Problem with residual conduit message

[Suemarie]

First, I apologize for posting this. I did find the thread about someone else have a problem with a conduit. Some time ago, spybot dug out a conduit from my computer; however there is a message window that pops up whenever I start my computer up. It says:

There was a problem starting C:\Users\SueB\AppData\Data\Local\Conduit\BackgroundContainer\BackgroundContainer.dll The specified module could not be found.

I did look through your maleware removal forum under "C" but didn't see anything about conduits.

I will be honest and say that I only have the free version of spybot-S&D. I also have Malwarebytes and Avast professional. I have been considering changing to your spybot professional. Would this be able to take the place of Avast? My subscription is due to run out soon.

The reason that I am considering spybot now is your program is the only one that was able to dig the conduit out except for this one file. I am at a loss as to even know where to look for it. Would your professional software be able to find it?

Thank you for reading this. I make my living on my computer so cannot afford to have any security issues with it.

[OCD]

Hi Suemarie,

My name is OCD. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

• I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
• The fixes are specific to your problem and should only be used for the issues on this machine.
• Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
• It's often worth reading through these instructions and printing them for ease of reference.
• If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
• Please reply to this thread. Do not start a new topic.
• Copy and Paste logs directly into the reply window. DO NOT attach the logs unless specifically instructed to do so.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

Please stay with this topic until I let you know that your system appears to be "All Clear"

Important: All tools MUST be run from the Desktop.

=========================

Security Check

Download Security Check by screen317 from here or here.

• Save it to your Desktop.
  
  • Windows XP : Double click on the icon to run it.
  • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=========================

aswMBR

Download aswMBR.exe and save it to your desktop.

• • Windows XP : Double click on the icon to run it.
  • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
• When asked if you want to download Avast's virus definitions please select Yes.
• Click Scan
• Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
• You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.

=========================

Download Farbar Recovery Scan Tool and save to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Right click and select "Run as Administrator" to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply

=========================

In your next post please provide the following:

• checkup.txt
• aswMBR.txt
• attach MBR.zip
• FRST.txt
• Addition.txt

[Suemarie]

I hope that I did this correctly. I tried to put it into one post, but it seems to be too long, so I will do it in several.

In your next post please provide the following:
checkup.txt
aswMBR.txt
attach MBR.zip
FRST.txt
Addition.txt

Checkup.txt report

Results of screen317's Security Check version 0.99.85
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.70.0.1100
Out of date Malwarebytes Anti-Malware installed!
Java 7 Update 60
Adobe Flash Player 14.0.0.125
Adobe Reader XI
Mozilla Firefox (30.0)
Mozilla Thunderbird (24.6.0)
Google Chrome 35.0.1916.114
Google Chrome 35.0.1916.153
Google Chrome plugins...
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Spybot Teatimer.exe is disabled!
Malwarebytes' Anti-Malware mbamscheduler.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast afwServ.exe
AVAST Software Avast avastui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````

_____________________________________________________________

I am not sure if I attached the MBR zip correctly. If not, please let me know. I am having trouble getting the MBR text. though. after the scan, the screen turned blue and a message came up saying windows had closed due to finding a problem.

_________________________________________

[Suemarie]

First Txt

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-07-2014
Ran by SueB (administrator) on SUEB-PC on 02-07-2014 08:43:56
Running from C:\Users\SueB\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/down...an-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/down...an-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Windows\System32\GManager.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\Program Files (x86)\Common Files\DesktopUtil\MCTDesktopSvr.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(24im LLC) C:\Program Files (x86)\24im\24im Messenger\IMC.EXE
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Users\SueB\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\SueB\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\SueB\AppData\Local\Google\Chrome\Application\chrome.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe


==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-06-24] (AVAST Software)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\.DEFAULT\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-3890881620-3642371930-2457045338-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3666224 2013-09-20] (Safer-Networking Ltd.)
HKU\S-1-5-21-3890881620-3642371930-2457045338-1001\...\Run: [InbitIMC] => C:\Program Files (x86)\24im\24im Messenger\IMC.EXE [3423744 2013-11-30] (24im LLC)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a...1648369585&ir=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL =
SearchScopes: HKLM-x32 - DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 - {6d6503c4-6ba9-419a-9657-607ae153f4c4} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3309767&CUI=UN11379035163226023&UM=2
SearchScopes: HKCU - DefaultScope {00683C20-0225-4AF9-B5B0-E79759803B69} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=suma_14_14_ie&cd=2XzuyEtN2Y1L1QzutDtD0F0F0AzytAyBtDzyyBzztBzzyB0EtN0D0Tzu0SzztByBtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2StDyE0EyD0D0CyD0EtG0FtBtB0BtGtD0C0CtCtGyBzz0A0AtGyD0CzzzyyCtDtA0CtC0CyC0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtDzzzytB0F0FyBtG0F0EyDtBtGzy0BzztDtGzztA0F0BtGyB0F0C0D0Czz0CyDtBtCyByD2Q&cr=1648369585&ir=
SearchScopes: HKCU - {00683C20-0225-4AF9-B5B0-E79759803B69} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=suma_14_14_ie&cd=2XzuyEtN2Y1L1QzutDtD0F0F0AzytAyBtDzyyBzztBzzyB0EtN0D0Tzu0SzztByBtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2StDyE0EyD0D0CyD0EtG0FtBtB0BtGtD0C0CtCtGyBzz0A0AtGyD0CzzzyyCtDtA0CtC0CyC0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtDzzzytB0F0FyBtG0F0EyDtBtGzy0BzztDtGzztA0F0BtGyB0F0C0D0Czz0CyDtBtCyByD2Q&cr=1648369585&ir=
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKCU - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3311875&CUI=UN23127794002916819&UM=2
SearchScopes: HKCU - {F675470B-C135-4DA8-A601-8A3F063FA64F} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {FBF428CE-6C57-4765-978A-D21EB5B3017C} URL = https://www.google.com/search?q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 65.32.5.111 65.32.5.112

FireFox:
========
FF ProfilePath: C:\Users\SueB\AppData\Roaming\Mozilla\Firefox\Profiles\7s6elucx.default
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF Keyword.URL: https://www.google.com/search
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll ()
FF Plugin: @java.com/DTPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\SueB\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\SueB\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\SueB\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npatgpc.dll (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\SueB\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF SearchPlugin: C:\Users\SueB\AppData\Roaming\Mozilla\Firefox\Profiles\7s6elucx.default\searchplugins\Mysearchdial.xml
FF SearchPlugin: C:\Users\SueB\AppData\Roaming\Mozilla\Firefox\Profiles\7s6elucx.default\searchplugins\sweettunes-customized-web-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\sweettunes_search.xml
FF Extension: IE Tab 2 (FF 3.6+) - C:\Users\SueB\AppData\Roaming\Mozilla\Firefox\Profiles\7s6elucx.default\Extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} [2013-12-31]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-04-11]
FF HKLM\...\Firefox\Extensions: [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}] - C:\Program Files\Updater By SweetPacks\Firefox
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-11-21]

Chrome:
=======
CHR HomePage:
CHR StartupUrls: "https://www.google.com/", "hxxp://start.mysearchdial.com/?f=1&a=suma_14_14_ie&cd=2XzuyEtN2Y1L1QzutDtD0F0F0AzytAyBtDzyyBzztBzzyB0EtN0D0Tzu0SzztByBtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2StDyE0EyD0D0CyD0EtG0FtBtB0BtGtD0C0CtCtGyBzz0A0AtGyD0CzzzyyCtDtA0CtC0CyC0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtDzzzytB0F0FyBtG0F0EyDtBtGzy0BzztDtGzztA0F0BtGyB0F0C0D0Czz0CyDtBtCyByD2Q&cr=1648369585&ir=", "www.google.com"
CHR Extension: (Google Drive) - C:\Users\SueB\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-24]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\SueB\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (SweetTunes) - C:\Users\SueB\AppData\Local\Google\Chrome\User Data\Default\Extensions\blklojfklgnogjaijkibhfjepakiocng [2014-01-13]
CHR Extension: (YouTube) - C:\Users\SueB\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-24]
CHR Extension: (Google Search) - C:\Users\SueB\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-24]
CHR Extension: (avast! Online Security) - C:\Users\SueB\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-01-24]
CHR Extension: (Mapit 1) - C:\Users\SueB\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbkceikmmebhmgcjiemejoaeholbnnjl [2014-01-13]
CHR Extension: (Google Wallet) - C:\Users\SueB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-05]
CHR Extension: (Gmail) - C:\Users\SueB\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-24]
CHR HKLM\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\SueB\AppData\Local\mysearchdial-speeddial.crx [2014-01-24]
CHR HKCU\...\Chrome\Extension: [blklojfklgnogjaijkibhfjepakiocng] - C:\Users\SueB\AppData\Local\CRE\blklojfklgnogjaijkibhfjepakiocng.crx [2013-12-18]
CHR HKCU\...\Chrome\Extension: [jbkceikmmebhmgcjiemejoaeholbnnjl] - C:\Users\SueB\AppData\Local\CRE\jbkceikmmebhmgcjiemejoaeholbnnjl.crx [2012-11-30]
CHR HKLM-x32\...\Chrome\Extension: [blklojfklgnogjaijkibhfjepakiocng] - C:\Users\SueB\AppData\Local\CRE\blklojfklgnogjaijkibhfjepakiocng.crx [2013-12-18]
CHR HKLM-x32\...\Chrome\Extension: [jbkceikmmebhmgcjiemejoaeholbnnjl] - C:\Users\SueB\AppData\Local\CRE\jbkceikmmebhmgcjiemejoaeholbnnjl.crx [2012-11-30]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-02] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [109048 2014-05-02] (AVAST Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
R2 GManager; C:\Windows\system32\GManager.exe [313432 2012-08-28] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [398184 2012-12-14] (Malwarebytes Corporation) [File not signed]
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [682344 2012-12-14] (Malwarebytes Corporation) [File not signed]
R2 MCTDesktopSvr; C:\Program Files (x86)\Common Files\DesktopUtil\MCTDesktopSvr.exe [199296 2011-05-03] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)

==================== Drivers (Whitelisted) ====================

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-05-02] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-04-03] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-05-02] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [447888 2014-05-15] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-05-02] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-05-02] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-15] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-15] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-05-02] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24176 2012-12-14] (Malwarebytes Corporation) [File not signed]
R3 mctkmd; C:\Windows\system32\drivers\mctkmd64.sys [145840 2012-12-25] (Magic Control Technology Corporation)
R0 mctkmdldr; C:\Windows\System32\drivers\mctkmdldr64.sys [19584 2011-04-08] (Magic Control Technology Corporation)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-01-20] ()
R3 t2usb64; C:\Windows\System32\drivers\t2usb64.sys [410592 2012-09-21] (Magic Control Technology Corp.)
S3 tapoas; C:\Windows\System32\DRIVERS\tapoas.sys [30720 2010-10-06] (The OpenVPN Project)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-02 08:43 - 2014-07-02 08:44 - 00022137 _____ () C:\Users\SueB\Downloads\FRST.txt
2014-07-02 08:43 - 2014-07-02 08:44 - 00000000 ____D () C:\FRST
2014-07-02 08:42 - 2014-07-02 08:43 - 00001437 _____ () C:\Users\SueB\Desktop\FRST64 - Shortcut.lnk
2014-07-02 08:41 - 2014-07-02 08:41 - 02083840 _____ (Farbar) C:\Users\SueB\Downloads\FRST64.exe
2014-07-02 08:30 - 2014-07-02 08:30 - 00262144 _____ () C:\Windows\Minidump\070214-17425-01.dmp
2014-07-02 08:27 - 2014-07-02 08:27 - 00000565 _____ () C:\Users\SueB\Documents\MBR.zip
2014-07-02 08:26 - 2014-07-02 08:24 - 00000512 _____ () C:\Users\SueB\Documents\MBR.dat
2014-07-02 08:14 - 2014-07-02 08:30 - 778359869 _____ () C:\Windows\MEMORY.DMP
2014-07-02 08:14 - 2014-07-02 08:30 - 00000000 ____D () C:\Windows\Minidump
2014-07-02 08:14 - 2014-07-02 08:14 - 00262144 _____ () C:\Windows\Minidump\070214-17503-01.dmp
2014-07-02 07:57 - 2014-07-02 07:57 - 00001107 _____ () C:\Users\SueB\Desktop\SecurityCheck (1) - Shortcut.lnk
2014-07-02 07:56 - 2014-07-02 08:01 - 00001437 _____ () C:\Users\SueB\Desktop\aswMBR - Shortcut.lnk
2014-07-02 07:56 - 2014-07-02 07:56 - 00854390 _____ () C:\Users\SueB\Downloads\SecurityCheck (2).exe
2014-07-02 07:55 - 2014-07-02 07:56 - 05185536 _____ (AVAST Software) C:\Users\SueB\Downloads\aswMBR.exe
2014-07-02 07:54 - 2014-07-02 07:55 - 00854390 _____ () C:\Users\SueB\Downloads\SecurityCheck (1).exe
2014-07-02 07:46 - 2014-07-02 07:46 - 00854390 _____ () C:\Users\SueB\Downloads\SecurityCheck.exe
2014-07-01 01:42 - 2014-07-01 01:42 - 00002467 _____ () C:\Users\SueB\Desktop\microsoft excel starter 2010.lnk
2014-07-01 01:42 - 2014-07-01 01:42 - 00002447 _____ () C:\Users\SueB\Desktop\microsoft word starter 2010.lnk
2014-07-01 01:42 - 2014-07-01 01:42 - 00002023 _____ () C:\Users\Public\Desktop\adobe reader xi.lnk
2014-07-01 01:42 - 2014-07-01 01:42 - 00001958 _____ () C:\Users\Public\Desktop\netflix.lnk
2014-07-01 01:42 - 2014-07-01 01:42 - 00001162 _____ () C:\Users\Public\Desktop\clear.fi photo.lnk
2014-07-01 01:42 - 2014-07-01 01:42 - 00001162 _____ () C:\Users\Public\Desktop\clear.fi media.lnk
2014-07-01 01:33 - 2014-07-01 01:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-01 01:33 - 2014-07-01 01:33 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-01 01:33 - 2014-07-01 01:33 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-01 01:32 - 2014-07-01 01:33 - 13084896 _____ (Microsoft Corporation) C:\Users\SueB\Downloads\Silverlight_x64.exe
2014-07-01 00:00 - 2014-07-01 00:00 - 00000600 _____ () C:\Users\SueB\AppData\Roaming\winscp.rnd
2014-07-01 00:00 - 2014-07-01 00:00 - 00000000 ____D () C:\CSV
2014-06-30 23:42 - 2014-06-30 23:42 - 00000000 ____D () C:\Diag-Advisor
2014-06-30 14:07 - 2014-07-02 08:30 - 00000784 _____ () C:\Windows\setupact.log
2014-06-30 14:07 - 2014-06-30 14:07 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-30 12:51 - 2014-06-30 12:51 - 00001405 _____ () C:\Users\SueB\Desktop\Spybot-S&D Start Center (2).lnk
2014-06-30 11:35 - 2014-06-30 11:35 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-06-30 11:35 - 2014-06-30 11:35 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-06-30 11:35 - 2014-06-30 11:35 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-06-30 11:35 - 2014-06-30 11:35 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-06-30 11:34 - 2014-06-30 11:34 - 30984104 _____ (Oracle Corporation) C:\Users\SueB\Downloads\jre-7u60-windows-x64 (1).exe
2014-06-30 11:29 - 2014-06-30 11:29 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-06-30 11:29 - 2014-06-30 11:29 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-06-30 11:29 - 2014-06-30 11:29 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-06-30 11:29 - 2014-06-30 11:29 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-06-30 11:29 - 2014-06-30 11:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-30 11:28 - 2014-06-30 11:28 - 00918952 _____ (Oracle Corporation) C:\Users\SueB\Downloads\JavaSetup7u60 (2).exe
2014-06-30 08:34 - 2014-06-30 21:40 - 00000000 __SHD () C:\Jumpshot
2014-06-30 08:31 - 2014-07-01 01:42 - 00000000 ____D () C:\Windows\jumpshot.com
2014-06-28 18:04 - 2014-06-28 18:04 - 30984104 _____ (Oracle Corporation) C:\Users\SueB\Downloads\jre-7u60-windows-x64.exe
2014-06-26 21:10 - 2014-06-08 05:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-26 21:10 - 2014-06-08 05:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-24 07:32 - 2014-06-24 07:32 - 00123910 _____ () C:\Users\SueB\Documents\Current Schedules.odt
2014-06-20 22:26 - 2014-06-20 22:26 - 00918952 _____ (Oracle Corporation) C:\Users\SueB\Downloads\JavaSetup7u60 (1).exe
2014-06-20 21:17 - 2014-06-20 21:17 - 31112616 _____ (Oracle Corporation) C:\Users\SueB\Downloads\jre-8u5-windows-i586.exe
2014-06-20 21:14 - 2014-06-20 21:14 - 00001787 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-06-20 21:14 - 2014-06-20 21:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-06-20 21:13 - 2014-06-20 21:14 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-06-20 21:13 - 2014-06-20 21:14 - 00000000 ____D () C:\Program Files\iTunes
2014-06-20 21:13 - 2014-06-20 21:14 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-06-20 21:13 - 2014-06-20 21:13 - 00000000 ____D () C:\Program Files\iPod
2014-06-20 21:10 - 2014-06-20 21:10 - 00000000 ____D () C:\Program Files\Bonjour
2014-06-20 21:10 - 2014-06-20 21:10 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-06-20 20:58 - 2014-06-30 11:35 - 00000000 ____D () C:\Program Files\Java
2014-06-20 20:57 - 2014-06-20 20:58 - 34131368 _____ (Oracle Corporation) C:\Users\SueB\Downloads\jre-8u5-windows-x64.exe
2014-06-20 20:52 - 2014-06-20 20:52 - 02028920 _____ (SafeInstall, LLC) C:\Users\SueB\Downloads\manualdownload.exe
2014-06-20 20:47 - 2014-06-20 20:47 - 00918952 _____ (Oracle Corporation) C:\Users\SueB\Downloads\JavaSetup7u60.exe
2014-06-12 10:09 - 2014-06-12 10:09 - 00011287 _____ () C:\Users\SueB\Documents\shifts off.odt
2014-06-12 07:45 - 2014-06-12 10:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-06-11 06:09 - 2014-05-23 22:48 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-11 06:09 - 2014-05-23 22:47 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-11 06:09 - 2014-05-23 22:47 - 01366016 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-11 06:09 - 2014-05-23 22:46 - 19290112 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-11 06:09 - 2014-05-23 22:46 - 15368704 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-11 06:09 - 2014-05-23 22:46 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-11 06:09 - 2014-05-23 22:46 - 02650112 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-11 06:09 - 2014-05-23 22:46 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-06-11 06:09 - 2014-05-23 22:46 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-11 06:09 - 2014-05-23 22:46 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-11 06:09 - 2014-05-23 22:46 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-11 06:09 - 2014-05-23 22:46 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-06-11 06:09 - 2014-05-23 22:46 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-11 06:09 - 2014-05-23 22:46 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-11 06:09 - 2014-05-23 22:46 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-11 06:09 - 2014-05-23 22:46 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-11 06:09 - 2014-05-23 22:45 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-11 06:09 - 2014-05-23 22:45 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-11 06:09 - 2014-05-23 22:45 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-11 06:09 - 2014-05-23 21:26 - 14365696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-11 06:09 - 2014-05-23 21:26 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-11 06:09 - 2014-05-23 21:26 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-11 06:09 - 2014-05-23 21:26 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-11 06:09 - 2014-05-23 21:26 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-11 06:09 - 2014-05-23 21:26 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-11 06:09 - 2014-05-23 21:25 - 13731328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-11 06:09 - 2014-05-23 21:25 - 02862080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-11 06:09 - 2014-05-23 21:25 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-11 06:09 - 2014-05-23 21:25 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-11 06:09 - 2014-05-23 21:25 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-06-11 06:09 - 2014-05-23 21:25 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-11 06:09 - 2014-05-23 21:25 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-11 06:09 - 2014-05-23 21:25 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-11 06:09 - 2014-05-23 21:25 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-06-11 06:09 - 2014-05-23 21:25 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-11 06:09 - 2014-05-23 21:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-11 06:09 - 2014-05-23 21:25 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-11 06:09 - 2014-05-23 21:09 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-11 06:09 - 2014-05-23 21:03 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-11 06:09 - 2014-05-23 20:13 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-06-11 06:09 - 2014-05-23 20:06 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-06-11 06:09 - 2014-05-08 05:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-06-11 06:09 - 2014-05-08 05:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-06-11 06:09 - 2014-04-24 22:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-11 06:09 - 2014-04-24 22:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-11 06:09 - 2014-04-04 22:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-11 06:09 - 2014-04-04 22:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-11 06:09 - 2014-03-26 10:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-11 06:09 - 2014-03-26 10:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-11 06:09 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-11 06:09 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-11 06:09 - 2014-03-26 10:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-11 06:09 - 2014-03-26 10:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-11 06:09 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-11 06:09 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-05 16:41 - 2014-06-05 16:41 - 00001112 _____ () C:\Users\Public\Desktop\OpenOffice 4.1.0.lnk
2014-06-05 16:41 - 2014-06-05 16:41 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.0
2014-06-05 10:21 - 2014-06-05 10:23 - 140910890 _____ () C:\Users\SueB\Downloads\Apache_OpenOffice_4.1.0_Win_x86_install_en-US.exe
2014-06-04 22:59 - 2014-06-04 22:59 - 00012442 _____ () C:\Users\SueB\Downloads\apa6th_template.zip
2014-06-04 22:46 - 2014-06-04 22:46 - 00010298 _____ () C:\Users\SueB\Downloads\mla_with_second_page_header.zip
2014-06-04 06:20 - 2014-06-04 06:20 - 00013139 _____ () C:\Users\SueB\Documents\June 03 2014 goof card.odt

==================== One Month Modified Files and Folders =======

2014-07-02 08:44 - 2014-07-02 08:43 - 00022137 _____ () C:\Users\SueB\Downloads\FRST.txt
2014-07-02 08:44 - 2014-07-02 08:43 - 00000000 ____D () C:\FRST
2014-07-02 08:43 - 2014-07-02 08:42 - 00001437 _____ () C:\Users\SueB\Desktop\FRST64 - Shortcut.lnk
2014-07-02 08:41 - 2014-07-02 08:41 - 02083840 _____ (Farbar) C:\Users\SueB\Downloads\FRST64.exe
2014-07-02 08:38 - 2009-07-14 00:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-02 08:38 - 2009-07-14 00:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-02 08:37 - 2009-07-14 01:13 - 00783400 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-02 08:34 - 2014-02-19 09:57 - 01441255 _____ () C:\Windows\WindowsUpdate.log
2014-07-02 08:33 - 2013-09-05 20:49 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3890881620-3642371930-2457045338-1001UA.job
2014-07-02 08:30 - 2014-07-02 08:30 - 00262144 _____ () C:\Windows\Minidump\070214-17425-01.dmp
2014-07-02 08:30 - 2014-07-02 08:14 - 778359869 _____ () C:\Windows\MEMORY.DMP
2014-07-02 08:30 - 2014-07-02 08:14 - 00000000 ____D () C:\Windows\Minidump
2014-07-02 08:30 - 2014-06-30 14:07 - 00000784 _____ () C:\Windows\setupact.log
2014-07-02 08:30 - 2013-12-02 17:17 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-02 08:30 - 2013-08-30 20:14 - 00002812 _____ () C:\Windows\system32\GManager.ini
2014-07-02 08:30 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-02 08:27 - 2014-07-02 08:27 - 00000565 _____ () C:\Users\SueB\Documents\MBR.zip
2014-07-02 08:27 - 2014-02-27 22:00 - 00000536 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3890881620-3642371930-2457045338-1001.job
2014-07-02 08:24 - 2014-07-02 08:26 - 00000512 _____ () C:\Users\SueB\Documents\MBR.dat
2014-07-02 08:14 - 2014-07-02 08:14 - 00262144 _____ () C:\Windows\Minidump\070214-17503-01.dmp
2014-07-02 08:10 - 2013-11-24 14:54 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-02 08:01 - 2014-07-02 07:56 - 00001437 _____ () C:\Users\SueB\Desktop\aswMBR - Shortcut.lnk
2014-07-02 07:57 - 2014-07-02 07:57 - 00001107 _____ () C:\Users\SueB\Desktop\SecurityCheck (1) - Shortcut.lnk
2014-07-02 07:56 - 2014-07-02 07:56 - 00854390 _____ () C:\Users\SueB\Downloads\SecurityCheck (2).exe
2014-07-02 07:56 - 2014-07-02 07:55 - 05185536 _____ (AVAST Software) C:\Users\SueB\Downloads\aswMBR.exe
2014-07-02 07:55 - 2014-07-02 07:54 - 00854390 _____ () C:\Users\SueB\Downloads\SecurityCheck (1).exe
2014-07-02 07:52 - 2013-12-02 17:17 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-02 07:46 - 2014-07-02 07:46 - 00854390 _____ () C:\Users\SueB\Downloads\SecurityCheck.exe
2014-07-01 22:51 - 2012-11-21 19:36 - 00000000 ____D () C:\Users\SueB\AppData\Roaming\SoftGrid Client
2014-07-01 19:18 - 2012-11-23 04:03 - 00000000 ____D () C:\Users\SueB\AppData\Roaming\Skype
2014-07-01 18:33 - 2013-09-05 20:49 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3890881620-3642371930-2457045338-1001Core.job
2014-07-01 14:25 - 2014-02-27 22:00 - 00003562 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-3890881620-3642371930-2457045338-1001
2014-07-01 01:42 - 2014-07-01 01:42 - 00002467 _____ () C:\Users\SueB\Desktop\microsoft excel starter 2010.lnk
2014-07-01 01:42 - 2014-07-01 01:42 - 00002447 _____ () C:\Users\SueB\Desktop\microsoft word starter 2010.lnk
2014-07-01 01:42 - 2014-07-01 01:42 - 00002023 _____ () C:\Users\Public\Desktop\adobe reader xi.lnk
2014-07-01 01:42 - 2014-07-01 01:42 - 00001958 _____ () C:\Users\Public\Desktop\netflix.lnk
2014-07-01 01:42 - 2014-07-01 01:42 - 00001162 _____ () C:\Users\Public\Desktop\clear.fi photo.lnk
2014-07-01 01:42 - 2014-07-01 01:42 - 00001162 _____ () C:\Users\Public\Desktop\clear.fi media.lnk
2014-07-01 01:42 - 2014-06-30 08:31 - 00000000 ____D () C:\Windows\jumpshot.com
2014-07-01 01:42 - 2012-04-12 23:09 - 00000000 ____D () C:\Windows\System32\Tasks\Recovery Management
2014-07-01 01:36 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-01 01:33 - 2014-07-01 01:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-01 01:33 - 2014-07-01 01:33 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-01 01:33 - 2014-07-01 01:33 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-01 01:33 - 2014-07-01 01:32 - 13084896 _____ (Microsoft Corporation) C:\Users\SueB\Downloads\Silverlight_x64.exe
2014-07-01 01:28 - 2013-11-15 01:22 - 00002302 _____ () C:\Users\Public\Desktop\avast! SafeZone.lnk
2014-07-01 01:28 - 2013-02-22 09:01 - 00001897 _____ () C:\Users\Public\Desktop\Defraggler.lnk
2014-07-01 00:00 - 2014-07-01 00:00 - 00000600 _____ () C:\Users\SueB\AppData\Roaming\winscp.rnd
2014-07-01 00:00 - 2014-07-01 00:00 - 00000000 ____D () C:\CSV
2014-06-30 23:42 - 2014-06-30 23:42 - 00000000 ____D () C:\Diag-Advisor
2014-06-30 23:24 - 2013-01-05 22:08 - 00000000 ____D () C:\Users\SueB\Downloads\D2000AZNEWGB_Training(1)
2014-06-30 22:49 - 2012-12-09 14:16 - 00000000 ____D () C:\Users\SueB\Documents\Youcam
2014-06-30 21:40 - 2014-06-30 08:34 - 00000000 __SHD () C:\Jumpshot
2014-06-30 14:14 - 2013-05-21 09:04 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{B4B6C508-3456-47A0-9DC4-7C361428BA62}
2014-06-30 14:07 - 2014-06-30 14:07 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-30 12:51 - 2014-06-30 12:51 - 00001405 _____ () C:\Users\SueB\Desktop\Spybot-S&D Start Center (2).lnk
2014-06-30 12:51 - 2014-04-08 17:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-06-30 11:35 - 2014-06-30 11:35 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-06-30 11:35 - 2014-06-30 11:35 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-06-30 11:35 - 2014-06-30 11:35 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-06-30 11:35 - 2014-06-30 11:35 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-06-30 11:35 - 2014-06-20 20:58 - 00000000 ____D () C:\Program Files\Java
2014-06-30 11:34 - 2014-06-30 11:34 - 30984104 _____ (Oracle Corporation) C:\Users\SueB\Downloads\jre-7u60-windows-x64 (1).exe
2014-06-30 11:30 - 2013-10-17 00:21 - 00000000 ____D () C:\ProgramData\Oracle
2014-06-30 11:29 - 2014-06-30 11:29 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-06-30 11:29 - 2014-06-30 11:29 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-06-30 11:29 - 2014-06-30 11:29 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-06-30 11:29 - 2014-06-30 11:29 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-06-30 11:29 - 2014-06-30 11:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-30 11:29 - 2012-11-27 18:28 - 00000000 ____D () C:\Program Files (x86)\Java
2014-06-30 11:28 - 2014-06-30 11:28 - 00918952 _____ (Oracle Corporation) C:\Users\SueB\Downloads\JavaSetup7u60 (2).exe
2014-06-30 09:22 - 2012-11-21 18:13 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-06-30 09:21 - 2012-11-21 17:54 - 00000000 ____D () C:\Users\SueB
2014-06-30 08:34 - 2012-11-21 17:55 - 07864320 ___SH () C:\Users\SueB\.ghost-ntfs-3g-00000000000000000009
2014-06-30 08:34 - 2009-07-13 22:34 - 77332480 _____ () C:\Windows\system32\config\.ghost-ntfs-3g-00000000000000000001
2014-06-30 08:34 - 2009-07-13 22:34 - 22806528 _____ () C:\Windows\system32\config\.ghost-ntfs-3g-00000000000000000003
2014-06-28 18:04 - 2014-06-28 18:04 - 30984104 _____ (Oracle Corporation) C:\Users\SueB\Downloads\jre-7u60-windows-x64.exe
2014-06-26 21:10 - 2014-04-30 23:31 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-24 07:32 - 2014-06-24 07:32 - 00123910 _____ () C:\Users\SueB\Documents\Current Schedules.odt
2014-06-22 20:32 - 2012-11-21 17:55 - 00064416 _____ () C:\Users\SueB\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-21 03:47 - 2013-12-02 17:17 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-21 03:47 - 2013-12-02 17:17 - 00003638 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-20 22:26 - 2014-06-20 22:26 - 00918952 _____ (Oracle Corporation) C:\Users\SueB\Downloads\JavaSetup7u60 (1).exe
2014-06-20 21:17 - 2014-06-20 21:17 - 31112616 _____ (Oracle Corporation) C:\Users\SueB\Downloads\jre-8u5-windows-i586.exe
2014-06-20 21:14 - 2014-06-20 21:14 - 00001787 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-06-20 21:14 - 2014-06-20 21:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-06-20 21:14 - 2014-06-20 21:13 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-06-20 21:14 - 2014-06-20 21:13 - 00000000 ____D () C:\Program Files\iTunes
2014-06-20 21:14 - 2014-06-20 21:13 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-06-20 21:13 - 2014-06-20 21:13 - 00000000 ____D () C:\Program Files\iPod
2014-06-20 21:10 - 2014-06-20 21:10 - 00000000 ____D () C:\Program Files\Bonjour
2014-06-20 21:10 - 2014-06-20 21:10 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-06-20 21:09 - 2012-12-06 08:04 - 00000000 ____D () C:\ProgramData\Apple
2014-06-20 21:07 - 2013-11-24 14:54 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-20 21:07 - 2013-11-24 14:54 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-20 21:07 - 2013-11-24 14:54 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-06-20 20:58 - 2014-06-20 20:57 - 34131368 _____ (Oracle Corporation) C:\Users\SueB\Downloads\jre-8u5-windows-x64.exe
2014-06-20 20:52 - 2014-06-20 20:52 - 02028920 _____ (SafeInstall, LLC) C:\Users\SueB\Downloads\manualdownload.exe
2014-06-20 20:49 - 2014-04-06 23:12 - 00000983 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-06-20 20:47 - 2014-06-20 20:47 - 00918952 _____ (Oracle Corporation) C:\Users\SueB\Downloads\JavaSetup7u60.exe
2014-06-20 20:45 - 2014-05-17 21:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-20 20:39 - 2014-04-06 23:12 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-19 07:51 - 2013-12-02 17:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-06-18 19:26 - 2014-03-15 17:24 - 00000000 ____D () C:\ProgramData\webex
2014-06-16 18:28 - 2013-09-05 20:49 - 00003876 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3890881620-3642371930-2457045338-1001UA
2014-06-16 18:28 - 2013-09-05 20:49 - 00003480 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3890881620-3642371930-2457045338-1001Core
2014-06-13 07:02 - 2012-11-21 18:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-12 10:09 - 2014-06-12 10:09 - 00011287 _____ () C:\Users\SueB\Documents\shifts off.odt
2014-06-12 10:07 - 2014-06-12 07:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-06-12 08:42 - 2007-07-11 21:49 - 00000000 ____D () C:\Windows\Panther
2014-06-11 10:03 - 2013-08-15 00:22 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-11 10:01 - 2012-11-23 13:34 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-08 05:13 - 2014-06-26 21:10 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 05:08 - 2014-06-26 21:10 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-07 08:12 - 2012-11-21 18:55 - 00001143 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-06-07 08:12 - 2012-11-21 18:55 - 00001143 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-06-07 08:12 - 2012-11-21 17:57 - 00001409 _____ () C:\Users\SueB\Desktop\Internet Explorer.lnk
2014-06-06 02:52 - 2009-07-14 00:45 - 00295288 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-06-05 16:47 - 2012-11-21 18:28 - 00002230 _____ () C:\Users\Public\Desktop\avast! Internet Security.lnk
2014-06-05 16:41 - 2014-06-05 16:41 - 00001112 _____ () C:\Users\Public\Desktop\OpenOffice 4.1.0.lnk
2014-06-05 16:41 - 2014-06-05 16:41 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.0
2014-06-05 16:41 - 2013-08-04 13:41 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2014-06-05 10:23 - 2014-06-05 10:21 - 140910890 _____ () C:\Users\SueB\Downloads\Apache_OpenOffice_4.1.0_Win_x86_install_en-US.exe
2014-06-04 22:59 - 2014-06-04 22:59 - 00012442 _____ () C:\Users\SueB\Downloads\apa6th_template.zip
2014-06-04 22:46 - 2014-06-04 22:46 - 00010298 _____ () C:\Users\SueB\Downloads\mla_with_second_page_header.zip
2014-06-04 06:20 - 2014-06-04 06:20 - 00013139 _____ () C:\Users\SueB\Documents\June 03 2014 goof card.odt

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-28 08:14

==================== End Of Log ============================

[Suemarie]

Addition

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-07-2014
Ran by SueB at 2014-07-02 08:44:35
Running from C:\Users\SueB\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

clear.fi SDK - MVP 2 (x32 Version: 2.0.1505 - CyberLink Corp.) Hidden
clear.fi SDK- Movie 2 (x32 Version: 2.0.1502 - CyberLink Corp.) Hidden
24im (Remove Only) (HKLM-x32\...\24im) (Version: - 24im LLC)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3507 - Acer Incorporated)
Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.2.5 - WildTangent)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3506 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0609.2011 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3501 - Acer Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 14.0.0.110 - Adobe Systems Incorporated) Hidden
Adobe Connect 9 Add-in (HKCU\...\Adobe Connect 9 Add-in) (Version: 11.2.392.0 - Adobe Systems Incorporated)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
avast! Internet Security (HKLM-x32\...\avast) (Version: 9.0.2018 - Avast Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
Chronicles of Albian (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cisco WebEx Meeting Center for Internet Explorer (HKLM-x32\...\{8EAB9068-AA14-4575-B8DD-322732E1F367}) (Version: 29.4.0.23 - Cisco WebEx LLC)
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Citrix Online Launcher (HKLM-x32\...\{AC7E7905-8C59-4806-A96D-30936A2B1FC5}) (Version: 1.0.168 - Citrix)
clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.00.3004 - Acer Incorporated)
clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.00.3004 - Acer Incorporated)
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
CyberLink MediaEspresso (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.1720_38230 - CyberLink Corp.)
CyberLink MediaEspresso (x32 Version: 6.5.1720_38230 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.0.3228 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 4.0.3228 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Defraggler (HKLM\...\Defraggler) (Version: 2.17 - Piriform)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.7000.7 - Dolby Laboratories Inc)
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
eBay Worldwide (HKLM-x32\...\{D3E5A972-9A15-427D-AE78-8181A5FD943C}) (Version: 2.2.0409 - OEM)
Etron USB3.0 Host Controller (x32 Version: 0.103 - Etron Technology) Hidden
Evernote v. 5.0.3 (HKLM-x32\...\{32D39568-3B77-11E3-88CE-00163E98E7D0}) (Version: 5.0.3.1614 - Evernote Corp.)
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Fooz Kids (HKLM-x32\...\FoozKids) (Version: 3.1.2 - FUHU, Inc.)
Fooz Kids (x32 Version: 3.1.2 - FUHU, Inc.) Hidden
Fooz Kids Platform (HKLM-x32\...\{8D68CE08-9A14-4B7B-9857-3C646A2F34C7}) (Version: 2.1 - FUHU, Inc.)
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKCU\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Drive (HKLM-x32\...\{D9F75285-4864-461D-83DA-8D056BAC44D1}) (Version: 1.16.6866.4367 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
GoToMeeting 6.3.0.1468 (HKCU\...\GoToMeeting) (Version: 6.3.0.1468 - CitrixOnline)
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
H&R Block Deluxe + Efile + State 2012 (HKLM-x32\...\{89D20029-0578-4D8D-979A-695C8D868868}) (Version: 12.05.7803 - HRB Technology, LLC.)
H&R Block Deluxe + Efile + State 2013 (HKLM-x32\...\{EDE796DE-0A72-464D-9D21-F04BC41A092B}) (Version: 13.05.6502 - HRB Technology, LLC.)
H&R Block Georgia 2012 (HKLM-x32\...\{92DE38F8-CBF1-4A4C-B19D-DD4ADA3E6408}) (Version: 1.12.3201 - HRB Technology, LLC.)
H&R Block Virginia 2012 (HKLM-x32\...\{3CBDBF7F-2E54-4A78-B41D-7163F7BC7F06}) (Version: 1.12.3301 - HRB Technology, LLC.)
Hotkey Utility (HKLM-x32\...\Hotkey Utility) (Version: 2.05.3510 - Acer Incorporated)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2321 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)
Java 7 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417060FF}) (Version: 7.0.600 - Oracle)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (x32 Version: 2.8.05.13 - Oracle, Inc.) Hidden
Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.57.2 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 1.70.0.1100 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.70.0.1100 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5139.5005 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 en-US)) (Version: 24.6.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyWinLocker (Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.18 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.18 - Egis Technology Inc.) Hidden
Nero Control Center 10 (x32 Version: 10.6.13200.0.12 - Nero AG) Hidden
Nero ControlCenter 10 Help (CHM) (x32 Version: 10.6.10800 - Nero AG) Hidden
Nero Core Components 10 (x32 Version: 2.0.20500.9.16 - Nero AG) Hidden
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.4.10500.1.100 - Nero AG)
Nero DiscSpeed 10 Help (CHM) (x32 Version: 10.6.10700 - Nero AG) Hidden
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.6.10700.5.100 - Nero AG)
Nero Express 10 Help (CHM) (x32 Version: 10.6.10700 - Nero AG) Hidden
Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}) (Version: 10.6.10300 - Nero AG)
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.6.10600.4.100 - Nero AG)
Nero StartSmart 10 Help (CHM) (x32 Version: 10.6.10700 - Nero AG) Hidden
Nero Update (x32 Version: 11.0.10022.15.0 - Nero AG) Hidden
NOOK for PC (HKLM-x32\...\BN_DesktopReader) (Version: 2.5.6.9575 - Barnesandnoble.com)
OpenOffice 4.1.0 (HKLM-x32\...\{C87EF11D-36E9-479D-9898-7541EA1E8A6A}) (Version: 4.10.9764 - Apache Software Foundation)
Pdf995 (installed by H&R Block) (HKLM-x32\...\Pdf995) (Version: - )
PdfEdit995 (installed by H&R Block) (HKLM-x32\...\PdfEdit995) (Version: - )
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.41.216.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6466 - Realtek Semiconductor Corp.)
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.2.15747.10003 - Microsoft Corporation)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)
TMS CallCenter (HKLM-x32\...\{3146714B-1289-46EF-BB9B-C68208D59D8B}) (Version: 2.9.38 - National Systems Corporation)
Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden
TouchSettings (HKLM-x32\...\{75880CD4-9436-4EDD-B7E7-400EBFD60B2C}) (Version: 1.00.0006 - Acer Incorporated)
Update for Zip Opener (HKCU\...\Digital Sites) (Version: - Update for Zip Opener) <==== ATTENTION
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
USB Display Device (Trigger Family) 12.01.1225.3679 (HKLM-x32\...\{81C5AD1D-C7C6-48AC-AC85-8F04293B1780}) (Version: 12.01.1225.3679 - StarTech)
Virtual Villagers 5 - New Believers (x32 Version: 2.2.0.97 - WildTangent) Hidden
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3507 - Acer Incorporated)
WildTangent Games App (Acer Games) (x32 Version: 4.0.5.32 - WildTangent) Hidden
Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Galeria de Fotos (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Restore Points =========================

24-06-2014 14:32:14 Windows Update
27-06-2014 01:10:12 Windows Update
28-06-2014 21:58:52 Removed Java 8 Update 5 (64-bit)
28-06-2014 22:04:23 Installed Java 7 Update 60 (64-bit)
29-06-2014 23:00:08 Windows Backup
30-06-2014 15:11:11 Removed Java 7 Update 60
30-06-2014 15:12:01 Removed Java 7 Update 60 (64-bit)
30-06-2014 15:29:01 Installed Java 7 Update 60
30-06-2014 15:34:55 Installed Java 7 Update 60 (64-bit)
01-07-2014 05:30:35 Removed Microsoft Silverlight
01-07-2014 05:31:03 Removed Microsoft Silverlight
01-07-2014 05:37:51 Restore Operation
01-07-2014 06:10:25 Windows Update

==================== Hosts content: ==========================

2009-07-13 22:34 - 2014-04-11 01:21 - 00451013 ____R C:\Windows\system32\Drivers\etc\hosts
127.94.0.1 client.openvpn.net
127.94.0.2 openvpn-client.loagentvpn.liveops.com
205.167.109.11 azcad
143.61.195.18 d2000-okc
209.82.196.139 d2kappok
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {0A48CDB4-2DFD-4BE2-B56C-E25848093A75} - System32\Tasks\{BDB1BDF5-9F76-4C68-9D75-494216820199} => C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [2014-06-12] (Mozilla Corporation)
Task: {0B1A5240-348B-4304-847D-F2184605D1ED} - System32\Tasks\{4752F0DE-31ED-4CBC-B01F-702B976EB8D8} => C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe [2012-09-12] (CyberLink Corp.)
Task: {0D05C315-5AB0-4861-A30E-4EE92A96BF01} - System32\Tasks\{9ACEEDF3-702F-4220-A05E-0CA93CA1E2A6} => C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE [2013-07-23] (Microsoft Corporation)
Task: {17DC4C4F-82CC-4486-AFC5-F9305C9FD1FB} - System32\Tasks\{1534418C-F0AB-4B71-8F01-3EE429F584FA} => C:\Users\SueB\Desktop\AZ\D2000AZNEWGB - Production\d2k32_cr.exe
Task: {1B97C20B-D968-4F77-8B2C-94F6AE744057} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2011-05-20] (CyberLink)
Task: {1DEB26B1-3131-44CF-9AE4-B79BC99DA0AF} - System32\Tasks\{B8681D4F-9C47-4AB0-A0FD-9DA821FEE5AA} => C:\Program Files (x86)\TMS CallCenter\TMSTouch.exe [2014-05-01] (National Systems Corporation)
Task: {20F678C9-2A19-4D6F-8258-23B50829D7DC} - System32\Tasks\{C4A595AE-B568-42EA-85F1-276B3C74A131} => C:\Users\SueB\Downloads\D2000AZNEWGB_Training(1)\D2000AZNEWGB - Training\d2k32_cr.exe
Task: {226E9CAF-1BAC-43FC-A362-B2426B3635B0} - System32\Tasks\{638E9ADC-9F84-43B3-A9F3-DA0B58579C00} => C:\ProgramData\OEM_E471269A730D\Netflix\StartURL.exe [2010-09-28] ()
Task: {2A7BC5AF-D5EC-4F33-B56D-E77BD16111D4} - System32\Tasks\{6B7EE633-1721-4727-8B09-4CAD264982D5} => Chrome.exe
Task: {2FFBC69E-72B9-4168-A3ED-C14E4DFA6530} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-02] (Google Inc.)
Task: {32227CC8-7C04-447D-91BA-E4B4499CCF04} - System32\Tasks\{E619DE95-D955-49F1-99FC-47EA85FBC4FA} => C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [2014-06-12] (Mozilla Corporation)
Task: {40896514-9238-4949-A4EF-5A2B6B415E6A} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2011-03-28] (Egis Technology Inc.)
Task: {440DC7A4-F6FE-400A-8A05-9E58DE665EDE} - System32\Tasks\{93712C41-9DDC-4AEA-8C2D-458F849D80B2} => C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE [2013-07-23] (Microsoft Corporation)
Task: {447ED454-8A73-4D1D-AC43-23172DC61152} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-20] (Adobe Systems Incorporated)
Task: {458A39D4-D0C8-4D57-90C2-0B7B73E43C73} - System32\Tasks\{BD2B32D7-2270-463B-800E-E3283A7AEE5F} => C:\Users\SueB\Downloads\D2000OK_SD_Production\D2000OK_SD Production\d2k32_cr.exe
Task: {4B1F9702-2BF4-4D2A-836D-0CB42BF67804} - System32\Tasks\{8BA08670-BED0-4AA3-8712-A7401AD34809} => C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE [2013-07-23] (Microsoft Corporation)
Task: {4B3F9A54-2A51-413E-B15B-CE1CEE6B9004} - System32\Tasks\{C5DED3AA-9725-481F-A072-0F9C5620DC2A} => C:\Program Files (x86)\TMS CallCenter\TMSTouch.exe [2014-05-01] (National Systems Corporation)
Task: {50FCA8F8-9AA8-491A-8A5D-D3C5485A4FD4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-02] (Google Inc.)
Task: {5264931F-6FD7-4517-84DC-DF6C78F5096A} - System32\Tasks\{5343B9A1-E2D3-4CEB-ADE3-161875C0DB7B} => C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [2014-06-12] (Mozilla Corporation)
Task: {57873E08-56FC-41B3-9210-AA93B8AF43A0} - System32\Tasks\{865A080C-DAA1-4C23-B0B7-9DE26F8D3135} => C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [2014-06-12] (Mozilla Corporation)
Task: {5D0A1D5B-A791-4D8C-9415-1F4B551F2D28} - System32\Tasks\{71A53804-1693-4846-A123-41A936D3AF27} => C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [2014-06-12] (Mozilla Corporation)
Task: {632B8A8A-2977-4A14-8F3B-335C04E1D0CE} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-05-02] (AVAST Software)
Task: {6827ACC2-63C7-4FA5-ABF6-217C21F61C9F} - System32\Tasks\G2MUpdateTask-S-1-5-21-3890881620-3642371930-2457045338-1001 => C:\Program Files (x86)\Citrix\GoToMeeting\1468\g2mupdate.exe [2014-07-01] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {6DA423E6-86DE-4BF8-96EC-0140F1F7DDD1} - System32\Tasks\{1EE24F2C-0DB4-424E-84C9-D5B553767CC3} => C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE [2013-07-23] (Microsoft Corporation)
Task: {704C1654-35F5-4DB1-8195-4524D1870BF2} - System32\Tasks\Recovery Management\Burn Notification => C:\Program Files\Acer\Acer eRecovery Management\NotificationCenter\Notification.exe [2012-01-18] (Acer)
Task: {7A45A029-1EF7-4437-9149-FBC27B0FE08D} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2011-03-28] (Egis Technology Inc.)
Task: {7B0C3B06-3A28-47C1-AB53-295E20E1E1AA} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {7DFBAB0C-3563-4DBE-BEC3-0871CB07C784} - System32\Tasks\{7B6AF7DA-9AA6-402B-BEBB-2A1C1739BFC3} => C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [2014-06-12] (Mozilla Corporation)
Task: {821068C7-2C55-4656-884F-AC9ED4B06CA2} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {8670ADD4-03F9-485B-97D7-11DB7A931235} - System32\Tasks\{71943BF6-63DE-4B39-B6A3-1BCC7FBCFBB8} => C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [2014-06-12] (Mozilla Corporation)
Task: {89536066-10FD-4EAA-B927-E1567E1BA3CB} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {96D67F5E-A707-4751-89E5-00B9EBCA27AE} - System32\Tasks\{2052277F-5188-4418-9901-057E6D3D78A1} => C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [2014-06-12] (Mozilla Corporation)
Task: {A193E4A5-A330-4296-86DB-437DF851057A} - System32\Tasks\{39F3C1C6-EC4D-402B-A504-E9D6FBAE6029} => C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [2014-06-12] (Mozilla Corporation)
Task: {ADA818BB-8F20-4D45-8144-98646066610B} - System32\Tasks\{288EC824-F8B4-4E9E-819A-A41CBF90B665} => C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [2014-06-12] (Mozilla Corporation)
Task: {AED3E3D0-02BB-42FF-85FF-B159F530FFB5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3890881620-3642371930-2457045338-1001Core => C:\Users\SueB\AppData\Local\Google\Update\GoogleUpdate.exe [2013-09-05] (Google Inc.)
Task: {B2D05C14-8C4D-4B91-852A-EC0148850C1F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3890881620-3642371930-2457045338-1001UA => C:\Users\SueB\AppData\Local\Google\Update\GoogleUpdate.exe [2013-09-05] (Google Inc.)
Task: {B4AD683C-6739-4229-8058-C94164C5017D} - System32\Tasks\{F5682B18-54EF-4BA1-8B80-17EE5E0BA4D4} => C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe [2014-02-06] (Apple Inc.)
Task: {C160B179-789D-4D4B-95C1-012C0CA09292} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {C190CB65-1728-45CD-803A-8DDBB674B702} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: {C57675A7-B82B-445E-97B8-B4D0D001CCD7} - System32\Tasks\{3777E41D-3A78-4D4C-BAE6-E5E45DEE9678} => C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe [2014-02-06] (Apple Inc.)
Task: {CA1A923E-4057-48ED-A708-6E3013B8C1B8} - System32\Tasks\{5F63685C-3140-4C71-AFC9-6F25CF2AF13D} => C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [2014-06-12] (Mozilla Corporation)
Task: {D1AF4EF7-20FE-4D98-AC5A-C0A78662793C} - System32\Tasks\UALU notificatin => C:\Program Files\Acer\Acer Updater\UALU.exe [2012-02-06] (Acer Incorporated)
Task: {D893FECF-D387-4112-B1B4-7E6B066A300E} - System32\Tasks\{C823354D-877A-4D2E-813F-74EB5EBE2BFC} => C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe
Task: {E1931CC9-1569-4FA3-B128-0BC5ABBA9962} - System32\Tasks\{5EBCD752-F3FD-4149-933E-89465BEC4685} => C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe [2014-02-06] (Apple Inc.)
Task: {E7490AFC-1999-4F1C-9DED-A4E3577B7B85} - System32\Tasks\{27397021-20E6-4FA4-9E6F-B36A347219EE} => C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [2014-06-12] (Mozilla Corporation)
Task: {F4B39FA3-7268-46F3-AE5E-F27332216409} - System32\Tasks\{77650567-5BA5-44DF-A667-22BB20EF1A55} => C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE [2013-07-23] (Microsoft Corporation)
Task: {F7A66014-EB44-41D2-9995-A969CE690FFC} - System32\Tasks\BackgroundContainer Startup Task => Rundll32.exe "C:\Users\SueB\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3890881620-3642371930-2457045338-1001.job => C:\Program Files (x86)\Citrix\GoToMeeting\1468\g2mupdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3890881620-3642371930-2457045338-1001Core.job => C:\Users\SueB\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3890881620-3642371930-2457045338-1001UA.job => C:\Users\SueB\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-03-29 22:00 - 2012-04-26 15:51 - 00040448 _____ () C:\Windows\System32\pdf995mon64.dll
2009-01-21 19:45 - 2009-01-21 19:45 - 01401856 _____ () C:\Program Files (x86)\EgisTec MyWinLocker\x64\LIBEAY32.dll
2013-08-30 20:14 - 2012-08-28 14:20 - 00313432 _____ () C:\Windows\system32\GManager.exe
2013-08-30 20:14 - 2011-05-03 18:13 - 00199296 _____ () C:\Program Files (x86)\Common Files\DesktopUtil\MCTDesktopSvr.exe
2014-07-02 07:49 - 2014-07-02 07:49 - 02789888 _____ () C:\Program Files\AVAST Software\Avast\defs\14070200\algo.dll
2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-04-23 16:04 - 2014-04-23 16:04 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-11-30 20:39 - 2013-11-30 20:39 - 00057344 _____ () C:\Program Files (x86)\24im\24im Messenger\IMHOOK2.dll
2014-04-08 17:20 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-04-08 17:20 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-04-08 17:20 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-04-08 17:20 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-04-08 17:20 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2013-11-15 01:22 - 2013-11-15 01:22 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-02-13 10:33 - 2014-02-13 10:33 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\0a0467413a424068d1471448ff6ca6cc\IsdiInterop.ni.dll
2012-04-12 22:53 - 2010-11-06 02:50 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2014-06-13 12:29 - 2014-06-05 09:58 - 00716616 _____ () C:\Users\SueB\AppData\Local\Google\Chrome\Application\35.0.1916.153\libglesv2.dll
2014-06-13 12:29 - 2014-06-05 09:58 - 00126280 _____ () C:\Users\SueB\AppData\Local\Google\Chrome\Application\35.0.1916.153\libegl.dll
2014-06-13 12:29 - 2014-06-05 09:58 - 04217672 _____ () C:\Users\SueB\AppData\Local\Google\Chrome\Application\35.0.1916.153\pdf.dll
2014-06-13 12:29 - 2014-06-05 09:58 - 00414536 _____ () C:\Users\SueB\AppData\Local\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
2014-06-13 12:29 - 2014-06-05 09:58 - 01732424 _____ () C:\Users\SueB\AppData\Local\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"

==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Dolby Home Theater v4 => "C:\Dolby PCEE4\pcee4.exe" -autostart
MSCONFIG\startupreg: FDispPos => C:\Program Files (x86)\Common Files\DesktopUtil\Util-Desktop.exe Launch FixPos
MSCONFIG\startupreg: Google Update => "C:\Users\SueB\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: Hotkey Utility => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: MCTDUtil => C:\Program Files (x86)\Common Files\DesktopUtil\Util-Desktop.exe Launch SuperUtil
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: RtHDVBg_Dolby => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: SuiteTray => "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
MSCONFIG\startupreg: TouchORB => C:\Program Files (x86)\TouchSettings\TouchPortalOBR.exe
MSCONFIG\startupreg: YouCam Mirage => "C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"
MSCONFIG\startupreg: YouCam Tray => "C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe" /s

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/02/2014 08:30:57 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/02/2014 08:15:16 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/02/2014 06:23:28 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/01/2014 11:26:54 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/01/2014 11:09:39 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/01/2014 11:03:14 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/01/2014 02:22:43 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/01/2014 01:43:02 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/01/2014 00:23:07 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/30/2014 10:57:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (07/02/2014 08:30:30 AM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x00000109 (0xa3a039d89a499889, 0xb3b7465eecc7d3c3, 0xfffff880009f4540, 0x0000000000000002)C:\Windows\MEMORY.DMP070214-17425-01

Error: (07/02/2014 08:30:12 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 8:27:02 AM on ‎7/‎2/‎2014 was unexpected.

Error: (07/02/2014 08:14:30 AM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x00000109 (0xa3a039d89ebd8716, 0xb3b7465ef13bc250, 0xfffff880009f4540, 0x0000000000000002)C:\Windows\MEMORY.DMP070214-17503-01

Error: (07/02/2014 08:14:13 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 8:09:48 AM on ‎7/‎2/‎2014 was unexpected.

Error: (07/01/2014 01:39:48 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume Acer.

Error: (06/30/2014 10:15:29 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1053

Error: (06/30/2014 10:15:29 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

Error: (06/30/2014 10:15:29 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (06/30/2014 10:15:11 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (06/30/2014 10:15:11 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.


Microsoft Office Sessions:
=========================
Error: (07/02/2014 08:30:57 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/02/2014 08:15:16 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/02/2014 06:23:28 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/01/2014 11:26:54 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/01/2014 11:09:39 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/01/2014 11:03:14 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/01/2014 02:22:43 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/01/2014 01:43:02 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/01/2014 00:23:07 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/30/2014 10:57:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info ===========================

Percentage of memory in use: 47%
Total physical RAM: 4034.78 MB
Available physical RAM: 2134.96 MB
Total Pagefile: 8067.73 MB
Available Pagefile: 5905.79 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:450.16 GB) (Free:393.32 GB) NTFS
Drive e: (Lexar) (Removable) (Total:29.81 GB) (Free:27.51 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 51B5EE98)
Partition 1: (Not Active) - (Size=16 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 30 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ================

[OCD]

Hi Suemarie,

Please be sure that you are running all these tools directly from the desktop. If the tool are not located on the desktop the fixes I provide may not work as designed.

Please run this Rootkit Scanner.

Malwarebytes Anti-Rootkit

• Download Malwarebytes Anti-Rootkit
• Once the file has been downloaded, right click on the downloaded file and select the Extract all menu option.
• Follow the instructions to extract the ZIP file to a folder called mbar-versionnumber on your desktop.
• Once the ZIP file has been extracted, open the folder and when that folder opens, double-click on the mbar folder.
• Double-click on the mbar.exe file to launch Malwarebytes Anti-Rootkit.
• After you double-click on the mbar.exe file, you may receive a User Account Control (UAC) message if you are sure you wish to allow the program to run. Please allow to start Malwarebytes Anti-Rootkit correctly.
• Malwarebytes Anti-Rootkit will now install necessary drivers that are required for the program to operate correctly.
• If you receive a DDA driver message like could not load DDA driver, click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer and will start automatically.

• Please click by the introduction screen on the Next button to continue.

• Next you will see the Update Database screen.
• Click on the Update button so Malwarebytes Anti-Rootkit can download the latest definition updates.

• When the update has finished, click on the Next button.

• Next you can select some basic scanning options. Make sure the Drivers, Sectors, and System scan targets are selected before you click on the Scan button.
• Malwarebytes Anti-Rootkit will now start scanning your computer for rootkits. This scan can take some time, so please be patient.

• When the scan with Malwarebytes Anti-Rootkit is finished, the program will display a screen with the results from the scan.
• Make sure everything is selected and that the option to create a restore point is checked.
• Next click on the Cleanup button. Malwarebytes Anti-Rootkit will then prompt you to reboot your computer.
• Click on Yes button to restart your computer.

• There will now be two log files created in the mbar folder called system-log.txt and one that starts with mbar-log.
• The mbar-log file will always start with mbar-log, but the rest will be named using a timestamp indicating the time it was run.
  
  • For example, mbar-log-2012-11-12 (19-13-32).txt corresponds to mbar-log-year-month-day (hour-minute-second).txt.
• The system-log.txt contains information about each time you have run MBAR and contains diagnostic information from the program.

=========================

Disable FireFox plug-in

• At the top of the Firefox window, click on the Firefox button (Tools menu in Windows XP), and then click Add-ons. The Add-ons Manager tab will open.
• In the Add-ons Manager tab, select the Extensions or Appearance panel.
• Select the add-on you wish to disable.
  
  • My Search Dial
  • Sweet Tunes
• Click the Disable button.
• Click Restart now if it pops up. Your tabs will be saved and restored after the restart.

=========================

Disable Plug-ins in Google Chrome

• Click the Chrome menu on the browser toolbar.
• Select Settings.
• Scroll down to Show advanced settings...
• Locate the Privacy Section, select Content Settings
• In the pop up window scoll to Plug-Ins, select Disable individual plug-ins...
• Locate the following plug-ins and set them to Disable:
  
  • SweetTunes
• Exit Chrome settings menu.

=========================

Uninstall via Programs and Features

Click Start > Control Panel > Programs and Features. Locate and select the following that are present on the list and click the Remove button:

• Update for Zip Opener

=========================

FRST Fix Script

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the desktop as fixlist.txt

Code:

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a...1648369585&ir=
SearchScopes: HKLM-x32 - {6d6503c4-6ba9-419a-9657-607ae153f4c4} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3309767&CUI=UN11379035163226023&UM=2
SearchScopes: HKCU - DefaultScope {00683C20-0225-4AF9-B5B0-E79759803B69} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=suma_14_14_ie&cd=2XzuyEtN2Y1L1QzutDtD0F0F0AzytAyBtDzyyBzztBzzyB0EtN0D0Tzu0SzztByBtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2StDyE0EyD0D0CyD0EtG0FtBtB0BtGtD0C0CtCtGyBzz0A0AtGyD0CzzzyyCtDtA0CtC0CyC0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtDzzzytB0F0FyBtG0F0EyDtBtGzy0BzztDtGzztA0F0BtGyB0F0C0D0Czz0CyDtBtCyByD2Q&cr=1648369585&ir=
SearchScopes: HKCU - {00683C20-0225-4AF9-B5B0-E79759803B69} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=suma_14_14_ie&cd=2XzuyEtN2Y1L1QzutDtD0F0F0AzytAyBtDzyyBzztBzzyB0EtN0D0Tzu0SzztByBtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2StDyE0EyD0D0CyD0EtG0FtBtB0BtGtD0C0CtCtGyBzz0A0AtGyD0CzzzyyCtDtA0CtC0CyC0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtDzzzytB0F0FyBtG0F0EyDtBtGzy0BzztDtGzztA0F0BtGyB0F0C0D0Czz0CyDtBtCyByD2Q&cr=1648369585&ir=
SearchScopes: HKCU - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3311875&CUI=UN23127794002916819&UM=2
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
FF SearchPlugin: C:\Users\SueB\AppData\Roaming\Mozilla\Firefox\Profiles\7s6elucx.default\searchplugins\Mysearchdial.xml
FF SearchPlugin: C:\Users\SueB\AppData\Roaming\Mozilla\Firefox\Profiles\7s6elucx.default\searchplugins\sweettunes-customized-web-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\sweettunes_search.xml
CHR StartupUrls: "https://www.google.com/", "hxxp://start.mysearchdial.com/?f=1&a=suma_14_14_ie&cd=2XzuyEtN2Y1L1QzutDtD0F0F0AzytAyBtDzyyBzztBzzyB0EtN0D0Tzu0SzztByBtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2StDyE0EyD0D0CyD0EtG0FtBtB0BtGtD0C0CtCtGyBzz0A0AtGyD0CzzzyyCtDtA0CtC0CyC0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtDzzzytB0F0FyBtG0F0EyDtBtGzy0BzztDtGzztA0F0BtGyB0F0C0D0Czz0CyDtBtCyByD2Q&cr=1648369585&ir=", "www.google.com"
CHR HKLM\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\SueB\AppData\Local\mysearchdial-speeddial.crx [2014-01-24]
Update for Zip Opener (HKCU\...\Digital Sites) (Version: - Update for Zip Opener) <==== ATTENTION
Task: {F7A66014-EB44-41D2-9995-A969CE690FFC} - System32\Tasks\BackgroundContainer Startup Task => Rundll32.exe "C:\Users\SueB\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <==== ATTENTION

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST and press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.

=========================

In your next post please provide the following:

• system-log.txt
• mbar-log
• Fixlog.txt

[Suemarie]

Thank you. I will do these procedures in the morning. It is getting ready to storm here and I don't want to risk loosing power in the middle of everything. Thank you so much for taking the time to help me.

[OCD]

[Suemarie]

The storm passed thru, so I went ahead and followed your instructions. At first, I thought I had done something wrong because when I did the Malwarbytes Anti-Root Kit, it didn't find anything. I did take a screen shot of it. The good news is, that pesky conduit is apparently gone. At least that popup no longer comes up. Thank you ever so much for your help. I will be sending a donation when my paycheck comes in.

Here is the Farbar Recovery Tool Report:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-07-2014
Ran by SueB at 2014-07-02 21:50:45 Run:1
Running from C:\Users\SueB\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a...1648369585&ir=
SearchScopes: HKLM-x32 - {6d6503c4-6ba9-419a-9657-607ae153f4c4} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3309767&CUI=UN11379035163226023&UM=2
SearchScopes: HKCU - DefaultScope {00683C20-0225-4AF9-B5B0-E79759803B69} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=suma_14_14_ie&cd=2XzuyEtN2Y1L1QzutDtD0F0F0AzytAyBtDzyyBzztBzzyB0EtN0D0Tzu0SzztByBtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2StDyE0EyD0D0CyD0EtG0FtBtB0BtGtD0C0CtCtGyBzz0A0AtGyD0CzzzyyCtDtA0CtC0CyC0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtDzzzytB0F0FyBtG0F0EyDtBtGzy0BzztDtGzztA0F0BtGyB0F0C0D0Czz0CyDtBtCyByD2Q&cr=1648369585&ir=
SearchScopes: HKCU - {00683C20-0225-4AF9-B5B0-E79759803B69} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=suma_14_14_ie&cd=2XzuyEtN2Y1L1QzutDtD0F0F0AzytAyBtDzyyBzztBzzyB0EtN0D0Tzu0SzztByBtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2StDyE0EyD0D0CyD0EtG0FtBtB0BtGtD0C0CtCtGyBzz0A0AtGyD0CzzzyyCtDtA0CtC0CyC0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtDzzzytB0F0FyBtG0F0EyDtBtGzy0BzztDtGzztA0F0BtGyB0F0C0D0Czz0CyDtBtCyByD2Q&cr=1648369585&ir=
SearchScopes: HKCU - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3311875&CUI=UN23127794002916819&UM=2
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
FF SearchPlugin: C:\Users\SueB\AppData\Roaming\Mozilla\Firefox\Profiles\7s6elucx.default\searchplugins\Mysearchdial.xml
FF SearchPlugin: C:\Users\SueB\AppData\Roaming\Mozilla\Firefox\Profiles\7s6elucx.default\searchplugins\sweettunes-customized-web-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\sweettunes_search.xml
CHR StartupUrls: "https://www.google.com/", "hxxp://start.mysearchdial.com/?f=1&a=suma_14_14_ie&cd=2XzuyEtN2Y1L1QzutDtD0F0F0AzytAyBtDzyyBzztBzzyB0EtN0D0Tzu0SzztByBtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2StDyE0EyD0D0CyD0EtG0FtBtB0BtGtD0C0CtCtGyBzz0A0AtGyD0CzzzyyCtDtA0CtC0CyC0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtDzzzytB0F0FyBtG0F0EyDtBtGzy0BzztDtGzztA0F0BtGyB0F0C0D0Czz0CyDtBtCyByD2Q&cr=1648369585&ir=", "www.google.com"
CHR HKLM\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\SueB\AppData\Local\mysearchdial-speeddial.crx [2014-01-24]
Update for Zip Opener (HKCU\...\Digital Sites) (Version: - Update for Zip Opener) <==== ATTENTION
Task: {F7A66014-EB44-41D2-9995-A969CE690FFC} - System32\Tasks\BackgroundContainer Startup Task => Rundll32.exe "C:\Users\SueB\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <==== ATTENTION
*****************

HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{6d6503c4-6ba9-419a-9657-607ae153f4c4}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{6d6503c4-6ba9-419a-9657-607ae153f4c4}'=> Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{00683C20-0225-4AF9-B5B0-E79759803B69}' => Key deleted successfully.
'HKCR\CLSID\{00683C20-0225-4AF9-B5B0-E79759803B69}'=> Key not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}' => Key deleted successfully.
'HKCR\CLSID\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}'=> Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value deleted successfully.
'HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}' => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value deleted successfully.
'HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}'=> Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
'HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}'=> Key not found.
C:\Users\SueB\AppData\Roaming\Mozilla\Firefox\Profiles\7s6elucx.default\searchplugins\Mysearchdial.xml => Moved successfully.
C:\Users\SueB\AppData\Roaming\Mozilla\Firefox\Profiles\7s6elucx.default\searchplugins\sweettunes-customized-web-search.xml => Moved successfully.
C:\Program Files (x86)\mozilla firefox\browser\searchplugins\sweettunes_search.xml => Moved successfully.
CHR StartupUrls: "https://www.google.com/", "hxxp://start.mysearchdial.com/?f=1&a=suma_14_14_ie&cd=2XzuyEtN2Y1L1QzutDtD0F0F0AzytAyBtDzyyBzztBzzyB0EtN0D0Tzu0SzztByBtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2StDyE0EyD0D0CyD0EtG0FtBtB0BtGtD0C0CtCtGyBzz0A0AtGyD0CzzzyyCtDtA0CtC0CyC0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtDzzzytB0F0FyBtG0F0EyDtBtGzy0BzztDtGzztA0F0BtGyB0F0C0D0Czz0CyDtBtCyByD2Q&cr=1648369585&ir=", "www.google.com" ==> The Chrome "Settings" can be used to fix the entry.
'HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff' => Key deleted successfully.
"C:\Users\SueB\AppData\Local\mysearchdial-speeddial.crx" => File/Directory not found.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F7A66014-EB44-41D2-9995-A969CE690FFC}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F7A66014-EB44-41D2-9995-A969CE690FFC}' => Key deleted successfully.
C:\Windows\System32\Tasks\BackgroundContainer Startup Task => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BackgroundContainer Startup Task' => Key deleted successfully.

==== End of Fixlog ====

[OCD]

Hi Suemarie,

It's important that you follow through with the remainder of the steps I will outline. Absence of symptoms doesn't necessarily translate into malware free. We are making progress so please stay with me until I give you the "all clean" sign.

AdwCleaner v3: Scan & Clean

• • Windows XP : Double click on the icon to run it.
  • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
• Click on the Scan button.
• AdwCleaner will begin to scan your computer like it did before.
• After the scan has finished...
• Click on the Clean button.
• Press OK when asked to close all programs and follow the onscreen prompts.
• Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
• After rebooting, a log file report (AdwCleaner[S0].txt) will open automatically.
• Copy and paste the contents of that log file in your next reply.
• A copy of that log file will also be saved in the C:\AdwCleaner folder.

=========================

Junkware Removal Tool

Download Junkware Removal Tool to your desktop.

• • Windows XP : Double click on the icon to run it.
  • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
• Shut down your protection software now to avoid potential conflicts.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

=========================

Re-run Farbar Recovery Scan Tool it should be on your desktop.

• • Windows XP : Double click on the icon to run it.
  • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
• When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.

=========================

In your next post please provide the following:

• AdwCleaner[S0].txt
• JRT.txt
• FRST.txt