Request for assistance with removal of SurfShield

**geraldgrogan** · 2014-07-01, 05:24

I have a windows 7 pro - which is primarily used as a HTPC. Occasionally my daughter gets on there and does some web surfing. It would seem that I now am infected with Surfshield and I am unable to rid this PC of this virus. Any help would be appreciated.

— Click to load...
dds.txt
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16921 BrowserJavaVersion: 10.55.2
Run by jmgrogan at 19:54:41 on 2014-06-30
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4095.1925 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Coupons\CouponPrinterService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\locator.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\SurfShieldMain\UpdateService.exe
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Realtek\RtkDashClientInstaller\RtkDashClient.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Users\jmgrogan\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Browny02\BrYNSvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe
C:\Program Files (x86)\SurfShieldMain\proxy_server.exe
C:\Windows\ehome\ehsched.exe
C:\Windows\eHome\EhTray.exe
C:\Windows\ehome\ehRec.exe
C:\Windows\ehome\ehRecvr.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = www.google.com
uSearch Bar = www.google.com
uSearch Page = www.google.com
uDefault_Page_URL = about:blank
uDefault_Search_URL = about:blank
mStart Page = about:blank
mSearch Page = about:blank
mDefault_Page_URL = about:blank
mDefault_Search_URL = about:blank
uProxyServer = hxxp=127.0.0.1:48557
uProxyOverride = <local>;*.nav-links.com;*.adnxs.com;*.jump9.com;*.rvzrjs.info;*.tractionize.com;*.admailtiser.com;*.contextweb.com;*.pubmatic.com;*.sonital.com;*ads.yahoo.com;*.openx.net;*.deliads.com;*.doubleclick.net;pixel.rubiconproject.com;*.2mdn.net;*.akamaihd.net;*.googlesyndication.com;ad.yieldmanager.com;*.pocotx.net;*.superfish.com;*.ac3.msn.com;*.ajaxcdn.org;s.youtube.com;*.googlevideo.com;*.ytimg.com;*.gstatic.com;*.googleadservices.com;epn.adledge.com;ajax.googleapis.com;*.edgesuite.net;*.yimg.com;*.adjuggler.net;adserver.adtech.de;ada.brucelead.com;*.simpli.fi;ads.dynamicyield.com;*.pocotx.net;*.google-analytics.com;content.markitcdn.com;optimized-by.rubiconproject.com
uSearchAssistant = www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit = userinit.exe,
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [Digiarty_Software_AirPlayit] "C:\Program Files\Digiarty\Air_Playit\airplayit.exe" -min
uRun: [Viber] "C:\Users\jmgrogan\AppData\Local\Viber\Viber.exe" StartMinimized
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
mRun: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\jmgrogan\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\AMAZON~1.LNK -
StartupFolder: C:\Users\jmgrogan\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\jmgrogan\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\jmgrogan\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: Clip image - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4
IE: Clip selection - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1
IE: Clip URL - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: New note - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://abbottmeetings.webex.com/client/WBXclient-T27L10NSP32EP15-15155/webex/ieatgpc1.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = about:blank
x64-mSearch Page = about:blank
x64-mDefault_Page_URL = about:blank
x64-mDefault_Search_URL = about:blank
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - LocalServer32 - <no file>
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\AddNote.html
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\jmgrogan\AppData\Roaming\Mozilla\Firefox\Profiles\4s17s4rf.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.com/
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Musicnotes\npmusicn.dll
FF - plugin: C:\Program Files (x86)\Musicnotes\NPSibelius.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\jmgrogan\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll
FF - plugin: C:\Users\jmgrogan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\jmgrogan\AppData\Roaming\Mozilla\plugins\npatgpc.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1211151.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll
.
============= SERVICES / DRIVERS ===============
.
R?2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-1-11 1494304]
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-5-28 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-5-28 208416]
R1 {f9d2f209-1697-4837-85f2-d88e4c9f7c81}Gw64;{f9d2f209-1697-4837-85f2-d88e4c9f7c81}Gw64;C:\Windows\System32\drivers\{f9d2f209-1697-4837-85f2-d88e4c9f7c81}Gw64.sys [2014-5-28 61120]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswsnx.sys [2014-5-28 1039096]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2014-5-28 423240]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-5-28 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2014-5-28 79184]
R2 aswStm;aswStm;C:\Windows\System32\drivers\aswstm.sys [2014-5-28 85328]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-5-28 50344]
R2 CouponPrinterService;Coupon Printer Service;C:\Program Files (x86)\Coupons\CouponPrinterService.exe [2014-2-13 177648]
R2 FlipShareServer;FlipShare Server;C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [2011-5-6 1085440]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2014-1-3 14624]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-8-20 15129376]
R2 RtDashPt;Realtek DASH Protocol Driver;C:\Windows\System32\drivers\RtDashPt.sys [2011-9-19 38504]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-10-17 1153368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-2-9 383264]
R2 SurfShieldUpdateService;Update Service for SurfShield;C:\Program Files (x86)\SurfShieldMain\UpdateService.exe [2014-5-26 224432]
R2 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2014-2-1 5037888]
R3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2013-12-24 270336]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;C:\Windows\System32\drivers\HCW85BDA.sys [2012-8-12 1905808]
R3 hcw89;hcw89 service;C:\Windows\System32\drivers\hcw89.sys [2012-8-12 1605376]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-1-11 39200]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2014-6-7 58056]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2014-3-31 1512640]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-2-26 19456]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 teamviewervpn;TeamViewer VPN Adapter;C:\Windows\System32\drivers\teamviewervpn.sys [2014-2-1 35112]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-2-26 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-2-26 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-8-12 1255736]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files (x86)\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-3-30 47128]
S4 SQLAgent$MSSMLBIZ;SQL Server Agent (MSSMLBIZ);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 366936]
.
=============== File Associations ===============
.
FileExt: .inf: inffile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2014-06-28 09:23:57 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B15ECC81-B392-4EC6-B0C8-6EC399C8A25B}\offreg.dll
2014-06-27 12:52:09 10779000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B15ECC81-B392-4EC6-B0C8-6EC399C8A25B}\mpengine.dll
2014-06-26 00:03:24 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-06-26 00:03:01 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-06-26 00:03:01 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-06-26 00:03:01 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-22 23:08:32 -------- d-----w- C:\Program Files\iPod
2014-06-22 23:08:31 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-06-22 23:08:31 -------- d-----w- C:\Program Files\iTunes
2014-06-22 23:08:31 -------- d-----w- C:\Program Files (x86)\iTunes
2014-06-22 23:02:46 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll
2014-06-22 23:02:46 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll
2014-06-22 23:02:46 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll
2014-06-22 23:02:46 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll
2014-06-22 23:02:46 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll
2014-06-21 01:03:14 -------- d-----w- C:\Program Files (x86)\predm
2014-06-20 15:03:01 -------- d-----w- C:\Program Files (x86)\SurfShieldMain
2014-06-20 15:02:57 -------- d-----w- C:\Users\jmgrogan\AppData\Local\4377
2014-06-07 13:04:08 -------- d-----w- C:\Users\jmgrogan\Tracing
2014-06-07 12:55:34 -------- d-----w- C:\Windows\en
2014-06-07 12:54:02 58056 ----a-w- C:\Windows\System32\drivers\fssfltr.sys
2014-06-07 12:50:44 6081224 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\f38771041cf824e04\onedrivesetup.exe
2014-06-07 12:50:44 -------- d-----w- C:\Program Files (x86)\Microsoft OneDrive
2014-06-07 12:50:42 -------- d-----r- C:\Users\jmgrogan\OneDrive
2014-06-07 12:50:28 -------- d-----w- C:\ProgramData\Microsoft OneDrive
2014-06-07 12:49:41 89944 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\f2195cb81cf824e03\DSETUP.dll
2014-06-07 12:49:41 537432 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\f2195cb81cf824e03\DXSETUP.exe
2014-06-07 12:49:41 1801048 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\f2195cb81cf824e03\dsetup32.dll
2014-06-07 12:49:39 94040 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\f06209591cf824e02\DSETUP.dll
2014-06-07 12:49:39 525656 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\f06209591cf824e02\DXSETUP.exe
2014-06-07 12:49:39 1691480 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\f06209591cf824e02\dsetup32.dll
2014-06-07 12:49:36 89944 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ef4f35c31cf824e01\DSETUP.dll
2014-06-07 12:49:36 537432 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ef4f35c31cf824e01\DXSETUP.exe
2014-06-07 12:49:36 1801048 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ef4f35c31cf824e01\dsetup32.dll
2014-06-07 12:49:25 -------- d-----w- C:\Users\jmgrogan\AppData\Local\Windows Live
2014-06-07 12:49:16 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
2014-06-05 05:15:15 108968 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2014-06-05 05:14:11 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
.
==================== Find3M ====================
.
2014-06-29 04:55:30 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-06-29 04:55:30 699056 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-06-08 09:13:05 506368 ----a-w- C:\Windows\System32\aepdu.dll
2014-06-08 09:08:04 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-05-29 00:34:13 85328 ----a-w- C:\Windows\System32\drivers\aswstm.sys
2014-05-29 00:34:13 1039096 ----a-w- C:\Windows\System32\drivers\aswsnx.sys
2014-05-29 00:33:42 93568 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2014-05-29 00:33:42 79184 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2014-05-29 00:33:42 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2014-05-29 00:33:42 43152 ----a-w- C:\Windows\avastSS.scr
2014-05-29 00:33:42 29208 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
2014-05-29 00:33:42 208416 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2014-05-27 18:26:06 61120 ----a-w- C:\Windows\System32\drivers\{f9d2f209-1697-4837-85f2-d88e4c9f7c81}Gw64.sys
2014-05-24 02:47:54 2239488 ----a-w- C:\Windows\System32\wininet.dll
2014-05-24 02:46:15 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2014-05-24 02:46:07 67072 ----a-w- C:\Windows\System32\iesetup.dll
2014-05-24 02:46:07 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2014-05-24 02:45:26 1508864 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-05-24 01:26:54 1766400 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-05-24 01:25:52 2862080 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-05-24 01:25:49 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-05-24 01:25:49 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2014-05-24 01:25:25 1440768 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-05-24 01:09:41 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2014-05-24 01:03:36 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-05-24 00:13:44 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2014-05-24 00:06:55 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2014-05-16 07:53:18 341848 ----a-w- C:\Windows\SysWow64\DivXControlPanelApplet.cpl
2014-05-13 19:52:08 17938608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2014-05-12 12:25:56 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-05-08 09:32:11 3178496 ----a-w- C:\Windows\System32\rdpcorets.dll
2014-05-08 09:32:11 16384 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll
2014-05-01 21:58:14 773968 ----a-w- C:\Windows\SysWow64\msvcr100.dll
2014-05-01 21:58:14 421200 ----a-w- C:\Windows\SysWow64\msvcp100.dll
2014-04-25 02:34:59 801280 ----a-w- C:\Windows\System32\usp10.dll
2014-04-25 02:06:17 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
2014-04-15 07:34:10 1070232 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2014-04-12 02:22:05 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2014-04-12 02:22:05 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-04-12 02:19:38 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2014-04-12 02:19:38 136192 ----a-w- C:\Windows\System32\sspicli.dll
2014-04-12 02:19:37 28160 ----a-w- C:\Windows\System32\secur32.dll
2014-04-12 02:19:32 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-04-12 02:19:05 31232 ----a-w- C:\Windows\System32\lsass.exe
2014-04-12 02:12:06 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-04-12 02:10:56 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-04-05 02:47:20 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2014-04-05 02:47:09 288192 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
.
============= FINISH: 19:56:19.64 ===============
Displaying dds.txt.
attach.txt.zip

**ken545** · 2014-07-01, 16:41

Hi, this can be cleaned but not all in one go.

We have to check your proxy settings

1. Boot to Safemode with Networking

To Enter Safemode

Go to Start> Shut off your Computer> Restart
As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly,
this will bring up a menu.
Use the Up and Down Arrow Keys to scroll up to Safemode with Networking
Then press the Enter Key on your Keyboard

Tutorial if you need it How to boot into Safemode

Then press the Windows Key and R on your keyboard, this will open the run command

In the box copy and paste this in inetcpl.cpl and click on OK

Then go to the Connections Tab> Lan Settings> Uncheck Use a Proxy Server

If its grayed out and you cant do this then proceed with the next set of instructions

=================================================

While still in Safemode with Networking I need you to download RKill to your desktop, this wont remove the virus but will stop it from running so we can run Malwarebytes

Please download rkill (Courtesy of Bleepingcomputer.com).
There are 5 different versions of this tool. If one of them will not run, please try the next one in the list.
Note: Vista and Windows 7 Users must right click and select "Run as Administrator" to run the tool.
Note: You only need to get one of the tools to run, not all of them.

1. rkill.exe
2. rkill.com
3. rkill.scr
4. WiNlOgOn.exe
5. uSeRiNiT.exe

Note: You will likely see a message from this rogue telling you the file is infected. Ignore the message. Leave the message OPEN, do not close the message.

Run rkill repeatedly until it's able to do it's job. This may take a few tries.

You'll be able to tell rkill has done it's job when your desktop (explorer.exe) cycles off and then on again.

====================================================

Malwarebytes' Anti-Malware

Download Malwarebytes' Anti-Malware (save it to your desktop).

- Windows XP : Double click on the icon to run it.
- Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
Select the Scan tab.
Select type of scan to perform:
- Threat Scan < --- Select this type of scan
- Custom Scan
- Hyper Scan
Next click the Scan Now button.
When the scan is complete, if no malicious items are found you can close the program.
If malicious items are found be sure that everything is checked, and click Quarantine .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

**geraldgrogan** · 2014-07-03, 05:16

recieved your instructions - resetting my notification settings now for this forum. Will follow these steps you sent starting tonight.

**ken545** · 2014-07-05, 14:12

How are you coming along ?

**geraldgrogan** · 2014-07-05, 22:37

I ran rkill.exe several times, and the results were the same each time. It ended the process by displaying a message below:
"You should be able to run your normal security programs so that you scan for computer infections"
=======
Rkill 2.6.7 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 07/05/2014 03:32:25 PM in x64 mode. (Safe Mode)
Windows Version: Windows 7 Professional Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Firewall Disabled

[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = dword:00000000

Checking Windows Service Integrity:

* COM+ Event System (EventSystem) is not Running.
Startup Type set to: Automatic

* Security Center (wscsvc) is not Running.
Startup Type set to: Automatic (Delayed Start)

* Windows Update (wuauserv) is not Running.
Startup Type set to: Automatic (Delayed Start)

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* Cannot edit the HOSTS file.
* Permissions Fixed. Administrators can now edit the HOSTS file.

* HOSTS file entries found:

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com

20 out of 15492 HOSTS entries shown.
Please review HOSTS file for further entries.

Program finished at: 07/05/2014 03:32:57 PM
Execution time: 0 hours(s), 0 minute(s), and 31 seconds(s)

===============

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/5/2014
Scan Time: 3:15:43 PM
Logfile: Malware_bytes_log_20140705.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.06.26.01
Rootkit Database: v2014.06.23.02
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: jmgrogan

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 291559
Time Elapsed: 11 min, 14 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 4
PUP.Optional.BetterDeals.A, C:\Users\jmgrogan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.betterdeals00.betterdeals.co_0.localstorage, Quarantined, [c02a522983f869cdf0a2753b4ab8f010],
PUP.Optional.BetterDeals.A, C:\Users\jmgrogan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.betterdeals00.betterdeals.co_0.localstorage-journal, Quarantined, [1dcd93e81467db5b157d634dd32f07f9],
PUP.Optional.Superfish.A, C:\Users\jmgrogan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage, Quarantined, [de0cfa813e3d1b1b93b23b7b4bb746ba],
PUP.Optional.Superfish.A, C:\Users\jmgrogan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal, Quarantined, [6585aad13942231388bd278f60a206fa],

Physical Sectors: 0
(No malicious items detected)

(end)

**ken545** · 2014-07-05, 23:40

Run this scanner, I need to see both logs please

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
Press Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please copy and paste log back here.
The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

**geraldgrogan** · 2014-07-06, 00:08

scan results as requested
you didn't say whether to scan in safe-mode or not.
The scan results below are run while logged in normally.
==============

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-07-2014 01
Ran by jmgrogan (administrator) on NOODLES-HTPC on 05-07-2014 16:57:40
Running from C:\Users\jmgrogan\Downloads
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/down...an-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/down...an-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Coupons.com Inc.) C:\Program Files (x86)\Coupons\CouponPrinterService.exe
() C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
() C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\System32\Locator.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
() C:\Program Files (x86)\SurfShieldMain\UpdateService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files (x86)\SurfShieldMain\proxy_server.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\RtkDashClientInstaller\RtkDashClient.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Dropbox, Inc.) C:\Users\jmgrogan\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_13_0_0_214_ActiveX.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-11-14] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1100248 2013-12-09] (NVIDIA Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-09] (NVIDIA Corporation)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-04-23] (Apple Inc.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3084288 2012-07-31] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [106496 2014-01-22] (LeapFrog Enterprises, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-07-04] (AVAST Software)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKU\S-1-5-21-1200520878-3419369555-4043073295-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [24474752 2014-06-05] (Google)
HKU\S-1-5-21-1200520878-3419369555-4043073295-1000\...\Run: [Digiarty_Software_AirPlayit] => "C:\Program Files\Digiarty\Air_Playit\airplayit.exe" -min
HKU\S-1-5-21-1200520878-3419369555-4043073295-1000\...\Run: [Viber] => "C:\Users\jmgrogan\AppData\Local\Viber\Viber.exe" StartMinimized
HKU\S-1-5-21-1200520878-3419369555-4043073295-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-11-27] (Google Inc.)
HKU\S-1-5-21-1200520878-3419369555-4043073295-1000\...\MountPoints2: {de6d1283-e450-11e1-9f4a-806e6f6e6963} - E:\wubi.exe
AppInit_DLLs: C:\PROGRA~2\SupTab\SEARCH~2.DLL => C:\PROGRA~2\SupTab\SEARCH~2.DLL File Not Found
Startup: C:\Users\jmgrogan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Cloud Drive.lnk
Startup: C:\Users\jmgrogan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\jmgrogan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\jmgrogan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
ShellIconOverlayIdentifiers: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2 (GFS Stub) -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 3 (GFS Folder) -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 2 (GFS Stub) -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 3 (GFS Folder) -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:48557
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x1542003B16C8CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://google.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.helperbar.com/?p=mKO_AwFzXIpYRa0T-NJ1bNV5iGB7j76kR7EOZGkeQkbUBtqSnxyioASX7XiWPTst5zdJKiQESoiWYtbko64KGosO6fUCgELr8jtQbVSuh8KPTtQ182gMBPeYNGX7hF4y4-ouHDX8ICJxjZ4ktbaRwl4phfcFQU_r4Z2r4tszUvZdv2HkVUO8QFunND5OybU,&q={searchTerms}
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.helperbar.com/?p=mKO_AwFzXIpYRa0T-NJ1bNV5iGB7j76kR7EOZGkeQkbUBtqSnxyioASX7XiWPTst5zdJKiQESoiWYtbko64KGosO6fUCgELr8jtQbVSuh8KPTtQ182gMBPeYNGX7hF4y4-ouHDX8ICJxjZ4ktbaRwl4phfcFQU_r4Z2r4tszUvZdv2HkVUO8QFunND5OybU,&q={searchTerms}
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.helperbar.com/?p=mKO_AwFzXIpYRa0T-NJ1bNV5iGB7j76kR7EOZGkeQkbUBtqSnxyioASX7XiWPTst5zdJKiQESoiWYtbko64KGosO6fUCgELr8jtQbVSuh8KPTtQ182gMBPeYNGX7hF4y4-ouHDX8ICJxjZ4ktbaRwl4phfcFQU_r4Z2r4tszUvZdv2HkVUO8QFunND5OybQ,&q={searchTerms}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.helperbar.com/?p=mKO_AwFzXIpYRa0T-NJ1bNV5iGB7j76kR7EOZGkeQkbUBtqSnxyioASX7XiWPTst5zdJKiQESoiWYtbko64KGosO6fUCgELr8jtQbVSuh8KPTtQ182gMBPeYNGX7hF4y4-ouHDX8ICJxjZ4ktbaRwl4phfcFQU_r4Z2r4tszUvZdv2HkVUO8QFunND5OybQ,&q={searchTerms}
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://abbottmeetings.webex.com/cli...x/ieatgpc1.cab
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

FireFox:
========
FF ProfilePath: C:\Users\jmgrogan\AppData\Roaming\Mozilla\Firefox\Profiles\4s17s4rf.default
FF Homepage: hxxp://google.com/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll ()
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @Musicnotes.com/Musicnotes Viewer - C:\Program Files\Musicnotes\npmusicn64.dll (Musicnotes, Inc.)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1211151.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @Musicnotes.com/Musicnotes Viewer - C:\Program Files (x86)\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @Sibelius.com/Scorch Plugin - C:\Program Files (x86)\Musicnotes\npsibelius.dll ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @hulu.com/Hulu Desktop - C:\Users\jmgrogan\AppData\Local\HuluDesktop\instances\0.9.14.1\npHDPlg.dll (Hulu LLC)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\jmgrogan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\jmgrogan\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-05-28]

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.75\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\gcswf32.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll No File
CHR Extension: (Awesome Screenshot: Capture & Annotate) - C:\Users\jmgrogan\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce [2014-03-05]
CHR Extension: (Google Drive) - C:\Users\jmgrogan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-23]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\jmgrogan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-28]
CHR Extension: (Cat licking your screen) - C:\Users\jmgrogan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bljgfogmfiepjlefknbnfopdoabpldcb [2014-05-28]
CHR Extension: (YouTube) - C:\Users\jmgrogan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-08-12]
CHR Extension: (Nimbus Screenshot) - C:\Users\jmgrogan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpconcjcammlapcogcnnelfmaeghhagj [2014-04-08]
CHR Extension: (Google Search) - C:\Users\jmgrogan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-08-12]
CHR Extension: (Cut the Rope) - C:\Users\jmgrogan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkddaofiamhgfjmaccfcfpfolpgbeomj [2014-05-31]
CHR Extension: (avast! Online Security) - C:\Users\jmgrogan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-04-07]
CHR Extension: (Clearly) - C:\Users\jmgrogan\AppData\Local\Google\Chrome\User Data\Default\Extensions\iooicodkiihhpojmmeghjclgihfjdjhj [2014-02-21]
CHR Extension: (CanvasDraw) - C:\Users\jmgrogan\AppData\Local\Google\Chrome\User Data\Default\Extensions\knfimpamngmggpbamfoomdpebdoleghe [2014-05-31]
CHR Extension: (Cute Kitten 2) - C:\Users\jmgrogan\AppData\Local\Google\Chrome\User Data\Default\Extensions\knhilgggnegappnkfbeaeeiioopeamlc [2014-05-28]
CHR Extension: (My Global Ponies) - C:\Users\jmgrogan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mffeflcejpmnpedngepmhbafhmmpmgpg [2014-05-29]
CHR Extension: (Quick Note) - C:\Users\jmgrogan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mijlebbfndhelmdpmllgcfadlkankhok [2014-04-08]
CHR Extension: (Google Wallet) - C:\Users\jmgrogan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Users\jmgrogan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-08-12]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-05-28]

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-28] (AVAST Software)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [270336 2012-07-13] (Brother Industries, Ltd.) [File not signed]
R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [177648 2014-03-28] (Coupons.com Inc.)
R2 FlipShare Service; C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe [460144 2011-05-06] ()
R2 FlipShareServer; C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [1085440 2011-05-06] () [File not signed]
R2 LeapFrog Connect Device Service; C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe [7393280 2014-01-22] (LeapFrog Enterprises, Inc.) [File not signed]
S3 MSSQL$MSSMLBIZ; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\sqlservr.exe [43010392 2009-03-30] (Microsoft Corporation)
U2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-09] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-09] (NVIDIA Corporation)
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S4 SQLAgent$MSSMLBIZ; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE [366936 2009-03-30] (Microsoft Corporation)
R2 SurfShieldUpdateService; C:\Program Files (x86)\SurfShieldMain\UpdateService.exe [224432 2014-05-26] ()

==================== Drivers (Whitelisted) ====================

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-05-28] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-05-28] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-05-28] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-05-28] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-28] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-28] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-28] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-05-28] ()
R3 hcw85cir; C:\Windows\System32\drivers\hcw85cir3.sys [33792 2011-09-29] (Hauppauge Computer Works, Inc.)
R3 hcw89; C:\Windows\System32\DRIVERS\hcw89.sys [1605376 2011-07-05] (Hauppauge Computer Works, Inc.)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R1 {f9d2f209-1697-4837-85f2-d88e4c9f7c81}Gw64; C:\Windows\System32\drivers\{f9d2f209-1697-4837-85f2-d88e4c9f7c81}Gw64.sys [61120 2014-05-27] (StdLib)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-07-05 16:57 - 2014-07-05 16:58 - 00028700 _____ () C:\Users\jmgrogan\Downloads\FRST.txt
2014-07-05 16:57 - 2014-07-05 16:57 - 00000000 ____D () C:\FRST
2014-07-05 16:56 - 2014-07-05 16:56 - 02084352 _____ (Farbar) C:\Users\jmgrogan\Downloads\FRST64.exe
2014-06-30 19:56 - 2014-06-30 19:56 - 00027696 _____ () C:\Users\jmgrogan\Desktop\dds.txt
2014-06-30 19:56 - 2014-06-30 19:56 - 00012442 _____ () C:\Users\jmgrogan\Desktop\attach.txt
2014-06-30 19:53 - 2014-06-30 21:05 - 00000000 ____D () C:\Users\jmgrogan\Downloads\spybot_files
2014-06-30 19:43 - 2014-06-30 19:43 - 00000000 ____D () C:\Windows\ERDNT
2014-06-30 19:42 - 2014-06-30 19:42 - 00791393 _____ (Lars Hederer ) C:\Users\jmgrogan\Downloads\erunt-setup.exe
2014-06-30 19:42 - 2014-06-30 19:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-06-30 19:42 - 2014-06-30 19:42 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-06-28 22:31 - 2014-06-28 22:33 - 27167987 _____ () C:\Users\jmgrogan\Downloads\torbrowser-install-3.6.2_en-US.exe
2014-06-28 20:47 - 2014-06-28 20:47 - 00291544 _____ () C:\Windows\Minidump\062814-64303-01.dmp
2014-06-28 20:46 - 2014-06-28 20:46 - 621981145 ____N () C:\Windows\MEMORY.DMP
2014-06-28 20:45 - 2014-06-28 20:45 - 00001131 _____ () C:\Users\Public\Desktop\DivX Converter.lnk
2014-06-27 07:39 - 2014-06-27 07:39 - 00291544 _____ () C:\Windows\Minidump\062714-65411-01.dmp
2014-06-26 20:00 - 2014-06-26 20:00 - 00291528 _____ () C:\Windows\Minidump\062614-56721-01.dmp
2014-06-26 19:26 - 2014-06-26 19:26 - 00000000 ____D () C:\Users\jmgrogan\Downloads\6209_25th_Ave
2014-06-26 19:16 - 2014-06-26 19:16 - 00291544 _____ () C:\Windows\Minidump\062614-61027-01.dmp
2014-06-25 19:03 - 2014-07-05 15:15 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-25 19:03 - 2014-06-25 19:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-25 19:03 - 2014-06-25 19:03 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-25 19:03 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-25 19:03 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-25 07:16 - 2014-06-25 07:16 - 00291544 _____ () C:\Windows\Minidump\062514-63508-01.dmp
2014-06-22 23:27 - 2014-06-22 23:27 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-06-22 23:27 - 2014-06-22 23:27 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-06-22 23:27 - 2014-06-22 23:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-22 23:27 - 2014-06-22 23:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-22 23:25 - 2014-06-22 23:26 - 00284224 _____ (Mozilla) C:\Users\jmgrogan\Downloads\Firefox Setup Stub 30.0.exe
2014-06-22 23:13 - 2014-06-22 23:13 - 00283168 _____ () C:\Windows\Minidump\062214-58500-01.dmp
2014-06-22 18:09 - 2014-06-22 18:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-06-22 18:08 - 2014-06-22 18:09 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-06-22 18:08 - 2014-06-22 18:09 - 00000000 ____D () C:\Program Files\iTunes
2014-06-22 18:08 - 2014-06-22 18:09 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-06-22 18:08 - 2014-06-22 18:08 - 00000000 ____D () C:\Program Files\iPod
2014-06-22 18:02 - 2014-06-22 18:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-06-20 21:51 - 2014-06-20 21:51 - 00002051 _____ () C:\Windows\wininit.ini
2014-06-20 20:03 - 2014-06-20 20:03 - 00000000 ____D () C:\Program Files (x86)\predm
2014-06-20 10:04 - 2014-06-20 10:04 - 00002450 _____ () C:\Users\jmgrogan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-06-20 10:03 - 2014-07-05 13:40 - 00000000 ____D () C:\Program Files (x86)\SurfShieldMain
2014-06-20 10:02 - 2014-06-20 10:02 - 00002318 _____ () C:\Users\jmgrogan\Desktop\Continue installation - Octodad_DadliestCatchFullVersionGameFreeDownload Installation.lnk
2014-06-20 10:02 - 2014-06-20 10:02 - 00000000 ____D () C:\Users\jmgrogan\AppData\Local\4377
2014-06-19 22:50 - 2014-06-19 22:50 - 00291544 _____ () C:\Windows\Minidump\061914-64631-01.dmp
2014-06-19 16:48 - 2014-06-19 16:48 - 00291544 _____ () C:\Windows\Minidump\061914-37221-01.dmp
2014-06-15 11:39 - 2014-06-15 11:39 - 00291544 _____ () C:\Windows\Minidump\061514-32697-01.dmp
2014-06-14 06:00 - 2014-06-14 06:00 - 00291424 _____ () C:\Windows\Minidump\061414-32370-01.dmp
2014-06-12 19:56 - 2014-06-12 19:56 - 00291544 _____ () C:\Windows\Minidump\061214-35365-01.dmp
2014-06-11 13:26 - 2014-06-11 13:26 - 00291544 _____ () C:\Windows\Minidump\061114-39374-01.dmp
2014-06-11 04:16 - 2014-06-08 04:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-11 04:16 - 2014-06-08 04:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-11 04:16 - 2014-05-23 21:48 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-11 04:16 - 2014-05-23 21:47 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-11 04:16 - 2014-05-23 21:47 - 01366016 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-11 04:16 - 2014-05-23 21:46 - 19290112 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-11 04:16 - 2014-05-23 21:46 - 15368704 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-11 04:16 - 2014-05-23 21:46 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-11 04:16 - 2014-05-23 21:46 - 02650112 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-11 04:16 - 2014-05-23 21:46 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-06-11 04:16 - 2014-05-23 21:46 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-11 04:16 - 2014-05-23 21:46 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-11 04:16 - 2014-05-23 21:46 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-11 04:16 - 2014-05-23 21:46 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-06-11 04:16 - 2014-05-23 21:46 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-11 04:16 - 2014-05-23 21:46 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-11 04:16 - 2014-05-23 21:46 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-11 04:16 - 2014-05-23 21:46 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-11 04:16 - 2014-05-23 21:45 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-11 04:16 - 2014-05-23 21:45 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-11 04:16 - 2014-05-23 21:45 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-11 04:16 - 2014-05-23 20:26 - 14365696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-11 04:16 - 2014-05-23 20:26 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-11 04:16 - 2014-05-23 20:26 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-11 04:16 - 2014-05-23 20:26 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-11 04:16 - 2014-05-23 20:26 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-11 04:16 - 2014-05-23 20:26 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-11 04:16 - 2014-05-23 20:25 - 13731328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-11 04:16 - 2014-05-23 20:25 - 02862080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-11 04:16 - 2014-05-23 20:25 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-11 04:16 - 2014-05-23 20:25 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-11 04:16 - 2014-05-23 20:25 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-06-11 04:16 - 2014-05-23 20:25 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-11 04:16 - 2014-05-23 20:25 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-11 04:16 - 2014-05-23 20:25 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-11 04:16 - 2014-05-23 20:25 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-06-11 04:16 - 2014-05-23 20:25 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-11 04:16 - 2014-05-23 20:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-11 04:16 - 2014-05-23 20:25 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-11 04:16 - 2014-05-23 20:09 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-11 04:16 - 2014-05-23 20:03 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-11 04:16 - 2014-05-23 19:13 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-06-11 04:16 - 2014-05-23 19:06 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-06-11 04:16 - 2014-05-08 04:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-06-11 04:16 - 2014-05-08 04:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-06-11 04:16 - 2014-04-24 21:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-11 04:16 - 2014-04-24 21:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-11 04:16 - 2014-04-04 21:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-11 04:16 - 2014-04-04 21:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-11 04:16 - 2014-03-26 09:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-11 04:16 - 2014-03-26 09:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-11 04:16 - 2014-03-26 09:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-11 04:16 - 2014-03-26 09:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-11 04:16 - 2014-03-26 09:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-11 04:16 - 2014-03-26 09:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-11 04:16 - 2014-03-26 09:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-11 04:16 - 2014-03-26 09:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-10 06:25 - 2014-06-10 06:25 - 00291544 _____ () C:\Windows\Minidump\061014-31839-01.dmp
2014-06-07 08:04 - 2014-06-07 08:04 - 00000000 ____D () C:\Users\jmgrogan\Tracing
2014-06-07 07:55 - 2014-06-07 07:55 - 00001374 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2014-06-07 07:55 - 2014-06-07 07:55 - 00001305 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2014-06-07 07:55 - 2014-06-07 07:55 - 00000000 ____D () C:\Windows\en
2014-06-07 07:54 - 2014-06-07 07:55 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2014-06-07 07:54 - 2014-06-07 07:54 - 00002486 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
2014-06-07 07:54 - 2014-06-07 07:54 - 00001458 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2014-06-07 07:54 - 2014-03-31 21:06 - 00058056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fssfltr.sys
2014-06-07 07:53 - 2014-06-07 07:54 - 00000000 ____D () C:\Program Files\Windows Live
2014-06-07 07:53 - 2014-06-07 07:54 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-06-07 07:50 - 2014-06-07 07:50 - 00002191 _____ () C:\Users\jmgrogan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-06-07 07:50 - 2014-06-07 07:50 - 00002104 _____ () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-06-07 07:50 - 2014-06-07 07:50 - 00002104 _____ () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-06-07 07:50 - 2014-06-07 07:50 - 00000000 ___RD () C:\Users\jmgrogan\OneDrive
2014-06-07 07:50 - 2014-06-07 07:50 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive
2014-06-07 07:50 - 2014-06-07 07:50 - 00000000 ____D () C:\Program Files (x86)\Microsoft OneDrive
2014-06-07 07:49 - 2014-06-07 08:04 - 00000000 ____D () C:\Users\jmgrogan\AppData\Local\Windows Live
2014-06-07 07:49 - 2014-06-07 07:49 - 01239752 _____ (Microsoft Corporation) C:\Users\jmgrogan\Downloads\wlsetup-web.exe
2014-06-05 22:33 - 2014-06-05 23:17 - 00000000 ____D () C:\Users\jmgrogan\Downloads\XBMC
2014-06-05 00:15 - 2014-06-05 00:15 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-06-05 00:15 - 2014-06-05 00:15 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-06-05 00:15 - 2014-06-05 00:15 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-06-05 00:15 - 2014-06-05 00:15 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-06-05 00:15 - 2014-06-05 00:15 - 00000000 ____D () C:\Program Files\Java
2014-06-05 00:14 - 2014-06-05 00:14 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-06-05 00:14 - 2014-06-05 00:14 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-06-05 00:14 - 2014-06-05 00:14 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-06-05 00:14 - 2014-06-05 00:14 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-06-05 00:12 - 2014-06-28 20:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2014-06-05 00:10 - 2014-06-05 00:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-06-05 00:10 - 2014-06-05 00:10 - 00000000 ____D () C:\Program Files\7-Zip

==================== One Month Modified Files and Folders =======

2014-07-05 16:58 - 2014-07-05 16:57 - 00028700 _____ () C:\Users\jmgrogan\Downloads\FRST.txt
2014-07-05 16:57 - 2014-07-05 16:57 - 00000000 ____D () C:\FRST
2014-07-05 16:57 - 2012-08-12 00:46 - 01439086 _____ () C:\Windows\WindowsUpdate.log
2014-07-05 16:56 - 2014-07-05 16:56 - 02084352 _____ (Farbar) C:\Users\jmgrogan\Downloads\FRST64.exe
2014-07-05 16:56 - 2012-11-27 02:28 - 00003954 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{5BAB1382-E444-45B1-92A2-DBDA6DCE3B31}
2014-07-05 16:54 - 2013-12-08 09:34 - 00000000 ____D () C:\Users\jmgrogan\AppData\Local\CrashDumps
2014-07-05 16:53 - 2012-08-12 02:49 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-05 16:52 - 2014-04-03 20:41 - 00000000 ____D () C:\Users\jmgrogan\AppData\Roaming\DropboxMaster
2014-07-05 16:52 - 2013-09-16 20:52 - 00000308 _____ () C:\Windows\Tasks\RtlDashSrvStart.job
2014-07-05 16:52 - 2012-12-25 14:38 - 00000000 ___RD () C:\Users\jmgrogan\Dropbox
2014-07-05 16:52 - 2012-12-25 13:53 - 00000000 ____D () C:\Users\jmgrogan\AppData\Roaming\Dropbox
2014-07-05 16:52 - 2012-08-12 02:14 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-05 16:52 - 2009-07-13 23:51 - 00133141 _____ () C:\Windows\setupact.log
2014-07-05 16:51 - 2012-08-18 02:03 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-07-05 16:51 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-05 15:32 - 2013-10-05 11:49 - 00004404 _____ () C:\Users\jmgrogan\Desktop\Rkill.txt
2014-07-05 15:15 - 2014-06-25 19:03 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-05 14:57 - 2010-11-20 22:47 - 01025570 _____ () C:\Windows\PFRO.log
2014-07-05 14:38 - 2012-08-12 02:14 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-05 13:40 - 2014-06-20 10:03 - 00000000 ____D () C:\Program Files (x86)\SurfShieldMain
2014-07-04 00:19 - 2012-08-17 23:16 - 00000000 ____D () C:\Users\jmgrogan\AppData\Roaming\XBMC
2014-07-04 00:15 - 2012-08-17 21:44 - 00000600 _____ () C:\Users\jmgrogan\AppData\Local\PUTTY.RND
2014-06-30 21:05 - 2014-06-30 19:53 - 00000000 ____D () C:\Users\jmgrogan\Downloads\spybot_files
2014-06-30 19:56 - 2014-06-30 19:56 - 00027696 _____ () C:\Users\jmgrogan\Desktop\dds.txt
2014-06-30 19:56 - 2014-06-30 19:56 - 00012442 _____ () C:\Users\jmgrogan\Desktop\attach.txt
2014-06-30 19:43 - 2014-06-30 19:43 - 00000000 ____D () C:\Windows\ERDNT
2014-06-30 19:42 - 2014-06-30 19:42 - 00791393 _____ (Lars Hederer ) C:\Users\jmgrogan\Downloads\erunt-setup.exe
2014-06-30 19:42 - 2014-06-30 19:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-06-30 19:42 - 2014-06-30 19:42 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-06-30 19:25 - 2009-07-13 23:45 - 00026240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-30 19:25 - 2009-07-13 23:45 - 00026240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-30 19:17 - 2014-02-01 19:01 - 00000000 ____D () C:\Users\jmgrogan\AppData\Roaming\TeamViewer
2014-06-29 00:21 - 2012-09-21 20:50 - 00000000 ____D () C:\Users\jmgrogan\AppData\Roaming\Notepad++
2014-06-29 00:06 - 2012-09-21 20:50 - 00000000 ____D () C:\Program Files (x86)\Notepad++
2014-06-28 23:55 - 2012-08-12 02:49 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-28 23:55 - 2012-08-12 02:49 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-28 23:55 - 2012-08-12 02:49 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-06-28 22:35 - 2013-08-02 23:19 - 00000000 ____D () C:\Users\jmgrogan\Downloads\Tor Browser
2014-06-28 22:33 - 2014-06-28 22:31 - 27167987 _____ () C:\Users\jmgrogan\Downloads\torbrowser-install-3.6.2_en-US.exe
2014-06-28 20:47 - 2014-06-28 20:47 - 00291544 _____ () C:\Windows\Minidump\062814-64303-01.dmp
2014-06-28 20:47 - 2012-08-13 16:44 - 00000000 ____D () C:\Windows\Minidump
2014-06-28 20:46 - 2014-06-28 20:46 - 621981145 ____N () C:\Windows\MEMORY.DMP
2014-06-28 20:45 - 2014-06-28 20:45 - 00001131 _____ () C:\Users\Public\Desktop\DivX Converter.lnk
2014-06-28 20:45 - 2014-06-05 00:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2014-06-28 20:45 - 2013-01-02 03:19 - 00000000 ____D () C:\Program Files\DivX
2014-06-28 20:45 - 2013-01-02 03:19 - 00000000 ____D () C:\Program Files (x86)\DivX
2014-06-28 20:45 - 2013-01-02 03:18 - 00000000 ____D () C:\ProgramData\DivX
2014-06-27 07:39 - 2014-06-27 07:39 - 00291544 _____ () C:\Windows\Minidump\062714-65411-01.dmp
2014-06-26 20:03 - 2014-05-28 19:33 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-06-26 20:00 - 2014-06-26 20:00 - 00291528 _____ () C:\Windows\Minidump\062614-56721-01.dmp
2014-06-26 19:26 - 2014-06-26 19:26 - 00000000 ____D () C:\Users\jmgrogan\Downloads\6209_25th_Ave
2014-06-26 19:16 - 2014-06-26 19:16 - 00291544 _____ () C:\Windows\Minidump\062614-61027-01.dmp
2014-06-25 19:03 - 2014-06-25 19:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-25 19:03 - 2014-06-25 19:03 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-25 19:03 - 2013-10-05 11:52 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-25 19:03 - 2013-10-05 11:52 - 00000000 ____D () C:\Users\jmgrogan\AppData\Roaming\Malwarebytes
2014-06-25 19:03 - 2013-10-05 11:52 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-25 19:03 - 2013-10-05 11:52 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-06-25 07:16 - 2014-06-25 07:16 - 00291544 _____ () C:\Windows\Minidump\062514-63508-01.dmp
2014-06-22 23:28 - 2012-08-12 02:44 - 00000000 ____D () C:\Users\jmgrogan\AppData\Roaming\Mozilla
2014-06-22 23:27 - 2014-06-22 23:27 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-06-22 23:27 - 2014-06-22 23:27 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-06-22 23:27 - 2014-06-22 23:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-22 23:27 - 2014-06-22 23:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-22 23:26 - 2014-06-22 23:25 - 00284224 _____ (Mozilla) C:\Users\jmgrogan\Downloads\Firefox Setup Stub 30.0.exe
2014-06-22 23:13 - 2014-06-22 23:13 - 00283168 _____ () C:\Windows\Minidump\062214-58500-01.dmp
2014-06-22 18:09 - 2014-06-22 18:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-06-22 18:09 - 2014-06-22 18:08 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-06-22 18:09 - 2014-06-22 18:08 - 00000000 ____D () C:\Program Files\iTunes
2014-06-22 18:09 - 2014-06-22 18:08 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-06-22 18:09 - 2012-11-21 15:27 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-06-22 18:08 - 2014-06-22 18:08 - 00000000 ____D () C:\Program Files\iPod
2014-06-22 18:04 - 2012-11-21 15:25 - 00000000 ____D () C:\ProgramData\Apple
2014-06-22 18:02 - 2014-06-22 18:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-06-22 18:02 - 2013-11-28 13:55 - 00001845 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-06-22 18:02 - 2013-11-28 13:55 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-06-22 17:59 - 2012-11-21 15:27 - 00000000 ____D () C:\Users\jmgrogan\AppData\Roaming\Apple Computer
2014-06-22 15:03 - 2014-05-11 19:14 - 00000000 ____D () C:\Users\jmgrogan\AppData\Roaming\.minecraft
2014-06-22 06:39 - 2014-02-09 14:45 - 00006760 _____ () C:\Windows\system32\TeamViewer9_Hooks.log
2014-06-22 06:38 - 2014-02-01 19:01 - 00001102 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-06-22 06:38 - 2014-02-01 19:01 - 00001090 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-06-21 09:40 - 2013-03-16 16:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-06-20 21:51 - 2014-06-20 21:51 - 00002051 _____ () C:\Windows\wininit.ini
2014-06-20 20:10 - 2009-07-13 21:34 - 00450712 ____R () C:\Windows\system32\Drivers\etc\hosts.20140625-192956.backup
2014-06-20 20:03 - 2014-06-20 20:03 - 00000000 ____D () C:\Program Files (x86)\predm
2014-06-20 15:02 - 2009-07-14 00:08 - 00032610 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-20 10:04 - 2014-06-20 10:04 - 00002450 _____ () C:\Users\jmgrogan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-06-20 10:02 - 2014-06-20 10:02 - 00002318 _____ () C:\Users\jmgrogan\Desktop\Continue installation - Octodad_DadliestCatchFullVersionGameFreeDownload Installation.lnk
2014-06-20 10:02 - 2014-06-20 10:02 - 00000000 ____D () C:\Users\jmgrogan\AppData\Local\4377
2014-06-19 22:50 - 2014-06-19 22:50 - 00291544 _____ () C:\Windows\Minidump\061914-64631-01.dmp
2014-06-19 16:48 - 2014-06-19 16:48 - 00291544 _____ () C:\Windows\Minidump\061914-37221-01.dmp
2014-06-17 19:33 - 2012-08-12 02:14 - 00003898 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-17 19:33 - 2012-08-12 02:14 - 00003646 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-15 11:39 - 2014-06-15 11:39 - 00291544 _____ () C:\Windows\Minidump\061514-32697-01.dmp
2014-06-14 06:00 - 2014-06-14 06:00 - 00291424 _____ () C:\Windows\Minidump\061414-32370-01.dmp
2014-06-13 18:07 - 2014-05-06 00:48 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-12 19:56 - 2014-06-12 19:56 - 00291544 _____ () C:\Windows\Minidump\061214-35365-01.dmp
2014-06-12 17:14 - 2013-07-28 11:33 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-12 17:11 - 2013-11-14 05:04 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-12 17:11 - 2012-08-12 01:05 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-11 13:26 - 2014-06-11 13:26 - 00291544 _____ () C:\Windows\Minidump\061114-39374-01.dmp
2014-06-10 06:25 - 2014-06-10 06:25 - 00291544 _____ () C:\Windows\Minidump\061014-31839-01.dmp
2014-06-08 04:13 - 2014-06-11 04:16 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 04:08 - 2014-06-11 04:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-07 08:04 - 2014-06-07 08:04 - 00000000 ____D () C:\Users\jmgrogan\Tracing
2014-06-07 08:04 - 2014-06-07 07:49 - 00000000 ____D () C:\Users\jmgrogan\AppData\Local\Windows Live
2014-06-07 08:04 - 2012-08-12 00:46 - 00000000 ____D () C:\Users\jmgrogan
2014-06-07 07:55 - 2014-06-07 07:55 - 00001374 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2014-06-07 07:55 - 2014-06-07 07:55 - 00001305 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2014-06-07 07:55 - 2014-06-07 07:55 - 00000000 ____D () C:\Windows\en
2014-06-07 07:55 - 2014-06-07 07:54 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2014-06-07 07:54 - 2014-06-07 07:54 - 00002486 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
2014-06-07 07:54 - 2014-06-07 07:54 - 00001458 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2014-06-07 07:54 - 2014-06-07 07:53 - 00000000 ____D () C:\Program Files\Windows Live
2014-06-07 07:54 - 2014-06-07 07:53 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-06-07 07:54 - 2013-11-14 05:08 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2014-06-07 07:53 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-06-07 07:51 - 2013-08-20 01:22 - 00012455 _____ () C:\Windows\DirectX.log
2014-06-07 07:50 - 2014-06-07 07:50 - 00002191 _____ () C:\Users\jmgrogan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-06-07 07:50 - 2014-06-07 07:50 - 00002104 _____ () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-06-07 07:50 - 2014-06-07 07:50 - 00002104 _____ () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-06-07 07:50 - 2014-06-07 07:50 - 00000000 ___RD () C:\Users\jmgrogan\OneDrive
2014-06-07 07:50 - 2014-06-07 07:50 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive
2014-06-07 07:50 - 2014-06-07 07:50 - 00000000 ____D () C:\Program Files (x86)\Microsoft OneDrive
2014-06-07 07:49 - 2014-06-07 07:49 - 01239752 _____ (Microsoft Corporation) C:\Users\jmgrogan\Downloads\wlsetup-web.exe
2014-06-07 06:23 - 2013-07-14 13:04 - 00000000 ____D () C:\Users\jmgrogan\AppData\Local\Screencast-O-Matic
2014-06-05 23:17 - 2014-06-05 22:33 - 00000000 ____D () C:\Users\jmgrogan\Downloads\XBMC
2014-06-05 00:15 - 2014-06-05 00:15 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-06-05 00:15 - 2014-06-05 00:15 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-06-05 00:15 - 2014-06-05 00:15 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-06-05 00:15 - 2014-06-05 00:15 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-06-05 00:15 - 2014-06-05 00:15 - 00000000 ____D () C:\Program Files\Java
2014-06-05 00:14 - 2014-06-05 00:14 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-06-05 00:14 - 2014-06-05 00:14 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-06-05 00:14 - 2014-06-05 00:14 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-06-05 00:14 - 2014-06-05 00:14 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-06-05 00:10 - 2014-06-05 00:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-06-05 00:10 - 2014-06-05 00:10 - 00000000 ____D () C:\Program Files\7-Zip
2014-06-05 00:09 - 2012-09-21 19:22 - 00000000 ____D () C:\Users\jmgrogan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-06-05 00:09 - 2012-09-21 19:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-06-05 00:09 - 2012-09-21 19:22 - 00000000 ____D () C:\Program Files (x86)\WinRAR

Some content of TEMP:
====================
C:\Users\jmgrogan\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpobsabn.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-06-28 00:49

==================== End Of Log ============================

**geraldgrogan** · 2014-07-06, 00:09

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-07-2014 01
Ran by jmgrogan at 2014-07-05 16:58:54
Running from C:\Users\jmgrogan\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

2.1.0 (HKLM-x32\...\{4F80F043-B003-4820-B8E3-CB7E6CF5BB03}_is1) (Version: 2.1.0 - Christian Koban)
7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.111 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 13.0.0.111 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.1.151 - Adobe Systems, Inc.)
Amazon Cloud Drive (HKCU\...\23ab716f18849b6f) (Version: 2.1.2013.1340 - Amazon)
Amazon Kindle (HKCU\...\Amazon Kindle) (Version: - Amazon)
Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
Amazon Music Importer (HKLM-x32\...\com.amazon.music.uploader) (Version: 2.0.1 - Amazon Services LLC)
Amazon Music Importer (x32 Version: 2.0.1 - Amazon Services LLC) Hidden
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2018 - Avast Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Business Contact Manager for Microsoft Outlook 2010 (HKLM-x32\...\Business Contact Manager) (Version: 4.0.11308.0 - Microsoft Corporation)
Business Contact Manager for Microsoft Outlook 2010 (x32 Version: 4.0.11308.0 - Microsoft Corporation) Hidden
Camtasia Studio 8 (HKLM-x32\...\{58C8CFA6-BE34-4DFE-91F5-D807F402DFC1}) (Version: 8.2.0.1416 - TechSmith Corporation)
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.8) (Version: 5.0.0.8 - Coupons.com Incorporated)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version: - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{CA75CBF9-B078-47CB-ABA3-74EFD4FC9A43}) (Version: - Microsoft)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.3.22 - DivX, LLC)
Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
Easy Video Capture for Win 1.8 (HKLM-x32\...\{F1D682C6-3506-41DD-B26E-BB2AC26C7625}_is1) (Version: - video-recorder.net)
ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version: - Lars Hederer)
Evernote v. 5.4 (HKLM-x32\...\{59071464-DAEE-11E3-9080-00163E98E7D0}) (Version: 5.4.0.3698 - Evernote Corp.)
EVGA Precision 1.8.1 (HKLM-x32\...\Precision) (Version: 1.8.1 - EVGA Corporation)
EVGA Precision X 4.2.1 (HKLM-x32\...\PrecisionX) (Version: 4.2.1 - EVGA Corporation)
FlipShare (HKLM-x32\...\{97C658D2-61FB-027F-0D76-E9CDC84AFEC7}) (Version: 5.12.3.0 - Flip Video)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
GIMP 2.8.2 (HKLM\...\GIMP-2_is1) (Version: 2.8.2 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Drive (HKLM-x32\...\{D9F75285-4864-461D-83DA-8D056BAC44D1}) (Version: 1.16.6866.4367 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
HL-3170CDW (HKLM-x32\...\{C6580DE1-F539-4700-ADD2-3185121E51A8}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
Hulu Desktop (HKCU\...\HuluDesktop) (Version: 0.9.14 - Hulu LLC)
ISO Recorder (HKLM\...\{2D7ED2A0-9553-412B-939F-D6E0AEB2ABE1}) (Version: 3.1.0 - Alex Feinman)
iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)
Java 7 Update 55 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417055FF}) (Version: 7.0.550 - Oracle)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
join.me (HKCU\...\JoinMe) (Version: 1.14.0.132 - LogMeIn, Inc.)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
LeapFrog Connect (HKLM-x32\...\UPCShell) (Version: 5.3.0.18537 - LeapFrog)
LeapFrog Connect (x32 Version: 5.3.0.18537 - LeapFrog) Hidden
LeapFrog Leapster2 Plugin (x32 Version: 5.2.1.18456 - LeapFrog) Hidden
LibreOffice 4.2.4.2 (HKLM-x32\...\{6B4977CB-5B9F-4B24-8310-3BA527A8AF22}) (Version: 4.2.4.2 - The Document Foundation)
Magic ISO Maker v5.5 (build 0281) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0281)) (Version: - )
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Marvel Heroes Game (HKLM-x32\...\{ca6069b5-fc6b-4ce8-a03e-2304143706b7}_is1) (Version: 1.0 - Gazillion Entertainment)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Access database engine 2010 (English) (HKLM-x32\...\{90140000-00D1-0409-0000-0000000FF1CE}) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Sounds (HKLM-x32\...\{10CE1EA2-12E9-11D3-825E-00C04F6843FE}) (Version: 1.0.0.0 - Microsoft Corp)
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 (HKLM-x32\...\Microsoft SQL Server 10 Release) (Version: - Microsoft Corporation)
Microsoft SQL Server 2008 (x32 Version: - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Browser (HKLM-x32\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Common Files (x32 Version: 10.0.1600.22 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Common Files (x32 Version: 10.1.2531.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Database Engine Services (x32 Version: 10.1.2531.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Database Engine Shared (x32 Version: 10.1.2531.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Native Client (HKLM\...\{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server 2008 RsFx Driver (x32 Version: 10.1.2531.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Setup Support Files (HKLM-x32\...\{BA4DA261-CB60-4690-B202-44998DFC6986}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{0826F9E4-787E-481D-83E0-BC6A57B056D5}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft Streets & Trips 2013 (HKLM-x32\...\{C82185E8-C27B-4EF4-2013-4444BC2C2B6D}) (Version: 19.0.18.1100 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft® Office Language Pack 2010 – English (Business Contact Manager for Microsoft Outlook 2010) (x32 Version: 4.0.11308.0 - Microsoft Corporation) Hidden
Movavi Video Editor (HKLM-x32\...\Movavi Video Editor 9) (Version: 9.0.3 - Movavi)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
Musicnotes Software Suite 1.7.2 (HKLM-x32\...\Musicnotes Combined Installer_is1) (Version: 1.7.2 - Musicnotes Inc.)
Muvic Smartbar (HKLM-x32\...\{1EB8010A-F431-4F8F-874A-506B2B51F3D2}) (Version: 11.51.58.16919 - PinWid Ltd.) <==== ATTENTION
Netflix in Windows Media Center (HKLM-x32\...\{0CA72D12-F6C6-4D43-A2A0-41F5AA17E2B6}) (Version: 3.3.101.0 - Microsoft Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.7 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 314.07 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 314.07 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 314.07 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 314.07 - NVIDIA Corporation)
NVIDIA Control Panel 314.07 (Version: 314.07 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 1.8.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 314.07 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 314.07 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.142.992 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA ShadowPlay 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1407 - NVIDIA Corporation) Hidden
NVIDIA Update 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.19 - NVIDIA Corporation)
Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.9 - )
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.46.610.2011 - Realtek)
RivaTuner Statistics Server 5.2.0 (HKLM-x32\...\RTSS) (Version: 5.2.0 - Unwinder)
RtkDashClientInstaller (HKLM-x32\...\{91EA9C6F-1666-4426-9C80-85019A7A0D62}) (Version: 1.0.9 - Realtek)
Screencast-O-Matic (HKCU\...\Screencast-O-Matic) (Version: - Screencast-O-Matic)
SeaMonkey 2.16.2 (x86 en-US) (HKLM-x32\...\SeaMonkey 2.16.2 (x86 en-US)) (Version: 2.16.2 - Mozilla)
Service Pack 1 for SQL Server 2008 (KB968369) (HKLM-x32\...\KB968369) (Version: 10.1.2531.0 - Microsoft Corporation)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden
SHIELD Streaming (Version: 1.6.85 - NVIDIA Corporation) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Sql Server Customer Experience Improvement Program (x32 Version: 10.1.2531.0 - Microsoft Corporation) Hidden
SurfShield (HKLM-x32\...\SurfShield) (Version: 0.9.37 - Holdsmart Technology Ltd.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.29480 - TeamViewer)
Toolkit 6 (HKLM-x32\...\{E2E8BDDE-6F1B-4A5D-870D-2748DA79360C}) (Version: - )
TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
TurboTax 2012 WinPerFedFormset (x32 Version: 012.000.2178 - Intuit Inc.) Hidden
TurboTax 2012 WinPerReleaseEngine (x32 Version: 012.000.0473 - Intuit Inc.) Hidden
TurboTax 2012 WinPerTaxSupport (x32 Version: 012.000.0184 - Intuit Inc.) Hidden
TurboTax 2012 wrapper (x32 Version: 012.000.0127 - Intuit Inc.) Hidden
TurboTax 2012 wwiiper (x32 Version: 012.000.1551 - Intuit Inc.) Hidden
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
TurboTax 2013 WinPerFedFormset (x32 Version: 013.000.2118 - Intuit Inc.) Hidden
TurboTax 2013 WinPerReleaseEngine (x32 Version: 013.000.0492 - Intuit Inc.) Hidden
TurboTax 2013 WinPerTaxSupport (x32 Version: 013.000.0169 - Intuit Inc.) Hidden
TurboTax 2013 wrapper (x32 Version: 013.000.0135 - Intuit Inc.) Hidden
TurboTax 2013 wwiiper (x32 Version: 013.000.1406 - Intuit Inc.) Hidden
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version: - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version: - Microsoft)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster2 Plugin) (HKLM-x32\...\Leapster2Plugin) (Version: - LeapFrog)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 3.24 - NCH Software)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: - Elaborate Bytes)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
VLC Setup Helper (HKLM-x32\...\VLC Setup Helper_is1) (Version: - )
w.bloggar 3.03 (HKLM-x32\...\{DA180A92-6927-476E-9819-17B47562EA8D}) (Version: v3.03 - Marcelo Leal Limaverde Cabral)
WinDirStat 1.1.2 (HKCU\...\WinDirStat) (Version: - )
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
Windows Live Communications Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Family Safety (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
WinRAR 5.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WinSCP 5.1.7 (HKLM-x32\...\winscp3_is1) (Version: 5.1.7 - Martin Prikryl)
XBMC (HKCU\...\XBMC) (Version: - Team XBMC)
Xming 6.9.0.31 (HKLM-x32\...\Xming_is1) (Version: 6.9.0.31 - Colin Harrison)

==================== Restore Points =========================

==================== Hosts content: ==========================

2009-07-13 21:34 - 2014-06-25 19:29 - 00450712 ___RA C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 www.123fporn.info
127.0.0.1 123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com

There are 1000 more lines.

==================== Scheduled Tasks (whitelisted) =============

Task: {0A0BEE38-6C0C-4476-91BE-7202CF14E47B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-28] (Adobe Systems Incorporated)
Task: {3B2E3F85-56B7-46FA-9323-8B1856E4EF35} - System32\Tasks\RtlDashSrvStart => C:\Program Files (x86)\Realtek\RtkDashClientInstaller\RtkDashClient.exe [2011-09-22] (Realtek Semiconductor Corporation)
Task: {8B39C897-741A-4E1C-A609-164D27BED1D6} - \YourFile DownloaderUpdate No Task File <==== ATTENTION
Task: {992FF1B1-F80E-471E-94DA-69055B6422C0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-08-12] (Google Inc.)
Task: {BE53DBD1-16C4-409D-B390-C197DCA4846C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E5BC1459-9127-4C98-969C-158CB3733753} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-08-12] (Google Inc.)
Task: {E648DB95-5FF8-432F-A87D-EFE732A3A004} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-05-28] (AVAST Software)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\RtlDashSrvStart.job => C:\Program Files (x86)\Realtek\RtkDashClientInstaller\RtkDashClient.exe

==================== Loaded Modules (whitelisted) =============

2012-08-19 19:23 - 2012-07-31 11:31 - 00087152 _____ () C:\Windows\System32\cpwmon64.dll
2014-05-04 19:38 - 2014-06-06 07:27 - 00020472 _____ () C:\Windows\system32\spool\PRTPROCS\x64\TeamViewer_PrintProcessor.dll
2014-03-19 21:09 - 2013-02-09 20:04 - 00086304 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-05-06 13:07 - 2011-05-06 13:07 - 00460144 _____ () C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
2011-05-06 12:58 - 2011-05-06 12:58 - 01085440 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe
2014-05-26 05:03 - 2014-05-26 05:03 - 00224432 _____ () C:\Program Files (x86)\SurfShieldMain\UpdateService.exe
2014-05-26 05:03 - 2014-05-26 05:03 - 01279664 _____ () C:\Program Files (x86)\SurfShieldMain\proxy_server.exe
2014-01-10 00:26 - 2014-01-10 00:26 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2010-10-20 16:23 - 2010-10-20 16:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2014-05-12 04:49 - 2014-05-12 04:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2014-07-05 16:50 - 2014-07-05 16:50 - 02789888 _____ () C:\Program Files\AVAST Software\Avast\defs\14070501\algo.dll
2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-04-23 16:04 - 2014-04-23 16:04 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-10-26 00:06 - 2010-10-26 00:06 - 02248704 _____ () C:\Program Files (x86)\Flip Video\FlipShare\QtCore4.dll
2011-05-06 13:07 - 2011-05-06 13:07 - 04317184 _____ () C:\Program Files (x86)\Flip Video\FlipShare\Core.dll
2011-05-06 13:02 - 2011-05-06 13:02 - 00737280 _____ () C:\Program Files (x86)\Flip Video\FlipShare\qca2.dll
2010-10-26 00:23 - 2010-10-26 00:23 - 08351744 _____ () C:\Program Files (x86)\Flip Video\FlipShare\QtGui4.dll
2010-10-26 00:08 - 2010-10-26 00:08 - 00983040 _____ () C:\Program Files (x86)\Flip Video\FlipShare\QtNetwork4.dll
2010-10-26 00:23 - 2010-10-26 00:23 - 00204800 _____ () C:\Program Files (x86)\Flip Video\FlipShare\QtSql4.dll
2010-10-26 00:06 - 2010-10-26 00:06 - 00364544 _____ () C:\Program Files (x86)\Flip Video\FlipShare\QtXml4.dll
2010-10-26 08:34 - 2010-10-26 08:34 - 11853824 _____ () C:\Program Files (x86)\Flip Video\FlipShare\QtWebKit4.dll
2010-10-26 00:37 - 2010-10-26 00:37 - 00258048 _____ () C:\Program Files (x86)\Flip Video\FlipShare\phonon4.dll
2010-05-20 13:49 - 2010-05-20 13:49 - 00258048 _____ () C:\Program Files (x86)\Flip Video\FlipShare\boost_serialization-vc80-mt-1_43.dll
2010-05-17 09:47 - 2010-05-17 09:47 - 01199104 _____ () C:\Program Files (x86)\Flip Video\FlipShare\PocoFoundation.dll
2010-05-17 09:47 - 2010-05-17 09:47 - 00642048 _____ () C:\Program Files (x86)\Flip Video\FlipShare\PocoNet.dll
2010-05-17 09:47 - 2010-05-17 09:47 - 00511488 _____ () C:\Program Files (x86)\Flip Video\FlipShare\PocoXML.dll
2010-10-26 00:06 - 2010-10-26 00:06 - 02248704 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\QtCore4.dll
2010-10-26 00:08 - 2010-10-26 00:08 - 00983040 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\QtNetwork4.dll
2010-10-26 00:23 - 2010-10-26 00:23 - 00204800 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\QtSql4.dll
2010-05-20 13:49 - 2010-05-20 13:49 - 00258048 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\boost_serialization-vc80-mt-1_43.dll
2010-05-17 09:47 - 2010-05-17 09:47 - 01199104 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\PocoFoundation.dll
2010-05-17 09:47 - 2010-05-17 09:47 - 00642048 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\PocoNet.dll
2010-05-17 09:47 - 2010-05-17 09:47 - 00175616 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\PocoNetSSL.dll
2010-05-17 09:47 - 2010-05-17 09:47 - 00291840 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\PocoUtil.dll
2010-05-17 09:47 - 2010-05-17 09:47 - 00511488 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\PocoXML.dll
2010-05-17 09:47 - 2010-05-17 09:47 - 00110592 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\PocoCrypto.dll
2014-07-05 16:52 - 2014-07-05 16:52 - 00043008 _____ () c:\users\jmgrogan\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpobsabn.dll
2013-08-23 14:01 - 2013-08-23 14:01 - 25100288 _____ () C:\Users\jmgrogan\AppData\Roaming\Dropbox\bin\libcef.dll
2014-05-13 16:22 - 2014-05-13 16:22 - 00436576 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
2014-05-13 16:22 - 2014-05-13 16:22 - 00318304 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
2013-12-24 19:10 - 2009-02-27 17:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2014-05-28 19:33 - 2014-05-28 19:33 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-01-10 00:28 - 2014-01-10 00:28 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2014-07-05 16:52 - 2014-07-05 16:52 - 00098816 _____ () C:\Users\jmgrogan\AppData\Local\Temp\_MEI50562\win32api.pyd
2014-07-05 16:52 - 2014-07-05 16:52 - 00110080 _____ () C:\Users\jmgrogan\AppData\Local\Temp\_MEI50562\pywintypes27.dll
2014-07-05 16:52 - 2014-07-05 16:52 - 00364544 _____ () C:\Users\jmgrogan\AppData\Local\Temp\_MEI50562\pythoncom27.dll
2014-07-05 16:52 - 2014-07-05 16:52 - 00045568 _____ () C:\Users\jmgrogan\AppData\Local\Temp\_MEI50562\_socket.pyd
2014-07-05 16:52 - 2014-07-05 16:52 - 01160704 _____ () C:\Users\jmgrogan\AppData\Local\Temp\_MEI50562\_ssl.pyd
2014-07-05 16:52 - 2014-07-05 16:52 - 00320512 _____ () C:\Users\jmgrogan\AppData\Local\Temp\_MEI50562\win32com.shell.shell.pyd
2014-07-05 16:52 - 2014-07-05 16:52 - 00713216 _____ () C:\Users\jmgrogan\AppData\Local\Temp\_MEI50562\_hashlib.pyd
2014-07-05 16:52 - 2014-07-05 16:52 - 01175040 _____ () C:\Users\jmgrogan\AppData\Local\Temp\_MEI50562\wx._core_.pyd
2014-07-05 16:52 - 2014-07-05 16:52 - 00805888 _____ () C:\Users\jmgrogan\AppData\Local\Temp\_MEI50562\wx._gdi_.pyd
2014-07-05 16:52 - 2014-07-05 16:52 - 00811008 _____ () C:\Users\jmgrogan\AppData\Local\Temp\_MEI50562\wx._windows_.pyd
2014-07-05 16:52 - 2014-07-05 16:52 - 01062400 _____ () C:\Users\jmgrogan\AppData\Local\Temp\_MEI50562\wx._controls_.pyd
2014-07-05 16:52 - 2014-07-05 16:52 - 00735232 _____ () C:\Users\jmgrogan\AppData\Local\Temp\_MEI50562\wx._misc_.pyd
2014-07-05 16:52 - 2014-07-05 16:52 - 00128512 _____ () C:\Users\jmgrogan\AppData\Local\Temp\_MEI50562\_elementtree.pyd
2014-07-05 16:52 - 2014-07-05 16:52 - 00127488 _____ () C:\Users\jmgrogan\AppData\Local\Temp\_MEI50562\pyexpat.pyd
2014-07-05 16:52 - 2014-07-05 16:52 - 00557056 _____ () C:\Users\jmgrogan\AppData\Local\Temp\_MEI50562\pysqlite2._sqlite.pyd
2014-07-05 16:52 - 2014-07-05 16:52 - 00007168 _____ () C:\Users\jmgrogan\AppData\Local\Temp\_MEI50562\hashobjs_ext.pyd
2014-07-05 16:52 - 2014-07-05 16:52 - 00087552 _____ () C:\Users\jmgrogan\AppData\Local\Temp\_MEI50562\_ctypes.pyd
2014-07-05 16:52 - 2014-07-05 16:52 - 00119808 _____ () C:\Users\jmgrogan\AppData\Local\Temp\_MEI50562\win32file.pyd
2014-07-05 16:52 - 2014-07-05 16:52 - 00108544 _____ () C:\Users\jmgrogan\AppData\Local\Temp\_MEI50562\win32security.pyd
2014-07-05 16:52 - 2014-07-05 16:52 - 00018432 _____ () C:\Users\jmgrogan\AppData\Local\Temp\_MEI50562\win32event.pyd
2014-07-05 16:52 - 2014-07-05 16:52 - 00038912 _____ () C:\Users\jmgrogan\AppData\Local\Temp\_MEI50562\win32inet.pyd
2014-07-05 16:52 - 2014-07-05 16:52 - 00070656 _____ () C:\Users\jmgrogan\AppData\Local\Temp\_MEI50562\wx._html2.pyd
2014-07-05 16:52 - 2014-07-05 16:52 - 00167936 _____ () C:\Users\jmgrogan\AppData\Local\Temp\_MEI50562\win32gui.pyd
2014-07-05 16:52 - 2014-07-05 16:52 - 00011264 _____ () C:\Users\jmgrogan\AppData\Local\Temp\_MEI50562\win32crypt.pyd
2014-07-05 16:52 - 2014-07-05 16:52 - 00027136 _____ () C:\Users\jmgrogan\AppData\Local\Temp\_MEI50562\_multiprocessing.pyd
2014-07-05 16:52 - 2014-07-05 16:52 - 00122368 _____ () C:\Users\jmgrogan\AppData\Local\Temp\_MEI50562\wx._wizard.pyd
2014-07-05 16:52 - 2014-07-05 16:52 - 00010240 _____ () C:\Users\jmgrogan\AppData\Local\Temp\_MEI50562\select.pyd
2014-07-05 16:52 - 2014-07-05 16:52 - 00024064 _____ () C:\Users\jmgrogan\AppData\Local\Temp\_MEI50562\win32pipe.pyd
2014-07-05 16:52 - 2014-07-05 16:52 - 00686080 _____ () C:\Users\jmgrogan\AppData\Local\Temp\_MEI50562\unicodedata.pyd
2014-07-05 16:52 - 2014-07-05 16:52 - 00025600 _____ () C:\Users\jmgrogan\AppData\Local\Temp\_MEI50562\win32pdh.pyd
2014-07-05 16:52 - 2014-07-05 16:52 - 00525640 _____ () C:\Users\jmgrogan\AppData\Local\Temp\_MEI50562\windows._lib_cacheinvalidation.pyd
2014-07-05 16:52 - 2014-07-05 16:52 - 00035840 _____ () C:\Users\jmgrogan\AppData\Local\Temp\_MEI50562\win32process.pyd
2014-07-05 16:52 - 2014-07-05 16:52 - 00017408 _____ () C:\Users\jmgrogan\AppData\Local\Temp\_MEI50562\win32profile.pyd
2014-07-05 16:52 - 2014-07-05 16:52 - 00022528 _____ () C:\Users\jmgrogan\AppData\Local\Temp\_MEI50562\win32ts.pyd
2014-07-05 16:52 - 2014-07-05 16:52 - 00078336 _____ () C:\Users\jmgrogan\AppData\Local\Temp\_MEI50562\wx._animate.pyd

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1

==================== Safe Mode (whitelisted) ===================

==================== EXE Association (whitelisted) =============

==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Spotify => "C:\Users\jmgrogan\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\jmgrogan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (07/05/2014 04:54:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 30.0.0.5269, time stamp: 0x53914233
Faulting module name: mozalloc.dll, version: 30.0.0.5269, time stamp: 0x53911393
Exception code: 0x80000003
Fault offset: 0x0000141b
Faulting process id: 0x19e8
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (07/05/2014 04:52:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/05/2014 04:50:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/05/2014 02:58:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/04/2014 03:44:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_SysMain, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: sysmain.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c9db
Exception code: 0xc0000005
Fault offset: 0x0000000000017ef1
Faulting process id: 0x1f40
Faulting application start time: 0xsvchost.exe_SysMain0
Faulting application path: svchost.exe_SysMain1
Faulting module path: svchost.exe_SysMain2
Report Id: svchost.exe_SysMain3

Error: (07/04/2014 00:36:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: XBMC.exe, version: 13.0.0.0, time stamp: 0x5366ceec
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000005
Fault offset: 0x00038e19
Faulting process id: 0x17e4
Faulting application start time: 0xXBMC.exe0
Faulting application path: XBMC.exe1
Faulting module path: XBMC.exe2
Report Id: XBMC.exe3

Error: (07/03/2014 03:41:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_SysMain, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: sysmain.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c9db
Exception code: 0xc0000005
Fault offset: 0x0000000000017ef1
Faulting process id: 0x10e8
Faulting application start time: 0xsvchost.exe_SysMain0
Faulting application path: svchost.exe_SysMain1
Faulting module path: svchost.exe_SysMain2
Report Id: svchost.exe_SysMain3

Error: (07/03/2014 06:39:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_SysMain, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: sysmain.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c9db
Exception code: 0xc0000005
Fault offset: 0x0000000000017ef1
Faulting process id: 0x2424
Faulting application start time: 0xsvchost.exe_SysMain0
Faulting application path: svchost.exe_SysMain1
Faulting module path: svchost.exe_SysMain2
Report Id: svchost.exe_SysMain3

Error: (07/03/2014 04:02:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_WinDefend, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: offreg.dll, version: 6.3.9600.16384, time stamp: 0x5215f709
Exception code: 0xc0000005
Fault offset: 0x0000000000002dd8
Faulting process id: 0x18d0
Faulting application start time: 0xsvchost.exe_WinDefend0
Faulting application path: svchost.exe_WinDefend1
Faulting module path: svchost.exe_WinDefend2
Report Id: svchost.exe_WinDefend3

Error: (06/30/2014 08:08:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_SysMain, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: sysmain.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c9db
Exception code: 0xc0000005
Fault offset: 0x000000000001a6ba
Faulting process id: 0x9e8
Faulting application start time: 0xsvchost.exe_SysMain0
Faulting application path: svchost.exe_SysMain1
Faulting module path: svchost.exe_SysMain2
Report Id: svchost.exe_SysMain3

System errors:
=============
Error: (07/05/2014 04:50:55 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Superfetch service terminated with service-specific error %%0.

Error: (07/05/2014 04:50:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Remote Desktop Services service failed to start due to the following error:
%%1069

Error: (07/05/2014 04:50:53 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The TermService service was unable to log on as NT Authority\NetworkService with the currently configured password due to the following error:
%%50

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (07/05/2014 04:50:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Diagnostic Service Host service failed to start due to the following error:
%%1069

Error: (07/05/2014 04:50:53 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error:
%%50

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (07/05/2014 04:50:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Network Connections service failed to start due to the following error:
%%1115

Error: (07/05/2014 04:50:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Background Intelligent Transfer Service service failed to start due to the following error:
%%1115

Error: (07/05/2014 04:50:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Network List Service service failed to start due to the following error:
%%1069

Error: (07/05/2014 04:50:53 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The netprofm service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error:
%%50

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (07/05/2014 04:50:52 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Group Policy Client service did not shut down properly after receiving a preshutdown control.

Microsoft Office Sessions:
=========================
Error: (07/05/2014 04:54:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe30.0.0.526953914233mozalloc.dll30.0.0.526953911393800000030000141b19e801cf989b88b9a814C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dlle3942615-048e-11e4-8f62-6c626d80af17

Error: (07/05/2014 04:52:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/05/2014 04:50:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/05/2014 02:58:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/04/2014 03:44:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_SysMain6.1.7600.163854a5bc3c1sysmain.dll6.1.7601.175144ce7c9dbc00000050000000000017ef11f4001cf96ff54528453C:\Windows\system32\svchost.exec:\windows\system32\sysmain.dll6a7f7e25-0357-11e4-b2af-6c626d80af17

Error: (07/04/2014 00:36:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: XBMC.exe13.0.0.05366ceecntdll.dll6.1.7601.18247521ea8e7c000000500038e1917e401cf974779e83335C:\Program Files (x86)\XBMC\XBMC.exeC:\Windows\SysWOW64\ntdll.dll174fda79-033d-11e4-b2af-6c626d80af17

Error: (07/03/2014 03:41:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_SysMain6.1.7600.163854a5bc3c1sysmain.dll6.1.7601.175144ce7c9dbc00000050000000000017ef110e801cf96b389f7598aC:\Windows\system32\svchost.exec:\windows\system32\sysmain.dll6d827788-02f2-11e4-b2af-6c626d80af17

Error: (07/03/2014 06:39:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_SysMain6.1.7600.163854a5bc3c1sysmain.dll6.1.7601.175144ce7c9dbc00000050000000000017ef1242401cf94c920fc923aC:\Windows\system32\svchost.exec:\windows\system32\sysmain.dlla2be9033-02a6-11e4-b2af-6c626d80af17

Error: (07/03/2014 04:02:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_WinDefend6.1.7600.163854a5bc3c1offreg.dll6.3.9600.163845215f709c00000050000000000002dd818d001cf94c238ba5ffbC:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C1211A9C-437B-4210-838E-D9ACA373C1D8}\offreg.dllb744fe6d-0290-11e4-b2af-6c626d80af17

Error: (06/30/2014 08:08:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_SysMain6.1.7600.163854a5bc3c1sysmain.dll6.1.7601.175144ce7c9dbc0000005000000000001a6ba9e801cf94c36008b211C:\Windows\system32\svchost.exec:\windows\system32\sysmain.dll3937d179-00bc-11e4-b2af-6c626d80af17

CodeIntegrity Errors:
===================================
Date: 2014-05-26 16:55:43.665
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

Date: 2014-05-26 15:55:31.665
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

Date: 2014-05-26 15:49:11.871
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

Date: 2014-05-26 11:58:17.575
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Percentage of memory in use: 56%
Total physical RAM: 4095.18 MB
Available physical RAM: 1788.5 MB
Total Pagefile: 8188.54 MB
Available Pagefile: 5918.73 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:100.49 GB) (Free:4.02 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Storage) (Fixed) (Total:730.34 GB) (Free:74.44 GB) NTFS
Drive g: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 000A6787)
Partition 1: (Not Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=100 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=101 GB) - (Type=83)
Partition 4: (Not Active) - (Size=730 GB) - (Type=07 NTFS)

==================== End Of Log ============================

**ken545** · 2014-07-06, 00:49

Hi,

Looks like you have FRST/64 in your downloads folder, right click on it and select CUT then come back to your desktop and right click on a blank space and select PASTE

Open notepad (Start =>All Programs => Accessories => Notepad).
Please copy the entire contents of the code box below.
(To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).
Save it to the same directory as frst.exe (or frst64.exe) as fixlist.txt. ( it has to be right next to FRST/64)

Start
() C:\Program Files (x86)\SurfShieldMain\proxy_server.exe
AppInit_DLLs: C:\PROGRA~2\SupTab\SEARCH~2.DLL => C:\PROGRA~2\SupTab\SEARCH~2.DLL File Not Found
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:48557
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.helperbar.com/?p=mKO_AwFzXIpYRa0T-NJ1bNV5iGB7j76kR7EOZGkeQkbUBtqSnxyioASX7XiWPTst5zdJKiQESoiWYtbko64KGosO6fUCgELr8jtQbVSuh8KPTtQ182gMBPeYNGX7hF4y4-ouHDX8ICJxjZ4ktbaRwl4phfcFQU_r4Z2r4tszUvZdv2HkVUO8QFunND5OybU,&q={searchTerms}
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.helperbar.com/?p=mKO_AwFzXIpYRa0T-NJ1bNV5iGB7j76kR7EOZGkeQkbUBtqSnxyioASX7XiWPTst5zdJKiQESoiWYtbko64KGosO6fUCgELr8jtQbVSuh8KPTtQ182gMBPeYNGX7hF4y4-ouHDX8ICJxjZ4ktbaRwl4phfcFQU_r4Z2r4tszUvZdv2HkVUO8QFunND5OybU,&q={searchTerms}
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.helperbar.com/?p=mKO_AwFzXIpYRa0T-NJ1bNV5iGB7j76kR7EOZGkeQkbUBtqSnxyioASX7XiWPTst5zdJKiQESoiWYtbko64KGosO6fUCgELr8jtQbVSuh8KPTtQ182gMBPeYNGX7hF4y4-ouHDX8ICJxjZ4ktbaRwl4phfcFQU_r4Z2r4tszUvZdv2HkVUO8QFunND5OybQ,&q={searchTerms}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.helperbar.com/?p=mKO_AwFzXIpYRa0T-NJ1bNV5iGB7j76kR7EOZGkeQkbUBtqSnxyioASX7XiWPTst5zdJKiQESoiWYtbko64KGosO6fUCgELr8jtQbVSuh8KPTtQ182gMBPeYNGX7hF4y4-ouHDX8ICJxjZ4ktbaRwl4phfcFQU_r4Z2r4tszUvZdv2HkVUO8QFunND5OybQ,&q={searchTerms}
R2 SurfShieldUpdateService; C:\Program Files (x86)\SurfShieldMain\UpdateService.exe [224432 2014-05-26] ()
R1 {f9d2f209-1697-4837-85f2-d88e4c9f7c81}Gw64; C:\Windows\System32\drivers\{f9d2f209-1697-4837-85f2-d88e4c9f7c81}Gw64.sys [61120 2014-05-27] (StdLib)
2014-06-20 10:03 - 2014-07-05 13:40 - 00000000 ____D () C:\Program Files (x86)\SurfShieldMain
2014-07-05 13:40 - 2014-06-20 10:03 - 00000000 ____D () C:\Program Files (x86)\SurfShieldMain
SurfShield (HKLM-x32\...\SurfShield) (Version: 0.9.37 - Holdsmart Technology Ltd.)
Task: {8B39C897-741A-4E1C-A609-164D27BED1D6} - \YourFile DownloaderUpdate No Task File <==== ATTENTION
2014-05-26 05:03 - 2014-05-26 05:03 - 00224432 _____ () C:\Program Files (x86)\SurfShieldMain\UpdateService.exe
2014-05-26 05:03 - 2014-05-26 05:03 - 01279664 _____ () C:\Program Files (x86)\SurfShieldMain\proxy_server.exe
Hosts:
End

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Then open FRST64 and click on fix
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Then let me know how your system is behaving now and if SurfShield is gone, also, after posting the fixlog go ahead and run a new scan with FRST, when you open it make sure to check the addition log and post both logs please

**geraldgrogan** · 2014-07-06, 01:07

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-07-2014 01
Ran by jmgrogan at 2014-07-05 18:04:38 Run:1
Running from C:\Users\jmgrogan\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
() C:\Program Files (x86)\SurfShieldMain\proxy_server.exe
AppInit_DLLs: C:\PROGRA~2\SupTab\SEARCH~2.DLL => C:\PROGRA~2\SupTab\SEARCH~2.DLL File Not Found
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:48557
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.helperbar.com/?p=mKO_AwFzXIpYRa0T-NJ1bNV5iGB7j76kR7EOZGkeQkbUBtqSnxyioASX7XiWPTst5zdJKiQESoiWYtbko64KGosO6fUCgELr8jtQbVSuh8KPTtQ182gMBPeYNGX7hF4y4-ouHDX8ICJxjZ4ktbaRwl4phfcFQU_r4Z2r4tszUvZdv2HkVUO8QFunND5OybU,&q={searchTerms}
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.helperbar.com/?p=mKO_AwFzXIpYRa0T-NJ1bNV5iGB7j76kR7EOZGkeQkbUBtqSnxyioASX7XiWPTst5zdJKiQESoiWYtbko64KGosO6fUCgELr8jtQbVSuh8KPTtQ182gMBPeYNGX7hF4y4-ouHDX8ICJxjZ4ktbaRwl4phfcFQU_r4Z2r4tszUvZdv2HkVUO8QFunND5OybU,&q={searchTerms}
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.helperbar.com/?p=mKO_AwFzXIpYRa0T-NJ1bNV5iGB7j76kR7EOZGkeQkbUBtqSnxyioASX7XiWPTst5zdJKiQESoiWYtbko64KGosO6fUCgELr8jtQbVSuh8KPTtQ182gMBPeYNGX7hF4y4-ouHDX8ICJxjZ4ktbaRwl4phfcFQU_r4Z2r4tszUvZdv2HkVUO8QFunND5OybQ,&q={searchTerms}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.helperbar.com/?p=mKO_AwFzXIpYRa0T-NJ1bNV5iGB7j76kR7EOZGkeQkbUBtqSnxyioASX7XiWPTst5zdJKiQESoiWYtbko64KGosO6fUCgELr8jtQbVSuh8KPTtQ182gMBPeYNGX7hF4y4-ouHDX8ICJxjZ4ktbaRwl4phfcFQU_r4Z2r4tszUvZdv2HkVUO8QFunND5OybQ,&q={searchTerms}
R2 SurfShieldUpdateService; C:\Program Files (x86)\SurfShieldMain\UpdateService.exe [224432 2014-05-26] ()
R1 {f9d2f209-1697-4837-85f2-d88e4c9f7c81}Gw64; C:\Windows\System32\drivers\{f9d2f209-1697-4837-85f2-d88e4c9f7c81}Gw64.sys [61120 2014-05-27] (StdLib)
2014-06-20 10:03 - 2014-07-05 13:40 - 00000000 ____D () C:\Program Files (x86)\SurfShieldMain
2014-07-05 13:40 - 2014-06-20 10:03 - 00000000 ____D () C:\Program Files (x86)\SurfShieldMain
SurfShield (HKLM-x32\...\SurfShield) (Version: 0.9.37 - Holdsmart Technology Ltd.)
Task: {8B39C897-741A-4E1C-A609-164D27BED1D6} - \YourFile DownloaderUpdate No Task File <==== ATTENTION
2014-05-26 05:03 - 2014-05-26 05:03 - 00224432 _____ () C:\Program Files (x86)\SurfShieldMain\UpdateService.exe
2014-05-26 05:03 - 2014-05-26 05:03 - 01279664 _____ () C:\Program Files (x86)\SurfShieldMain\proxy_server.exe
Hosts:
End
*****************

[3308] C:\Program Files (x86)\SurfShieldMain\proxy_server.exe => Process closed successfully.
"C:\PROGRA~2\SupTab\SEARCH~2.DLL" => Value Data removed successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5}'=> Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}' => Key deleted successfully.
'HKCR\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5}'=> Key not found.
SurfShieldUpdateService => Service stopped successfully.
SurfShieldUpdateService => Service deleted successfully.
{f9d2f209-1697-4837-85f2-d88e4c9f7c81}Gw64 => Service stopped successfully.
{f9d2f209-1697-4837-85f2-d88e4c9f7c81}Gw64 => Service deleted successfully.
C:\Program Files (x86)\SurfShieldMain => Moved successfully.
"C:\Program Files (x86)\SurfShieldMain" => File/Directory not found.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8B39C897-741A-4E1C-A609-164D27BED1D6}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8B39C897-741A-4E1C-A609-164D27BED1D6}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YourFile DownloaderUpdate' => Key deleted successfully.
"C:\Program Files (x86)\SurfShieldMain\UpdateService.exe" => File/Directory not found.
"C:\Program Files (x86)\SurfShieldMain\proxy_server.exe" => File/Directory not found.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

==== End of Fixlog ====

Thread: Request for assistance with removal of SurfShield

Thread Tools

Display

Request for assistance with removal of SurfShield

Posting Permissions