Dropbox, Inc.)
Dust: An Elysian Tail (HKLM-x32\...\Steam App 236090) (Version: - Humble Hearts LLC)
Empire XP 2.0 (HKLM-x32\...\Empire XP) (Version: - )
ETDWare PS/2-X64 8.0.5.1_WHQL (HKLM\...\Elantech) (Version: 8.0.5.1 - ELAN Microelectronic Corp.)
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.9 - ASUS)
FINAL FANTASY VII (HKLM-x32\...\Steam App 39140) (Version: - Square Enix)
FINAL FANTASY VIII (HKLM-x32\...\Steam App 39150) (Version: - SQUARE ENIX)
Flixster Collections (HKLM-x32\...\FlixsterCollections) (Version: 1.0.76 - Warner Bros. Entertainment Inc.)
Flixster Collections (x32 Version: 1.0.76 - Warner Bros. Entertainment Inc.) Hidden
Free YouTube Downloader 3.5.128 (HKLM-x32\...\{A7E19604-93AF-4611-8C9F-CE509C2B286F}_is1) (Version: - HOW Inc.)
Galeria de Fotografias (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galería de fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
GameSpy Arcade (HKLM-x32\...\GameSpy Arcade) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.103 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.6.0 - LIGHTNING UK!)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2361 - Intel Corporation)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Java(TM) 6 Update 33 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216033FF}) (Version: 6.0.330 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Magic ISO Maker v5.5 (build 0281) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0281)) (Version: - )
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Marvel Heroes (HKLM-x32\...\Steam App 226320) (Version: - Gazillion Entertainment)
Medal of Honor Pacific Assault(tm) (HKLM-x32\...\{56CFA833-F44F-4199-8C58-7F8B38F2BC7B}) (Version: 1.0 - Electronic Arts)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 17.0.2003.1112 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
Musicnotes Player V1.32.2 and Viewer V1.19.0 (HKLM-x32\...\Musicnotes Player_is1) (Version: 1.32.2 - Musicnotes Inc.)
Nancy Drew: Secret of the Old Clock (HKLM-x32\...\{70D1416D-C0FF-461C-8AF3-71B98C7F5CA4}) (Version: - )
NOOK for PC (HKLM-x32\...\BN_DesktopReader) (Version: 2.5.6.9575 - Barnesandnoble.com)
Nuance PDF Reader (HKLM-x32\...\{B480904D-F73F-4673-B034-8A5F492C9184}) (Version: 6.00.0041 - Nuance Communications, Inc.)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
OpenOffice.org 3.3 (HKLM-x32\...\{3E171899-0175-47CC-84C4-562ACDD4C021}) (Version: 3.3.9567 - OpenOffice.org)
ORION: Dino Horde (HKLM-x32\...\Steam App 104900) (Version: - Spiral Game Studios)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Photo Story 3 for Windows (HKLM-x32\...\{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}) (Version: 3.0.1115.11 - Microsoft Corporation)
Pinball Arcade (HKLM-x32\...\Steam App 238260) (Version: - FarSight Studios)
POWERPREP II (HKLM-x32\...\{2687340C-C114-47DC-9F0E-C1BA85FEB001}) (Version: 2.00.0000 - ETS)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6410 - Realtek Semiconductor Corp.)
Secret Diaries - Florence Ashford (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-119551583}) (Version: - Oberon Media)
SEGA Genesis & Mega Drive Classics (HKLM-x32\...\Steam App 34270) (Version: - Sega)
Sid Meier's Civilization III: Complete (HKLM-x32\...\Steam App 3910) (Version: - Firaxis Games)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Sonic Focus (HKLM-x32\...\{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}) (Version: 1.0.0.4 - Synopsys )
Spotify (HKCU\...\Spotify) (Version: 0.9.7.16.g4b197456 - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)
Star Wars Battlefront (HKLM-x32\...\{C79CB9C7-10A4-4814-8402-F574672C2192}) (Version: 1.0 - LucasArts)
Star Wars Jedi Knight Jedi Academy (HKLM-x32\...\{1EECBA68-8BE4-4076-94DF-E9ED206B1D21}) (Version: - )
Star Wars JK II Jedi Outcast (HKLM-x32\...\{8681B1E6-CD96-46EF-9065-CE0D1085ED99}) (Version: 1.0 - LucasArts)
Star Wars Knights of the Old Republic (HKLM-x32\...\{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}) (Version: 1.0 - LucasArts)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
syncables desktop SE (HKLM-x32\...\{341697D8-9923-445E-B42A-529E5A99CB7A}) (Version: 5.5.746.11492 - syncables)
The Elder Scrolls IV: Oblivion (HKLM-x32\...\Steam App 22330) (Version: - Bethesda Game Studios)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
Trend Micro Titanium Internet Security (HKLM\...\{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}) (Version: 3.0 - Trend Micro Inc.)
Trend Micro Titanium Internet Security (Version: 3.00 - Trend Micro Inc.) Hidden
Trine 2 (HKLM-x32\...\Steam App 35720) (Version: - Frozenbyte)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 1.9.0 - Tweaking.com)
Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Family Safety (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live 程式集 (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live 软件包 (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.31.0 - ASUS)
Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.19 - ASUS)
影像中心 (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
照片库 (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1487551961-3572496284-799048130-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Imari\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1487551961-3572496284-799048130-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Imari\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1487551961-3572496284-799048130-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Imari\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1487551961-3572496284-799048130-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Imari\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1487551961-3572496284-799048130-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Imari\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1487551961-3572496284-799048130-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Imari\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1487551961-3572496284-799048130-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Imari\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1487551961-3572496284-799048130-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Imari\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1487551961-3572496284-799048130-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Imari\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1487551961-3572496284-799048130-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Imari\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1487551961-3572496284-799048130-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Imari\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1487551961-3572496284-799048130-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Imari\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll (Dropbox, Inc.)

==================== Restore Points =========================

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {05643566-D668-46B0-84D5-6E454D94DEF1} - System32\Tasks\{5C10F0CF-7951-4D68-A23A-91365FF0AA61} => C:\Program Files (x86)\LucasArts\Star Wars Knights of the Old Republic\LaunchKOTOR.exe [2006-10-11] (LucasArts LLC)
Task: {0E170835-29A9-44CF-B9A1-94573D708D3D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-04-02] (Google Inc.)
Task: {1B202343-13AE-4831-83DA-D863445C66F2} - System32\Tasks\{D2FB566D-B54F-4665-BB4A-196084FD7085} => D:\dmcr.exe [2002-12-18] (-GSC-)
Task: {3AE14C96-0DF2-4551-AFB9-9CE844ACCD3B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd)
Task: {3BD33BC4-8DF3-4E04-9A86-26ACC61B8A05} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2010-11-15] (ASUS)
Task: {3C87CF44-6DBA-4D32-9669-AA9A646169CA} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {48E735B9-4F4E-4D70-B597-8B1CDF7D7A0E} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2011-05-30] (ASUS)
Task: {4C85F90E-FEB5-445C-81D1-C6AEE751E184} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-04-02] (Google Inc.)
Task: {4EE00FD4-7340-45E7-B055-1986A5016283} - System32\Tasks\My Tasks\Alarm Clock => C:\Users\Imari\Music\iTunes\iTunes Media\Music\Caitlin\Amaranth - www.Caitlin.co.za.mp3
Task: {58B0FFB0-7E1F-430E-A7BC-E91F000CEBBB} - System32\Tasks\{0AE133F9-37B0-4132-A343-4FA1E9BB6D48} => D:\dmcr.exe [2002-12-18] (-GSC-)
Task: {654D4252-8E4E-42BD-B107-1B4CAAE5C04F} - System32\Tasks\{0951F487-AF6F-4E1E-82D9-CE915E64041D} => C:\Program Files (x86)\LucasArts\Star Wars Knights of the Old Republic\LaunchKOTOR.exe [2006-10-11] (LucasArts LLC)
Task: {919A2ED6-5FE6-4359-B3EB-D46EF19DC930} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-20] (Adobe Systems Incorporated)
Task: {99306B57-43D3-4A49-82BD-40C234966184} - System32\Tasks\AdobeAAMUpdater-1.0-Imari-PC-Imari => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated)
Task: {A2065CBB-A60F-448E-8FF4-ED04BAA0FBD7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A6DE9897-744E-42C4-8519-D30C497F481A} - System32\Tasks\{4431F210-AB79-4203-9C2B-6E865F9608CC} => C:\Program Files (x86)\LucasArts\Star Wars Knights of the Old Republic\LaunchKOTOR.exe [2006-10-11] (LucasArts LLC)
Task: {B1472956-C5B8-4905-AC6F-CCF0F8411E78} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1487551961-3572496284-799048130-1000UA => C:\Users\Imari\AppData\Local\Google\Update\GoogleUpdate.exe [2014-07-04] (Google Inc.)
Task: {BFCFAC4F-9E5C-44D1-9CCF-350DB4208038} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2011-08-31] (ASUSTeK Computer Inc.)
Task: {C1700A89-D6DD-445C-9278-8CAC6D99F2B2} - System32\Tasks\{5EF26686-DD43-48BC-B6D5-A545D28310C2} => D:\dmcr.exe [2002-12-18] (-GSC-)
Task: {C285FA5F-6F81-4E27-89C0-3ECEDA6E6494} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {C725B969-5F69-4433-8826-DCC4A3CEF2FD} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {CE83E647-2830-4B51-8386-086DED2B1EDF} - System32\Tasks\{D64BB8E3-8935-48F2-B8DD-D9DDA8AE65B9} => C:\Program Files (x86)\LucasArts\Star Wars Knights of the Old Republic\LaunchKOTOR.exe [2006-10-11] (LucasArts LLC)
Task: {D72B3553-2C95-462F-AB8E-D9B1562CC5AA} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2011-03-07] (ASUS)
Task: {DCE419E2-2962-4F27-9B74-98D18DD70517} - System32\Tasks\{1F8BC911-AC2A-4D70-B467-0A5C895BD426} => D:\dmcr.exe [2002-12-18] (-GSC-)
Task: {DF545365-BB08-470E-B31A-0A5AED7274CE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1487551961-3572496284-799048130-1000Core => C:\Users\Imari\AppData\Local\Google\Update\GoogleUpdate.exe [2014-07-04] (Google Inc.)
Task: {E8B69708-F04B-4565-815E-C12AA8DE8A57} - System32\Tasks\{18944E43-7C24-488C-BCCE-D88C0EA3C0AF} => C:\Program Files (x86)\LucasArts\Star Wars Knights of the Old Republic\LaunchKOTOR.exe [2006-10-11] (LucasArts LLC)
Task: {EF14BB98-1ADF-4719-B3B6-E313BFA740FA} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-17] (ASUS)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1487551961-3572496284-799048130-1000Core.job => C:\Users\Imari\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1487551961-3572496284-799048130-1000UA.job => C:\Users\Imari\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-04-02 00:49 - 2010-09-17 04:52 - 00047104 _____ () C:\Program Files\Trend Micro\AMSP\boost_thread-vc80-mt-1_36.dll
2011-04-02 00:49 - 2010-09-17 04:52 - 00042496 _____ () C:\Program Files\Trend Micro\AMSP\boost_date_time-vc80-mt-1_36.dll
2010-07-14 19:11 - 2010-07-14 19:11 - 00031360 _____ () C:\Program Files\P4G\DevMng.dll
2011-07-20 00:42 - 2011-04-09 22:40 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2010-09-23 19:53 - 2010-09-23 19:53 - 01601536 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
2014-02-06 01:52 - 2014-02-06 01:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-01-02 23:27 - 2013-05-16 11:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-01-02 23:27 - 2013-05-16 11:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-01-02 23:27 - 2013-05-16 11:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2011-08-31 16:33 - 2011-08-31 16:33 - 00208384 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\alvupdt.dll
2011-05-30 14:48 - 2011-05-30 14:48 - 00009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2009-11-02 17:20 - 2009-11-02 17:20 - 00619816 ____N () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-11-02 17:23 - 2009-11-02 17:23 - 00013096 ____N () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2014-08-28 21:14 - 2014-08-21 14:15 - 01171456 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-08-28 21:14 - 2014-08-21 14:15 - 00442368 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-08-28 21:14 - 2014-08-21 14:15 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2013-11-27 23:11 - 2014-08-20 18:38 - 00774656 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2014-05-21 19:02 - 2014-08-28 07:48 - 02224320 _____ () C:\Program Files (x86)\Steam\video.dll
2014-08-28 21:14 - 2014-08-21 14:15 - 00403968 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-08-28 21:14 - 2014-08-21 14:15 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2013-11-27 23:11 - 2014-08-28 07:48 - 00678080 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2013-11-27 23:11 - 2014-08-20 18:38 - 34589376 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2014-08-23 10:37 - 2014-08-20 18:38 - 00837824 _____ () C:\Program Files (x86)\Steam\bin\ffmpegsumo.dll
2014-01-02 23:27 - 2012-08-23 11:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-01-02 23:27 - 2012-04-03 18:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-09-05 19:06 - 2014-08-29 22:49 - 01098056 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\libglesv2.dll
2014-09-05 19:06 - 2014-08-29 22:49 - 00174408 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\libegl.dll
2014-09-05 19:06 - 2014-08-29 22:49 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\pdf.dll
2014-09-05 19:06 - 2014-08-29 22:49 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\ppGoogleNaClPluginChrome.dll
2014-09-05 19:06 - 2014-08-29 22:49 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:E4A4BAB8

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (09/13/2014 02:22:34 PM) (Source: System Restore) (EventID: 8211) (User: )
Description: The scheduled restore point could not be created. Additional information: (0x8004231f).

Error: (09/13/2014 02:22:34 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x8004231f).

Error: (09/13/2014 01:41:33 PM) (Source: .NET Runtime Optimization Service) (EventID: 1110) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Service Manager returned a fatal error (0x80070070). Will stop service

Error: (09/13/2014 01:41:33 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: System.ServiceModel, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80070070

Error: (09/13/2014 01:30:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe_aepdu.dll, version: 6.1.7600.16385, time stamp: 0x4a5bc9e0
Faulting module name: msvcrt.dll, version: 7.0.7601.17744, time stamp: 0x4eeb033f
Exception code: 0x40000015
Fault offset: 0x000000000002a84e
Faulting process id: 0x137c
Faulting application start time: 0xrundll32.exe_aepdu.dll0
Faulting application path: rundll32.exe_aepdu.dll1
Faulting module path: rundll32.exe_aepdu.dll2
Report Id: rundll32.exe_aepdu.dll3

Error: (09/13/2014 01:21:00 PM) (Source: ESENT) (EventID: 482) (User: )
Description: wuaueng.dll (428) SUS20ClientDataStore: An attempt to write to the file "C:\Windows\SoftwareDistribution\DataStore\Logs\edbtmp.log" at offset 0 (0x0000000000000000) for 393216 (0x00060000) bytes failed after wuaueng.dll0 seconds with system error 112 (0x00000070): "There is not enough space on the disk. ". The write operation will fail with error -1808 (0xfffff8f0). If this error persists then the file may be damaged and may need to be restored from a previous backup.

Error: (09/10/2014 11:03:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 18626

Error: (09/10/2014 11:03:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 18626

Error: (09/10/2014 11:03:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/10/2014 11:03:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 17550

System errors:
=============
Error: (09/13/2014 01:44:52 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (09/13/2014 01:22:24 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.183.2176.0

Update Source: %NT AUTHORITY59

Update Stage: 4.5.0216.00

Source Path: 4.5.0216.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (09/13/2014 01:22:24 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.183.2176.0

Update Source: %NT AUTHORITY59

Update Stage: 4.5.0216.00

Source Path: 4.5.0216.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (09/13/2014 01:21:00 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2894844).

Error: (09/13/2014 01:21:00 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070070: Update for Windows 7 for x64-based Systems (KB2985461).

Error: (09/13/2014 01:21:00 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Microsoft .NET Framework 4.5, 4.5.1 and 4.5.2 on Windows 7, Vista, Server 2008, Server 2008 R2 x64 (KB2972216).

Error: (09/13/2014 01:21:00 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070070: Cumulative Security Update for Internet Explorer 11 for Windows 7 for x64-based Systems (KB2977629).

Error: (09/13/2014 01:21:00 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2972211).

Error: (09/13/2014 01:21:00 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Microsoft .NET Framework 4.5 and 4.5.1 on Windows 7, Vista, Server 2008, Server 2008 R2 x64 (KB2894854).

Error: (09/13/2014 01:21:00 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070070: Update for Microsoft Security Essentials - 4.6.305.0 (KB2965031).

Microsoft Office Sessions:
=========================
Error: (09/13/2014 02:22:34 PM) (Source: System Restore) (EventID: 8211) (User: )
Description: 0x8004231f

Error: (09/13/2014 02:22:34 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreationScheduled Checkpoint0x8004231f

Error: (09/13/2014 01:41:33 PM) (Source: .NET Runtime Optimization Service) (EventID: 1110) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Service Manager returned a fatal error (0x80070070). Will stop service

Error: (09/13/2014 01:41:33 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: System.ServiceModel, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80070070
System.ServiceModel, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089

Error: (09/13/2014 01:30:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: rundll32.exe_aepdu.dll6.1.7600.163854a5bc9e0msvcrt.dll7.0.7601.177444eeb033f40000015000000000002a84e137c01cfcf76890949b3C:\Windows\system32\rundll32.exeC:\Windows\system32\msvcrt.dlla146ed78-3b6b-11e4-a411-5404a61c20b9

Error: (09/13/2014 01:21:00 PM) (Source: ESENT) (EventID: 482) (User: )
Description: wuaueng.dll428SUS20ClientDataStore: C:\Windows\SoftwareDistribution\DataStore\Logs\edbtmp.log0 (0x0000000000000000)393216 (0x00060000)-1808 (0xfffff8f0)112 (0x00000070)There is not enough space on the disk. 0

Error: (09/10/2014 11:03:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 18626

Error: (09/10/2014 11:03:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 18626

Error: (09/10/2014 11:03:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/10/2014 11:03:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 17550

CodeIntegrity Errors:
===================================
Date: 2013-04-29 14:01:12.514
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-04-29 14:01:12.290
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-04-29 14:01:14.535
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-04-29 14:01:14.422
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-04-29 14:00:45.672
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-04-29 14:00:45.500
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-04-29 14:00:15.753
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-04-29 14:00:15.630
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-04-29 14:00:12.894
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-04-29 14:00:12.711
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel(R) Pentium(R) CPU B950 @ 2.10GHz
Percentage of memory in use: 83%
Total physical RAM: 4000.13 MB
Available physical RAM: 668.57 MB
Total Pagefile: 7998.43 MB
Available Pagefile: 3373.93 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:119.24 GB) (Free:2.62 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:153.85 GB) (Free:14.58 GB) NTFS
Drive f: (CANON_DC) (Removable) (Total:1.89 GB) (Free:1.6 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: AA9693FE)
Partition 1: (Not Active) - (Size=25 GB) - (Type=1C)
Partition 2: (Active) - (Size=119.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=153.9 GB) - (Type=OF Extended)

========================================================
Disk: 1 (Size: 1.9 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================

aswMBR version 1.0.1.2041 Copyright(c) 2014 AVAST Software
Run date: 2014-09-13 18:31:49
-----------------------------
18:31:49.318 OS Version: Windows x64 6.1.7601 Service Pack 1
18:31:49.318 Number of processors: 2 586 0x2A07
18:31:49.319 ComputerName: IMARI-PC UserName: Imari
18:31:50.153 Initialize success
18:31:50.202 VM: initialized successfully
18:31:50.227 VM: Intel CPU virtualization not supported
18:35:20.370 AVAST engine defs: 14091301
18:37:35.257 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:37:35.260 Disk 0 Vendor: ST932032 0003 Size: 305245MB BusType: 3
18:37:35.503 Disk 0 MBR read successfully
18:37:35.506 Disk 0 MBR scan
18:37:35.557 Disk 0 Windows 7 default MBR code
18:37:35.571 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 25600 MB offset 2048
18:37:35.595 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 122098 MB offset 52430848
18:37:35.623 Disk 0 default boot code
18:37:35.660 Disk 0 Partition - 00 0F Extended LBA 157545 MB offset 302487552
18:37:35.699 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 157544 MB offset 302489600
18:37:36.144 Disk 0 scanning C:\Windows\system32\drivers
18:37:57.857 Service scanning
18:38:18.338 Service MpKsla0287fb5 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0AE40DB4-AD9E-4DA0-B4DA-2F6C8873B43E}\MpKsla0287fb5.sys **LOCKED** 32
18:38:44.831 Modules scanning
18:38:44.837 Disk 0 trace - called modules:
18:38:44.902 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys sptd.sys hal.dll
18:38:44.907 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004cd0790]
18:38:44.911 3 CLASSPNP.SYS[fffff8800140143f] -> nt!IofCallDriver -> [0xfffffa8004b3dbe0]
18:38:44.915 5 ACPI.sys[fffff8800118b7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004b41050]
18:38:45.905 AVAST engine scan C:\Windows
18:38:49.481 AVAST engine scan C:\Windows\system32
18:44:31.810 AVAST engine scan C:\Windows\system32\drivers
18:45:01.698 AVAST engine scan C:\Users\Imari
18:59:22.486 AVAST engine scan C:\ProgramData
19:03:19.106 Scan finished successfully
19:13:46.613 Disk 0 MBR has been saved successfully to "C:\Users\Imari\Documents\Virus scan logs\MBR.dat"
19:13:46.654 The log file has been saved successfully to "C:\Users\Imari\Documents\Virus scan logs\aswMBR.txt"

OCD

2014-09-14, 05:28

Hi Nightwingsgurl,

My name is OCD. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for the issues on this machine.
Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
It's often worth reading through these instructions and printing them for ease of reference.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please reply to this thread. Do not start a new topic.
Copy and Paste logs directly into the reply window. DO NOT attach the logs unless specifically instructed to do so.
IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

Please stay with this topic until I let you know that your system appears to be "All Clear"

Important: All tools MUST be run from the Desktop.

=========================

but Spybot always lists the same threats that it says it 'fixed' in the previous scan, even if they're back-to-back.
What are the threats it lists? Take a screenshot if necessary and post it in your next reply.

And sometimes Google seems to re-direct.
Which browsers does this occur while using?

but I can't figure out how to disable TeaTimer in Spybot-- I didn't see anywhere to check advanced settings? I have a log from a scan I ran less than an hour ago, though.
Which version of SpyBot do you have?

Do you have the AdwCleaner log?

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Multiple Anti-Virus Programs Installed

I notice that you have both Microsoft Security Essentials and Trend Micro Titanium Internet Security installed at the same time. Having more than one antivirus program running at the same time can seriously degrade the performance of your system.

Please uninstall either Microsoft Security Essentials or Trend Micro Titanium Internet Security (which ever you prefer) using either the provided uninstall feature that is part of the antivirus program or through Add/Remove Programs (for Vista and Win 7 users to go to Programs and Features in the Control Panel). As a rule of thumb one should run one firewall, one antivirus program in memory, and one anti-spyware utility in memory. It's fine to have other security tools available on an as-needed or on-demand basis, but when multiple tools simultaneously perform the same function, you're asking for trouble.

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) FRST Fix Script

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the desktop as fixlist.txt

Start
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
CHR StartupUrls: Default -> "hxxp://www.google.com/ig/redirectdomain?brand=ASUT&bmod=ASUT", "hxxp://search.conduit.com/?ctid=CT2260173&SearchSource=48&CUI=UN64620605553500358&UM=2"
Empty Temp:
End

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST and press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Re-run Farbar Recovery Scan Tool it should be on your desktop.

Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.

=========================

In your next post please provide the following:

Answers to my questions
Screenshot of SpyBot "fixes" or the log
FixLog.txt
Fresh FRST.txt

Nightwingsgurl

2014-09-14, 18:11

Thanks for responding!

What are the threats it lists? Take a screenshot if necessary and post it in your next reply.

Here's the log from last night:

Search results from Spybot - Search & Destroy

9/13/2014 7:00:20 PM
Scan took 00:31:51.
15 items found.

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file (File, nothing done)
C:\Users\Imari\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CGJSJ82X\eplayer-static.clipsyndicate.com\analytics.sol
Properties.size=504
Properties.md5=A6C8044BA24DDC82A1127687B5BDD4E1
Properties.filedate=1410643162
Properties.filedatetext=2014-09-13 17:19:21

Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file (File, nothing done)
C:\Users\Imari\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CGJSJ82X\z.cdn.turner.com\com.turner.cvp.so.sol
Properties.size=81
Properties.md5=1BF1510CE8CD64C13E77F964C69A5DCD
Properties.filedate=1410643199
Properties.filedatetext=2014-09-13 17:19:59

Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file (File, nothing done)
C:\Users\Imari\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CGJSJ82X\z.cdn.turner.com\octoshapeuserinfo.sol
Properties.size=65
Properties.md5=366851EE622A0D6FABE8B0C9E9D2A5DA
Properties.filedate=1410643184
Properties.filedatetext=2014-09-13 17:19:44

MS Direct3D: [SBI $7FB7B83F] Most recent application (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-1487551961-3572496284-799048130-1000\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name

Windows Explorer: [SBI $AA0766B5] Stream history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1487551961-3572496284-799048130-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU

Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1487551961-3572496284-799048130-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

Cache: [SBI $49804B54] Browser: Cache (1) (Browser: Cache, nothing done)

History: [SBI $49804B54] Browser: History (2) (Browser: History, nothing done)

Cookie: [SBI $49804B54] Browser: Cookie (4) (Browser: Cookie, nothing done)

--- Spybot - Search & Destroy version: 2.1.18.131 DLL (build: 20130516) ---

2013-09-20 blindman.exe (2.2.18.151)
2013-09-20 explorer.exe (2.2.18.177)
2013-09-20 SDBootCD.exe (2.2.18.109)
2013-09-20 SDCleaner.exe (2.2.18.110)
2013-09-20 SDDelFile.exe (2.2.18.94)
2013-06-18 SDDisableProxy.exe
2013-09-20 SDFiles.exe (2.2.18.135)
2013-09-20 SDFileScanHelper.exe (2.2.16.1)
2013-10-15 SDFSSvc.exe (2.2.25.211)
2013-10-10 SDHookHelper.exe (2.3.30.2)
2013-10-10 SDHookInst32.exe (2.3.30.2)
2013-10-10 SDHookInst64.exe (2.3.30.2)
2013-09-20 SDImmunize.exe (2.2.18.130)
2013-05-16 SDLogReport.exe (2.1.18.107)
2013-10-14 SDOnAccess.exe (2.2.25.4)
2013-09-20 SDPESetup.exe (2.2.18.3)
2013-09-20 SDPEStart.exe (2.2.18.86)
2013-09-20 SDPhoneScan.exe (2.2.18.28)
2013-09-20 SDPRE.exe (2.2.18.22)
2013-09-20 SDPrepPos.exe (2.2.18.10)
2013-09-20 SDQuarantine.exe (2.2.18.103)
2013-09-20 SDRootAlyzer.exe (2.2.18.116)
2013-09-20 SDSBIEdit.exe (2.2.18.39)
2013-09-20 SDScan.exe (2.2.18.177)
2013-09-20 SDScript.exe (2.2.18.53)
2013-10-15 SDSettings.exe (2.2.25.138)
2013-09-20 SDShell.exe (2.2.18.2)
2013-09-20 SDShred.exe (2.2.18.107)
2013-09-20 SDSysRepair.exe (2.2.18.101)
2013-09-20 SDTools.exe (2.2.18.150)
2013-07-25 SDTray.exe (2.1.21.129)
2013-09-20 SDUpdate.exe (2.2.18.91)
2013-09-20 SDUpdSvc.exe (2.2.18.76)
2013-09-20 SDWelcome.exe (2.2.21.129)
2013-09-13 SDWSCSvc.exe (2.2.22.2)
2014-05-20 spybotsd2-install-bdcore-update.exe (2.3.39.0)
2014-07-31 spybotsd2-translation-esx.exe
2013-06-19 spybotsd2-translation-frx.exe
2014-08-25 spybotsd2-translation-hux2.exe
2014-09-10 spybotsd2-translation-nlx.exe
2014-01-02 unins000.exe (51.1052.0.0)
1999-12-02 xcacls.exe
2012-08-23 borlndmm.dll (10.0.2288.42451)
2012-09-05 DelZip190.dll (1.9.0.107)
2012-09-10 libeay32.dll (1.0.0.4)
2012-09-10 libssl32.dll (1.0.0.4)
2013-05-16 SDAdvancedCheckLibrary.dll (2.1.18.98)
2013-05-16 SDAV.dll
2013-05-16 SDECon32.dll (2.1.18.113)
2013-05-16 SDECon64.dll (2.1.18.113)
2013-04-05 SDEvents.dll (2.1.16.2)
2013-10-14 SDFileScanLibrary.dll (2.2.25.14)
2013-10-10 SDHook32.dll (2.3.30.2)
2013-10-10 SDHook64.dll (2.3.30.2)
2013-05-16 SDImmunizeLibrary.dll (2.1.18.2)
2013-05-16 SDLicense.dll (2.1.18.0)
2013-05-16 SDLists.dll (2.1.18.4)
2013-05-16 SDResources.dll (2.1.18.7)
2013-05-16 SDScanLibrary.dll (2.1.18.131)
2013-05-16 SDTasks.dll (2.1.18.15)
2013-05-16 SDWinLogon.dll (2.1.18.0)
2012-08-23 sqlite3.dll
2012-09-10 ssleay32.dll (1.0.0.4)
2013-05-16 Tools.dll (2.1.18.36)
2014-03-05 Includes\Adware-000.sbi (*)
2014-01-08 Includes\Adware-001.sbi (*)
2014-09-03 Includes\Adware-C.sbi (*)
2014-01-13 Includes\Adware.sbi (*)
2014-01-13 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2014-01-08 Includes\Dialer-000.sbi (*)
2014-01-08 Includes\Dialer-001.sbi (*)
2014-01-08 Includes\Dialer-C.sbi (*)
2014-01-13 Includes\Dialer.sbi (*)
2014-01-13 Includes\DialerC.sbi (*)
2014-01-09 Includes\Fraud-000.sbi
2014-01-09 Includes\Fraud-001.sbi
2014-03-31 Includes\Fraud-002.sbi
2014-01-09 Includes\Fraud-003.sbi
2012-11-14 Includes\HeavyDuty.sbi (*)
2014-01-08 Includes\Hijackers-000.sbi (*)
2014-01-08 Includes\Hijackers-001.sbi (*)
2014-01-08 Includes\Hijackers-C.sbi (*)
2014-01-13 Includes\Hijackers.sbi (*)
2014-01-13 Includes\HijackersC.sbi (*)
2014-01-08 Includes\iPhone-000.sbi (*)
2014-01-08 Includes\iPhone.sbi (*)
2014-01-08 Includes\Keyloggers-000.sbi (*)
2014-09-10 Includes\Keyloggers-C.sbi (*)
2014-01-13 Includes\Keyloggers.sbi (*)
2014-01-13 Includes\KeyloggersC.sbi (*)
2014-01-09 Includes\Malware-001.sbi (*)
2014-01-09 Includes\Malware-002.sbi (*)
2014-02-05 Includes\Malware-003.sbi (*)
2014-01-28 Includes\Malware-004.sbi (*)
2014-04-15 Includes\Malware-005.sbi (*)
2014-02-26 Includes\Malware-006.sbi (*)
2014-01-09 Includes\Malware-007.sbi (*)
2014-09-10 Includes\Malware-C.sbi (*)
2014-01-13 Includes\Malware.sbi (*)
2013-12-23 Includes\MalwareC.sbi (*)
2014-01-15 Includes\PUPS-000.sbi (*)
2014-01-15 Includes\PUPS-001.sbi (*)
2014-01-15 Includes\PUPS-002.sbi (*)
2014-08-27 Includes\PUPS-C.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2014-01-07 Includes\PUPSC.sbi (*)
2014-01-08 Includes\Security-000.sbi (*)
2014-01-08 Includes\Security-C.sbi (*)
2014-01-21 Includes\Security.sbi (*)
2014-01-21 Includes\SecurityC.sbi (*)
2014-01-08 Includes\Spyware-000.sbi (*)
2014-01-08 Includes\Spyware-001.sbi (*)
2014-01-08 Includes\Spyware-C.sbi (*)
2014-01-21 Includes\Spyware.sbi (*)
2014-01-21 Includes\SpywareC.sbi (*)
2011-06-07 Includes\Tracks.sbi (*)
2012-11-19 Includes\Tracks.uti (*)
2014-01-15 Includes\Trojans-000.sbi (*)
2014-01-15 Includes\Trojans-001.sbi (*)
2014-01-15 Includes\Trojans-002.sbi (*)
2014-01-15 Includes\Trojans-003.sbi (*)
2014-01-15 Includes\Trojans-004.sbi (*)
2014-03-19 Includes\Trojans-005.sbi (*)
2014-07-09 Includes\Trojans-006.sbi (*)
2014-01-15 Includes\Trojans-007.sbi (*)
2014-07-09 Includes\Trojans-008.sbi (*)
2014-07-09 Includes\Trojans-009.sbi (*)
2014-09-10 Includes\Trojans-C.sbi (*)
2014-01-15 Includes\Trojans-OG-000.sbi (*)
2014-01-15 Includes\Trojans-TD-000.sbi (*)
2014-01-15 Includes\Trojans-VM-000.sbi (*)
2014-01-15 Includes\Trojans-VM-001.sbi (*)
2014-01-15 Includes\Trojans-VM-002.sbi (*)
2014-01-15 Includes\Trojans-VM-003.sbi (*)
2014-01-15 Includes\Trojans-VM-004.sbi (*)
2014-01-15 Includes\Trojans-VM-005.sbi (*)
2014-01-15 Includes\Trojans-VM-006.sbi (*)
2014-01-15 Includes\Trojans-VM-007.sbi (*)
2014-01-15 Includes\Trojans-VM-008.sbi (*)
2014-01-15 Includes\Trojans-VM-009.sbi (*)
2014-01-15 Includes\Trojans-VM-010.sbi (*)
2014-01-15 Includes\Trojans-VM-011.sbi (*)
2014-01-15 Includes\Trojans-VM-012.sbi (*)
2014-01-15 Includes\Trojans-VM-013.sbi (*)
2014-01-15 Includes\Trojans-VM-014.sbi (*)
2014-01-15 Includes\Trojans-VM-015.sbi (*)
2014-01-15 Includes\Trojans-VM-016.sbi (*)
2014-01-15 Includes\Trojans-VM-017.sbi (*)
2014-01-15 Includes\Trojans-VM-018.sbi (*)
2014-01-15 Includes\Trojans-VM-019.sbi (*)
2014-01-15 Includes\Trojans-VM-020.sbi (*)
2014-01-15 Includes\Trojans-VM-021.sbi (*)
2014-01-15 Includes\Trojans-VM-022.sbi (*)
2014-01-15 Includes\Trojans-VM-023.sbi (*)
2014-01-15 Includes\Trojans-VM-024.sbi (*)
2014-01-15 Includes\Trojans-ZB-000.sbi (*)
2014-01-15 Includes\Trojans-ZL-000.sbi (*)
2014-01-09 Includes\Trojans.sbi (*)
2014-01-16 Includes\TrojansC-01.sbi (*)
2014-01-16 Includes\TrojansC-02.sbi (*)
2014-01-16 Includes\TrojansC-03.sbi (*)
2014-01-16 Includes\TrojansC-04.sbi (*)
2014-01-16 Includes\TrojansC-05.sbi (*)
2014-01-09 Includes\TrojansC.sbi (*)

Which browsers does this occur while using?

I normally use Chrome.

Which version of SpyBot do you have?

Version 2.2

Do you have the AdwCleaner log?

# AdwCleaner v3.310 - Report created 14/09/2014 at 11:00:43
# Updated 12/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Imari - IMARI-PC
# Running from : C:\Users\Imari\Desktop\adwcleaner_3.310.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17280

-\\ Mozilla Firefox v31.0 (x86 en-US)

[ File : C:\Users\Imari\AppData\Roaming\Mozilla\Firefox\Profiles\j3c4jgnx.default\prefs.js ]

-\\ Google Chrome v37.0.2062.103

[ File : C:\Users\Imari\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [22262 octets] - [31/03/2014 14:05:55]
AdwCleaner[R1].txt - [21626 octets] - [07/04/2014 11:08:42]
AdwCleaner[R2].txt - [21687 octets] - [10/04/2014 22:14:28]
AdwCleaner[R3].txt - [1143 octets] - [10/04/2014 22:21:08]
AdwCleaner[R4].txt - [1570 octets] - [14/09/2014 10:33:22]
AdwCleaner[R5].txt - [1108 octets] - [14/09/2014 11:00:43]
AdwCleaner[S0].txt - [22170 octets] - [10/04/2014 22:15:35]

########## EOF - C:\AdwCleaner\AdwCleaner[R5].txt - [1229 octets] ##########

I notice that you have both Microsoft Security Essentials and Trend Micro Titanium Internet Security installed at the same time. Having more than one antivirus program running at the same time can seriously degrade the performance of your system.

Please uninstall either Microsoft Security Essentials or Trend Micro Titanium Internet Security (which ever you prefer) using either the provided uninstall feature that is part of the antivirus program or through Add/Remove Programs (for Vista and Win 7 users to go to Programs and Features in the Control Panel). As a rule of thumb one should run one firewall, one antivirus program in memory, and one anti-spyware utility in memory. It's fine to have other security tools available on an as-needed or on-demand basis, but when multiple tools simultaneously perform the same function, you're asking for trouble.

When I tried to un-install Trend Micro (which was just the free trial that came with the computer) it told me that it must've been uninstalled before after it got to 100% uninstalled. But then when I looked for it I couldn't find it, so hopefully its gone now? From what I've heard, WSE isn't exactly the most reliable. Should I delete it and install something else?

Run FRST and press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-09-2014
Ran by Imari at 2014-09-14 10:51:23 Run:1
Running from C:\Users\Imari\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
CHR StartupUrls: Default -> "hxxp://www.google.com/ig/redirectdomain?brand=ASUT&bmod=ASUT", "hxxp://search.conduit.com/?ctid=CT2260173&SearchSource=48&CUI=UN64620605553500358&UM=2"
Empty Temp:
End
*****************

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect" => Value not found.
"C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll" => Value Data removed successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key deleted successfully.
"HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key not found.
Chrome StartupUrls deleted successfully.
EmptyTemp: => Removed 490 MB temporary data.

The system needed a reboot.

==== End of Fixlog ====

NOTE: I did reboot the system as it requested.

It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
Ran by Imari (administrator) on IMARI-PC on 14-09-2014 11:09:09
Running from C:\Users\Imari\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(ASUS) C:\Program Files\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Spotify Ltd) C:\Users\Imari\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Apple Inc.) D:\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(OpenOffice.org) D:\Program Files (x86)\program\soffice.exe
(OpenOffice.org) D:\Program Files (x86)\program\soffice.bin
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(ASUS) C:\Windows\AsScrPro.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Trend Micro Titanium] => C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe -ReFlush "none" "none"
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2587944 2010-12-31] (ELAN Microelectronics Corp.)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [361984 2011-03-21] (Alcor Micro Corp.)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2226280 2011-06-03] (Realtek Semiconductor)
HKLM\...\Run: [Setwallpaper] => c:\programdata\SetWallpaper.cmd
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Nuance PDF Reader-reminder] => C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe [328992 2008-11-03] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [2018032 2011-04-02] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe [731472 2011-02-23] (ecareme)
HKLM-x32\...\Run: [SonicMasterTray] => C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe [984400 2010-07-10] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-23] ()
HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => D:\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
HKU\S-1-5-21-1487551961-3572496284-799048130-1000\...\Run: [MobileDocuments] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
HKU\S-1-5-21-1487551961-3572496284-799048130-1000\...\Run: [Spotify Web Helper] => C:\Users\Imari\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-01-18] (Spotify Ltd)
HKU\S-1-5-21-1487551961-3572496284-799048130-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1487551961-3572496284-799048130-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-1487551961-3572496284-799048130-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-1487551961-3572496284-799048130-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3666224 2013-09-20] (Safer-Networking Ltd.)
HKU\S-1-5-21-1487551961-3572496284-799048130-1000\...\Run: [Google Update] => C:\Users\Imari\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-07-04] (Google Inc.)
HKU\S-1-5-21-1487551961-3572496284-799048130-1000\...\MountPoints2: {d0100140-3593-11e1-ae05-806e6f6e6963} - G:\LaunchBOPC1.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe (ASUSTeK Computer Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_94E3CE3704FE82FBF49A6A.exe ()
Startup: C:\Users\Imari\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Imari\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Imari\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> D:\Program Files (x86)\program\quickstart.exe ()
ShellIconOverlayIdentifiers: AsusWSShellExt_B -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: AsusWSShellExt_O -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Imari\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Imari\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Imari\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Imari\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Imari\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Imari\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Imari\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll (Dropbox, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Imari\AppData\Roaming\Mozilla\Firefox\Profiles\j3c4jgnx.default
FF Keyword.URL: https://www.mypoints.com/emp/u/mysearch.vm?st=mypWeb&fctb.dns=1&q=
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @Musicnotes.com/Musicnotes Viewer -> C:\Program Files\Musicnotes\npmusicn64.dll (Musicnotes, Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> D:\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @Musicnotes.com/Musicnotes Viewer -> C:\Program Files (x86)\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\Imari\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\Imari\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Imari\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Imari\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Imari\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Imari\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: Adblock Plus - C:\Users\Imari\AppData\Roaming\Mozilla\Firefox\Profiles\j3c4jgnx.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-01-11]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-08-02]

Chrome:
=======
CHR HomePage: Default -> 7FE4E5FBF564E50F19F2E61F198805B394FAA9E56DBCC47EA17CA15DFE7425BE
CHR DefaultSearchKeyword: Default -> 7DE471496509B5E9AB1E1945A15502F1540DC2E271BE5A7A8AE30F6123D4D166
CHR DefaultSearchURL: Default -> D20230A2D69F58D3F5F7B7BB7EE44D1ED223F1247DA80ACC89D88531D61AC40B
CHR Profile: C:\Users\Imari\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Imari\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-29]
CHR Extension: (Google Wallet) - C:\Users\Imari\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-04]
CHR HKCU\...\Chrome\Extension: [apjkpjchfbckhjhokinlgdbmibpbbjak] - C:\Users\Imari\AppData\Local\CRE\apjkpjchfbckhjhokinlgdbmibpbbjak.crx []

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32512 2014-03-31] ()
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [530488 2012-01-02] () [File not signed]
U3 ad1yq9jv; C:\Windows\System32\Drivers\ad1yq9jv.sys [0 ] (Intel Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-14 11:08 - 2014-09-14 11:08 - 02105856 _____ (Farbar) C:\Users\Imari\Downloads\FRST64.exe
2014-09-14 10:54 - 2014-09-14 10:54 - 00049564 _____ () C:\Windows\PFRO.log
2014-09-14 10:49 - 2014-09-14 10:55 - 00002872 _____ () C:\Windows\system32\TmInstall.log
2014-09-14 10:49 - 2014-09-14 10:49 - 00004280 _____ () C:\Windows\SysWOW64\TmInstall.log
2014-09-14 10:49 - 2010-09-17 04:52 - 00525792 _____ (Microsoft Corporation) C:\Windows\DIFxAPI.dll
2014-09-14 10:49 - 2010-09-17 04:52 - 00232272 _____ (Trend Micro Inc.) C:\Windows\TmNSCIns.dll
2014-09-14 10:34 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-09-14 10:32 - 2014-09-14 10:32 - 01373475 _____ () C:\Users\Imari\Downloads\adwcleaner_3.310(1).exe
2014-09-14 10:27 - 2014-09-14 10:27 - 01373475 _____ () C:\Users\Imari\Desktop\adwcleaner_3.310.exe
2014-09-14 10:23 - 2014-08-19 14:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-14 10:23 - 2014-08-19 13:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-14 10:23 - 2014-08-18 19:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-14 10:23 - 2014-08-18 18:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-14 10:23 - 2014-08-18 18:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-14 10:23 - 2014-08-18 18:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-14 10:23 - 2014-08-18 18:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-14 10:23 - 2014-08-18 18:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-14 10:23 - 2014-08-18 18:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-14 10:23 - 2014-08-18 18:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-14 10:23 - 2014-08-18 18:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-14 10:23 - 2014-08-18 18:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-14 10:23 - 2014-08-18 18:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-14 10:23 - 2014-08-18 18:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-14 10:23 - 2014-08-18 18:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-14 10:23 - 2014-08-18 18:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-14 10:23 - 2014-08-18 18:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-14 10:23 - 2014-08-18 18:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-14 10:23 - 2014-08-18 18:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-14 10:23 - 2014-08-18 17:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-14 10:23 - 2014-08-18 17:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-14 10:23 - 2014-08-18 17:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-14 10:23 - 2014-08-18 17:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-14 10:23 - 2014-08-18 17:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-14 10:23 - 2014-08-18 17:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-14 10:23 - 2014-08-18 17:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-14 10:23 - 2014-08-18 17:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-14 10:23 - 2014-08-18 17:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-14 10:23 - 2014-08-18 17:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-14 10:23 - 2014-08-18 17:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-14 10:23 - 2014-08-18 17:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-14 10:23 - 2014-08-18 17:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-14 10:23 - 2014-08-18 17:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-14 10:23 - 2014-08-18 17:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-14 10:23 - 2014-08-18 17:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-14 10:23 - 2014-08-18 17:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-14 10:23 - 2014-08-18 17:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-14 10:23 - 2014-08-18 17:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-14 10:23 - 2014-08-18 17:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-14 10:23 - 2014-08-18 17:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-14 10:23 - 2014-08-18 17:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-14 10:23 - 2014-08-18 17:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-14 10:23 - 2014-08-18 17:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-14 10:23 - 2014-08-18 17:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-14 10:23 - 2014-08-18 17:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-14 10:23 - 2014-08-18 17:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-14 10:23 - 2014-08-18 17:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-14 10:23 - 2014-08-18 17:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-14 10:23 - 2014-08-18 17:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-14 10:23 - 2014-08-18 17:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-14 10:23 - 2014-08-18 17:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-14 10:23 - 2014-08-18 16:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-14 10:23 - 2014-08-18 16:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-14 10:23 - 2014-08-18 16:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-14 10:23 - 2014-08-18 16:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-14 10:23 - 2014-08-18 16:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-14 10:13 - 2014-09-14 10:54 - 00000112 _____ () C:\Windows\setupact.log
2014-09-14 10:13 - 2014-09-14 10:13 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-13 19:21 - 2014-09-13 19:21 - 00000000 ____D () C:\Users\Imari\Documents\ProcAlyzer Dumps
2014-09-13 18:31 - 2014-09-13 18:31 - 05185536 _____ (AVAST Software) C:\Users\Imari\Desktop\aswMBR.exe
2014-09-13 18:21 - 2014-09-13 18:23 - 00046720 _____ () C:\Users\Imari\Desktop\Addition.txt
2014-09-13 18:19 - 2014-09-14 11:09 - 00020861 _____ () C:\Users\Imari\Desktop\FRST.txt
2014-09-13 18:18 - 2014-09-14 11:09 - 00000000 ____D () C:\FRST
2014-09-13 18:16 - 2014-09-13 18:16 - 02105856 _____ (Farbar) C:\Users\Imari\Desktop\FRST64.exe
2014-09-13 18:15 - 2014-09-13 18:15 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-IMARI-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
2014-09-13 18:13 - 2014-09-13 18:13 - 00002237 _____ () C:\Users\Imari\Desktop\Tweaking.com - Registry Backup.lnk
2014-09-13 18:13 - 2014-09-13 18:13 - 00000000 ____D () C:\Users\Imari\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-09-13 18:13 - 2014-09-13 18:13 - 00000000 ____D () C:\RegBackup
2014-09-13 18:12 - 2014-09-13 18:12 - 04057608 _____ () C:\Users\Imari\Downloads\tweaking.com_registry_backup_setup.exe
2014-09-13 18:12 - 2014-09-13 18:12 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-09-13 17:03 - 2014-09-13 17:03 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-09-13 17:03 - 2014-09-13 17:03 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-09-13 13:17 - 2014-06-26 22:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-13 13:17 - 2014-06-26 21:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-10 22:13 - 2014-08-01 07:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-10 22:13 - 2014-08-01 07:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-10 22:13 - 2014-06-23 23:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-10 22:13 - 2014-06-23 22:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-10 22:12 - 2014-09-04 22:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-10 22:12 - 2014-09-04 22:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-10 22:12 - 2014-07-06 22:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-10 22:12 - 2014-07-06 22:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-10 22:12 - 2014-07-06 21:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-10 22:12 - 2014-07-06 21:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-10 22:12 - 2014-07-06 21:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-06 22:15 - 2014-09-06 22:18 - 00000000 ____D () C:\Users\Imari\Desktop\Football 9-5-14
2014-09-01 14:29 - 2014-09-01 14:30 - 04901352 _____ (Piriform Ltd) C:\Users\Imari\Downloads\ccsetup417(1).exe
2014-09-01 13:35 - 2014-09-01 13:39 - 04901352 _____ (Piriform Ltd) C:\Users\Imari\Downloads\ccsetup417.exe
2014-09-01 13:30 - 2014-09-13 14:34 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-01 13:29 - 2014-09-01 13:29 - 00001104 _____ () C:\Users\Imari\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-01 13:29 - 2014-09-01 13:29 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-01 13:29 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-01 13:29 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-31 21:57 - 2014-08-31 21:57 - 00105141 _____ () C:\Users\Imari\Downloads\image (16).jpeg
2014-08-31 21:57 - 2014-08-31 21:57 - 00100395 _____ () C:\Users\Imari\Downloads\image (15).jpeg
2014-08-31 21:56 - 2014-08-31 21:56 - 00109149 _____ () C:\Users\Imari\Downloads\image (13).jpeg
2014-08-31 21:56 - 2014-08-31 21:56 - 00106083 _____ () C:\Users\Imari\Downloads\image (14).jpeg
2014-08-31 21:37 - 2014-08-31 21:37 - 00118926 _____ () C:\Users\Imari\Downloads\image (10).jpeg
2014-08-31 21:37 - 2014-08-31 21:37 - 00105853 _____ () C:\Users\Imari\Downloads\image (12).jpeg
2014-08-31 21:37 - 2014-08-31 21:37 - 00080680 _____ () C:\Users\Imari\Downloads\image (11).jpeg
2014-08-31 21:19 - 2014-08-31 21:19 - 00120997 _____ () C:\Users\Imari\Downloads\image (5).jpeg
2014-08-31 21:19 - 2014-08-31 21:19 - 00114634 _____ () C:\Users\Imari\Downloads\image (9).jpeg
2014-08-31 21:19 - 2014-08-31 21:19 - 00114634 _____ () C:\Users\Imari\Downloads\image (6).jpeg
2014-08-31 21:19 - 2014-08-31 21:19 - 00110813 _____ () C:\Users\Imari\Downloads\image (7).jpeg
2014-08-31 21:19 - 2014-08-31 21:19 - 00106874 _____ () C:\Users\Imari\Downloads\image (8).jpeg
2014-08-31 19:37 - 2014-08-31 19:37 - 00109077 _____ () C:\Users\Imari\Downloads\image (4).jpeg
2014-08-31 19:36 - 2014-08-31 19:36 - 00119566 _____ () C:\Users\Imari\Downloads\image (3).jpeg
2014-08-31 19:30 - 2014-08-31 19:30 - 01364600 _____ () C:\Users\Imari\Downloads\ebaypics.zip
2014-08-31 19:30 - 2014-08-31 19:30 - 01364600 _____ () C:\Users\Imari\Downloads\ebaypics (2).zip
2014-08-31 19:30 - 2014-08-31 19:30 - 01364600 _____ () C:\Users\Imari\Downloads\ebaypics (1).zip
2014-08-31 19:27 - 2014-08-31 19:27 - 00119566 _____ () C:\Users\Imari\Downloads\image (2).jpeg
2014-08-31 19:25 - 2014-08-31 19:25 - 00119566 _____ () C:\Users\Imari\Downloads\image.jpeg
2014-08-31 19:25 - 2014-08-31 19:25 - 00119566 _____ () C:\Users\Imari\Downloads\image (1).jpeg
2014-08-27 21:35 - 2014-08-22 22:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-27 21:35 - 2014-08-22 21:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-27 21:35 - 2014-08-22 20:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-14 11:10 - 2014-09-13 18:19 - 00020861 _____ () C:\Users\Imari\Desktop\FRST.txt
2014-09-14 11:09 - 2014-09-13 18:18 - 00000000 ____D () C:\FRST
2014-09-14 11:08 - 2014-09-14 11:08 - 02105856 _____ (Farbar) C:\Users\Imari\Downloads\FRST64.exe
2014-09-14 11:07 - 2012-05-16 19:36 - 03033088 ___SH () C:\Users\Imari\Downloads\Thumbs.db
2014-09-14 11:04 - 2014-02-20 21:16 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-14 11:01 - 2014-03-31 14:05 - 00000000 ____D () C:\AdwCleaner
2014-09-14 11:00 - 2009-07-14 00:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-14 11:00 - 2009-07-14 00:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-14 10:56 - 2012-12-14 18:11 - 00260096 ___SH () C:\Users\Imari\Desktop\Thumbs.db
2014-09-14 10:55 - 2014-09-14 10:49 - 00002872 _____ () C:\Windows\system32\TmInstall.log
2014-09-14 10:55 - 2012-05-31 13:11 - 00000000 ____D () C:\Users\Imari\AppData\Roaming\Dropbox
2014-09-14 10:55 - 2011-12-21 22:49 - 00000000 ___HD () C:\ASUS.DAT
2014-09-14 10:55 - 2011-04-02 00:36 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-14 10:54 - 2014-09-14 10:54 - 00049564 _____ () C:\Windows\PFRO.log
2014-09-14 10:54 - 2014-09-14 10:13 - 00000112 _____ () C:\Windows\setupact.log
2014-09-14 10:54 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-14 10:53 - 2012-12-30 16:37 - 01160345 _____ () C:\Windows\WindowsUpdate.log
2014-09-14 10:49 - 2014-09-14 10:49 - 00004280 _____ () C:\Windows\SysWOW64\TmInstall.log
2014-09-14 10:47 - 2011-04-02 00:49 - 00000000 ____D () C:\ProgramData\Trend Micro
2014-09-14 10:39 - 2011-04-02 00:36 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-14 10:32 - 2014-09-14 10:32 - 01373475 _____ () C:\Users\Imari\Downloads\adwcleaner_3.310(1).exe
2014-09-14 10:27 - 2014-09-14 10:27 - 01373475 _____ () C:\Users\Imari\Desktop\adwcleaner_3.310.exe
2014-09-14 10:26 - 2012-01-02 20:08 - 00000000 ____D () C:\Users\Imari\Desktop\Maintenance
2014-09-14 10:24 - 2011-12-26 04:51 - 00000000 ____D () C:\Users\Imari\AppData\Local\Adobe
2014-09-14 10:21 - 2011-12-30 14:31 - 00804292 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-14 10:21 - 2009-07-14 01:13 - 00804292 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-14 10:20 - 2012-04-28 03:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-09-14 10:20 - 2011-12-30 14:31 - 00002119 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-09-14 10:20 - 2011-12-30 14:31 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-09-14 10:20 - 2011-12-30 14:31 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-09-14 10:17 - 2014-07-04 13:12 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1487551961-3572496284-799048130-1000UA.job
2014-09-14 10:13 - 2014-09-14 10:13 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-13 19:21 - 2014-09-13 19:21 - 00000000 ____D () C:\Users\Imari\Documents\ProcAlyzer Dumps
2014-09-13 19:20 - 2012-01-11 19:56 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-09-13 18:31 - 2014-09-13 18:31 - 05185536 _____ (AVAST Software) C:\Users\Imari\Desktop\aswMBR.exe
2014-09-13 18:23 - 2014-09-13 18:21 - 00046720 _____ () C:\Users\Imari\Desktop\Addition.txt
2014-09-13 18:16 - 2014-09-13 18:16 - 02105856 _____ (Farbar) C:\Users\Imari\Desktop\FRST64.exe
2014-09-13 18:15 - 2014-09-13 18:15 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-IMARI-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
2014-09-13 18:13 - 2014-09-13 18:13 - 00002237 _____ () C:\Users\Imari\Desktop\Tweaking.com - Registry Backup.lnk
2014-09-13 18:13 - 2014-09-13 18:13 - 00000000 ____D () C:\Users\Imari\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-09-13 18:13 - 2014-09-13 18:13 - 00000000 ____D () C:\RegBackup
2014-09-13 18:12 - 2014-09-13 18:12 - 04057608 _____ () C:\Users\Imari\Downloads\tweaking.com_registry_backup_setup.exe
2014-09-13 18:12 - 2014-09-13 18:12 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-09-13 17:06 - 2012-01-02 20:08 - 00000000 ____D () C:\Users\Imari\Desktop\Games
2014-09-13 17:04 - 2013-09-21 23:20 - 00000000 ____D () C:\ProgramData\Oracle
2014-09-13 17:03 - 2014-09-13 17:03 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-09-13 17:03 - 2014-09-13 17:03 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-09-13 17:03 - 2014-08-02 14:00 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-09-13 17:03 - 2014-08-02 14:00 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-09-13 17:03 - 2012-01-06 20:05 - 00000000 ____D () C:\Program Files (x86)\Java
2014-09-13 14:37 - 2014-01-02 23:27 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-09-13 14:34 - 2014-09-01 13:30 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-13 14:32 - 2013-11-27 23:09 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-09-13 13:17 - 2014-07-04 13:12 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1487551961-3572496284-799048130-1000Core.job
2014-09-13 13:17 - 2014-05-09 07:12 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-12 19:23 - 2011-12-22 20:40 - 00000000 ____D () C:\Users\Imari\AppData\Roaming\Skype
2014-09-10 20:29 - 2014-03-23 16:52 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-09-10 20:29 - 2011-12-22 20:39 - 00000000 ____D () C:\ProgramData\Skype
2014-09-09 23:39 - 2009-07-14 03:45 - 00000000 ____D () C:\Windows\ShellNew
2014-09-06 22:18 - 2014-09-06 22:15 - 00000000 ____D () C:\Users\Imari\Desktop\Football 9-5-14
2014-09-04 22:10 - 2014-09-10 22:12 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-04 22:05 - 2014-09-10 22:12 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-01 14:30 - 2014-09-01 14:29 - 04901352 _____ (Piriform Ltd) C:\Users\Imari\Downloads\ccsetup417(1).exe
2014-09-01 14:30 - 2011-12-29 14:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-09-01 14:30 - 2011-12-29 14:36 - 00000000 ____D () C:\Program Files\CCleaner
2014-09-01 13:58 - 2012-01-15 23:39 - 00000000 ____D () C:\Windows\Minidump
2014-09-01 13:39 - 2014-09-01 13:35 - 04901352 _____ (Piriform Ltd) C:\Users\Imari\Downloads\ccsetup417.exe
2014-09-01 13:29 - 2014-09-01 13:29 - 00001104 _____ () C:\Users\Imari\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-01 13:29 - 2014-09-01 13:29 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-01 13:29 - 2011-12-30 14:24 - 00000000 ____D () C:\Users\Imari\AppData\Roaming\Malwarebytes
2014-09-01 13:29 - 2011-12-30 14:24 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-31 21:57 - 2014-08-31 21:57 - 00105141 _____ () C:\Users\Imari\Downloads\image (16).jpeg
2014-08-31 21:57 - 2014-08-31 21:57 - 00100395 _____ () C:\Users\Imari\Downloads\image (15).jpeg
2014-08-31 21:56 - 2014-08-31 21:56 - 00109149 _____ () C:\Users\Imari\Downloads\image (13).jpeg
2014-08-31 21:56 - 2014-08-31 21:56 - 00106083 _____ () C:\Users\Imari\Downloads\image (14).jpeg
2014-08-31 21:37 - 2014-08-31 21:37 - 00118926 _____ () C:\Users\Imari\Downloads\image (10).jpeg
2014-08-31 21:37 - 2014-08-31 21:37 - 00105853 _____ () C:\Users\Imari\Downloads\image (12).jpeg
2014-08-31 21:37 - 2014-08-31 21:37 - 00080680 _____ () C:\Users\Imari\Downloads\image (11).jpeg
2014-08-31 21:19 - 2014-08-31 21:19 - 00120997 _____ () C:\Users\Imari\Downloads\image (5).jpeg
2014-08-31 21:19 - 2014-08-31 21:19 - 00114634 _____ () C:\Users\Imari\Downloads\image (9).jpeg
2014-08-31 21:19 - 2014-08-31 21:19 - 00114634 _____ () C:\Users\Imari\Downloads\image (6).jpeg
2014-08-31 21:19 - 2014-08-31 21:19 - 00110813 _____ () C:\Users\Imari\Downloads\image (7).jpeg
2014-08-31 21:19 - 2014-08-31 21:19 - 00106874 _____ () C:\Users\Imari\Downloads\image (8).jpeg
2014-08-31 19:37 - 2014-08-31 19:37 - 00109077 _____ () C:\Users\Imari\Downloads\image (4).jpeg
2014-08-31 19:36 - 2014-08-31 19:36 - 00119566 _____ () C:\Users\Imari\Downloads\image (3).jpeg
2014-08-31 19:30 - 2014-08-31 19:30 - 01364600 _____ () C:\Users\Imari\Downloads\ebaypics.zip
2014-08-31 19:30 - 2014-08-31 19:30 - 01364600 _____ () C:\Users\Imari\Downloads\ebaypics (2).zip
2014-08-31 19:30 - 2014-08-31 19:30 - 01364600 _____ () C:\Users\Imari\Downloads\ebaypics (1).zip
2014-08-31 19:27 - 2014-08-31 19:27 - 00119566 _____ () C:\Users\Imari\Downloads\image (2).jpeg
2014-08-31 19:27 - 2014-06-09 20:12 - 00000000 ____D () C:\Users\Imari\Desktop\Ebay- yoyos
2014-08-31 19:25 - 2014-08-31 19:25 - 00119566 _____ () C:\Users\Imari\Downloads\image.jpeg
2014-08-31 19:25 - 2014-08-31 19:25 - 00119566 _____ () C:\Users\Imari\Downloads\image (1).jpeg
2014-08-28 20:39 - 2009-07-14 00:45 - 04914096 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-23 10:40 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-08-22 22:07 - 2014-08-27 21:35 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-22 21:45 - 2014-08-27 21:35 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-22 20:59 - 2014-08-27 21:35 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-19 14:05 - 2014-09-14 10:23 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-19 13:39 - 2014-09-14 10:23 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-18 19:01 - 2014-09-14 10:23 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-18 18:29 - 2014-09-14 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-18 18:29 - 2014-09-14 10:23 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-18 18:26 - 2014-09-14 10:23 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-18 18:20 - 2014-09-14 10:23 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-18 18:19 - 2014-09-14 10:23 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-18 18:15 - 2014-09-14 10:23 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-18 18:15 - 2014-09-14 10:23 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-18 18:14 - 2014-09-14 10:23 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-18 18:14 - 2014-09-14 10:23 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-18 18:08 - 2014-09-14 10:23 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-18 18:08 - 2014-09-14 10:23 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-18 18:08 - 2014-09-14 10:23 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-18 18:05 - 2014-09-14 10:23 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-18 18:03 - 2014-09-14 10:23 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-18 18:03 - 2014-09-14 10:23 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-18 18:03 - 2014-09-14 10:23 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-18 17:57 - 2014-09-14 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-18 17:56 - 2014-09-14 10:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-18 17:51 - 2014-09-14 10:23 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-18 17:46 - 2014-09-14 10:23 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-18 17:45 - 2014-09-14 10:23 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-18 17:45 - 2014-09-14 10:23 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-18 17:44 - 2014-09-14 10:23 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-18 17:44 - 2014-09-14 10:23 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-18 17:42 - 2014-09-14 10:23 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-18 17:40 - 2014-09-14 10:23 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-18 17:39 - 2014-09-14 10:23 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-18 17:39 - 2014-09-14 10:23 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-18 17:39 - 2014-09-14 10:23 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-18 17:38 - 2014-09-14 10:23 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-18 17:37 - 2014-09-14 10:23 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-18 17:36 - 2014-09-14 10:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-18 17:35 - 2014-09-14 10:23 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-18 17:27 - 2014-09-14 10:23 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-18 17:25 - 2014-09-14 10:23 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-18 17:25 - 2014-09-14 10:23 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-18 17:23 - 2014-09-14 10:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-18 17:23 - 2014-09-14 10:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-18 17:22 - 2014-09-14 10:23 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-18 17:19 - 2014-09-14 10:23 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-18 17:17 - 2014-09-14 10:23 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-18 17:17 - 2014-09-14 10:23 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-18 17:16 - 2014-09-14 10:23 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-18 17:15 - 2014-09-14 10:23 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-18 17:15 - 2014-09-14 10:23 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-18 17:09 - 2014-09-14 10:23 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-18 17:08 - 2014-09-14 10:23 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-18 17:07 - 2014-09-14 10:23 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-18 16:55 - 2014-09-14 10:23 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-18 16:46 - 2014-09-14 10:23 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-18 16:38 - 2014-09-14 10:23 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-18 16:38 - 2014-09-14 10:23 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-18 16:36 - 2014-09-14 10:23 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-17 22:28 - 2012-06-14 23:37 - 00000000 ____D () C:\Users\Imari\Documents\Crown Financial
2014-08-17 21:52 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-09-09 21:49

==================== End Of Log ============================

OCD

2014-09-15, 04:28

Hi Nightwingsgurl,

Those entries in your SpyBot log are only Usage Tracks.
Nothing serious. :)

Usage tracks are your fingerprints in your system. Whenever you visit a page with your browser, or just open any file, that information is stored deep inside Windows. In most cases that is very useful – if you want to open that file again, you can select it from a list instead of typing the whole filename or browsing the whole directory structure again.
But in some cases you may want to hide your activity, because spyware and internet attackers may use that information. Spybot-S&D can remove some of the most important and common tracks on your system.

From what I've heard, WSE isn't exactly the most reliable. Should I delete it and install something else?
MSE is fine. Please don't make any changes while we are still cleaning the computer. After we have completed the malware removal process, I will provide you with some options for Anti-Virus software.

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Revo Uninstaller Pro

Please download Revo Uninstaller Pro (http://www.revouninstaller.com/download-professional-version.php) and save it to your desktop.
(This version is a fully functional, 30 day free trial)

Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

From the list of programs click on
Trend Micro
Chose "Uninstall". When prompted click Yes.
Make sure the advanced option is checked... then click Next.
The program will run, when prompted... click Yes... then Next.
Once the program has searched for leftovers click Next.
Check ONLY the bolded items on the list then... click Next... then Yes.
When done click Finish.
=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) FRST Fix Script

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the desktop as fixlist.txt

Start
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
HKLM\...\Run: [Trend Micro Titanium] => C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe -ReFlush "none" "none"
FF Keyword.URL: https://www.mypoints.com/emp/u/mysea...&fctb.dns=1&q=
End

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST and press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Security Check

Download Security Check by screen317 from here (http://screen317.spywareinfoforum.org/SecurityCheck.exe) or here (http://screen317.changelog.fr/SecurityCheck.exe).
Save it to your Desktop.

Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Junkware Removal Tool

Download Junkware Removal Tool (http://thisisudax.org/downloads/JRT.exe) to your desktop.

Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

Shut down your protection software now to avoid potential conflicts.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

=========================

In your next post please provide the following:

Fixlog.txt
checkup.txt
JRT.txt
Any change in performance?

Nightwingsgurl

2014-09-15, 06:58

Those entries in your SpyBot log are only Usage Tracks.
Nothing serious. :)

Usage tracks are your fingerprints in your system. Whenever you visit a page with your browser, or just open any file, that information is stored deep inside Windows. In most cases that is very useful – if you want to open that file again, you can select it from a list instead of typing the whole filename or browsing the whole directory structure again.
But in some cases you may want to hide your activity, because spyware and internet attackers may use that information. Spybot-S&D can remove some of the most important and common tracks on your system.

Haha, good to know! Is there any way to delete them or get them to NOT show up, so I can actually tell when it's catching something serious? Otherwise I'm afraid I'll always wonder what's what.

MSE is fine. Please don't make any changes while we are still cleaning the computer. After we have completed the malware removal process, I will provide you with some options for Anti-Virus software.

Great, thanks.

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Revo Uninstaller Pro

I did this, but when I searched Trend Micro it didn't show up, so I guess my computer lied and it really did delete it all? :P

Run FRST and press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-09-2014
Ran by Imari at 2014-09-14 23:24:10 Run:2
Running from C:\Users\Imari\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
HKLM\...\Run: [Trend Micro Titanium] => C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe -ReFlush "none" "none"
FF Keyword.URL: https://www.mypoints.com/emp/u/mysea...&fctb.dns=1&q=
End
*****************

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect" => Value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Trend Micro Titanium => value deleted successfully.
Firefox Keyword.URL deleted successfully.

==== End of Fixlog ====

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Results of screen317's Security Check version 0.99.87
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
JavaFX 2.1.1
Java 7 Update 67
Java(TM) 6 Update 33
Adobe Flash Player 12.0.0.70 Flash Player out of Date!
Adobe Reader 10.1.11 Adobe Reader out of Date!
Mozilla Firefox (31.0)
Google Chrome 37.0.2062.103
Google Chrome 37.0.2062.120
Google Chrome plugins...
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Spybot Teatimer.exe is disabled!
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 4%
````````````````````End of Log``````````````````````

Post the contents of JRT.txt into your next message.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Imari on Sun 09/14/2014 at 23:37:09.76
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-1487551961-3572496284-799048130-1000\Software\Microsoft\Internet Explorer\Main\\Start Page

~~~ Registry Keys

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\free youtube downloader"
Successfully deleted: [Empty Folder] C:\Users\Imari\appdata\local\{08070F2E-5213-4B92-9650-6429B8F5FB09}
Successfully deleted: [Empty Folder] C:\Users\Imari\appdata\local\{0998F4A5-B511-4895-93C1-275F73FB9065}
Successfully deleted: [Empty Folder] C:\Users\Imari\appdata\local\{0A3EF328-6C38-45E2-A320-3CA9F59CCF2B}
Successfully deleted: [Empty Folder] C:\Users\Imari\appdata\local\{110FD93D-8661-48B9-9C63-44334EC0689F}
Successfully deleted: [Empty Folder] C:\Users\Imari\appdata\local\{17D56B08-E503-401D-84DE-D3DDFF4FDB9A}
Successfully deleted: [Empty Folder] C:\Users\Imari\appdata\local\{24DE2AE6-54F8-4709-B908-E60538FA2417}
Successfully deleted: [Empty Folder] C:\Users\Imari\appdata\local\{24DE31F3-A749-4EFB-BE29-4C486E069888}
Successfully deleted: [Empty Folder] C:\Users\Imari\appdata\local\{263B6BC3-C762-4F5E-9253-46F45911CC04}
Successfully deleted: [Empty Folder] C:\Users\Imari\appdata\local\{2DA9FEB1-7698-43A1-8FE5-28FAD6190EA7}
Successfully deleted: [Empty Folder] C:\Users\Imari\appdata\local\{2FF282F8-CC20-4BAD-ACED-1E0B19EA231E}
Successfully deleted: [Empty Folder] C:\Users\Imari\appdata\local\{339B0066-E7A5-4B4A-BE48-3CE37A5600B4}
Successfully deleted: [Empty Folder] C:\Users\Imari\appdata\local\{38F02327-0B31-4207-941B-F0F0983338C9}
Successfully deleted: [Empty Folder] C:\Users\Imari\appdata\local\{3F4C7048-0C1B-4634-8B84-B4373E697CED}
Successfully deleted: [Empty Folder] C:\Users\Imari\appdata\local\{410B4372-0702-4379-8081-F18AF837CF27}
Successfully deleted: [Empty Folder] C:\Users\Imari\appdata\local\{41A8D342-D87A-455D-85B4-54A4EFCEE279}
Successfully deleted: [Empty Folder] C:\Users\Imari\appdata\local\{424B89DB-3BE3-4708-9B58-27DE3C52695E}
Successfully deleted: [Empty Folder] C:\Users\Imari\appdata\local\{4619B783-296C-4498-9AEF-6449B6B4F55C}
Successfully deleted: [Empty Folder] C:\Users\Imari\appdata\local\{4C8B3A4C-65DF-48A5-9BCD-13B9F7587BDD}
Successfully deleted: [Empty Folder] C:\Users\Imari\appdata\local\{4F0DA463-D00F-4269-9D4D-44A6A522A59D}
Successfully deleted: [Empty Folder] C:\Users\Imari\appdata\local\{529EAC9F-01C5-4270-A35C-CF1CEBC1603E}
Successfully deleted: [Empty Folder] C:\Users\Imari\appdata\local\{58FD927A-8A47-4749-B0DF-F1B3A86A84F5}
Successfully deleted: [Empty Folder] C:\Users\Imari\appdata\local\{61237AB0-ACC0-4F53-8051-8E646E386D77}
Successfully deleted: [Empty Folder] C:\Users\Imari\appdata\local\{663C729D-FF62-41CB-836B-9AC1101982A7}
Successfully deleted: [Empty Folder] C:\Users\Imari\appdata\local\{719BBA0D-5849-4DA9-907C-706728AA1D7F}
Successfully deleted: [Empty Folder] C:\Users\Imari\appdata\local\{771F8ACB-7FF5-409B-946B-FC1F4D9A7403}
Successfully deleted: [Empty Folder] C:\Users\Imari\appdata\local\{7A681F45-B19A-44FC-A571-78844AB56855}
Successfully deleted: [Empty Folder] C:\Users\Imari\appdata\local\{7E1122DA-08D5-4D72-85EF-7247DB1FAD89}
Successfully deleted: [Empty Folder] C:\Users\Imari\appdata\local\{7FB77F10-3A09-4D4C-8E56-E946DE577042}
Successfully deleted: [Empty Folder] C:\Users\Imari\appdata\local\{810E922E-E231-4C64-96DD-F1ECA91330FA}
Successfully deleted: [Empty Folder] C:\Users\Imari\appdata\local\{813186E6-0B35-4EAB-8507-8AF09BC5E21F}
Successfully deleted: [Empty Folder] C:\Users\Imari\appdata\local\{86AC51D3-49FC-4FF5-A2E9-198CDE197ED1}
Successfully deleted: [Empty Folder] C:\Users\Imari\appdata\local\{86ADEEA3-087A-47C6-AF91-FBC449872C30}
Successfully deleted: [Empty Folder] C:\Users\Imari\appdata\local\{89B91DB5-33B6-409D-8625-AD2F59F16D5B}
Successfully deleted: [Empty Folder] C:\Users\Imari\appdata\local\{8BFDCEC9-DAF2-4A74-BA2B-E47D1CA23C79}
Successfully deleted: [Empty Folder] C:\Users\Imari\appdata\local\{9B304B46-DA98-4868-B04B-F6106527C85C}
Successfully deleted: [Empty Folder] C:\Users\Imari\appdata\local\{9EC4B06D-7E45-4210-8A78-31CE68A78C57}
Successfully deleted: [Empty Folder] C:\Users\Imari\appdata\local\{A11304EB-D688-43E4-B65A-A04EC5BE374F}
Successfully deleted: [Empty Folder] C:\Users\Imari\appdata\local\{A3D9ACE4-F9B4-4B8D-9B1A-31B75F85C759}
Successfully deleted: [Empty Folder] C:\Users\Imari\appdata\local\{A6A231B6-ADF0-4271-964C-7DDDF4C7A5A5}
Successfully deleted: [Empty Folder] C:\Users\Imari\appdata\local\{A8567388-0FFB-4724-909C-C425A6BB220D}
Successfully deleted: [Empty Folder] C:\Users\Imari\appdata\local\{AD639115-3B4A-4F11-89D4-F860EA81DC79}
Successfully deleted: [Empty Folder] C:\Users\Imari\appdata\local\{AEC20FB8-C263-41E1-8134-7AE139B74761}
Successfully deleted: [Empty Folder] C:\Users\Imari\appdata\local\{B919CEA9-6A77-458A-A6CC-6D4499C9155A}
Successfully deleted: [Empty Folder] C:\Users\Imari\appdata\local\{BB063919-F2B9-4D34-851F-5F35145FD02D}
Successfully deleted: [Empty Folder] C:\Users\Imari\appdata\local\{BE38B80B-DD0A-450B-8509-E7BE3A4A5B91}
Successfully deleted: [Empty Folder] C:\Users\Imari\appdata\local\{C9AAA75D-F03F-4943-94CD-41F7F9828F70}
Successfully deleted: [Empty Folder] C:\Users\Imari\appdata\local\{D151CE92-C653-4946-8C61-B18ADF1B6A9E}
Successfully deleted: [Empty Folder] C:\Users\Imari\appdata\local\{D1F61C03-E5D9-464E-8513-A08AC57A3743}
Successfully deleted: [Empty Folder] C:\Users\Imari\appdata\local\{D8ABC4DD-480E-4AE5-AC1F-C628DB3185BB}
Successfully deleted: [Empty Folder] C:\Users\Imari\appdata\local\{DB2DC372-4244-4301-95C6-DC299D77E9C6}
Successfully deleted: [Empty Folder] C:\Users\Imari\appdata\local\{E06C920B-21D9-490B-A16F-26A70F8C756A}
Successfully deleted: [Empty Folder] C:\Users\Imari\appdata\local\{E081BDB1-28DB-4BDC-A75A-3877F662F402}
Successfully deleted: [Empty Folder] C:\Users\Imari\appdata\local\{E2EE3B08-AE1A-4B68-B3F6-7F2FE4325228}
Successfully deleted: [Empty Folder] C:\Users\Imari\appdata\local\{E816DB5B-5C14-447B-8921-AFAE432FCFA3}
Successfully deleted: [Empty Folder] C:\Users\Imari\appdata\local\{E82A1E39-5812-451F-9035-AB7CFBFD93E4}
Successfully deleted: [Empty Folder] C:\Users\Imari\appdata\local\{EB1D7B3B-AB43-425C-AF86-C80E2FF2F610}
Successfully deleted: [Empty Folder] C:\Users\Imari\appdata\local\{EE7FA5B2-9068-4BE5-9290-A615CAC792C8}
Successfully deleted: [Empty Folder] C:\Users\Imari\appdata\local\{EEFA7717-56BA-46E3-AD33-9866E9871F9F}
Successfully deleted: [Empty Folder] C:\Users\Imari\appdata\local\{F0138B04-DB10-4F30-9284-0617BFC4DE60}
Successfully deleted: [Empty Folder] C:\Users\Imari\appdata\local\{F3DDDB77-D4FD-4A9E-8D7D-E4E426E53C11}
Successfully deleted: [Empty Folder] C:\Users\Imari\appdata\local\{F76BA8FB-A956-4F5D-9CC1-D62951D43529}
Successfully deleted: [Empty Folder] C:\Users\Imari\appdata\local\{F7A850D3-CB6F-4A26-B3DD-AB079DC8261C}
Successfully deleted: [Empty Folder] C:\Users\Imari\appdata\local\{FFFAA79B-2FCF-4235-9375-1848DAB5BE77}

~~~ FireFox

Emptied folder: C:\Users\Imari\AppData\Roaming\mozilla\firefox\profiles\j3c4jgnx.default\minidumps [19 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 09/14/2014 at 23:44:20.98
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Any change in performance?

My computer seems to be running faster now-- tabs aren't taking as long to load, etc. :D

OCD

2014-09-15, 08:13

Hi Nightwingsgurl,

Is there any way to delete them or get them to NOT show up, so I can actually tell when it's catching something serious? Otherwise I'm afraid I'll always wonder what's what.
I don't know. Unfortunately, I just volunteer here on the forum to help remove malware. I don't have a extensive working knowledge of SpyBot and all the setting that can be made. You could always try posting that question in the Spybot forum (http://forums.spybot.info/forumdisplay.php?4-Spybot), listed under Software.

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Malwarebytes' Anti-Malware

Download Malwarebytes' Anti-Malware (http://www.malwarebytes.org/mbam-download.php) (save it to your desktop).

Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

Select Scan tab.
http://i1269.photobucket.com/albums/jj590/OCD-WTT/MBAMDashboard_zpsddef9b5f.gif (http://s1269.photobucket.com/user/OCD-WTT/media/MBAMDashboard_zpsddef9b5f.gif.html)
Select type of scan to perform:
http://i1269.photobucket.com/albums/jj590/OCD-WTT/MBAMScanTab_zps2c5e74bd.gif (http://s1269.photobucket.com/user/OCD-WTT/media/MBAMScanTab_zps2c5e74bd.gif.html)

Threat Scan < --- Select this type of scan
Custom Scan
Hyper Scan

Next click the Scan button.
When the scan is complete, if no malicious items are found you can close the program.
If malicious items are found be sure that everything is checked, and click Quarantine .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) ESET Online Scanner

*Note:

It is recommended to disable on-board antivirus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your anti-spyware programs.

** You need to run your browser with Administrator Rights, to do so right click your browsers short cut and select "Run as Administrator".

= = = = = = = = = = = = = = = = = = = =

Go here to run ESET Online Scanner (http://www.eset.eu/online-scanner)

(Note: You can use Internet Explorer or FireFox for this scan. If you use FireFox you will be asked to install an additional component. Please allow this.)

Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Disable your Antivirus software. You can usually do this with its Notification Tray icon near the clock
Click Start
Make sure that the option "Remove found threats" is Checked, and the option "Scan unwanted applications" is Checked.
Click Scan.
Wait for the scan to finish.
When the scan completes, click List of found threats
click Export to Text file and save the file to your desktop using a unique name, such as ESETScan.
Include the contents of this report in your next reply

Note - when ESET doesn't find any threats, no report will be created.
Push the back button.
Push Finish
Re-enable your Antivirus software.

=========================

In your next post please provide the following:

MBAM log
ESET's log.txt

Nightwingsgurl

2014-09-17, 05:17

Malwarebytes came up clean. ESET kept having issues (it had some "unknown error") but finally scanned. Here's the log:

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mozilla Firefox\nsprotector.js.vir Win32/Conduit.SearchProtect.A potentially unwanted application deleted - quarantined
C:\Program Files (x86)\Common Files\AutoCompletePro.exe a variant of Win32/Complitly.A potentially unwanted application deleted - quarantined
C:\Users\Imari\Downloads\cbsidlm-tr1_8-Photo_Story_3_for_Windows-SEO2-10339154.exe Win32/DownloadAdmin.E potentially unwanted application deleted - quarantined
C:\Users\Imari\Downloads\ccsetup323.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application deleted - quarantined
C:\Users\Imari\Downloads\ccsetup328.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Users\Imari\Downloads\ccsetup406.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Users\Imari\Downloads\ccsetup417(1).exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Users\Imari\Downloads\ccsetup417.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined

Nightwingsgurl

2014-09-17, 05:19

Oh, should I tell ESET to uninstall? And to delete the quarantined files?

OCD

2014-09-17, 07:40

Hi Nightwingsgurl,

Oh, should I tell ESET to uninstall? And to delete the quarantined files?
Hold off for the moment, we can do that when we have finished. The files pose no threat once they have been quarantined.

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye2_zpse2245433.png.html) Uninstall via Programs and Features

Click Start > Control Panel > Programs and Features. Locate and select the following that are present on the list and click the Remove button:

Adobe Flash Player 12.0.0.70
Adobe Reader 10.1.11
Java(TM) 6 Update 33

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Adobe Flash Player:

Go to http://get.adobe.com/flashplayer/?no_ab=1

Remove the check mark from the box "Install Google Drive"
Click the Download button, and follow the onscreen directions to complete the installation.
Please note, depending on your settings, you may have to temporarily disable your antivirus software for the Adobe Reader update.

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye2_zpse2245433.png.html) Adobe Reader:

Go to http://get.adobe.com/reader/otherversions/

Use the drop down menu's to select your operating system
Select your language > Select The current version of Adobe Reader for your language
Remove the check mark from the box "Free! McAfee Security Scan Plus"
Click the Download button, and follow the onscreen directions to complete the installation.
Please note, depending on your settings, you may have to temporarily disable your antivirus software for the Adobe Reader update.

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Re- run AdwCleaner

It should be on your desktop

Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

Click on the Scan button.
AdwCleaner will begin to scan your computer like it did before.
After the scan has finished...
This time, click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a log file report (AdwCleaner[S0].txt) will open automatically.
Copy and paste the contents of that log file in your next reply.
A copy of that log file will also be saved in the C:\AdwCleaner folder.

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Re-run Farbar Recovery Scan Tool it should be on your desktop.

Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.

=========================

In your next post please provide the following:

AdwCleaner[S6].txt
fresh FRST.txt
How is the computer running?

Nightwingsgurl

2014-09-18, 06:32

Click Start > Control Panel > Programs and Features. Locate and select the following that are present on the list and click the Remove button:

Adobe Flash Player 12.0.0.70
Adobe Reader 10.1.11
Java(TM) 6 Update 33

=========================

I removed them, but.... what was wrong with them (sorry, trying to understand some of the parts of the process)?

Click the Download button, and follow the onscreen directions to complete the installation.

It said it's not necessary because Chrome already includes Adobe Flash Player built in.

After rebooting, a log file report (AdwCleaner[S0].txt) will open automatically.
Copy and paste the contents of that log file in your next reply.

# AdwCleaner v3.310 - Report created 17/09/2014 at 23:12:33
# Updated 12/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Imari - IMARI-PC
# Running from : C:\Users\Imari\Desktop\adwcleaner_3.310.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17280

-\\ Mozilla Firefox v32.0.1 (x86 en-US)

[ File : C:\Users\Imari\AppData\Roaming\Mozilla\Firefox\Profiles\j3c4jgnx.default\prefs.js ]

-\\ Google Chrome v37.0.2062.120

[ File : C:\Users\Imari\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN64620605553500358&ctid=CT2260173&UM=2
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [22262 octets] - [31/03/2014 14:05:55]
AdwCleaner[R1].txt - [21626 octets] - [07/04/2014 11:08:42]
AdwCleaner[R2].txt - [21687 octets] - [10/04/2014 22:14:28]
AdwCleaner[R3].txt - [1143 octets] - [10/04/2014 22:21:08]
AdwCleaner[R4].txt - [1570 octets] - [14/09/2014 10:33:22]
AdwCleaner[R5].txt - [1309 octets] - [14/09/2014 11:00:43]
AdwCleaner[R6].txt - [1371 octets] - [17/09/2014 23:08:23]
AdwCleaner[S0].txt - [22170 octets] - [10/04/2014 22:15:35]
AdwCleaner[S1].txt - [1582 octets] - [17/09/2014 23:12:33]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1642 octets] ##########

Re-run Farbar Recovery Scan Tool it should be on your desktop.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
Ran by Imari (administrator) on IMARI-PC on 17-09-2014 23:22:41
Running from C:\Users\Imari\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(ASUS) C:\Program Files\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Spotify Ltd) C:\Users\Imari\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Apple Inc.) D:\iTunesHelper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(OpenOffice.org) D:\Program Files (x86)\program\soffice.exe
(OpenOffice.org) D:\Program Files (x86)\program\soffice.bin
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ASUS) C:\Windows\AsScrPro.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2587944 2010-12-31] (ELAN Microelectronics Corp.)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [361984 2011-03-21] (Alcor Micro Corp.)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2226280 2011-06-03] (Realtek Semiconductor)
HKLM\...\Run: [Setwallpaper] => c:\programdata\SetWallpaper.cmd
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Nuance PDF Reader-reminder] => C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe [328992 2008-11-03] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [2018032 2011-04-02] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe [731472 2011-02-23] (ecareme)
HKLM-x32\...\Run: [SonicMasterTray] => C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe [984400 2010-07-10] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-23] ()
HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => D:\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
HKU\S-1-5-21-1487551961-3572496284-799048130-1000\...\Run: [MobileDocuments] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
HKU\S-1-5-21-1487551961-3572496284-799048130-1000\...\Run: [Spotify Web Helper] => C:\Users\Imari\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-01-18] (Spotify Ltd)
HKU\S-1-5-21-1487551961-3572496284-799048130-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1487551961-3572496284-799048130-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-1487551961-3572496284-799048130-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-1487551961-3572496284-799048130-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3666224 2013-09-20] (Safer-Networking Ltd.)
HKU\S-1-5-21-1487551961-3572496284-799048130-1000\...\Run: [Google Update] => C:\Users\Imari\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-07-04] (Google Inc.)
HKU\S-1-5-21-1487551961-3572496284-799048130-1000\...\MountPoints2: {d0100140-3593-11e1-ae05-806e6f6e6963} - G:\LaunchBOPC1.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe (ASUSTeK Computer Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_94E3CE3704FE82FBF49A6A.exe ()
Startup: C:\Users\Imari\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Imari\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Imari\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> D:\Program Files (x86)\program\quickstart.exe ()
ShellIconOverlayIdentifiers: AsusWSShellExt_B -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: AsusWSShellExt_O -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Imari\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Imari\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Imari\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Imari\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Imari\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Imari\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Imari\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll (Dropbox, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Imari\AppData\Roaming\Mozilla\Firefox\Profiles\j3c4jgnx.default
FF NetworkProxy: "type", 0
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @Musicnotes.com/Musicnotes Viewer -> C:\Program Files\Musicnotes\npmusicn64.dll (Musicnotes, Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> D:\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Windows\SysWOW64\npdeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @Musicnotes.com/Musicnotes Viewer -> C:\Program Files (x86)\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\Imari\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\Imari\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Imari\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Imari\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Imari\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Imari\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: Adblock Plus - C:\Users\Imari\AppData\Roaming\Mozilla\Firefox\Profiles\j3c4jgnx.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-01-11]

Chrome:
=======
CHR HomePage: Default ->
CHR DefaultSearchKeyword: Default -> 7DE471496509B5E9AB1E1945A15502F1540DC2E271BE5A7A8AE30F6123D4D166
CHR DefaultSearchProvider: Default -> E76B94E40D14BD8E51C5F9391B97C8CAB37F0DAA10B7481104905EAF8B58F536
CHR DefaultSearchURL: Default -> D20230A2D69F58D3F5F7B7BB7EE44D1ED223F1247DA80ACC89D88531D61AC40B
CHR Profile: C:\Users\Imari\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Imari\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-29]
CHR Extension: (Google Wallet) - C:\Users\Imari\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-04]
CHR HKCU\...\Chrome\Extension: [apjkpjchfbckhjhokinlgdbmibpbbjak] - C:\Users\Imari\AppData\Local\CRE\apjkpjchfbckhjhokinlgdbmibpbbjak.crx []

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32512 2014-03-31] ()
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [530488 2012-01-02] () [File not signed]
U3 a5rxko2o; C:\Windows\System32\Drivers\a5rxko2o.sys [0 ] (Advanced Micro Devices)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-17 23:07 - 2014-09-17 23:07 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-17 23:07 - 2014-09-17 23:07 - 00002021 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-09-17 22:50 - 2014-09-13 17:03 - 00880040 _____ (Oracle Corporation) C:\Windows\SysWOW64\npdeployJava1.dll
2014-09-17 22:50 - 2014-09-13 17:03 - 00802728 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2014-09-17 22:50 - 2014-09-13 17:03 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-09-17 22:50 - 2014-09-13 17:03 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-09-17 22:50 - 2014-09-13 17:03 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-09-16 22:17 - 2014-09-16 22:17 - 00001100 _____ () C:\Users\Imari\Desktop\ESETSCAN.txt
2014-09-15 23:27 - 2014-09-15 23:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-15 22:50 - 2014-09-15 22:50 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-15 22:47 - 2014-09-15 22:49 - 02347384 _____ (ESET) C:\Users\Imari\Desktop\esetsmartinstaller_enu.exe
2014-09-14 23:44 - 2014-09-14 23:44 - 00008253 _____ () C:\Users\Imari\Desktop\JRT.txt
2014-09-14 23:36 - 2014-09-14 23:36 - 00000000 ____D () C:\Windows\ERUNT
2014-09-14 23:34 - 2014-09-14 23:34 - 01016261 _____ (Thisisu) C:\Users\Imari\Desktop\JRT.exe
2014-09-14 23:25 - 2014-09-14 23:25 - 00854417 _____ () C:\Users\Imari\Desktop\SecurityCheck.exe
2014-09-14 23:17 - 2014-09-14 23:17 - 00000784 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2014-09-14 23:17 - 2014-09-14 23:17 - 00000000 ____D () C:\Users\Imari\Desktop\Revo Uninstaller Pro
2014-09-14 23:17 - 2014-09-14 23:17 - 00000000 ____D () C:\Users\Imari\AppData\Local\VS Revo Group
2014-09-14 23:17 - 2014-09-14 23:17 - 00000000 ____D () C:\ProgramData\VS Revo Group
2014-09-14 23:17 - 2014-09-14 23:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2014-09-14 23:17 - 2009-12-30 10:21 - 00031800 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2014-09-14 23:13 - 2014-09-14 23:14 - 10619688 _____ (VS Revo Group ) C:\Users\Imari\Downloads\RevoUninProSetup.exe
2014-09-14 11:57 - 2014-09-14 23:09 - 00000000 ____D () C:\Users\Imari\AppData\Roaming\Trine2
2014-09-14 11:57 - 2014-09-14 11:57 - 00000383 _____ () C:\Windows\DirectX.log
2014-09-14 11:08 - 2014-09-14 11:08 - 02105856 _____ (Farbar) C:\Users\Imari\Downloads\FRST64.exe
2014-09-14 10:54 - 2014-09-17 23:13 - 00050546 _____ () C:\Windows\PFRO.log
2014-09-14 10:49 - 2014-09-14 10:55 - 00002872 _____ () C:\Windows\system32\TmInstall.log
2014-09-14 10:49 - 2014-09-14 10:49 - 00004280 _____ () C:\Windows\SysWOW64\TmInstall.log
2014-09-14 10:34 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-09-14 10:32 - 2014-09-14 10:32 - 01373475 _____ () C:\Users\Imari\Downloads\adwcleaner_3.310(1).exe
2014-09-14 10:27 - 2014-09-14 10:27 - 01373475 _____ () C:\Users\Imari\Desktop\adwcleaner_3.310.exe
2014-09-14 10:23 - 2014-08-19 14:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-14 10:23 - 2014-08-19 13:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-14 10:23 - 2014-08-18 19:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-14 10:23 - 2014-08-18 18:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-14 10:23 - 2014-08-18 18:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-14 10:23 - 2014-08-18 18:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-14 10:23 - 2014-08-18 18:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-14 10:23 - 2014-08-18 18:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-14 10:23 - 2014-08-18 18:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-14 10:23 - 2014-08-18 18:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-14 10:23 - 2014-08-18 18:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-14 10:23 - 2014-08-18 18:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-14 10:23 - 2014-08-18 18:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-14 10:23 - 2014-08-18 18:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-14 10:23 - 2014-08-18 18:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-14 10:23 - 2014-08-18 18:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-14 10:23 - 2014-08-18 18:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-14 10:23 - 2014-08-18 18:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-14 10:23 - 2014-08-18 18:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-14 10:23 - 2014-08-18 17:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-14 10:23 - 2014-08-18 17:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-14 10:23 - 2014-08-18 17:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-14 10:23 - 2014-08-18 17:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-14 10:23 - 2014-08-18 17:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-14 10:23 - 2014-08-18 17:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-14 10:23 - 2014-08-18 17:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-14 10:23 - 2014-08-18 17:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-14 10:23 - 2014-08-18 17:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-14 10:23 - 2014-08-18 17:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-14 10:23 - 2014-08-18 17:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-14 10:23 - 2014-08-18 17:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-14 10:23 - 2014-08-18 17:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-14 10:23 - 2014-08-18 17:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-14 10:23 - 2014-08-18 17:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-14 10:23 - 2014-08-18 17:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-14 10:23 - 2014-08-18 17:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-14 10:23 - 2014-08-18 17:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-14 10:23 - 2014-08-18 17:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-14 10:23 - 2014-08-18 17:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-14 10:23 - 2014-08-18 17:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-14 10:23 - 2014-08-18 17:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-14 10:23 - 2014-08-18 17:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-14 10:23 - 2014-08-18 17:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-14 10:23 - 2014-08-18 17:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-14 10:23 - 2014-08-18 17:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-14 10:23 - 2014-08-18 17:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-14 10:23 - 2014-08-18 17:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-14 10:23 - 2014-08-18 17:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-14 10:23 - 2014-08-18 17:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-14 10:23 - 2014-08-18 17:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-14 10:23 - 2014-08-18 17:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-14 10:23 - 2014-08-18 16:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-14 10:23 - 2014-08-18 16:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-14 10:23 - 2014-08-18 16:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-14 10:23 - 2014-08-18 16:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-14 10:23 - 2014-08-18 16:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-14 10:13 - 2014-09-17 23:13 - 00000336 _____ () C:\Windows\setupact.log
2014-09-14 10:13 - 2014-09-14 10:13 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-13 19:21 - 2014-09-13 19:21 - 00000000 ____D () C:\Users\Imari\Documents\ProcAlyzer Dumps
2014-09-13 18:31 - 2014-09-13 18:31 - 05185536 _____ (AVAST Software) C:\Users\Imari\Desktop\aswMBR.exe
2014-09-13 18:21 - 2014-09-13 18:23 - 00046720 _____ () C:\Users\Imari\Desktop\Addition.txt
2014-09-13 18:19 - 2014-09-17 23:22 - 00020097 _____ () C:\Users\Imari\Desktop\FRST.txt
2014-09-13 18:18 - 2014-09-17 23:22 - 00000000 ____D () C:\FRST
2014-09-13 18:16 - 2014-09-13 18:16 - 02105856 _____ (Farbar) C:\Users\Imari\Desktop\FRST64.exe
2014-09-13 18:15 - 2014-09-13 18:15 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-IMARI-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
2014-09-13 18:13 - 2014-09-13 18:13 - 00002237 _____ () C:\Users\Imari\Desktop\Tweaking.com - Registry Backup.lnk
2014-09-13 18:13 - 2014-09-13 18:13 - 00000000 ____D () C:\Users\Imari\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-09-13 18:13 - 2014-09-13 18:13 - 00000000 ____D () C:\RegBackup
2014-09-13 18:12 - 2014-09-13 18:12 - 04057608 _____ () C:\Users\Imari\Downloads\tweaking.com_registry_backup_setup.exe
2014-09-13 18:12 - 2014-09-13 18:12 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-09-13 17:03 - 2014-09-13 17:03 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-09-13 13:17 - 2014-06-26 22:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-13 13:17 - 2014-06-26 21:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-10 22:13 - 2014-08-01 07:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-10 22:13 - 2014-08-01 07:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-10 22:13 - 2014-06-23 23:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-10 22:13 - 2014-06-23 22:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-10 22:12 - 2014-09-04 22:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-10 22:12 - 2014-09-04 22:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-10 22:12 - 2014-07-06 22:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-10 22:12 - 2014-07-06 22:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-10 22:12 - 2014-07-06 21:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-10 22:12 - 2014-07-06 21:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-10 22:12 - 2014-07-06 21:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-06 22:15 - 2014-09-06 22:18 - 00000000 ____D () C:\Users\Imari\Desktop\Football 9-5-14
2014-09-01 13:30 - 2014-09-15 22:14 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-01 13:29 - 2014-09-01 13:29 - 00001104 _____ () C:\Users\Imari\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-01 13:29 - 2014-09-01 13:29 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-01 13:29 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-01 13:29 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-31 19:30 - 2014-08-31 19:30 - 01364600 _____ () C:\Users\Imari\Downloads\ebaypics.zip
2014-08-31 19:30 - 2014-08-31 19:30 - 01364600 _____ () C:\Users\Imari\Downloads\ebaypics (2).zip
2014-08-31 19:30 - 2014-08-31 19:30 - 01364600 _____ () C:\Users\Imari\Downloads\ebaypics (1).zip
2014-08-27 21:35 - 2014-08-22 22:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-27 21:35 - 2014-08-22 21:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-27 21:35 - 2014-08-22 20:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-17 23:23 - 2014-09-13 18:19 - 00020097 _____ () C:\Users\Imari\Desktop\FRST.txt
2014-09-17 23:22 - 2014-09-13 18:18 - 00000000 ____D () C:\FRST
2014-09-17 23:21 - 2009-07-14 00:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-17 23:21 - 2009-07-14 00:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-17 23:17 - 2014-07-04 13:12 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1487551961-3572496284-799048130-1000UA.job
2014-09-17 23:15 - 2012-05-31 13:11 - 00000000 ____D () C:\Users\Imari\AppData\Roaming\Dropbox
2014-09-17 23:15 - 2011-12-26 04:51 - 00000000 ____D () C:\Users\Imari\AppData\Local\Adobe
2014-09-17 23:15 - 2011-12-21 22:49 - 00000000 ___HD () C:\ASUS.DAT
2014-09-17 23:14 - 2011-12-21 22:49 - 00045056 _____ () C:\Windows\system32\acovcnt.exe
2014-09-17 23:14 - 2011-04-02 00:36 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-17 23:13 - 2014-09-14 10:54 - 00050546 _____ () C:\Windows\PFRO.log
2014-09-17 23:13 - 2014-09-14 10:13 - 00000336 _____ () C:\Windows\setupact.log
2014-09-17 23:13 - 2012-12-30 16:37 - 01346556 _____ () C:\Windows\WindowsUpdate.log
2014-09-17 23:13 - 2012-04-28 13:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-17 23:13 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-17 23:12 - 2014-03-31 14:05 - 00000000 ____D () C:\AdwCleaner
2014-09-17 23:07 - 2014-09-17 23:07 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-17 23:07 - 2014-09-17 23:07 - 00002021 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-09-17 23:06 - 2011-12-26 04:50 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-09-17 23:06 - 2011-12-26 04:49 - 00000000 ____D () C:\ProgramData\Adobe
2014-09-17 23:04 - 2014-02-20 21:16 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-17 22:50 - 2012-01-06 20:05 - 00000000 ____D () C:\Program Files (x86)\Java
2014-09-17 22:39 - 2011-04-02 00:36 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-17 18:37 - 2014-07-04 13:12 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1487551961-3572496284-799048130-1000Core.job
2014-09-16 22:47 - 2013-11-27 23:09 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-09-16 22:17 - 2014-09-16 22:17 - 00001100 _____ () C:\Users\Imari\Desktop\ESETSCAN.txt
2014-09-16 22:15 - 2013-12-02 22:04 - 00000000 ____D () C:\Users\Imari\AppData\Roaming\Bioshock
2014-09-16 21:30 - 2013-12-02 22:04 - 00000000 ____D () C:\Users\Imari\Documents\Bioshock
2014-09-15 23:27 - 2014-09-15 23:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-15 22:50 - 2014-09-15 22:50 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-15 22:49 - 2014-09-15 22:47 - 02347384 _____ (ESET) C:\Users\Imari\Desktop\esetsmartinstaller_enu.exe
2014-09-15 22:14 - 2014-09-01 13:30 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-14 23:44 - 2014-09-14 23:44 - 00008253 _____ () C:\Users\Imari\Desktop\JRT.txt
2014-09-14 23:36 - 2014-09-14 23:36 - 00000000 ____D () C:\Windows\ERUNT
2014-09-14 23:34 - 2014-09-14 23:34 - 01016261 _____ (Thisisu) C:\Users\Imari\Desktop\JRT.exe
2014-09-14 23:25 - 2014-09-14 23:25 - 00854417 _____ () C:\Users\Imari\Desktop\SecurityCheck.exe
2014-09-14 23:17 - 2014-09-14 23:17 - 00000784 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2014-09-14 23:17 - 2014-09-14 23:17 - 00000000 ____D () C:\Users\Imari\Desktop\Revo Uninstaller Pro
2014-09-14 23:17 - 2014-09-14 23:17 - 00000000 ____D () C:\Users\Imari\AppData\Local\VS Revo Group
2014-09-14 23:17 - 2014-09-14 23:17 - 00000000 ____D () C:\ProgramData\VS Revo Group
2014-09-14 23:17 - 2014-09-14 23:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2014-09-14 23:14 - 2014-09-14 23:13 - 10619688 _____ (VS Revo Group ) C:\Users\Imari\Downloads\RevoUninProSetup.exe
2014-09-14 23:09 - 2014-09-14 11:57 - 00000000 ____D () C:\Users\Imari\AppData\Roaming\Trine2
2014-09-14 11:57 - 2014-09-14 11:57 - 00000383 _____ () C:\Windows\DirectX.log
2014-09-14 11:08 - 2014-09-14 11:08 - 02105856 _____ (Farbar) C:\Users\Imari\Downloads\FRST64.exe
2014-09-14 11:07 - 2012-05-16 19:36 - 03033088 ___SH () C:\Users\Imari\Downloads\Thumbs.db
2014-09-14 10:56 - 2012-12-14 18:11 - 00260096 ___SH () C:\Users\Imari\Desktop\Thumbs.db
2014-09-14 10:55 - 2014-09-14 10:49 - 00002872 _____ () C:\Windows\system32\TmInstall.log
2014-09-14 10:49 - 2014-09-14 10:49 - 00004280 _____ () C:\Windows\SysWOW64\TmInstall.log
2014-09-14 10:47 - 2011-04-02 00:49 - 00000000 ____D () C:\ProgramData\Trend Micro
2014-09-14 10:32 - 2014-09-14 10:32 - 01373475 _____ () C:\Users\Imari\Downloads\adwcleaner_3.310(1).exe
2014-09-14 10:27 - 2014-09-14 10:27 - 01373475 _____ () C:\Users\Imari\Desktop\adwcleaner_3.310.exe
2014-09-14 10:26 - 2012-01-02 20:08 - 00000000 ____D () C:\Users\Imari\Desktop\Maintenance
2014-09-14 10:21 - 2011-12-30 14:31 - 00804292 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-14 10:21 - 2009-07-14 01:13 - 00804292 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-14 10:20 - 2012-04-28 03:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-09-14 10:20 - 2011-12-30 14:31 - 00002119 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-09-14 10:20 - 2011-12-30 14:31 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-09-14 10:20 - 2011-12-30 14:31 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-09-14 10:13 - 2014-09-14 10:13 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-13 19:21 - 2014-09-13 19:21 - 00000000 ____D () C:\Users\Imari\Documents\ProcAlyzer Dumps
2014-09-13 19:20 - 2012-01-11 19:56 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-09-13 18:31 - 2014-09-13 18:31 - 05185536 _____ (AVAST Software) C:\Users\Imari\Desktop\aswMBR.exe
2014-09-13 18:23 - 2014-09-13 18:21 - 00046720 _____ () C:\Users\Imari\Desktop\Addition.txt
2014-09-13 18:16 - 2014-09-13 18:16 - 02105856 _____ (Farbar) C:\Users\Imari\Desktop\FRST64.exe
2014-09-13 18:15 - 2014-09-13 18:15 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-IMARI-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
2014-09-13 18:13 - 2014-09-13 18:13 - 00002237 _____ () C:\Users\Imari\Desktop\Tweaking.com - Registry Backup.lnk
2014-09-13 18:13 - 2014-09-13 18:13 - 00000000 ____D () C:\Users\Imari\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-09-13 18:13 - 2014-09-13 18:13 - 00000000 ____D () C:\RegBackup
2014-09-13 18:12 - 2014-09-13 18:12 - 04057608 _____ () C:\Users\Imari\Downloads\tweaking.com_registry_backup_setup.exe
2014-09-13 18:12 - 2014-09-13 18:12 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-09-13 17:06 - 2012-01-02 20:08 - 00000000 ____D () C:\Users\Imari\Desktop\Games
2014-09-13 17:04 - 2013-09-21 23:20 - 00000000 ____D () C:\ProgramData\Oracle
2014-09-13 17:03 - 2014-09-17 22:50 - 00880040 _____ (Oracle Corporation) C:\Windows\SysWOW64\npdeployJava1.dll
2014-09-13 17:03 - 2014-09-17 22:50 - 00802728 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2014-09-13 17:03 - 2014-09-17 22:50 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-09-13 17:03 - 2014-09-17 22:50 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-09-13 17:03 - 2014-09-17 22:50 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-09-13 17:03 - 2014-09-13 17:03 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-09-13 14:37 - 2014-01-02 23:27 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-09-13 13:17 - 2014-05-09 07:12 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-12 19:23 - 2011-12-22 20:40 - 00000000 ____D () C:\Users\Imari\AppData\Roaming\Skype
2014-09-10 20:29 - 2014-03-23 16:52 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-09-10 20:29 - 2011-12-22 20:39 - 00000000 ____D () C:\ProgramData\Skype
2014-09-09 23:39 - 2009-07-14 03:45 - 00000000 ____D () C:\Windows\ShellNew
2014-09-06 22:18 - 2014-09-06 22:15 - 00000000 ____D () C:\Users\Imari\Desktop\Football 9-5-14
2014-09-04 22:10 - 2014-09-10 22:12 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-04 22:05 - 2014-09-10 22:12 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-01 14:30 - 2011-12-29 14:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-09-01 14:30 - 2011-12-29 14:36 - 00000000 ____D () C:\Program Files\CCleaner
2014-09-01 13:58 - 2012-01-15 23:39 - 00000000 ____D () C:\Windows\Minidump
2014-09-01 13:29 - 2014-09-01 13:29 - 00001104 _____ () C:\Users\Imari\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-01 13:29 - 2014-09-01 13:29 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-01 13:29 - 2011-12-30 14:24 - 00000000 ____D () C:\Users\Imari\AppData\Roaming\Malwarebytes
2014-09-01 13:29 - 2011-12-30 14:24 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-31 19:30 - 2014-08-31 19:30 - 01364600 _____ () C:\Users\Imari\Downloads\ebaypics.zip
2014-08-31 19:30 - 2014-08-31 19:30 - 01364600 _____ () C:\Users\Imari\Downloads\ebaypics (2).zip
2014-08-31 19:30 - 2014-08-31 19:30 - 01364600 _____ () C:\Users\Imari\Downloads\ebaypics (1).zip
2014-08-31 19:27 - 2014-06-09 20:12 - 00000000 ____D () C:\Users\Imari\Desktop\Ebay- yoyos
2014-08-28 20:39 - 2009-07-14 00:45 - 04914096 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-23 10:40 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-08-22 22:07 - 2014-08-27 21:35 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-22 21:45 - 2014-08-27 21:35 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-22 20:59 - 2014-08-27 21:35 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-19 14:05 - 2014-09-14 10:23 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-19 13:39 - 2014-09-14 10:23 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-18 19:01 - 2014-09-14 10:23 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-18 18:29 - 2014-09-14 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-18 18:29 - 2014-09-14 10:23 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-18 18:26 - 2014-09-14 10:23 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-18 18:20 - 2014-09-14 10:23 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-18 18:19 - 2014-09-14 10:23 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-18 18:15 - 2014-09-14 10:23 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-18 18:15 - 2014-09-14 10:23 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-18 18:14 - 2014-09-14 10:23 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-18 18:14 - 2014-09-14 10:23 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-18 18:08 - 2014-09-14 10:23 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-18 18:08 - 2014-09-14 10:23 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-18 18:08 - 2014-09-14 10:23 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-18 18:05 - 2014-09-14 10:23 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-18 18:03 - 2014-09-14 10:23 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-18 18:03 - 2014-09-14 10:23 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-18 18:03 - 2014-09-14 10:23 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-18 17:57 - 2014-09-14 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-18 17:56 - 2014-09-14 10:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-18 17:51 - 2014-09-14 10:23 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-18 17:46 - 2014-09-14 10:23 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-18 17:45 - 2014-09-14 10:23 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-18 17:45 - 2014-09-14 10:23 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-18 17:44 - 2014-09-14 10:23 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-18 17:44 - 2014-09-14 10:23 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-18 17:42 - 2014-09-14 10:23 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-18 17:40 - 2014-09-14 10:23 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-18 17:39 - 2014-09-14 10:23 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-18 17:39 - 2014-09-14 10:23 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-18 17:39 - 2014-09-14 10:23 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-18 17:38 - 2014-09-14 10:23 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-18 17:37 - 2014-09-14 10:23 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-18 17:36 - 2014-09-14 10:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-18 17:35 - 2014-09-14 10:23 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-18 17:27 - 2014-09-14 10:23 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-18 17:25 - 2014-09-14 10:23 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-18 17:25 - 2014-09-14 10:23 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-18 17:23 - 2014-09-14 10:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-18 17:23 - 2014-09-14 10:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-18 17:22 - 2014-09-14 10:23 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-18 17:19 - 2014-09-14 10:23 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-18 17:17 - 2014-09-14 10:23 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-18 17:17 - 2014-09-14 10:23 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-18 17:16 - 2014-09-14 10:23 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-18 17:15 - 2014-09-14 10:23 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-18 17:15 - 2014-09-14 10:23 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-18 17:09 - 2014-09-14 10:23 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-18 17:08 - 2014-09-14 10:23 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-18 17:07 - 2014-09-14 10:23 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-18 16:55 - 2014-09-14 10:23 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-18 16:46 - 2014-09-14 10:23 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-18 16:38 - 2014-09-14 10:23 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-18 16:38 - 2014-09-14 10:23 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-18 16:36 - 2014-09-14 10:23 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

Some content of TEMP:
====================
C:\Users\Imari\AppData\Local\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-09-09 21:49

==================== End Of Log ============================

My computer is running faster than it has in a long time! It's very full (in fact, C was so full it initially couldn't download Adobe) but once my PC is clean, I'm moving a lot of files to an external drive, so that should help even more. Everything from browser activity to Steam games is running much more smoothly and quickly. :)

OCD

2014-09-18, 09:13

Hi Nightwingsgurl,

Those programs were outdated. It is important to have the current version of all software installed. Outdated versions can contain vulnerabilities that can be exploited by the "bad guys".

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) FRST Fix Script

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the desktop as fixlist.txt

Start
CHR HKCU\...\Chrome\Extension: [apjkpjchfbckhjhokinlgdbmibpbbjak] - C:\Users\Imari\AppData\Local\CRE\apjkpjchfbckhjhokinlgdbmibpbbjak.crx []
End

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST and press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.

=========================

In your next post please provide the following:

Fixlog.txt
Any remaining issues?

Nightwingsgurl

2014-09-21, 19:46

Run FRST and press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-09-2014
Ran by Imari at 2014-09-21 12:45:26 Run:3
Running from C:\Users\Imari\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
CHR HKCU\...\Chrome\Extension: [apjkpjchfbckhjhokinlgdbmibpbbjak] - C:\Users\Imari\AppData\Local\CRE\apjkpjchfbckhjhokinlgdbmibpbbjak.crx []
End
*****************

"HKCU\SOFTWARE\Google\Chrome\Extensions\apjkpjchfbckhjhokinlgdbmibpbbjak" => Key deleted successfully.
"C:\Users\Imari\AppData\Local\CRE\apjkpjchfbckhjhokinlgdbmibpbbjak.crx" => File/Directory not found.

==== End of Fixlog ====

I'm not noticing any other issues right now. My PC is running quickly, and Google seems to be behaving. :)

OCD

2014-09-22, 04:14

Hi Nightwingsgurl,

Your log appears to be clean. :bigthumb:
We have a few items to take care of before we get to the All Clean Speech.

= = = = = = = = = = = = = = = = = = = =

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Remove Disinfection Tools

Download Delfix (http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/9-delfix)
Tick the following boxes:

Remove disinfection tools
Create registry backup
Purge system restore

http://i1269.photobucket.com/albums/jj590/OCD-WTT/Delfix_zpsbce6c60b.gif (http://s1269.photobucket.com/user/OCD-WTT/media/Delfix_zpsbce6c60b.gif.html)

Click Run
Any other tools and files found can simply be deleted or uninstall via the Control Panel.

= = = = = = = = = = = = = = = = = = = =

With the above items taken care of let's move on to the All Clean part of the process.

The following procedures are recommendations for helping to keep your system running smoothly. If you are currently satisfied with how your system is running some or all of these may not pertain to you. Implement what you need.

This infection appears to have been cleaned, but I can not give you any absolute guarantees. As a precaution, I would go ahead and change all of your passwords as this is especially important after an infection.

Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop.

Here are some tips to reduce the potential for spyware infection in the future:

Make your Internet Explorer more secure - This can be done by following these simple instructions:

From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate windows and frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
Make your Mozilla Firefox more secure - This can be done by adding these add-ons:

NoScript (https://addons.mozilla.org/en-US/firefox/addon/noscript/?src=ss)
AdBlockPlus (https://addons.mozilla.org/en-US/firefox/addon/adblock-plus/)

Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.

Free Anti-Virus

Avast Free Antivirus (http://download.cnet.com/Avast-Free-Antivirus/3000-2239_4-10019223.html)
Avira Free Antivirus 2013 (http://download.cnet.com/Avira-Free-Antivirus-2013/3000-2239_4-10322935.html)
PC Tools AntiVirus Free (http://download.cnet.com/PC-Tools-AntiVirus-Free/3000-2239_4-10625067.html)
Ad-Aware Free Antivirus + (http://download.cnet.com/Ad-Aware-Free-Antivirus/3000-8022_4-10045910.html)

Free Firewall
Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly. A tutorial on firewalls can be found here (http://www.bleepingcomputer.com/tutorials/understanding-and-using-firewalls/).

Online Armor Free (http://download.cnet.com/Online-Armor-Free/3000-10435_4-10426782.html)
Agnitum Outpost Firewall Free (http://download.cnet.com/Agnitum-Outpost-Firewall-Free/3000-10435_4-10913746.html)
Comodo Firewall (http://download.cnet.com/Comodo-Firewall/3000-10435_4-75181464.html)

= = = = = = = = = = = = = = = = = = = =

Be prepared for CryptoLocker:

Cryptolocker Ransomware: What You Need To Know (http://blog.malwarebytes.org/intelligence/2013/10/cryptolocker-ransomware-what-you-need-to-know/#)
CryptoLocker Ransomware Information Guide and FAQ (http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information)

to help protect your computer in the future I recommend that you get the following free program:

CryptoPrevent (http://www.foolishit.com/vb6-projects/cryptoprevent/) install this program to lock down and prevent crypto-ransomeware

http://i1269.photobucket.com/albums/jj590/OCD-WTT/CryptoPrevent_zps7ddc3ebd.jpg (http://s1269.photobucket.com/user/OCD-WTT/media/CryptoPrevent_zps7ddc3ebd.jpg.html)

= = = = = = = = = = = = = = = = = = = =

COMPUTER SECURITY (http://www.malwareremoval.com/forum/viewtopic.php?p=557960#p557960) - a short guide to staying safer online

= = = = = = = = = = = = = = = = = = = =

WOT (http://www.mywot.com/) Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites - green to go, yellow for caution and red to stop, helping you avoid the dangerous sites. WOT has an addon available for both Firefox and IE.

Green should be good to go
Yellow for caution
Red to stop

= = = = = = = = = = = = = = = = = = = =

P2P may be a great way to get lots of stuffs, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter (http://www.fbi.gov/cyberinvest/cyberedletter.htm)
USAToday (http://www.usatoday.com/tech/columnist/kimkomando/2006-04-13-file-sharing-woes_x.htm)
infoworld (http://www.infoworld.com/article/07/09/06/Seattle-man-arrested-for-p-to-p-ID-theft_1.html)

= = = = = = = = = = = = = = = = = = = =

Make sure you keep your Windows OS current.

Windows XP:
Microsoft will no longer offer support for Windows XP beginning on April 8, 2014
If you are running Windows XP, please take the time to read the information provided at these links.

Windows XP - The Elephant In The Room (http://www.malwareremoval.com/forum/viewtopic.php?p=630064#p630064)
Windows XP - The end of the road (http://techpageone.dell.com/technology/windows-xp-end-road/?dgc=BA&cid=272099&lid=5049884&acd=12309189674467600#.UxUoP4W9Is3)

Windows Vista/7 users can open the Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems.
Window 8 Open Windows Update by swiping in from the right edge of the screen (or, if you're using a mouse, pointing to the lower-right corner of the screen and moving the mouse pointer up), tapping or clicking Settings, tapping or clicking Change PC settings, and then tapping or clicking Update and recovery.

Without these you are leaving the back door open.

= = = = = = = = = = = = = = = = = = = =

Consider a custom hosts file such as MVPS HOSTS (http://www.mvps.org/winhelp2002/hosts.htm). This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial by WinHelp2002 (http://www.mvps.org/winhelp2002/hosts.htm)
Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.

= = = = = = = = = = = = = = = = = = = =

Finally, I strongly recommend that you read TonyKlein's good advice So how did I get infected in the first place? (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)

Please reply to this thread once more if you are satisfied so that we can mark the problem as resolved.

Nightwingsgurl

2014-09-22, 06:07

Your log appears to be clean. :bigthumb:

Sweet! Thank you!

Use and update an anti-virus software[/b][/color] - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.

Free Anti-Virus

Avast Free Antivirus (http://download.cnet.com/Avast-Free-Antivirus/3000-2239_4-10019223.html)
Avira Free Antivirus 2013 (http://download.cnet.com/Avira-Free-Antivirus-2013/3000-2239_4-10322935.html)
PC Tools AntiVirus Free (http://download.cnet.com/PC-Tools-AntiVirus-Free/3000-2239_4-10625067.html)
Ad-Aware Free Antivirus + (http://download.cnet.com/Ad-Aware-Free-Antivirus/3000-8022_4-10045910.html)

I downloaded Ad-Aware. Just checking-- I need to delete Windows Security Essentials, right?

Free Firewall
Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly. A tutorial on firewalls can be found here (http://www.bleepingcomputer.com/tutorials/understanding-and-using-firewalls/).

Online Armor Free (http://download.cnet.com/Online-Armor-Free/3000-10435_4-10426782.html)
Agnitum Outpost Firewall Free (http://download.cnet.com/Agnitum-Outpost-Firewall-Free/3000-10435_4-10913746.html)
Comodo Firewall (http://download.cnet.com/Comodo-Firewall/3000-10435_4-75181464.html)

= = = = = = = = = = = = = = = = = = = =

I already have Windows Firewall. Should I delete it to use one of these, do you think, or just leave it as it is?

http://i1269.photobucket.com/albums/jj590/OCD-WTT/CryptoPrevent_zps7ddc3ebd.jpg (http://s1269.photobucket.com/user/OCD-WTT/media/CryptoPrevent_zps7ddc3ebd.jpg.html)

I couldn't find those options, but it's installed with default settings.

Nightwingsgurl

2014-09-22, 06:09

Oh.... Ad-Aware says it can do a compatible install to run as a second line of defense, so I didn't know about WSE.

OCD

2014-09-22, 23:22

Hi Nightwingsgurl,

I downloaded Ad-Aware. Just checking-- I need to delete Windows Security Essentials, right?
I'm not sure Windows will allow you to delete it, you may just have to disable it.

I already have Windows Firewall. Should I delete it to use one of these, do you think, or just leave it as it is?
The choice is yours, but Windows Firewall is fine.

You don't want to have more than one AV or FW running at any one time. Doing so may actually degrade your protection. Always remember, one anti virus and one firewall.

Nightwingsgurl

2014-09-25, 02:08

You don't want to have more than one AV or FW running at any one time. Doing so may actually degrade your protection. Always remember, one anti virus and one firewall.

Even with the compatible install? AdAware says it detected an incompatible software but can do a compatible install (that was after I turned off WSE, so I'm not sure what else to do with that).

OCD

2014-09-25, 04:58

Hi Nightwingsgurl,

Uninstall the AdAware Anti Virus software, reboot, then reinstall.

If you are presented with an error message or pop-up, please copy down exactly what it says. Or if possible, take a screenshot and post in your next reply.

OCD

2014-09-27, 05:31

Hi Nightwingsgurl,

Just checking in to see if you still need help?

OCD

2014-09-29, 05:27

Since this issue appears to be resolved ... this Topic has been closed.

If you still require help, please start a new topic and include fresh FRST and aswMBR logs, along with a link to your previous thread.

Please do not add any logs that might have been requested previously, you would be starting fresh.

Applies only to the original poster, anyone else with similar problems please start your own topic.

--------------------------------------------
Admin Edit
"Thank you" OCD. :)