Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Spigot/Yahoo infection from YDT install

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Spigot/Yahoo infection from YDT install

Unread postby pgmigg » November 17th, 2013, 9:52 pm

Hello Mao55,

With that in mind, the link that you provided for FRST64.exe yields a message that the version of FRST64.exe is outdated, and it's strongly recommended to d/l the latest version. I would presume that OK to do, but given my previous misadventure, I thought I'd double-check with you first.
Very good! You are absolutely right - if you have any doubts, just stop and ask...

Just now I downloaded the FRST64.exe from the link I provided , saved it on my Desktop and run - after disclaimer the FRST was ready to scan. Probably you tried to open that link via Chrome browser.

Let do the following.:
  1. Please delete that outdated version from the Desktop.
  2. Open the Internet Explorer and copy the following link to it to be sure that it will be opened by IE instead of Chrome:
    Code: Select all
      http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
  3. Download FRST64.exe and save it to the Desktop.
  4. Then please run the rest of the steps from my previous post...

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3187
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00
Advertisement
Register to Remove

Re: Spigot/Yahoo infection from YDT install

Unread postby Mao55 » November 17th, 2013, 10:44 pm

Hello pgmigg,

A. Downloading FRST64.exe using IE and saving it to the desktop (I saved it to the desktop using Chrome as well) and running it did not yield the version error this time. No problems at all.

B. Contents of the FRST.txt:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-11-2013 02
Ran by David (administrator) on DIGITALSTORM-PC on 17-11-2013 18:16:45
Running from C:\Users\David\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Nero AG) C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\ccSvcHst.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\ccSvcHst.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CtHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(CMCEI) C:\Program Files\Newsbin\newsbinpro64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE
(Farbar) C:\Users\David\Desktop\FRST64 (1).exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7174728 2013-03-28] (Realtek Semiconductor)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe [1028384 2013-10-17] (NVIDIA Corporation)
HKLM\...\Run: [IAStorIcon] - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286192 2013-01-31] (Intel Corporation)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
Winlogon\Notify\LBTWlgn: C:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-07-30] (Google Inc.)
HKCU\...\Run: [MotoCast] - C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoLauncher.lnk [2055 2013-09-08] ()
HKCU\...\Run: [EPSON WorkForce 500 Series] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEQA.EXE /FU "C:\Windows\TEMP\E_S1A8C.tmp" /EF "HKCU"
HKCU\...\Runonce: [Uninstall C:\Users\David\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112_1\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\David\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112_1\amd64"
MountPoints2: {f4d874d2-1860-11e3-88ed-74d02b9ca2e8} - K:\MotoCastSetup.exe -a
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291128 2013-03-05] (Intel Corporation)
HKLM-x32\...\Run: [AsioThk32Reg] - REGSVR32.EXE /S CTASIO.DLL
HKLM-x32\...\Run: [CTHelper] - C:\Windows\\SysWOW64\CTHELPER.EXE [19456 2010-03-18] (Creative Technology Ltd)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\Administrator\...\Run: [CreativeTaskScheduler] - C:\Program Files (x86)\Creative\Shared Files\CTSched.exe [53341 2006-11-17] (Creative Technology Ltd)
HKU\Administrator\...\Run: [Creative Software Update] - C:\Program Files (x86)\Creative\Shared Files\Software Update\AutoUpdate.exe [430968 2009-01-15] (Creative Technology Ltd)
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VyprVPN.lnk
ShortcutTarget: VyprVPN.lnk -> C:\Windows\system32\schtasks.exe (Microsoft Corporation)
Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DING!.lnk
ShortcutTarget: DING!.lnk -> C:\Program Files (x86)\Southwest Airlines\Ding\Ding.exe (Southwest Airlines)
Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VyprVPN.lnk
ShortcutTarget: VyprVPN.lnk -> C:\Windows\system32\schtasks.exe (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

ProxyServer: localhost:8080
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xCF1D3F2831E3CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=S1122&geo=US&ver=20&locale=en_US&gct=kwd&qsrc=2869
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwar ... PIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwar ... /CTPID.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Chrome:
=======
CHR RestoreOnStartup: "hxxp://www.google.com/", "hxxp://search.yahoo.com/?type=407453&fr=spigot-yhp-ch"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2013) - C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: ( "name": "",) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: ( "name": "",) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Plugin: (Microsoft Office 2013) - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Extension: (Google Docs) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Norton Identity Protection) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.3.4_0
CHR Extension: (Google Wallet) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.1.crx
CHR HKLM-x32\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files (x86)\Common Files\Spigot\GC\errorassistant_1.1.crx
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\Exts\Chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx

==================== Services (Whitelisted) =================

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe [927232 2012-10-28] ()
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-01-31] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-07-31] (Motorola Mobility LLC)
R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-20] (Symantec Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15122208 2013-10-17] (NVIDIA Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-09-17] (Microsoft Corporation)
S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [14848 2011-12-15] ()

==================== Drivers (Whitelisted) ====================

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-21] ()
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20131101.003\BHDrvx64.sys [1524824 2013-10-22] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1404000.028\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)
R3 ctgame; C:\Windows\System32\DRIVERS\ctgame.sys [26328 2010-03-18] (Creative Technology Ltd.)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-08-26] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [140376 2013-08-26] (Symantec Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-01-31] (Intel Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20131115.001\IDSvia64.sys [521816 2013-10-28] (Symantec Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20131117.009\ENG64.SYS [126040 2013-09-15] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20131117.009\EX64.SYS [2099288 2013-09-15] (Symantec Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-09-27] (NVIDIA Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1404000.028\SRTSP64.SYS [796760 2013-05-15] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1404000.028\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1404000.028\SYMDS64.SYS [493656 2013-05-20] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1404000.028\SYMEFA64.SYS [1139800 2013-05-22] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-07-30] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1404000.028\Ironx64.SYS [224416 2012-07-27] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1404000.028\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation)
S3 VUSB3HUB; C:\Windows\system32\drivers\ViaHub3.sys [176640 2011-05-21] (VIA Technologies, Inc.)
S3 xhcdrv; C:\Windows\system32\drivers\xhcdrv.sys [230400 2011-05-21] (VIA Technologies, Inc.)
S3 AIDA64Driver; \??\C:\Users\Administrator\Desktop\aTestingV6.2\Programs\AIDA64\kerneld.x64 [x]
S3 GPU-Z; \??\C:\Users\ADMINI~1\AppData\Local\Temp\GPU-Z.sys [x]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [x]
S3 RTCore64; \??\C:\Users\Administrator\Desktop\aTestingV6.2\Programs\MSIAfterburner\RTCore64.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-17 18:16 - 2013-11-17 18:16 - 00018993 _____ C:\Users\David\Desktop\FRST.txt
2013-11-17 18:15 - 2013-11-17 18:15 - 00000000 ____D C:\FRST
2013-11-17 18:14 - 2013-11-17 18:14 - 01958026 _____ (Farbar) C:\Users\David\Downloads\FRST64 (1).exe
2013-11-17 18:14 - 2013-11-17 18:14 - 01958026 _____ (Farbar) C:\Users\David\Desktop\FRST64 (1).exe
2013-11-16 23:40 - 2013-11-16 23:41 - 00000240 _____ C:\Users\David\Desktop\New SystemLook insert.txt
2013-11-16 23:39 - 2013-11-16 23:39 - 00001671 _____ C:\Users\David\Desktop\New OTL insert.txt
2013-11-16 23:34 - 2013-11-16 23:34 - 01958236 _____ (Farbar) C:\Users\David\Downloads\FRST64.exe
2013-11-16 17:00 - 2013-11-16 17:00 - 00001171 _____ C:\Users\David\Desktop\ESETScanChrome.txt
2013-11-16 14:13 - 2013-11-16 14:13 - 00000000 ____D C:\Program Files (x86)\ESET
2013-11-16 14:13 - 2013-11-16 14:12 - 02347384 _____ (ESET) C:\Users\David\Desktop\esetsmartinstaller_enu.exe
2013-11-16 14:11 - 2013-11-16 14:12 - 02347384 _____ (ESET) C:\Users\David\Downloads\esetsmartinstaller_enu.exe
2013-11-16 14:08 - 2013-11-16 14:08 - 00085662 _____ C:\Users\David\Desktop\11-16-13SystemLook.txt
2013-11-16 14:02 - 2013-11-16 14:02 - 00010970 _____ C:\Users\David\Desktop\11162013_135924.log
2013-11-16 13:51 - 2013-11-16 14:04 - 00000267 _____ C:\Users\David\Desktop\OTL-11-16-13.txt
2013-11-16 02:18 - 2013-11-16 02:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-15 22:00 - 2013-11-16 14:07 - 00085660 _____ C:\Users\David\Desktop\SystemLook.txt
2013-11-15 21:51 - 2013-11-15 21:50 - 00165376 _____ C:\Users\David\Desktop\SystemLook_x64.exe
2013-11-15 21:50 - 2013-11-15 21:50 - 00165376 _____ C:\Users\David\Downloads\SystemLook_x64.exe
2013-11-15 16:31 - 2013-11-15 16:31 - 00010074 _____ C:\Users\David\Desktop\11152013_162808.log
2013-11-15 16:28 - 2013-11-15 16:28 - 00000000 ____D C:\_OTL
2013-11-15 15:49 - 2013-11-15 15:49 - 00000000 ____D C:\ProgramData\Credant
2013-11-13 21:10 - 2013-11-13 21:21 - 00092255 _____ C:\Users\David\Desktop\reply2.txt
2013-11-13 20:54 - 2013-11-13 21:05 - 00109098 _____ C:\Users\David\Desktop\reply split.txt
2013-11-13 20:33 - 2013-11-13 20:33 - 00182134 _____ C:\Users\David\Desktop\OTL2.Txt
2013-11-13 20:33 - 2013-11-13 20:33 - 00053022 _____ C:\Users\David\Desktop\Extras2.Txt
2013-11-13 20:22 - 2013-11-13 20:15 - 00001341 _____ C:\Users\David\Desktop\AdwCleaner[S0].txt
2013-11-13 20:22 - 2013-11-13 20:15 - 00001272 _____ C:\Users\David\Desktop\AdwCleaner[R0].txt
2013-11-13 20:14 - 2013-11-13 20:15 - 00000000 ____D C:\AdwCleaner
2013-11-13 20:14 - 2013-11-13 20:13 - 01085542 _____ C:\Users\David\Desktop\adwcleaner.exe
2013-11-13 20:13 - 2013-11-13 20:13 - 01085542 _____ C:\Users\David\Downloads\adwcleaner.exe
2013-11-13 20:11 - 2013-11-13 20:11 - 00002685 _____ C:\Users\David\Desktop\JRT.txt
2013-11-13 20:09 - 2013-11-13 20:09 - 00000000 ____D C:\Windows\ERUNT
2013-11-13 19:55 - 2013-11-13 19:55 - 01034531 _____ (Thisisu) C:\Users\David\Downloads\JRT.exe
2013-11-13 19:55 - 2013-11-13 19:55 - 01034531 _____ (Thisisu) C:\Users\David\Desktop\JRT.exe
2013-11-13 19:47 - 2013-11-13 19:46 - 04121440 _____ (Kaspersky Lab ZAO) C:\Users\David\Desktop\tdsskiller.exe
2013-11-13 19:46 - 2013-11-13 19:46 - 04121440 _____ (Kaspersky Lab ZAO) C:\Users\David\Downloads\tdsskiller.exe
2013-11-13 12:34 - 2013-10-11 18:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-13 12:34 - 2013-10-11 18:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-13 12:34 - 2013-10-11 18:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-13 12:34 - 2013-10-11 18:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-13 12:34 - 2013-10-11 18:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-13 12:34 - 2013-10-05 12:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-13 12:34 - 2013-10-05 11:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-13 12:34 - 2013-10-03 18:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-13 12:34 - 2013-10-03 18:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-13 12:34 - 2013-10-03 18:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-13 12:34 - 2013-10-03 17:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-13 12:34 - 2013-10-03 17:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-13 12:34 - 2013-10-03 17:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-13 12:34 - 2013-10-02 18:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-13 12:34 - 2013-10-02 18:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-13 12:34 - 2013-09-27 17:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-13 12:34 - 2013-09-24 18:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-13 12:34 - 2013-09-24 18:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-13 12:34 - 2013-09-24 18:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-13 12:34 - 2013-09-24 18:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-13 12:34 - 2013-09-24 18:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-13 12:34 - 2013-09-24 18:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-13 12:34 - 2013-09-24 18:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-13 12:34 - 2013-09-24 18:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-13 12:34 - 2013-09-24 17:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-13 12:34 - 2013-09-24 17:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-13 12:34 - 2013-09-24 17:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-13 12:34 - 2013-09-24 17:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-13 12:34 - 2013-09-24 17:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-13 12:34 - 2013-07-04 04:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-12 21:47 - 2013-11-12 21:47 - 00000000 _____ C:\Users\David\Desktop\forum.txt
2013-11-12 21:34 - 2013-11-13 20:32 - 00182134 _____ C:\Users\David\Desktop\OTL.Txt
2013-11-12 21:34 - 2013-11-13 20:32 - 00053022 _____ C:\Users\David\Desktop\Extras.Txt
2013-11-12 21:23 - 2013-11-12 21:22 - 00602112 _____ (OldTimer Tools) C:\Users\David\Desktop\OTL.exe
2013-11-12 21:22 - 2013-11-12 21:22 - 00602112 _____ (OldTimer Tools) C:\Users\David\Downloads\OTL.exe
2013-11-12 03:01 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2013-11-12 03:00 - 2013-11-12 03:01 - 00007276 _____ C:\Windows\IE11_main.log
2013-11-12 03:00 - 2013-11-12 03:00 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-12 03:00 - 2013-11-12 03:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-12 03:00 - 2013-11-12 03:00 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-12 03:00 - 2013-11-12 03:00 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-12 03:00 - 2013-11-12 03:00 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-11-12 03:00 - 2013-11-12 03:00 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-11-12 03:00 - 2013-11-12 03:00 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-11-12 03:00 - 2013-11-12 03:00 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-11-12 03:00 - 2013-11-12 03:00 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-11-12 03:00 - 2013-11-12 03:00 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-12 03:00 - 2013-11-12 03:00 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-11-12 03:00 - 2013-11-12 03:00 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-11-12 03:00 - 2013-11-12 03:00 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-11-12 03:00 - 2013-11-12 03:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-11-12 03:00 - 2013-11-12 03:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-12 03:00 - 2013-11-12 03:00 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-12 03:00 - 2013-11-12 03:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-11-12 03:00 - 2013-11-12 03:00 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-11-12 03:00 - 2013-11-12 03:00 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-12 03:00 - 2013-11-12 03:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-11-12 03:00 - 2013-11-12 03:00 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-11-12 03:00 - 2013-11-12 03:00 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-12 03:00 - 2013-11-12 03:00 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-11-12 03:00 - 2013-11-12 03:00 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-11-12 03:00 - 2013-11-12 03:00 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-11-12 03:00 - 2013-11-12 03:00 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-11-12 03:00 - 2013-11-12 03:00 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-11-12 03:00 - 2013-11-12 03:00 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-11-11 22:53 - 2013-11-11 22:53 - 00025271 _____ C:\Users\David\Desktop\dds.txt
2013-11-11 22:53 - 2013-11-11 22:53 - 00009212 _____ C:\Users\David\Desktop\attach.txt
2013-11-11 22:51 - 2013-11-11 22:51 - 00688992 ____R (Swearware) C:\Users\David\Desktop\dds.scr
2013-11-11 22:51 - 2013-11-11 22:51 - 00688992 _____ (Swearware) C:\Users\David\Downloads\dds.scr
2013-11-11 01:28 - 2013-11-11 01:28 - 03141670 _____ C:\Users\David\Documents\I Love The Rain Remix Instrumental.mp4
2013-11-11 01:27 - 2013-11-11 01:27 - 05205557 _____ C:\Users\David\Documents\Real tuesday weld - I love the rain.mp4
2013-11-11 01:17 - 2013-11-11 01:17 - 25882899 _____ C:\Users\David\Documents\Little Big Planet Peace Pipe (Peace P).mp4
2013-11-11 01:15 - 2013-11-11 01:15 - 04334696 _____ C:\Users\David\Documents\Sigh No More (feat. Maurissa Tancharoen & Jed Whedon).mp4
2013-11-11 01:14 - 2013-11-11 01:14 - 23177866 _____ C:\Users\David\Documents\Ghost Loft - Blow.mp4
2013-11-11 01:03 - 2013-11-11 01:03 - 89709722 _____ C:\Users\David\Documents\4 Strings - Let It Rain (Chillout Instrumental Mix) (DOWNLOAD AVAILABLE!).mp4
2013-11-11 00:59 - 2013-11-11 00:59 - 00000000 ____D C:\Program Files (x86)\GreenTree Applications
2013-10-30 00:18 - 2013-10-17 17:36 - 01063200 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2013-10-30 00:18 - 2013-10-17 17:36 - 00955168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2013-10-30 00:17 - 2013-09-27 15:01 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2013-10-30 00:17 - 2013-09-27 15:01 - 00028960 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2013-10-24 21:10 - 2013-10-24 20:08 - 00026957 _____ C:\Users\David\Documents\contacts.csv
2013-10-24 20:09 - 2013-10-24 20:09 - 00037713 _____ C:\Users\David\AppData\Roaming\Comma Separated Values.ADR
2013-10-24 20:08 - 2013-10-24 20:08 - 00026957 _____ C:\Users\David\Desktop\contacts.csv
2013-10-24 17:32 - 2013-10-24 17:32 - 00576281 _____ C:\Users\David\Documents\bookmarks_10_24_13.html
2013-10-21 22:33 - 2013-10-15 16:48 - 30344992 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2013-10-21 22:33 - 2013-10-15 16:48 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2013-10-21 22:33 - 2013-10-15 16:48 - 22933280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-10-21 22:33 - 2013-10-15 16:48 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-10-21 22:33 - 2013-10-15 16:48 - 15858664 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2013-10-21 22:33 - 2013-10-15 16:48 - 12537632 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2013-10-21 22:33 - 2013-10-15 16:48 - 11415232 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2013-10-21 22:33 - 2013-10-15 16:48 - 11362672 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2013-10-21 22:33 - 2013-10-15 16:48 - 09516872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-10-21 22:33 - 2013-10-15 16:48 - 09472600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-10-21 22:33 - 2013-10-15 16:48 - 03131680 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2013-10-21 22:33 - 2013-10-15 16:48 - 03124512 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2013-10-21 22:33 - 2013-10-15 16:48 - 02946848 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-10-21 22:33 - 2013-10-15 16:48 - 02747168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-10-21 22:33 - 2013-10-15 16:48 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433158.dll
2013-10-21 22:33 - 2013-10-15 16:48 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433158.dll
2013-10-21 22:33 - 2013-10-15 16:48 - 01241376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2013-10-21 22:33 - 2013-10-15 16:48 - 00696096 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2013-10-21 22:33 - 2013-10-15 16:48 - 00655136 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2013-10-21 22:33 - 2013-10-15 16:48 - 00599840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2013-10-21 22:33 - 2013-10-15 16:48 - 00560416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2013-10-21 22:33 - 2013-10-15 16:48 - 00479520 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2013-10-21 22:33 - 2013-10-15 16:48 - 00405280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2013-10-21 22:33 - 2013-10-15 16:48 - 00317472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2013-10-21 22:33 - 2013-10-15 16:48 - 00266984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2013-10-21 22:33 - 2013-10-15 16:48 - 00168616 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2013-10-21 22:33 - 2013-10-15 16:48 - 00141336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2013-10-20 16:29 - 2013-10-20 16:29 - 00000000 ____D C:\Users\David\AppData\Roaming\Oracle
2013-10-20 16:28 - 2013-10-20 16:28 - 00000000 ____D C:\ProgramData\Oracle
2013-10-20 16:27 - 2013-10-20 16:27 - 00004746 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log

==================== One Month Modified Files and Folders =======

2013-11-17 18:16 - 2013-11-17 18:16 - 00018993 _____ C:\Users\David\Desktop\FRST.txt
2013-11-17 18:15 - 2013-11-17 18:15 - 00000000 ____D C:\FRST
2013-11-17 18:14 - 2013-11-17 18:14 - 01958026 _____ (Farbar) C:\Users\David\Downloads\FRST64 (1).exe
2013-11-17 18:14 - 2013-11-17 18:14 - 01958026 _____ (Farbar) C:\Users\David\Desktop\FRST64 (1).exe
2013-11-17 18:00 - 2013-07-30 23:45 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-17 17:34 - 2013-07-29 21:20 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-17 16:16 - 2013-09-28 00:48 - 00000000 ____D C:\Users\David\Documents\Outlook Files
2013-11-17 15:05 - 2013-08-04 00:31 - 00000000 ____D C:\Users\David\AppData\Local\Newsbin
2013-11-17 15:04 - 2013-08-04 00:32 - 00000000 ____D C:\Users\David\Documents\Newsbin
2013-11-17 13:36 - 2013-09-08 16:18 - 00000000 ____D C:\Users\David\AppData\Roaming\MotoCast
2013-11-17 13:27 - 2009-07-13 20:45 - 00022064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-17 13:27 - 2009-07-13 20:45 - 00022064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-17 13:26 - 2009-07-13 21:13 - 00784738 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-17 13:23 - 2013-07-19 03:47 - 01804971 _____ C:\Windows\WindowsUpdate.log
2013-11-17 13:20 - 2013-09-28 00:42 - 00016447 _____ C:\Windows\setupact.log
2013-11-17 13:20 - 2013-09-08 16:20 - 00000000 ____D C:\Users\David\.gstreamer-0.10
2013-11-17 13:20 - 2013-07-30 23:45 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-17 13:20 - 2013-07-19 03:47 - 00000000 ____D C:\ProgramData\NVIDIA
2013-11-17 13:20 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-17 10:29 - 2010-11-20 19:47 - 00115836 _____ C:\Windows\PFRO.log
2013-11-17 01:51 - 2013-07-29 19:52 - 00000000 ____D C:\Program Files (x86)\VyprVPN
2013-11-17 01:50 - 2013-08-04 12:43 - 00000000 ____D C:\Users\David\AppData\Roaming\vlc
2013-11-17 00:19 - 2013-09-09 20:37 - 00000000 ____D C:\Users\David\AppData\Local\QuickPar
2013-11-16 23:41 - 2013-11-16 23:40 - 00000240 _____ C:\Users\David\Desktop\New SystemLook insert.txt
2013-11-16 23:39 - 2013-11-16 23:39 - 00001671 _____ C:\Users\David\Desktop\New OTL insert.txt
2013-11-16 23:34 - 2013-11-16 23:34 - 01958236 _____ (Farbar) C:\Users\David\Downloads\FRST64.exe
2013-11-16 22:48 - 2013-08-03 23:59 - 00000000 ____D C:\Users\David\Downloads\Mimo
2013-11-16 17:06 - 2013-08-01 20:59 - 00000000 ____D C:\Users\David\AppData\Roaming\Google
2013-11-16 17:00 - 2013-11-16 17:00 - 00001171 _____ C:\Users\David\Desktop\ESETScanChrome.txt
2013-11-16 14:13 - 2013-11-16 14:13 - 00000000 ____D C:\Program Files (x86)\ESET
2013-11-16 14:12 - 2013-11-16 14:13 - 02347384 _____ (ESET) C:\Users\David\Desktop\esetsmartinstaller_enu.exe
2013-11-16 14:12 - 2013-11-16 14:11 - 02347384 _____ (ESET) C:\Users\David\Downloads\esetsmartinstaller_enu.exe
2013-11-16 14:08 - 2013-11-16 14:08 - 00085662 _____ C:\Users\David\Desktop\11-16-13SystemLook.txt
2013-11-16 14:07 - 2013-11-15 22:00 - 00085660 _____ C:\Users\David\Desktop\SystemLook.txt
2013-11-16 14:04 - 2013-11-16 13:51 - 00000267 _____ C:\Users\David\Desktop\OTL-11-16-13.txt
2013-11-16 14:02 - 2013-11-16 14:02 - 00010970 _____ C:\Users\David\Desktop\11162013_135924.log
2013-11-16 02:18 - 2013-11-16 02:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-16 02:18 - 2013-07-31 23:23 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-15 22:49 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-11-15 21:50 - 2013-11-15 21:51 - 00165376 _____ C:\Users\David\Desktop\SystemLook_x64.exe
2013-11-15 21:50 - 2013-11-15 21:50 - 00165376 _____ C:\Users\David\Downloads\SystemLook_x64.exe
2013-11-15 16:31 - 2013-11-15 16:31 - 00010074 _____ C:\Users\David\Desktop\11152013_162808.log
2013-11-15 16:28 - 2013-11-15 16:28 - 00000000 ____D C:\_OTL
2013-11-15 15:49 - 2013-11-15 15:49 - 00000000 ____D C:\ProgramData\Credant
2013-11-15 15:01 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system32\NDF
2013-11-14 20:01 - 2013-07-30 23:45 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-11-13 21:21 - 2013-11-13 21:10 - 00092255 _____ C:\Users\David\Desktop\reply2.txt
2013-11-13 21:05 - 2013-11-13 20:54 - 00109098 _____ C:\Users\David\Desktop\reply split.txt
2013-11-13 20:33 - 2013-11-13 20:33 - 00182134 _____ C:\Users\David\Desktop\OTL2.Txt
2013-11-13 20:33 - 2013-11-13 20:33 - 00053022 _____ C:\Users\David\Desktop\Extras2.Txt
2013-11-13 20:32 - 2013-11-12 21:34 - 00182134 _____ C:\Users\David\Desktop\OTL.Txt
2013-11-13 20:32 - 2013-11-12 21:34 - 00053022 _____ C:\Users\David\Desktop\Extras.Txt
2013-11-13 20:15 - 2013-11-13 20:22 - 00001341 _____ C:\Users\David\Desktop\AdwCleaner[S0].txt
2013-11-13 20:15 - 2013-11-13 20:22 - 00001272 _____ C:\Users\David\Desktop\AdwCleaner[R0].txt
2013-11-13 20:15 - 2013-11-13 20:14 - 00000000 ____D C:\AdwCleaner
2013-11-13 20:15 - 2013-08-01 18:42 - 00000000 ___RD C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-13 20:13 - 2013-11-13 20:14 - 01085542 _____ C:\Users\David\Desktop\adwcleaner.exe
2013-11-13 20:13 - 2013-11-13 20:13 - 01085542 _____ C:\Users\David\Downloads\adwcleaner.exe
2013-11-13 20:11 - 2013-11-13 20:11 - 00002685 _____ C:\Users\David\Desktop\JRT.txt
2013-11-13 20:09 - 2013-11-13 20:09 - 00000000 ____D C:\Windows\ERUNT
2013-11-13 19:55 - 2013-11-13 19:55 - 01034531 _____ (Thisisu) C:\Users\David\Downloads\JRT.exe
2013-11-13 19:55 - 2013-11-13 19:55 - 01034531 _____ (Thisisu) C:\Users\David\Desktop\JRT.exe
2013-11-13 19:46 - 2013-11-13 19:47 - 04121440 _____ (Kaspersky Lab ZAO) C:\Users\David\Desktop\tdsskiller.exe
2013-11-13 19:46 - 2013-11-13 19:46 - 04121440 _____ (Kaspersky Lab ZAO) C:\Users\David\Downloads\tdsskiller.exe
2013-11-13 13:12 - 2009-07-13 18:34 - 00000478 _____ C:\Windows\win.ini
2013-11-13 13:11 - 2013-08-14 00:15 - 00000000 ____D C:\Windows\system32\MRT
2013-11-13 13:10 - 2013-07-31 22:50 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-12 21:47 - 2013-11-12 21:47 - 00000000 _____ C:\Users\David\Desktop\forum.txt
2013-11-12 21:22 - 2013-11-12 21:23 - 00602112 _____ (OldTimer Tools) C:\Users\David\Desktop\OTL.exe
2013-11-12 21:22 - 2013-11-12 21:22 - 00602112 _____ (OldTimer Tools) C:\Users\David\Downloads\OTL.exe
2013-11-12 19:24 - 2013-09-28 00:29 - 00000000 ____D C:\Program Files\Microsoft Office 15
2013-11-12 03:17 - 2013-08-01 18:42 - 00001417 _____ C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-12 03:16 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-11-12 03:01 - 2013-11-12 03:00 - 00007276 _____ C:\Windows\IE11_main.log
2013-11-12 03:00 - 2013-11-12 03:00 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-12 03:00 - 2013-11-12 03:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-12 03:00 - 2013-11-12 03:00 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-12 03:00 - 2013-11-12 03:00 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-12 03:00 - 2013-11-12 03:00 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-11-12 03:00 - 2013-11-12 03:00 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-11-12 03:00 - 2013-11-12 03:00 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-11-12 03:00 - 2013-11-12 03:00 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-11-12 03:00 - 2013-11-12 03:00 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-11-12 03:00 - 2013-11-12 03:00 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-12 03:00 - 2013-11-12 03:00 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-11-12 03:00 - 2013-11-12 03:00 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-11-12 03:00 - 2013-11-12 03:00 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-11-12 03:00 - 2013-11-12 03:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-11-12 03:00 - 2013-11-12 03:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-12 03:00 - 2013-11-12 03:00 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-12 03:00 - 2013-11-12 03:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-11-12 03:00 - 2013-11-12 03:00 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-11-12 03:00 - 2013-11-12 03:00 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-12 03:00 - 2013-11-12 03:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-11-12 03:00 - 2013-11-12 03:00 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-11-12 03:00 - 2013-11-12 03:00 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-12 03:00 - 2013-11-12 03:00 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-11-12 03:00 - 2013-11-12 03:00 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-11-12 03:00 - 2013-11-12 03:00 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-11-12 03:00 - 2013-11-12 03:00 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-11-12 03:00 - 2013-11-12 03:00 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-11-12 03:00 - 2013-11-12 03:00 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-11-11 22:53 - 2013-11-11 22:53 - 00025271 _____ C:\Users\David\Desktop\dds.txt
2013-11-11 22:53 - 2013-11-11 22:53 - 00009212 _____ C:\Users\David\Desktop\attach.txt
2013-11-11 22:51 - 2013-11-11 22:51 - 00688992 ____R (Swearware) C:\Users\David\Desktop\dds.scr
2013-11-11 22:51 - 2013-11-11 22:51 - 00688992 _____ (Swearware) C:\Users\David\Downloads\dds.scr
2013-11-11 01:28 - 2013-11-11 01:28 - 03141670 _____ C:\Users\David\Documents\I Love The Rain Remix Instrumental.mp4
2013-11-11 01:27 - 2013-11-11 01:27 - 05205557 _____ C:\Users\David\Documents\Real tuesday weld - I love the rain.mp4
2013-11-11 01:17 - 2013-11-11 01:17 - 25882899 _____ C:\Users\David\Documents\Little Big Planet Peace Pipe (Peace P).mp4
2013-11-11 01:15 - 2013-11-11 01:15 - 04334696 _____ C:\Users\David\Documents\Sigh No More (feat. Maurissa Tancharoen & Jed Whedon).mp4
2013-11-11 01:14 - 2013-11-11 01:14 - 23177866 _____ C:\Users\David\Documents\Ghost Loft - Blow.mp4
2013-11-11 01:12 - 2013-09-07 16:03 - 00000000 ____D C:\Users\David\AppData\Roaming\Audacity
2013-11-11 01:09 - 2013-08-04 01:34 - 00000000 ____D C:\Users\David\AppData\Roaming\foobar2000
2013-11-11 01:03 - 2013-11-11 01:03 - 89709722 _____ C:\Users\David\Documents\4 Strings - Let It Rain (Chillout Instrumental Mix) (DOWNLOAD AVAILABLE!).mp4
2013-11-11 00:59 - 2013-11-11 00:59 - 00000000 ____D C:\Program Files (x86)\GreenTree Applications
2013-11-10 22:53 - 2013-08-01 18:42 - 00000000 ____D C:\Users\David\AppData\Local\VirtualStore
2013-11-10 10:46 - 2013-08-04 21:06 - 00000000 ____D C:\Users\David\AppData\Roaming\dvdcss
2013-11-03 14:51 - 2013-10-04 21:44 - 00000000 ____D C:\Users\David\Desktop\Purge
2013-10-30 00:18 - 2013-07-19 03:47 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2013-10-30 00:18 - 2013-07-19 03:47 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-10-30 00:18 - 2013-07-19 03:47 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-10-29 16:48 - 2013-08-01 18:42 - 00000000 ____D C:\Users\David
2013-10-26 20:20 - 2013-09-22 01:04 - 00000000 ____D C:\Users\David\Desktop\Next CD
2013-10-24 21:04 - 2013-07-31 23:34 - 00000000 ____D C:\Users\Administrator\Documents\Outlook Files
2013-10-24 20:09 - 2013-10-24 20:09 - 00037713 _____ C:\Users\David\AppData\Roaming\Comma Separated Values.ADR
2013-10-24 20:08 - 2013-10-24 21:10 - 00026957 _____ C:\Users\David\Documents\contacts.csv
2013-10-24 20:08 - 2013-10-24 20:08 - 00026957 _____ C:\Users\David\Desktop\contacts.csv
2013-10-24 19:45 - 2013-08-01 18:42 - 00000000 ____D C:\Users\David\AppData\Local\Microsoft Help
2013-10-24 17:32 - 2013-10-24 17:32 - 00576281 _____ C:\Users\David\Documents\bookmarks_10_24_13.html
2013-10-24 12:40 - 2013-09-07 16:03 - 00000000 ____D C:\Program Files (x86)\Audacity
2013-10-24 12:39 - 2013-09-07 16:03 - 00001011 _____ C:\Users\Public\Desktop\Audacity.lnk
2013-10-20 16:29 - 2013-10-20 16:29 - 00000000 ____D C:\Users\David\AppData\Roaming\Oracle
2013-10-20 16:28 - 2013-10-20 16:28 - 00000000 ____D C:\ProgramData\Oracle
2013-10-20 16:27 - 2013-10-20 16:27 - 00004746 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log
2013-10-20 16:27 - 2013-07-29 20:50 - 00000000 ____D C:\Program Files (x86)\Java
2013-10-19 22:03 - 2013-08-01 18:47 - 00000000 ____D C:\Users\David\AppData\Local\Google

Some content of TEMP:
====================
C:\Users\David\AppData\Local\Temp\sqlite-3.6.20-sqlitejdbc.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-10 12:43

==================== End Of Log ============================



C. Contents of the Addition.txt:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-11-2013 02
Ran by David at 2013-11-17 18:16:59
Running from C:\Users\David\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Norton Security Suite (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security Suite (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

Adobe AIR (x32 Version: 3.9.0.1030)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Reader XI (11.0.05) (x32 Version: 11.0.05)
Audacity 2.0.5 (x32 Version: 2.0.5)
Creative ALchemy (x32 Version: 1.43)
Creative Audio Console (x32 Version: 1.33)
Creative Software AutoUpdate (x32 Version: 1.40)
Creative WaveStudio 7 (x32 Version: 7.14)
Definition Update for Microsoft Office 2013 (KB2760587) 64-Bit Edition
DING! (x32 Version: 1.05.005)
EPSON Scan (x32)
EPSON WorkForce 500 Series Printer Uninstall
eReg (x32 Version: 1.20.138.34)
ESET Online Scanner v3 (x32)
FLAC 1.2.1b (remove only) (x32 Version: 1.2.1b)
foobar2000 v1.2.9 (x32 Version: 1.2.9)
GeForce Experience NvStream Client Components (Version: 1.6.28)
Google Chrome (x32 Version: 31.0.1650.57)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Toolbar for Internet Explorer (x32 Version: 7.5.4601.54)
Google Update Helper (x32 Version: 1.3.21.165)
Intel(R) Management Engine Components (x32 Version: 9.0.0.1323)
Intel(R) Rapid Storage Technology (Version: 12.0.0.1083)
Intel(R) USB 3.0 eXtensible Host Controller Driver (x32 Version: 2.0.0.100)
Intel® Trusted Connect Service Client (Version: 1.27.798.1)
Java 7 Update 45 (x32 Version: 7.0.450)
Java Auto Updater (x32 Version: 2.1.9.8)
Logitech SetPoint 6.61 (Version: 6.61.15)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Access MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Access Setup Metadata MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft DCF MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Excel MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Groove MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft InfoPath MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Lync MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Mouse and Keyboard Center (Version: 2.2.173.0)
Microsoft Office 32-bit Components 2013 (Version: 15.0.4420.1017)
Microsoft Office OSM MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Office OSM UX MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Office Professional 2013 - en-us (Version: 15.0.4551.1005)
Microsoft Office Professional Plus 2013 (Version: 15.0.4420.1017)
Microsoft Office Proofing (English) 2013 (Version: 15.0.4420.1017)
Microsoft Office Proofing Tools 2013 - English (Version: 15.0.4420.1017)
Microsoft Office Proofing Tools 2013 - Español (Version: 15.0.4420.1017)
Microsoft Office Shared 32-bit MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Office Shared MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Office Shared Setup Metadata MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft OneNote MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Outlook MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft PowerPoint MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Publisher MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SkyDrive (HKCU Version: 17.0.2015.0811)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Word MUI (English) 2013 (Version: 15.0.4420.1017)
Mimo (x32 Version: 0.2.5)
MotoCast (x32 Version: 2.0.31)
Motorola Device Manager (x32 Version: 2.4.3)
Motorola Device Software Update (x32 Version: 13.07.3101)
MOTOROLA MEDIA LINK (x32 Version: 1.9.0002.0)
Motorola Mobile Drivers Installation 6.2.0 (Version: 6.2.0)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0)
Newsbin Pro (Version: 6.42)
Norton Security Suite (x32 Version: 20.4.0.40)
NVIDIA 3D Vision Controller Driver 331.58 (Version: 331.58)
NVIDIA 3D Vision Driver 331.58 (Version: 331.58)
NVIDIA Control Panel 331.58 (Version: 331.58)
NVIDIA GeForce Experience 1.7 (Version: 1.7)
NVIDIA Graphics Driver 331.58 (Version: 331.58)
NVIDIA HD Audio Driver 1.3.26.4 (Version: 1.3.26.4)
NVIDIA Install Application (Version: 2.1002.140.952)
NVIDIA LED Visualizer 1.0 (Version: 1.0)
NVIDIA PhysX (x32 Version: 9.13.0725)
NVIDIA PhysX System Software 9.13.0725 (Version: 9.13.0725)
NVIDIA ShadowPlay 9.3.16 (Version: 9.3.16)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3158)
NVIDIA Update 9.3.16 (Version: 9.3.16)
NVIDIA Update Components (Version: 9.3.16)
NVIDIA Virtual Audio 1.2.9 (Version: 1.2.9)
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4551.1005)
Office 15 Click-to-Run Licensing Component (Version: 15.0.4551.1005)
Office 15 Click-to-Run Localization Component (Version: 15.0.4551.1005)
OpenAL (x32)
OpenVPN 2.2.2 (x32 Version: 2.2.2)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017)
Pandora (x32 Version: 2.0.8)
QuickPar 0.9 (x32 Version: 0.9)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6875)
SHIELD Streaming (Version: 1.6.34)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3)
Update for Microsoft Access 2013 (KB2768008) 64-Bit Edition
Update for Microsoft InfoPath 2013 (KB2752078) 64-Bit Edition
Update for Microsoft Lync 2013 (KB2817678) 64-Bit Edition
Update for Microsoft Lync 2013 (KB2825630) 64-Bit Edition
Update for Microsoft Office 2013 (KB2726954) 64-Bit Edition
Update for Microsoft Office 2013 (KB2726996) 64-Bit Edition
Update for Microsoft Office 2013 (KB2738038) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760224) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760242) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760257) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760267) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760539) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760553) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760610) 64-Bit Edition
Update for Microsoft Office 2013 (KB2767845) 64-Bit Edition
Update for Microsoft Office 2013 (KB2768016) 64-Bit Edition
Update for Microsoft Office 2013 (KB2817309) 64-Bit Edition
Update for Microsoft Office 2013 (KB2817311) 64-Bit Edition
Update for Microsoft Office 2013 (KB2817314) 64-Bit Edition
Update for Microsoft Office 2013 (KB2817316) 64-Bit Edition
Update for Microsoft Office 2013 (KB2817490) 64-Bit Edition
Update for Microsoft Office 2013 (KB2817626) 64-Bit Edition
Update for Microsoft Office 2013 (KB2817640) 64-Bit Edition
Update for Microsoft Office 2013 (KB2827225) 64-Bit Edition
Update for Microsoft Office 2013 (KB2827230) 64-Bit Edition
Update for Microsoft Office 2013 (KB2827239) 64-Bit Edition
Update for Microsoft Office 2013 (KB2837643) 64-Bit Edition
Update for Microsoft Office 2013 (KB2837649) 64-Bit Edition
Update for Microsoft OneNote 2013 (KB2837642) 64-Bit Edition
Update for Microsoft PowerPoint 2013 (KB2726947) 64-Bit Edition
Update for Microsoft PowerPoint 2013 (KB2817625) 64-Bit Edition
Update for Microsoft Project 2013 (KB2767859) 64-Bit Edition
Update for Microsoft Publisher 2013 (KB2752097) 64-Bit Edition
Update for Microsoft SkyDrive Pro (KB2837652) 64-Bit Edition
Update for Microsoft Visio 2013 (KB2752018) 64-Bit Edition
Update for Microsoft Visio Viewer 2013 (KB2768338) 64-Bit Edition
Update for Microsoft Word 2013 (KB2817631) 64-Bit Edition
Update for Microsoft Word 2013 (KB2837630) 64-Bit Edition
VLC media player 2.0.8 (Version: 2.0.8)
VyprVPN (x32 Version: 1.4.1.601)
WinRAR 5.00 beta 8 (64-bit) (Version: 5.00.8)

==================== Restore Points =========================

13-11-2013 21:10:36 Windows Update
14-11-2013 03:42:45 System Restore 11/13/13
16-11-2013 00:28:20 OTL Restore Point - 11/15/2013 4:28:19 PM
16-11-2013 10:18:12 Windows Update
16-11-2013 21:59:35 OTL Restore Point - 11/16/2013 1:59:34 PM

==================== Hosts content: ==========================

2009-07-13 18:34 - 2009-06-10 13:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0C650228-84D9-4E52-8874-BAFE9884E300} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {10DC2758-0F96-4BD3-AF8F-1ACB8BD2C662} - System32\Tasks\VyprVPN => C:\Program Files (x86)/VyprVPN\VyprVPN.exe [2012-11-02] (GoldenFrog)
Task: {141CB473-F5E9-43DB-8E96-906E9C9268AD} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-07-31] ()
Task: {1CACFAC9-89FF-4AFB-9354-245454664E67} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\MouseKeyboardCenter.exe [2013-05-13] (Microsoft)
Task: {257E1A9E-6E0A-4B17-9394-56757398A88C} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {4E25C916-9D7B-4D83-BCF3-C4F1C230833C} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {57FFBFAF-1C1D-44E5-9A86-238F73D827A0} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-07-31] ()
Task: {72437B86-869D-447D-84E4-EE88C7B575E1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-08] (Adobe Systems Incorporated)
Task: {86BE1B95-707A-4065-BCC2-0A1A9241675C} - System32\Tasks\Norton Security Suite\Norton Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\symerr.exe [2013-06-03] (Symantec Corporation)
Task: {884FFC17-0247-4E98-949C-BB9D61F604CE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-30] (Google Inc.)
Task: {920FED47-9AFE-4A4E-B3AE-91997064C62F} - System32\Tasks\MotoCast Update => C:\Program Files (x86)\Motorola Mobility\MotoCast\LiveUpdate\MotoCastUpdate.exe [2012-07-24] ()
Task: {9B116689-553F-488F-9891-D931D70D53CC} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {9D3C71D4-26C8-47B9-B1EF-90AD90BB1DD7} - System32\Tasks\Norton Security Suite\Norton Error Processor => C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\symerr.exe [2013-06-03] (Symantec Corporation)
Task: {C61690D5-F788-4BFC-870B-92E0B18A4B9B} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-07-31] ()
Task: {CBAD4124-3DFA-4C5E-86E8-3838F0F04AC0} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {E312EAE3-538A-4144-9044-45AD8371E5EC} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\wscstub.exe [2013-06-03] (Symantec Corporation)
Task: {E46B9CDE-1BC5-4FA3-8CE8-ABEF48C45B26} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-30] (Google Inc.)
Task: {EC2C6A7A-F455-4A9F-9F47-0EF5058BFC0C} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {EF24283F-E52E-4157-A01E-3671D4BB1215} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {F4636A10-E150-42ED-B1AC-5E6005A48387} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {FAA9B0DD-0281-44B0-BB91-4557A190D86E} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-09-17] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-10-17 11:25 - 2013-10-17 11:25 - 08866472 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-02-01 08:30 - 2013-02-01 08:30 - 00332288 _____ () C:\Program Files\Newsbin\Par2Repair64.dll
2013-11-12 19:20 - 2013-11-12 19:20 - 00393384 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream64.dll
2013-11-12 19:20 - 2013-11-12 19:20 - 00520872 _____ () C:\Program Files\Microsoft Office 15\root\office15\c2r64.dll
2013-11-12 19:20 - 2013-11-12 19:21 - 01421480 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\ADDINS\UmOutlookAddin.dll
2013-07-23 08:01 - 2013-11-17 13:20 - 00027648 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.01\PEbiosinterface32.dll
2013-07-23 08:01 - 2012-05-07 08:04 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.01\ATKEX.dll
2012-09-07 20:35 - 2012-09-07 20:35 - 00128960 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\liveupdatetactics.dll
2012-09-07 20:35 - 2012-09-07 20:35 - 00024496 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\DbAccess.dll
2012-09-07 20:37 - 2012-09-07 20:37 - 00466256 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\sqlite3.dll
2012-09-07 20:36 - 2012-09-07 20:36 - 00045992 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\NAdvLog.dll
2012-09-07 20:36 - 2012-09-07 20:36 - 00034752 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\NFileCacheDBAccess.dll
2013-06-20 13:35 - 2013-06-20 13:35 - 00172032 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\css_core.dll
2013-07-30 19:19 - 2012-05-30 06:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON SECURITY SUITE\ENGINE\20.4.0.40\wincfi39.dll
2013-07-23 08:06 - 2013-03-12 12:19 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/17/2013 05:59:02 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/17/2013 02:14:00 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/17/2013 01:22:02 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/17/2013 01:20:14 PM) (Source: NvStreamSvc) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]

Error: (11/17/2013 01:20:14 PM) (Source: NvStreamSvc) (User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]

Error: (11/17/2013 01:20:14 PM) (Source: NvStreamSvc) (User: )
Description: NvStreamSvcNvVAD endpoint registration failed [0]

Error: (11/17/2013 10:31:05 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/17/2013 10:29:17 AM) (Source: NvStreamSvc) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]

Error: (11/17/2013 10:29:17 AM) (Source: NvStreamSvc) (User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]

Error: (11/17/2013 10:29:17 AM) (Source: NvStreamSvc) (User: )
Description: NvStreamSvcNvVAD endpoint registration failed [0]


System errors:
=============
Error: (11/16/2013 01:59:24 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Stereoscopic 3D Driver Service service terminated unexpectedly. It has done this 1 time(s).

Error: (11/15/2013 04:28:09 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Stereoscopic 3D Driver Service service terminated unexpectedly. It has done this 1 time(s).

Error: (11/15/2013 02:59:38 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 2:26:53 PM on ‎11/‎15/‎2013 was unexpected.

Error: (11/15/2013 02:05:53 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 1:15:13 PM on ‎11/‎15/‎2013 was unexpected.


Microsoft Office Sessions:
=========================
Error: (11/17/2013 05:59:02 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (11/17/2013 02:14:00 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\David\Downloads\esetsmartinstaller_enu.exe

Error: (11/17/2013 01:22:02 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/17/2013 01:20:14 PM) (Source: NvStreamSvc)(User: )
Description: NvStreamSvcNvVAD initialization failed [6]

Error: (11/17/2013 01:20:14 PM) (Source: NvStreamSvc)(User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]

Error: (11/17/2013 01:20:14 PM) (Source: NvStreamSvc)(User: )
Description: NvStreamSvcNvVAD endpoint registration failed [0]

Error: (11/17/2013 10:31:05 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/17/2013 10:29:17 AM) (Source: NvStreamSvc)(User: )
Description: NvStreamSvcNvVAD initialization failed [6]

Error: (11/17/2013 10:29:17 AM) (Source: NvStreamSvc)(User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]

Error: (11/17/2013 10:29:17 AM) (Source: NvStreamSvc)(User: )
Description: NvStreamSvcNvVAD endpoint registration failed [0]


==================== Memory info ===========================

Percentage of memory in use: 32%
Total physical RAM: 16322.02 MB
Available physical RAM: 11076.36 MB
Total Pagefile: 32642.21 MB
Available Pagefile: 27484.58 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.69 GB) (Free:19.61 GB) NTFS
Drive e: (Old C drive) (Fixed) (Total:128 GB) (Free:19.89 GB) NTFS
Drive f: (New Volume) (Fixed) (Total:931.51 GB) (Free:686.73 GB) NTFS
Drive g: (OldStorage) (Fixed) (Total:698.63 GB) (Free:52.46 GB) NTFS
Drive h: (LazarusData) (Fixed) (Total:570.64 GB) (Free:115.76 GB) NTFS
Drive j: () (Removable) (Total:1.86 GB) (Free:1.47 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: 28CACF1C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=112 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 4B890010)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 699 GB) (Disk ID: 36283627)
Partition 2: (Not Active) - (Size=699 GB) - (Type=OF Extended)

========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 699 GB) (Disk ID: 00000001)
Partition 1: (Active) - (Size=128 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=571 GB) - (Type=OF Extended)

========================================================
Disk: 5 (Size: 2 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=2 GB) - (Type=06)

==================== End Of Log ============================


D. Contents of the OTL log:

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== FILES ==========
File\Folder C:\Users\David\AppData\Local\Slick Savings\*.* not found.
File\Folder C:\Users\David\AppData\Roaming\Slick Savings\*.* not found.
File\Folder C:\Program Files (x86)\Common Files\Spigot not found.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\34B66CF356D744245B0C8EDE24AC03DC not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8740C21CF79D2514E94A247F4DEFE091 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E83F13912F1FBF64390A163E8464B6C7 not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj\\path deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj\\path deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp\\path deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj\ deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: David
->Temp folder emptied: 49032034 bytes
->Temporary Internet Files folder emptied: 2296823 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 255682486 bytes
->Flash cache emptied: 598 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2214 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 952999379 bytes

Total Files Cleaned = 1,202.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: David
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: Administrator
->Java cache emptied: 0 bytes

User: All Users

User: David
->Java cache emptied: 0 bytes

User: Default

User: Default User

User: Public

User: UpdatusUser

Total Java Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 11172013_182231

Files\Folders moved on Reboot...
C:\Users\David\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
C:\Windows\temp\FireFly(20131117132012994).log moved successfully.
C:\Windows\temp\integratedoffice.exe_c2ruidll(20131117132012994).log moved successfully.
C:\Windows\temp\integratedoffice.exe_streamserver(20131117132012994).log moved successfully.
File move failed. C:\Windows\temp\ood_stream.x64.en-us.dat scheduled to be moved on reboot.
File move failed. C:\Windows\temp\ood_stream.x64.x-none.dat scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...



E. Contents of the SystemLook.txt log:

SystemLook 30.07.11 by jpshortstuff
Log created at 18:29 on 17/11/2013 by David
Administrator - Elevation successful



F. No change. Still get the second tab in Chrome for a Yahoo/spigot search.


Thanks for hanging in there with me!

========== filefind ==========

Searching for "*spigot*"
No files found.

========== folderfind ==========

Searching for "*spigot*"
No folders found.

========== Regfind ==========

Searching for "spigot"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Common Files\Spigot\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Common Files\Spigot\GC\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\34B66CF356D744245B0C8EDE24AC03DC]
"00000000000000000000000000000000"="C:\Program Files (x86)\Common Files\Spigot\GC\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8740C21CF79D2514E94A247F4DEFE091]
"00000000000000000000000000000000"="C:\Program Files (x86)\Common Files\Spigot\GC\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E83F13912F1FBF64390A163E8464B6C7]
"00000000000000000000000000000000"="C:\Program Files (x86)\Common Files\Spigot\GC\"

Searching for "mhkaekfpcppmmioggniknbnbdbcigpkk"
No data found.

Searching for "pfndaklgolladniicklehhancnlgocpp"
No data found.

Searching for "icdlfehblmklkikfigmjhbmmpmkmpooj"
No data found.

Searching for "hbcennhacfaagdopikcegfcobcadeocj"
No data found.

Searching for "{4593F72F-836C-4A7E-8F54-B3B1CE3D1CB5}"
No data found.

-= EOF =-
Mao55
Active Member
 
Posts: 14
Joined: November 12th, 2013, 2:42 am

Re: Spigot/Yahoo infection from YDT install

Unread postby pgmigg » November 19th, 2013, 1:33 am

Hello Mao55,

A. Downloading FRST64.exe using IE and saving it to the desktop (I saved it to the desktop using Chrome as well) and running it did not yield the version error this time. No problems at all.
Good job! :D

Step 1.
Run A Fix With FRST
  1. Please copy the following text into a new Notepad document.
    (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
    Code: Select all
    Start
    SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.search.ask.com/web?q= {SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=S1122&geo=US&ver=20&locale=en_US&gct=kwd&qsrc=2869
    CHR RestoreOnStartup: "hxxp://www.google.com/", "hxxp://search.yahoo.com/?type=407453&fr=spigot-yhp-ch"
    CHR HKLM-x32\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.1.crx
    CHR HKLM-x32\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files (x86)\Common Files\Spigot\GC\errorassistant_1.1.crx
    CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\Exts\Chrome.crx
    CHR HKLM-x32\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx
    End
    
  2. Save it to your Desktop as filename fixlist.txt
    NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.
  3. Double-click on FRST64.exe to run it and press the Fix button just once. Then wait.
  4. When it finished the tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Step 2.
Set Default search engine in Chrome
  1. Please open Google Chrome. You can set one search engine to always be used for processing search queries you type in the address bar.
  2. Click the Tools menu.
  3. Select Options.
  4. Click the Basics tab.
  5. Select the search engine from the 'Default search' drop-down menu that you'd like Google Chrome to use.
    Make sure it is NOT search.yahoo.com
  6. If your desired search engine doesn't appear in the drop-down menu, click the Manage button. In the 'Search Engines' dialog box, select the search engine name that you'd like to use by default, click the Make Default button, and click the Close button on the 'Search Engines' dialog box.
  7. Click the Close button.

If you've turned on the auto-suggestions feature, Google Chrome checks to see if a suggestions service is provided by your default search engine.
If one isn't provided, then Google Suggest is the default suggestions service in use.

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the Fixlog.txt log file
  3. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3187
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Spigot/Yahoo infection from YDT install

Unread postby Mao55 » November 20th, 2013, 1:41 am

Hello pgmigg,

When I click on FRST64.exe on my desktop, I again get the message that the version is outdated, and it is strongly recommended to download the latest version, click Yes to d/l.

Should I click yes to d/l the current version?

Thanks.
Mao55
Active Member
 
Posts: 14
Joined: November 12th, 2013, 2:42 am

Re: Spigot/Yahoo infection from YDT install

Unread postby pgmigg » November 20th, 2013, 10:41 am

Hello Mao55,

Should I click yes to d/l the current version?
Yes, please do it. This notification produced by FRST itself and you need click on 'Yes' and follow the prompts...

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3187
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Spigot/Yahoo infection from YDT install

Unread postby Mao55 » November 22nd, 2013, 4:44 am

A. Yes, I did have trouble following the instructions in Step 2., as described below.

B. Fixlog.txt

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-11-2013
Ran by David at 2013-11-22 00:03:07 Run:1
Running from C:\Users\David\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.search.ask.com/web?q= {SEARCHTERMS}

&o=APN10506&l=dis&prt=360&chn=S1122&geo=US&ver=20&locale=en_US&gct=kwd&qsrc=2869
CHR RestoreOnStartup: "hxxp://www.google.com/", "hxxp://search.yahoo.com/?type=407453&fr=spigot-yhp-ch"
CHR HKLM-x32\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.1.crx
CHR HKLM-x32\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files (x86)\Common Files\Spigot\GC\errorassistant_1.1.crx
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\Exts\Chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx
End
*****************

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} => Key deleted successfully.
HKCR\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} => Key not found.
CHR RestoreOnStartup: "hxxp://www.google.com/", "hxxp://search.yahoo.com/?type=407453&fr=spigot-yhp-ch" ==> The Chrome "Settings" can be used to fix the entry.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj => Key not found.
"C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.1.crx" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj => Key not found.
"C:\Program Files (x86)\Common Files\Spigot\GC\errorassistant_1.1.crx" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk => Key deleted successfully.
Could not move "C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\Exts\Chrome.crx" => Scheduled to move on reboot.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp => Key not found.
"C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx" => File/Directory not found.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2013-11-22 00:05:42)<=

"C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\Exts\Chrome.crx" => File could not move.

==== End of Fixlog ====




Step. 2. I didn't find the path in Step 2 to get to "Default search." There was no Tools/Options/Basic path. How I found to get there, where I think was intended, was:

Customize and Control Google Chrome (top right three horizontal bars)
Settings
Search
Manage search engines button

There, under Search engines, default search settings, Google is already selected as the default. Also listed is Yahoo, but not as the default, and it has the URL: http://search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p=%s
For what it's worth, when I open Chrome, and it has that second tab for a Yahoo search, that tab address bar has the URL: http://search.yahoo.com/?type=407453&fr=spigot-yhp-ch.

Before contacting malwareremoval.com, I did try deleting Yahoo from this list, but it kept coming back. If you'd like, I can delete it again, but as it doesn't have the same URL, I'm not sure if that would help.

Thanks for hanging tough with me, pgmigg!
Mao55
Active Member
 
Posts: 14
Joined: November 12th, 2013, 2:42 am

Re: Spigot/Yahoo infection from YDT install

Unread postby pgmigg » November 23rd, 2013, 2:08 pm

Hello Mao55,

Step. 2. I didn't find the path in Step 2 to get to "Default search." There was no Tools/Options/Basic path. How I found to get there, where I think was intended, was:

Customize and Control Google Chrome (top right three horizontal bars)
Settings
Search
Manage search engines button
Yes, you are right - my mistake. :oops: But you found the good sequence of steps...

Let do the following:

Step 1.
Save Chrome Bookmarks
  1. Please open Google Chrome browser.
  2. Under Customize and Control Google Chrome (top right three horizontal bars) select Bookmarks -> Bookmark manager. Then under Organize list please select Export bookmarks to HTML file... and save it on your Desktop with suggested file name looks like "bookmarks_CurrentDate.html".

Uninstall Chrome
  1. Click on Start, then click the Start Search box on the Start Menu.
  2. Copy and paste the value below without the words 'Code: Select All' into the open text entry box:
    Code: Select all
     appwiz.cpl 
    and press Enter - the Unistall or change a program list will be opened.
  3. Click each Entry, as follows, one by one, if it exists, choose Uninstall, and give permission to Continue:
    Google Chrome
  4. Take extra care in answering questions posed by any Uninstaller.
  5. When the program(s) have been uninstalled, please close Control Panel.
  6. Reboot you computer.

Step 2.
Run A Fix With FRST
  1. Please copy the following text into a new Notepad document.
    (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
    Code: Select all
    Start
    SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.search.ask.com/web?q= {SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=S1122&geo=US&ver=20&locale=en_US&gct=kwd&qsrc=2869
    CHR RestoreOnStartup: "hxxp://www.google.com/", "hxxp://search.yahoo.com/?type=407453&fr=spigot-yhp-ch"
    CHR HKLM-x32\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.1.crx
    CHR HKLM-x32\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files (x86)\Common Files\Spigot\GC\errorassistant_1.1.crx
    CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\Exts\Chrome.crx
    CHR HKLM-x32\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx
    End
    
  2. Save it to your Desktop as filename fixlist.txt.
    NOTE. If this file exists already please rewrite it.
    NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.
  3. Double-click on FRST64.exe to run it and press the Fix button just once. Then wait.
  4. When it finished the tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
  5. Reboot you computer.

Step 3.
Install Fresh Google Chrome
  1. Please open Internet Explore and go to Download Chome page.
  2. Click on blue Download Chrome button and follow prompts... When installation finished the new Chome windows will be opened.
  3. Go to Customize and Control Google Chrome, select Bookmarks -> Bookmark manager. Then under Organize list please select Import bookmarks to HTML file..., navigate to saved "bookmarks_CurrentDate.html" and click on Open.

Set Default search engine in Chrome
  1. Please open Google Chrome.
  2. Go to Customize and Control Google Chrome, select Settings and then select the Manage search engine under Search section.
  3. If there is anything else except Google (default), please remove all of them and mark Google search engine as Default.
  4. Click the Close button and close the Chrome browser window.
  5. Restart Chrome.

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the Fixlog.txt log file
  3. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3187
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Spigot/Yahoo infection from YDT install

Unread postby Mao55 » November 27th, 2013, 12:54 am

YAHTZEE! The Yahoo/spigot tab is gone!

A. Once again, clicking on FRST64.exe yielded a message that it was outdated and that I needed to d/l a current copy. I let it d/l the newer version and used it.

B. Contents of Fixlog.txt:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-11-2013 01
Ran by David at 2013-11-26 20:34:58 Run:2
Running from C:\Users\David\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.search.ask.com/web?q= {SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=S1122&geo=US&ver=20&locale=en_US&gct=kwd&qsrc=2869
CHR RestoreOnStartup: "hxxp://www.google.com/", "hxxp://search.yahoo.com/?type=407453&fr=spigot-yhp-ch"
CHR HKLM-x32\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.1.crx
CHR HKLM-x32\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files (x86)\Common Files\Spigot\GC\errorassistant_1.1.crx
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\Exts\Chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx
End
*****************

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} => Key not found.
HKCR\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} => Key not found.
CHR RestoreOnStartup: "hxxp://www.google.com/", "hxxp://search.yahoo.com/?type=407453&fr=spigot-yhp-ch" ==> The Chrome "Settings" can be used to fix the entry.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj => Key not found.
"C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.1.crx" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj => Key not found.
"C:\Program Files (x86)\Common Files\Spigot\GC\errorassistant_1.1.crx" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk => Key not found.
Could not move "C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\Exts\Chrome.crx" => Scheduled to move on reboot.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp => Key not found.
"C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx" => File/Directory not found.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2013-11-26 20:35:52)<=

"C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\Exts\Chrome.crx" => File could not move.

==== End of Fixlog ====



C. You betcha. Chrome still has a second tab, but it's not Yahoo/spigot. I see something about spigot in the Fixlog.txt, so I'm worried it's not 100% gone, but at least that damn tab is gone.

Let me know if there's more to do, or if I'm clean. Thanks again for hanging in on this one, pgmigg. Was this unusually hard to get rid of?
Mao55
Active Member
 
Posts: 14
Joined: November 12th, 2013, 2:42 am

Re: Spigot/Yahoo infection from YDT install

Unread postby pgmigg » November 27th, 2013, 1:23 am

Hello Mao55,
YAHTZEE! The Yahoo/spigot tab is gone!
Nice to read it! :D

Chrome still has a second tab, but it's not Yahoo/spigot.
Please tell me with details what kind of second Tab you see in Chrome.

Fresh OTL Scan
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Under Output, ensure that Standard Output is selected.
  3. Check the boxes labeled:
    • Include 64 bit scans
    • Scan All Users
    • Extra Registry > Use SafeList
  4. Click on Run Scan at the top left hand corner.
  5. When done, one Notepad file OTL.txt <-- Will be opened, maximized
  6. Please post the content of OTL.txt file ONLY in your next reply.

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Description about extra Tab in Chrome.
  3. Contents of the most recent OTL.txt file after fresh OTL scan
  4. Do you see any changes in computer behavior?

Please do not hesitate to divide the post into multiple if it is too long...

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3187
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Spigot/Yahoo infection from YDT install

Unread postby Mao55 » November 29th, 2013, 4:56 am

Hope you had a great Thanksgiving, pgmigg. :-)

A. No problems following or executing the instructions.

B. Chrome always has an "extra tab" in addition to whatever tab(s) you may already have open. At the very top of the page, you see the tab(s) you have open, and then at the very right is a smaller blank portion of a tab that you can click on to open a new tab page. This is an as-designed feature of Chrome, and is not a problem of any kind. I hope I didn't create the impression that this was not good. It was previously not good when Chrome, when opened, would always have a second tab in addition to your default home page tab, and that second tab was already at the Yahoo/Spigot page.

C. Contents of just-run OTL.txt file:

OTL logfile created on: 11/29/2013 12:41:51 AM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\David\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

15.94 Gb Total Physical Memory | 13.96 Gb Available Physical Memory | 87.58% Memory free
31.88 Gb Paging File | 29.86 Gb Available in Paging File | 93.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111.69 Gb Total Space | 22.73 Gb Free Space | 20.35% Space Free | Partition Type: NTFS
Drive E: | 128.00 Gb Total Space | 19.89 Gb Free Space | 15.54% Space Free | Partition Type: NTFS
Drive F: | 931.51 Gb Total Space | 640.06 Gb Free Space | 68.71% Space Free | Partition Type: NTFS
Drive G: | 698.63 Gb Total Space | 52.46 Gb Free Space | 7.51% Space Free | Partition Type: NTFS
Drive H: | 570.64 Gb Total Space | 115.75 Gb Free Space | 20.28% Space Free | Partition Type: NTFS
Drive J: | 1.86 Gb Total Space | 1.47 Gb Free Space | 78.63% Space Free | Partition Type: FAT

Computer Name: DIGITALSTORM-PC | User Name: David | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/11/15 10:29:30 | 000,020,912 | ---- | M] (Golden Frog, Inc.) -- C:\Program Files (x86)\VyprVPN\VyprVPNService.exe
PRC - [2013/11/12 21:22:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\David\Desktop\OTL.exe
PRC - [2013/10/17 17:35:01 | 001,028,384 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
PRC - [2013/10/17 17:34:28 | 001,914,656 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013/10/15 15:54:02 | 000,414,496 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013/08/22 05:10:14 | 000,676,152 | ---- | M] (The OpenVPN Project) -- C:\Program Files (x86)\OpenVPN\bin\openvpn.exe
PRC - [2013/07/31 07:44:44 | 000,137,528 | ---- | M] (Motorola Mobility LLC) -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
PRC - [2013/07/31 07:38:20 | 000,698,680 | ---- | M] (Motorola Mobility LLC) -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
PRC - [2013/05/20 20:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\ccsvchst.exe
PRC - [2013/05/11 02:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/03/12 12:20:08 | 000,366,552 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2013/03/12 12:19:38 | 000,169,432 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
PRC - [2013/03/05 19:08:42 | 000,291,128 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2013/01/31 14:20:50 | 000,286,192 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2013/01/31 14:20:50 | 000,015,344 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2012/10/28 23:48:16 | 000,927,232 | ---- | M] () -- C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe
PRC - [2012/09/07 20:36:46 | 000,087,992 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe
PRC - [2011/09/02 15:06:38 | 000,065,657 | ---- | M] (Motorola) -- C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
PRC - [2010/03/18 18:17:48 | 000,019,456 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CtHelper.exe
PRC - [2010/02/12 09:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe


========== Modules (No Company Name) ==========

MOD - [2013/10/09 20:02:27 | 001,227,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.WorkflowServ#\decc12017394d466b473669f85b31b5d\System.WorkflowServices.ni.dll
MOD - [2013/10/09 01:07:40 | 001,142,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\0aa6ae92cf58fb9d614d00132c439b39\System.ServiceModel.Discovery.ni.dll
MOD - [2013/10/09 01:07:40 | 000,369,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\c8823408f21cc24f6add84812f1caaaf\System.ServiceModel.Routing.ni.dll
MOD - [2013/10/09 01:07:39 | 000,082,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\53b16e9e500081433b043c3148d10239\System.ServiceModel.Channels.ni.dll
MOD - [2013/10/09 01:07:35 | 001,089,024 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\593b48b531c3445e6dae067cc6879cdd\System.ServiceModel.Web.ni.dll
MOD - [2013/10/09 01:06:49 | 001,394,176 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\5b0f72f144945b19324f94884e1e8699\System.ServiceModel.Activities.ni.dll
MOD - [2013/10/09 01:06:47 | 001,079,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\51ffeacb880d9c15fecc1c74f83e8973\System.IdentityModel.ni.dll
MOD - [2013/10/09 01:06:46 | 018,109,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\60608b811724b2711cb96817043c4dd8\System.ServiceModel.ni.dll
MOD - [2013/10/09 01:06:27 | 002,659,328 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\10519c5a16fab95707f40b55941647b5\System.Runtime.Serialization.ni.dll
MOD - [2013/10/09 01:06:27 | 001,021,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\10ef07233e429503b5bc942aa6194fe8\System.Runtime.DurableInstancing.ni.dll
MOD - [2013/10/09 01:04:16 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\e40d894a772b2cff5ffd5a84ef20d2d4\System.Windows.Forms.ni.dll
MOD - [2013/10/09 01:04:14 | 007,070,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dac1208781fdd0b960afc12efff42944\System.Core.ni.dll
MOD - [2013/10/09 01:04:11 | 001,014,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\71d887ce964fb69b7f03c4fe7a3f28ff\System.Configuration.ni.dll
MOD - [2013/08/14 20:18:17 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\af7d7a2e47e0ac57b4f0fe5e0c1cda9a\SMDiagnostics.ni.dll
MOD - [2013/08/14 00:16:35 | 005,628,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\884bcbd22130ebeb1211bc7bcc3910c9\System.Xml.ni.dll
MOD - [2013/08/14 00:16:33 | 009,099,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\de853615c8224ba5d9aa9b76276c6d98\System.ni.dll
MOD - [2013/08/14 00:16:33 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\3a3fc0216674bdea0be809b305517c98\System.Drawing.ni.dll
MOD - [2013/07/31 22:58:47 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\cf58670896c5313b9b52f026f4455a5d\mscorlib.ni.dll
MOD - [2012/05/30 06:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\wincfi39.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/11/12 03:00:27 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/10/17 17:35:51 | 015,122,208 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV:64bit: - [2013/09/17 17:57:32 | 001,907,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe -- (OfficeSvc)
SRV:64bit: - [2013/06/13 11:31:10 | 000,357,144 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2013/05/26 21:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/02/13 11:47:04 | 000,820,184 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe -- (Intel(R)
SRV:64bit: - [2013/02/13 11:46:48 | 000,731,648 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV:64bit: - [2013/01/31 14:20:50 | 000,015,344 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2013/11/15 10:29:30 | 000,020,912 | ---- | M] (Golden Frog, Inc.) [Auto | Running] -- C:\Program Files (x86)\VyprVPN\VyprVPNService.exe -- (VyprVPN)
SRV - [2013/10/17 17:34:28 | 001,914,656 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/10/15 15:54:02 | 000,414,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013/10/08 23:34:08 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/08/22 05:10:14 | 000,032,568 | ---- | M] (The OpenVPN Project) [On_Demand | Stopped] -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2013/07/31 07:44:44 | 000,137,528 | ---- | M] (Motorola Mobility LLC) [Auto | Running] -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe -- (Motorola Device Manager)
SRV - [2013/07/30 23:27:40 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2013/07/30 23:18:46 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2013/05/20 20:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\ccSvcHst.exe -- (N360)
SRV - [2013/05/11 02:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/03/12 12:20:08 | 000,366,552 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2013/03/12 12:19:38 | 000,169,432 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2012/10/28 23:48:16 | 000,927,232 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe -- (asComSvc)
SRV - [2012/09/07 20:36:46 | 000,087,992 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe -- (DeviceMonitorService)
SRV - [2011/09/02 15:06:38 | 000,065,657 | ---- | M] (Motorola) [Auto | Running] -- C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe -- (PST Service)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/12 09:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/12/17 03:00:00 | 000,163,840 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE -- (EPSON_EB_RPCV4_01)
SRV - [2007/01/11 03:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/09/27 15:01:44 | 000,039,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2013/08/22 04:40:24 | 000,040,664 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2013/07/30 19:19:03 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013/06/16 04:38:15 | 000,196,384 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2013/05/22 22:12:52 | 000,059,160 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2013/05/22 22:12:50 | 000,076,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2013/05/22 22:12:48 | 000,077,592 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:64bit: - [2013/05/22 22:12:48 | 000,013,080 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)
DRV:64bit: - [2013/05/22 21:25:28 | 001,139,800 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symefa64.sys -- (SymEFA)
DRV:64bit: - [2013/05/20 21:02:00 | 000,493,656 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symds64.sys -- (SymDS)
DRV:64bit: - [2013/05/15 21:02:14 | 000,796,760 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2013/05/13 14:36:06 | 000,050,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2013/04/24 16:43:56 | 000,433,752 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symnets.sys -- (SymNetS)
DRV:64bit: - [2013/04/15 18:41:14 | 000,169,048 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\ccsetx64.sys -- (ccSet_N360)
DRV:64bit: - [2013/04/04 13:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/03/25 13:41:46 | 000,076,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2013/03/20 08:51:14 | 000,006,144 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motfilt.sys -- (BTCFilterService)
DRV:64bit: - [2013/03/20 08:49:34 | 000,012,288 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motusbdevice.sys -- (motusbdevice)
DRV:64bit: - [2013/03/19 16:25:46 | 000,027,648 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Motousbnet.sys -- (Motousbnet)
DRV:64bit: - [2013/03/19 16:25:28 | 000,023,552 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgp.sys -- (motccgp)
DRV:64bit: - [2013/03/12 12:19:38 | 000,064,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2013/03/04 17:21:36 | 000,036,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2013/01/31 14:20:10 | 000,652,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2013/01/31 14:20:10 | 000,028,656 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorF.sys -- (iaStorF)
DRV:64bit: - [2012/12/27 00:26:12 | 000,805,088 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2012/12/20 14:44:10 | 000,786,056 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012/12/20 14:44:10 | 000,366,216 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012/12/20 14:44:10 | 000,020,616 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2012/08/23 06:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 06:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 06:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/07/27 19:05:22 | 000,224,416 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012/06/08 15:08:54 | 000,008,832 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motswch.sys -- (MotoSwitchService)
DRV:64bit: - [2012/02/29 22:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/22 06:21:46 | 000,395,752 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011/11/22 06:21:46 | 000,130,024 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2011/10/25 09:57:38 | 000,213,504 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011/10/25 09:57:38 | 000,096,768 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011/06/15 19:36:44 | 000,201,376 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2011/06/15 19:36:44 | 000,154,272 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2011/06/15 19:36:42 | 000,051,872 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AthDfu.sys -- (AthDfu)
DRV:64bit: - [2011/06/15 19:36:42 | 000,029,344 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2011/05/21 19:28:38 | 000,176,640 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ViaHub3.sys -- (VUSB3HUB)
DRV:64bit: - [2011/05/21 19:28:28 | 000,230,400 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xhcdrv.sys -- (xhcdrv)
DRV:64bit: - [2011/03/10 22:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 22:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 19:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/06/16 21:15:36 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie)
DRV:64bit: - [2010/03/18 19:52:18 | 000,295,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\haP17v2k.sys -- (hap17v2k)
DRV:64bit: - [2010/03/18 19:52:10 | 000,259,672 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\haP16v2k.sys -- (hap16v2k)
DRV:64bit: - [2010/03/18 19:52:02 | 001,360,984 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV:64bit: - [2010/03/18 19:51:50 | 000,147,544 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2010/03/18 19:51:34 | 000,290,392 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2010/03/18 19:51:26 | 000,016,984 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2010/03/18 19:51:18 | 000,221,272 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2010/03/18 19:51:00 | 000,026,328 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctgame.sys -- (ctgame)
DRV:64bit: - [2010/03/18 19:50:52 | 000,866,264 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k)
DRV:64bit: - [2010/03/18 19:50:42 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2010/03/18 19:40:10 | 000,141,912 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTERFXFX.sys -- (CTERFXFX.SYS)
DRV:64bit: - [2010/03/18 19:40:10 | 000,141,912 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTERFXFX.sys -- (CTERFXFX)
DRV:64bit: - [2010/03/18 19:40:02 | 000,681,048 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTSBLFX.sys -- (CTSBLFX.SYS)
DRV:64bit: - [2010/03/18 19:40:02 | 000,681,048 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTSBLFX.sys -- (CTSBLFX)
DRV:64bit: - [2010/03/18 19:39:54 | 000,706,648 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTAUDFX.sys -- (CTAUDFX.SYS)
DRV:64bit: - [2010/03/18 19:39:54 | 000,706,648 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTAUDFX.sys -- (CTAUDFX)
DRV:64bit: - [2010/03/18 19:39:44 | 000,158,808 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\COMMONFX.sys -- (COMMONFX.SYS)
DRV:64bit: - [2010/03/18 19:39:44 | 000,158,808 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\COMMONFX.sys -- (COMMONFX)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2013/11/21 00:45:43 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2013/11/21 00:45:43 | 000,137,648 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/10/28 09:41:15 | 000,521,816 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20131127.001\IDSviA64.sys -- (IDSVia64)
DRV - [2013/10/22 15:11:13 | 001,524,824 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20131114.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2013/09/15 05:38:04 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20131128.002\ex64.sys -- (NAVEX15)
DRV - [2013/09/15 05:38:04 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20131128.002\eng64.sys -- (NAVENG)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3054523023-1695870301-3392585106-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.com/ [binary data]
IE - HKU\S-1-5-21-3054523023-1695870301-3392585106-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3054523023-1695870301-3392585106-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3054523023-1695870301-3392585106-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F7 CC 54 A7 99 8D CE 01 [binary data]
IE - HKU\S-1-5-21-3054523023-1695870301-3392585106-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3054523023-1695870301-3392585106-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3054523023-1695870301-3392585106-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3054523023-1695870301-3392585106-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-21-3054523023-1695870301-3392585106-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-3054523023-1695870301-3392585106-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-3054523023-1695870301-3392585106-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5C 00 93 79 2A EB CE 01 [binary data]
IE - HKU\S-1-5-21-3054523023-1695870301-3392585106-1003\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-3054523023-1695870301-3392585106-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7WQIB_enUS547
IE - HKU\S-1-5-21-3054523023-1695870301-3392585106-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3054523023-1695870301-3392585106-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:8080


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\Root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn\ [2013/11/29 00:21:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFF [2013/10/09 18:39:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F003DA68-8256-4b37-A6C4-350FA04494DF}: C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013/09/03 00:04:13 | 000,000,000 | ---D | M]

[2013/10/17 11:25:52 | 000,034,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},

O1 HOSTS File: ([2009/06/10 13:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-3054523023-1695870301-3392585106-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O3:64bit: - HKU\S-1-5-21-3054523023-1695870301-3392585106-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-3054523023-1695870301-3392585106-1003\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [AsioThk32Reg] C:\Windows\SysWow64\ctasio.dll (Creative Technology Ltd)
O4 - HKLM..\Run: [CTHelper] C:\Windows\SysWow64\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3054523023-1695870301-3392585106-1000..\Run: [CreativeTaskScheduler] C:\Program Files (x86)\Creative\Shared Files\CTSched.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-21-3054523023-1695870301-3392585106-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3054523023-1695870301-3392585106-1003..\Run: [EPSON WorkForce 500 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEQA.EXE /FU "C:\Windows\TEMP\E_S1A8C.tmp" /EF "HKCU" File not found
O4 - HKU\S-1-5-21-3054523023-1695870301-3392585106-1003..\Run: [MotoCast] C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoLauncher.lnk ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-3054523023-1695870301-3392585106-1000..\RunOnce: [InetReg] C:\Program Files (x86)\Creative\Product Registration\English\InetReg.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-21-3054523023-1695870301-3392585106-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-3054523023-1695870301-3392585106-1003..\RunOnce: [Uninstall C:\Users\David\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112_1\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\David\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112_1\amd64" File not found
O4 - Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DING!.lnk = C:\Program Files (x86)\Southwest Airlines\Ding\Ding.exe (Southwest Airlines)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-3054523023-1695870301-3392585106-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3054523023-1695870301-3392585106-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwar ... PIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwar ... /CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4FB50F0B-8C2F-42AA-BC8E-06CA52F742BC}: DhcpNameServer = 67.227.82.205 208.111.40.95
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7057615D-425F-4689-B2A5-9A579BCF2854}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/03/27 21:11:29 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2012/05/10 11:37:00 | 000,000,330 | ---- | M] () - J:\autorun.inf -- [ FAT ]
O33 - MountPoints2\{f4d874d2-1860-11e3-88ed-74d02b9ca2e8}\Shell - "" = AutoRun
O33 - MountPoints2\{f4d874d2-1860-11e3-88ed-74d02b9ca2e8}\Shell\AutoRun\command - "" = K:\MotoCastSetup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/11/29 00:40:38 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\David\Desktop\OTL.exe
[2013/11/26 20:41:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/11/26 20:34:40 | 001,958,474 | ---- | C] (Farbar) -- C:\Users\David\Desktop\FRST64.exe
[2013/11/23 12:10:41 | 000,000,000 | ---D | C] -- C:\Users\David\Desktop\Old forum files
[2013/11/18 22:46:18 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\Golden_Frog,_Inc
[2013/11/18 22:46:17 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\Golden Frog, Inc
[2013/11/18 22:45:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Golden Frog, Inc
[2013/11/18 22:45:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VyprVPN
[2013/11/18 22:44:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows
[2013/11/18 22:44:41 | 000,000,000 | ---D | C] -- C:\Program Files\TAP-Windows
[2013/11/18 22:44:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN
[2013/11/18 22:44:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenVPN
[2013/11/18 22:44:31 | 000,000,000 | -H-D | C] -- C:\ProgramData\{2D10A2F0-BF00-48E8-990B-966D17ED0CBB}
[2013/11/18 22:43:46 | 000,000,000 | ---D | C] -- C:\Users\David\.bitrock
[2013/11/17 18:15:37 | 000,000,000 | ---D | C] -- C:\FRST
[2013/11/16 14:13:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013/11/16 02:18:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/11/15 16:28:08 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/11/15 15:49:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Credant
[2013/11/13 20:14:45 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/11/13 20:09:00 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/11/13 19:55:48 | 001,034,531 | ---- | C] (Thisisu) -- C:\Users\David\Desktop\JRT.exe
[2013/11/13 19:47:37 | 004,121,440 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\David\Desktop\tdsskiller.exe
[2013/11/13 12:34:31 | 001,474,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013/11/13 12:34:29 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013/11/13 12:34:29 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013/11/13 12:34:29 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\credui.dll
[2013/11/13 12:34:29 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SmartcardCredentialProvider.dll
[2013/11/13 12:34:29 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
[2013/11/13 12:34:28 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2013/11/13 12:34:28 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2013/11/13 12:34:28 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2013/11/13 12:34:28 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2013/11/13 12:34:28 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2013/11/13 12:34:27 | 000,404,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll
[2013/11/13 12:34:26 | 000,830,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nshwfp.dll
[2013/11/13 12:34:26 | 000,656,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nshwfp.dll
[2013/11/13 12:34:26 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FWPUCLNT.DLL
[2013/11/13 12:34:26 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\FWPUCLNT.DLL
[2013/11/12 03:01:21 | 000,028,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEUDINIT.EXE
[2013/11/12 03:00:28 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013/11/12 03:00:28 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013/11/12 03:00:27 | 005,765,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/11/12 03:00:27 | 001,993,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/11/12 03:00:27 | 001,926,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/11/12 03:00:27 | 001,228,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013/11/12 03:00:27 | 001,051,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013/11/12 03:00:27 | 000,942,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jsIntl.dll
[2013/11/12 03:00:27 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013/11/12 03:00:27 | 000,774,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/11/12 03:00:27 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2013/11/12 03:00:27 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013/11/12 03:00:27 | 000,645,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsIntl.dll
[2013/11/12 03:00:27 | 000,626,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/11/12 03:00:27 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013/11/12 03:00:27 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013/11/12 03:00:27 | 000,610,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/11/12 03:00:27 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/11/12 03:00:27 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2013/11/12 03:00:27 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/11/12 03:00:27 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013/11/12 03:00:27 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/11/12 03:00:27 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013/11/12 03:00:27 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013/11/12 03:00:27 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013/11/12 03:00:27 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013/11/12 03:00:27 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/11/12 03:00:27 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013/11/12 03:00:27 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/11/12 03:00:27 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/11/12 03:00:27 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013/11/12 03:00:27 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013/11/12 03:00:27 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013/11/12 03:00:27 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013/11/12 03:00:27 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013/11/12 03:00:27 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013/11/12 03:00:27 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013/11/12 03:00:27 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/11/12 03:00:27 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013/11/12 03:00:27 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013/11/12 03:00:27 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013/11/12 03:00:27 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013/11/12 03:00:27 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/11/12 03:00:27 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2013/11/12 03:00:27 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013/11/12 03:00:27 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/11/12 03:00:27 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013/11/12 03:00:27 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013/11/12 03:00:27 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/11/12 03:00:27 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/11/12 03:00:27 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/11/12 03:00:27 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2013/11/12 03:00:27 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013/11/12 03:00:27 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013/11/12 03:00:27 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013/11/12 03:00:27 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013/11/12 03:00:27 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/11/12 03:00:27 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/11/12 03:00:27 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013/11/12 03:00:27 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/11/12 03:00:27 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013/11/12 03:00:27 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013/11/12 03:00:27 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2013/11/12 03:00:27 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/11/12 03:00:27 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013/11/12 03:00:27 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2013/11/12 03:00:27 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013/11/12 03:00:27 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013/11/12 03:00:27 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2013/11/12 03:00:27 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013/11/12 03:00:27 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2013/11/12 03:00:27 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2013/11/12 03:00:27 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/11/12 03:00:27 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/11/12 03:00:27 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013/11/12 03:00:27 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013/11/12 03:00:27 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013/11/12 03:00:27 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013/11/12 03:00:27 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013/11/12 03:00:27 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2013/11/11 00:59:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GreenTree Applications

========== Files - Modified Within 30 Days ==========

[2013/11/29 00:39:20 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/29 00:35:33 | 000,784,738 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/11/29 00:35:33 | 000,664,048 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/11/29 00:35:33 | 000,122,414 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/11/29 00:34:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/29 00:27:45 | 000,022,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/29 00:27:45 | 000,022,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/29 00:20:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/29 00:20:37 | 4246,220,798 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/28 14:37:13 | 000,030,792 | ---- | M] () -- C:\Windows\SysNative\BMXCtrlState-{00000005-00000000-00000002-00001102-00000004-10051102}.rfx
[2013/11/28 14:37:13 | 000,030,792 | ---- | M] () -- C:\Windows\SysNative\BMXBkpCtrlState-{00000005-00000000-00000002-00001102-00000004-10051102}.rfx
[2013/11/28 14:37:13 | 000,011,564 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000005-00000000-00000002-00001102-00000004-10051102}.rfx
[2013/11/28 14:37:12 | 000,035,888 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000005-00000000-00000002-00001102-00000004-10051102}.rfx
[2013/11/28 14:37:12 | 000,035,888 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000005-00000000-00000002-00001102-00000004-10051102}.rfx
[2013/11/28 14:00:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/27 18:38:45 | 000,002,283 | ---- | M] () -- C:\Users\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/11/26 20:41:18 | 000,002,259 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/11/26 20:33:58 | 001,958,474 | ---- | M] (Farbar) -- C:\Users\David\Desktop\FRST64.exe
[2013/11/25 23:45:21 | 000,166,099 | ---- | M] () -- C:\Users\David\Desktop\USPS.jpg
[2013/11/23 12:45:27 | 000,009,626 | ---- | M] () -- C:\Users\David\Desktop\2012 Alliant Tax Form 1098.pdf
[2013/11/23 12:13:59 | 000,597,165 | ---- | M] () -- C:\Users\David\Desktop\bookmarks_11_23_13.html
[2013/11/20 00:57:19 | 001,658,028 | ---- | M] () -- C:\Users\David\Desktop\Prestige Page 5.jpg
[2013/11/20 00:55:31 | 001,671,992 | ---- | M] () -- C:\Users\David\Desktop\Prestige Page 4.jpg
[2013/11/20 00:50:40 | 001,377,886 | ---- | M] () -- C:\Users\David\Desktop\Prestige Page 3.jpg
[2013/11/20 00:47:15 | 000,927,268 | ---- | M] () -- C:\Users\David\Desktop\Prestige Page 2.jpg
[2013/11/20 00:44:47 | 001,424,862 | ---- | M] () -- C:\Users\David\Desktop\Prestige Page 1.jpg
[2013/11/19 21:12:23 | 000,446,736 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/11/18 22:47:41 | 001,835,851 | ---- | M] () -- C:\Users\David\Desktop\CA Franchise Tax Board.jpg
[2013/11/16 20:07:52 | 000,152,724 | ---- | M] () -- C:\Users\David\Desktop\Koncept Lamp Return Receipt.jpg
[2013/11/13 21:22:04 | 000,001,209 | ---- | M] () -- C:\Users\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2013/11/13 19:55:08 | 001,034,531 | ---- | M] (Thisisu) -- C:\Users\David\Desktop\JRT.exe
[2013/11/13 19:46:41 | 004,121,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\David\Desktop\tdsskiller.exe
[2013/11/12 21:22:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\David\Desktop\OTL.exe
[2013/11/12 03:00:28 | 000,940,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013/11/12 03:00:28 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013/11/12 03:00:27 | 005,765,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/11/12 03:00:27 | 001,993,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/11/12 03:00:27 | 001,926,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/11/12 03:00:27 | 001,228,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013/11/12 03:00:27 | 001,051,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013/11/12 03:00:27 | 000,942,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jsIntl.dll
[2013/11/12 03:00:27 | 000,817,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013/11/12 03:00:27 | 000,774,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/11/12 03:00:27 | 000,708,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2013/11/12 03:00:27 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013/11/12 03:00:27 | 000,645,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jsIntl.dll
[2013/11/12 03:00:27 | 000,626,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/11/12 03:00:27 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013/11/12 03:00:27 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013/11/12 03:00:27 | 000,610,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/11/12 03:00:27 | 000,574,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/11/12 03:00:27 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2013/11/12 03:00:27 | 000,548,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/11/12 03:00:27 | 000,453,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013/11/12 03:00:27 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/11/12 03:00:27 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013/11/12 03:00:27 | 000,337,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013/11/12 03:00:27 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013/11/12 03:00:27 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013/11/12 03:00:27 | 000,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/11/12 03:00:27 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013/11/12 03:00:27 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/11/12 03:00:27 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/11/12 03:00:27 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013/11/12 03:00:27 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013/11/12 03:00:27 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013/11/12 03:00:27 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013/11/12 03:00:27 | 000,147,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013/11/12 03:00:27 | 000,143,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013/11/12 03:00:27 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013/11/12 03:00:27 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/11/12 03:00:27 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013/11/12 03:00:27 | 000,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013/11/12 03:00:27 | 000,127,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013/11/12 03:00:27 | 000,116,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013/11/12 03:00:27 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/11/12 03:00:27 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2013/11/12 03:00:27 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013/11/12 03:00:27 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/11/12 03:00:27 | 000,101,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013/11/12 03:00:27 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013/11/12 03:00:27 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/11/12 03:00:27 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/11/12 03:00:27 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/11/12 03:00:27 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2013/11/12 03:00:27 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013/11/12 03:00:27 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013/11/12 03:00:27 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013/11/12 03:00:27 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013/11/12 03:00:27 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/11/12 03:00:27 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/11/12 03:00:27 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013/11/12 03:00:27 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/11/12 03:00:27 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013/11/12 03:00:27 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013/11/12 03:00:27 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2013/11/12 03:00:27 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/11/12 03:00:27 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013/11/12 03:00:27 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2013/11/12 03:00:27 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013/11/12 03:00:27 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013/11/12 03:00:27 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2013/11/12 03:00:27 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013/11/12 03:00:27 | 000,040,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2013/11/12 03:00:27 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2013/11/12 03:00:27 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/11/12 03:00:27 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/11/12 03:00:27 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013/11/12 03:00:27 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013/11/12 03:00:27 | 000,016,284 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/11/12 03:00:27 | 000,016,284 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013/11/12 03:00:27 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013/11/12 03:00:27 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013/11/12 03:00:27 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013/11/12 03:00:27 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2013/11/11 01:29:04 | 006,118,784 | ---- | M] () -- C:\Users\David\Documents\I Love The Rain Remix Instrumental.mp3
[2013/11/11 01:28:48 | 003,141,670 | ---- | M] () -- C:\Users\David\Documents\I Love The Rain Remix Instrumental.mp4
[2013/11/11 01:27:41 | 005,602,692 | ---- | M] () -- C:\Users\David\Documents\Real tuesday weld - I love the rain.mp3
[2013/11/11 01:27:26 | 005,205,557 | ---- | M] () -- C:\Users\David\Documents\Real tuesday weld - I love the rain.mp4
[2013/11/11 01:18:04 | 007,478,912 | ---- | M] () -- C:\Users\David\Documents\Little Big Planet Peace Pipe (Peace P).mp3
[2013/11/11 01:17:46 | 025,882,899 | ---- | M] () -- C:\Users\David\Documents\Little Big Planet Peace Pipe (Peace P).mp4
[2013/11/11 01:16:24 | 004,966,784 | ---- | M] () -- C:\Users\David\Documents\Sigh No More (feat. Maurissa Tancharoen & Jed Whedon).mp3
[2013/11/11 01:15:58 | 004,334,696 | ---- | M] () -- C:\Users\David\Documents\Sigh No More (feat. Maurissa Tancharoen & Jed Whedon).mp4
[2013/11/11 01:15:15 | 006,124,928 | ---- | M] () -- C:\Users\David\Documents\Ghost Loft - Blow.mp3
[2013/11/11 01:14:52 | 023,177,866 | ---- | M] () -- C:\Users\David\Documents\Ghost Loft - Blow.mp4
[2013/11/11 01:12:42 | 010,700,676 | ---- | M] () -- C:\Users\David\Documents\4 Strings - Let It Rain (Chillout Instrumental Mix) (DOWNLOAD AVAILABLE!).mp3
[2013/11/11 01:03:56 | 089,709,722 | ---- | M] () -- C:\Users\David\Documents\4 Strings - Let It Rain (Chillout Instrumental Mix) (DOWNLOAD AVAILABLE!).mp4
[2013/11/09 02:35:09 | 000,668,318 | ---- | M] () -- C:\Users\David\Desktop\Untitled.jpg

========== Files Created - No Company Name ==========

[2013/11/26 20:41:18 | 000,002,283 | ---- | C] () -- C:\Users\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/11/26 20:41:18 | 000,002,259 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/11/25 23:45:20 | 000,166,099 | ---- | C] () -- C:\Users\David\Desktop\USPS.jpg
[2013/11/23 12:45:27 | 000,009,626 | ---- | C] () -- C:\Users\David\Desktop\2012 Alliant Tax Form 1098.pdf
[2013/11/23 12:13:59 | 000,597,165 | ---- | C] () -- C:\Users\David\Desktop\bookmarks_11_23_13.html
[2013/11/20 00:57:19 | 001,658,028 | ---- | C] () -- C:\Users\David\Desktop\Prestige Page 5.jpg
[2013/11/20 00:55:31 | 001,671,992 | ---- | C] () -- C:\Users\David\Desktop\Prestige Page 4.jpg
[2013/11/20 00:50:40 | 001,377,886 | ---- | C] () -- C:\Users\David\Desktop\Prestige Page 3.jpg
[2013/11/20 00:47:14 | 000,927,268 | ---- | C] () -- C:\Users\David\Desktop\Prestige Page 2.jpg
[2013/11/20 00:44:47 | 001,424,862 | ---- | C] () -- C:\Users\David\Desktop\Prestige Page 1.jpg
[2013/11/18 22:47:40 | 001,835,851 | ---- | C] () -- C:\Users\David\Desktop\CA Franchise Tax Board.jpg
[2013/11/18 22:45:58 | 000,001,883 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VyprVPN.lnk
[2013/11/16 20:07:52 | 000,152,724 | ---- | C] () -- C:\Users\David\Desktop\Koncept Lamp Return Receipt.jpg
[2013/11/12 03:00:27 | 000,016,284 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/11/12 03:00:27 | 000,016,284 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013/11/11 01:29:00 | 006,118,784 | ---- | C] () -- C:\Users\David\Documents\I Love The Rain Remix Instrumental.mp3
[2013/11/11 01:28:46 | 003,141,670 | ---- | C] () -- C:\Users\David\Documents\I Love The Rain Remix Instrumental.mp4
[2013/11/11 01:27:37 | 005,602,692 | ---- | C] () -- C:\Users\David\Documents\Real tuesday weld - I love the rain.mp3
[2013/11/11 01:27:23 | 005,205,557 | ---- | C] () -- C:\Users\David\Documents\Real tuesday weld - I love the rain.mp4
[2013/11/11 01:17:58 | 007,478,912 | ---- | C] () -- C:\Users\David\Documents\Little Big Planet Peace Pipe (Peace P).mp3
[2013/11/11 01:17:36 | 025,882,899 | ---- | C] () -- C:\Users\David\Documents\Little Big Planet Peace Pipe (Peace P).mp4
[2013/11/11 01:16:21 | 004,966,784 | ---- | C] () -- C:\Users\David\Documents\Sigh No More (feat. Maurissa Tancharoen & Jed Whedon).mp3
[2013/11/11 01:15:56 | 004,334,696 | ---- | C] () -- C:\Users\David\Documents\Sigh No More (feat. Maurissa Tancharoen & Jed Whedon).mp4
[2013/11/11 01:15:10 | 006,124,928 | ---- | C] () -- C:\Users\David\Documents\Ghost Loft - Blow.mp3
[2013/11/11 01:14:47 | 023,177,866 | ---- | C] () -- C:\Users\David\Documents\Ghost Loft - Blow.mp4
[2013/11/11 01:12:34 | 010,700,676 | ---- | C] () -- C:\Users\David\Documents\4 Strings - Let It Rain (Chillout Instrumental Mix) (DOWNLOAD AVAILABLE!).mp3
[2013/11/11 01:03:07 | 089,709,722 | ---- | C] () -- C:\Users\David\Documents\4 Strings - Let It Rain (Chillout Instrumental Mix) (DOWNLOAD AVAILABLE!).mp4
[2013/11/09 02:35:09 | 000,668,318 | ---- | C] () -- C:\Users\David\Desktop\Untitled.jpg
[2013/10/24 20:09:33 | 000,037,713 | ---- | C] () -- C:\Users\David\AppData\Roaming\Comma Separated Values.ADR
[2013/09/22 20:03:12 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2013/09/22 20:03:12 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2013/09/22 20:03:12 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2013/09/22 20:03:12 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2013/09/22 20:03:12 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2013/09/22 20:03:12 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2013/09/22 20:03:12 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2013/09/22 20:03:12 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2013/09/22 20:03:12 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2013/09/22 20:03:12 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2013/09/22 20:03:12 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2013/09/22 20:03:12 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2013/09/22 20:03:12 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2013/09/22 20:03:12 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2013/09/22 20:03:12 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2013/09/22 20:03:12 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2013/08/03 00:46:28 | 000,000,085 | ---- | C] () -- C:\Windows\wininit.ini
[2013/08/01 18:42:13 | 000,000,258 | RHS- | C] () -- C:\Users\David\ntuser.pol
[2013/07/30 23:33:59 | 000,000,061 | ---- | C] () -- C:\Windows\sbwin.ini
[2013/07/30 23:18:36 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2013/07/30 23:18:36 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2013/07/23 08:02:43 | 000,057,678 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2013/07/23 08:01:36 | 000,015,232 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2013/07/23 08:01:27 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2013/07/23 08:01:20 | 000,042,187 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2013/07/19 03:52:43 | 000,778,462 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/02/13 11:27:54 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll

========== ZeroAccess Check ==========

[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 18:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 17:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 19:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >



D. No changes in the behavior of my computer, which now seems AOK and without any discernible spigot infection.

How's the OTL look?
Mao55
Active Member
 
Posts: 14
Joined: November 12th, 2013, 2:42 am

Re: Spigot/Yahoo infection from YDT install

Unread postby pgmigg » November 29th, 2013, 10:52 am

Hello Mao55,

Hope you had a great Thanksgiving, pgmigg.
Thank you so much, Mao55! :D
Chrome always has an "extra tab" in addition to whatever tab(s) you may already have open. At the very top of the page, you see the tab(s) you have open, and then at the very right is a smaller blank portion of a tab that you can click on to open a new tab page. This is an as-designed feature of Chrome, and is not a problem of any kind. I hope I didn't create the impression that this was not good. It was previously not good when Chrome, when opened, would always have a second tab in addition to your default home page tab, and that second tab was already at the Yahoo/Spigot page.
Unfortunately, based on your previous explanation "Chrome still has a second tab, but it's not Yahoo/spigot." I decided that it is exactly bad issue. Nice to read that it is not true and everything is OK. ;)

After all your latest set of logs appear to be clean! :cheers:

This is my general post for when your logs show no more signs of malware.
Before I give you instructions how to keep your computer clean and secure, you need to make a few additional steps.

Step 1.
OTL - Run Fix Script
You should still have OTL on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Highlight and copy the following entries: into the Image text box.
    (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
    Code: Select all
    :Commands
    [CREATERESTOREPOINT]
    [EMPTYTEMP]
    [CLEARALLRESTOREPOINTS]
    

  3. Click under the Custom Scan/Fixes box and paste the copied text.
  4. Click the Run Fix button. If prompted... click OK.
  5. OTL may ask to reboot the machine. Please do so if asked.

Step 2.
OTL-Cleanup
You should still have OTL on your desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Press the CleanUp button.
  3. When done, you will be prompted to reboot your system to finish file removal, please select OK to reboot your computer.

Then:
Please don't forget to enable all your defense software!

Finally:
Please click HERE to find a short guide to staying safer online.

Please don't hesitate to ask any additional questions.

Stay Safe! ;)

pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3187
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Spigot/Yahoo infection from YDT install

Unread postby Cypher » December 3rd, 2013, 12:38 pm

As your problems appear to have been resolved, this topic is now closed.

We are pleased we could help you resolve your computer's issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: random/random and 70 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware