MossNet

Status
Not open for further replies.
J

Johnwf

New member
there's something called MossNet.exe on my laptop and i can't remove it. I can't delete it and when i end the process in task manager, it pops up again immediately.

this thing opens up menus and ad videos on the browser tab that i have open and opens new windows and tabs. I use firefox and my pc uses windows 7.

can anyone help?
 
Hi Johnwf,

My name is OCD. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • Copy and Paste logs directly into the reply window. DO NOT attach the logs unless specifically instructed to do so.
IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

Please stay with this topic until I let you know that your system appears to be "All Clear"

Important: All tools MUST be run from the Desktop.

=========================

Security Check

Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
=========================

aswMBR

Download aswMBR.exe and save it to your desktop.
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click Scan
  • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
  • You will also notice another file created on the desktop named MBR.dat. Save this file, but do not post it.
=========================

Download Farbar Recovery Scan Tool and save to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click and select "Run as Administrator" to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply
=========================

In your next post please provide the following:
  • checkup.txt
  • aswMBR.txt
  • FRST.txt
  • Addition.txt
 
Hi Johnwf,

We use tools that are designed specifically to help diagnose malware, these are some of the initial programs I need you to download and run a scan of your computer with.
The logs generated by these tools help both diagnose and remove the infection, along with some other tools I may request for you to run.

i don't understand any of that, sorry.
Click to expand...
Can you please explain in more detail what you don't understand?

Each program has step by step instructions to aid you in running the scans requested. Just take it one scan at a time. If you should run into any issues that prevent you from completing a step, move onto the next step and let me know in your next reply what problems you encountered.
 
OCD,
it took a while to figure out your instructions, but i downloaded the three programs that you suggested. the first program ran ok and i'm pasting the report below.

I tried running aswMBR several times and it kept crashing after running a few hours. It seems to get stuck in C:\ Users\jf\Appdata folder. Appdata is hidden from me but the user name folder that contains it is about 98 gigs. I managed to stop aswMBR at one point and got a partial report that i've pasted below.

Frst64 ran ok, but the first.txt file is rather long and i'll post that in a separate reply on this thread.

As for my own attempts at a solution: before i figured out what your instructions meant, i started the pc in safe mode and was able to delete the MossNet folder and files. that didn't seem to help at all. those file are still in my trash bin.

thanks for your help

Security Check:
Results of screen317's Security Check version 0.99.89
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Spybot - Search and Destroy
Norton Internet Security
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Spybot - Search & Destroy
Java(TM) 6 Update 35
Java 7 Update 67
Adobe Flash Player 15.0.0.189
Adobe Reader 10.1.9 Adobe Reader out of Date!
Mozilla Firefox (33.0.2)
Google Chrome 38.0.2125.104
Google Chrome 38.0.2125.111
Google Chrome Plugins...
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````


swMBR version 1.0.1.2172 Copyright(c) 2014 AVAST Software
Run date: 2014-11-03 13:18:49
-----------------------------
13:18:49.083 OS Version: Windows x64 6.1.7601 Service Pack 1
13:18:49.083 Number of processors: 4 586 0x2505
13:18:49.083 ComputerName: JF-HP UserName: jf
13:18:52.655 Initialize success
13:18:53.295 VM: initialized successfully
13:18:53.295 VM: Intel CPU BiosDisabled
13:18:53.466 supported disk I/O iaStor.sys
13:19:22.233 AVAST engine defs: 14110301
13:20:35.132 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
13:20:35.132 Disk 0 Vendor: ST950032 0005 Size: 476940MB BusType: 3
13:20:35.849 Disk 0 MBR read successfully I/O
13:20:35.865 Disk 0 MBR scan
13:20:35.865 Disk 0 Windows 7 default MBR code
13:20:35.896 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
13:20:35.943 Disk 0 default boot code
13:20:35.943 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 456887 MB offset 409600
13:20:35.990 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 15789 MB offset 936114176
13:20:36.099 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 4063 MB offset 968450048
13:20:36.582 Disk 0 scanning C:\Windows\system32\drivers
13:22:47.202 Service scanning
13:23:33.050 Modules scanning
13:23:33.066 Disk 0 trace - called modules:
13:23:33.378 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys
13:23:33.424 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006b71060]
13:23:33.424 3 CLASSPNP.SYS[fffff88001c0143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800683c050]
13:23:36.685 AVAST engine scan C:\Windows
13:26:16.975 AVAST engine scan C:\Windows\system32
13:30:45.452 AVAST engine scan C:\Windows\system32\drivers
13:31:15.232 AVAST engine scan C:\Users\jf
17:23:21.030 Disk 0 MBR has been saved successfully to "C:\Users\jf\Desktop\MBR.dat"


Results of screen317's Security Check version 0.99.89
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Spybot - Search and Destroy
Norton Internet Security
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Spybot - Search & Destroy
Java(TM) 6 Update 35
Java 7 Update 67
Adobe Flash Player 15.0.0.189
Adobe Reader 10.1.9 Adobe Reader out of Date!
Mozilla Firefox (33.0.2)
Google Chrome 38.0.2125.104
Google Chrome 38.0.2125.111
Google Chrome Plugins...
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````


---------------

Results of screen317's Security Check version 0.99.89
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Spybot - Search and Destroy
Norton Internet Security
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Spybot - Search & Destroy
Java(TM) 6 Update 35
Java 7 Update 67
Adobe Flash Player 15.0.0.189
Adobe Reader 10.1.9 Adobe Reader out of Date!
Mozilla Firefox (33.0.2)
Google Chrome 38.0.2125.104
Google Chrome 38.0.2125.111
Google Chrome Plugins...
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 
MossNet First.txt

OCD,

here is the report from the third program that you told me to run: First64.exe

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-11-2014
Ran by jf (administrator) on JF-HP on 04-11-2014 10:40:20
Running from C:\Users\jf\Desktop
Loaded Profiles: UpdatusUser & jf (Available profiles: UpdatusUser & jf)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe
() C:\Users\jf\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
() C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Memeo) C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Memeo) C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\ToolbarUpdater.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\loggingserver.exe
(Axentra Corporation) C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(AOL Inc.) C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.bin
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Microsoft Corporation) C:\Windows\System32\calc.exe
(JetBrains s.r.o.) C:\Program Files (x86)\JetBrains\PyCharm 3.4.1\bin\pycharm.exe
(JetBrains s.r.o.) C:\Program Files (x86)\JetBrains\PyCharm 3.4.1\bin\fsnotifier.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2799912 2011-06-09] (Synaptics Incorporated)
HKLM\...\Run: [SetDefault] => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [42808 2011-06-27] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-06-07] (IDT, Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-04-30] (Intel Corporation)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [111640 2010-07-23] ()
HKLM-x32\...\Run: [HPQuickWebProxy] => C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [168504 2011-06-28] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [586808 2011-04-08] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2013-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [318520 2011-01-27] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HostManager] => C:\Program Files (x86)\Common Files\AOL\1321982911\ee\AOLSoftware.exe [41800 2010-03-08] (AOL Inc.)
HKLM-x32\...\Run: [Seagate Dashboard] => C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe [79112 2011-06-01] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41336 2013-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2013-12-18] (Adobe Systems Inc.)
HKLM-x32\...\Run: [SDTray] => G:\newSB\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1818647912-2415854210-1634842132-1001\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-1818647912-2415854210-1634842132-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1818647912-2415854210-1634842132-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21650016 2014-07-24] (Skype Technologies S.A.)
HKU\S-1-5-21-1818647912-2415854210-1634842132-1001\...\Run: [Spybot-S&D Cleaning] => G:\newSB\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-1818647912-2415854210-1634842132-1001\...\MountPoints2: {006d27c1-e783-11e0-b7df-441ea1db795c} - H:\GSLoader.exe
HKU\S-1-5-21-1818647912-2415854210-1634842132-1001\...\MountPoints2: {006d27cf-e783-11e0-b7df-441ea1db795c} - G:\GSLoader.exe
HKU\S-1-5-21-1818647912-2415854210-1634842132-1001\...\MountPoints2: {006d27d9-e783-11e0-b7df-441ea1db795c} - G:\GSLoader.exe
AppInit_DLLs: C:\PROGRA~3\Wincert\WIN64C~1.DLL => C:\PROGRA~3\Wincert\WIN64C~1.DLL File Not Found
AppInit_DLLs: C:\PROGRA~2\SRTOOL~1\Datamngr\x64\datamngr.dll => C:\PROGRA~2\SRTOOL~1\Datamngr\x64\datamngr.dll File Not Found
AppInit_DLLs: C:\PROGRA~2\SRTOOL~1\Datamngr\x64\IEBHO.dll => C:\PROGRA~2\SRTOOL~1\Datamngr\x64\IEBHO.dll File Not Found
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [226920 2011-05-04] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PKZIP Attachments Status.lnk
ShortcutTarget: PKZIP Attachments Status.lnk -> C:\Program Files (x86)\PKWARE\PKZIPM\14.00.0023\PKTray.exe (No File)
BootExecute: autocheck autochk * sdnclean64.exebddel.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: HKLM-x32 - AOL Toolbar Search Class - {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL Inc.)
URLSearchHook: HKCU - AOL Toolbar Search Class - {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL Inc.)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=110&systemid=102&apn_dtid=BND102&apn_ptnrs=AG7&o=APN10646&apn_uid=6631612535604238&q={searchTerms}
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=110&systemid=102&apn_dtid=BND102&apn_ptnrs=AG7&o=APN10646&apn_uid=6631612535604238&q={searchTerms}
SearchScopes: HKLM - {B374193C-B509-427B-98F0-AA8C003D5CE8} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=110&systemid=102&apn_dtid=BND102&apn_ptnrs=AG7&o=APN10646&apn_uid=6631612535604238&q={searchTerms}
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 - {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=843&q={searchTerms}&s_it=adknowledgeaol-ie&s_qt=sb&tb_uuid=2013030164555973&tb_oid=01-03-2013
&tb_mrud=01-03-2013

SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=110&systemid=102&apn_dtid=BND102&apn_ptnrs=AG7&o=APN10646&apn_uid=6631612535604238&q={searchTerms}
SearchScopes: HKLM-x32 - {B374193C-B509-427B-98F0-AA8C003D5CE8} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKCU - E2A638FFF120487AAAFFDE79401ADCA5 URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=110&systemid=102&apn_dtid=BND102&apn_ptnrs=AG7&o=APN10646&apn_uid=6631612535604238&q={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKCU - {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=843&q={searchTerms}&s_it=adknowledgeaol-ie&s_qt=sb&tb_uuid=2013030164555973&tb_oid=01-03-2013
&tb_mrud=01-03-2013

SearchScopes: HKCU - {B374193C-B509-427B-98F0-AA8C003D5CE8} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: AOL Toolbar Loader -> {3ef64538-8b54-4573-b48f-4d34b0238ab2} -> C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL Inc.)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: DefaultTab Browser Helper -> {7F6AFBF1-E065-4627-A2FD-810366367D01} -> C:\Windows\SysWow64\config\systemprofile\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll (Search Results LLC.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - AOL Toolbar - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL Inc.)
Toolbar: HKLM-x32 - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} - No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKCU - No Name - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
DPF: HKLM-x32 {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} http://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.7\ViProtocol.dll (AVG Secure Search)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\jf\AppData\Roaming\Mozilla\Firefox\Profiles\i426p9qx.default
FF DefaultSearchEngine: Bing
FF DefaultSearchUrl: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3279141&CUI=UN20251320522072031&UM=2&SearchSource=3&q={searchTerms}
FF SearchEngineOrder.1: Ask Search
FF SearchEngineOrder.3: Bing
FF SelectedSearchEngine: Bing
FF Homepage: hxxp://www.google.com/
FF Keyword.URL: hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&dt=072713&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.7\\npsitesafety.dll No File
FF Plugin-x32: @caminova.com/DjVuPlugin -> C:\Program Files (x86)\Caminova\Document Express DjVu Plug-in\npdjvu.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @viewpoint.com/VMP -> C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\4\NP_wtapp.dll No File
FF Plugin-x32: @wolfram.com/Mathematica -> C:\Program Files (x86)\Common Files\Wolfram Research\Browser\9.0.1.4092550\npmathplugin.dll (Wolfram Research, Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\jf\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF user.js: detected! => C:\Users\jf\AppData\Roaming\Mozilla\Firefox\Profiles\i426p9qx.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\jf\AppData\Roaming\Mozilla\Firefox\Profiles\i426p9qx.default\searchplugins\ask-search.xml
FF SearchPlugin: C:\Users\jf\AppData\Roaming\Mozilla\Firefox\Profiles\i426p9qx.default\searchplugins\bingp.xml
FF SearchPlugin: C:\Users\jf\AppData\Roaming\Mozilla\Firefox\Profiles\i426p9qx.default\searchplugins\safeguard-secure-search.xml
FF SearchPlugin: C:\Users\jf\AppData\Roaming\Mozilla\Firefox\Profiles\i426p9qx.default\searchplugins\Search_Results.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
FF Extension: Search-Results Toolbar - C:\Users\jf\AppData\Roaming\Mozilla\Firefox\Profiles\i426p9qx.default\Extensions\{7abe12ca-e995-4ab4-9a4e-ef8820a20182} [2013-02-25]
FF Extension: Adblock Plus - C:\Users\jf\AppData\Roaming\Mozilla\Firefox\Profiles\i426p9qx.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-03-02]
FF Extension: MossNet - C:\Users\jf\AppData\Roaming\Mozilla\Firefox\Profiles\i426p9qx.default\Extensions\{f7baf0dd-2cb5-4a9a-bf04-5948fdc1b4d4}.xpi [2014-11-02]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-10-30]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-10-30]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-10-30]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\IPSFFPlgn
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\IPSFFPlgn [2011-09-19]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\coFFPlgn [2014-11-04]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-02-27]
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.1.7.599
FF Extension: AVG SafeGuard toolbar - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.1.7.599 [2014-06-24]

Chrome:
=======
CHR Profile: C:\Users\jf\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\jf\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (DefaultTab) - C:\Users\jf\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc [2013-09-09]
CHR Extension: (Skype Click to Call) - C:\Users\jf\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-05-02]
CHR Extension: (Norton Identity Protection) - C:\Users\jf\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2011-09-19]
CHR Extension: (Google Wallet) - C:\Users\jf\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-09]
CHR Extension: (WhiteSmoke B) - C:\Users\jf\AppData\Local\Google\Chrome\User Data\Default\Extensions\oelbclnhkbhlhikfmpmbakbgeonbjjnp [2014-05-02]
CHR HKCU\...\Chrome\Extension: [oelbclnhkbhlhikfmpmbakbgeonbjjnp] - C:\Users\jf\AppData\Local\CRE\oelbclnhkbhlhikfmpmbakbgeonbjjnp.crx [2013-02-28]
CHR HKLM-x32\...\Chrome\Extension: [kdidombaedgpfiiedeimiebkmbilgmlc] - C:\Program Files (x86)\DefaultTab\DefaultTab.crx [2013-02-06]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\Exts\Chrome.crx [2013-02-05]
CHR HKLM-x32\...\Chrome\Extension: [oelbclnhkbhlhikfmpmbakbgeonbjjnp] - C:\Users\jf\AppData\Local\CRE\oelbclnhkbhlhikfmpmbakbgeonbjjnp.crx [2013-02-28]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 DefaultTabSearch; C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe [574464 2013-12-19] () [File not signed]
R2 DefaultTabUpdate; C:\Users\jf\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe [107520 2013-03-01] () [File not signed]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2372096 2011-02-18] (Realsil Microelectronics Inc.) [File not signed]
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe [138272 2012-06-15] (Symantec Corporation)
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 SDScannerService; G:\newSB\Spybot - Search & Destroy 2\SDFSSvc.exe [1740760 2014-09-03] (Safer-Networking Ltd.)
R2 SDUpdateService; G:\newSB\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; G:\newSB\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 vToolbarUpdater18.1.7; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\ToolbarUpdater.exe [1807896 2014-06-24] (AVG Secure Search)
S2 CltMngSvc; C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe [X]
S3 GamesAppService; "C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe" [X]
S2 Update MossNet; "C:\Program Files (x86)\MossNet\updateMossNet.exe" [X]
S2 Util MossNet; "C:\Program Files (x86)\MossNet\bin\utilMossNet.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ATWPKT2; C:\Windows\system32\drivers\ATWPKT264.SYS [33400 2010-07-13] (America Online)
S3 ATWPKT2; C:\Windows\SysWOW64\drivers\ATWPKT264.SYS [34520 2014-02-25] (America Online)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50464 2014-06-24] (AVG Technologies)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20121106.001\BHDrvx64.sys [1384608 2012-10-23] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1309010.00E\ccSetx64.sys [167072 2012-06-06] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-11-26] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-09-28] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20121123.001\IDSvia64.sys [513184 2012-09-27] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20121126.009\ENG64.SYS [126112 2012-11-26] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20121126.009\EX64.SYS [2084000 2012-11-26] (Symantec Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1309010.00E\SRTSP64.SYS [737952 2012-07-05] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1309010.00E\SRTSPX64.SYS [37536 2012-07-05] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1309010.00E\SYMDS64.SYS [451192 2011-05-16] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1309010.00E\SYMEFA64.SYS [1129120 2012-05-21] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2012-03-27] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1309010.00E\Ironx64.SYS [190072 2012-04-17] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1309010.00E\SYMNETS.SYS [405624 2012-04-17] (Symantec Corporation)
R1 {f7baf0dd-2cb5-4a9a-bf04-5948fdc1b4d4}Gw64; C:\Windows\System32\drivers\{f7baf0dd-2cb5-4a9a-bf04-5948fdc1b4d4}Gw64.sys [48824 2014-11-01] (StdLib)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-03 21:58 - 2014-11-03 21:58 - 00036459 _____ () C:\Users\jf\Desktop\Addition.txt
2014-11-03 21:56 - 2014-11-04 10:40 - 00032304 _____ () C:\Users\jf\Desktop\FRST.txt
2014-11-03 21:56 - 2014-11-04 10:40 - 00000000 ____D () C:\FRST
2014-11-03 17:58 - 2014-11-03 17:57 - 00001262 _____ () C:\Users\jf\Desktop\ocd.txt - Shortcut.lnk
2014-11-03 17:23 - 2014-11-03 20:21 - 00005591 _____ () C:\Users\jf\Desktop\aswMBR.txt
2014-11-03 17:23 - 2014-11-03 20:21 - 00000512 _____ () C:\Users\jf\Desktop\MBR.dat
2014-11-03 09:38 - 2014-11-03 09:36 - 05192704 _____ (AVAST Software) C:\Users\jf\Desktop\aswMBR.exe
2014-11-03 09:38 - 2014-11-03 09:34 - 00854448 _____ () C:\Users\jf\Desktop\SecurityCheck.exe
2014-11-03 09:37 - 2014-11-03 09:37 - 02114560 _____ (Farbar) C:\Users\jf\Desktop\FRST64.exe
2014-11-02 08:00 - 2014-11-02 08:00 - 00335360 _____ () C:\Users\jf\AppData\Local\recently-used.xbel
2014-11-01 19:06 - 2014-11-03 09:28 - 00058044 _____ () C:\Windows\SysWOW64\bddel.dat
2014-11-01 16:50 - 2014-11-02 12:19 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-11-01 16:49 - 2014-11-01 16:49 - 00000000 ____D () C:\Users\jf\AppData\Roaming\PKWARE
2014-11-01 05:18 - 2014-11-02 06:12 - 00000000 ____D () C:\ProgramData\3b9e48eb-7eb0-4e64-b897-fceb9c7c0b0b
2014-11-01 04:48 - 2014-11-01 00:52 - 00048824 _____ (StdLib) C:\Windows\system32\Drivers\{f7baf0dd-2cb5-4a9a-bf04-5948fdc1b4d4}Gw64.sys
2014-11-01 04:05 - 2014-11-01 04:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PKZIP
2014-11-01 04:00 - 2014-11-01 04:00 - 00000000 ____D () C:\Users\jf\AppData\Local\Downloaded Installations
2014-11-01 03:45 - 2014-11-01 03:49 - 23718824 _____ (PKWARE, Inc) C:\Users\jf\Downloads\pkz140023en.exe
2014-11-01 03:44 - 2014-11-01 03:45 - 00911856 _____ () C:\Users\jf\Downloads\downloadmanager_e8c0286e-a4bd-4889-b52d-a71ab5ead79f.tmp
2014-10-30 14:25 - 2014-10-30 14:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-23 16:51 - 2014-10-23 16:51 - 00000000 ____D () C:\Users\jf\AppData\Roaming\JetBrains
2014-10-23 16:49 - 2014-10-23 16:49 - 00000000 ____D () C:\Users\jf\.PyCharm30
2014-10-23 16:48 - 2014-10-23 16:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JetBrains
2014-10-23 16:48 - 2014-10-23 16:48 - 00000000 ____D () C:\Program Files (x86)\JetBrains
2014-10-13 16:12 - 2014-10-14 10:13 - 00000000 ____D () C:\Users\jf\.idlerc
2014-10-13 16:11 - 2014-10-13 16:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 3.4
2014-10-13 16:10 - 2014-10-13 16:11 - 00000000 ____D () C:\Python34
2014-10-12 14:29 - 2014-10-12 14:29 - 00000616 _____ () C:\Users\jf\.xmaximarc
2014-10-12 14:27 - 2014-10-12 14:27 - 00001212 _____ () C:\Users\jf\Desktop\wxMaxima.lnk
2014-10-12 14:27 - 2014-10-12 14:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maxima-5.31.2
2014-10-12 14:26 - 2014-10-12 14:27 - 00000000 ____D () C:\Program Files (x86)\Maxima-5.31.2
2014-10-12 09:20 - 2014-10-12 09:20 - 00000000 ____D () C:\Users\jf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\D
2014-10-12 09:03 - 2014-10-12 09:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\D
2014-10-06 21:15 - 2014-10-06 21:15 - 02736640 _____ (Python Software Foundation) C:\Windows\SysWOW64\python34.dll
2014-10-06 21:13 - 2014-10-06 21:13 - 00102912 _____ (Python Software Foundation) C:\Windows\pyw.exe
2014-10-06 21:13 - 2014-10-06 21:13 - 00102400 _____ (Python Software Foundation) C:\Windows\py.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-04 10:21 - 2014-02-08 00:20 - 00000280 _____ () C:\Windows\Tasks\Digital Sites.job
2014-11-04 10:21 - 2013-03-11 12:18 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-04 10:20 - 2013-06-20 19:20 - 00000274 _____ () C:\Windows\Tasks\DSite.job
2014-11-04 10:00 - 2011-09-19 19:55 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-04 09:59 - 2011-09-19 15:38 - 00003902 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{9CA117B6-5F0C-441D-824D-1F43DE34B559}
2014-11-04 02:21 - 2013-07-26 23:20 - 00000220 _____ () C:\Users\jf\AppData\Roaming\WB.CFG
2014-11-04 02:00 - 2011-10-26 07:15 - 00000000 ____D () C:\Users\jf\AppData\Local\Adobe
2014-11-04 01:51 - 2009-07-13 23:45 - 00031856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-04 01:51 - 2009-07-13 23:45 - 00031856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-04 01:45 - 2009-07-14 00:13 - 00779142 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-04 01:41 - 2011-09-19 19:53 - 00000000 ____D () C:\Users\jf\AppData\Roaming\Skype
2014-11-04 01:37 - 2014-04-14 07:13 - 00006586 _____ () C:\Windows\setupact.log
2014-11-04 01:37 - 2011-09-19 19:55 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-04 01:37 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-04 01:27 - 2011-09-26 22:50 - 00000000 ____D () C:\Users\jf\AppData\Local\CrashDumps
2014-11-03 19:16 - 2010-11-20 22:47 - 00422510 _____ () C:\Windows\PFRO.log
2014-11-03 19:11 - 2012-03-30 04:03 - 01682065 _____ () C:\Windows\WindowsUpdate.log
2014-11-03 12:22 - 2011-09-19 15:34 - 00000000 ____D () C:\Users\jf
2014-11-03 09:55 - 2013-01-31 14:34 - 00000000 ____D () C:\Users\jf\.gimp-2.8
2014-11-03 08:14 - 2013-06-10 12:31 - 00042741 _____ () C:\Windows\wininit.ini
2014-11-02 11:50 - 2009-07-13 21:34 - 00000536 _____ () C:\Windows\win.ini
2014-11-02 08:00 - 2011-12-20 08:26 - 00000000 ____D () C:\Users\jf\AppData\Local\gtk-2.0
2014-11-02 06:19 - 2013-03-01 06:14 - 00000000 ____D () C:\Users\jf\AppData\Local\SwvUpdater
2014-11-01 22:17 - 2009-07-14 00:08 - 00032558 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-01 16:48 - 2013-03-01 23:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-01 13:37 - 2013-03-05 16:21 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-11-01 13:27 - 2014-04-16 03:13 - 00000993 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-11-01 13:27 - 2014-04-16 03:13 - 00000993 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-11-01 13:27 - 2014-04-16 03:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-11-01 13:27 - 2012-02-28 19:33 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-10-31 20:41 - 2011-09-25 09:42 - 00000166 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-10-31 08:10 - 2013-03-11 12:18 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-10-31 08:10 - 2012-06-04 11:41 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-31 08:10 - 2011-07-16 00:37 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-28 06:27 - 2011-09-19 20:01 - 00002216 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-27 19:11 - 2014-04-21 16:30 - 00003662 _____ () C:\Windows\System32\Tasks\DTChk
2014-10-27 19:11 - 2014-04-21 16:30 - 00000000 ____D () C:\Users\Public\Util
2014-10-18 15:55 - 2011-09-19 19:55 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-18 15:55 - 2011-09-19 19:55 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-17 07:43 - 2011-10-14 06:02 - 00000000 ____D () C:\Users\jf\Documents\Family Tree Maker
2014-10-11 22:41 - 2014-09-15 16:14 - 00000000 ____D () C:\Program Files (x86)\Notepad++

Files to move or delete:
====================
C:\Users\jf\jobq.dat


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-28 13:55

==================== End Of Log ============================

thanks again
 
MossNet frst64 Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-11-2014
Ran by jf at 2014-11-03 21:58:13
Running from C:\Users\jf\Desktop
Boot Mode: Safe Mode (minimal)
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Spybot - Search and Destroy (Enabled - Up to date) {20A26C15-1AF0-7CA3-9380-FAB824A7EE0D}
AV: Norton Internet Security (Disabled - Out of date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: Norton Internet Security (Disabled - Out of date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.9 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.6.0.5970 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
Amazon Kindle (HKCU\...\Amazon Kindle) (Version: - Amazon)
AOL Toolbar (HKCU\...\AOL Toolbar) (Version: - )
AOL Toolbar (HKLM-x32\...\AOL Toolbar) (Version: - )
AOL Uninstaller (Choose which Products to Remove) (HKLM-x32\...\AOL Uninstaller) (Version: - AOL Inc.)
Apple Application Support (HKLM-x32\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Blender (HKLM\...\Blender) (Version: 2.66a - Blender Foundation)
Blio (HKLM-x32\...\{9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}) (Version: 2.2.6699 - K-NFB Reading Technology, Inc.)
Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chronicles of Albian (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.1.4119 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Defaulttab (HKLM-x32\...\DefaultTab) (Version: 2.5.0.0 - Search Results, LLC) <==== ATTENTION
DMC (HKLM-x32\...\DMC) (Version: 857 - Digital Mars)
DMD (HKLM-x32\...\DMD) (Version: 2.066.0 - Digital Mars)
DMD 1 (HKLM-x32\...\DMD 1) (Version: 1.076 - Digital Mars)
Document Express DjVu Plug-in (HKLM-x32\...\{2E8C03EC-E09F-4868-A4AC-02B9285D3E09}) (Version: 6.1.31831 - Caminova, Inc.)
Download Updater (AOL Inc.) (HKLM-x32\...\SoftwareUpdUtility) (Version: - AOL Inc.) <==== ATTENTION
ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{E96CAA2A-0244-4A2A-8403-0C3C9534778B}) (Version: 2.1.1 - Hewlett-Packard)
Family Tree Maker 2006 (HKLM-x32\...\{F2F4C144-7D1A-47C4-9D53-395A57B0CD64}) (Version: - )
Family Tree Maker 2012 (HKLM-x32\...\Family Tree Maker 2012) (Version: 21.0.388 - Ancestry.com, Inc.)
Family Tree Maker 2012 (x32 Version: 21.0.388 - Ancestry.com, Inc.) Hidden
FamilySearch Indexing 3.10.5 (HKLM-x32\...\0591-8077-9297-0833) (Version: 3.10.5 - FamilySearch)
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Firestorm-Beta-Mesh (remove only) (HKLM-x32\...\Firestorm-Beta-Mesh) (Version: - )
Firestorm-Release (remove only) (HKLM-x32\...\Firestorm-Release) (Version: - )
Game of Life (HKLM-x32\...\GameOfLife) (Version: 1.5 - Edwin Martin)
GEDmill 1.11.0 (HKLM-x32\...\GEDmill_is1) (Version: - The Logic Mill)
GenealogyJ 6755 (HKLM-x32\...\GenealogyJ 6755) (Version: 6755 - )
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
GIMP Extensions 2.8.20130115 (HKLM\...\GIMP Extensions) (Version: 2.8.20130115 - Pedro Cunha)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
GrampsAIO (HKLM-x32\...\GrampsAIO 4.0.3) (Version: 4.0.3 - The GRAMPS project)
GrampsAIO (HKLM-x32\...\GrampsAIO) (Version: 3.3.1-2 - The GRAMPS project)
GrampsAIO64 (HKLM-x32\...\GrampsAIO64) (Version: 4.0.2 - The GRAMPS project)
Haskell Platform 2014.2.0.0 (HKLM\...\HaskellPlatform-2014.2.0.0) (Version: - Haskell.org)
Hewlett-Packard ACLM.NET v1.1.1.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HP Documentation (HKLM-x32\...\{25F3EC6C-BB03-4CEB-B36C-E656A9DD149E}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP Launch Box (HKLM\...\{9CAB2212-0732-4827-8EC4-61D8EF0AA65B}) (Version: 1.0.11 - Hewlett-Packard Company)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard Company)
HP On Screen Display (HKLM-x32\...\{9B9B8EE4-2EDB-41C2-AF2E-63E75D37CDDF}) (Version: 1.1.2 - Hewlett-Packard Company)
HP Power Manager (HKLM-x32\...\{872B1C80-38EC-4A31-A25C-980820593900}) (Version: 1.2.3 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{ABEF00D0-FCAE-4E47-8D4E-D4AE5FD72B15}) (Version: 2.4.3 - Hewlett-Packard Company)
HP QuickWeb (HKLM-x32\...\{8B52057C-15DB-433E-957C-E279BC7D07E3}) (Version: 3.1.0.9742 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{5036764A-435D-40C9-869C-31085A3D741D}) (Version: 8.7.4751.3798 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13476.3753 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{6C302296-6129-4125-9FD6-2188ECD8814E}) (Version: 4.1.6.1 - Hewlett-Packard Company)
Image Converter (HKLM-x32\...\Image Converter Image Converter) (Version: 1.0.0 - Image Converter)
Image Editor Packages (HKCU\...\Image Editor Packages) (Version: - ) <==== ATTENTION
Imprudence Viewer 1.3.2 (HKLM-x32\...\{D7736EE8-AFCE-4735-BBE3-652CDFBBFCA8}_is1) (Version: - The Imprudence And Kokua Projects)
Inkscape 0.48.4 (HKLM-x32\...\Inkscape) (Version: 0.48.4 - )
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2372 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.5.0.1026 - Intel Corporation)
InWorldz Viewer 1.4.4.2 (HKLM-x32\...\{DC6CCE02-BC61-43B1-B4CA-292C6BCCCB34}_is1) (Version: 1.4.4.2 - InWorldz, LLC)
jass-magic-1.1.4 (remove only) (HKLM-x32\...\jass-magic-1.1) (Version: - )
jass-pro-2.3.11 (remove only) (HKLM-x32\...\jass-pro-2.3) (Version: - )
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.670 - Oracle)
Java(TM) 6 Update 35 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216035FF}) (Version: 6.0.350 - Oracle)
JetBrains PyCharm 3.4.1 (HKLM-x32\...\PyCharm 3.4.1) (Version: 135.1057 - JetBrains s.r.o.)
Jewel Quest: The Sleepless Star - Collector's Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
JWFG troom shiny floor demo game (HKLM-x32\...\JWFG troom shiny floor demo game) (Version: - )
Legacy 7.5 (HKLM-x32\...\Legacy 7.5) (Version: 7.5 - Millennia Corporation)
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Mathematica Extras 9.0 (4092550) (HKLM\...\A-WIN-Extras 9.0.1 4092550_is1) (Version: 9.0.1 - Wolfram Research, Inc.)
Maxima 5.31.2 (HKLM-x32\...\Maxima-5.31.2_is1) (Version: 5.31.2 - The Maxima Development Team)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
METAbolt (HKCU\...\METAbolt 0.9.68.0) (Version: 0.9.53.0 - www.metabolt.net)
METAbolt (x32 Version: 0.9.68.0 - www.metabolt.net) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20125.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MossNet (HKLM\...\MossNet) (Version: 2014.11.01.073025 - MossNet)
Mozilla Firefox 33.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.0.2 (x86 en-US)) (Version: 33.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Mystery of Mortlake Mansion (x32 Version: 2.2.0.97 - WildTangent) Hidden
Namco All-Stars: PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
Norton Internet Security (HKLM-x32\...\NIS) (Version: 19.9.1.14 - Symantec Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.9 - Notepad++ Team)
NVIDIA Graphics Driver 268.47 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 268.47 - NVIDIA Corporation)
OpenOffice 4.1.0 (HKLM-x32\...\{C87EF11D-36E9-479D-9898-7541EA1E8A6A}) (Version: 4.10.9764 - Apache Software Foundation)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Personal Ancestral File 5 (HKLM-x32\...\{D94A8E22-DF2B-4107-9E51-608A60A7671D}) (Version: - )
Phoenix Viewer 1.6.0.1691 (HKLM-x32\...\{26DB09BC-6EB5-4CE0-A05D-D4DECE60E189}_is1) (Version: - PhoenixViewer.com)
PKZIP for Windows 14.00.0023 (HKLM-x32\...\{FEC9C644-1F7F-4733-AB26-C299F23019CA}) (Version: 14.00.0023 - PKWARE, Inc)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Python 3.4.2 (HKLM-x32\...\{2583CDBA-8A53-4622-BB67-1D163714C1B4}) (Version: 3.4.16349 - Python Software Foundation)
QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
Ralink RT5390 802.11b/g/n WiFi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: 3.02.01.0 - Ralink)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.40.126.2011 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.77 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) Hidden
RootsMagic 5.0.3.1 (HKLM-x32\...\{C1689DDD-6378-4966-8865-6292D7141A6A}_is1) (Version: - RootsMagic, Inc.)
Seagate Dashboard (HKLM-x32\...\{C3A11907-930D-41AC-A135-CC3B12F92011}) (Version: 1.1.0.1421 - Memeo Inc.)
SecondLifeViewer2 (remove only) (HKLM-x32\...\SecondLifeViewer2) (Version: - )
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Slingo Supreme (x32 Version: 2.2.0.97 - WildTangent) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.11.0 - Synaptics Incorporated)
Unity (HKLM-x32\...\Unity) (Version: - Unity Technologies ApS)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Update for Image Editor (HKCU\...\DSite) (Version: - ) <==== ATTENTION
Vacation Quest - The Hawaiian Islands (x32 Version: 2.2.0.97 - WildTangent) Hidden
Viewpoint Media Player (HKLM-x32\...\ViewpointMediaPlayer) (Version: - )
Virtual Villagers 5 - New Believers (x32 Version: 2.2.0.97 - WildTangent) Hidden
Visual D - Visual Studio Integration of the D Programming Language (HKLM-x32\...\VisualD) (Version: 0.3.38-1 - Rainer Schuetze)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version: - )
WinZip 16.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240CD}) (Version: 16.0.9715 - WinZip Computing, S.L. )
Wolfram CDF Player (M-WIN-D 9.0.1 4092685) (HKLM-x32\...\M-WIN-D 9.0.1 4092685_is1) (Version: 9.0.1 - Wolfram Research, Inc.)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1818647912-2415854210-1634842132-1001_Classes\CLSID\{D45F043D-F17F-4e8a-8435-70971D9FA46D}\InprocServer32 -> C:\Program Files (x86)\Blender Foundation\Blender\BlendThumb64.dll ()

==================== Restore Points =========================

13-10-2014 21:08:55 Installed Python 3.4.2
21-10-2014 04:00:10 Scheduled Checkpoint
28-10-2014 20:17:44 Scheduled Checkpoint
01-11-2014 09:04:38 Installed PKZIP for Windows 14.00.0023.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2013-03-06 13:24 - 00444830 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 www.123fporn.info
127.0.0.1 123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {047D4316-6561-4465-A7E7-5CC38C0C04E5} - System32\Tasks\{0CD4B1BF-B23C-4F11-A079-DB72E531FBE7} => Firefox.exe http://ui.skype.com/ui/0/5.9.0.115/en/abandoninstall?page=tsProgressBar
Task: {0DC85D05-7347-4B5B-A165-B70943471E00} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-06-21] (Hewlett-Packard Company)
Task: {19C5373D-AD5D-48C4-9B52-D371B14F8F3F} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2011-06-27] ()
Task: {1C313607-E4FA-4631-BEDA-DF4B0B732D41} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {1E86F58F-3538-4CED-92E7-7BFE481B4CFA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-25] (Google Inc.)
Task: {26DA5606-DFDE-457B-9AFD-A2DE464A970A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-06-21] (Hewlett-Packard Company)
Task: {3032B35E-160E-459E-B4D2-58F9075D878E} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => G:\newSB\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {47E43221-5051-4725-8130-780658D4931D} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => G:\newSB\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {51A25C15-1439-450E-A5CE-FABFBB4745BE} - System32\Tasks\{E62F93C4-A1D5-42BC-9E98-48A162507941} => Firefox.exe http://ui.skype.com/ui/0/6.1.0.129.272/en/go/help.faq.installer?LastError=1618
Task: {68438351-3917-46A8-A428-78DCEFA37992} - System32\Tasks\{9F35E84A-9E46-4208-B9CC-EF856FE4F341} => Firefox.exe http://ui.skype.com/ui/0/6.18.0.106/en/abandoninstall?page=tsProgressBar
Task: {6D3E1BBE-5FA1-452E-970E-F9700D582C97} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\WSCStub.exe [2013-02-01] (Symantec Corporation)
Task: {7B10C099-8757-4E3E-9777-AB94D6856998} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\SymErr.exe [2012-02-03] (Symantec Corporation)
Task: {8109601F-BD53-4162-A916-CC92FE6CFC4D} - System32\Tasks\DTChk => C:\Users\Public\Util\DTChk.exe <==== ATTENTION
Task: {82C248A5-5754-4E83-BE17-12AF330E4911} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-31] (Adobe Systems Incorporated)
Task: {87E60597-366A-44A9-915C-A8EA84F42C0E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe [2011-06-14] (Hewlett-Packard)
Task: {892588FB-6140-455A-8B45-4851D38DBBED} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\SymErr.exe [2012-02-03] (Symantec Corporation)
Task: {8A377796-69A0-44AF-AB51-5F23367ECD36} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-06-15] (CyberLink)
Task: {8BB4C6A8-6342-4756-BA45-75AC378FE6C1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe [2011-06-21] (Hewlett-Packard Company)
Task: {ADDE20B3-E86E-4755-B5FA-A0F5DBA75C31} - System32\Tasks\DTReg => C:\Windows\system32\config\systemprofile\AppData\Roaming\DefaultTab\DefaultTab\DTReg.exe <==== ATTENTION
Task: {B9187967-31AE-46D7-945B-982D9E80C4FE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-25] (Google Inc.)
Task: {BCB4AEED-493B-48A4-8A88-942C9250A8A3} - System32\Tasks\Digital Sites => C:\Users\jf\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: {E689EB74-1687-4950-80C4-874CE8635D9A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [2011-03-22] (Hewlett-Packard Company)
Task: {E7A9CCA4-8128-4F4D-9EF8-0268546719B3} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => G:\newSB\Spybot - Search & Destroy 2\SDScan.exe
Task: {E7C455F5-4E37-4557-9CFA-79DE234F9967} - System32\Tasks\{FA80F54E-1D6E-4806-AC49-FB5FEA0B3544} => Firefox.exe http://ui.skype.com/ui/0/5.9.0.115/en/abandoninstall?page=tsProgressBar
Task: {F5138935-26C7-430D-96B0-0852B8801BFC} - System32\Tasks\DSite => C:\Users\jf\AppData\Roaming\DSite\UpdateProc\UpdateTask.exe [2013-06-20] () <==== ATTENTION
Task: {FB03D919-C09C-4915-BF74-30A399F8C342} - System32\Tasks\AdobeAAMUpdater-1.0-jf-HP-jf => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Digital Sites.job => C:\Users\jf\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\DSite.job => C:\Users\jf\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-05-12 04:49 - 2014-05-12 04:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="1"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-1818647912-2415854210-1634842132-500 - Administrator - Disabled)
Guest (S-1-5-21-1818647912-2415854210-1634842132-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-1818647912-2415854210-1634842132-1003 - Limited - Enabled)
jf (S-1-5-21-1818647912-2415854210-1634842132-1001 - Administrator - Enabled) => C:\Users\jf
UpdatusUser (S-1-5-21-1818647912-2415854210-1634842132-1000 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/03/2014 09:52:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: aswMBR.exe, version: 1.0.1.2172, time stamp: 0x5451e072
Faulting module name: ntdll.dll, version: 6.1.7601.17514, time stamp: 0x4ce7ba58
Exception code: 0xc0000005
Fault offset: 0x0002e39e
Faulting process id: 0x79c
Faulting application start time: 0xaswMBR.exe0
Faulting application path: aswMBR.exe1
Faulting module path: aswMBR.exe2
Report Id: aswMBR.exe3

Error: (11/03/2014 07:17:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/03/2014 07:08:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: aswMBR.exe, version: 1.0.1.2172, time stamp: 0x5451e072
Faulting module name: ntdll.dll, version: 6.1.7601.17514, time stamp: 0x4ce7ba58
Exception code: 0xc0000005
Fault offset: 0x0002e39e
Faulting process id: 0x2028
Faulting application start time: 0xaswMBR.exe0
Faulting application path: aswMBR.exe1
Faulting module path: aswMBR.exe2
Report Id: aswMBR.exe3

Error: (11/03/2014 01:16:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: aswMBR.exe, version: 1.0.1.2172, time stamp: 0x5451e072
Faulting module name: ntdll.dll, version: 6.1.7601.17514, time stamp: 0x4ce7ba58
Exception code: 0xc0000005
Fault offset: 0x0002e39e
Faulting process id: 0x354
Faulting application start time: 0xaswMBR.exe0
Faulting application path: aswMBR.exe1
Faulting module path: aswMBR.exe2
Report Id: aswMBR.exe3

Error: (11/03/2014 09:23:45 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/02/2014 05:15:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/02/2014 02:15:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/02/2014 01:24:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/02/2014 01:24:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/02/2014 01:23:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (11/03/2014 07:16:34 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (11/03/2014 07:16:34 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (11/03/2014 07:16:34 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (11/03/2014 07:16:34 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (11/03/2014 07:16:34 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (11/03/2014 07:16:34 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (11/03/2014 07:16:29 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (11/03/2014 07:16:29 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (11/03/2014 07:16:30 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (11/03/2014 07:16:30 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}


Microsoft Office Sessions:
=========================
Error: (11/03/2014 09:52:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: aswMBR.exe1.0.1.21725451e072ntdll.dll6.1.7601.175144ce7ba58c00000050002e39e79c01cff7c52837bc81C:\Users\jf\Desktop\aswMBR.exeC:\Windows\SysWOW64\ntdll.dll9befd4ec-63cd-11e4-bdd4-9b6504385fab

Error: (11/03/2014 07:17:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/03/2014 07:08:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: aswMBR.exe1.0.1.21725451e072ntdll.dll6.1.7601.175144ce7ba58c00000050002e39e202801cff7929d15530cC:\Users\jf\Desktop\aswMBR.exeC:\Windows\SysWOW64\ntdll.dllbb0a4140-63b6-11e4-819b-00038a000015

Error: (11/03/2014 01:16:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: aswMBR.exe1.0.1.21725451e072ntdll.dll6.1.7601.175144ce7ba58c00000050002e39e35401cff777f4968d0eC:\Users\jf\Desktop\aswMBR.exeC:\Windows\SysWOW64\ntdll.dll8fe2ee14-6385-11e4-819b-00038a000015

Error: (11/03/2014 09:23:45 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestG:\521 backup from laptop\Khan\pkzip\PKZIPW\pkmime.exe

Error: (11/02/2014 05:15:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/02/2014 02:15:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/02/2014 01:24:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/02/2014 01:24:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/02/2014 01:23:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz
Percentage of memory in use: 31%
Total physical RAM: 5941.86 MB
Available physical RAM: 4063.53 MB
Total Pagefile: 11881.91 MB
Available Pagefile: 10208.36 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:446.18 GB) (Free:80.76 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery) (Fixed) (Total:15.42 GB) (Free:1.67 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:1.08 GB) FAT32
Drive g: (FreeAgent Drive) (Fixed) (Total:931.51 GB) (Free:523.49 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 477ABF56)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=446.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15.4 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=4 GB) - (Type=0C)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 45FA7B9D)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================
 
Hi Johnwf,

As for my own attempts at a solution: before i figured out what your instructions meant, i started the pc in safe mode and was able to delete the MossNet folder and files. that didn't seem to help at all. those file are still in my trash bin.
Click to expand...
Please do not attempt any self fixes. Doing so may delay the cleaning process.

=========================

Multiple Anti-Virus Programs Installed

I notice that you have both Spybot - Search and Destroy and Norton Internet Security installed at the same time. Having more than one antivirus program running at the same time can seriously degrade the performance of your system.

Please uninstall either Spybot - Search and Destroy or Norton Internet Security (which ever you prefer) using either the provided uninstall feature that is part of the antivirus program or through Add/Remove Programs (for Vista and Win 7 users to go to Programs and Features in the Control Panel). As a rule of thumb one should run one firewall, one antivirus program in memory, and one anti-spyware utility in memory. It's fine to have other security tools available on an as-needed or on-demand basis, but when multiple tools simultaneously perform the same function, you're asking for trouble.

=========================

AdwCleaner v3: Scan & Clean
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a log file report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that log file in your next reply.
  • A copy of that log file will also be saved in the C:\AdwCleaner folder.
=========================

Junkware Removal Tool

Download Junkware Removal Tool to your desktop.
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Shut down your protection software now to avoid potential conflicts.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
=========================

Reboot

=========================

Re-run Farbar Recovery Scan Tool it should be on your desktop.
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
=========================

In your next post please provide the following:
  • AdwCleaner[S0].txt
  • JRT.txt
  • new FRST.txt
 
AdwCleaner[S0].txt

# AdwCleaner v3.311 - Report created 04/11/2014 at 23:05:55
# Updated 30/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : jf - JF-HP
# Running from : C:\Users\jf\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : CltMngSvc
[#] Service Deleted : DefaultTabSearch
Service Deleted : DefaultTabUpdate
Service Deleted : vToolbarUpdater18.1.7
Service Deleted : {f7baf0dd-2cb5-4a9a-bf04-5948fdc1b4d4}Gw64

***** [ Files / Folders ] *****

Folder Deleted : C:\SearchProtect
Folder Deleted : C:\ProgramData\AOL Toolbar
Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\AVG SafeGuard toolbar
Folder Deleted : C:\ProgramData\AVG Secure Search
[#] Folder Deleted : C:\ProgramData\Browser Manager
Folder Deleted : C:\ProgramData\speedypc software
Folder Deleted : C:\ProgramData\Viewpoint
Folder Deleted : C:\Program Files (x86)\AOL Toolbar
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\defaulttab
Folder Deleted : C:\Program Files (x86)\Viewpoint
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\Common Files\Software Update Utility
Folder Deleted : C:\Users\jf\AppData\Local\AOL Toolbar
[!] Folder Deleted : C:\Users\jf\AppData\Local\AVG SafeGuard toolbar
Folder Deleted : C:\Users\jf\AppData\Local\jZip
Folder Deleted : C:\Users\jf\AppData\Local\PackageAware
Folder Deleted : C:\Users\jf\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\jf\AppData\Local\Temp\apn
Folder Deleted : C:\Users\jf\AppData\Local\Temp\jZip
Folder Deleted : C:\Users\jf\AppData\LocalLow\AVG SafeGuard toolbar
Folder Deleted : C:\Users\jf\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\jf\AppData\LocalLow\jziptoolbargaw
Folder Deleted : C:\Users\jf\AppData\Roaming\defaulttab
Folder Deleted : C:\Users\jf\AppData\Roaming\DigitalSites
Folder Deleted : C:\Users\jf\AppData\Roaming\DSite
Folder Deleted : C:\Users\Public\Util
Folder Deleted : C:\Users\jf\AppData\Roaming\Mozilla\Firefox\Profiles\i426p9qx.default\jziptoolbargaw
Folder Deleted : C:\Users\jf\AppData\Roaming\Mozilla\Firefox\Profiles\i426p9qx.default\Extensions\{7ABE12CA-E995-4AB4-9A4E-EF8820A20182}
Folder Deleted : C:\Users\jf\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Folder Deleted : C:\Users\jf\AppData\Local\Google\Chrome\User Data\Default\Extensions\oelbclnhkbhlhikfmpmbakbgeonbjjnp
File Deleted : C:\Users\jf\AppData\Local\CRE\oelbclnhkbhlhikfmpmbakbgeonbjjnp.crx
File Deleted : C:\Users\Public\Desktop\eBay.lnk
File Deleted : C:\Windows\System32\drivers\{f7baf0dd-2cb5-4a9a-bf04-5948fdc1b4d4}Gw64.sys
File Deleted : C:\Users\jf\AppData\Roaming\Mozilla\Firefox\Profiles\i426p9qx.default\searchplugins\ask-search.xml
File Deleted : C:\Users\jf\AppData\Roaming\Mozilla\Firefox\Profiles\i426p9qx.default\searchplugins\bingp.xml
File Deleted : C:\Users\jf\AppData\Roaming\Mozilla\Firefox\Profiles\i426p9qx.default\searchplugins\safeguard-secure-search.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml
File Deleted : C:\Users\jf\AppData\Roaming\Mozilla\Firefox\Profiles\i426p9qx.default\searchplugins\Search_Results.xml
File Deleted : C:\Users\jf\AppData\Roaming\Mozilla\Firefox\Profiles\i426p9qx.default\user.js

***** [ Scheduled Tasks ] *****

Task Deleted : Digital Sites
Task Deleted : DSite
Task Deleted : DTChk
Task Deleted : DTReg

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Key Deleted : HKCU\Software\Google\Chrome\Extensions\oelbclnhkbhlhikfmpmbakbgeonbjjnp
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\oelbclnhkbhlhikfmpmbakbgeonbjjnp
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DefaultTabBHO.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\App24x7Help_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\App24x7Help_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\jZip_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\jZip_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancs
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3279141
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{38495740-0035-4471-851E-F5BBB86AB085}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FEB62B15-CC00-4736-AAEC-BA046C9DFF73}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3614D305-2DBB-4991-9297-750DD60FFC73}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7ABE12CA-E995-4AB4-9A4E-EF8820A20182}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4B5C-9287-DA72D38F4FE6}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4B5C-9287-DA72D38F4FE6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\APN DTX
Key Deleted : HKCU\Software\AVG SafeGuard toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Default Tab
Key Deleted : HKCU\Software\DefaultTab
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\jZip
Key Deleted : HKCU\Software\jziptoolbargaw
Key Deleted : HKCU\Software\SearchProtect
Key Deleted : HKCU\Software\speedypc software
Key Deleted : HKCU\Software\AppDataLow\Software\DefaultTab
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\SOFTWARE\AVG SafeGuard toolbar
Key Deleted : HKLM\SOFTWARE\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Default Tab
Key Deleted : HKLM\SOFTWARE\DefaultTab
Key Deleted : HKLM\SOFTWARE\MetaStream
Key Deleted : HKLM\SOFTWARE\SearchProtect
Key Deleted : HKLM\SOFTWARE\SearchquSRTB
Key Deleted : HKLM\SOFTWARE\speedypc software
Key Deleted : HKLM\SOFTWARE\Viewpoint
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DSite
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~3\Wincert\WIN64C~1.DLL
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SRTOOL~1\Datamngr\x64\datamngr.dll
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SRTOOL~1\Datamngr\x64\IEBHO.dll

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16421


-\\ Mozilla Firefox v33.0.2 (x86 en-US)

[ File : C:\Users\jf\AppData\Roaming\Mozilla\Firefox\Profiles\i426p9qx.default\prefs.js ]

Line Deleted : user_pref("CT3279141.FF19Solved", "true");
Line Deleted : user_pref("CT3279141.UserID", "UN20251320522072031");
Line Deleted : user_pref("CT3279141.addressUrlXPETakeover", "true");
Line Deleted : user_pref("CT3279141.autoDisableScopes", -1);
Line Deleted : user_pref("CT3279141.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3279141.defaultSearchXPETakeover", "true");
Line Deleted : user_pref("CT3279141.installDate", "1/3/2013 6:12:09");
Line Deleted : user_pref("CT3279141.keyword", "true");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://dts.search-results.com/sr?src=ffb&gct=ds&appid=110&systemid=102&apn_dtid=BND102&apn_ptnrs=AG7&apn_uid=6631612535604238&o=APN10646&q=");
Line Deleted : user_pref("avg.userPreferences.URLBarFocus.whiteList", "bing\\.com|google\\.\\w+|yahoo\\.\\w+|gmail\\.\\w+|hotmail\\.\\w+|live\\.\\w+|isearch\\.avg\\.com|mysearch\\.avg\\.com");
Line Deleted : user_pref("browser.newtabpage.pinned", "[{\"url\":\"hxxp://en.wikipedia.org/wiki/Main_Page\",\"title\":\"hxxp://en.wikipedia.org/wiki/Main_Page\"},null,{\"url\":\"hxxp://seax.essexcc.gov.uk/All_Result[...]
Line Deleted : user_pref("browser.search.defaultthis.engineName", "WhiteSmoke B Customized Web Search");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3279141&CUI=UN20251320522072031&UM=2&SearchSource=3&q={searchTerms}");
Line Deleted : user_pref("extensions.wajam.affiliate_id", "3221");
Line Deleted : user_pref("extensions.wajam.firstrun", "false");
Line Deleted : user_pref("extensions.wajam.log_send_info", "false");
Line Deleted : user_pref("extensions.wajam.mappingListJsonString", "{\"version\":\"0.21085\",\"supported_sites\":{\"google\":{\"patterns\":[\"^hxxp\\\\:\\/\\/www\\\\.google\\\\..{2,3}(|\\\\\\/ig|\\\\\\/firefox)\",\"[...]
Line Deleted : user_pref("extensions.wajam.no_trace", "false");
Line Deleted : user_pref("extensions.wajam.server_current_mapping_version", "0.21085");
Line Deleted : user_pref("extensions.wajam.supported_sites.bing.wajam_yahoo_se_js", "try {window['APP_LABEL_NAME'] = 'wajam';window['APP_LABEL_NAME_FULL_UC'] = 'WAJAM';window['WAJAM_APP_LABEL_NAME_UC'] = 'Wajam';win[...]
Line Deleted : user_pref("extensions.wajam.supported_sites.encryptedgoogle.wajam_google_js", "try {window['APP_LABEL_NAME'] = 'wajam';window['APP_LABEL_NAME_FULL_UC'] = 'WAJAM';window['WAJAM_APP_LABEL_NAME_UC'] = 'W[...]
Line Deleted : user_pref("extensions.wajam.trace_log", "1362138845521 - processInstallationUpgrade - version set to : 1.26\n1362138845521 - processBrowserLoad - Bad mappingListJsonString: null\n1362138846139 - onFla[...]
Line Deleted : user_pref("extensions.wajam.unique_id", "B9B34B96B065ACBAFCCD97A8F0B88365");
Line Deleted : user_pref("extensions.wajam.user_current_mapping_version", "0");
Line Deleted : user_pref("extensions.wajam.version", "1.26");
Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3279141&octid=CT3279141&SearchSource=61&CUI=UN20251320522072031&UM=2&UP=SPF71CA228-A643-4A80-8260-CB7350E6CDB3");
Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3279141&SearchSource=2&CUI=UN20251320522072031&UM=2&q=");
Line Deleted : user_pref("smartbar.originalHomepage", "hxxps://maps.google.com/maps?f=q&source=s_q&hl=en&geocode=&authuser=0&q=white+cross+street,+london&aq=&vps=16&sll=51.521775,-0.08965&sspn=0.023605,0.060983&vpsr[...]
Line Deleted : user_pref("smartbar.originalSearchAddressUrl", "hxxp://dts.search-results.com/sr?src=ffb&gct=ds&appid=110&systemid=102&apn_dtid=BND102&apn_ptnrs=AG7&apn_uid=6631612535604238&o=APN10646&q=");
Line Deleted : user_pref("smartbar.originalSearchEngine", "Search Results");

-\\ Google Chrome v38.0.2125.111

*************************

AdwCleaner[R0].txt - [22288 octets] - [04/11/2014 22:57:53]
AdwCleaner[S0].txt - [20882 octets] - [04/11/2014 23:05:55]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [20943 octets] ##########
 
JRT.txt

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.5 (10.31.2014:1)
OS: Windows 7 Home Premium x64
Ran by jf on Wed 11/05/2014 at 1:41:32.69
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110211621178}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211621178}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211621178}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3EF64538-8B54-4573-B48F-4D34B0238AB2}



~~~ Files

Successfully deleted: [File] "C:\Windows\wininit.ini"



~~~ Folders

Successfully deleted: [Folder] "C:\Users\jf\appdata\local\cre"
Successfully deleted: [Folder] "C:\Users\jf\appdata\local\solid savings"
Successfully deleted: [Empty Folder] C:\Users\jf\appdata\local\{05EC43D2-F1D3-4B79-B1DC-19A4DD00478A}
Successfully deleted: [Empty Folder] C:\Users\jf\appdata\local\{0F65C31E-1990-4EAD-822F-D78804A6F6ED}
Successfully deleted: [Empty Folder] C:\Users\jf\appdata\local\{12156739-6F59-4BB6-A985-123D1D156581}
Successfully deleted: [Empty Folder] C:\Users\jf\appdata\local\{14D87463-7ABB-4BDF-978A-A3BAB55257BB}
Successfully deleted: [Empty Folder] C:\Users\jf\appdata\local\{2038DE21-47FB-4FA6-A4D9-340731CFC3FD}
Successfully deleted: [Empty Folder] C:\Users\jf\appdata\local\{25A288A8-08A5-41A8-95F3-AE6604F34D33}
Successfully deleted: [Empty Folder] C:\Users\jf\appdata\local\{3A6F6544-90B2-4EB8-8FFA-FC93CFF24F8D}
Successfully deleted: [Empty Folder] C:\Users\jf\appdata\local\{49A1F2A7-4A17-4BA8-97E6-3C71806B5901}
Successfully deleted: [Empty Folder] C:\Users\jf\appdata\local\{690E395A-2841-4225-9B9B-C9CFC0F461BE}
Successfully deleted: [Empty Folder] C:\Users\jf\appdata\local\{71743508-5ADF-417D-895B-0C0012638E72}
Successfully deleted: [Empty Folder] C:\Users\jf\appdata\local\{72B20882-9064-4510-AF15-7F26CC982E88}
Successfully deleted: [Empty Folder] C:\Users\jf\appdata\local\{7C2575BF-E87C-4A61-88B3-9436D9BD7B49}
Successfully deleted: [Empty Folder] C:\Users\jf\appdata\local\{7EBE4C18-E9E6-4756-9465-EAA32BAF5C52}
Successfully deleted: [Empty Folder] C:\Users\jf\appdata\local\{82DB8099-4FC1-471C-A68B-2969E8185A9F}
Successfully deleted: [Empty Folder] C:\Users\jf\appdata\local\{8B4F4AD5-2B0F-4B3B-86B6-4670BB00916C}
Successfully deleted: [Empty Folder] C:\Users\jf\appdata\local\{8B93744D-2434-47A0-BE3D-70C20E54B501}
Successfully deleted: [Empty Folder] C:\Users\jf\appdata\local\{9E479012-4963-4446-891D-1E37FCCE7146}
Successfully deleted: [Empty Folder] C:\Users\jf\appdata\local\{A07B2AC6-F574-49A2-9494-F73EFF961352}
Successfully deleted: [Empty Folder] C:\Users\jf\appdata\local\{A09285AE-3F97-4E36-AAAE-1CA9F2C9CFE3}
Successfully deleted: [Empty Folder] C:\Users\jf\appdata\local\{A7BCDB05-53AB-4328-AD19-6B99AF190924}
Successfully deleted: [Empty Folder] C:\Users\jf\appdata\local\{C01ED8B6-D665-4F18-97EB-300ED940DA8A}
Successfully deleted: [Empty Folder] C:\Users\jf\appdata\local\{D525B3EE-2407-4C23-A9AE-FBB0FBA4859C}
Successfully deleted: [Empty Folder] C:\Users\jf\appdata\local\{E39F5A4A-D030-4641-A8D6-4D2B8C69682A}
Successfully deleted: [Empty Folder] C:\Users\jf\appdata\local\{EF2BBBBA-E05E-4B19-B3D5-131CE20CBA89}
Successfully deleted: [Empty Folder] C:\Users\jf\appdata\local\{EFA4BA84-91A7-4FE0-8A17-1B71EBABE57F}
Successfully deleted: [Empty Folder] C:\Users\jf\appdata\local\{FCC99430-5885-49B2-96D7-5E0BDD2932A2}



~~~ FireFox

Emptied folder: C:\Users\jf\AppData\Roaming\mozilla\firefox\profiles\i426p9qx.default\minidumps [85 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 11/05/2014 at 1:46:09.53
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
new FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-11-2014
Ran by jf (administrator) on JF-HP on 05-11-2014 02:51:31
Running from C:\Users\jf\Desktop
Loaded Profiles: UpdatusUser & jf (Available profiles: UpdatusUser & jf)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Safer-Networking Ltd.) G:\newSB\Spybot - Search & Destroy 2\SDFSSvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
() C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar3.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Safer-Networking Ltd.) G:\newSB\Spybot - Search & Destroy 2\SDTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Memeo) C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe
(Safer-Networking Ltd.) G:\newSB\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Memeo) C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Safer-Networking Ltd.) G:\newSB\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Axentra Corporation) C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.bin
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2799912 2011-06-09] (Synaptics Incorporated)
HKLM\...\Run: [SetDefault] => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [42808 2011-06-27] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-06-07] (IDT, Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-04-30] (Intel Corporation)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [111640 2010-07-23] ()
HKLM-x32\...\Run: [HPQuickWebProxy] => C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [168504 2011-06-28] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [586808 2011-04-08] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2013-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [318520 2011-01-27] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HostManager] => C:\Program Files (x86)\Common Files\AOL\1321982911\ee\AOLSoftware.exe [41800 2010-03-08] (AOL Inc.)
HKLM-x32\...\Run: [Seagate Dashboard] => C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe [79112 2011-06-01] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41336 2013-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2013-12-18] (Adobe Systems Inc.)
HKLM-x32\...\Run: [SDTray] => G:\newSB\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1818647912-2415854210-1634842132-1001\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-1818647912-2415854210-1634842132-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1818647912-2415854210-1634842132-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21650016 2014-07-24] (Skype Technologies S.A.)
HKU\S-1-5-21-1818647912-2415854210-1634842132-1001\...\Run: [Spybot-S&D Cleaning] => G:\newSB\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-1818647912-2415854210-1634842132-1001\...\MountPoints2: {006d27c1-e783-11e0-b7df-441ea1db795c} - H:\GSLoader.exe
HKU\S-1-5-21-1818647912-2415854210-1634842132-1001\...\MountPoints2: {006d27cf-e783-11e0-b7df-441ea1db795c} - G:\GSLoader.exe
HKU\S-1-5-21-1818647912-2415854210-1634842132-1001\...\MountPoints2: {006d27d9-e783-11e0-b7df-441ea1db795c} - G:\GSLoader.exe
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [226920 2011-05-04] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PKZIP Attachments Status.lnk
ShortcutTarget: PKZIP Attachments Status.lnk -> C:\Program Files (x86)\PKWARE\PKZIPM\14.00.0023\PKTray.exe (No File)
BootExecute: autocheck autochk * sdnclean64.exebddel.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: HKLM-x32 - AOL Toolbar Search Class - {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll No File
URLSearchHook: HKCU - AOL Toolbar Search Class - {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {B374193C-B509-427B-98F0-AA8C003D5CE8} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 - {B374193C-B509-427B-98F0-AA8C003D5CE8} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKCU - DefaultScope E2A638FFF120487AAAFFDE79401ADCA5 URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=110&systemid=102&apn_dtid=BND102&apn_ptnrs=AG7&o=APN10646&apn_uid=6631612535604238&q={searchTerms}
SearchScopes: HKCU - E2A638FFF120487AAAFFDE79401ADCA5 URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=110&systemid=102&apn_dtid=BND102&apn_ptnrs=AG7&o=APN10646&apn_uid=6631612535604238&q={searchTerms}
SearchScopes: HKCU - {B374193C-B509-427B-98F0-AA8C003D5CE8} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - AOL Toolbar - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKCU - No Name - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
DPF: HKLM-x32 {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} http://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\jf\AppData\Roaming\Mozilla\Firefox\Profiles\i426p9qx.default
FF DefaultSearchEngine: Bing
FF SearchEngineOrder.1: Ask Search
FF SearchEngineOrder.3: Bing
FF SelectedSearchEngine: Bing
FF Homepage: hxxp://www.google.com/
FF Keyword.URL: hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&dt=072713&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @caminova.com/DjVuPlugin -> C:\Program Files (x86)\Caminova\Document Express DjVu Plug-in\npdjvu.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\4\NP_wtapp.dll No File
FF Plugin-x32: @wolfram.com/Mathematica -> C:\Program Files (x86)\Common Files\Wolfram Research\Browser\9.0.1.4092550\npmathplugin.dll (Wolfram Research, Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\jf\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Adblock Plus - C:\Users\jf\AppData\Roaming\Mozilla\Firefox\Profiles\i426p9qx.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-03-02]
FF Extension: MossNet - C:\Users\jf\AppData\Roaming\Mozilla\Firefox\Profiles\i426p9qx.default\Extensions\{f7baf0dd-2cb5-4a9a-bf04-5948fdc1b4d4}.xpi [2014-11-02]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-10-30]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-10-30]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-10-30]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-02-27]

Chrome:
=======
CHR DefaultSearchKeyword: Default -> search-results.com
CHR DefaultSearchURL: Default -> http://dts.search-results.com/sr?src=crb&gct=ds&appid=110&systemid=102&apn_dtid=BND102&apn_ptnrs=AG7&o=APN10646&apn_uid=6631612535604238&q={searchTerms}
CHR DefaultSuggestURL: Default ->
CHR Profile: C:\Users\jf\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\jf\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-05]
CHR Extension: (Google Docs) - C:\Users\jf\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-05]
CHR Extension: (Google Drive) - C:\Users\jf\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-05]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\jf\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (YouTube) - C:\Users\jf\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-05]
CHR Extension: (Google Search) - C:\Users\jf\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-05]
CHR Extension: (Google Sheets) - C:\Users\jf\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-05]
CHR Extension: (Skype Click to Call) - C:\Users\jf\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-05-02]
CHR Extension: (Google Wallet) - C:\Users\jf\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-09]
CHR Extension: (Gmail) - C:\Users\jf\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-05]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2372096 2011-02-18] (Realsil Microelectronics Inc.) [File not signed]
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 SDScannerService; G:\newSB\Spybot - Search & Destroy 2\SDFSSvc.exe [1740760 2014-09-03] (Safer-Networking Ltd.)
R2 SDUpdateService; G:\newSB\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; G:\newSB\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 GamesAppService; "C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe" [X]
S2 Update MossNet; "C:\Program Files (x86)\MossNet\updateMossNet.exe" [X]
S2 Util MossNet; "C:\Program Files (x86)\MossNet\bin\utilMossNet.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50464 2014-06-24] (AVG Technologies)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-05 02:51 - 2014-11-05 02:51 - 00023307 _____ () C:\Users\jf\Desktop\FRST.txt
2014-11-05 02:49 - 2014-11-05 02:49 - 00000000 ____D () C:\Users\jf\Desktop\WINDOWSTEMPDIR_FONTCONFIG_CACHE
2014-11-05 02:48 - 2014-11-05 02:51 - 00000000 ____D () C:\Users\jf\Desktop\pcfix hold
2014-11-05 01:41 - 2014-11-05 01:41 - 00000000 ____D () C:\Windows\ERUNT
2014-11-05 01:40 - 2014-11-05 01:38 - 01706359 _____ (Thisisu) C:\Users\jf\Desktop\JRT.exe
2014-11-05 01:39 - 2014-11-05 01:40 - 00538401 _____ (Thisisu) C:\Users\jf\Downloads\JRT (1).exe
2014-11-05 01:37 - 2014-11-05 01:38 - 01706359 _____ (Thisisu) C:\Users\jf\Downloads\JRT.exe
2014-11-05 01:16 - 2014-11-05 01:16 - 00021096 _____ () C:\Users\jf\Desktop\AdwCleaner[S0].txt
2014-11-04 22:59 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-11-04 22:57 - 2014-11-04 23:06 - 00000000 ____D () C:\AdwCleaner
2014-11-04 22:50 - 2014-11-04 22:50 - 01375089 _____ () C:\Users\jf\Downloads\AdwCleaner (2).exe
2014-11-04 19:54 - 2014-11-04 19:49 - 01375089 _____ () C:\Users\jf\Desktop\AdwCleaner.exe
2014-11-04 19:52 - 2014-11-04 19:52 - 01375089 _____ () C:\Users\jf\Downloads\AdwCleaner (1).exe
2014-11-04 19:49 - 2014-11-04 19:49 - 01375089 _____ () C:\Users\jf\Downloads\AdwCleaner.exe
2014-11-04 16:54 - 2014-11-04 17:07 - 00000000 ____D () C:\Users\jf\AppData\Local\Deployment
2014-11-03 21:56 - 2014-11-05 02:51 - 00000000 ____D () C:\FRST
2014-11-03 17:58 - 2014-11-03 17:57 - 00001262 _____ () C:\Users\jf\Desktop\ocd.txt - Shortcut.lnk
2014-11-03 17:23 - 2014-11-03 20:21 - 00000512 _____ () C:\Users\jf\Desktop\MBR.dat
2014-11-03 09:38 - 2014-11-03 09:36 - 05192704 _____ (AVAST Software) C:\Users\jf\Desktop\aswMBR.exe
2014-11-03 09:38 - 2014-11-03 09:34 - 00854448 _____ () C:\Users\jf\Desktop\SecurityCheck.exe
2014-11-03 09:37 - 2014-11-03 09:37 - 02114560 _____ (Farbar) C:\Users\jf\Desktop\FRST64.exe
2014-11-02 08:00 - 2014-11-02 08:00 - 00335360 _____ () C:\Users\jf\AppData\Local\recently-used.xbel
2014-11-01 19:06 - 2014-11-03 09:28 - 00058044 _____ () C:\Windows\SysWOW64\bddel.dat
2014-11-01 16:50 - 2014-11-02 12:19 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-11-01 16:49 - 2014-11-01 16:49 - 00000000 ____D () C:\Users\jf\AppData\Roaming\PKWARE
2014-11-01 05:18 - 2014-11-02 06:12 - 00000000 ____D () C:\ProgramData\3b9e48eb-7eb0-4e64-b897-fceb9c7c0b0b
2014-11-01 04:05 - 2014-11-01 04:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PKZIP
2014-11-01 04:00 - 2014-11-01 04:00 - 00000000 ____D () C:\Users\jf\AppData\Local\Downloaded Installations
2014-11-01 03:45 - 2014-11-01 03:49 - 23718824 _____ (PKWARE, Inc) C:\Users\jf\Downloads\pkz140023en.exe
2014-11-01 03:44 - 2014-11-01 03:45 - 00911856 _____ () C:\Users\jf\Downloads\downloadmanager_e8c0286e-a4bd-4889-b52d-a71ab5ead79f.tmp
2014-10-30 14:25 - 2014-10-30 14:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-23 16:51 - 2014-10-23 16:51 - 00000000 ____D () C:\Users\jf\AppData\Roaming\JetBrains
2014-10-23 16:49 - 2014-10-23 16:49 - 00000000 ____D () C:\Users\jf\.PyCharm30
2014-10-23 16:48 - 2014-10-23 16:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JetBrains
2014-10-23 16:48 - 2014-10-23 16:48 - 00000000 ____D () C:\Program Files (x86)\JetBrains
2014-10-13 16:12 - 2014-10-14 10:13 - 00000000 ____D () C:\Users\jf\.idlerc
2014-10-13 16:11 - 2014-10-13 16:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 3.4
2014-10-13 16:10 - 2014-10-13 16:11 - 00000000 ____D () C:\Python34
2014-10-12 14:29 - 2014-10-12 14:29 - 00000616 _____ () C:\Users\jf\.xmaximarc
2014-10-12 14:27 - 2014-10-12 14:27 - 00001212 _____ () C:\Users\jf\Desktop\wxMaxima.lnk
2014-10-12 14:27 - 2014-10-12 14:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maxima-5.31.2
2014-10-12 14:26 - 2014-10-12 14:27 - 00000000 ____D () C:\Program Files (x86)\Maxima-5.31.2
2014-10-12 09:20 - 2014-10-12 09:20 - 00000000 ____D () C:\Users\jf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\D
2014-10-12 09:03 - 2014-10-12 09:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\D
2014-10-06 21:15 - 2014-10-06 21:15 - 02736640 _____ (Python Software Foundation) C:\Windows\SysWOW64\python34.dll
2014-10-06 21:13 - 2014-10-06 21:13 - 00102912 _____ (Python Software Foundation) C:\Windows\pyw.exe
2014-10-06 21:13 - 2014-10-06 21:13 - 00102400 _____ (Python Software Foundation) C:\Windows\py.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-05 02:49 - 2011-09-22 10:21 - 00000000 ____D () C:\Users\jf\.gimp-2.6
2014-11-05 02:41 - 2011-09-19 15:38 - 00003902 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{9CA117B6-5F0C-441D-824D-1F43DE34B559}
2014-11-05 02:21 - 2013-03-11 12:18 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-05 02:03 - 2009-07-13 23:45 - 00031856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-05 02:03 - 2009-07-13 23:45 - 00031856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-05 02:01 - 2011-10-26 07:15 - 00000000 ____D () C:\Users\jf\AppData\Local\Adobe
2014-11-05 02:00 - 2011-09-19 19:55 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-05 01:59 - 2012-03-30 04:03 - 01704302 _____ () C:\Windows\WindowsUpdate.log
2014-11-05 01:56 - 2011-09-19 19:53 - 00000000 ____D () C:\Users\jf\AppData\Roaming\Skype
2014-11-05 01:53 - 2011-09-19 19:55 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-05 01:53 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-05 01:52 - 2014-04-14 07:13 - 00006978 _____ () C:\Windows\setupact.log
2014-11-05 01:33 - 2009-07-14 00:13 - 00779142 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-04 23:08 - 2013-06-20 19:22 - 00000000 ____D () C:\Users\jf\AppData\Local\AVG SafeGuard toolbar
2014-11-04 23:08 - 2010-11-20 22:47 - 01002330 _____ () C:\Windows\PFRO.log
2014-11-04 21:01 - 2012-03-30 04:11 - 00000000 ____D () C:\ProgramData\Norton
2014-11-04 20:02 - 2013-01-31 14:34 - 00000000 ____D () C:\Users\jf\.gimp-2.8
2014-11-04 16:54 - 2013-02-25 15:25 - 00000000 ____D () C:\Users\jf\AppData\Local\Apps\2.0
2014-11-04 02:21 - 2013-07-26 23:20 - 00000220 _____ () C:\Users\jf\AppData\Roaming\WB.CFG
2014-11-04 01:27 - 2011-09-26 22:50 - 00000000 ____D () C:\Users\jf\AppData\Local\CrashDumps
2014-11-03 12:22 - 2011-09-19 15:34 - 00000000 ____D () C:\Users\jf
2014-11-02 11:50 - 2009-07-13 21:34 - 00000536 _____ () C:\Windows\win.ini
2014-11-02 08:00 - 2011-12-20 08:26 - 00000000 ____D () C:\Users\jf\AppData\Local\gtk-2.0
2014-11-01 22:17 - 2009-07-14 00:08 - 00032558 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-01 16:48 - 2013-03-01 23:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-01 13:37 - 2013-03-05 16:21 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-11-01 13:27 - 2014-04-16 03:13 - 00000993 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-11-01 13:27 - 2014-04-16 03:13 - 00000993 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-11-01 13:27 - 2014-04-16 03:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-11-01 13:27 - 2012-02-28 19:33 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-10-31 20:41 - 2011-09-25 09:42 - 00000166 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-10-31 08:10 - 2013-03-11 12:18 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-10-31 08:10 - 2012-06-04 11:41 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-31 08:10 - 2011-07-16 00:37 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-28 06:27 - 2011-09-19 20:01 - 00002216 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-18 15:55 - 2011-09-19 19:55 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-18 15:55 - 2011-09-19 19:55 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-17 07:43 - 2011-10-14 06:02 - 00000000 ____D () C:\Users\jf\Documents\Family Tree Maker
2014-10-11 22:41 - 2014-09-15 16:14 - 00000000 ____D () C:\Program Files (x86)\Notepad++

Files to move or delete:
====================
C:\Users\jf\jobq.dat


Some content of TEMP:
====================
C:\Users\jf\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-05 00:02

==================== End Of Log ============================
 
result

OCD,

MossNet is still messing up my firefox browser. google chrome seems to be unaffected.

I believe i caused these problems by downloading and installing pkzip a few days ago.
 
Hi Johnwf,

Disable FireFox plug-in

  • At the top of the Firefox window, click on the Firefox button (Tools menu in Windows XP), and then click Add-ons. The Add-ons Manager tab will open.
  • In the Add-ons Manager tab, select the Extensions or Appearance panel.
  • Select the add-on you wish to disable.
    • MossNet
  • Click the Disable button.
  • Click Restart now if it pops up. Your tabs will be saved and restored after the restart.
=========================

Flush the FireFox Cache
(these directions are specific to Firefox 19, if you have a different version the exact steps might be slightly different)
  • In Firefox, Options
  • Select Options
  • Select Privacy tab
  • Find the section that reads: You might want to clear your recent history or remove individual cookies
  • Select clear your recent history
  • Click the Details drop-down arrow
  • Make sure a check mark is placed in the following boxes:
    • Cookies
    • Cache
  • Next select the Time Range to Clear drop-down menu
  • Select Everything (this will only delete all the cookies and cache, and will save the other items not selected)
  • Click Clear Now
=========================

FRST Fix Script

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the desktop as fixlist.txt

Code: 
Start
EndProcesses:
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
URLSearchHook: HKLM-x32 - AOL Toolbar Search Class - {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll No File
URLSearchHook: HKCU - AOL Toolbar Search Class - {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll No File
Toolbar: HKLM-x32 - AOL Toolbar - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKCU - No Name - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
FF SearchEngineOrder.1: Ask Search
FF Extension: MossNet - C:\Users\jf\AppData\Roaming\Mozilla\Firefox\Profiles\i426p9qx.default\Extensions\{f7baf0dd-2cb5-4a9a-bf04-5948fdc1b4d4}.xpi [2014-11-02]
S3 GamesAppService; "C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe" [X]
S2 Update MossNet; "C:\Program Files (x86)\MossNet\updateMossNet.exe" [X]
S2 Util MossNet; "C:\Program Files (x86)\MossNet\bin\utilMossNet.exe" [X]
2014-11-04 23:08 - 2013-06-20 19:22 - 00000000 ____D () C:\Users\jf\AppData\Local\AVG SafeGuard toolbar
EmptyTemp:
End

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST and press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.

=========================

Reboot

=========================

Re-run Farbar Recovery Scan Tool it should of been saved to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click and select "Run as Administrator" to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please include it in your reply

In your next post please provide the following:

  • Fixlog.txt
  • new FRST.txt
  • Additions.txt
  • How is the computer running, is the MossNet issue still present?
 
fixlog.txt

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-11-2014
Ran by jf at 2014-11-05 11:02:09 Run:1
Running from C:\Users\jf\Desktop
Loaded Profiles: UpdatusUser & jf (Available profiles: UpdatusUser & jf)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
EndProcesses:
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
URLSearchHook: HKLM-x32 - AOL Toolbar Search Class - {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll No File
URLSearchHook: HKCU - AOL Toolbar Search Class - {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll No File
Toolbar: HKLM-x32 - AOL Toolbar - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKCU - No Name - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
FF SearchEngineOrder.1: Ask Search
FF Extension: MossNet - C:\Users\jf\AppData\Roaming\Mozilla\Firefox\Profiles\i426p9qx.default\Extensions\{f7baf0dd-2cb5-4a9a-bf04-5948fdc1b4d4}.xpi [2014-11-02]
S3 GamesAppService; "C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe" [X]
S2 Update MossNet; "C:\Program Files (x86)\MossNet\updateMossNet.exe" [X]
S2 Util MossNet; "C:\Program Files (x86)\MossNet\bin\utilMossNet.exe" [X]
2014-11-04 23:08 - 2013-06-20 19:22 - 00000000 ____D () C:\Users\jf\AppData\Local\AVG SafeGuard toolbar
EmptyTemp:
End
*****************

EndProcesses: => Error: No automatic fix found for this entry.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\{f0e98552-8e47-4c6c-9b3a-11ab0549f94d} => value deleted successfully.
"HKCR\Wow6432Node\CLSID\{f0e98552-8e47-4c6c-9b3a-11ab0549f94d}" => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{f0e98552-8e47-4c6c-9b3a-11ab0549f94d} => value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{ba00b7b1-0351-477a-b948-23e3ee5a73d4} => value deleted successfully.
"HKCR\Wow6432Node\CLSID\{ba00b7b1-0351-477a-b948-23e3ee5a73d4}" => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
"HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BA00B7B1-0351-477A-B948-23E3EE5A73D4} => value deleted successfully.
"HKCR\CLSID\{BA00B7B1-0351-477A-B948-23E3EE5A73D4}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value deleted successfully.
"HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}" => Key not found.
Firefox SearchEngineOrder.1 deleted successfully.
C:\Users\jf\AppData\Roaming\Mozilla\Firefox\Profiles\i426p9qx.default\Extensions\{f7baf0dd-2cb5-4a9a-bf04-5948fdc1b4d4}.xpi => Moved successfully.
GamesAppService => Service deleted successfully.
Update MossNet => Service deleted successfully.
Util MossNet => Service deleted successfully.
C:\Users\jf\AppData\Local\AVG SafeGuard toolbar => Moved successfully.
EmptyTemp: => Removed 3.7 GB temporary data.


The system needed a reboot.

==== End of Fixlog ====
 
fixlog.txt - second attempt

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-11-2014
Ran by jf at 2014-11-05 11:02:09 Run:1
Running from C:\Users\jf\Desktop
Loaded Profiles: UpdatusUser & jf (Available profiles: UpdatusUser & jf)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
EndProcesses:
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
URLSearchHook: HKLM-x32 - AOL Toolbar Search Class - {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll No File
URLSearchHook: HKCU - AOL Toolbar Search Class - {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll No File
Toolbar: HKLM-x32 - AOL Toolbar - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKCU - No Name - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
FF SearchEngineOrder.1: Ask Search
FF Extension: MossNet - C:\Users\jf\AppData\Roaming\Mozilla\Firefox\Profiles\i426p9qx.default\Extensions\{f7baf0dd-2cb5-4a9a-bf04-5948fdc1b4d4}.xpi [2014-11-02]
S3 GamesAppService; "C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe" [X]
S2 Update MossNet; "C:\Program Files (x86)\MossNet\updateMossNet.exe" [X]
S2 Util MossNet; "C:\Program Files (x86)\MossNet\bin\utilMossNet.exe" [X]
2014-11-04 23:08 - 2013-06-20 19:22 - 00000000 ____D () C:\Users\jf\AppData\Local\AVG SafeGuard toolbar
EmptyTemp:
End
*****************

EndProcesses: => Error: No automatic fix found for this entry.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\{f0e98552-8e47-4c6c-9b3a-11ab0549f94d} => value deleted successfully.
"HKCR\Wow6432Node\CLSID\{f0e98552-8e47-4c6c-9b3a-11ab0549f94d}" => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{f0e98552-8e47-4c6c-9b3a-11ab0549f94d} => value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{ba00b7b1-0351-477a-b948-23e3ee5a73d4} => value deleted successfully.
"HKCR\Wow6432Node\CLSID\{ba00b7b1-0351-477a-b948-23e3ee5a73d4}" => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
"HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BA00B7B1-0351-477A-B948-23E3EE5A73D4} => value deleted successfully.
"HKCR\CLSID\{BA00B7B1-0351-477A-B948-23E3EE5A73D4}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value deleted successfully.
"HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}" => Key not found.
Firefox SearchEngineOrder.1 deleted successfully.
C:\Users\jf\AppData\Roaming\Mozilla\Firefox\Profiles\i426p9qx.default\Extensions\{f7baf0dd-2cb5-4a9a-bf04-5948fdc1b4d4}.xpi => Moved successfully.
GamesAppService => Service deleted successfully.
Update MossNet => Service deleted successfully.
Util MossNet => Service deleted successfully.
C:\Users\jf\AppData\Local\AVG SafeGuard toolbar => Moved successfully.
EmptyTemp: => Removed 3.7 GB temporary data.


The system needed a reboot.

==== End of Fixlog ====
 
frst.txt

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-11-2014
Ran by jf (administrator) on JF-HP on 05-11-2014 02:17:00
Running from C:\Users\jf\Desktop
Loaded Profiles: UpdatusUser & jf (Available profiles: UpdatusUser & jf)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Safer-Networking Ltd.) G:\newSB\Spybot - Search & Destroy 2\SDFSSvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
() C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar3.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Safer-Networking Ltd.) G:\newSB\Spybot - Search & Destroy 2\SDTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Memeo) C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe
(Safer-Networking Ltd.) G:\newSB\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Memeo) C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Safer-Networking Ltd.) G:\newSB\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Axentra Corporation) C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.bin


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2799912 2011-06-09] (Synaptics Incorporated)
HKLM\...\Run: [SetDefault] => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [42808 2011-06-27] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-06-07] (IDT, Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-04-30] (Intel Corporation)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [111640 2010-07-23] ()
HKLM-x32\...\Run: [HPQuickWebProxy] => C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [168504 2011-06-28] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [586808 2011-04-08] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2013-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [318520 2011-01-27] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HostManager] => C:\Program Files (x86)\Common Files\AOL\1321982911\ee\AOLSoftware.exe [41800 2010-03-08] (AOL Inc.)
HKLM-x32\...\Run: [Seagate Dashboard] => C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe [79112 2011-06-01] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41336 2013-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2013-12-18] (Adobe Systems Inc.)
HKLM-x32\...\Run: [SDTray] => G:\newSB\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1818647912-2415854210-1634842132-1001\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-1818647912-2415854210-1634842132-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1818647912-2415854210-1634842132-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21650016 2014-07-24] (Skype Technologies S.A.)
HKU\S-1-5-21-1818647912-2415854210-1634842132-1001\...\Run: [Spybot-S&D Cleaning] => G:\newSB\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-1818647912-2415854210-1634842132-1001\...\MountPoints2: {006d27c1-e783-11e0-b7df-441ea1db795c} - H:\GSLoader.exe
HKU\S-1-5-21-1818647912-2415854210-1634842132-1001\...\MountPoints2: {006d27cf-e783-11e0-b7df-441ea1db795c} - G:\GSLoader.exe
HKU\S-1-5-21-1818647912-2415854210-1634842132-1001\...\MountPoints2: {006d27d9-e783-11e0-b7df-441ea1db795c} - G:\GSLoader.exe
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [226920 2011-05-04] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PKZIP Attachments Status.lnk
ShortcutTarget: PKZIP Attachments Status.lnk -> C:\Program Files (x86)\PKWARE\PKZIPM\14.00.0023\PKTray.exe (No File)
BootExecute: autocheck autochk * sdnclean64.exebddel.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: HKLM-x32 - AOL Toolbar Search Class - {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll No File
URLSearchHook: HKCU - AOL Toolbar Search Class - {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {B374193C-B509-427B-98F0-AA8C003D5CE8} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 - {B374193C-B509-427B-98F0-AA8C003D5CE8} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKCU - E2A638FFF120487AAAFFDE79401ADCA5 URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=110&systemid=102&apn_dtid=BND102&apn_ptnrs=AG7&o=APN10646&apn_uid=6631612535604238&q={searchTerms}
SearchScopes: HKCU - {B374193C-B509-427B-98F0-AA8C003D5CE8} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - AOL Toolbar - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKCU - No Name - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
DPF: HKLM-x32 {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} http://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\jf\AppData\Roaming\Mozilla\Firefox\Profiles\i426p9qx.default
FF DefaultSearchEngine: Bing
FF SearchEngineOrder.1: Ask Search
FF SearchEngineOrder.3: Bing
FF SelectedSearchEngine: Bing
FF Homepage: hxxp://www.google.com/
FF Keyword.URL: hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&dt=072713&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @caminova.com/DjVuPlugin -> C:\Program Files (x86)\Caminova\Document Express DjVu Plug-in\npdjvu.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\4\NP_wtapp.dll No File
FF Plugin-x32: @wolfram.com/Mathematica -> C:\Program Files (x86)\Common Files\Wolfram Research\Browser\9.0.1.4092550\npmathplugin.dll (Wolfram Research, Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\jf\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Adblock Plus - C:\Users\jf\AppData\Roaming\Mozilla\Firefox\Profiles\i426p9qx.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-03-02]
FF Extension: MossNet - C:\Users\jf\AppData\Roaming\Mozilla\Firefox\Profiles\i426p9qx.default\Extensions\{f7baf0dd-2cb5-4a9a-bf04-5948fdc1b4d4}.xpi [2014-11-02]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-10-30]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-10-30]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-10-30]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-02-27]

Chrome:
=======
CHR DefaultSearchKeyword: Default -> search-results.com
CHR DefaultSearchURL: Default -> http://dts.search-results.com/sr?src=crb&gct=ds&appid=110&systemid=102&apn_dtid=BND102&apn_ptnrs=AG7&o=APN10646&apn_uid=6631612535604238&q={searchTerms}
CHR DefaultSuggestURL: Default ->
CHR Profile: C:\Users\jf\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\jf\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-05]
CHR Extension: (Google Docs) - C:\Users\jf\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-05]
CHR Extension: (Google Drive) - C:\Users\jf\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-05]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\jf\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (YouTube) - C:\Users\jf\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-05]
CHR Extension: (Google Search) - C:\Users\jf\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-05]
CHR Extension: (Google Sheets) - C:\Users\jf\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-05]
CHR Extension: (Skype Click to Call) - C:\Users\jf\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-05-02]
CHR Extension: (Google Wallet) - C:\Users\jf\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-09]
CHR Extension: (Gmail) - C:\Users\jf\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-05]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2372096 2011-02-18] (Realsil Microelectronics Inc.) [File not signed]
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 SDScannerService; G:\newSB\Spybot - Search & Destroy 2\SDFSSvc.exe [1740760 2014-09-03] (Safer-Networking Ltd.)
R2 SDUpdateService; G:\newSB\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; G:\newSB\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 GamesAppService; "C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe" [X]
S2 Update MossNet; "C:\Program Files (x86)\MossNet\updateMossNet.exe" [X]
S2 Util MossNet; "C:\Program Files (x86)\MossNet\bin\utilMossNet.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50464 2014-06-24] (AVG Technologies)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-05 01:46 - 2014-11-05 01:46 - 00004404 _____ () C:\Users\jf\Desktop\JRT.txt
2014-11-05 01:41 - 2014-11-05 01:41 - 00000000 ____D () C:\Windows\ERUNT
2014-11-05 01:40 - 2014-11-05 01:38 - 01706359 _____ (Thisisu) C:\Users\jf\Desktop\JRT.exe
2014-11-05 01:39 - 2014-11-05 01:40 - 00538401 _____ (Thisisu) C:\Users\jf\Downloads\JRT (1).exe
2014-11-05 01:37 - 2014-11-05 01:38 - 01706359 _____ (Thisisu) C:\Users\jf\Downloads\JRT.exe
2014-11-05 01:16 - 2014-11-05 01:16 - 00021096 _____ () C:\Users\jf\Desktop\AdwCleaner[S0].txt
2014-11-04 22:59 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-11-04 22:57 - 2014-11-04 23:06 - 00000000 ____D () C:\AdwCleaner
2014-11-04 22:50 - 2014-11-04 22:50 - 01375089 _____ () C:\Users\jf\Downloads\AdwCleaner (2).exe
2014-11-04 19:54 - 2014-11-04 19:49 - 01375089 _____ () C:\Users\jf\Desktop\AdwCleaner.exe
2014-11-04 19:52 - 2014-11-04 19:52 - 01375089 _____ () C:\Users\jf\Downloads\AdwCleaner (1).exe
2014-11-04 19:49 - 2014-11-04 19:49 - 01375089 _____ () C:\Users\jf\Downloads\AdwCleaner.exe
2014-11-04 16:54 - 2014-11-04 17:07 - 00000000 ____D () C:\Users\jf\AppData\Local\Deployment
2014-11-03 21:56 - 2014-11-05 02:17 - 00022829 _____ () C:\Users\jf\Desktop\FRST.txt
2014-11-03 21:56 - 2014-11-05 02:17 - 00000000 ____D () C:\FRST
2014-11-03 21:56 - 2014-11-05 02:15 - 00032880 _____ () C:\Users\jf\Desktop\FRST5.txt
2014-11-03 17:58 - 2014-11-03 17:57 - 00001262 _____ () C:\Users\jf\Desktop\ocd.txt - Shortcut.lnk
2014-11-03 17:23 - 2014-11-04 20:01 - 00005654 _____ () C:\Users\jf\Desktop\aswMBR.txt
2014-11-03 17:23 - 2014-11-03 20:21 - 00000512 _____ () C:\Users\jf\Desktop\MBR.dat
2014-11-03 09:38 - 2014-11-03 09:36 - 05192704 _____ (AVAST Software) C:\Users\jf\Desktop\aswMBR.exe
2014-11-03 09:38 - 2014-11-03 09:34 - 00854448 _____ () C:\Users\jf\Desktop\SecurityCheck.exe
2014-11-03 09:37 - 2014-11-03 09:37 - 02114560 _____ (Farbar) C:\Users\jf\Desktop\FRST64.exe
2014-11-02 08:00 - 2014-11-02 08:00 - 00335360 _____ () C:\Users\jf\AppData\Local\recently-used.xbel
2014-11-01 19:06 - 2014-11-03 09:28 - 00058044 _____ () C:\Windows\SysWOW64\bddel.dat
2014-11-01 16:50 - 2014-11-02 12:19 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-11-01 16:49 - 2014-11-01 16:49 - 00000000 ____D () C:\Users\jf\AppData\Roaming\PKWARE
2014-11-01 05:18 - 2014-11-02 06:12 - 00000000 ____D () C:\ProgramData\3b9e48eb-7eb0-4e64-b897-fceb9c7c0b0b
2014-11-01 04:05 - 2014-11-01 04:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PKZIP
2014-11-01 04:00 - 2014-11-01 04:00 - 00000000 ____D () C:\Users\jf\AppData\Local\Downloaded Installations
2014-11-01 03:45 - 2014-11-01 03:49 - 23718824 _____ (PKWARE, Inc) C:\Users\jf\Downloads\pkz140023en.exe
2014-11-01 03:44 - 2014-11-01 03:45 - 00911856 _____ () C:\Users\jf\Downloads\downloadmanager_e8c0286e-a4bd-4889-b52d-a71ab5ead79f.tmp
2014-10-30 14:25 - 2014-10-30 14:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-23 16:51 - 2014-10-23 16:51 - 00000000 ____D () C:\Users\jf\AppData\Roaming\JetBrains
2014-10-23 16:49 - 2014-10-23 16:49 - 00000000 ____D () C:\Users\jf\.PyCharm30
2014-10-23 16:48 - 2014-10-23 16:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JetBrains
2014-10-23 16:48 - 2014-10-23 16:48 - 00000000 ____D () C:\Program Files (x86)\JetBrains
2014-10-13 16:12 - 2014-10-14 10:13 - 00000000 ____D () C:\Users\jf\.idlerc
2014-10-13 16:11 - 2014-10-13 16:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 3.4
2014-10-13 16:10 - 2014-10-13 16:11 - 00000000 ____D () C:\Python34
2014-10-12 14:29 - 2014-10-12 14:29 - 00000616 _____ () C:\Users\jf\.xmaximarc
2014-10-12 14:27 - 2014-10-12 14:27 - 00001212 _____ () C:\Users\jf\Desktop\wxMaxima.lnk
2014-10-12 14:27 - 2014-10-12 14:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maxima-5.31.2
2014-10-12 14:26 - 2014-10-12 14:27 - 00000000 ____D () C:\Program Files (x86)\Maxima-5.31.2
2014-10-12 09:20 - 2014-10-12 09:20 - 00000000 ____D () C:\Users\jf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\D
2014-10-12 09:03 - 2014-10-12 09:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\D
2014-10-06 21:15 - 2014-10-06 21:15 - 02736640 _____ (Python Software Foundation) C:\Windows\SysWOW64\python34.dll
2014-10-06 21:13 - 2014-10-06 21:13 - 00102912 _____ (Python Software Foundation) C:\Windows\pyw.exe
2014-10-06 21:13 - 2014-10-06 21:13 - 00102400 _____ (Python Software Foundation) C:\Windows\py.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-05 02:03 - 2009-07-13 23:45 - 00031856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-05 02:03 - 2009-07-13 23:45 - 00031856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-05 02:01 - 2011-10-26 07:15 - 00000000 ____D () C:\Users\jf\AppData\Local\Adobe
2014-11-05 02:00 - 2011-09-19 19:55 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-05 01:59 - 2012-03-30 04:03 - 01704302 _____ () C:\Windows\WindowsUpdate.log
2014-11-05 01:56 - 2011-09-19 19:53 - 00000000 ____D () C:\Users\jf\AppData\Roaming\Skype
2014-11-05 01:53 - 2011-09-19 19:55 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-05 01:53 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-05 01:52 - 2014-04-14 07:13 - 00006978 _____ () C:\Windows\setupact.log
2014-11-05 01:33 - 2009-07-14 00:13 - 00779142 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-05 01:21 - 2013-03-11 12:18 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-04 23:08 - 2013-06-20 19:22 - 00000000 ____D () C:\Users\jf\AppData\Local\AVG SafeGuard toolbar
2014-11-04 23:08 - 2010-11-20 22:47 - 01002330 _____ () C:\Windows\PFRO.log
2014-11-04 21:01 - 2012-03-30 04:11 - 00000000 ____D () C:\ProgramData\Norton
2014-11-04 20:02 - 2013-01-31 14:34 - 00000000 ____D () C:\Users\jf\.gimp-2.8
2014-11-04 16:54 - 2013-02-25 15:25 - 00000000 ____D () C:\Users\jf\AppData\Local\Apps\2.0
2014-11-04 09:59 - 2011-09-19 15:38 - 00003902 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{9CA117B6-5F0C-441D-824D-1F43DE34B559}
2014-11-04 02:21 - 2013-07-26 23:20 - 00000220 _____ () C:\Users\jf\AppData\Roaming\WB.CFG
2014-11-04 01:27 - 2011-09-26 22:50 - 00000000 ____D () C:\Users\jf\AppData\Local\CrashDumps
2014-11-03 12:22 - 2011-09-19 15:34 - 00000000 ____D () C:\Users\jf
2014-11-02 11:50 - 2009-07-13 21:34 - 00000536 _____ () C:\Windows\win.ini
2014-11-02 08:00 - 2011-12-20 08:26 - 00000000 ____D () C:\Users\jf\AppData\Local\gtk-2.0
2014-11-01 22:17 - 2009-07-14 00:08 - 00032558 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-01 16:48 - 2013-03-01 23:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-01 13:37 - 2013-03-05 16:21 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-11-01 13:27 - 2014-04-16 03:13 - 00000993 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-11-01 13:27 - 2014-04-16 03:13 - 00000993 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-11-01 13:27 - 2014-04-16 03:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-11-01 13:27 - 2012-02-28 19:33 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-10-31 20:41 - 2011-09-25 09:42 - 00000166 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-10-31 08:10 - 2013-03-11 12:18 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-10-31 08:10 - 2012-06-04 11:41 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-31 08:10 - 2011-07-16 00:37 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-28 06:27 - 2011-09-19 20:01 - 00002216 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-18 15:55 - 2011-09-19 19:55 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-18 15:55 - 2011-09-19 19:55 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-17 07:43 - 2011-10-14 06:02 - 00000000 ____D () C:\Users\jf\Documents\Family Tree Maker
2014-10-11 22:41 - 2014-09-15 16:14 - 00000000 ____D () C:\Program Files (x86)\Notepad++

Files to move or delete:
====================
C:\Users\jf\jobq.dat


Some content of TEMP:
====================
C:\Users\jf\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-05 00:02

==================== End Of Log ============================
 
addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-11-2014
Ran by jf at 2014-11-05 02:51:58
Running from C:\Users\jf\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Spybot - Search and Destroy (Enabled - Up to date) {20A26C15-1AF0-7CA3-9380-FAB824A7EE0D}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.9 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.6.0.5970 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
Amazon Kindle (HKCU\...\Amazon Kindle) (Version: - Amazon)
AOL Toolbar (HKCU\...\AOL Toolbar) (Version: - )
AOL Toolbar (HKLM-x32\...\AOL Toolbar) (Version: - )
AOL Uninstaller (Choose which Products to Remove) (HKLM-x32\...\AOL Uninstaller) (Version: - AOL Inc.)
Apple Application Support (HKLM-x32\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Blender (HKLM\...\Blender) (Version: 2.66a - Blender Foundation)
Blio (HKLM-x32\...\{9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}) (Version: 2.2.6699 - K-NFB Reading Technology, Inc.)
Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chronicles of Albian (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.1.4119 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DMC (HKLM-x32\...\DMC) (Version: 857 - Digital Mars)
DMD (HKLM-x32\...\DMD) (Version: 2.066.0 - Digital Mars)
DMD 1 (HKLM-x32\...\DMD 1) (Version: 1.076 - Digital Mars)
Document Express DjVu Plug-in (HKLM-x32\...\{2E8C03EC-E09F-4868-A4AC-02B9285D3E09}) (Version: 6.1.31831 - Caminova, Inc.)
ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{E96CAA2A-0244-4A2A-8403-0C3C9534778B}) (Version: 2.1.1 - Hewlett-Packard)
Family Tree Maker 2006 (HKLM-x32\...\{F2F4C144-7D1A-47C4-9D53-395A57B0CD64}) (Version: - )
Family Tree Maker 2012 (HKLM-x32\...\Family Tree Maker 2012) (Version: 21.0.388 - Ancestry.com, Inc.)
Family Tree Maker 2012 (x32 Version: 21.0.388 - Ancestry.com, Inc.) Hidden
FamilySearch Indexing 3.10.5 (HKLM-x32\...\0591-8077-9297-0833) (Version: 3.10.5 - FamilySearch)
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Firestorm-Beta-Mesh (remove only) (HKLM-x32\...\Firestorm-Beta-Mesh) (Version: - )
Firestorm-Release (remove only) (HKLM-x32\...\Firestorm-Release) (Version: - )
Game of Life (HKLM-x32\...\GameOfLife) (Version: 1.5 - Edwin Martin)
GEDmill 1.11.0 (HKLM-x32\...\GEDmill_is1) (Version: - The Logic Mill)
GenealogyJ 6755 (HKLM-x32\...\GenealogyJ 6755) (Version: 6755 - )
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
GIMP Extensions 2.8.20130115 (HKLM\...\GIMP Extensions) (Version: 2.8.20130115 - Pedro Cunha)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
GrampsAIO (HKLM-x32\...\GrampsAIO 4.0.3) (Version: 4.0.3 - The GRAMPS project)
GrampsAIO (HKLM-x32\...\GrampsAIO) (Version: 3.3.1-2 - The GRAMPS project)
GrampsAIO64 (HKLM-x32\...\GrampsAIO64) (Version: 4.0.2 - The GRAMPS project)
Haskell Platform 2014.2.0.0 (HKLM\...\HaskellPlatform-2014.2.0.0) (Version: - Haskell.org)
Hewlett-Packard ACLM.NET v1.1.1.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HP Documentation (HKLM-x32\...\{25F3EC6C-BB03-4CEB-B36C-E656A9DD149E}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP Launch Box (HKLM\...\{9CAB2212-0732-4827-8EC4-61D8EF0AA65B}) (Version: 1.0.11 - Hewlett-Packard Company)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard Company)
HP On Screen Display (HKLM-x32\...\{9B9B8EE4-2EDB-41C2-AF2E-63E75D37CDDF}) (Version: 1.1.2 - Hewlett-Packard Company)
HP Power Manager (HKLM-x32\...\{872B1C80-38EC-4A31-A25C-980820593900}) (Version: 1.2.3 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{ABEF00D0-FCAE-4E47-8D4E-D4AE5FD72B15}) (Version: 2.4.3 - Hewlett-Packard Company)
HP QuickWeb (HKLM-x32\...\{8B52057C-15DB-433E-957C-E279BC7D07E3}) (Version: 3.1.0.9742 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{5036764A-435D-40C9-869C-31085A3D741D}) (Version: 8.7.4751.3798 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13476.3753 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{6C302296-6129-4125-9FD6-2188ECD8814E}) (Version: 4.1.6.1 - Hewlett-Packard Company)
Image Converter (HKLM-x32\...\Image Converter Image Converter) (Version: 1.0.0 - Image Converter)
Image Editor Packages (HKCU\...\Image Editor Packages) (Version: - ) <==== ATTENTION
Imprudence Viewer 1.3.2 (HKLM-x32\...\{D7736EE8-AFCE-4735-BBE3-652CDFBBFCA8}_is1) (Version: - The Imprudence And Kokua Projects)
Inkscape 0.48.4 (HKLM-x32\...\Inkscape) (Version: 0.48.4 - )
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2372 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.5.0.1026 - Intel Corporation)
InWorldz Viewer 1.4.4.2 (HKLM-x32\...\{DC6CCE02-BC61-43B1-B4CA-292C6BCCCB34}_is1) (Version: 1.4.4.2 - InWorldz, LLC)
jass-magic-1.1.4 (remove only) (HKLM-x32\...\jass-magic-1.1) (Version: - )
jass-pro-2.3.11 (remove only) (HKLM-x32\...\jass-pro-2.3) (Version: - )
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.670 - Oracle)
Java(TM) 6 Update 35 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216035FF}) (Version: 6.0.350 - Oracle)
JetBrains PyCharm 3.4.1 (HKLM-x32\...\PyCharm 3.4.1) (Version: 135.1057 - JetBrains s.r.o.)
Jewel Quest: The Sleepless Star - Collector's Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
JWFG troom shiny floor demo game (HKLM-x32\...\JWFG troom shiny floor demo game) (Version: - )
Legacy 7.5 (HKLM-x32\...\Legacy 7.5) (Version: 7.5 - Millennia Corporation)
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Mathematica Extras 9.0 (4092550) (HKLM\...\A-WIN-Extras 9.0.1 4092550_is1) (Version: 9.0.1 - Wolfram Research, Inc.)
Maxima 5.31.2 (HKLM-x32\...\Maxima-5.31.2_is1) (Version: 5.31.2 - The Maxima Development Team)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
METAbolt (HKCU\...\METAbolt 0.9.68.0) (Version: 0.9.53.0 - www.metabolt.net)
METAbolt (x32 Version: 0.9.68.0 - www.metabolt.net) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20125.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MossNet (HKLM\...\MossNet) (Version: 2014.11.01.073025 - MossNet)
Mozilla Firefox 33.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.0.2 (x86 en-US)) (Version: 33.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Mystery of Mortlake Mansion (x32 Version: 2.2.0.97 - WildTangent) Hidden
Namco All-Stars: PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.9 - Notepad++ Team)
NVIDIA Graphics Driver 268.47 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 268.47 - NVIDIA Corporation)
OpenOffice 4.1.0 (HKLM-x32\...\{C87EF11D-36E9-479D-9898-7541EA1E8A6A}) (Version: 4.10.9764 - Apache Software Foundation)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Personal Ancestral File 5 (HKLM-x32\...\{D94A8E22-DF2B-4107-9E51-608A60A7671D}) (Version: - )
Phoenix Viewer 1.6.0.1691 (HKLM-x32\...\{26DB09BC-6EB5-4CE0-A05D-D4DECE60E189}_is1) (Version: - PhoenixViewer.com)
PKZIP for Windows 14.00.0023 (HKLM-x32\...\{FEC9C644-1F7F-4733-AB26-C299F23019CA}) (Version: 14.00.0023 - PKWARE, Inc)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Python 3.4.2 (HKLM-x32\...\{2583CDBA-8A53-4622-BB67-1D163714C1B4}) (Version: 3.4.16349 - Python Software Foundation)
QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
Ralink RT5390 802.11b/g/n WiFi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: 3.02.01.0 - Ralink)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.40.126.2011 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.77 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) Hidden
RootsMagic 5.0.3.1 (HKLM-x32\...\{C1689DDD-6378-4966-8865-6292D7141A6A}_is1) (Version: - RootsMagic, Inc.)
Seagate Dashboard (HKLM-x32\...\{C3A11907-930D-41AC-A135-CC3B12F92011}) (Version: 1.1.0.1421 - Memeo Inc.)
SecondLifeViewer2 (remove only) (HKLM-x32\...\SecondLifeViewer2) (Version: - )
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Slingo Supreme (x32 Version: 2.2.0.97 - WildTangent) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.11.0 - Synaptics Incorporated)
Unity (HKLM-x32\...\Unity) (Version: - Unity Technologies ApS)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Vacation Quest - The Hawaiian Islands (x32 Version: 2.2.0.97 - WildTangent) Hidden
Virtual Villagers 5 - New Believers (x32 Version: 2.2.0.97 - WildTangent) Hidden
Visual D - Visual Studio Integration of the D Programming Language (HKLM-x32\...\VisualD) (Version: 0.3.38-1 - Rainer Schuetze)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version: - )
WinZip 16.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240CD}) (Version: 16.0.9715 - WinZip Computing, S.L. )
Wolfram CDF Player (M-WIN-D 9.0.1 4092685) (HKLM-x32\...\M-WIN-D 9.0.1 4092685_is1) (Version: 9.0.1 - Wolfram Research, Inc.)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1818647912-2415854210-1634842132-1001_Classes\CLSID\{D45F043D-F17F-4e8a-8435-70971D9FA46D}\InprocServer32 -> C:\Program Files (x86)\Blender Foundation\Blender\BlendThumb64.dll ()

==================== Restore Points =========================

13-10-2014 21:08:55 Installed Python 3.4.2
21-10-2014 04:00:10 Scheduled Checkpoint
28-10-2014 20:17:44 Scheduled Checkpoint
01-11-2014 09:04:38 Installed PKZIP for Windows 14.00.0023.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2013-03-06 13:24 - 00444830 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 www.123fporn.info
127.0.0.1 123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {047D4316-6561-4465-A7E7-5CC38C0C04E5} - System32\Tasks\{0CD4B1BF-B23C-4F11-A079-DB72E531FBE7} => Firefox.exe http://ui.skype.com/ui/0/5.9.0.115/en/abandoninstall?page=tsProgressBar
Task: {0DC85D05-7347-4B5B-A165-B70943471E00} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-06-21] (Hewlett-Packard Company)
Task: {19C5373D-AD5D-48C4-9B52-D371B14F8F3F} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2011-06-27] ()
Task: {1C313607-E4FA-4631-BEDA-DF4B0B732D41} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {1E86F58F-3538-4CED-92E7-7BFE481B4CFA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-25] (Google Inc.)
Task: {26DA5606-DFDE-457B-9AFD-A2DE464A970A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-06-21] (Hewlett-Packard Company)
Task: {3032B35E-160E-459E-B4D2-58F9075D878E} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => G:\newSB\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {47E43221-5051-4725-8130-780658D4931D} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => G:\newSB\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {51A25C15-1439-450E-A5CE-FABFBB4745BE} - System32\Tasks\{E62F93C4-A1D5-42BC-9E98-48A162507941} => Firefox.exe http://ui.skype.com/ui/0/6.1.0.129.272/en/go/help.faq.installer?LastError=1618
Task: {68438351-3917-46A8-A428-78DCEFA37992} - System32\Tasks\{9F35E84A-9E46-4208-B9CC-EF856FE4F341} => Firefox.exe http://ui.skype.com/ui/0/6.18.0.106/en/abandoninstall?page=tsProgressBar
Task: {82C248A5-5754-4E83-BE17-12AF330E4911} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-31] (Adobe Systems Incorporated)
Task: {87E60597-366A-44A9-915C-A8EA84F42C0E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe [2011-06-14] (Hewlett-Packard)
Task: {8A377796-69A0-44AF-AB51-5F23367ECD36} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-06-15] (CyberLink)
Task: {8BB4C6A8-6342-4756-BA45-75AC378FE6C1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe [2011-06-21] (Hewlett-Packard Company)
Task: {B9187967-31AE-46D7-945B-982D9E80C4FE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-25] (Google Inc.)
Task: {E689EB74-1687-4950-80C4-874CE8635D9A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [2011-03-22] (Hewlett-Packard Company)
Task: {E7A9CCA4-8128-4F4D-9EF8-0268546719B3} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => G:\newSB\Spybot - Search & Destroy 2\SDScan.exe
Task: {E7C455F5-4E37-4557-9CFA-79DE234F9967} - System32\Tasks\{FA80F54E-1D6E-4806-AC49-FB5FEA0B3544} => Firefox.exe http://ui.skype.com/ui/0/5.9.0.115/en/abandoninstall?page=tsProgressBar
Task: {FB03D919-C09C-4915-BF74-30A399F8C342} - System32\Tasks\AdobeAAMUpdater-1.0-jf-HP-jf => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-05-12 04:49 - 2014-05-12 04:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2011-05-10 12:56 - 2011-05-10 12:56 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-06-27 18:18 - 2011-06-27 18:18 - 00107320 _____ () C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
2014-04-16 03:13 - 2014-05-13 11:04 - 00109400 _____ () G:\newSB\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-04-16 03:13 - 2014-05-13 11:04 - 00416600 _____ () G:\newSB\Spybot - Search & Destroy 2\DEC150.bpl
2014-04-16 03:13 - 2014-05-13 11:04 - 00167768 _____ () G:\newSB\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-04-16 03:13 - 2012-08-23 09:38 - 00574840 _____ () G:\newSB\Spybot - Search & Destroy 2\sqlite3.dll
2014-04-16 03:13 - 2012-04-03 16:06 - 00565640 _____ () G:\newSB\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2011-06-01 11:42 - 2011-06-01 11:42 - 00108296 _____ () C:\Program Files (x86)\Seagate\Seagate Dashboard\Memeo.Progress.dll
2011-06-01 11:46 - 2011-06-01 11:46 - 00030984 _____ () C:\Program Files (x86)\Seagate\Seagate Dashboard\Plugins\Memeo.Dashboard.SeagateSharePlusPlugin.dll
2011-06-01 11:16 - 2011-06-01 11:16 - 00241664 _____ () C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\libupnp.dll
2011-06-01 11:16 - 2011-06-01 11:16 - 00971776 _____ () C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\libxml2.dll
2012-03-30 04:01 - 2012-03-30 04:01 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\84842098d2f03a96f67a190bd3de8940\IsdiInterop.ni.dll
2012-03-30 04:01 - 2011-04-30 02:28 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2014-10-28 06:27 - 2014-10-21 23:04 - 01042760 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libglesv2.dll
2014-10-28 06:27 - 2014-10-21 23:04 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libegl.dll
2014-10-28 06:27 - 2014-10-21 23:04 - 08910664 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll
2014-10-28 06:27 - 2014-10-21 23:04 - 01681224 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll
2014-04-22 12:00 - 2014-04-22 12:00 - 00988160 _____ () C:\Program Files (x86)\OpenOffice 4\program\libxml2.dll
2014-04-15 15:23 - 2014-04-15 15:23 - 00170496 _____ () C:\Program Files (x86)\OpenOffice 4\program\libxslt.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-1818647912-2415854210-1634842132-500 - Administrator - Disabled)
Guest (S-1-5-21-1818647912-2415854210-1634842132-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-1818647912-2415854210-1634842132-1003 - Limited - Enabled)
jf (S-1-5-21-1818647912-2415854210-1634842132-1001 - Administrator - Enabled) => C:\Users\jf
UpdatusUser (S-1-5-21-1818647912-2415854210-1634842132-1000 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/05/2014 01:54:41 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (11/05/2014 02:36:19 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 1204.

Error: (11/05/2014 02:36:19 AM) (Source: Schannel) (EventID: 4106) (User: NT AUTHORITY)
Description: An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

Error: (11/05/2014 02:36:02 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 1204.

Error: (11/05/2014 02:36:02 AM) (Source: Schannel) (EventID: 4106) (User: NT AUTHORITY)
Description: An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

Error: (11/05/2014 02:36:02 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 1204.

Error: (11/05/2014 02:36:02 AM) (Source: Schannel) (EventID: 4106) (User: NT AUTHORITY)
Description: An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

Error: (11/05/2014 02:36:02 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 1204.

Error: (11/05/2014 02:36:02 AM) (Source: Schannel) (EventID: 4106) (User: NT AUTHORITY)
Description: An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

Error: (11/05/2014 02:36:02 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 1204.

Error: (11/05/2014 02:36:02 AM) (Source: Schannel) (EventID: 4106) (User: NT AUTHORITY)
Description: An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.


Microsoft Office Sessions:
=========================
Error: (11/05/2014 01:54:41 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz
Percentage of memory in use: 45%
Total physical RAM: 5941.86 MB
Available physical RAM: 3241.43 MB
Total Pagefile: 11881.91 MB
Available Pagefile: 9011.64 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:446.18 GB) (Free:81.32 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery) (Fixed) (Total:15.42 GB) (Free:1.67 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:1.08 GB) FAT32
Drive g: (FreeAgent Drive) (Fixed) (Total:931.51 GB) (Free:523.49 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 477ABF56)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=446.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15.4 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=4 GB) - (Type=0C)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 45FA7B9D)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================
 
Hi Johnwf,

Uninstall via Programs and Features

Click Start > Control Panel > Programs and Features. Locate and select the following that are present on the list and click the Remove button:
  • MossNet
=========================

Re- run AdwCleaner

It should be on your desktop
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
  • This time, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a log file report (AdwCleaner[S1].txt) will open automatically.
  • Copy and paste the contents of that log file in your next reply.
  • A copy of that log file will also be saved in the C:\AdwCleaner folder.
=========================

Re- run Junkware Removal Tool

    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Shut down your protection software now to avoid potential conflicts.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
=========================

Reboot

=========================

Re-run Farbar Recovery Scan Tool it should be on your desktop.
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
=========================

In your next post please provide the following:
  • AdwCleaner[S1].txt
  • JRT.txt
  • new FRST.txt
  • How is the computer running at the moment?
 
it worked! mossnet gone!

OCD,

I spent a few hours today doing on WolfamAlpha and other wesites where the mossnet thing was showing up the most. And it seems to be totally gone. if anything the pc runs faster than it did before.

the browsers lost their histories but i don't really need them. Also, AOL seems to be missing something called "Viewpoint Media Player", but it runs fine without it.

I may have posted the wrong FRST and Addition logs, I can run another scan if you need them

thank you for all of your help.

JohnF
 
Hi Johnwf,

It's important that you follow through with the remainder of the steps I will outline. Absence of symptoms doesn't necessarily translate into malware free. We are making progress so please stay with me until I give you the "all clean" sign. :bigthumb:

With that in mind, please run the scans requested and post the logs in your next reply.
 
Status
Not open for further replies.
Back
Top