[RESOLVED] Blocked from using website because of "excessive usage"
Page 1 of 2 12 LastLast
Results 1 to 15 of 30

Thread: [RESOLVED] Blocked from using website because of "excessive usage"

  1. #1
    Join Date
    Nov 2014
    Posts
    17

    Resolved [RESOLVED] Blocked from using website because of "excessive usage"

    For several years I have had a subscription to a website which I am now blocked from because my computer has been apparently attacking the website without my knowledge. As the web owner puts it: As i have had issues for the last few months with “excessive resource usage” on the site, which often results in 500 error, my host has been checking further into why there was that amount of usage and the identified that one IP has been “hammering” the Campus site with over 9000 “attacks”. Well, that IP was actually yours, which i didn’t know until your mentioned this problem and ... identified that your IP was in the list of blocked ones. The web owner and her programmer have tried to help me identify what on my computer would be causing this problem and finally referred me here. I have Windows 7, cable connection, Intel(R) Pentium(R) CPU G850 @ 2.90GHz, system memory 4.00 GB RAM, 32-bit operating system. I have scanned for viruses with McAfee and IOrbit Malware but neither turned up anything, though Malwarebytes did (see below). I am not well versed on technology so I am afraid I am clueless about what to do next. I tried to post this message earlier but it apparently did not go through. If the original message is waiting to be approved, please ignore this one. Any help you can provide wold be most appreciated. Dianne

    The log reports are as follows:

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 11/23/2014
    Scan Time: 12:41:32 PM
    Logfile: 112314Malwarebytes.txt
    Administrator: Yes

    Version: 2.00.3.1025
    Malware Database: v2014.11.23.09
    Rootkit Database: v2014.11.22.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x86
    File System: NTFS
    User: Owner

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 329247
    Time Elapsed: 17 min, 45 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 15
    PUP.Optional.ValueApps.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{93DBF2BB-A2B3-4683-A92E-57E60751F346}, Quarantined, [290cee5149334aec8bd43291a161fc04],
    PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, Quarantined, [43f277c899e33df9a997318d9a680af6],
    PUP.Optional.Spigot, HKU\S-1-5-21-1241181004-2622625590-1122715860-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Search Protection, Quarantined, [37fe51eeed8fdf577c3b2b8ac43dcf31],
    PUP.Optional.DomaIQ, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\DMUninstaller, Quarantined, [c471142ba8d493a3938a5ab534d155ab],
    PUP.Optional.DomaIQ.A, HKLM\SOFTWARE\DomaIQ, Quarantined, [a19464dbdba1082ee14407755ea58d73],
    PUP.Optional.Spigot.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\hbcennhacfaagdopikcegfcobcadeocj, Quarantined, [c57038078fedc86ed2008ed418ebc53b],
    PUP.Optional.Spigot.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\icdlfehblmklkikfigmjhbmmpmkmpooj, Quarantined, [0134fd424e2e2d09488b045ec43fc937],
    PUP.Optional.Spigot.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\mhkaekfpcppmmioggniknbnbdbcigpkk, Quarantined, [af860738cab2b68012c23e24778c9070],
    PUP.Optional.Spigot.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pfndaklgolladniicklehhancnlgocpp, Quarantined, [b08508376c108ea8f2e35012857e1fe1],
    PUP.Optional.RegCleanPro.A, HKLM\SOFTWARE\SYSTWEAK\RegClean Pro, Quarantined, [8da8cc736b11c175e1ff4112699a0000],
    PUP.Optional.Conduit.A, HKU\S-1-5-21-1241181004-2622625590-1122715860-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\ConduitSearchScopes, Quarantined, [0431a699304c6dc91e51e853e02330d0],
    PUP.Optional.MyEmoticons.A, HKU\S-1-5-21-1241181004-2622625590-1122715860-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Search Protection, Quarantined, [2411dc63a4d88da9b96c561f12f1738d],
    PUP.Optional.Spigot.A, HKU\S-1-5-21-1241181004-2622625590-1122715860-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Search Settings, Quarantined, [39fc81be58245adcb1be6c4353b1db25],
    PUP.Optional.Conduit.A, HKU\S-1-5-21-1241181004-2622625590-1122715860-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\CONDUIT\FF, Quarantined, [122392adde9e80b63ea780143fc50af6],
    PUP.Optional.ValueApps.A, HKU\S-1-5-21-1241181004-2622625590-1122715860-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\CONDUIT\ValueApps, Quarantined, [dc598bb4a8d4f2447f35ec8dfd0603fd],

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 1
    PUP.Optional.Conduit, HKU\S-1-5-21-1241181004-2622625590-1122715860-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://search.conduit.com?SearchSour...ctid=CT3310511, Good: (www.google.com), Bad: (http://search.conduit.com?SearchSour...0511),Replaced,[3302330cd6a6b284ef5796bca75ea15f]

    Folders: 17
    PUP.Optional.Conduit.A, C:\Users\Owner\AppData\Local\Temp\ct3310511, Quarantined, [c471ff4094e8e6508426b6550bf828d8],
    PUP.Optional.Conduit.A, C:\Users\Owner\AppData\Local\Temp\ct3310511\xpi, Quarantined, [c471ff4094e8e6508426b6550bf828d8],
    PUP.Optional.Conduit.A, C:\Users\Owner\AppData\Local\Temp\ct3310511\xpi\defaults, Quarantined, [c471ff4094e8e6508426b6550bf828d8],
    PUP.Optional.Conduit.A, C:\Users\Owner\AppData\Local\Temp\ct3310511\xpi\defaults\preferences, Quarantined, [c471ff4094e8e6508426b6550bf828d8],
    PUP.Optional.Conduit.A, C:\Users\Owner\AppData\Local\Temp\ct3311333, Quarantined, [221339067705e155dad0a76442c12bd5],
    PUP.Optional.Conduit.A, C:\ProgramData\Conduit\IE, Quarantined, [0b2a122d027a0531f1cd818a3cc72dd3],
    PUP.Optional.Conduit.A, C:\ProgramData\Conduit\IE\CT3310511, Quarantined, [0b2a122d027a0531f1cd818a3cc72dd3],
    PUP.Optional.NextLive.A, C:\Users\Owner\AppData\Roaming\newnext.me, Quarantined, [62d3fe413f3d072f884de9231be88779],
    PUP.Optional.NextLive.A, C:\Users\Owner\AppData\Roaming\newnext.me\cache, Quarantined, [62d3fe413f3d072f884de9231be88779],
    PUP.Optional.ValueAppsplugin.A, C:\Program Files\Conduit\ValueApps, Quarantined, [73c20936c4b8d165bd55709d946f50b0],
    PUP.Optional.ValueAppsplugin.A, C:\Program Files\Conduit\ValueApps\IE, Quarantined, [73c20936c4b8d165bd55709d946f50b0],
    PUP.Optional.ValueAppsplugin.A, C:\Users\Owner\AppData\Local\Conduit\ValueApps, Quarantined, [a88df34c80fc3cfa948046c7b94a5aa6],
    PUP.Optional.Conduit.A, C:\Users\Owner\AppData\Local\Temp\mam-ct3319214, Quarantined, [de57cf70f88434023d1d8c85d92a728e],
    PUP.Optional.SearchProtect.A, C:\Users\Owner\AppData\Local\SearchProtect, Quarantined, [2015152a03797eb8d4e3dc44db28eb15],
    PUP.Optional.SearchProtect.A, C:\Users\Owner\AppData\Local\SearchProtect\Logs, Quarantined, [2015152a03797eb8d4e3dc44db28eb15],
    PUP.Optional.Spigot.A, C:\Program Files\Common Files\Spigot, Quarantined, [a19488b7e7950a2cea1d55dc937043bd],
    PUP.Optional.Spigot.A, C:\Program Files\Common Files\Spigot\GC, Quarantined, [a19488b7e7950a2cea1d55dc937043bd],

    Files: 18
    PUP.Optional.Spigot, C:\Users\Owner\AppData\Roaming\Search Protection\Uninstall.exe, Quarantined, [37fe51eeed8fdf577c3b2b8ac43dcf31],
    PUP.Optional.DomaIQ, C:\Program Files\Uninstaller\Uninstall.exe, Quarantined, [c471142ba8d493a3938a5ab534d155ab],
    PUP.Optional.AirInstaller, C:\Users\Owner\Downloads\Setup.exe, Quarantined, [6dc8d8673943ce689c1b2303a859a858],
    PUP.Optional.OpenCandy, C:\Users\Owner\Downloads\californiafontssetup.exe, Quarantined, [84b142fde79548ee8e4fdb9de3221ae6],
    PUP.Optional.Bandoo, C:\Users\Owner\Downloads\iLividSetup.exe, Quarantined, [68cda39ca1db41f5c99ba67e37ca837d],
    PUP.Optional.OpenCandy, C:\Users\Owner\Downloads\winzip155.exe, Quarantined, [a98cfa451a62330304d913655aab768a],
    PUP.Optional.Astromenda.A, C:\Windows\System32\Tasks\WSE_Astromenda, Quarantined, [9c990639d3a9af874301023a8f745ba5],
    PUP.Optional.Conduit.A, C:\ProgramData\Conduit\IE\CT3310511\UninstallerUI.exe, Quarantined, [0b2a122d027a0531f1cd818a3cc72dd3],
    PUP.Optional.NextLive.A, C:\Users\Owner\AppData\Roaming\newnext.me\nengine.cookie, Quarantined, [62d3fe413f3d072f884de9231be88779],
    PUP.Optional.NextLive.A, C:\Users\Owner\AppData\Roaming\newnext.me\cache\spark.bin, Quarantined, [62d3fe413f3d072f884de9231be88779],
    PUP.Optional.ValueAppsplugin.A, C:\Program Files\Conduit\ValueApps\IE\tmpresp.tmp, Quarantined, [73c20936c4b8d165bd55709d946f50b0],
    PUP.Optional.Spigot.A, C:\Program Files\Common Files\Spigot\GC\coupons_2.4.crx, Quarantined, [a19488b7e7950a2cea1d55dc937043bd],
    PUP.Optional.Spigot.A, C:\Program Files\Common Files\Spigot\GC\errorassistant_1.1.crx, Quarantined, [a19488b7e7950a2cea1d55dc937043bd],
    PUP.Optional.Spigot.A, C:\Program Files\Common Files\Spigot\GC\ErrorAssistant_1.2.crx, Quarantined, [a19488b7e7950a2cea1d55dc937043bd],
    PUP.Optional.Spigot.A, C:\Program Files\Common Files\Spigot\GC\ErrorAssistant_1.3.crx, Quarantined, [a19488b7e7950a2cea1d55dc937043bd],
    PUP.Optional.Spigot.A, C:\Program Files\Common Files\Spigot\GC\saamazon_1.0.crx, Quarantined, [a19488b7e7950a2cea1d55dc937043bd],
    PUP.Optional.Spigot.A, C:\Program Files\Common Files\Spigot\GC\saebay_1.0.crx, Quarantined, [a19488b7e7950a2cea1d55dc937043bd],
    PUP.Optional.Spigot.A, C:\Program Files\Common Files\Spigot\GC\saebay_1.1.crx, Quarantined, [a19488b7e7950a2cea1d55dc937043bd],

    Physical Sectors: 0
    (No malicious items detected)


    (end)

    -----------------------

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 5/31/2012 10:19:09 AM
    System Uptime: 11/23/2014 1:04:15 PM (0 hours ago)
    .
    Motherboard: Gigabyte Technology Co., Ltd. | | H61M-DS2 REV 1.2
    Processor: Intel(R) Pentium(R) CPU G850 @ 2.90GHz | Socket 1155 | 2900/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 466 GiB total, 326.359 GiB free.
    D: is CDROM ()
    E: is FIXED (NTFS) - 932 GiB total, 328.89 GiB free.
    F: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP359: 11/9/2014 7:00:32 PM - Windows Backup
    RP360: 11/13/2014 9:27:21 PM - Windows Modules Installer
    RP361: 11/16/2014 7:00:19 PM - Windows Backup
    RP362: 11/18/2014 3:18:44 AM - Windows Update
    RP363: 11/18/2014 10:09:31 AM - Windows Modules Installer
    RP365: 11/23/2014 9:35:36 AM - Driver Booster : Adobe AIR
    .
    ==== Installed Programs ======================
    .
    3DTextStudio
    abrMate version 1.0
    Adobe Acrobat XI Pro
    Adobe AIR
    Adobe Bridge CC
    Adobe Creative Cloud
    Adobe Edge Reflow CC Preview
    Adobe Exchange Panel
    Adobe Extension Manager CC
    Adobe Flash Player 15 ActiveX
    Adobe Flash Player 15 Plugin
    Adobe Help Manager
    Adobe Illustrator CC 2014 (32 Bit)
    Adobe Illustrator CS6
    Adobe InDesign CC 2014 (32-bit)
    Adobe InDesign CS6
    Adobe Muse
    Adobe Photoshop CC
    Adobe Photoshop CC 2014 (32 Bit)
    Adobe Photoshop CS5.1
    Adobe Photoshop CS6
    Adobe Photoshop Lightroom 4.4
    Adobe Photoshop Lightroom 5.7
    Adobe Reader XI
    Adobe® Content Viewer
    Advanced SystemCare 7
    Alien Skin Eye Candy 5 Impact
    Alien Skin Eye Candy 5 Nature
    Alien Skin Eye Candy 5 Textures
    Alien Skin Image Doctor
    Alien Skin Splat!
    AllMyNotes Organizer
    Amazon Kindle
    Apple Application Support
    Apple Software Update
    ArcSoft PhotoImpression
    ArcSoft Print Creations
    ArcSoft Print Creations - Album Page
    ArcSoft Print Creations - Funhouse
    ArcSoft Print Creations - Greeting Card
    ArcSoft Print Creations - Photo Book
    ArcSoft Print Creations - Photo Calendar
    ArcSoft Print Creations - Scrapbook
    ArcSoft Print Creations - Slimline Card
    ArtRage Studio Pro
    AVG Security Toolbar
    Backblaze
    California Font Manager 2.5.0
    Canon Easy-WebPrint EX
    Canon IJ Scan Utility
    Canon MG6300 series MP Drivers
    Canon MG6300 series On-screen Manual
    Canon MG6300 series User Registration
    Canon My Image Garden
    Canon My Image Garden Design Files
    Canon My Printer
    Canon Quick Menu
    CCleaner
    CCScore
    Cisco WebEx Meetings
    Compatibility Pack for the 2007 Office system
    Corel KPT Collection
    Corel KPT Collection for PSPX4
    Corel PaintShop Pro Brush Content
    Corel PaintShop Pro Misc Content
    Corel PaintShop Pro Picture Frame Content
    Corel PaintShop Pro Picture Tube Content
    Corel PaintShop Pro X4
    Corel PaintShop Pro X5
    Corel PaintShop Pro X6
    Corel PaintShop Pro X7
    Corel PaintShop Pro X7
    Coupon Printer for Windows
    Creative Content
    D3DX10
    Delicious - Emily's Honeymoon Cruise Premium Edition
    Driver Booster 2
    Dropbox
    EPSON Copy Utility
    EPSON Photo Print
    EPSON Scanner Reference Guide
    EPSON Smart Panel
    EPSON TWAIN 5
    ESSBrwr
    ESSCDBK
    ESScore
    ESSgui
    ESSini
    ESSPCD
    ESSPDock
    ESSTOOLS
    essvatgt
    FaceFilter Studio 2
    fflink
    Filter Forge 3.014
    Filter Forge 4.011
    FontManagementSystem
    Genetica 3.6
    Gliftex10 10, 0, 0, 1
    GreenCloud Printer 7.4.2.1
    Hallmark Card Studio 2014
    Hallmark Card Studio 2014 Bonus Pack
    Hallmark Card Studio 2014 Holiday Pack
    Hallmark Card Studio 2015
    Hallmark Card Studio 2015 Bonus Pack
    ICA
    Intel(R) Management Engine Components
    Intel(R) Processor Graphics
    IObit Malware Fighter
    IObit Uninstaller
    IPM_PSP_COM
    Jasc Animation Shop 3
    Jasc Paint Shop Pro 9
    Jasc Paint Shop Pro 9.01 Patch
    Java 7 Update 72
    Java Auto Updater
    JavaFX 2.1.0
    Junk Mail filter update
    K-Lite Codec Pack 8.8.0 (Full)
    kgcbaby
    kgchday
    kgchlwn
    kgcinvt
    kgckids
    kgcmove
    kgcvday
    Kodak EasyShare software
    Lightroom 4.3
    Livebrush
    Malwarebytes Anti-Malware version 2.0.3.1025
    McAfee Security Scan Plus
    McAfee SecurityCenter
    McAfee SiteAdvisor
    Microsoft .NET Framework 4.5.1
    Microsoft Application Error Reporting
    Microsoft Expression Web 4
    Microsoft Office Word Viewer 2003
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft SQL Server Compact 3.5 SP2 ENU
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
    Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
    Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
    Microsoft Windows Media Video 9 VCM
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    Microsoft_VC90_MFCLOC_x86
    Movie Maker
    Mozilla Firefox 33.1 (x86 en-US)
    Mozilla Maintenance Service
    MSVCRT
    MSVCRT110
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP3 Parser
    MSXML 4.0 SP3 Parser (KB2721691)
    MSXML 4.0 SP3 Parser (KB2758694)
    netbrdg
    Nik Color Efex Pro 3.0
    Norton Safe Web Lite
    OfotoXMI
    Online Games Manager v1.30
    OpenOffice 4.1.1
    Patternshop
    PC Attorney
    PDF Settings CC
    PDF Settings CS5
    PDF Settings CS6
    Pdf995
    PdfEdit995
    Photo Common
    Photo Gallery
    Poser 10 version 10.0.3
    PoserContent2014
    PSPPContent
    PSPPHelp
    QuickTime 7
    Realtek Ethernet Controller Driver
    Realtek High Definition Audio Driver
    Scan2PC
    ScanToWeb
    ScatterShow version 1.1
    Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2978128)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
    Setup
    SFR
    Shared C Run-time for x86
    SHASTA
    Signature995
    Sketch Drawer 1.3
    skin0001
    SKINXSDK
    Smart Defrag 3
    Smith Micro Download Manager version 1.0
    staticcr
    Surfing Protection
    TeamViewer 9
    Topaz Simplify 4
    TwistedBrush Pro Studio
    Ultimate Creative Collection (X5)
    VPRINTOL
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Mail
    Windows Live MIME IFilter
    Windows Live Photo Common
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    WinZip 15.5
    WIRELESS
    Xara Xtreme 5
    XYplorer 11.90
    .
    ==== Event Viewer Messages From Past Week ========
    .
    11/23/2014 6:06:59 AM, Error: Service Control Manager [7034] - The LiveUpdate service terminated unexpectedly. It has done this 1 time(s).
    11/23/2014 1:08:02 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
    11/22/2014 4:24:38 PM, Error: Service Control Manager [7022] - The Intel(R) Management and Security Application User Notification Service service hung on starting.
    11/19/2014 5:32:29 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
    11/19/2014 5:32:29 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolume2.
    11/16/2014 5:50:04 AM, Error: volmgr [46] - Crash dump initialization failed!
    .
    ==== End Of File ===========================

    --------------------------

    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 11.0.9600.17420 BrowserJavaVersion: 10.72.2
    Run by Owner at 13:23:43 on 2014-11-23
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3503.1260 [GMT -8:00]
    .
    AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
    SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
    FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
    .
    ============== Running Processes ================
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe
    C:\Windows\VPDAgent.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files\Backblaze\bzserv.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\IntelCpHeciSvc.exe
    C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\mfevtps.exe
    C:\Program Files\IObit\Advanced SystemCare 7\Monitor.exe
    C:\Program Files\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe
    C:\Windows\system32\rundll32.exe
    C:\Program Files\Online Games Manager\ogmservice.exe
    C:\Windows\system32\PSIService.exe
    c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    C:\Program Files\Scan2PC\Sc2PCSvc.exe
    C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
    C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\McAfee\MSC\McAPExe.exe
    C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\System32\WUDFHost.exe
    C:\Program Files\IObit\IObit Uninstaller\UninstallMonitor.exe
    C:\Program Files\IObit\Advanced SystemCare 7\RealTimeProtector.exe
    C:\Program Files\AVG Secure Search\vprot.exe
    C:\Program Files\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
    C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
    C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
    C:\Program Files\Creative Home\Hallmark Card Studio 2015\Planner\PLNRnote.exe
    C:\Program Files\IObit\IObit Malware Fighter\IMF.exe
    C:\Program Files\Backblaze\bzfilelist.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
    C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
    C:\Program Files\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
    C:\Program Files\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
    C:\Program Files\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
    C:\Windows\system32\notepad.exe
    C:\Windows\system32\prevhost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\RunDll32.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k SDRSVC
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://search.conduit.com?SearchSource=10&CUI=UN42947427976486298&UM=2&ctid=CT3310511
    mStart Page = about:blank
    uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
    BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.8.150\McAfeeMSS_IE.dll
    BHO: ExplorerWnd Helper: {10921475-03CE-4E04-90CE-E2E7EF20C814} - c:\program files\iobit\iobit uninstaller\UninstallExplorer32.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\18.1.9.799\AVG Secure Search_toolbar.dll
    BHO: Ads Removal: {9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} - c:\program files\iobit\iobit malware fighter\adsremoval\ie\Adblock.dll
    BHO: Adobe Acrobat Create PDF Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll
    BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
    BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - c:\program files\iobit\surfing protection\browerprotect\ASCPlugin_Protection.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
    BHO: Norton Safe Web Lite BHO: {F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3} - c:\program files\norton safe web lite\engine\2.0.0.16\CoIEPlg.dll
    BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll
    TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\18.1.9.799\AVG Secure Search_toolbar.dll
    TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll
    TB: Norton Safe Web Lite: {30CEEEA2-3742-40e4-85DD-812BF1CBB83D} - c:\program files\norton safe web lite\engine\2.0.0.16\CoIEPlg.dll
    TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
    TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
    EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
    uRun: [California Fonts Loader] "c:\program files\california font manager\CaliforniaFonts.exe" /scanfolder
    mRun: [mcpltui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
    mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
    mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 11.0\acrobat\Acrotray.exe"
    mRun: [Adobe Creative Cloud] "c:\program files\adobe\adobe creative cloud\acc\Creative Cloud.exe" --showwindow=false --onOSstartup=true
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [IgfxTray] "c:\windows\system32\igfxtray.exe"
    mRun: [HotKeysCmds] "c:\windows\system32\hkcmd.exe"
    mRun: [Persistence] "c:\windows\system32\igfxpers.exe"
    mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [IObit Malware Fighter] "c:\program files\iobit\iobit malware fighter\IMF.exe" /autostart
    mRunOnce: [RAInstaller c:\program files\realarcade\installer\commonresources\gamehouse\gamehouse_] cmd.exe /c "rmdir /s /q "c:\program files\realarcade\installer\commonresources\gamehouse\gamehouse_""
    dRun: [Advanced SystemCare 7] "c:\program files\iobit\advanced systemcare 7\ASCTray.exe" /Auto
    dRun: [Backblaze] "c:\program files\backblaze\bzbui.exe" -quiet
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\eventp~1.lnk - c:\program files\creative home\hallmark card studio 2015\planner\PLNRnote.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableLUA = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    TCP: NameServer = 68.105.28.12 68.105.29.12 68.105.28.11
    TCP: Interfaces\{0841394A-6C4A-4D06-B8A9-908F53338C1A} : DHCPNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\program files\mcafee\msc\McSnIePl.dll
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\18.1.9\ViProtocol.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    Notify: igfxcui - igfxdev.dll
    SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\am53b3xu.default-1411387983416\
    FF - prefs.js: browser.search.selectedEngine - Yahoo
    FF - prefs.js: browser.startup.homepage - hxxp://ww2.cox.com/myconnection/sandiego/home.cox
    FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll
    FF - plugin: c:\program files\adobe\acrobat 11.0\acrobat\air\nppdf32.dll
    FF - plugin: c:\program files\adobe\adobe creative cloud\utils\npAdobeAAMDetect32.dll
    FF - plugin: c:\program files\adobe\adobe creative cloud\utils\npAdobeAAMDetect64.dll
    FF - plugin: c:\program files\adobe\adobe extension manager cs6\npAdobeExManDetectX86.dll
    FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\canon\my image garden\addon\cig\npmigfpi.dll
    FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
    FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files\microsoft silverlight\5.1.30514.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\browser\plugins\npMozCouponPrinter.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\users\owner\appdata\roaming\mozilla\plugins\npatgpc.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_15_0_0_223.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2012-7-17 576048]
    R0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-7-17 217224]
    R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2014-1-28 18624]
    R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-9-22 42784]
    R1 ccSet_NST;Norton Safe Web Lite Settings Manager;c:\windows\system32\drivers\nst\0200000.010\ccSetx86.sys [2013-1-19 132744]
    R2 AdvancedSystemCareService7;Advanced SystemCare Service 7;c:\program files\iobit\advanced systemcare 7\ASCService.exe [2013-11-24 893216]
    R2 Agent;VPDAgent;c:\windows\VPDAgent.exe [2012-6-9 192512]
    R2 bzserv;Backblaze Service;c:\program files\backblaze\bzserv.exe [2013-11-18 234600]
    R2 HomeNetSvc;McAfee Home Network;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-11-5 281560]
    R2 IMFservice;IMF Service;c:\program files\iobit\iobit malware fighter\IMFsrv.exe [2014-3-6 344896]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2013-1-19 167784]
    R2 McAPExe;McAfee AP Service;c:\program files\mcafee\msc\McAPExe.exe [2013-11-5 145568]
    R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-11-5 281560]
    R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-11-5 281560]
    R2 mcpltsvc;McAfee Platform Services;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-11-5 281560]
    R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-11-5 281560]
    R2 mfecore;McAfee Anti-Malware Core;c:\program files\common files\mcafee\amcore\mcshield.exe [2013-11-6 655936]
    R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2013-1-19 169800]
    R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2013-1-19 179600]
    R2 NSL;Norton Safe Web Lite;c:\program files\norton safe web lite\engine\2.0.0.16\ccSvcHst.exe [2013-1-19 138760]
    R2 ogmservice;Online Games Manager;c:\program files\online games manager\ogmservice.exe [2014-3-27 581568]
    R2 Scan2PC;Scan2PC;c:\program files\scan2pc\Sc2PCSvc.exe [2013-6-22 69632]
    R2 TeamViewer9;TeamViewer 9;c:\program files\teamviewer\version9\TeamViewer_Service.exe [2014-11-23 4799760]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files\intel\intel(r) management engine components\uns\UNS.exe [2012-5-31 2655768]
    R2 vToolbarUpdater18.1.9;vToolbarUpdater18.1.9;c:\program files\common files\avg secure search\vtoolbarupdater\18.1.9\ToolbarUpdater.exe [2014-8-11 1820184]
    R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2013-1-19 62832]
    R3 FileMonitor;FileMonitor;c:\program files\iobit\iobit malware fighter\drivers\win7_x86\FileMonitor.sys [2014-11-23 21480]
    R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files\intel\intel(r) integrated clock controller service\ICCProxy.exe [2013-11-18 169752]
    R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-11-23 114904]
    R3 MEI;Intel(R) Management Engine Interface ;c:\windows\system32\drivers\TeeDriver.sys [2014-11-23 86488]
    R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2013-1-19 238176]
    R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2013-1-19 369248]
    R3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\drivers\mfencbdc.sys [2014-8-20 350240]
    R3 RegFilter;RegFilter;c:\program files\iobit\iobit malware fighter\drivers\win7_x86\RegFilter.sys [2014-11-23 32288]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2014-11-23 719064]
    R3 UrlFilter;UrlFilter;c:\program files\iobit\iobit malware fighter\drivers\win7_x86\UrlFilter.sys [2014-11-23 20944]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
    S2 LiveUpdateSvc;LiveUpdate;c:\program files\iobit\liveupdate\LiveUpdate.exe [2013-11-24 2283296]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2014-4-16 147912]
    S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-11-13 102912]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.8.150\McCHSvc.exe [2014-4-9 235696]
    S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2013-1-19 67816]
    S3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\drivers\mfencrk.sys [2014-8-20 81296]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-6-19 14848]
    S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-6-19 49664]
    S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2013-6-19 27136]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-5-31 1343400]
    .
    =============== Created Last 30 ================
    .
    2014-11-23 20:40:51 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2014-11-23 20:40:23 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2014-11-23 20:40:23 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
    2014-11-23 20:40:23 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
    2014-11-23 20:40:23 -------- d-----w- c:\programdata\Malwarebytes
    2014-11-23 20:40:23 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
    2014-11-23 17:43:54 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2014-11-23 17:41:52 1892056 ----a-w- c:\windows\system32\RTSndMgr.cpl
    2014-11-23 17:41:50 3086040 ----a-w- c:\windows\system32\drivers\RTKVHDA.sys
    2014-11-23 17:41:50 2566872 ----a-w- c:\windows\system32\RtkPgExt.dll
    2014-11-23 17:41:49 916696 ----a-w- c:\windows\system32\RtkCoInstII.dll
    2014-11-23 17:41:48 782040 ----a-w- c:\windows\system32\RtkApoApi.dll
    2014-11-23 17:41:44 1099203 ----a-w- c:\windows\system32\drivers\RTAIODAT.DAT
    2014-11-23 17:41:43 2474200 ----a-w- c:\windows\system32\RltkAPO.dll
    2014-11-23 17:41:26 900696 ----a-w- c:\windows\system32\MaxxAudioAPOShell.dll
    2014-11-23 17:41:26 1940056 ----a-w- c:\windows\system32\MaxxAudioEQ.dll
    2014-11-23 17:41:04 86488 ----a-w- c:\windows\system32\drivers\TeeDriver.sys
    2014-11-23 17:36:52 76872 ----a-w- c:\windows\system32\RtNicProp32.dll
    2014-11-23 17:36:52 719064 ----a-w- c:\windows\system32\drivers\Rt86win7.sys
    2014-11-23 15:40:01 -------- d-----w- c:\program files\TeamViewer
    2014-11-23 01:53:09 -------- d-sh--w- c:\users\owner\appdata\local\EmieBrowserModeList
    2014-11-21 02:54:13 163504 ----a-w- c:\programdata\microsoft\windows\sqm\manifest\Sqm10145.bin
    2014-11-18 18:10:40 550912 ----a-w- c:\windows\system32\kerberos.dll
    2014-11-18 18:10:40 186880 ----a-w- c:\windows\system32\pku2u.dll
    2014-11-14 05:31:45 2363904 ----a-w- c:\windows\system32\msi.dll
    2014-11-14 05:31:31 2048 ----a-w- c:\windows\system32\msxml3r.dll
    2014-11-14 05:31:31 1237504 ----a-w- c:\windows\system32\msxml3.dll
    2014-11-14 05:31:13 681984 ----a-w- c:\windows\system32\adtschema.dll
    2014-11-14 05:31:13 523776 ----a-w- c:\windows\system32\termsrv.dll
    2014-11-14 05:31:13 146432 ----a-w- c:\windows\system32\msaudite.dll
    2014-11-14 05:31:13 136632 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2014-11-14 05:31:13 1059840 ----a-w- c:\windows\system32\lsasrv.dll
    2014-11-14 05:30:46 2379264 ----a-w- c:\windows\system32\win32k.sys
    2014-11-14 05:30:33 67584 ----a-w- c:\windows\system32\packager.dll
    2014-11-14 05:30:22 571904 ----a-w- c:\windows\system32\oleaut32.dll
    2014-11-14 05:30:12 475136 ----a-w- c:\windows\system32\audiosrv.dll
    2014-11-14 05:30:12 442880 ----a-w- c:\windows\system32\AUDIOKSE.dll
    2014-11-14 05:30:12 374784 ----a-w- c:\windows\system32\AudioEng.dll
    2014-11-14 05:30:12 275968 ----a-w- c:\windows\system32\EncDump.dll
    2014-11-14 05:30:12 195584 ----a-w- c:\windows\system32\AudioSes.dll
    2014-11-14 05:28:50 701440 ----a-w- c:\windows\system32\IMJP10K.DLL
    2014-11-14 05:28:29 65536 ----a-w- c:\windows\system32\TSpkg.dll
    2014-11-14 05:28:29 259584 ----a-w- c:\windows\system32\msv1_0.dll
    2014-11-14 05:28:29 248832 ----a-w- c:\windows\system32\schannel.dll
    2014-11-14 05:28:29 221184 ----a-w- c:\windows\system32\ncrypt.dll
    2014-11-14 05:28:29 17408 ----a-w- c:\windows\system32\credssp.dll
    2014-11-14 05:28:29 172032 ----a-w- c:\windows\system32\wdigest.dll
    2014-11-14 05:21:58 302592 ----a-w- c:\windows\system32\aeinv.dll
    2014-11-14 05:21:58 254464 ----a-w- c:\windows\system32\generaltel.dll
    2014-11-14 05:21:58 203776 ----a-w- c:\windows\system32\aepdu.dll
    2014-11-08 17:09:00 -------- d-----w- c:\programdata\Smith Micro
    2014-11-08 17:08:53 -------- d-----w- c:\users\owner\appdata\roaming\Smith Micro
    2014-11-08 16:42:28 217088 ----a-r- c:\users\owner\appdata\roaming\microsoft\installer\{2c69abc9-55b7-410e-89ab-4cbd84d8d37b}\ARPPRODUCTICON.exe
    2014-11-08 16:35:45 -------- d-----w- c:\program files\Summitsoft
    2014-11-08 16:14:38 -------- d-----w- c:\users\owner\appdata\local\HCSShell
    2014-10-29 01:10:04 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
    2014-10-29 01:10:04 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
    2014-10-29 01:10:04 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
    2014-10-29 01:10:04 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
    2014-10-29 01:10:04 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
    .
    ==================== Find3M ====================
    .
    2014-11-23 17:36:52 100896 ----a-w- c:\windows\system32\RTNUninst32.dll
    2014-11-12 15:36:04 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2014-11-12 15:36:04 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2014-10-15 05:17:01 4922368 ----a-w- c:\windows\system32\mstscax.dll
    2014-10-15 05:17:01 37376 ----a-w- c:\windows\system32\tsgqec.dll
    2014-10-15 05:17:01 2744320 ----a-w- c:\windows\system32\rdpcorets.dll
    2014-10-15 05:17:01 269312 ----a-w- c:\windows\system32\aaclient.dll
    2014-10-15 05:17:01 1050112 ----a-w- c:\windows\system32\mstsc.exe
    2014-10-15 05:16:26 31232 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
    2014-10-15 05:16:26 304128 ----a-w- c:\windows\system32\winlogon.exe
    2014-10-15 05:16:26 184320 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2014-10-15 05:16:26 157696 ----a-w- c:\windows\system32\winsta.dll
    2014-10-15 05:16:26 130048 ----a-w- c:\windows\system32\rdpcorekmts.dll
    2014-10-15 05:14:48 372736 ----a-w- c:\windows\system32\rastls.dll
    2014-10-15 05:12:02 81560 ----a-w- c:\windows\system32\mscories.dll
    2014-10-15 05:12:02 156824 ----a-w- c:\windows\system32\mscorier.dll
    2014-10-15 05:12:02 1131664 ----a-w- c:\windows\system32\dfshim.dll
    2014-10-02 21:23:20 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2014-10-02 21:23:20 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2014-09-25 01:40:50 519680 ----a-w- c:\windows\system32\qdvd.dll
    2014-09-10 15:02:54 2285056 ----a-w- c:\windows\system32\msmpeg2vdec.dll
    2014-09-09 21:47:10 2048 ----a-w- c:\windows\system32\tzres.dll
    .
    ============= FINISH: 13:25:02.85 ===============

  2. #2
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Welcome aboard

    Please, observe following rules:

    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.



    ==========================

    Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2


    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again



    Create new restore point before proceeding with the next step....
    How to: http://www.smartestcomputing.us.com/...t-all-windows/

    Download Malwarebytes Anti-Rootkit to your desktop.

    • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
    • Double click on downloaded file. OK self extracting prompt.
    • MBAR will start. Click "Next" to continue.
    • Click in the following screen "Update" to obtain the latest malware definitions.
    • Once the update is complete select "Next" and click "Scan".
    • When the scan is finished and no malware has been found select "Exit".
    • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
    • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:

      • "mbar-log-{date} (xx-xx-xx).txt"
      • "system-log.txt"



    NOTE. If you see This version requires you to completely exit the Anti Malware application message right click on the Malwarebytes icon in the system tray and click on Exit.

  3. #3
    Join Date
    Nov 2014
    Posts
    17
    Ran RogueKiller and results of log are below:

    RogueKiller V10.0.8.0 [Nov 20 2014] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 32

    bits version
    Started in : Normal mode
    User : Owner [Administrator]
    Mode : Delete -- Date : 11/25/2014 06:08:23

    ¤¤¤ Processes : 2 ¤¤¤
    [Suspicious.Path] VPDAgent.exe -- C:\Windows

    \VPDAgent.exe[-] -> Killed [TermProc]
    [PUP] (SVC) vToolbarUpdater18.1.9 -- C:\Program Files

    \Common Files\AVG Secure Search\vToolbarUpdater

    \18.1.9\ToolbarUpdater.exe[7] -> Stopped

    ¤¤¤ Registry : 28 ¤¤¤
    [PUP] HKEY_CLASSES_ROOT\CLSID\{408CFAD9-8F13-

    4747-8EC7-770A339C7237} -> Not selected
    [PUP] HKEY_CLASSES_ROOT\CLSID\{4E92DB5F-AAD9-

    49D3-8EAB-B40CBE5B1FF7} -> Not selected
    [PUP] HKEY_CLASSES_ROOT\CLSID\{933B95E2-E7B7-

    4AD9-B952-7AC336682AE3} -> Not selected
    [PUP] HKEY_CLASSES_ROOT\CLSID\{94496571-6AC5-

    4836-82D5-D46260C44B17} -> Not selected
    [PUP] HKEY_CLASSES_ROOT\CLSID\{95B7759C-8C7F-

    4BF1-B163-73684A933233} -> Not selected
    [PUP] HKEY_CLASSES_ROOT\CLSID\{B658800C-F66E-

    4EF3-AB85-6C0C227862A9} -> Not selected
    [PUP] HKEY_CLASSES_ROOT\CLSID\{BC9FD17D-30F6-

    4464-9E53-596A90AFF023} -> Not selected
    [PUP] HKEY_CLASSES_ROOT\CLSID\{DE9028D0-5FFA-

    4E69-94E3-89EE8741F468} -> Not selected
    [PUP] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-

    4EB7-A673-4ED3E9456D39} -> Not selected
    [PUP] HKEY_CLASSES_ROOT\CLSID\{F25AF245-4A81-

    40DC-92F9-E9021F207706} -> Not selected
    [PUP] HKEY_LOCAL_MACHINE\Software\Microsoft

    \Windows\CurrentVersion\Explorer\Browser Helper Objects

    \{95B7759C-8C7F-4BF1-B163-73684A933233} -> Not selected
    [PUP] HKEY_LOCAL_MACHINE\Software\Microsoft

    \Windows\CurrentVersion\Run | vProt : "C:\Program Files

    \AVG Secure Search\vprot.exe" -> Not selected
    [Suspicious.Path] HKEY_LOCAL_MACHINE\System

    \CurrentControlSet\Services\Agent (C:\Windows

    \VPDAgent.exe) -> Not selected
    [PUP] HKEY_LOCAL_MACHINE\System\CurrentControlSet

    \Services\vToolbarUpdater18.1.9 (C:\Program Files\Common

    Files\AVG Secure Search\vToolbarUpdater

    \18.1.9\ToolbarUpdater.exe) -> Not selected
    [Suspicious.Path] HKEY_LOCAL_MACHINE\System

    \ControlSet001\Services\Agent (C:\Windows\VPDAgent.exe)

    -> Not selected
    [PUP] HKEY_LOCAL_MACHINE\System

    \ControlSet001\Services\vToolbarUpdater18.1.9 (C:\Program

    Files\Common Files\AVG Secure Search\vToolbarUpdater

    \18.1.9\ToolbarUpdater.exe) -> Not selected
    [Suspicious.Path] HKEY_LOCAL_MACHINE\System

    \ControlSet002\Services\Agent (C:\Windows\VPDAgent.exe)

    -> Not selected
    [PUP] HKEY_LOCAL_MACHINE\System

    \ControlSet002\Services\vToolbarUpdater18.1.9 (C:\Program

    Files\Common Files\AVG Secure Search\vToolbarUpdater

    \18.1.9\ToolbarUpdater.exe) -> Not selected
    [PUM.HomePage] HKEY_USERS\S-1-5-21-1241181004-

    2622625590-1122715860-1000\Software\Microsoft\Internet

    Explorer\Main | Start Page : http://search.conduit.com?

    SearchSource=10&CUI=UN42947427976486298&UM=2&ctid

    =CT3310511 -> Not selected
    [PUM.Dns] HKEY_LOCAL_MACHINE\System

    \CurrentControlSet\Services\Tcpip\Parameters |

    DhcpNameServer : 68.105.28.12 68.105.29.12 68.105.28.11

    [UNITED STATES (US)][UNITED STATES (US)][UNITED

    STATES (US)] -> Not selected
    [PUM.Dns] HKEY_LOCAL_MACHINE\System

    \ControlSet001\Services\Tcpip\Parameters | DhcpNameServer :

    68.105.28.12 68.105.29.12 68.105.28.11 [UNITED STATES

    (US)][UNITED STATES (US)][UNITED STATES (US)] ->

    Not selected
    [PUM.Dns] HKEY_LOCAL_MACHINE\System

    \ControlSet002\Services\Tcpip\Parameters | DhcpNameServer :

    68.105.28.12 68.105.29.12 68.105.28.11 [UNITED STATES

    (US)][UNITED STATES (US)][UNITED STATES (US)] ->

    Not selected
    [PUM.Dns] HKEY_LOCAL_MACHINE\System

    \CurrentControlSet\Services\Tcpip\Parameters\Interfaces

    \{0841394A-6C4A-4D06-B8A9-908F53338C1A} |

    DhcpNameServer : 68.105.28.12 68.105.29.12 68.105.28.11

    [UNITED STATES (US)][UNITED STATES (US)][UNITED

    STATES (US)] -> Not selected
    [PUM.Dns] HKEY_LOCAL_MACHINE\System

    \ControlSet001\Services\Tcpip\Parameters\Interfaces

    \{0841394A-6C4A-4D06-B8A9-908F53338C1A} |

    DhcpNameServer : 68.105.28.12 68.105.29.12 68.105.28.11

    [UNITED STATES (US)][UNITED STATES (US)][UNITED

    STATES (US)] -> Not selected
    [PUM.Dns] HKEY_LOCAL_MACHINE\System

    \ControlSet002\Services\Tcpip\Parameters\Interfaces

    \{0841394A-6C4A-4D06-B8A9-908F53338C1A} |

    DhcpNameServer : 68.105.28.12 68.105.29.12 68.105.28.11

    [UNITED STATES (US)][UNITED STATES (US)][UNITED

    STATES (US)] -> Not selected
    [PUM.Policies] HKEY_LOCAL_MACHINE\Software

    \Microsoft\Windows\CurrentVersion\Policies\System |

    ConsentPromptBehaviorAdmin : 0 -> Not selected
    [PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software

    \Microsoft\Windows\CurrentVersion\Explorer

    \HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-

    A2D8-08002B30309D} : 1 -> Not selected
    [PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software

    \Microsoft\Windows\CurrentVersion\Explorer

    \HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-

    89c5-5595fe6b30ee} : 1 -> Not selected

    ¤¤¤ Tasks : 6 ¤¤¤
    [Suspicious.Path] AVG-Secure-Search-

    Update_JUNE2013_HP_rmv.job -- C:\Windows\TEMP

    \{53F56097-F45E-4F99-B93E-FBF084EA5B1B}.exe (--

    uninstall=1) -> Deleted
    [Suspicious.Path] AVG-Secure-Search-

    Update_JUNE2013_TB_rmv.job -- C:\Windows\TEMP

    \{01066B39-936A-4A36-8131-7648FA3EB119}.exe (--

    uninstall=1) -> Deleted
    [Suspicious.Path] EasyShare Registration Task.job -- C:

    \Windows\system32\rundll32.exe (C:\PROGRA~2\Kodak

    \EasyShareSetup\$REGIS~1\Registration_8.3.20.1.sxt

    _RegistrationOffer@16) -> Deleted
    [Suspicious.Path] \\AVG-Secure-Search-

    Update_JUNE2013_HP_rmv -- C:\Windows\TEMP\{53F56097

    -F45E-4F99-B93E-FBF084EA5B1B}.exe (--uninstall=1) ->

    Deleted
    [Suspicious.Path] \\AVG-Secure-Search-

    Update_JUNE2013_TB_rmv -- C:\Windows\TEMP\{01066B39

    -936A-4A36-8131-7648FA3EB119}.exe (--uninstall=1) ->

    Deleted
    [Suspicious.Path] \\EasyShare Registration Task -- C:

    \Windows\system32\rundll32.exe (C:\PROGRA~2\Kodak

    \EasyShareSetup\$REGIS~1\Registration_8.3.20.1.sxt

    _RegistrationOffer@16) -> Deleted

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ Hosts File : 0 ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

    ¤¤¤ Web browsers : 3 ¤¤¤
    [PUP][FIREFX:Addon] am53b3xu.default-1411387983416 :

    Yahoo Toolbar [{635abd67-4fe9-1b23-4f01-e679fa7484c1}] ->

    Not selected
    [PUP][FIREFX:Addon] am53b3xu.default-1411387983416 :

    AVG Security Toolbar [avg@toolbar] -> Not selected
    [PUM.HomePage][FIREFX:Config] am53b3xu.default-

    1411387983416 : user_pref("browser.startup.homepage",

    "http://ww2.cox.com/myconnection/sandiego/home.cox"); ->

    Not selected

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: ST500DM005 HD502HJ ATA Device

    +++++
    --- User ---
    [MBR] d6ee5a03d26b92a31bbdf00f5ac7c31f
    [BSP] 3483a0ead32cde755d5a21e8b3276fb1 : Windows

    Vista/7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 |

    Size: 100 MB
    1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors):

    206848 | Size: 476838 MB
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive1: SAMSUNG HD103UI USB Device ++

    +++
    --- User ---
    [MBR] c4dbe81c6a0c74f7492d9307f88a5514
    [BSP] 33dc70ac5737f33ef7a66f73c56595eb : Windows XP

    MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 63 |

    Size: 953867 MB
    User = LL1 ... OK
    Error reading LL2 MBR! ([32] The request is not supported. )


    ============================================
    RKreport_SCN_11252014_060639.log

  4. #4
    Join Date
    Nov 2014
    Posts
    17
    Created new restore point.

    Ran Malwarebytes Anti-RootKit. Logs follow:

    Malwarebytes Anti-Rootkit BETA 1.08.2.1001
    www.malwarebytes.org

    Database version: v2014.11.25.06

    Windows 7 Service Pack 1 x86 NTFS
    Internet Explorer 11.0.9600.17420
    Owner :: OWNER-PC [administrator]

    11/25/2014 6:15:14 AM
    mbar-log-2014-11-25 (06-15-14).txt

    Scan type: Quick scan
    Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
    Scan options disabled:
    Objects scanned: 353863
    Time elapsed: 30 minute(s), 52 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    Physical Sectors Detected: 0
    (No malicious items detected)

    (end)

    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.08.2.1001

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.1.7601 Windows 7 Service Pack 1 x86

    Account is Administrative

    Internet Explorer version: 11.0.9600.17420

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED
    CPU speed: 2.893000 GHz
    Memory total: 3673481216, free: 1063571456

    Downloaded database version: v2014.11.25.06
    Downloaded database version: v2014.11.22.01
    Initializing...
    ======================
    ------------ Kernel report ------------
    11/25/2014 06:15:02
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntkrnlpa.exe
    \SystemRoot\system32\halmacpi.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\mcupdate_GenuineIntel.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\BOOTVID.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\system32\drivers\ACPI.sys
    \SystemRoot\system32\drivers\WMILIB.SYS
    \SystemRoot\system32\drivers\msisadrv.sys
    \SystemRoot\system32\drivers\pci.sys
    \SystemRoot\system32\drivers\vdrvroot.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\system32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\system32\drivers\pciide.sys
    \SystemRoot\system32\drivers\PCIIDEX.SYS
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\drivers\atapi.sys
    \SystemRoot\system32\drivers\ataport.SYS
    \SystemRoot\system32\drivers\amdxata.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\system32\drivers\mfehidk.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\msrpc.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\drivers\mfewfpk.sys
    \SystemRoot\system32\drivers\volsnap.sys
    \SystemRoot\System32\Drivers\spldr.sys
    \SystemRoot\System32\Drivers\SmartDefragDriver.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\hwpolicy.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\system32\drivers\disk.sys
    \SystemRoot\system32\drivers\CLASSPNP.SYS
    \SystemRoot\system32\DRIVERS\cdrom.sys
    \SystemRoot\system32\drivers\NST\0200000.010\ccSetx86.sys
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \??\C:\Windows\system32\drivers\avgtpx86.sys
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\system32\drivers\rdpencdd.sys
    \SystemRoot\system32\drivers\rdprefmp.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\system32\DRIVERS\wfplwf.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\serial.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\DRIVERS\termdd.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\system32\DRIVERS\mssmbios.sys
    \SystemRoot\System32\drivers\discache.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\DRIVERS\blbdrive.sys
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \SystemRoot\system32\DRIVERS\intelppm.sys
    \SystemRoot\system32\DRIVERS\igdkmd32.sys
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\dxgmms1.sys
    \SystemRoot\system32\DRIVERS\TeeDriver.sys
    \SystemRoot\system32\drivers\usbehci.sys
    \SystemRoot\system32\drivers\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\Rt86win7.sys
    \SystemRoot\system32\DRIVERS\serenum.sys
    \SystemRoot\system32\DRIVERS\parport.sys
    \SystemRoot\system32\DRIVERS\CompositeBus.sys
    \SystemRoot\system32\DRIVERS\AgileVpn.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\rassstp.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\swenum.sys
    \SystemRoot\system32\DRIVERS\ks.sys
    \SystemRoot\system32\DRIVERS\umbus.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\drivers\RTKVHDA.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\drivers\mfeavfk.sys
    \SystemRoot\system32\drivers\mfefirek.sys
    \SystemRoot\system32\DRIVERS\mfencbdc.sys
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\Drivers\dump_dumpata.sys
    \SystemRoot\System32\Drivers\dump_atapi.sys
    \SystemRoot\System32\Drivers\dump_dumpfve.sys
    \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\system32\DRIVERS\hidusb.sys
    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    \SystemRoot\system32\DRIVERS\kbdhid.sys
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\system32\DRIVERS\usbscan.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\system32\DRIVERS\monitor.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\System32\cdd.dll
    \SystemRoot\System32\ATMFD.DLL
    \SystemRoot\system32\drivers\luafv.sys
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \SystemRoot\system32\DRIVERS\parvdm.sys
    \SystemRoot\system32\drivers\peauth.sys
    \SystemRoot\System32\Drivers\secdrv.SYS
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\System32\drivers\tcpipreg.sys
    \SystemRoot\system32\drivers\mfeapfk.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \SystemRoot\system32\drivers\cfwids.sys
    \??\C:\Program Files\IObit\IObit Malware Fighter\drivers\win7_x86\regfilter.sys
    \??\C:\Program Files\IObit\IObit Malware Fighter\Drivers\win7_x86\FileMonitor.sys
    \??\C:\Program Files\IObit\IObit Malware Fighter\drivers\win7_x86\UrlFilter.sys
    \SystemRoot\system32\DRIVERS\asyncmac.sys
    \SystemRoot\system32\drivers\spsys.sys
    \??\C:\Windows\system32\drivers\mbamchameleon.sys
    \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
    \Windows\System32\ntdll.dll
    \Windows\System32\smss.exe
    \Windows\System32\apisetschema.dll
    \Windows\System32\autochk.exe
    \Windows\System32\comdlg32.dll
    \Windows\System32\ws2_32.dll
    \Windows\System32\kernel32.dll
    \Windows\System32\msctf.dll
    \Windows\System32\urlmon.dll
    \Windows\System32\imm32.dll
    \Windows\System32\Wldap32.dll
    \Windows\System32\ole32.dll
    \Windows\System32\setupapi.dll
    \Windows\System32\rpcrt4.dll
    \Windows\System32\msvcrt.dll
    \Windows\System32\psapi.dll
    \Windows\System32\user32.dll
    \Windows\System32\difxapi.dll
    \Windows\System32\lpk.dll
    \Windows\System32\nsi.dll
    \Windows\System32\shell32.dll
    \Windows\System32\clbcatq.dll
    \Windows\System32\iertutil.dll
    \Windows\System32\gdi32.dll
    \Windows\System32\sechost.dll
    \Windows\System32\usp10.dll
    \Windows\System32\wininet.dll
    \Windows\System32\advapi32.dll
    ----------- End -----------
    Done!
    <<<1>>>
    Upper Device Name: \Device\Harddisk1\DR1
    Upper Device Object: 0xffffffff87258400
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\0000006b\
    Lower Device Object: 0xffffffff870ec888
    Lower Device Driver Name: \Driver\USBSTOR\
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xffffffff86cad688
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
    Lower Device Object: 0xffffffff85ed9908
    Lower Device Driver Name: \Driver\atapi\
    <<<2>>>
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xffffffff86cad688, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff86cad368, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xffffffff86cad688, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xffffffff867ba918, DeviceName: Unknown, DriverName: \Driver\ACPI\
    DevicePointer: 0xffffffff85ed9908, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
    Done!
    Drive 0
    This is a System drive
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: B71899DD

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048 Numsec = 204800
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848 Numsec = 976564224

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 500107862016 bytes
    Sector size: 512 bytes

    Done!
    Physical Sector Size: 512
    Drive: 1, DevicePointer: 0xffffffff87258400, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff870ecd10, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xffffffff87258400, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    DevicePointer: 0xffffffff870ec888, DeviceName: \Device\0000006b\, DriverName: \Driver\USBSTOR\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    Drive 1
    Scanning MBR on drive 1...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: E939140F

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63 Numsec = 1953520002

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 1000204886016 bytes
    Sector size: 512 bytes

    Done!
    Scan finished
    =======================================


    Removal queue found; removal started
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
    Removal finished

  5. #5
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Please disable "word wrap" in Notepad because some logs are hard to read.

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.



    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.



    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"


    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode


    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.



    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

  6. #6
    Join Date
    Nov 2014
    Posts
    17
    Ran ComboFix. Log follows (I hope the word wrap was disabled properly this time...my apologies):

    ComboFix 14-11-25.01 - Owner 11/25/2014 19:29:37.1.2 - x86
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3503.1938 [GMT -8:00]
    Running from: c:\users\Owner\Desktop\ComboFix.exe
    AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
    FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
    SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
    SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\system32\AdobePDF.dll
    E:\install.exe
    .
    Infected copy of c:\windows\system32\samsrv.dll was found and disinfected
    Restored copy from - c:\windows\winsxs\x86_microsoft-windows-directory-services-sam_31bf3856ad364e35_6.1.7601.17514_none_b3f5c348ff36a76f\samsrv.dll
    .
    .
    ((((((((((((((((((((((((( Files Created from 2014-10-26 to 2014-11-26 )))))))))))))))))))))))))))))))
    .
    .
    2014-11-26 03:41 . 2014-11-26 03:41 -------- d-----w- c:\users\Default\AppData\Local\temp
    2014-11-25 14:15 . 2014-11-25 14:50 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
    2014-11-25 14:00 . 2014-11-25 14:00 34808 ----a-w- c:\windows\system32\drivers\TrueSight.sys
    2014-11-25 14:00 . 2014-11-25 14:00 -------- d-----w- c:\programdata\RogueKiller
    2014-11-23 20:40 . 2014-11-25 14:15 119000 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2014-11-23 20:40 . 2014-11-25 14:14 79576 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2014-11-23 20:40 . 2014-11-23 20:40 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
    2014-11-23 20:40 . 2014-11-23 20:40 -------- d-----w- c:\programdata\Malwarebytes
    2014-11-23 20:40 . 2014-10-01 19:11 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
    2014-11-23 20:40 . 2014-10-01 19:11 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
    2014-11-23 17:44 . 2014-11-23 17:44 -------- d-----w- c:\program files\Common Files\Java
    2014-11-23 17:43 . 2014-11-23 17:43 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2014-11-23 17:41 . 2014-11-23 17:41 1892056 ----a-w- c:\windows\system32\RTSndMgr.cpl
    2014-11-23 17:41 . 2014-11-23 17:41 3086040 ----a-w- c:\windows\system32\drivers\RTKVHDA.sys
    2014-11-23 17:41 . 2014-11-23 17:41 2566872 ----a-w- c:\windows\system32\RtkPgExt.dll
    2014-11-23 17:41 . 2014-11-23 17:41 916696 ----a-w- c:\windows\system32\RtkCoInstII.dll
    2014-11-23 17:41 . 2014-11-23 17:41 782040 ----a-w- c:\windows\system32\RtkApoApi.dll
    2014-11-23 17:41 . 2014-11-23 17:41 1099203 ----a-w- c:\windows\system32\drivers\RTAIODAT.DAT
    2014-11-23 17:41 . 2014-11-23 17:41 2474200 ----a-w- c:\windows\system32\RltkAPO.dll
    2014-11-23 17:41 . 2014-11-23 17:41 900696 ----a-w- c:\windows\system32\MaxxAudioAPOShell.dll
    2014-11-23 17:41 . 2014-11-23 17:41 1940056 ----a-w- c:\windows\system32\MaxxAudioEQ.dll
    2014-11-23 17:41 . 2014-11-23 17:41 86488 ----a-w- c:\windows\system32\drivers\TeeDriver.sys
    2014-11-23 17:36 . 2014-11-23 17:36 76872 ----a-w- c:\windows\system32\RtNicProp32.dll
    2014-11-23 17:36 . 2014-11-23 17:36 719064 ----a-w- c:\windows\system32\drivers\Rt86win7.sys
    2014-11-23 15:40 . 2014-11-23 15:40 -------- d-----w- c:\program files\TeamViewer
    2014-11-23 01:53 . 2014-11-23 01:53 -------- d-sh--w- c:\users\Owner\AppData\Local\EmieBrowserModeList
    2014-11-18 18:10 . 2014-11-18 18:10 550912 ----a-w- c:\windows\system32\kerberos.dll
    2014-11-18 18:10 . 2014-11-18 18:10 186880 ----a-w- c:\windows\system32\pku2u.dll
    2014-11-14 05:31 . 2014-11-14 05:31 2363904 ----a-w- c:\windows\system32\msi.dll
    2014-11-14 05:31 . 2014-11-14 05:31 2048 ----a-w- c:\windows\system32\msxml3r.dll
    2014-11-14 05:31 . 2014-11-14 05:31 1237504 ----a-w- c:\windows\system32\msxml3.dll
    2014-11-14 05:31 . 2014-11-14 05:31 681984 ----a-w- c:\windows\system32\adtschema.dll
    2014-11-14 05:31 . 2014-11-14 05:31 523776 ----a-w- c:\windows\system32\termsrv.dll
    2014-11-14 05:31 . 2014-11-14 05:31 146432 ----a-w- c:\windows\system32\msaudite.dll
    2014-11-14 05:31 . 2014-11-14 05:31 136632 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2014-11-14 05:31 . 2014-11-14 05:31 1059840 ----a-w- c:\windows\system32\lsasrv.dll
    2014-11-14 05:30 . 2014-11-14 05:30 2379264 ----a-w- c:\windows\system32\win32k.sys
    2014-11-14 05:30 . 2014-11-14 05:30 67584 ----a-w- c:\windows\system32\packager.dll
    2014-11-14 05:30 . 2014-11-14 05:30 571904 ----a-w- c:\windows\system32\oleaut32.dll
    2014-11-14 05:30 . 2014-11-14 05:30 475136 ----a-w- c:\windows\system32\audiosrv.dll
    2014-11-14 05:30 . 2014-11-14 05:30 442880 ----a-w- c:\windows\system32\AUDIOKSE.dll
    2014-11-14 05:30 . 2014-11-14 05:30 374784 ----a-w- c:\windows\system32\AudioEng.dll
    2014-11-14 05:30 . 2014-11-14 05:30 275968 ----a-w- c:\windows\system32\EncDump.dll
    2014-11-14 05:30 . 2014-11-14 05:30 195584 ----a-w- c:\windows\system32\AudioSes.dll
    2014-11-14 05:28 . 2014-11-14 05:28 701440 ----a-w- c:\windows\system32\IMJP10K.DLL
    2014-11-14 05:28 . 2014-11-14 05:28 65536 ----a-w- c:\windows\system32\TSpkg.dll
    2014-11-14 05:28 . 2014-11-14 05:28 259584 ----a-w- c:\windows\system32\msv1_0.dll
    2014-11-14 05:28 . 2014-11-14 05:28 248832 ----a-w- c:\windows\system32\schannel.dll
    2014-11-14 05:28 . 2014-11-14 05:28 221184 ----a-w- c:\windows\system32\ncrypt.dll
    2014-11-14 05:28 . 2014-11-14 05:28 17408 ----a-w- c:\windows\system32\credssp.dll
    2014-11-14 05:28 . 2014-11-14 05:28 172032 ----a-w- c:\windows\system32\wdigest.dll
    2014-11-14 05:21 . 2014-11-05 17:50 254464 ----a-w- c:\windows\system32\generaltel.dll
    2014-11-14 05:21 . 2014-11-05 17:50 203776 ----a-w- c:\windows\system32\aepdu.dll
    2014-11-14 05:21 . 2014-11-05 17:47 302592 ----a-w- c:\windows\system32\aeinv.dll
    2014-11-08 17:09 . 2014-11-08 17:09 -------- d-----w- c:\programdata\Smith Micro
    2014-11-08 17:08 . 2014-11-08 17:08 -------- d-----w- c:\users\Owner\AppData\Roaming\Smith Micro
    2014-11-08 16:42 . 2014-11-08 16:42 217088 ----a-r- c:\users\Owner\AppData\Roaming\Microsoft\Installer\{2C69ABC9-55B7-410E-89AB-4CBD84D8D37B}\ARPPRODUCTICON.exe
    2014-11-08 16:35 . 2014-11-08 16:40 -------- d-----w- c:\program files\Summitsoft
    2014-11-08 16:14 . 2014-11-08 16:14 -------- d-----w- c:\users\Owner\AppData\Local\HCSShell
    2014-10-29 01:10 . 2014-10-29 01:10 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
    2014-10-29 01:10 . 2014-10-29 01:10 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
    2014-10-29 01:10 . 2014-10-29 01:10 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
    2014-10-29 01:10 . 2014-10-29 01:10 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
    2014-10-29 01:10 . 2014-10-29 01:10 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
    2014-10-29 01:09 . 2014-10-29 01:10 -------- d-----w- c:\program files\QuickTime
    2014-10-29 01:09 . 2014-10-29 01:09 -------- d-----w- c:\programdata\Apple Computer
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2014-11-25 20:24 . 2014-11-21 02:54 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
    2014-11-23 17:38 . 2012-03-20 06:26 11049984 ----a-w- c:\windows\system32\igdumd32.dll
    2014-11-23 17:38 . 2012-05-31 17:33 11176448 ----a-w- c:\windows\system32\igd10umd32.dll
    2014-11-23 17:36 . 2012-05-31 17:37 100896 ----a-w- c:\windows\system32\RTNUninst32.dll
    2014-11-12 15:36 . 2012-05-31 19:32 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2014-11-12 15:36 . 2012-05-31 19:32 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2014-10-15 05:17 . 2014-10-15 05:17 4922368 ----a-w- c:\windows\system32\mstscax.dll
    2014-10-15 05:17 . 2014-10-15 05:17 37376 ----a-w- c:\windows\system32\tsgqec.dll
    2014-10-15 05:17 . 2014-10-15 05:17 2744320 ----a-w- c:\windows\system32\rdpcorets.dll
    2014-10-15 05:17 . 2014-10-15 05:17 269312 ----a-w- c:\windows\system32\aaclient.dll
    2014-10-15 05:17 . 2014-10-15 05:17 1050112 ----a-w- c:\windows\system32\mstsc.exe
    2014-10-15 05:16 . 2014-10-15 05:16 31232 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
    2014-10-15 05:16 . 2014-10-15 05:16 304128 ----a-w- c:\windows\system32\winlogon.exe
    2014-10-15 05:16 . 2014-10-15 05:16 184320 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2014-10-15 05:16 . 2014-10-15 05:16 157696 ----a-w- c:\windows\system32\winsta.dll
    2014-10-15 05:16 . 2014-10-15 05:16 130048 ----a-w- c:\windows\system32\rdpcorekmts.dll
    2014-10-15 05:14 . 2014-10-15 05:14 372736 ----a-w- c:\windows\system32\rastls.dll
    2014-10-15 05:12 . 2014-10-15 05:12 81560 ----a-w- c:\windows\system32\mscories.dll
    2014-10-15 05:12 . 2014-10-15 05:12 156824 ----a-w- c:\windows\system32\mscorier.dll
    2014-10-15 05:12 . 2014-10-15 05:12 1131664 ----a-w- c:\windows\system32\dfshim.dll
    2014-10-15 05:11 . 2014-10-15 05:11 988160 ----a-w- c:\windows\system32\drmv2clt.dll
    2014-10-15 05:11 . 2014-10-15 05:11 96768 ----a-w- c:\windows\system32\appidpolicyconverter.exe
    2014-10-15 05:11 . 2014-10-15 05:11 8192 ----a-w- c:\windows\system32\spwmp.dll
    2014-10-15 05:11 . 2014-10-15 05:11 81408 ----a-w- c:\windows\system32\cryptsp.dll
    2014-10-15 05:11 . 2014-10-15 05:11 744960 ----a-w- c:\windows\system32\blackbox.dll
    2014-10-15 05:11 . 2014-10-15 05:11 617984 ----a-w- c:\windows\system32\wmdrmsdk.dll
    2014-10-15 05:11 . 2014-10-15 05:11 593920 ----a-w- c:\windows\system32\drivers\PEAuth.sys
    2014-10-15 05:11 . 2014-10-15 05:11 521384 ----a-w- c:\windows\system32\winload.exe
    2014-10-15 05:11 . 2014-10-15 05:11 50688 ----a-w- c:\windows\system32\appidapi.dll
    2014-10-15 05:11 . 2014-10-15 05:11 504320 ----a-w- c:\windows\system32\msscp.dll
    2014-10-15 05:11 . 2014-10-15 05:11 50176 ----a-w- c:\windows\system32\setbcdlocale.dll
    2014-10-15 05:11 . 2014-10-15 05:11 50176 ----a-w- c:\windows\system32\rrinstaller.exe
    2014-10-15 05:11 . 2014-10-15 05:11 50176 ----a-w- c:\windows\system32\drivers\appid.sys
    2014-10-15 05:11 . 2014-10-15 05:11 489984 ----a-w- c:\windows\system32\evr.dll
    2014-10-15 05:11 . 2014-10-15 05:11 455752 ----a-w- c:\windows\system32\winresume.exe
    2014-10-15 05:11 . 2014-10-15 05:11 4096 ----a-w- c:\windows\system32\msdxm.ocx
    2014-10-15 05:11 . 2014-10-15 05:11 4096 ----a-w- c:\windows\system32\dxmasf.dll
    2014-10-15 05:11 . 2014-10-15 05:11 409272 ----a-w- c:\windows\system32\ci.dll
    2014-10-15 05:11 . 2014-10-15 05:11 406016 ----a-w- c:\windows\system32\drmmgrtn.dll
    2014-10-15 05:11 . 2014-10-15 05:11 3970488 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2014-10-15 05:11 . 2014-10-15 05:11 3914680 ----a-w- c:\windows\system32\ntoskrnl.exe
    2014-10-15 05:11 . 2014-10-15 05:11 354816 ----a-w- c:\windows\system32\mfplat.dll
    2014-10-15 05:11 . 2014-10-15 05:11 3208704 ----a-w- c:\windows\system32\mf.dll
    2014-10-15 05:11 . 2014-10-15 05:11 27648 ----a-w- c:\windows\system32\appidsvc.dll
    2014-10-15 05:11 . 2014-10-15 05:11 265216 ----a-w- c:\windows\system32\msnetobj.dll
    2014-10-15 05:11 . 2014-10-15 05:11 23040 ----a-w- c:\windows\system32\mfpmp.exe
    2014-10-15 05:11 . 2014-10-15 05:11 2048 ----a-w- c:\windows\system32\mferror.dll
    2014-10-15 05:11 . 2014-10-15 05:11 179200 ----a-w- c:\windows\system32\wintrust.dll
    2014-10-15 05:11 . 2014-10-15 05:11 16896 ----a-w- c:\windows\system32\appidcertstorecheck.exe
    2014-10-15 05:11 . 2014-10-15 05:11 157184 ----a-w- c:\windows\system32\pcasvc.dll
    2014-10-15 05:11 . 2014-10-15 05:11 143872 ----a-w- c:\windows\system32\cryptsvc.dll
    2014-10-15 05:11 . 2014-10-15 05:11 1329664 ----a-w- c:\windows\system32\quartz.dll
    2014-10-15 05:11 . 2014-10-15 05:11 12625408 ----a-w- c:\windows\system32\wmploc.DLL
    2014-10-15 05:11 . 2014-10-15 05:11 1174528 ----a-w- c:\windows\system32\crypt32.dll
    2014-10-15 05:11 . 2014-10-15 05:11 103424 ----a-w- c:\windows\system32\mfps.dll
    2014-10-15 05:11 . 2014-10-15 05:11 1005056 ----a-w- c:\windows\system32\cryptui.dll
    2014-10-02 21:23 . 2014-10-02 21:23 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2014-10-02 21:23 . 2014-10-02 21:23 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2014-09-25 01:40 . 2014-10-02 12:26 519680 ----a-w- c:\windows\system32\qdvd.dll
    2014-09-10 15:02 . 2014-09-10 15:02 2285056 ----a-w- c:\windows\system32\msmpeg2vdec.dll
    2014-09-09 21:47 . 2014-09-27 11:08 2048 ----a-w- c:\windows\system32\tzres.dll
    2014-08-31 12:24 . 2012-07-17 21:37 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
    2014-11-23 17:30 752960 ----a-w- c:\program files\IObit\IObit Uninstaller\UninstallExplorer32.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
    2014-08-25 15:59 3627032 ----a-w- c:\program files\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F}]
    2014-06-11 23:20 464720 ----a-w- c:\program files\IObit\IObit Malware Fighter\adsremoval\IE\Adblock.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll" [2014-08-25 3627032]
    .
    [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco1]
    @="{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}"
    [HKEY_CLASSES_ROOT\CLSID\{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}]
    2014-09-26 21:40 1029280 ----a-w- c:\program files\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x86.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco2]
    @="{853B7E05-C47D-4985-909A-D0DC5C6D7303}"
    [HKEY_CLASSES_ROOT\CLSID\{853B7E05-C47D-4985-909A-D0DC5C6D7303}]
    2014-09-26 21:40 1029280 ----a-w- c:\program files\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x86.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco3]
    @="{42D38F2E-98E9-4382-B546-E24E4D6D04BB}"
    [HKEY_CLASSES_ROOT\CLSID\{42D38F2E-98E9-4382-B546-E24E4D6D04BB}]
    2014-09-26 21:40 1029280 ----a-w- c:\program files\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x86.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2013-05-25 00:36 130736 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2013-05-25 00:36 130736 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2013-05-25 00:36 130736 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2013-05-25 00:36 130736 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "California Fonts Loader"="c:\program files\California Font Manager\CaliforniaFonts.exe" [2012-02-29 628736]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2014-04-26 517392]
    "vProt"="c:\program files\AVG Secure Search\vprot.exe" [2014-08-25 2640408]
    "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2014-09-20 557768]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
    "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe" [2014-09-12 3499920]
    "Adobe Creative Cloud"="c:\program files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" [2014-10-06 2694320]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2014-10-02 421888]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2014-11-23 145904]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2014-11-23 181232]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2014-11-23 189936]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2014-11-23 12021464]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-09-27 271744]
    "IObit Malware Fighter"="c:\program files\IObit\IObit Malware Fighter\IMF.exe" [2014-10-14 1802048]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "RAInstaller c:\program files\RealArcade\Installer\commonResources\GameHouse\gamehouse_"="rmdir" [X]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "Advanced SystemCare 7"="c:\program files\IObit\Advanced SystemCare 7\ASCTray.exe" [2014-08-22 2281248]
    "Backblaze"="c:\program files\Backblaze\bzbui.exe" [2014-11-26 493672]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Event Planner Reminder.lnk - c:\program files\Creative Home\Hallmark Card Studio 2015\Planner\PLNRnote.exe [2014-7-24 364032]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
    @=""
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Event Planner Reminder.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Event Planner Reminder.lnk
    backup=c:\windows\pss\Event Planner Reminder.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
    backup=c:\windows\pss\Kodak EasyShare software.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
    backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Scan2PC.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Scan2PC.lnk
    backup=c:\windows\pss\Scan2PC.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
    path=c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    backup=c:\windows\pss\Dropbox.lnk.Startup
    backupExtension=.Startup
    .
    [HKLM\~\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PowerReg SchedulerV2.exe]
    path=c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg SchedulerV2.exe
    backup=c:\windows\pss\PowerReg SchedulerV2.exe.Startup
    backupExtension=.Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
    2014-09-12 09:43 3499920 ----a-w- c:\program files\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2014-08-21 16:30 959176 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Creative Cloud]
    2014-10-06 12:31 2694320 ----a-w- c:\program files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
    2014-09-20 02:22 557768 ----a-w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5.5ServiceManager]
    2011-01-12 14:08 1523360 ----a-w- c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS6ServiceManager]
    2013-04-25 10:50 1075296 ----a-w- c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
    2013-09-14 03:51 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
    2010-10-28 02:17 207424 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Backblaze]
    2014-11-26 00:09 493672 ----a-w- c:\program files\Backblaze\bzbui.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\California Fonts Loader]
    2012-02-29 04:31 628736 ----a-w- c:\program files\California Font Manager\CaliforniaFonts.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonQuickMenu]
    2012-04-03 20:26 1273448 ----a-w- c:\program files\Canon\Quick Menu\CNQMMAIN.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
    2014-11-23 17:38 181232 ----a-w- c:\windows\System32\hkcmd.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
    2014-11-23 17:38 145904 ----a-w- c:\windows\System32\igfxtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IObit Malware Fighter]
    2014-10-14 02:47 1802048 ----a-w- c:\program files\IObit\IObit Malware Fighter\IMF.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcpltui_exe]
    2014-04-26 01:29 517392 ----a-w- c:\program files\McAfee.com\Agent\mcagent.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcui_exe]
    2014-04-26 01:29 517392 ----a-w- c:\program files\McAfee.com\Agent\mcagent.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
    2014-11-23 17:38 189936 ----a-w- c:\windows\System32\igfxpers.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2014-10-02 21:23 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
    2014-11-23 17:41 12021464 ----a-w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2014-09-27 06:47 271744 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
    2010-02-19 21:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vProt]
    2014-08-25 15:59 2640408 ----a-w- c:\program files\AVG Secure Search\vprot.exe
    .
    R2 LiveUpdateSvc;LiveUpdate;c:\program files\IObit\LiveUpdate\LiveUpdate.exe [2014-11-23 2283296]
    R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2013-09-23 147912]
    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-11-14 102912]
    R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe [2014-04-09 235696]
    R3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\DRIVERS\mfencrk.sys [2014-08-20 81296]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-06-19 14848]
    R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-06-19 49664]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2013-06-19 27136]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-05-31 1343400]
    S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2014-06-20 217224]
    S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2014-06-04 18624]
    S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2014-08-11 42784]
    S1 ccSet_NST;Norton Safe Web Lite Settings Manager;c:\windows\system32\drivers\NST\0200000.010\ccSetx86.sys [2011-08-08 132744]
    S2 AdvancedSystemCareService7;Advanced SystemCare Service 7;c:\program files\IObit\Advanced SystemCare 7\ASCService.exe [2014-08-19 893216]
    S2 Agent;VPDAgent;c:\windows\VPDAgent.exe [2012-03-06 192512]
    S2 bzserv;Backblaze Service;c:\program files\Backblaze\bzserv.exe [2014-11-26 234600]
    S2 HomeNetSvc;McAfee Home Network;c:\program files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [2013-07-30 281560]
    S2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [2014-10-01 344896]
    S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2012-08-31 167784]
    S2 McAPExe;McAfee AP Service;c:\program files\McAfee\MSC\McAPExe.exe [2014-04-26 145568]
    S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [2013-07-30 281560]
    S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [2013-07-30 281560]
    S2 mcpltsvc;McAfee Platform Services;c:\program files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [2013-07-30 281560]
    S2 mfecore;McAfee Anti-Malware Core;c:\program files\Common Files\McAfee\AMCore\mcshield.exe [2014-08-20 655936]
    S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2014-06-20 169800]
    S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2014-06-20 179600]
    S2 NSL;Norton Safe Web Lite;c:\program files\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe [2011-08-10 138760]
    S2 ogmservice;Online Games Manager;c:\program files\Online Games Manager\ogmservice.exe [2014-03-27 581568]
    S2 Scan2PC;Scan2PC;c:\program files\Scan2PC\Sc2PCSvc.exe [2009-07-28 69632]
    S2 TeamViewer9;TeamViewer 9;c:\program files\TeamViewer\Version9\TeamViewer_Service.exe [2014-09-12 4799760]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]
    S2 vToolbarUpdater18.1.9;vToolbarUpdater18.1.9;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [2014-08-11 1820184]
    S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2014-06-20 62832]
    S3 FileMonitor;FileMonitor;c:\program files\IObit\IObit Malware Fighter\Drivers\win7_x86\FileMonitor.sys [2013-03-23 21480]
    S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2012-04-24 169752]
    S3 MEI;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\TeeDriver.sys [2014-11-23 86488]
    S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2014-06-20 369248]
    S3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\DRIVERS\mfencbdc.sys [2014-08-20 350240]
    S3 RegFilter;RegFilter;c:\program files\IObit\IObit Malware Fighter\drivers\win7_x86\regfilter.sys [2013-11-20 32288]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2014-11-23 719064]
    S3 UrlFilter;UrlFilter;c:\program files\IObit\IObit Malware Fighter\drivers\win7_x86\UrlFilter.sys [2013-11-20 20944]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2014-11-26 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-31 15:36]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://search.conduit.com?SearchSource=10&CUI=UN42947427976486298&UM=2&ctid=CT3310511
    mStart Page = about:blank
    TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll
    FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\am53b3xu.default-1411387983416\
    FF - prefs.js: browser.search.selectedEngine - Yahoo
    FF - prefs.js: browser.startup.homepage - hxxp://ww2.cox.com/myconnection/sandiego/home.cox
    .
    - - - - ORPHANS REMOVED - - - -
    .
    MSConfigStartUp-Advanced SystemCare 6 - c:\program files\IObit\Advanced SystemCare 6\ASCTray.exe
    MSConfigStartUp-SearchSettings - c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\NSL]
    "ImagePath"="\"c:\program files\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe\" /s \"NSL\" /m \"c:\program files\Norton Safe Web Lite\Engine\2.0.0.16\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5d,bf,40,19,6a,27,18,42,b5,08,5d,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5d,bf,40,19,6a,27,18,42,b5,08,5d,\
    .
    [HKEY_USERS\S-1-5-21-1241181004-2622625590-1122715860-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.Email.1"
    .
    [HKEY_USERS\S-1-5-21-1241181004-2622625590-1122715860-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.VCard.1"
    .
    [HKEY_USERS\S-1-5-21-1241181004-2622625590-1122715860-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D105354C-7C28-8B52-49FC-3D317FC4B66B}*]
    "iaaifkdbcmhghefhcg"=hex:6a,61,68,62,65,64,65,68,67,6d,6a,6d,6b,6d,67,6d,6b,62,
    6d,6d,00,00
    "hakicpojmjnmoekh"=hex:6a,61,68,62,65,64,65,68,67,6d,6a,6d,6b,6d,67,6d,6b,62,
    6d,6d,00,00
    "hanpfofjocfdobkf"=hex:63,63,69,6d,70,61,69,6e,65,66,64,70,6f,61,6c,64,6c,68,
    6d,69,63,65,64,64,6b,69,66,6c,64,64,67,62,68,66,6c,6d,6c,6e,69,69,67,69,68,\
    .
    [HKEY_USERS\S-1-5-21-1241181004-2622625590-1122715860-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E031DDDE-7E65-502B-56CD-D21900E0135C}*]
    "iaoafcdfmbhdjocknp"=hex:69,61,65,61,6b,61,70,64,67,6e,63,65,6a,70,61,67,68,70,
    00,00
    "hamahhapcnoojbin"=hex:69,61,65,61,6b,61,70,64,67,6e,63,65,6a,70,61,67,68,70,
    00,00
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_223_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_223_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{D105354C-7C28-8B52-49FC-3D317FC4B66B}\InProcServer32*]
    "jagimocpnigbbghiomoj"=hex:6a,61,68,62,65,64,65,68,67,6d,6a,6d,6b,6d,67,6d,6b,
    62,6d,6d,00,00
    "iagigfinbplpolgphn"=hex:6a,61,68,62,65,64,65,68,67,6d,6a,6d,6b,6d,67,6d,6b,62,
    6d,6d,00,00
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E031DDDE-7E65-502B-56CD-D21900E0135C}\InProcServer32*]
    "jaibgbfjbgmhagpmndom"=hex:69,61,65,61,6b,61,70,64,67,6e,63,65,6a,70,61,67,68,
    70,00,00
    "iaibmalichgmihefpd"=hex:69,61,65,61,6b,61,70,64,67,6e,63,65,6a,70,61,67,68,70,
    00,00
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker6"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'Explorer.exe'(9404)
    c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
    c:\windows\system32\taskhost.exe
    c:\windows\system32\PSIService.exe
    c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
    c:\program files\IObit\Advanced SystemCare 7\Monitor.exe
    c:\windows\system32\rundll32.exe
    c:\windows\system32\conhost.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
    c:\windows\system32\conhost.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\program files\Common Files\McAfee\SystemCore\mfefire.exe
    c:\program files\Common Files\McAfee\Platform\mcuicnt.exe
    c:\program files\IObit\IObit Uninstaller\UninstallMonitor.exe
    c:\program files\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
    c:\program files\IObit\Advanced SystemCare 7\RealTimeProtector.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\program files\Backblaze\bzfilelist.exe
    c:\windows\system32\conhost.exe
    c:\program files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
    c:\program files\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
    c:\program files\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
    c:\windows\System32\WUDFHost.exe
    c:\program files\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
    c:\program files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    c:\windows\system32\sppsvc.exe
    c:\windows\servicing\TrustedInstaller.exe
    c:\windows\system32\RunDll32.exe
    .
    **************************************************************************
    .
    Completion time: 2014-11-25 19:57:36 - machine was rebooted
    ComboFix-quarantined-files.txt 2014-11-26 03:57
    .
    Pre-Run: 349,681,725,440 bytes free
    Post-Run: 350,401,171,456 bytes free
    .
    - - End Of File - - 13F5B3C58CE206A103BCB2C84DD5BE45
    A36C5E4F47E84449FF07ED3517B43A31

  7. #7
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Uninstall Advanced SystemCare.
    Registry cleaners/optimizers are not recommended for several reasons:


    • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

      The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
    • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
    • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
    • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
    • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".


    Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.





    Please download AdwCleaner by Xplode onto your desktop.

    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.



    Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.



    Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.

  8. #8
    Join Date
    Nov 2014
    Posts
    17
    Here I go....
    Uninstalled Advanced SystemCare.
    Ran AdwCleaner and Junkware Removal Tool (logs duplicated below).
    Could not run Farbar Recovery Scan Tool - the following message popped up:
    Line 10308 (File ""):
    Error "EndIf statement with no matching "If" statement.

    The logs:

    # AdwCleaner v4.102 - Report created 26/11/2014 at 04:33:34
    # Updated 23/11/2014 by Xplode
    # Database : 2014-11-25.1 [Live]
    # Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
    # Username : Owner - OWNER-PC
    # Running from : C:\Users\Owner\Desktop\adwcleaner_4.102.exe
    # Option : Clean

    ***** [ Services ] *****

    Service Deleted : vToolbarUpdater18.1.9

    ***** [ Files / Folders ] *****

    Folder Deleted : C:\Users\Owner\Favorites\Tutorials
    Folder Deleted : C:\ProgramData\AVG Secure Search
    Folder Deleted : C:\ProgramData\Conduit
    Folder Deleted : C:\ProgramData\ParetoLogic
    Folder Deleted : C:\ProgramData\Trymedia
    Folder Deleted : C:\ProgramData\Alawar Entertainment
    Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
    Folder Deleted : C:\Program Files\AVG Secure Search
    Folder Deleted : C:\Program Files\AVG Security Toolbar
    Folder Deleted : C:\Program Files\Conduit
    Folder Deleted : C:\Program Files\SmartTweak
    Folder Deleted : C:\Program Files\Uninstaller
    Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
    Folder Deleted : C:\Users\Owner\AppData\Local\AVG Secure Search
    Folder Deleted : C:\Users\Owner\AppData\Local\Conduit
    Folder Deleted : C:\Users\Owner\AppData\Local\genienext
    Folder Deleted : C:\Users\Owner\AppData\LocalLow\AVG Secure Search
    Folder Deleted : C:\Users\Owner\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\Owner\AppData\Roaming\DriverCure
    Folder Deleted : C:\Users\Owner\AppData\Roaming\Optimizer Pro
    Folder Deleted : C:\Users\Owner\AppData\Roaming\ParetoLogic
    Folder Deleted : C:\Users\Owner\AppData\Roaming\Alawar Entertainment
    Folder Deleted : C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SmartTweak Software
    Folder Deleted : C:\Users\Owner\Desktop\Tutorials
    Folder Deleted : C:\Users\Owner\Documents\Optimizer Pro
    Folder Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\am53b3xu.default-1411387983416\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    Folder Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\p4wtfm8m.default-1407511791679\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    Folder Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\am53b3xu.default-1411387983416\Extensions\adremoveext@adremoveext.net
    Folder Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\p4wtfm8m.default-1407511791679\Extensions\adremoveext@adremoveext.net
    Folder Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\rntoc33p.default-1379719655683\Extensions\adremoveext@adremoveext.net
    Folder Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fopdddcinljmpmioaklghcalngfhbaen
    Folder Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkcefkcdkepgkpbgncjchhbjgoanleod
    File Deleted : C:\Users\Owner\AppData\LocalLow\SkwConfig.bin

    ***** [ Scheduled Tasks ] *****

    Task Deleted : Driver Booster Scan
    Task Deleted : Driver Booster Update

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\conduit.com
    Key Deleted : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
    Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
    Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
    Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
    Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
    Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{30CEEEA2-3742-40e4-85DD-812BF1CBB83D}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30CEEEA2-3742-40e4-85DD-812BF1CBB83D}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30CEEEA2-3742-40e4-85DD-812BF1CBB83D}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{30CEEEA2-3742-40e4-85DD-812BF1CBB83D}]
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3774A2CA-97AE-4487-9287-92DC850D862D}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\AVG Secure Search
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\IM
    Key Deleted : HKCU\Software\ImInstaller
    Key Deleted : HKCU\Software\ParetoLogic
    Key Deleted : HKCU\Software\smarttweak
    Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Key Deleted : HKLM\SOFTWARE\AVG Secure Search
    Key Deleted : HKLM\SOFTWARE\AVG Security Toolbar
    Key Deleted : HKLM\SOFTWARE\Conduit
    Key Deleted : HKLM\SOFTWARE\Freeze.com
    Key Deleted : HKLM\SOFTWARE\ParetoLogic
    Key Deleted : HKLM\SOFTWARE\systweak
    Key Deleted : HKLM\SOFTWARE\Trymedia Systems
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.0.3
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NST

    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.17420

    Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

    -\\ Mozilla Firefox v33.1 (x86 en-US)

    [am53b3xu.default-1411387983416\prefs.js] - Line Deleted : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\FireFoxExt\\18.1.9.799");
    [am53b3xu.default-1411387983416\prefs.js] - Line Deleted : user_pref("avg.userPreferences.URLBarFocus.whiteList", "bing\\.comgoogle\\.\\w+yahoo\\.\\w+gmail\\.\\w+hotmail\\.\\w+live\\.\\w+isearch\\.avg\\.commysearch\\.avg\\.com");

    -\\ Google Chrome v


    *************************

    AdwCleaner[R0].txt - [9819 octets] - [26/11/2014 04:31:19]
    AdwCleaner[S0].txt - [9892 octets] - [26/11/2014 04:33:34]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9952 octets] ##########

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.3.9 (11.15.2014:2)
    OS: Windows 7 Home Premium x86
    Ran by Owner on Wed 11/26/2014 at 4:44:29.70
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys



    ~~~ Files

    Successfully deleted: [File] C:\Windows\System32\Tasks\Driver Booster SkipUAC (SYSTEM)
    Successfully deleted: [File] "C:\Windows\couponprinter.ocx"



    ~~~ Folders

    Successfully deleted: [Folder] "C:\ProgramData\ammyy"
    Successfully deleted: [Folder] "C:\ProgramData\pc1data"
    Successfully deleted: [Folder] "C:\Program Files\coupons"
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{0817BA02-3957-4CA9-98DD-015976C374CE}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{09257A49-CB6A-4EA9-8E50-00784BB3524F}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{0A407710-599B-464F-8009-C6D5FD26675A}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{0CF82B95-8FFD-4D3A-B2FE-5B48C96F0E2E}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{131DF55C-383B-4732-9746-58AC279F4C1B}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{13A8A873-5FCF-4CCC-94A3-F0309EA615E2}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{144DEC27-1032-49CC-A8D8-BA09744D5EC5}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{19CE05A2-6D65-42D6-8FCE-C608BAE165BE}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{1CABB23A-1E38-4B23-9FCE-C674AC6A5076}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{23679591-6B93-43C5-9B2B-04390B24889D}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{33A7F716-3123-4447-8356-A7C94241859D}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{36F520AA-75D3-4413-AA1F-1556D947D47D}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{3CCDD2DF-5777-4D59-8D4A-85EA28729409}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{40C6AF96-4BF9-4364-BA40-EB080D9EF766}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{424DDF44-F97A-4DF3-85D3-4EF92558EBA7}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{4517500A-D7CB-4420-920D-073209863FD6}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{55288609-DC26-475D-BA1A-3C845BF2D8B2}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{5563CDA6-6FB4-4FE5-932B-6C4D7C571E9B}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{5581B6A1-6920-4E91-9A6E-C7CCDE835790}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{5B792AAE-22BB-4F9C-B008-1ED2331A8E6C}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{5BA73EB7-6B42-4E12-9A9A-6E22096B1986}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{6149C576-C242-479A-8621-016A62E2865E}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{6222C945-DD15-4E18-B209-50F29CB17453}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{627BFE7E-0F79-41A6-AF13-D0D9BEB9C794}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{64B2F7D7-A95A-4FBF-AC39-1B91C80B4C4A}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{658A5E0D-3B0A-412A-BCB4-5DF23B5E8C4D}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{6C06F702-E764-418A-8690-42914948E1A9}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{7EEE6D4F-0CAE-4E17-83C9-17C03CFF0D21}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{7F6E2112-5710-4997-9CFB-A675FB0DE166}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{8AED9039-2C77-48E4-B286-FD5A208D0D45}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{8F3725D2-6327-4D25-BD8F-F4899105BA3A}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{915D5B55-62D2-49A9-8741-F30541099E1A}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{97B03D4B-35CB-47C8-AB41-98F695E2412B}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{994C455F-2421-4C6F-92EC-6D2BF624C57C}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{99FEEC30-4362-443E-8C6C-A6938294117F}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{AB7D22B3-3B6B-4AC3-BC92-2621A703AD7E}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{C1AFA01E-D595-4165-B84E-D9AB0525D905}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{C7740A91-3D74-4782-952A-522E52A50E1C}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{D085CF5A-B549-44E3-B934-7A7A8E93FF34}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{D409DBAC-F9FC-403C-946D-AC5C49F73C61}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{D615A274-C94A-4A34-8E97-8DB39C2F2DFD}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{D81A8173-CAAD-4C76-B3B5-605B4C8413E7}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{D87882D8-982B-41E4-A9F0-EA240A421817}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{D9BA70BE-AC44-42CD-BCA9-268D5B23F89A}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{DF855E96-A307-4048-B717-02A698329556}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{E1AFC45F-4D13-4DA8-87A1-7C8BF94AF341}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{E62A60AB-DB3C-4EB1-9548-BD07CE887B29}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{F346195A-477D-44C2-B153-08D3793FA810}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{F4312DC9-6D77-485C-B92C-A74930D5DCFC}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{F521A18F-7F1C-4AA1-9430-4A983B617425}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{F7CA3A08-EE62-4B7E-B9C3-8A042F8CF9F4}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{FA0A8462-D08B-4BDE-B31C-0140BC7D0C4C}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{FA3317AD-A53A-4436-9807-F26373B70DA2}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{FBA6AFB5-120C-4E75-AF8E-0711D347E14B}
    Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{FCD39755-7195-49C7-A3B5-4E750F828C89}



    ~~~ FireFox

    Emptied folder: C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\am53b3xu.default-1411387983416\minidumps [37 files]



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Wed 11/26/2014 at 4:46:05.93
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  9. #9
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Delete your FRST file, download new one and try again.

  10. #10
    Join Date
    Nov 2014
    Posts
    17
    Deleted FRST file, downloaded new one, and ran scan. First part of Log FRST follows (complete log is too long for form):

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-11-2014 01
    Ran by Owner (administrator) on OWNER-PC on 26-11-2014 17:48:44
    Running from C:\Users\Owner\Desktop
    Loaded Profile: Owner (Available profiles: Owner)
    Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: English (United States)
    Internet Explorer Version 11
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Two Pilots) C:\Windows\VPDAgent.exe
    (IObit) C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
    (ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    () C:\Program Files\Backblaze\bzserv.exe
    (McAfee, Inc.) C:\Windows\System32\mfevtps.exe
    (Symantec Corporation) C:\Program Files\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe
    (RealNetworks, Inc.) C:\Program Files\Online Games Manager\ogmservice.exe
    () C:\Windows\System32\PSIService.exe
    (Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    () C:\Program Files\Scan2PC\Sc2PCSvc.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
    (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
    (Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
    (Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
    (McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
    (McAfee, Inc.) C:\Program Files\Common Files\Mcafee\AMCore\mcshield.exe
    (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
    (Creative Home) C:\Program Files\Creative Home\Hallmark Card Studio 2015\Planner\PLNRnote.exe
    (Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
    (McAfee, Inc.) C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
    (IObit) C:\Program Files\IObit\IObit Uninstaller\UninstallMonitor.exe
    () C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
    (Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
    (Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
    (Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    (McAfee, Inc.) C:\Program Files\Common Files\Mcafee\Platform\McUICnt.exe
    (McAfee, Inc.) C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
    (McAfee, Inc.) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
    (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe
    (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe
    (McAfee, Inc.) C:\Program Files\Common Files\Mcafee\Platform\Core\mchost.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [517392 2014-04-25] (McAfee, Inc.)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-09-19] (Adobe Systems Incorporated)
    HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
    HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499920 2014-09-12] (Adobe Systems Inc.)
    HKLM\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2014-10-06] (Adobe Systems Incorporated)
    HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12021464 2014-11-23] (Realtek Semiconductor)
    HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
    HKLM\...\Run: [IObit Malware Fighter] => C:\Program Files\IObit\IObit Malware Fighter\IMF.exe [1802048 2014-10-13] (IObit)
    HKLM\...\RunOnce: [RAInstaller C:\Program Files\RealArcade\Installer\commonResources\GameHouse\gamehouse_] => cmd.exe /c "rmdir /S /Q "C:\Program Files\RealArcade\Installer\commonResources\GameHouse\gamehouse_""
    HKU\S-1-5-21-1241181004-2622625590-1122715860-1000\...\Run: [California Fonts Loader] => C:\Program Files\California Font Manager\CaliforniaFonts.exe [628736 2012-02-28] (SqueakyChocolate, LLC)
    HKU\S-1-5-18\...\Run: [Advanced SystemCare 7] => "C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto
    HKU\S-1-5-18\...\Run: [Backblaze] => C:\Program Files\Backblaze\bzbui.exe [493672 2014-11-25] ()
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Event Planner Reminder.lnk
    ShortcutTarget: Event Planner Reminder.lnk -> C:\Program Files\Creative Home\Hallmark Card Studio 2015\Planner\PLNRnote.exe (Creative Home)
    ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x86.dll ()
    ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x86.dll ()
    ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x86.dll ()
    ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)

  11. #11
    Join Date
    Nov 2014
    Posts
    17
    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir...=ie&ar=msnhome
    HKU\S-1-5-21-1241181004-2622625590-1122715860-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
    HKU\S-1-5-21-1241181004-2622625590-1122715860-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x3858F7E4FC98CD01
    HKU\S-1-5-21-1241181004-2622625590-1122715860-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    URLSearchHook: HKU\S-1-5-21-1241181004-2622625590-1122715860-1000 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    HKU\S-1-5-21-1241181004-2622625590-1122715860-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    SearchScopes: HKLM -> DefaultScope {3774A2CA-97AE-4487-9287-92DC850D862D} URL =
    SearchScopes: HKU\S-1-5-21-1241181004-2622625590-1122715860-1000 -> DefaultScope {DA6A0AE5-8D17-4EB4-B086-57ECB564DC5F} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=800236&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-1241181004-2622625590-1122715860-1000 -> {34749075-7842-402F-804A-E96032AF4EC5} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-1241181004-2622625590-1122715860-1000 -> {5A94B4B8-9225-4FB5-A9A0-26ECD95D7009} URL = http://search.yahoo.com/search?fr=mcafee&type=A011US636&p={SearchTerms}
    SearchScopes: HKU\S-1-5-21-1241181004-2622625590-1122715860-1000 -> {DA6A0AE5-8D17-4EB4-B086-57ECB564DC5F} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=800236&p={searchTerms}
    BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
    BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll (IObit)
    BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Ads Removal -> {9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} -> C:\Program Files\IObit\IObit Malware Fighter\adsremoval\IE\Adblock.dll (Adblock)
    BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    BHO: Advanced SystemCare Browser Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
    Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    Toolbar: HKLM - No Name - {30CEEEA2-3742-40e4-85DD-812BF1CBB83D} - No File
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
    Tcpip\Parameters: [DhcpNameServer] 68.105.28.12 68.105.29.12 68.105.28.11

    FireFox:
    ========
    FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\am53b3xu.default-1411387983416
    FF DefaultSearchEngine: Yahoo
    FF SelectedSearchEngine: Yahoo
    FF Homepage: hxxp://ww2.cox.com/myconnection/sandiego/home.cox
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
    FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
    FF Plugin: @java.com/DTPlugin,version=10.72.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=10.72.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
    FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Users\Owner\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
    FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\avg-secure-search.xml
    FF Extension: DownloadHelper - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\am53b3xu.default-1411387983416\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-23]
    FF Extension: Pin It Button - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\am53b3xu.default-1411387983416\Extensions\jid1-YcMV6ngYmQRA2w@jetpack.xpi [2014-09-22]
    FF Extension: AmazonSmile 1Button for Firefox - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\am53b3xu.default-1411387983416\Extensions\smile1Button@amazon.com.xpi [2014-10-12]
    FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
    FF Extension: Adobe Acrobat - Create PDF - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2012-12-29]
    FF HKLM\...\Firefox\Extensions: [{203FB6B2-2E1E-4474-863B-4C483ECCE78E}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2.0.0.16\coFFNST
    FF Extension: Norton Safe Web Lite Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2.0.0.16\coFFNST [2014-11-26]
    FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor
    FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2013-06-09]
    FF HKU\S-1-5-21-1241181004-2622625590-1122715860-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
    FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
    FF Extension: No Name - web2pdfextension@web2pdf.adobedotcom [Not Found]

    Chrome:
    =======
    CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
    CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-09-12]
    CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2014-11-20]

    ========================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
    R2 Agent; C:\Windows\VPDAgent.exe [192512 2012-03-06] (Two Pilots) [File not signed]
    R2 bzserv; C:\Program Files\Backblaze\bzserv.exe [234600 2014-11-25] ()
    S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [279024 2014-11-23] (Intel Corporation)
    R2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
    R3 ICCS; C:\Program Files\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [169752 2012-04-24] (Intel Corporation)
    R2 IMFservice; C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe [344896 2014-09-30] (IObit)
    S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2283296 2014-11-23] (IObit)
    R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
    R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [145568 2014-04-25] (McAfee, Inc.)
    S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
    R2 McMPFSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
    R2 McNaiAnn; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
    S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [472072 2014-09-04] (McAfee, Inc.)
    R2 mcpltsvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
    R2 McProxy; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
    R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [655936 2014-08-20] (McAfee, Inc.)
    R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [169800 2014-06-20] (McAfee, Inc.)
    R2 mfevtp; C:\Windows\system32\mfevtps.exe [179600 2014-06-20] (McAfee, Inc.)
    R2 NSL; C:\Program Files\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe [138760 2011-08-10] (Symantec Corporation)
    R2 ogmservice; C:\Program Files\Online Games Manager\ogmservice.exe [581568 2014-03-27] (RealNetworks, Inc.)
    U2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [174656 2006-11-02] () [File not signed]
    R2 Scan2PC; C:\Program Files\Scan2PC\Sc2PCSvc.exe [69632 2009-07-28] () [File not signed]
    S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42784 2014-08-11] (AVG Technologies)
    R1 ccSet_NST; C:\Windows\system32\drivers\NST\0200000.010\ccSetx86.sys [132744 2011-08-08] (Symantec Corporation)
    R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [62832 2014-06-20] (McAfee, Inc.)
    S4 FileMonitor; C:\Program Files\IObit\IObit Malware Fighter\Drivers\win7_x86\FileMonitor.sys [21480 2013-03-23] (IObit)
    S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [147912 2013-09-23] (McAfee, Inc.)
    R3 MEI; C:\Windows\System32\DRIVERS\TeeDriver.sys [86488 2014-11-23] (Intel Corporation)
    R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [135968 2014-06-20] (McAfee, Inc.)
    R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [238176 2014-06-20] (McAfee, Inc.)
    S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [67816 2014-06-20] (McAfee, Inc.)
    R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [369248 2014-06-20] (McAfee, Inc.)
    R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [576048 2014-06-20] (McAfee, Inc.)
    R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [350240 2014-08-20] (McAfee, Inc.)
    S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [81296 2014-08-20] (McAfee, Inc.)
    R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [217224 2014-06-20] (McAfee, Inc.)
    R3 RegFilter; C:\Program Files\IObit\IObit Malware Fighter\drivers\win7_x86\regfilter.sys [32288 2013-11-19] (IObit.com)
    R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [18624 2014-06-04] (IObit)
    S3 UrlFilter; C:\Program Files\IObit\IObit Malware Fighter\drivers\win7_x86\UrlFilter.sys [20944 2013-11-19] (IObit.com)
    U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
    S3 catchme; \??\C:\Users\Owner\AppData\Local\Temp\catchme.sys [X]
    S3 gdrv; No ImagePath

    ==================== NetSvcs (Whitelisted) ===================


    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-11-26 17:48 - 2014-11-26 17:49 - 00022215 _____ () C:\Users\Owner\Desktop\FRST.txt
    2014-11-26 17:48 - 2014-11-26 17:48 - 00000000 ____D () C:\FRST
    2014-11-26 17:43 - 2014-11-26 17:43 - 01109504 _____ (Farbar) C:\Users\Owner\Desktop\FRST.exe
    2014-11-26 08:54 - 2014-11-26 08:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
    2014-11-26 04:44 - 2014-11-26 04:44 - 00000000 ____D () C:\Windows\ERUNT
    2014-11-26 04:31 - 2014-11-26 04:36 - 00000000 ____D () C:\AdwCleaner
    2014-11-26 04:18 - 2014-11-26 04:18 - 02148864 _____ () C:\Users\Owner\Desktop\adwcleaner_4.102.exe
    2014-11-26 04:18 - 2014-11-26 04:18 - 01707532 _____ (Thisisu) C:\Users\Owner\Desktop\JRT.exe
    2014-11-25 19:57 - 2014-11-25 19:57 - 00036530 _____ () C:\ComboFix.txt
    2014-11-25 19:27 - 2014-11-25 19:57 - 00000000 ____D () C:\Qoobox
    2014-11-25 19:27 - 2014-11-25 19:57 - 00000000 ____D () C:\ComboFix
    2014-11-25 19:27 - 2011-06-25 22:45 - 00256000 _____ () C:\Windows\PEV.exe
    2014-11-25 19:27 - 2010-11-07 09:20 - 00208896 _____ () C:\Windows\MBR.exe
    2014-11-25 19:27 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
    2014-11-25 19:27 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2014-11-25 19:27 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2014-11-25 19:27 - 2000-08-30 16:00 - 00098816 _____ () C:\Windows\sed.exe
    2014-11-25 19:27 - 2000-08-30 16:00 - 00080412 _____ () C:\Windows\grep.exe
    2014-11-25 19:27 - 2000-08-30 16:00 - 00068096 _____ () C:\Windows\zip.exe
    2014-11-25 19:26 - 2014-11-25 19:54 - 00000000 ____D () C:\Windows\erdnt
    2014-11-25 16:56 - 2014-11-25 16:56 - 05599228 ____R (Swearware) C:\Users\Owner\Desktop\ComboFix.exe
    2014-11-25 06:15 - 2014-11-25 06:50 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2014-11-25 06:14 - 2014-11-25 06:50 - 00000000 ____D () C:\Users\Owner\Desktop\mbar
    2014-11-25 06:00 - 2014-11-25 06:00 - 00034808 _____ () C:\Windows\system32\Drivers\TrueSight.sys
    2014-11-25 06:00 - 2014-11-25 06:00 - 00000000 ____D () C:\ProgramData\RogueKiller
    2014-11-25 05:57 - 2014-11-25 05:57 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Owner\Desktop\mbar-1.08.2.1001.exe
    2014-11-25 05:56 - 2014-11-25 05:56 - 15196248 _____ () C:\Users\Owner\Desktop\RogueKiller.exe
    2014-11-23 13:23 - 2014-11-23 13:23 - 00688992 ____R (Swearware) C:\Users\Owner\Downloads\dds.com
    2014-11-23 12:40 - 2014-11-25 06:15 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-11-23 12:40 - 2014-11-25 06:14 - 00079576 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2014-11-23 12:40 - 2014-11-23 12:40 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-11-23 12:40 - 2014-11-23 12:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-11-23 12:40 - 2014-11-23 12:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-11-23 12:40 - 2014-11-23 12:40 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
    2014-11-23 12:40 - 2014-10-01 11:11 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2014-11-23 12:40 - 2014-10-01 11:11 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2014-11-23 10:40 - 2014-11-23 10:41 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Owner\Downloads\mbam-setup-2.0.3.1025.exe
    2014-11-23 10:07 - 2014-11-23 10:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
    2014-11-23 10:06 - 2014-11-23 10:06 - 32809520 _____ (IObit ) C:\Users\Owner\Downloads\IObit-Malware-Fighter-Setup(2).exe
    2014-11-23 09:44 - 2014-11-23 09:44 - 00000000 ____D () C:\Program Files\Common Files\Java
    2014-11-23 09:44 - 2014-11-23 09:43 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
    2014-11-23 09:43 - 2014-11-23 09:43 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
    2014-11-23 09:43 - 2014-11-23 09:43 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
    2014-11-23 09:43 - 2014-11-23 09:43 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
    2014-11-23 09:43 - 2014-11-23 09:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2014-11-23 09:41 - 2014-11-23 09:41 - 03086040 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHDA.sys
    2014-11-23 09:41 - 2014-11-23 09:41 - 02566872 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkPgExt.dll
    2014-11-23 09:41 - 2014-11-23 09:41 - 02474200 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO.dll
    2014-11-23 09:41 - 2014-11-23 09:41 - 01940056 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ.dll
    2014-11-23 09:41 - 2014-11-23 09:41 - 01892056 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSndMgr.cpl
    2014-11-23 09:41 - 2014-11-23 09:41 - 01099203 _____ () C:\Windows\system32\Drivers\RTAIODAT.DAT
    2014-11-23 09:41 - 2014-11-23 09:41 - 00916696 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoInstII.dll
    2014-11-23 09:41 - 2014-11-23 09:41 - 00900696 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell.dll
    2014-11-23 09:41 - 2014-11-23 09:41 - 00782040 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApoApi.dll
    2014-11-23 09:41 - 2014-11-23 09:41 - 00086488 _____ (Intel Corporation) C:\Windows\system32\Drivers\TeeDriver.sys
    2014-11-23 09:38 - 2014-11-23 09:38 - 10812928 _____ (Intel Corporation) C:\Windows\system32\ig4icd32.dll
    2014-11-23 09:38 - 2014-11-23 09:38 - 09023488 _____ (Intel Corporation) C:\Windows\system32\igfxress.dll
    2014-11-23 09:38 - 2014-11-23 09:38 - 06231536 _____ (Intel Corporation) C:\Windows\system32\GfxUI.exe
    2014-11-23 09:38 - 2014-11-23 09:38 - 03768320 _____ (Intel Corporation) C:\Windows\system32\Drivers\igdkmd32.sys
    2014-11-23 09:38 - 2014-11-23 09:38 - 00438272 _____ (Intel Corporation) C:\Windows\system32\igfxrell.lrc
    2014-11-23 09:38 - 2014-11-23 09:38 - 00437760 _____ (Intel Corporation) C:\Windows\system32\igfxrfra.lrc
    2014-11-23 09:38 - 2014-11-23 09:38 - 00437760 _____ (Intel Corporation) C:\Windows\system32\igfxresn.lrc
    2014-11-23 09:38 - 2014-11-23 09:38 - 00437248 _____ (Intel Corporation) C:\Windows\system32\igfxrrus.lrc
    2014-11-23 09:38 - 2014-11-23 09:38 - 00437248 _____ (Intel Corporation) C:\Windows\system32\igfxrrom.lrc
    2014-11-23 09:38 - 2014-11-23 09:38 - 00436736 _____ (Intel Corporation) C:\Windows\system32\igfxrsky.lrc
    2014-11-23 09:38 - 2014-11-23 09:38 - 00436736 _____ (Intel Corporation) C:\Windows\system32\igfxrptg.lrc
    2014-11-23 09:38 - 2014-11-23 09:38 - 00436736 _____ (Intel Corporation) C:\Windows\system32\igfxrplk.lrc
    2014-11-23 09:38 - 2014-11-23 09:38 - 00436736 _____ (Intel Corporation) C:\Windows\system32\igfxrnld.lrc
    2014-11-23 09:38 - 2014-11-23 09:38 - 00436736 _____ (Intel Corporation) C:\Windows\system32\igfxrita.lrc
    2014-11-23 09:38 - 2014-11-23 09:38 - 00436736 _____ (Intel Corporation) C:\Windows\system32\igfxrhrv.lrc
    2014-11-23 09:38 - 2014-11-23 09:38 - 00436736 _____ (Intel Corporation) C:\Windows\system32\igfxrdeu.lrc
    2014-11-23 09:38 - 2014-11-23 09:38 - 00436224 _____ (Intel Corporation) C:\Windows\system32\igfxrhun.lrc
    2014-11-23 09:38 - 2014-11-23 09:38 - 00436224 _____ (Intel Corporation) C:\Windows\system32\igfxrfin.lrc
    2014-11-23 09:38 - 2014-11-23 09:38 - 00436224 _____ (Intel Corporation) C:\Windows\system32\igfxrcsy.lrc
    2014-11-23 09:38 - 2014-11-23 09:38 - 00435712 _____ (Intel Corporation) C:\Windows\system32\igfxrtrk.lrc
    2014-11-23 09:38 - 2014-11-23 09:38 - 00435712 _____ (Intel Corporation) C:\Windows\system32\igfxrsve.lrc
    2014-11-23 09:38 - 2014-11-23 09:38 - 00435712 _____ (Intel Corporation) C:\Windows\system32\igfxrslv.lrc
    2014-11-23 09:38 - 2014-11-23 09:38 - 00435712 _____ (Intel Corporation) C:\Windows\system32\igfxrptb.lrc
    2014-11-23 09:38 - 2014-11-23 09:38 - 00435712 _____ (Intel Corporation) C:\Windows\system32\igfxrnor.lrc
    2014-11-23 09:38 - 2014-11-23 09:38 - 00435200 _____ (Intel Corporation) C:\Windows\system32\igfxrtha.lrc
    2014-11-23 09:38 - 2014-11-23 09:38 - 00435200 _____ (Intel Corporation) C:\Windows\system32\igfxrdan.lrc
    2014-11-23 09:38 - 2014-11-23 09:38 - 00433664 _____ (Intel Corporation) C:\Windows\system32\igfxrheb.lrc
    2014-11-23 09:38 - 2014-11-23 09:38 - 00433664 _____ (Intel Corporation) C:\Windows\system32\igfxrara.lrc
    2014-11-23 09:38 - 2014-11-23 09:38 - 00430080 _____ (Intel Corporation) C:\Windows\system32\igfxrjpn.lrc
    2014-11-23 09:38 - 2014-11-23 09:38 - 00429056 _____ (Intel Corporation) C:\Windows\system32\igfxrkor.lrc
    2014-11-23 09:38 - 2014-11-23 09:38 - 00427008 _____ (Intel Corporation) C:\Windows\system32\igfxrcht.lrc
    2014-11-23 09:38 - 2014-11-23 09:38 - 00426496 _____ (Intel Corporation) C:\Windows\system32\igfxrchs.lrc
    2014-11-23 09:38 - 2014-11-23 09:38 - 00330752 _____ (Intel Corporation) C:\Windows\system32\igfxdev.dll
    2014-11-23 09:38 - 2014-11-23 09:38 - 00313344 _____ (Intel Corporation) C:\Windows\system32\igfxpph.dll
    2014-11-23 09:38 - 2014-11-23 09:38 - 00286208 _____ (Intel Corporation) C:\Windows\system32\igfxTMM.dll
    2014-11-23 09:38 - 2014-11-23 09:38 - 00284160 _____ (Intel Corporation) C:\Windows\system32\igfxrenu.lrc
    2014-11-23 09:38 - 2014-11-23 09:38 - 00279024 _____ (Intel Corporation) C:\Windows\system32\IntelCpHeciSvc.exe
    2014-11-23 09:38 - 2014-11-23 09:38 - 00271856 _____ (Intel Corporation) C:\Windows\system32\igfxsrvc.exe
    2014-11-23 09:38 - 2014-11-23 09:38 - 00199152 _____ (Intel Corporation) C:\Windows\system32\igfxext.exe
    2014-11-23 09:38 - 2014-11-23 09:38 - 00189936 _____ (Intel Corporation) C:\Windows\system32\igfxpers.exe
    2014-11-23 09:38 - 2014-11-23 09:38 - 00181232 _____ (Intel Corporation) C:\Windows\system32\hkcmd.exe
    2014-11-23 09:38 - 2014-11-23 09:38 - 00175616 _____ (Intel Corporation) C:\Windows\system32\gfxSrvc.dll
    2014-11-23 09:38 - 2014-11-23 09:38 - 00145904 _____ (Intel Corporation) C:\Windows\system32\igfxtray.exe
    2014-11-23 09:38 - 2014-11-23 09:38 - 00130048 _____ (Intel Corporation) C:\Windows\system32\igfxdo.dll
    2014-11-23 09:38 - 2014-11-23 09:38 - 00120320 _____ (Intel Corporation) C:\Windows\system32\igfxcpl.cpl
    2014-11-23 09:38 - 2014-11-23 09:38 - 00102400 _____ (Intel Corporation) C:\Windows\system32\igfxCoIn_v3517.dll
    2014-11-23 09:38 - 2014-11-23 09:38 - 00096256 _____ (Intel Corporation) C:\Windows\system32\hccutils.dll
    2014-11-23 09:38 - 2014-11-23 09:38 - 00078848 _____ () C:\Windows\system32\igdde32.dll
    2014-11-23 09:38 - 2014-11-23 09:38 - 00067956 _____ () C:\Windows\system32\iglhxs32.vp
    2014-11-23 09:38 - 2014-11-23 09:38 - 00059904 _____ (Intel Corporation) C:\Windows\system32\igfxsrvc.dll
    2014-11-23 09:38 - 2014-11-23 09:38 - 00025088 _____ (Intel Corporation) C:\Windows\system32\igfxexps.dll
    2014-11-23 09:38 - 2014-11-23 09:38 - 00009728 _____ ( ) C:\Windows\system32\IGFXDEVLib.dll
    2014-11-23 09:36 - 2014-11-23 09:36 - 00719064 _____ (Realtek ) C:\Windows\system32\Drivers\Rt86win7.sys
    2014-11-23 09:36 - 2014-11-23 09:36 - 00076872 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp32.dll
    2014-11-23 09:30 - 2014-11-23 09:45 - 00002020 _____ () C:\Users\Public\Desktop\Driver Booster 2.lnk
    2014-11-23 09:30 - 2014-11-23 09:30 - 00001138 _____ () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
    2014-11-23 09:30 - 2014-11-23 09:30 - 00001114 _____ () C:\Users\Public\Desktop\IObit Uninstaller.lnk
    2014-11-23 09:30 - 2014-11-23 09:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 2
    2014-11-23 09:29 - 2014-11-23 09:29 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled
    2014-11-23 09:28 - 2014-11-23 10:07 - 00001135 _____ () C:\Users\Public\Desktop\IObit Malware Fighter.lnk
    2014-11-23 09:27 - 2014-11-23 09:27 - 32809520 _____ (IObit ) C:\Users\Owner\Downloads\IObit-Malware-Fighter-Setup(1).exe
    2014-11-23 08:55 - 2014-11-23 09:19 - 00001664 _____ () C:\Users\Owner\Documents\krump.txt
    2014-11-23 07:40 - 2014-11-23 07:40 - 00001136 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
    2014-11-23 07:40 - 2014-11-23 07:40 - 00001124 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
    2014-11-23 07:40 - 2014-11-23 07:40 - 00000000 ____D () C:\Program Files\TeamViewer
    2014-11-23 07:38 - 2014-11-23 07:39 - 06588560 _____ (TeamViewer GmbH) C:\Users\Owner\Downloads\TeamViewer_Setup_en.exe
    2014-11-23 06:04 - 2014-11-26 06:36 - 00001418 _____ () C:\Windows\setupact.log
    2014-11-23 06:04 - 2014-11-23 06:04 - 00000000 _____ () C:\Windows\setuperr.log
    2014-11-23 06:03 - 2014-11-26 04:37 - 00015218 _____ () C:\Windows\PFRO.log
    2014-11-22 17:53 - 2014-11-22 17:53 - 00000000 __SHD () C:\Users\Owner\AppData\Local\EmieBrowserModeList
    2014-11-19 16:58 - 2014-11-19 16:58 - 08941445 _____ () C:\Users\Owner\Downloads\wg_ink_and_water_brushes.zip
    2014-11-19 05:36 - 2014-11-19 05:36 - 00002067 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Lightroom 5.7.lnk
    2014-11-19 05:36 - 2014-11-19 05:36 - 00002055 _____ () C:\Users\Public\Desktop\Lightroom 5.7.lnk
    2014-11-18 10:10 - 2014-11-18 10:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2014-11-18 10:10 - 2014-11-18 10:10 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
    2014-11-13 21:31 - 2014-11-13 21:31 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
    2014-11-13 21:31 - 2014-11-13 21:31 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
    2014-11-13 21:31 - 2014-11-13 21:31 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2014-11-13 21:31 - 2014-11-13 21:31 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2014-11-13 21:31 - 2014-11-13 21:31 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
    2014-11-13 21:31 - 2014-11-13 21:31 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2014-11-13 21:31 - 2014-11-13 21:31 - 00136632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2014-11-13 21:31 - 2014-11-13 21:31 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
    2014-11-13 21:30 - 2014-11-13 21:30 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2014-11-13 21:30 - 2014-11-13 21:30 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
    2014-11-13 21:30 - 2014-11-13 21:30 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
    2014-11-13 21:30 - 2014-11-13 21:30 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
    2014-11-13 21:30 - 2014-11-13 21:30 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
    2014-11-13 21:30 - 2014-11-13 21:30 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
    2014-11-13 21:30 - 2014-11-13 21:30 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
    2014-11-13 21:30 - 2014-11-13 21:30 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
    2014-11-13 21:28 - 2014-11-13 21:28 - 00701440 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
    2014-11-13 21:28 - 2014-11-13 21:28 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2014-11-13 21:28 - 2014-11-13 21:28 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2014-11-13 21:28 - 2014-11-13 21:28 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2014-11-13 21:28 - 2014-11-13 21:28 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2014-11-13 21:28 - 2014-11-13 21:28 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2014-11-13 21:28 - 2014-11-13 21:28 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2014-11-13 21:27 - 2014-11-13 21:27 - 19781632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-11-13 21:27 - 2014-11-13 21:27 - 12819456 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2014-11-13 21:27 - 2014-11-13 21:27 - 04298240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2014-11-13 21:27 - 2014-11-13 21:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-11-13 21:27 - 2014-11-13 21:27 - 02277376 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2014-11-13 21:27 - 2014-11-13 21:27 - 02051072 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2014-11-13 21:27 - 2014-11-13 21:27 - 01892864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2014-11-13 21:27 - 2014-11-13 21:27 - 01310208 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2014-11-13 21:27 - 2014-11-13 21:27 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2014-11-13 21:27 - 2014-11-13 21:27 - 00708096 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2014-11-13 21:27 - 2014-11-13 21:27 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2014-11-13 21:27 - 2014-11-13 21:27 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2014-11-13 21:27 - 2014-11-13 21:27 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2014-11-13 21:27 - 2014-11-13 21:27 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2014-11-13 21:27 - 2014-11-13 21:27 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2014-11-13 21:27 - 2014-11-13 21:27 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2014-11-13 21:27 - 2014-11-13 21:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2014-11-13 21:27 - 2014-11-13 21:27 - 00341168 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2014-11-13 21:27 - 2014-11-13 21:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2014-11-13 21:27 - 2014-11-13 21:27 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2014-11-13 21:27 - 2014-11-13 21:27 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2014-11-13 21:27 - 2014-11-13 21:27 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2014-11-13 21:27 - 2014-11-13 21:27 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2014-11-13 21:27 - 2014-11-13 21:27 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2014-11-13 21:27 - 2014-11-13 21:27 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2014-11-13 21:27 - 2014-11-13 21:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2014-11-13 21:27 - 2014-11-13 21:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2014-11-13 21:27 - 2014-11-13 21:27 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2014-11-13 21:27 - 2014-11-13 21:27 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2014-11-13 21:27 - 2014-11-13 21:27 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2014-11-13 21:21 - 2014-11-05 09:50 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2014-11-13 21:21 - 2014-11-05 09:50 - 00203776 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2014-11-13 21:21 - 2014-11-05 09:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2014-11-10 08:29 - 2014-11-10 08:30 - 00000000 ____D () C:\Program Files\Mozilla Firefox
    2014-11-09 05:11 - 2014-11-09 05:12 - 34332118 _____ () C:\Users\Owner\Downloads\tbrusha(8).exe
    2014-11-08 09:18 - 2014-11-08 09:27 - 00000000 ____D () C:\Users\Owner\Desktop\Creative Arts Pack 1
    2014-11-08 09:09 - 2014-11-08 09:09 - 00000000 ____D () C:\ProgramData\Smith Micro
    2014-11-08 09:08 - 2014-11-08 09:08 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Smith Micro
    2014-11-08 09:07 - 2014-11-08 09:07 - 00001187 _____ () C:\Users\Public\Desktop\ScatterShow.lnk
    2014-11-08 08:41 - 2014-11-08 08:41 - 21477336 _____ (Creative Home ) C:\Users\Owner\Downloads\HallmarkCardStudio2015BonusPack(1).exe
    2014-11-08 08:40 - 2014-11-08 08:59 - 717993680 _____ (Summitsoft Corporation) C:\Users\Owner\Downloads\CreativeArts1_N.exe
    2014-11-08 08:40 - 2014-11-08 08:41 - 27930984 _____ (Smith Micro Software, Inc. ) C:\Users\Owner\Downloads\ScatterShow_UniversalWin_1.1(1).exe
    2014-11-08 08:40 - 2014-11-08 08:40 - 00002094 _____ () C:\Users\Public\Desktop\FontManagementSystem.lnk
    2014-11-08 08:35 - 2014-11-08 08:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Summitsoft
    2014-11-08 08:35 - 2014-11-08 08:40 - 00000000 ____D () C:\Program Files\Summitsoft
    2014-11-08 08:35 - 2014-11-08 08:35 - 00002012 _____ () C:\Users\Public\Desktop\3D Text Studio.lnk
    2014-11-08 08:14 - 2014-11-08 08:14 - 00000000 ____D () C:\Users\Owner\AppData\Local\HCSShell
    2014-11-08 08:03 - 2014-11-08 08:03 - 00002337 _____ () C:\Users\Public\Desktop\Hallmark Card Studio 2015.lnk
    2014-11-08 07:30 - 2014-11-08 07:35 - 202529472 _____ (Creative Home ) C:\Users\Owner\Downloads\HallmarkCardStudio2015ESD_16.0.0.11(1).exe
    2014-11-08 07:29 - 2014-11-08 07:37 - 306604176 _____ (Summtisoft Corporation) C:\Users\Owner\Downloads\CreativeFonts-Full.exe
    2014-11-08 07:29 - 2014-11-08 07:34 - 202529472 _____ (Creative Home ) C:\Users\Owner\Downloads\HallmarkCardStudio2015ESD_16.0.0.11.exe
    2014-11-08 07:29 - 2014-11-08 07:29 - 27930984 _____ (Smith Micro Software, Inc. ) C:\Users\Owner\Downloads\ScatterShow_UniversalWin_1.1.exe
    2014-11-08 07:29 - 2014-11-08 07:29 - 21477336 _____ (Creative Home ) C:\Users\Owner\Downloads\HallmarkCardStudio2015BonusPack.exe
    2014-11-08 07:16 - 2014-11-08 07:17 - 84392194 _____ () C:\Users\Owner\Downloads\AdvancedExtraction(1).mp4
    2014-11-08 07:16 - 2014-11-08 07:17 - 61606982 _____ () C:\Users\Owner\Downloads\AdvancedShadowing(1).mp4
    2014-11-08 07:16 - 2014-11-08 07:16 - 01389604 _____ () C:\Users\Owner\Downloads\AdvancedExtraction(1).zip
    2014-11-08 07:16 - 2014-11-08 07:16 - 01145847 _____ () C:\Users\Owner\Downloads\AdvancedShadowingWithPSP(1).zip
    2014-11-08 04:46 - 2014-11-08 04:47 - 84392194 _____ () C:\Users\Owner\Downloads\AdvancedExtraction.mp4
    2014-11-08 04:46 - 2014-11-08 04:47 - 61606982 _____ () C:\Users\Owner\Downloads\AdvancedShadowing.mp4
    2014-11-08 04:46 - 2014-11-08 04:46 - 01389604 _____ () C:\Users\Owner\Downloads\AdvancedExtraction.zip
    2014-11-08 04:46 - 2014-11-08 04:46 - 01145847 _____ () C:\Users\Owner\Downloads\AdvancedShadowingWithPSP.zip
    2014-11-08 04:45 - 2014-11-08 04:46 - 60295542 _____ () C:\Users\Owner\Downloads\PlayingWithVectors.mp4
    2014-11-08 04:45 - 2014-11-08 04:45 - 00725519 _____ () C:\Users\Owner\Downloads\Playing_with_Vectors.zip
    2014-11-03 19:36 - 2014-11-03 19:38 - 96490796 _____ () C:\Users\Owner\Downloads\SeamlessDesignWithPaintshopPro.mp4
    2014-11-03 19:36 - 2014-11-03 19:36 - 02484201 _____ () C:\Users\Owner\Downloads\Seamless_Design_with_PaintshopPro.zip
    2014-11-03 09:51 - 2014-11-03 09:53 - 00000000 ____D () C:\Users\Owner\Documents\Will info
    2014-11-03 08:17 - 2014-11-03 08:17 - 00668943 _____ () C:\Users\Owner\Downloads\gold_gradient_by_roula33-d4dkxnp.zip
    2014-10-28 17:09 - 2014-10-28 17:10 - 00000000 ____D () C:\Program Files\QuickTime
    2014-10-28 17:09 - 2014-10-28 17:09 - 00001815 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
    2014-10-28 17:09 - 2014-10-28 17:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
    2014-10-28 17:09 - 2014-10-28 17:09 - 00000000 ____D () C:\ProgramData\Apple Computer
    2014-10-27 19:10 - 2014-10-27 19:11 - 07671162 _____ () C:\Users\Owner\Downloads\Attachments_20141027.zip

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-11-26 17:36 - 2012-05-31 11:32 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-11-26 14:51 - 2012-05-31 09:19 - 01215722 _____ () C:\Windows\WindowsUpdate.log
    2014-11-26 14:11 - 2013-03-13 09:12 - 00000000 ____D () C:\Users\Owner\Desktop\Journal
    2014-11-26 10:37 - 2009-07-13 18:37 - 00000000 ____D () C:\Windows\rescache
    2014-11-26 06:45 - 2009-07-13 20:34 - 00029120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-11-26 06:45 - 2009-07-13 20:34 - 00029120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-11-26 06:38 - 2014-08-17 04:41 - 00000000 ____D () C:\Users\Owner\AppData\Local\Adobe
    2014-11-26 06:36 - 2009-07-13 20:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-11-26 05:36 - 2012-05-31 11:32 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
    2014-11-26 05:36 - 2012-05-31 11:32 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
    2014-11-26 04:36 - 2012-06-05 05:33 - 00000000 ___RD () C:\Users\Owner\Desktop\Tutorials
    2014-11-26 04:23 - 2013-06-04 07:26 - 00000000 ____D () C:\Program Files\IObit
    2014-11-25 19:57 - 2009-07-13 18:37 - 00000000 __RHD () C:\Users\Default
    2014-11-25 19:57 - 2009-07-13 18:37 - 00000000 ___RD () C:\Users\Public
    2014-11-25 19:44 - 2009-07-13 18:04 - 00000215 _____ () C:\Windows\system.ini
    2014-11-25 16:10 - 2013-11-18 12:19 - 00000000 ____D () C:\Program Files\Backblaze
    2014-11-23 15:08 - 2012-06-11 07:33 - 00000000 ____D () C:\Users\Owner\AppData\Local\CrashDumps
    2014-11-23 13:10 - 2009-07-13 20:33 - 03910712 _____ () C:\Windows\system32\FNTCACHE.DAT
    2014-11-23 13:00 - 2013-11-24 08:04 - 00000000 ____D () C:\ProgramData\ProductData
    2014-11-23 13:00 - 2009-07-13 18:37 - 00000000 ____D () C:\Windows\Resources
    2014-11-23 12:38 - 2012-05-31 10:25 - 00146328 _____ () C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
    2014-11-23 09:44 - 2012-05-31 10:21 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR
    2014-11-23 09:42 - 2012-05-31 09:36 - 00000000 ____D () C:\Windows\system32\RTCOM
    2014-11-23 09:38 - 2012-05-31 09:33 - 11176448 _____ (Intel Corporation) C:\Windows\system32\igd10umd32.dll
    2014-11-23 09:38 - 2012-03-19 22:26 - 11049984 _____ (Intel Corporation) C:\Windows\system32\igdumd32.dll
    2014-11-23 09:36 - 2012-05-31 09:37 - 00100896 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst32.dll
    2014-11-23 09:28 - 2013-06-04 07:26 - 00000000 ____D () C:\ProgramData\IObit
    2014-11-22 22:48 - 2014-04-03 04:37 - 53444608 _____ () C:\Windows\system32\config\software.iobit
    2014-11-22 22:48 - 2014-04-03 04:37 - 00405504 _____ () C:\Windows\system32\config\default.iobit
    2014-11-22 22:48 - 2014-04-03 04:37 - 00061440 _____ () C:\Windows\system32\config\sam.iobit
    2014-11-22 22:48 - 2014-04-03 04:37 - 00024576 _____ () C:\Windows\system32\config\security.iobit
    2014-11-22 22:48 - 2012-05-31 09:19 - 00000000 ____D () C:\Users\Owner
    2014-11-21 15:45 - 2012-06-21 05:30 - 00000000 ____D () C:\Users\Owner\Desktop\Dave
    2014-11-21 15:43 - 2012-06-04 07:27 - 02578432 ____R () C:\Users\Public\Documents\ESBK.mb
    2014-11-21 15:42 - 2012-06-04 07:27 - 05783552 ____R () C:\Users\Public\Documents\ESBK.mbb
    2014-11-20 09:57 - 2012-06-30 08:17 - 00000000 ____D () C:\Users\Owner\Desktop\Other Extras
    2014-11-19 05:34 - 2012-05-31 10:21 - 00000000 ____D () C:\Program Files\Adobe
    2014-11-18 03:34 - 2014-04-25 07:29 - 00000000 ___SD () C:\Windows\system32\CompatTel
    2014-11-18 03:33 - 2013-08-14 07:24 - 00000000 ____D () C:\Windows\system32\MRT
    2014-11-18 03:21 - 2012-05-31 10:03 - 100445232 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2014-11-16 05:49 - 2014-04-03 04:43 - 53444608 _____ () C:\Windows\system32\config\SOFTWARE.iodefrag.bak
    2014-11-16 05:49 - 2014-04-03 04:43 - 00405504 _____ () C:\Windows\system32\config\DEFAULT.iodefrag.bak
    2014-11-16 05:49 - 2014-04-03 04:43 - 00061440 _____ () C:\Windows\system32\config\SAM.iodefrag.bak
    2014-11-16 05:49 - 2014-04-03 04:43 - 00024576 _____ () C:\Windows\system32\config\SECURITY.iodefrag.bak
    2014-11-14 06:23 - 2009-07-13 18:37 - 00000000 ____D () C:\Windows\Microsoft.NET
    2014-11-11 18:40 - 2012-06-09 10:15 - 01268597 _____ () C:\Windows\system32\gcpr
    2014-11-11 03:45 - 2012-06-01 15:32 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
    2014-11-09 05:15 - 2012-09-28 07:53 - 00002005 _____ () C:\Users\Owner\Desktop\TwistedBrush Pro Studio.lnk
    2014-11-09 05:15 - 2012-09-06 09:01 - 00001159 _____ () C:\Users\Owner\Desktop\TwistedBrush FAQ.lnk
    2014-11-08 09:36 - 2012-08-28 06:56 - 00001109 _____ () C:\Users\Owner\Desktop\California Font Manager.lnk
    2014-11-08 09:07 - 2012-06-04 12:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smith Micro
    2014-11-08 09:07 - 2012-06-04 12:40 - 00000000 ____D () C:\Program Files\Smith Micro
    2014-11-08 08:39 - 2012-06-04 11:12 - 00000000 ____D () C:\Users\Owner\AppData\Local\Downloaded Installations
    2014-11-08 08:14 - 2013-03-17 10:34 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Creative Home
    2014-11-08 08:12 - 2012-12-13 15:16 - 00000000 ____D () C:\Users\Owner\AppData\Local\NovaRegister
    2014-11-08 08:11 - 2012-12-13 15:13 - 00000000 ____D () C:\Users\Owner\AppData\Local\Creative Home
    2014-11-08 08:10 - 2012-12-13 15:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hallmark
    2014-11-08 08:10 - 2012-12-13 15:06 - 00000000 ____D () C:\Program Files\Creative Home
    2014-11-04 09:36 - 2010-11-20 13:01 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-11-04 08:25 - 2009-07-13 18:37 - 00000000 ____D () C:\Windows\system32\NDF
    2014-11-01 08:22 - 2012-10-06 17:10 - 00000000 ____D () C:\Users\Owner\Desktop\Delete
    2014-10-29 16:46 - 2013-01-19 12:15 - 00000000 ____D () C:\Program Files\Common Files\Mcafee
    2014-10-29 05:42 - 2013-12-03 07:54 - 00000000 ____D () C:\Users\Owner\Documents\2014

    Some content of TEMP:
    ====================
    C:\Users\Owner\AppData\Local\Temp\Quarantine.exe
    C:\Users\Owner\AppData\Local\Temp\sqlite3.dll


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2014-11-26 08:50

    ==================== End Of Log ============================

  12. #12
    Join Date
    Nov 2014
    Posts
    17
    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 26-11-2014 01
    Ran by Owner at 2014-11-26 17:50:23
    Running from C:\Users\Owner\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
    AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
    AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: IObit Malware Fighter (Disabled - Up to date) {A751AC20-3B48-5237-898A-78C4436BB78D}
    FW: McAfee Firewall (Disabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    3DTextStudio (HKLM\...\{ECFE53BC-5D24-4C5D-B606-DF9260418768}) (Version: 3.03 - Summitsoft)
    abrMate version 1.0 (HKLM\...\abrMate_is1) (Version: 1.0 - )
    Adobe Acrobat XI Pro (HKLM\...\{23D3F585-AE29-4670-8E3E-64A0EFB29240}) (Version: 11.0 - Adobe Systems Incorporated)
    Adobe Acrobat XI Pro (HKLM\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.09 - Adobe Systems)
    Adobe AIR (HKLM\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
    Adobe Bridge CC (HKLM\...\{B42E718A-AAE9-4C7D-8990-2AE4C4FE87DF}) (Version: 6.1 - Adobe Systems Incorporated)
    Adobe Creative Cloud (HKLM\...\Adobe Creative Cloud) (Version: 2.8.0.447 - Adobe Systems Incorporated)
    Adobe Edge Reflow CC Preview (HKLM\...\{AC41E46F-969F-439B-84C9-D5DA8C783E9D}) (Version: 0.32.13658 - Adobe Systems Incorporated)
    Adobe Exchange Panel (HKLM\...\{41A12FFC-89E9-4743-A51E-00975CA31F40}) (Version: 1 - Adobe Systems Incorporated)
    Adobe Extension Manager CC (HKLM\...\{244FD30F-63F1-49B9-9D98-1150FF4FFCB1}) (Version: 7.3.2 - Adobe Systems Incorporated)
    Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.239 - Adobe Systems Incorporated)
    Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
    Adobe Help Manager (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
    Adobe Illustrator CC 2014 (32 Bit) (HKLM\...\{8913FAF3-5BFE-45BA-AF57-67AF4BA67898}) (Version: 18.1.0 - Adobe Systems Incorporated)
    Adobe Illustrator CS6 (HKLM\...\{4869414E-7AEA-4C8E-BE1C-8D40977FD517}) (Version: 16.0 - Adobe Systems Incorporated)
    Adobe InDesign CC 2014 (32-bit) (HKLM\...\{37BEE0A4-72B9-1014-A77C-C46F3F2C3207}) (Version: 10.1.0.070 - Adobe Systems Incorporated)
    Adobe InDesign CS6 (HKLM\...\{CFB770D7-8D43-1014-922B-CC2715FADE3F}) (Version: 8.0.2.413 - Adobe Systems Incorporated)
    Adobe Muse (HKLM\...\{9A554C9D-E12D-4205-8101-9F4337CD5673}) (Version: 3.2 - Adobe Systems Incorporated)
    Adobe Muse (HKLM\...\AdobeMuse) (Version: 3.2.2 - Adobe Systems Incorporated)
    Adobe Photoshop CC (HKLM\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)
    Adobe Photoshop CC 2014 (32 Bit) (HKLM\...\{7C25E7A0-A0A1-4B87-BB30-BF0FBDC37878}) (Version: 15.2.1 - Adobe Systems Incorporated)
    Adobe Photoshop CS5.1 (HKLM\...\{9158FF30-78D7-40EF-B83E-451AC5334640}) (Version: 12.1 - Adobe Systems Incorporated)
    Adobe Photoshop CS6 (HKLM\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
    Adobe Photoshop Lightroom 4.4 (HKLM\...\{FA6F726E-AA8D-492A-B18A-A5945C337FCE}) (Version: 4.4.1 - Adobe)
    Adobe Photoshop Lightroom 5.7 (HKLM\...\{BA600B89-5E5B-4F1E-8B56-D64656A1AF26}) (Version: 5.7.0 - Adobe Systems Incorporated)
    Adobe Reader XI (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)
    Adobe® Content Viewer (HKLM\...\com.adobe.dmp.contentviewer) (Version: 3.4.3 - Adobe Systems, Incorporated)
    Alien Skin Eye Candy 5 Impact (HKLM\...\EyeCandy5Impact) (Version: - )
    Alien Skin Eye Candy 5 Nature (HKLM\...\EyeCandy5Nature) (Version: - )
    Alien Skin Eye Candy 5 Textures (HKLM\...\EyeCandy5Textures) (Version: - )
    Alien Skin Image Doctor (HKLM\...\Image Doctor) (Version: - )
    Alien Skin Splat! (HKLM\...\Splat) (Version: - )
    AllMyNotes Organizer (HKLM\...\AllMyNotes Organizer) (Version: 3.10 - Vladonai Software)
    Amazon Kindle (HKLM\...\Amazon Kindle) (Version: - Amazon)
    Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
    Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    ArcSoft PhotoImpression (HKLM\...\{6C5D7191-140A-11D6-B5A0-0050DA208A93}) (Version: - )
    ArcSoft Print Creations - Album Page (HKLM\...\{E6B4117F-AC59-4B13-9274-EB136E8897EE}) (Version: - ArcSoft)
    ArcSoft Print Creations - Funhouse (HKLM\...\{9591C049-5CAE-4E89-A8D9-191F1899628B}) (Version: - ArcSoft)
    ArcSoft Print Creations - Greeting Card (HKLM\...\{F04F9557-81A9-4293-BC49-2C216FA325A7}) (Version: - ArcSoft)
    ArcSoft Print Creations - Photo Book (HKLM\...\{56589DFE-0C29-4DFE-8E42-887B771ECD23}) (Version: - ArcSoft)
    ArcSoft Print Creations - Photo Calendar (HKLM\...\{CA9ED5E4-1548-485B-A293-417840060158}) (Version: - ArcSoft)
    ArcSoft Print Creations - Scrapbook (HKLM\...\{B0D83FCD-9D42-43ED-8315-250326AADA02}) (Version: - ArcSoft)
    ArcSoft Print Creations - Slimline Card (HKLM\...\{007B37D9-0C45-4202-834B-DD5FAAE99D63}) (Version: - ArcSoft)
    ArcSoft Print Creations (HKLM\...\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}) (Version: 2.8.255.384 - ArcSoft)
    ArtRage Studio Pro (HKLM\...\{F4BF6344-7223-41DB-8C76-8E964335DF3C}) (Version: 3.5.4 - Ambient Design)
    Backblaze (HKLM\...\Backblaze) (Version: - Backblaze, Inc)
    California Font Manager 2.5.0 (HKLM\...\California Font Manager) (Version: 2.5.0 - California Fonts)
    Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version: - )
    Canon IJ Scan Utility (HKLM\...\Canon_IJ_Scan_Utility) (Version: - ‪Canon Inc.‬)
    Canon MG6300 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6300_series) (Version: 1.00 - Canon Inc.)
    Canon MG6300 series On-screen Manual (HKLM\...\Canon MG6300 series On-screen Manual) (Version: 7.5.0 - Canon Inc.)
    Canon MG6300 series User Registration (HKLM\...\Canon MG6300 series User Registration) (Version: - Canon Inc.‎)
    Canon My Image Garden (HKLM\...\Canon My Image Garden) (Version: 1.0.0 - Canon Inc.)
    Canon My Image Garden Design Files (HKLM\...\Canon My Image Garden Design Files) (Version: 1.0.0 - Canon Inc.)
    Canon My Printer (HKLM\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)
    Canon Quick Menu (HKLM\...\CanonQuickMenu) (Version: 2.0.0 - Canon Inc.)
    CCleaner (HKLM\...\CCleaner) (Version: 3.20 - Piriform)
    CCScore (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
    Cisco WebEx Meetings (HKLM\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
    Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Corel KPT Collection (HKLM\...\_{5ACF958F-3106-4F13-B947-FC6DF23E1A53}) (Version: 1.0.0.103 - Corel Corporation)
    Corel KPT Collection (HKLM\...\_{B16DC136-9583-4C54-BE27-F001BBC546B1}) (Version: 1.0.0.109 - Corel Corporation)
    Corel KPT Collection (HKLM\...\_{C59A783C-FF5C-40BE-843A-5458513D655B}) (Version: 1.0.0.46 - Corel Corporation)
    Corel KPT Collection (Version: 1.0.0.103 - Corel Corporation) Hidden
    Corel KPT Collection (Version: 1.0.0.109 - Corel Corporation) Hidden
    Corel KPT Collection (Version: 1.00.0000 - Corel Corporation) Hidden
    Corel KPT Collection for PSPX4 (HKLM\...\_{031338C0-4C21-4DAC-875B-26ACD7ADDF23}) (Version: - Corel Corporation)
    Corel PaintShop Pro Brush Content (Version: 1.0.0.39 - Corel Corporation) Hidden
    Corel PaintShop Pro Brush Content (Version: 1.00.0000 - Corel Corporation) Hidden
    Corel PaintShop Pro Misc Content (Version: 1.0.0.42 - Corel Corporation) Hidden
    Corel PaintShop Pro Misc Content (Version: 1.0.0.43 - Corel Corporation) Hidden
    Corel PaintShop Pro Misc Content (Version: 1.0.0.44 - Corel Corporation) Hidden
    Corel PaintShop Pro Misc Content (Version: 1.0.0.45 - Corel Corporation) Hidden
    Corel PaintShop Pro Misc Content (Version: 1.00.0000 - Corel Corporation) Hidden
    Corel PaintShop Pro Picture Frame Content (Version: 1.0.0.41 - Corel Corporation) Hidden
    Corel PaintShop Pro Picture Frame Content (Version: 1.00.0000 - Corel Corporation) Hidden
    Corel PaintShop Pro Picture Tube Content (Version: 1.0.0.40 - Corel Corporation) Hidden
    Corel PaintShop Pro Picture Tube Content (Version: 1.00.0000 - Corel Corporation) Hidden
    Corel PaintShop Pro X4 (HKLM\...\_{00580795-581C-4587-B9F2-37320D7AB37F}) (Version: 14.2.0.1 - Corel Corporation)
    Corel PaintShop Pro X4 (Version: 14.2.0.1 - Corel Corporation) Hidden
    Corel PaintShop Pro X5 (HKLM\...\_{1563C6F2-E9B5-42DE-9EA6-207C9A8C2DFB}) (Version: 15.1.0.10 - Corel Corporation)
    Corel PaintShop Pro X5 (Version: 15.3.0.8 - Corel Corporation) Hidden
    Corel PaintShop Pro X6 (HKLM\...\_{166D1CB6-DD8A-40DD-9E25-4D31D2D6DE4D}) (Version: 16.2.0.20 - Corel Corporation)
    Corel PaintShop Pro X6 (Version: 16.2.0.20 - Corel Corporation) Hidden
    Corel PaintShop Pro X7 (HKLM\...\_{176F50D6-6857-49CE-B731-65F757EE3F0D}) (Version: 17.0.0.199 - Corel Corporation)
    Corel PaintShop Pro X7 (Version: 17.0.0.199 - Corel Corporation) Hidden
    Creative Content (Version: 1.0.0.103 - Corel Corporation) Hidden
    Creative Content (Version: 1.0.0.114 - Corel Corporation) Hidden
    D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
    Delicious - Emily's Honeymoon Cruise Premium Edition (HKLM\...\2a8a3cecb1d4e2312a19d96a344ecf2a) (Version: - GameHouse)
    Driver Booster 2 (HKLM\...\Driver Booster_is1) (Version: 2.0 - IObit)
    Dropbox (HKU\S-1-5-21-1241181004-2622625590-1122715860-1000\...\Dropbox) (Version: 2.0.22 - Dropbox, Inc.)
    EPSON Copy Utility (HKLM\...\{B69CC1A5-0404-11D6-ABCB-005004C21D30}) (Version: - )
    EPSON Photo Print (HKLM\...\EPSON Photo Print) (Version: - )
    EPSON Scanner Reference Guide (HKLM\...\Silent Package Run-Time Sample) (Version: - )
    EPSON Smart Panel (HKLM\...\{6C11D561-620B-47DA-A693-4C597F3CDF40}) (Version: - )
    EPSON TWAIN 5 (HKLM\...\{254BEB3E-1085-4D66-9CDC-0152C0DC2E93}) (Version: 5.71.0000 - SEIKO EPSON Corp.)
    ESSBrwr (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
    ESSCDBK (Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden
    ESScore (Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden
    ESSgui (Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden
    ESSini (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
    ESSPCD (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
    ESSPDock (Version: 6.03.0001.0004 - EASTMAN KODAK Company) Hidden
    ESSTOOLS (Version: 5.00.0000.0004 - EASTMAN KODAK Company) Hidden
    essvatgt (Version: 8.00.0000.0001 - EASTMAN KODAK Company) Hidden
    FaceFilter Studio 2 (HKLM\...\{F59205C8-E5FB-43F5-AAB2-16C1760D4F59}) (Version: 2.0 - Reallusion)
    fflink (Version: 6.02.1001.0001 - EASTMAN KODAK Company) Hidden
    Filter Forge 3.014 (HKLM\...\Filter Forge 3_is1) (Version: - Filter Forge, Inc.)
    Filter Forge 4.011 (HKLM\...\Filter Forge 4_is1) (Version: - Filter Forge, Inc.)
    FontManagementSystem (HKLM\...\{3F2E8044-BA23-4604-AB00-BB164410964C}) (Version: 4.3.0 - Summitsoft)
    Genetica 3.6 (HKLM\...\{E7979E13-F567-4D22-A7EF-9EBD1B6A6E9C}) (Version: 3.6 - Spiral Graphics Inc.)
    Gliftex10 10, 0, 0, 1 (HKLM\...\{2D282FD8-FCCD-4BFA-9141-86DC1EED9E25}) (Version: 10, 0, 0, 1 - Ransen Software)
    GreenCloud Printer 7.4.2.1 (HKLM\...\{F36B43F0-3BE6-48BA-A22D-3C098092BB3F}_is1) (Version: 7.4.2.1 - ObviousIdea)
    Hallmark Card Studio 2014 (HKLM\...\{B9FF36AF-29F6-47EC-BE07-D3FB2CA02531}) (Version: 15.0.2.1 - Creative Home)
    Hallmark Card Studio 2014 Bonus Pack (HKLM\...\{D26A6D9D-C379-467C-993B-2453EB876D05}) (Version: 1.0.0.1 - Creative Home)
    Hallmark Card Studio 2014 Holiday Pack (HKLM\...\{2520DF70-7953-4162-AE4B-3044E13B999E}) (Version: 1.0.0.4 - Creative Home)
    Hallmark Card Studio 2015 (HKLM\...\{F2117332-1A36-4D3B-854D-A8D10735B4DF}) (Version: 16.0.0.11 - Creative Home)
    Hallmark Card Studio 2015 Bonus Pack (HKLM\...\{2C69ABC9-55B7-410E-89AB-4CBD84D8D37B}) (Version: 1.0.0.1 - Creative Home)
    ICA (Version: 14.2.0.1 - Corel Corporation) Hidden
    ICA (Version: 15.1.0.10 - Corel Corporation) Hidden
    ICA (Version: 16.1.0.48 - Corel Corporation) Hidden
    ICA (Version: 17.0.0.199 - Corel Corporation) Hidden
    Intel(R) Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3517 - Intel Corporation)
    IObit Malware Fighter (HKLM\...\IObit Malware Fighter_is1) (Version: 2.5 - IObit)
    IObit Uninstaller (HKLM\...\IObitUninstall) (Version: 4.0.4.27 - IObit)
    IPM_PSP_COM (Version: 14.2.0.1 - Corel Corporation) Hidden
    IPM_PSP_COM (Version: 15.1.0.10 - Corel Corporation) Hidden
    IPM_PSP_COM (Version: 16.1.0.48 - Corel Corporation) Hidden
    IPM_PSP_COM (Version: 17.0.0.199 - Corel Corporation) Hidden
    Jasc Animation Shop 3 (HKLM\...\{7C4196CA-CA41-4F34-9C08-7724E7705D52}) (Version: 3.11 - Jasc Software Inc)
    Jasc Paint Shop Pro 9 (HKLM\...\{F843C6A3-224D-4615-94F8-3C461BD9AEA0}) (Version: 9.01.0000 - Jasc Software Inc)
    Jasc Paint Shop Pro 9.01 Patch (HKLM\...\Jasc Paint Shop Pro 9.01 Patch) (Version: - )
    Java 7 Update 72 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217072FF}) (Version: 7.0.720 - Oracle)
    JavaFX 2.1.0 (HKLM\...\{1111706F-666A-4037-7777-210328764D10}) (Version: 2.1.0 - Oracle Corporation)
    Junk Mail filter update (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    kgcbaby (Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden
    kgchday (Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden
    kgchlwn (Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden
    kgcinvt (Version: 5.03.0000.0003 - EASTMAN KODAK Company) Hidden
    kgckids (Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden
    kgcmove (Version: 5.03.0000.0003 - EASTMAN KODAK Company) Hidden
    kgcvday (Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden
    K-Lite Codec Pack 8.8.0 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 8.8.0 - )
    Kodak EasyShare software (HKLM\...\{D32470A1-B10C-4059-BA53-CF0486F68EBC}) (Version: - Eastman Kodak Company)
    Lightroom 4.3 (HKLM\...\{3c5418ff-7dea-4a37-8c52-45c670677773}) (Version: 4.3 - Adobe Systems Incorporated)
    Livebrush (HKLM\...\com.livebrush) (Version: 1.5 - MoreMeYou)
    Livebrush (Version: 1.5 - MoreMeYou) Hidden
    Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
    McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
    McAfee SecurityCenter (HKLM\...\MSC) (Version: 12.8.992 - McAfee, Inc.)
    McAfee SiteAdvisor (HKLM\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.154 - McAfee, Inc.)
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft Expression Web 4 (HKLM\...\Web_4.0.1460.0) (Version: 4.0.1460.0 - Microsoft Corporation)
    Microsoft Office Word Viewer 2003 (HKLM\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Windows Media Video 9 VCM (HKLM\...\WMV9_VCM) (Version: - )
    Movie Maker (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Mozilla Firefox 33.1 (x86 en-US) (HKLM\...\Mozilla Firefox 33.1 (x86 en-US)) (Version: 33.1 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
    MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
    MSVCRT110 (Version: 16.4.1108.0727 - Microsoft) Hidden
    MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
    netbrdg (Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
    Nik Color Efex Pro 3.0 (HKLM\...\_{BA7B3A61-EB8C-4C70-8179-93DDA248AA49}) (Version: 1.0.0.53 - Corel Corporation)
    Nik Color Efex Pro 3.0 (Version: 1.00.0000 - Corel Corporation) Hidden
    OfotoXMI (Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden
    Online Games Manager v1.30 (HKLM\...\Online Games Manager) (Version: 1.30.14 - Real Networks, Inc.)
    OpenOffice 4.1.1 (HKLM\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
    Patternshop (HKLM\...\{F6F6E41D-01CD-4C49-9909-038E2B442E5B}) (Version: 1.5.0 - Lemci)
    PC Attorney (HKLM\...\PC Attorney) (Version: - )
    PDF Settings CC (Version: 12.0 - Adobe Systems Incorporated) Hidden
    PDF Settings CS5 (Version: 10.0 - Adobe Systems Incorporated) Hidden
    PDF Settings CS6 (Version: 11.0 - Adobe Systems Incorporated) Hidden
    Pdf995 (HKLM\...\Pdf995) (Version: - )
    PdfEdit995 (HKLM\...\PdfEdit995) (Version: - )
    Photo Common (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Photo Gallery (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Poser 10 version 10.0.3 (HKLM\...\Poser 10_is1) (Version: 10.0.3 - Smith Micro Software, Inc.)
    PoserContent2014 (HKLM\...\PoserContent2014_is1) (Version: 10.0.0 - Smith Micro Software, Inc.)
    PSPPContent (Version: 14.2.0.1 - Corel Corporation) Hidden
    PSPPContent (Version: 15.3.0.8 - Corel Corporation) Hidden
    PSPPContent (Version: 16.1.0.48 - Corel Corporation) Hidden
    PSPPContent (Version: 17.0.0.199 - Corel Corporation) Hidden
    PSPPHelp (Version: 14.2.0.1 - Corel Corporation) Hidden
    PSPPHelp (Version: 15.1.0.10 - Corel Corporation) Hidden
    PSPPHelp (Version: 16.1.0.48 - Corel Corporation) Hidden
    PSPPHelp (Version: 17.0.0.199 - Corel Corporation) Hidden
    QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
    Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.46.531.2011 - Realtek)
    Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.)
    Scan2PC (HKLM\...\{E59F8AF2-78D4-4355-B0EF-58C466C1242C}) (Version: 1.3.0.12 - Q)
    ScanToWeb (HKLM\...\{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}) (Version: - )
    ScatterShow version 1.1 (HKLM\...\{7BD9ADD8-2077-4067-A770-4A033285B697}_is1) (Version: 1.1 - Smith Micro Software, Inc.)
    Setup (Version: 14.2.0.1 - Corel Corporation) Hidden
    Setup (Version: 15.1.0.10 - Corel Corporation) Hidden
    Setup (Version: 16.1.0.48 - Corel Corporation) Hidden
    Setup (Version: 17.0.0.199 - Corel Corporation) Hidden
    SFR (Version: 8.01.0000.0001 - Eastman Kodak Company) Hidden
    Shared C Run-time for x86 (Version: 10.0.0 - McAfee) Hidden
    SHASTA (Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
    Signature995 (HKLM\...\Signature995) (Version: - )
    Sketch Drawer 1.3 (HKLM\...\Sketch Drawer_is1) (Version: 1.3 - SoftOrbits)
    skin0001 (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
    SKINXSDK (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
    Smart Defrag 3 (HKLM\...\Smart Defrag 3_is1) (Version: 3.2 - IObit)
    Smith Micro Download Manager version 1.0 (HKLM\...\{89816111-4490-46FB-B141-63EA77077A94}_is1) (Version: 1.0 - Smith Micro Software, Inc.)
    staticcr (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
    Surfing Protection (HKLM\...\IObit Surfing Protection_is1) (Version: 1.0 - IObit)
    TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
    Topaz Simplify 4 (HKLM\...\Topaz Simplify 4) (Version: 4.1.1 - Topaz Labs, LLC)
    TwistedBrush Pro Studio (HKU\S-1-5-21-1241181004-2622625590-1122715860-1000\...\TwistedBrush Pro Studio) (Version: - )
    Ultimate Creative Collection (X5) (HKLM\...\_{AE4364BD-ED09-4D94-8DA2-315C10A57CD1}) (Version: 1.0.0.50 - Corel Corporation)
    Ultimate Creative Collection (X5) (Version: 1.00.0000 - Corel Corporation) Hidden
    VPRINTOL (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
    Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
    WinZip 15.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C24011}) (Version: 15.5.9580 - WinZip Computing, S.L. )
    WIRELESS (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
    Xara Xtreme 5 (HKLM\...\MAGIX_{1C78055D-F54D-46F4-9A51-19E3CF6BB20E}) (Version: 5.1.2.17971 - Xara Group Ltd)
    Xara Xtreme 5 (Version: 5.1.2.17971 - Xara Group Ltd) Hidden
    XYplorer 11.90 (HKLM\...\XYplorer) (Version: 11.90 - Donald Lessau)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-1241181004-2622625590-1122715860-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1241181004-2622625590-1122715860-1000_Classes\CLSID\{8B0FA615-584F-40DC-85C7-78901AC6B80A}\InprocServer32 -> C:\Program Files\Xara\Xara_Xtreme_5\XaraDLLs\XarThumb.dll (Xara Group Ltd.)
    CustomCLSID: HKU\S-1-5-21-1241181004-2622625590-1122715860-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1241181004-2622625590-1122715860-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1241181004-2622625590-1122715860-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1241181004-2622625590-1122715860-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)

    ==================== Restore Points =========================

    14-11-2014 05:27:21 Windows Modules Installer
    17-11-2014 03:00:19 Windows Backup
    18-11-2014 11:18:44 Windows Update
    18-11-2014 18:09:31 Windows Modules Installer
    23-11-2014 17:35:36 Driver Booster : Adobe AIR
    24-11-2014 03:00:13 Windows Backup
    25-11-2014 14:12:09 Before New AntiVirus

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 18:04 - 2014-11-25 19:44 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 localhost

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {09BF6B99-3D89-42FB-9723-77D9FC5409F0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {0A8F8952-AD4D-4FF4-8963-CA90798E98F2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-06-22] (Piriform Ltd)
    Task: {35CCD8A4-E5F3-4DDA-9121-8409E8426F1B} - System32\Tasks\AdobeAAMUpdater-1.0-Owner-PC-Owner => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-09-19] (Adobe Systems Incorporated)
    Task: {35FB635F-4F04-4D19-8137-BE13E919A199} - \Driver Booster SkipUAC (SYSTEM) No Task File <==== ATTENTION
    Task: {5C0E9121-BC1E-4196-9C5B-BF174EDBBCE6} - System32\Tasks\SmartDefrag3_Update => C:\Program Files\IObit\Smart Defrag 3\AutoUpdate.exe [2014-07-03] (IObit)
    Task: {79AF16C3-B618-4385-AF81-D83562529AA6} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-11-23] (IObit)
    Task: {7D921767-B2E2-4BC4-8F46-3E86831FCD47} - System32\Tasks\Uninstaller_SkipUac_Owner => C:\Program Files\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-11-23] (IObit)
    Task: {943E001E-77B2-471C-BBB1-340A7892C609} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-26] (Adobe Systems Incorporated)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

    ==================== Loaded Modules (whitelisted) =============

    2012-06-09 10:15 - 2012-03-06 06:05 - 00048640 _____ () C:\Windows\System32\gcprpm.dll
    2012-06-05 06:39 - 2012-06-05 06:39 - 00036864 _____ () C:\Windows\System32\pdf995mon.dll
    2014-09-26 13:40 - 2014-09-26 13:40 - 01029280 _____ () C:\Program Files\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x86.dll
    2013-11-18 12:20 - 2014-11-25 16:09 - 00234600 _____ () C:\Program Files\Backblaze\bzserv.exe
    2006-11-02 19:40 - 2006-11-02 19:40 - 00174656 _____ () C:\Windows\system32\PSIService.exe
    2013-06-22 13:12 - 2009-07-28 07:43 - 00069632 _____ () C:\Program Files\Scan2PC\Sc2PCSvc.exe
    2014-09-28 20:01 - 2014-09-28 20:01 - 36730032 _____ () C:\Program Files\Adobe\Adobe Creative Cloud\CEF\libcef.dll
    2012-05-31 09:33 - 2011-06-09 18:36 - 00094208 _____ () C:\Windows\System32\IccLibDll.dll
    2014-09-26 13:40 - 2014-09-26 13:40 - 06237856 _____ () C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
    2014-09-28 20:01 - 2014-09-28 20:01 - 00746160 _____ () C:\Program Files\Adobe\Adobe Creative Cloud\CEF\libglesv2.dll
    2014-09-28 20:01 - 2014-09-28 20:01 - 00136368 _____ () C:\Program Files\Adobe\Adobe Creative Cloud\CEF\libegl.dll
    2014-11-10 08:29 - 2014-11-10 08:30 - 03649648 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
    2014-11-26 05:36 - 2014-11-26 05:36 - 16841392 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_239.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\ProgramData\TEMP:373E1720
    AlternateDataStreams: C:\ProgramData\TEMP:F8B88761

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)

    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Event Planner Reminder.lnk => C:\Windows\pss\Event Planner Reminder.lnk.CommonStartup
    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk => C:\Windows\pss\Kodak EasyShare software.lnk.CommonStartup
    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Scan2PC.lnk => C:\Windows\pss\Scan2PC.lnk.CommonStartup
    MSCONFIG\startupfolder: C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
    MSCONFIG\startupfolder: C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PowerReg SchedulerV2.exe => C:\Windows\pss\PowerReg SchedulerV2.exe.Startup
    MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
    MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
    MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    MSCONFIG\startupreg: AdobeCS5.5ServiceManager => "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
    MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
    MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    MSCONFIG\startupreg: ArcSoft Connection Service => C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    MSCONFIG\startupreg: Backblaze => "C:\Program Files\Backblaze\bzbui.exe" -quiet
    MSCONFIG\startupreg: California Fonts Loader => "C:\Program Files\California Font Manager\CaliforniaFonts.exe" /scanfolder
    MSCONFIG\startupreg: CanonQuickMenu => C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE /logon
    MSCONFIG\startupreg: HotKeysCmds => "C:\Windows\system32\hkcmd.exe"
    MSCONFIG\startupreg: IgfxTray => "C:\Windows\system32\igfxtray.exe"
    MSCONFIG\startupreg: IObit Malware Fighter => "C:\Program Files\IObit\IObit Malware Fighter\IMF.exe" /autostart
    MSCONFIG\startupreg: mcpltui_exe => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    MSCONFIG\startupreg: mcui_exe => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    MSCONFIG\startupreg: Persistence => "C:\Windows\system32\igfxpers.exe"
    MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
    MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    MSCONFIG\startupreg: SwitchBoard => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    MSCONFIG\startupreg: vProt => "C:\Program Files\AVG Secure Search\vprot.exe"

    ========================= Accounts: ==========================

    Administrator (S-1-5-21-1241181004-2622625590-1122715860-500 - Administrator - Disabled)
    Guest (S-1-5-21-1241181004-2622625590-1122715860-501 - Limited - Disabled)
    Owner (S-1-5-21-1241181004-2622625590-1122715860-1000 - Administrator - Enabled) => C:\Users\Owner

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (11/26/2014 06:37:48 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


    System errors:
    =============
    Error: (11/26/2014 08:51:11 AM) (Source: DCOM) (EventID: 10010) (User: )
    Description: {209500FC-6B45-4693-8871-6296C4843751}


    Microsoft Office Sessions:
    =========================
    Error: (11/26/2014 06:37:48 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


    CodeIntegrity Errors:
    ===================================
    Date: 2013-11-04 09:09:09.115
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\Mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

    Date: 2013-11-04 09:09:09.113
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\Mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

    Date: 2013-09-24 05:53:18.010
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\Mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

    Date: 2013-09-24 05:53:18.008
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\Mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

    Date: 2013-09-23 06:29:56.762
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\Mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

    Date: 2013-09-23 06:29:56.757
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\Mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

    Date: 2013-09-20 05:27:17.106
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\Mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

    Date: 2013-09-20 05:27:17.103
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\Mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

    Date: 2013-09-15 05:45:27.114
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\Mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

    Date: 2013-09-15 05:45:27.097
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\Mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: Intel(R) Pentium(R) CPU G850 @ 2.90GHz
    Percentage of memory in use: 44%
    Total physical RAM: 3503.3 MB
    Available physical RAM: 1941.26 MB
    Total Pagefile: 7004.9 MB
    Available Pagefile: 4979.84 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1899.79 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:465.66 GB) (Free:325.37 GB) NTFS
    Drive e: (Lacie) (Fixed) (Total:931.51 GB) (Free:363.96 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: B71899DD)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: E939140F)
    Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================

  13. #13
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
    Attached Files Attached Files

  14. #14
    Join Date
    Nov 2014
    Posts
    17
    Good grief, you're fast. Attached is the log you requested. Thank you.

    Fixlog.txt

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 26-11-2014 01
    Ran by Owner at 2014-11-26 18:25:21 Run:1
    Running from C:\Users\Owner\Desktop
    Loaded Profile: Owner (Available profiles: Owner)
    Boot Mode: Normal

    ==============================================

    Content of fixlist:
    *****************
    HKU\S-1-5-18\...\Run: [Advanced SystemCare 7] => "C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto
    C:\Program Files\IObit\Advanced SystemCare 7
    HKU\S-1-5-21-1241181004-2622625590-1122715860-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    SearchScopes: HKLM -> DefaultScope {3774A2CA-97AE-4487-9287-92DC850D862D} URL =
    BHO: Advanced SystemCare Browser Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
    C:\Program Files\IObit\Surfing Protection
    Toolbar: HKLM - No Name - {30CEEEA2-3742-40e4-85DD-812BF1CBB83D} - No File
    FF Extension: No Name - web2pdfextension@web2pdf.adobedotcom [Not Found]
    S3 catchme; \??\C:\Users\Owner\AppData\Local\Temp\catchme.sys [X]
    S3 gdrv; No ImagePath
    C:\Users\Owner\AppData\Local\Temp\Quarantine.exe
    C:\Users\Owner\AppData\Local\Temp\sqlite3.dll
    Task: {35FB635F-4F04-4D19-8137-BE13E919A199} - \Driver Booster SkipUAC (SYSTEM) No Task File <==== ATTENTION
    AlternateDataStreams: C:\ProgramData\TEMP:373E1720
    AlternateDataStreams: C:\ProgramData\TEMP:F8B88761

    *****************

    HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\Advanced SystemCare 7 => value deleted successfully.
    "C:\Program Files\IObit\Advanced SystemCare 7" => File/Directory not found.
    "HKU\S-1-5-21-1241181004-2622625590-1122715860-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
    "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}" => Key deleted successfully.
    "HKCR\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}" => Key deleted successfully.
    C:\Program Files\IObit\Surfing Protection => Moved successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{30CEEEA2-3742-40e4-85DD-812BF1CBB83D} => value deleted successfully.
    "HKCR\CLSID\{30CEEEA2-3742-40e4-85DD-812BF1CBB83D}" => Key not found.
    FF Extension: No Name - web2pdfextension@web2pdf.adobedotcom [Not Found] => not found.
    catchme => Service deleted successfully.
    gdrv => Service deleted successfully.
    C:\Users\Owner\AppData\Local\Temp\Quarantine.exe => Moved successfully.
    C:\Users\Owner\AppData\Local\Temp\sqlite3.dll => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{35FB635F-4F04-4D19-8137-BE13E919A199}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{35FB635F-4F04-4D19-8137-BE13E919A199}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster SkipUAC (SYSTEM)" => Key deleted successfully.
    C:\ProgramData\TEMP => ":373E1720" ADS removed successfully.
    C:\ProgramData\TEMP => ":F8B88761" ADS removed successfully.

    ==== End of Fixlog ====

  15. #15
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Good

    Last scans...

    Download Security Check from here or here and save it to your Desktop.

    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
    NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


    Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:

      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
      • Other Services

    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.



    Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.



    Download Sophos Free Virus Removal Tool and save it to your desktop.

    • Double click the icon and select Run
    • Click Next
    • Select I accept the terms in this license agreement, then click Next twice
    • Click Install
    • Click Finish to launch the program
    • Once the virus database has been updated click Start Scanning
    • If any threats are found click Details, then View log file... (bottom left hand corner)
    • Copy and paste the results in your reply
    • Close the Notepad document, close the Threat Details screen, then click Start cleanup
    • Click Exit to close the program

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •