November 24th, 2014, 01:42 AM
#1
[RESOLVED] Blocked from using website because of "excessive usage"
For several years I have had a subscription to a website which I am now blocked from because my computer has been apparently attacking the website without my knowledge. As the web owner puts it: As i have had issues for the last few months with “excessive resource usage” on the site, which often results in 500 error, my host has been checking further into why there was that amount of usage and the identified that one IP has been “hammering” the Campus site with over 9000 “attacks”. Well, that IP was actually yours, which i didn’t know until your mentioned this problem and ... identified that your IP was in the list of blocked ones. The web owner and her programmer have tried to help me identify what on my computer would be causing this problem and finally referred me here. I have Windows 7, cable connection, Intel(R) Pentium(R) CPU G850 @ 2.90GHz, system memory 4.00 GB RAM, 32-bit operating system. I have scanned for viruses with McAfee and IOrbit Malware but neither turned up anything, though Malwarebytes did (see below). I am not well versed on technology so I am afraid I am clueless about what to do next. I tried to post this message earlier but it apparently did not go through. If the original message is waiting to be approved, please ignore this one. Any help you can provide wold be most appreciated. Dianne
The log reports are as follows:
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 11/23/2014
Scan Time: 12:41:32 PM
Logfile: 112314Malwarebytes.txt
Administrator: Yes
Version: 2.00.3.1025
Malware Database: v2014.11.23.09
Rootkit Database: v2014.11.22.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Owner
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 329247
Time Elapsed: 17 min, 45 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 15
PUP.Optional.ValueApps.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{93DBF2BB-A2B3-4683-A92E-57E60751F346}, Quarantined, [290cee5149334aec8bd43291a161fc04],
PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, Quarantined, [43f277c899e33df9a997318d9a680af6],
PUP.Optional.Spigot, HKU\S-1-5-21-1241181004-2622625590-1122715860-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Search Protection, Quarantined, [37fe51eeed8fdf577c3b2b8ac43dcf31],
PUP.Optional.DomaIQ, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\DMUninstaller, Quarantined, [c471142ba8d493a3938a5ab534d155ab],
PUP.Optional.DomaIQ.A, HKLM\SOFTWARE\DomaIQ, Quarantined, [a19464dbdba1082ee14407755ea58d73],
PUP.Optional.Spigot.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\hbcennhacfaagdopikcegfcobcadeocj, Quarantined, [c57038078fedc86ed2008ed418ebc53b],
PUP.Optional.Spigot.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\icdlfehblmklkikfigmjhbmmpmkmpooj, Quarantined, [0134fd424e2e2d09488b045ec43fc937],
PUP.Optional.Spigot.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\mhkaekfpcppmmioggniknbnbdbcigpkk, Quarantined, [af860738cab2b68012c23e24778c9070],
PUP.Optional.Spigot.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pfndaklgolladniicklehhancnlgocpp, Quarantined, [b08508376c108ea8f2e35012857e1fe1],
PUP.Optional.RegCleanPro.A, HKLM\SOFTWARE\SYSTWEAK\RegClean Pro, Quarantined, [8da8cc736b11c175e1ff4112699a0000],
PUP.Optional.Conduit.A, HKU\S-1-5-21-1241181004-2622625590-1122715860-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\ConduitSearchScopes, Quarantined, [0431a699304c6dc91e51e853e02330d0],
PUP.Optional.MyEmoticons.A, HKU\S-1-5-21-1241181004-2622625590-1122715860-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Search Protection, Quarantined, [2411dc63a4d88da9b96c561f12f1738d],
PUP.Optional.Spigot.A, HKU\S-1-5-21-1241181004-2622625590-1122715860-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Search Settings, Quarantined, [39fc81be58245adcb1be6c4353b1db25],
PUP.Optional.Conduit.A, HKU\S-1-5-21-1241181004-2622625590-1122715860-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\CONDUIT\FF, Quarantined, [122392adde9e80b63ea780143fc50af6],
PUP.Optional.ValueApps.A, HKU\S-1-5-21-1241181004-2622625590-1122715860-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\CONDUIT\ValueApps, Quarantined, [dc598bb4a8d4f2447f35ec8dfd0603fd],
Registry Values: 0
(No malicious items detected)
Registry Data: 1
PUP.Optional.Conduit, HKU\S-1-5-21-1241181004-2622625590-1122715860-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://search.conduit.com?SearchSour...ctid=CT3310511 , Good: (www.google.com ), Bad: (http://search.conduit.com?SearchSour...0511),Replaced ,[3302330cd6a6b284ef5796bca75ea15f]
Folders: 17
PUP.Optional.Conduit.A, C:\Users\Owner\AppData\Local\Temp\ct3310511, Quarantined, [c471ff4094e8e6508426b6550bf828d8],
PUP.Optional.Conduit.A, C:\Users\Owner\AppData\Local\Temp\ct3310511\xpi, Quarantined, [c471ff4094e8e6508426b6550bf828d8],
PUP.Optional.Conduit.A, C:\Users\Owner\AppData\Local\Temp\ct3310511\xpi\defaults, Quarantined, [c471ff4094e8e6508426b6550bf828d8],
PUP.Optional.Conduit.A, C:\Users\Owner\AppData\Local\Temp\ct3310511\xpi\defaults\preferences, Quarantined, [c471ff4094e8e6508426b6550bf828d8],
PUP.Optional.Conduit.A, C:\Users\Owner\AppData\Local\Temp\ct3311333, Quarantined, [221339067705e155dad0a76442c12bd5],
PUP.Optional.Conduit.A, C:\ProgramData\Conduit\IE, Quarantined, [0b2a122d027a0531f1cd818a3cc72dd3],
PUP.Optional.Conduit.A, C:\ProgramData\Conduit\IE\CT3310511, Quarantined, [0b2a122d027a0531f1cd818a3cc72dd3],
PUP.Optional.NextLive.A, C:\Users\Owner\AppData\Roaming\newnext.me, Quarantined, [62d3fe413f3d072f884de9231be88779],
PUP.Optional.NextLive.A, C:\Users\Owner\AppData\Roaming\newnext.me\cache, Quarantined, [62d3fe413f3d072f884de9231be88779],
PUP.Optional.ValueAppsplugin.A, C:\Program Files\Conduit\ValueApps, Quarantined, [73c20936c4b8d165bd55709d946f50b0],
PUP.Optional.ValueAppsplugin.A, C:\Program Files\Conduit\ValueApps\IE, Quarantined, [73c20936c4b8d165bd55709d946f50b0],
PUP.Optional.ValueAppsplugin.A, C:\Users\Owner\AppData\Local\Conduit\ValueApps, Quarantined, [a88df34c80fc3cfa948046c7b94a5aa6],
PUP.Optional.Conduit.A, C:\Users\Owner\AppData\Local\Temp\mam-ct3319214, Quarantined, [de57cf70f88434023d1d8c85d92a728e],
PUP.Optional.SearchProtect.A, C:\Users\Owner\AppData\Local\SearchProtect, Quarantined, [2015152a03797eb8d4e3dc44db28eb15],
PUP.Optional.SearchProtect.A, C:\Users\Owner\AppData\Local\SearchProtect\Logs, Quarantined, [2015152a03797eb8d4e3dc44db28eb15],
PUP.Optional.Spigot.A, C:\Program Files\Common Files\Spigot, Quarantined, [a19488b7e7950a2cea1d55dc937043bd],
PUP.Optional.Spigot.A, C:\Program Files\Common Files\Spigot\GC, Quarantined, [a19488b7e7950a2cea1d55dc937043bd],
Files: 18
PUP.Optional.Spigot, C:\Users\Owner\AppData\Roaming\Search Protection\Uninstall.exe, Quarantined, [37fe51eeed8fdf577c3b2b8ac43dcf31],
PUP.Optional.DomaIQ, C:\Program Files\Uninstaller\Uninstall.exe, Quarantined, [c471142ba8d493a3938a5ab534d155ab],
PUP.Optional.AirInstaller, C:\Users\Owner\Downloads\Setup.exe, Quarantined, [6dc8d8673943ce689c1b2303a859a858],
PUP.Optional.OpenCandy, C:\Users\Owner\Downloads\californiafontssetup.exe, Quarantined, [84b142fde79548ee8e4fdb9de3221ae6],
PUP.Optional.Bandoo, C:\Users\Owner\Downloads\iLividSetup.exe, Quarantined, [68cda39ca1db41f5c99ba67e37ca837d],
PUP.Optional.OpenCandy, C:\Users\Owner\Downloads\winzip155.exe, Quarantined, [a98cfa451a62330304d913655aab768a],
PUP.Optional.Astromenda.A, C:\Windows\System32\Tasks\WSE_Astromenda, Quarantined, [9c990639d3a9af874301023a8f745ba5],
PUP.Optional.Conduit.A, C:\ProgramData\Conduit\IE\CT3310511\UninstallerUI.exe, Quarantined, [0b2a122d027a0531f1cd818a3cc72dd3],
PUP.Optional.NextLive.A, C:\Users\Owner\AppData\Roaming\newnext.me\nengine.cookie, Quarantined, [62d3fe413f3d072f884de9231be88779],
PUP.Optional.NextLive.A, C:\Users\Owner\AppData\Roaming\newnext.me\cache\spark.bin, Quarantined, [62d3fe413f3d072f884de9231be88779],
PUP.Optional.ValueAppsplugin.A, C:\Program Files\Conduit\ValueApps\IE\tmpresp.tmp, Quarantined, [73c20936c4b8d165bd55709d946f50b0],
PUP.Optional.Spigot.A, C:\Program Files\Common Files\Spigot\GC\coupons_2.4.crx, Quarantined, [a19488b7e7950a2cea1d55dc937043bd],
PUP.Optional.Spigot.A, C:\Program Files\Common Files\Spigot\GC\errorassistant_1.1.crx, Quarantined, [a19488b7e7950a2cea1d55dc937043bd],
PUP.Optional.Spigot.A, C:\Program Files\Common Files\Spigot\GC\ErrorAssistant_1.2.crx, Quarantined, [a19488b7e7950a2cea1d55dc937043bd],
PUP.Optional.Spigot.A, C:\Program Files\Common Files\Spigot\GC\ErrorAssistant_1.3.crx, Quarantined, [a19488b7e7950a2cea1d55dc937043bd],
PUP.Optional.Spigot.A, C:\Program Files\Common Files\Spigot\GC\saamazon_1.0.crx, Quarantined, [a19488b7e7950a2cea1d55dc937043bd],
PUP.Optional.Spigot.A, C:\Program Files\Common Files\Spigot\GC\saebay_1.0.crx, Quarantined, [a19488b7e7950a2cea1d55dc937043bd],
PUP.Optional.Spigot.A, C:\Program Files\Common Files\Spigot\GC\saebay_1.1.crx, Quarantined, [a19488b7e7950a2cea1d55dc937043bd],
Physical Sectors: 0
(No malicious items detected)
(end)
-----------------------
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 5/31/2012 10:19:09 AM
System Uptime: 11/23/2014 1:04:15 PM (0 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | H61M-DS2 REV 1.2
Processor: Intel(R) Pentium(R) CPU G850 @ 2.90GHz | Socket 1155 | 2900/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 326.359 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 932 GiB total, 328.89 GiB free.
F: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP359: 11/9/2014 7:00:32 PM - Windows Backup
RP360: 11/13/2014 9:27:21 PM - Windows Modules Installer
RP361: 11/16/2014 7:00:19 PM - Windows Backup
RP362: 11/18/2014 3:18:44 AM - Windows Update
RP363: 11/18/2014 10:09:31 AM - Windows Modules Installer
RP365: 11/23/2014 9:35:36 AM - Driver Booster : Adobe AIR
.
==== Installed Programs ======================
.
3DTextStudio
abrMate version 1.0
Adobe Acrobat XI Pro
Adobe AIR
Adobe Bridge CC
Adobe Creative Cloud
Adobe Edge Reflow CC Preview
Adobe Exchange Panel
Adobe Extension Manager CC
Adobe Flash Player 15 ActiveX
Adobe Flash Player 15 Plugin
Adobe Help Manager
Adobe Illustrator CC 2014 (32 Bit)
Adobe Illustrator CS6
Adobe InDesign CC 2014 (32-bit)
Adobe InDesign CS6
Adobe Muse
Adobe Photoshop CC
Adobe Photoshop CC 2014 (32 Bit)
Adobe Photoshop CS5.1
Adobe Photoshop CS6
Adobe Photoshop Lightroom 4.4
Adobe Photoshop Lightroom 5.7
Adobe Reader XI
Adobe® Content Viewer
Advanced SystemCare 7
Alien Skin Eye Candy 5 Impact
Alien Skin Eye Candy 5 Nature
Alien Skin Eye Candy 5 Textures
Alien Skin Image Doctor
Alien Skin Splat!
AllMyNotes Organizer
Amazon Kindle
Apple Application Support
Apple Software Update
ArcSoft PhotoImpression
ArcSoft Print Creations
ArcSoft Print Creations - Album Page
ArcSoft Print Creations - Funhouse
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Photo Calendar
ArcSoft Print Creations - Scrapbook
ArcSoft Print Creations - Slimline Card
ArtRage Studio Pro
AVG Security Toolbar
Backblaze
California Font Manager 2.5.0
Canon Easy-WebPrint EX
Canon IJ Scan Utility
Canon MG6300 series MP Drivers
Canon MG6300 series On-screen Manual
Canon MG6300 series User Registration
Canon My Image Garden
Canon My Image Garden Design Files
Canon My Printer
Canon Quick Menu
CCleaner
CCScore
Cisco WebEx Meetings
Compatibility Pack for the 2007 Office system
Corel KPT Collection
Corel KPT Collection for PSPX4
Corel PaintShop Pro Brush Content
Corel PaintShop Pro Misc Content
Corel PaintShop Pro Picture Frame Content
Corel PaintShop Pro Picture Tube Content
Corel PaintShop Pro X4
Corel PaintShop Pro X5
Corel PaintShop Pro X6
Corel PaintShop Pro X7
Corel PaintShop Pro X7
Coupon Printer for Windows
Creative Content
D3DX10
Delicious - Emily's Honeymoon Cruise Premium Edition
Driver Booster 2
Dropbox
EPSON Copy Utility
EPSON Photo Print
EPSON Scanner Reference Guide
EPSON Smart Panel
EPSON TWAIN 5
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSTOOLS
essvatgt
FaceFilter Studio 2
fflink
Filter Forge 3.014
Filter Forge 4.011
FontManagementSystem
Genetica 3.6
Gliftex10 10, 0, 0, 1
GreenCloud Printer 7.4.2.1
Hallmark Card Studio 2014
Hallmark Card Studio 2014 Bonus Pack
Hallmark Card Studio 2014 Holiday Pack
Hallmark Card Studio 2015
Hallmark Card Studio 2015 Bonus Pack
ICA
Intel(R) Management Engine Components
Intel(R) Processor Graphics
IObit Malware Fighter
IObit Uninstaller
IPM_PSP_COM
Jasc Animation Shop 3
Jasc Paint Shop Pro 9
Jasc Paint Shop Pro 9.01 Patch
Java 7 Update 72
Java Auto Updater
JavaFX 2.1.0
Junk Mail filter update
K-Lite Codec Pack 8.8.0 (Full)
kgcbaby
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kodak EasyShare software
Lightroom 4.3
Livebrush
Malwarebytes Anti-Malware version 2.0.3.1025
McAfee Security Scan Plus
McAfee SecurityCenter
McAfee SiteAdvisor
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Expression Web 4
Microsoft Office Word Viewer 2003
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
Microsoft Windows Media Video 9 VCM
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Movie Maker
Mozilla Firefox 33.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT110
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
netbrdg
Nik Color Efex Pro 3.0
Norton Safe Web Lite
OfotoXMI
Online Games Manager v1.30
OpenOffice 4.1.1
Patternshop
PC Attorney
PDF Settings CC
PDF Settings CS5
PDF Settings CS6
Pdf995
PdfEdit995
Photo Common
Photo Gallery
Poser 10 version 10.0.3
PoserContent2014
PSPPContent
PSPPHelp
QuickTime 7
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Scan2PC
ScanToWeb
ScatterShow version 1.1
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft .NET Framework 4.5.1 (KB2978128)
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
Setup
SFR
Shared C Run-time for x86
SHASTA
Signature995
Sketch Drawer 1.3
skin0001
SKINXSDK
Smart Defrag 3
Smith Micro Download Manager version 1.0
staticcr
Surfing Protection
TeamViewer 9
Topaz Simplify 4
TwistedBrush Pro Studio
Ultimate Creative Collection (X5)
VPRINTOL
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinZip 15.5
WIRELESS
Xara Xtreme 5
XYplorer 11.90
.
==== Event Viewer Messages From Past Week ========
.
11/23/2014 6:06:59 AM, Error: Service Control Manager [7034] - The LiveUpdate service terminated unexpectedly. It has done this 1 time(s).
11/23/2014 1:08:02 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
11/22/2014 4:24:38 PM, Error: Service Control Manager [7022] - The Intel(R) Management and Security Application User Notification Service service hung on starting.
11/19/2014 5:32:29 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
11/19/2014 5:32:29 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolume2.
11/16/2014 5:50:04 AM, Error: volmgr [46] - Crash dump initialization failed!
.
==== End Of File ===========================
--------------------------
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.17420 BrowserJavaVersion: 10.72.2
Run by Owner at 13:23:43 on 2014-11-23
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3503.1260 [GMT -8:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe
C:\Windows\VPDAgent.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Backblaze\bzserv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\IntelCpHeciSvc.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files\IObit\Advanced SystemCare 7\Monitor.exe
C:\Program Files\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Online Games Manager\ogmservice.exe
C:\Windows\system32\PSIService.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Scan2PC\Sc2PCSvc.exe
C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
C:\Windows\system32\conhost.exe
C:\Program Files\McAfee\MSC\McAPExe.exe
C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\IObit\IObit Uninstaller\UninstallMonitor.exe
C:\Program Files\IObit\Advanced SystemCare 7\RealTimeProtector.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
C:\Program Files\Creative Home\Hallmark Card Studio 2015\Planner\PLNRnote.exe
C:\Program Files\IObit\IObit Malware Fighter\IMF.exe
C:\Program Files\Backblaze\bzfilelist.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
C:\Program Files\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
C:\Program Files\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
C:\Program Files\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\prevhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\RunDll32.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k SDRSVC
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&CUI=UN42947427976486298&UM=2&ctid=CT3310511
mStart Page = about :blank
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.8.150\McAfeeMSS_IE.dll
BHO: ExplorerWnd Helper: {10921475-03CE-4E04-90CE-E2E7EF20C814} - c:\program files\iobit\iobit uninstaller\UninstallExplorer32.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\18.1.9.799\AVG Secure Search_toolbar.dll
BHO: Ads Removal: {9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} - c:\program files\iobit\iobit malware fighter\adsremoval\ie\Adblock.dll
BHO: Adobe Acrobat Create PDF Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - c:\program files\iobit\surfing protection\browerprotect\ASCPlugin_Protection.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: Norton Safe Web Lite BHO: {F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3} - c:\program files\norton safe web lite\engine\2.0.0.16\CoIEPlg.dll
BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\18.1.9.799\AVG Secure Search_toolbar.dll
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll
TB: Norton Safe Web Lite: {30CEEEA2-3742-40e4-85DD-812BF1CBB83D} - c:\program files\norton safe web lite\engine\2.0.0.16\CoIEPlg.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
uRun: [California Fonts Loader] "c:\program files\california font manager\CaliforniaFonts.exe" /scanfolder
mRun: [mcpltui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 11.0\acrobat\Acrotray.exe"
mRun: [Adobe Creative Cloud] "c:\program files\adobe\adobe creative cloud\acc\Creative Cloud.exe" --showwindow=false --onOSstartup=true
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [IgfxTray] "c:\windows\system32\igfxtray.exe"
mRun: [HotKeysCmds] "c:\windows\system32\hkcmd.exe"
mRun: [Persistence] "c:\windows\system32\igfxpers.exe"
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [IObit Malware Fighter] "c:\program files\iobit\iobit malware fighter\IMF.exe" /autostart
mRunOnce: [RAInstaller c:\program files\realarcade\installer\commonresources\gamehouse\gamehouse_] cmd.exe /c "rmdir /s /q "c:\program files\realarcade\installer\commonresources\gamehouse\gamehouse_""
dRun: [Advanced SystemCare 7] "c:\program files\iobit\advanced systemcare 7\ASCTray.exe" /Auto
dRun: [Backblaze] "c:\program files\backblaze\bzbui.exe" -quiet
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\eventp~1.lnk - c:\program files\creative home\hallmark card studio 2015\planner\PLNRnote.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{0841394A-6C4A-4D06-B8A9-908F53338C1A} : DHCPNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\program files\mcafee\msc\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\18.1.9\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\am53b3xu.default-1411387983416\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://ww2.cox.com/myconnection/sandiego/home.cox
FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll
FF - plugin: c:\program files\adobe\acrobat 11.0\acrobat\air\nppdf32.dll
FF - plugin: c:\program files\adobe\adobe creative cloud\utils\npAdobeAAMDetect32.dll
FF - plugin: c:\program files\adobe\adobe creative cloud\utils\npAdobeAAMDetect64.dll
FF - plugin: c:\program files\adobe\adobe extension manager cs6\npAdobeExManDetectX86.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\canon\my image garden\addon\cig\npmigfpi.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\browser\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\owner\appdata\roaming\mozilla\plugins\npatgpc.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_15_0_0_223.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2012-7-17 576048]
R0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-7-17 217224]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2014-1-28 18624]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-9-22 42784]
R1 ccSet_NST;Norton Safe Web Lite Settings Manager;c:\windows\system32\drivers\nst\0200000.010\ccSetx86.sys [2013-1-19 132744]
R2 AdvancedSystemCareService7;Advanced SystemCare Service 7;c:\program files\iobit\advanced systemcare 7\ASCService.exe [2013-11-24 893216]
R2 Agent;VPDAgent;c:\windows\VPDAgent.exe [2012-6-9 192512]
R2 bzserv;Backblaze Service;c:\program files\backblaze\bzserv.exe [2013-11-18 234600]
R2 HomeNetSvc;McAfee Home Network;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-11-5 281560]
R2 IMFservice;IMF Service;c:\program files\iobit\iobit malware fighter\IMFsrv.exe [2014-3-6 344896]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2013-1-19 167784]
R2 McAPExe;McAfee AP Service;c:\program files\mcafee\msc\McAPExe.exe [2013-11-5 145568]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-11-5 281560]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-11-5 281560]
R2 mcpltsvc;McAfee Platform Services;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-11-5 281560]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-11-5 281560]
R2 mfecore;McAfee Anti-Malware Core;c:\program files\common files\mcafee\amcore\mcshield.exe [2013-11-6 655936]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2013-1-19 169800]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2013-1-19 179600]
R2 NSL;Norton Safe Web Lite;c:\program files\norton safe web lite\engine\2.0.0.16\ccSvcHst.exe [2013-1-19 138760]
R2 ogmservice;Online Games Manager;c:\program files\online games manager\ogmservice.exe [2014-3-27 581568]
R2 Scan2PC;Scan2PC;c:\program files\scan2pc\Sc2PCSvc.exe [2013-6-22 69632]
R2 TeamViewer9;TeamViewer 9;c:\program files\teamviewer\version9\TeamViewer_Service.exe [2014-11-23 4799760]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files\intel\intel(r) management engine components\uns\UNS.exe [2012-5-31 2655768]
R2 vToolbarUpdater18.1.9;vToolbarUpdater18.1.9;c:\program files\common files\avg secure search\vtoolbarupdater\18.1.9\ToolbarUpdater.exe [2014-8-11 1820184]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2013-1-19 62832]
R3 FileMonitor;FileMonitor;c:\program files\iobit\iobit malware fighter\drivers\win7_x86\FileMonitor.sys [2014-11-23 21480]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files\intel\intel(r) integrated clock controller service\ICCProxy.exe [2013-11-18 169752]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-11-23 114904]
R3 MEI;Intel(R) Management Engine Interface ;c:\windows\system32\drivers\TeeDriver.sys [2014-11-23 86488]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2013-1-19 238176]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2013-1-19 369248]
R3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\drivers\mfencbdc.sys [2014-8-20 350240]
R3 RegFilter;RegFilter;c:\program files\iobit\iobit malware fighter\drivers\win7_x86\RegFilter.sys [2014-11-23 32288]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2014-11-23 719064]
R3 UrlFilter;UrlFilter;c:\program files\iobit\iobit malware fighter\drivers\win7_x86\UrlFilter.sys [2014-11-23 20944]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 LiveUpdateSvc;LiveUpdate;c:\program files\iobit\liveupdate\LiveUpdate.exe [2013-11-24 2283296]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2014-4-16 147912]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-11-13 102912]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.8.150\McCHSvc.exe [2014-4-9 235696]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2013-1-19 67816]
S3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\drivers\mfencrk.sys [2014-8-20 81296]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-6-19 14848]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-6-19 49664]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2013-6-19 27136]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-5-31 1343400]
.
=============== Created Last 30 ================
.
2014-11-23 20:40:51 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-11-23 20:40:23 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-11-23 20:40:23 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-11-23 20:40:23 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-11-23 20:40:23 -------- d-----w- c:\programdata\Malwarebytes
2014-11-23 20:40:23 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-11-23 17:43:54 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-11-23 17:41:52 1892056 ----a-w- c:\windows\system32\RTSndMgr.cpl
2014-11-23 17:41:50 3086040 ----a-w- c:\windows\system32\drivers\RTKVHDA.sys
2014-11-23 17:41:50 2566872 ----a-w- c:\windows\system32\RtkPgExt.dll
2014-11-23 17:41:49 916696 ----a-w- c:\windows\system32\RtkCoInstII.dll
2014-11-23 17:41:48 782040 ----a-w- c:\windows\system32\RtkApoApi.dll
2014-11-23 17:41:44 1099203 ----a-w- c:\windows\system32\drivers\RTAIODAT.DAT
2014-11-23 17:41:43 2474200 ----a-w- c:\windows\system32\RltkAPO.dll
2014-11-23 17:41:26 900696 ----a-w- c:\windows\system32\MaxxAudioAPOShell.dll
2014-11-23 17:41:26 1940056 ----a-w- c:\windows\system32\MaxxAudioEQ.dll
2014-11-23 17:41:04 86488 ----a-w- c:\windows\system32\drivers\TeeDriver.sys
2014-11-23 17:36:52 76872 ----a-w- c:\windows\system32\RtNicProp32.dll
2014-11-23 17:36:52 719064 ----a-w- c:\windows\system32\drivers\Rt86win7.sys
2014-11-23 15:40:01 -------- d-----w- c:\program files\TeamViewer
2014-11-23 01:53:09 -------- d-sh--w- c:\users\owner\appdata\local\EmieBrowserModeList
2014-11-21 02:54:13 163504 ----a-w- c:\programdata\microsoft\windows\sqm\manifest\Sqm10145.bin
2014-11-18 18:10:40 550912 ----a-w- c:\windows\system32\kerberos.dll
2014-11-18 18:10:40 186880 ----a-w- c:\windows\system32\pku2u.dll
2014-11-14 05:31:45 2363904 ----a-w- c:\windows\system32\msi.dll
2014-11-14 05:31:31 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-11-14 05:31:31 1237504 ----a-w- c:\windows\system32\msxml3.dll
2014-11-14 05:31:13 681984 ----a-w- c:\windows\system32\adtschema.dll
2014-11-14 05:31:13 523776 ----a-w- c:\windows\system32\termsrv.dll
2014-11-14 05:31:13 146432 ----a-w- c:\windows\system32\msaudite.dll
2014-11-14 05:31:13 136632 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-11-14 05:31:13 1059840 ----a-w- c:\windows\system32\lsasrv.dll
2014-11-14 05:30:46 2379264 ----a-w- c:\windows\system32\win32k.sys
2014-11-14 05:30:33 67584 ----a-w- c:\windows\system32\packager.dll
2014-11-14 05:30:22 571904 ----a-w- c:\windows\system32\oleaut32.dll
2014-11-14 05:30:12 475136 ----a-w- c:\windows\system32\audiosrv.dll
2014-11-14 05:30:12 442880 ----a-w- c:\windows\system32\AUDIOKSE.dll
2014-11-14 05:30:12 374784 ----a-w- c:\windows\system32\AudioEng.dll
2014-11-14 05:30:12 275968 ----a-w- c:\windows\system32\EncDump.dll
2014-11-14 05:30:12 195584 ----a-w- c:\windows\system32\AudioSes.dll
2014-11-14 05:28:50 701440 ----a-w- c:\windows\system32\IMJP10K.DLL
2014-11-14 05:28:29 65536 ----a-w- c:\windows\system32\TSpkg.dll
2014-11-14 05:28:29 259584 ----a-w- c:\windows\system32\msv1_0.dll
2014-11-14 05:28:29 248832 ----a-w- c:\windows\system32\schannel.dll
2014-11-14 05:28:29 221184 ----a-w- c:\windows\system32\ncrypt.dll
2014-11-14 05:28:29 17408 ----a-w- c:\windows\system32\credssp.dll
2014-11-14 05:28:29 172032 ----a-w- c:\windows\system32\wdigest.dll
2014-11-14 05:21:58 302592 ----a-w- c:\windows\system32\aeinv.dll
2014-11-14 05:21:58 254464 ----a-w- c:\windows\system32\generaltel.dll
2014-11-14 05:21:58 203776 ----a-w- c:\windows\system32\aepdu.dll
2014-11-08 17:09:00 -------- d-----w- c:\programdata\Smith Micro
2014-11-08 17:08:53 -------- d-----w- c:\users\owner\appdata\roaming\Smith Micro
2014-11-08 16:42:28 217088 ----a-r- c:\users\owner\appdata\roaming\microsoft\installer\{2c69abc9-55b7-410e-89ab-4cbd84d8d37b}\ARPPRODUCTICON.exe
2014-11-08 16:35:45 -------- d-----w- c:\program files\Summitsoft
2014-11-08 16:14:38 -------- d-----w- c:\users\owner\appdata\local\HCSShell
2014-10-29 01:10:04 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2014-10-29 01:10:04 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2014-10-29 01:10:04 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2014-10-29 01:10:04 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2014-10-29 01:10:04 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
.
==================== Find3M ====================
.
2014-11-23 17:36:52 100896 ----a-w- c:\windows\system32\RTNUninst32.dll
2014-11-12 15:36:04 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-11-12 15:36:04 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-10-15 05:17:01 4922368 ----a-w- c:\windows\system32\mstscax.dll
2014-10-15 05:17:01 37376 ----a-w- c:\windows\system32\tsgqec.dll
2014-10-15 05:17:01 2744320 ----a-w- c:\windows\system32\rdpcorets.dll
2014-10-15 05:17:01 269312 ----a-w- c:\windows\system32\aaclient.dll
2014-10-15 05:17:01 1050112 ----a-w- c:\windows\system32\mstsc.exe
2014-10-15 05:16:26 31232 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2014-10-15 05:16:26 304128 ----a-w- c:\windows\system32\winlogon.exe
2014-10-15 05:16:26 184320 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2014-10-15 05:16:26 157696 ----a-w- c:\windows\system32\winsta.dll
2014-10-15 05:16:26 130048 ----a-w- c:\windows\system32\rdpcorekmts.dll
2014-10-15 05:14:48 372736 ----a-w- c:\windows\system32\rastls.dll
2014-10-15 05:12:02 81560 ----a-w- c:\windows\system32\mscories.dll
2014-10-15 05:12:02 156824 ----a-w- c:\windows\system32\mscorier.dll
2014-10-15 05:12:02 1131664 ----a-w- c:\windows\system32\dfshim.dll
2014-10-02 21:23:20 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2014-10-02 21:23:20 69632 ----a-w- c:\windows\system32\QuickTime.qts
2014-09-25 01:40:50 519680 ----a-w- c:\windows\system32\qdvd.dll
2014-09-10 15:02:54 2285056 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2014-09-09 21:47:10 2048 ----a-w- c:\windows\system32\tzres.dll
.
============= FINISH: 13:25:02.85 ===============
November 24th, 2014, 08:30 PM
#2
Welcome aboard
Please, observe following rules:
Read all of my instructions very carefully . Your mistakes during cleaning process may have very serious consequences, like unbootable computer.If you're stuck, or you're not sure about certain step, always ask before doing anything else. Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest. Never run more than one scan at a time. Keep updating me regarding your computer behavior, good, or bad. The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know. If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum. I close my topics if you have not replied in 5 days . If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
==========================
Download RogueKiller from one of the following links and save it to your Desktop:
Link 1
Link 2
Close all the running programs Windows Vista/7/8 users: right click on RogueKiller.exe , click Run as Administrator Otherwise just double-click on RogueKiller.exe Pre-scan will start. Let it finish. Click on SCAN button. Wait until the Status box shows Scan Finished Click on Delete . Wait until the Status box shows Deleting Finished . Click on Report and copy/paste the content of the Notepad into your next reply. RKreport.txt could also be found on your desktop.If more than one log is produced post all logs. If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
Create new restore point before proceeding with the next step....
How to: http://www.smartestcomputing.us.com/...t-all-windows/
Download Malwarebytes Anti-Rootkit to your desktop.
Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights. Double click on downloaded file. OK self extracting prompt. MBAR will start. Click "Next " to continue. Click in the following screen "Update " to obtain the latest malware definitions. Once the update is complete select "Next " and click "Scan ". When the scan is finished and no malware has been found select "Exit ". If malware was detected, make sure to check all the items and click "Cleanup ". Reboot your computer. Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
"mbar-log-{date} (xx-xx-xx) .txt" "system-log.txt"
NOTE. If you see This version requires you to completely exit the Anti Malware application message right click on the Malwarebytes icon in the system tray and click on Exit .
November 25th, 2014, 10:13 AM
#3
Ran RogueKiller and results of log are below:
RogueKiller V10.0.8.0 [Nov 20 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 7 (6.1.7601 Service Pack 1) 32
bits version
Started in : Normal mode
User : Owner [Administrator]
Mode : Delete -- Date : 11/25/2014 06:08:23
¤¤¤ Processes : 2 ¤¤¤
[Suspicious.Path] VPDAgent.exe -- C:\Windows
\VPDAgent.exe[-] -> Killed [TermProc]
[PUP] (SVC) vToolbarUpdater18.1.9 -- C:\Program Files
\Common Files\AVG Secure Search\vToolbarUpdater
\18.1.9\ToolbarUpdater.exe[7] -> Stopped
¤¤¤ Registry : 28 ¤¤¤
[PUP] HKEY_CLASSES_ROOT\CLSID\{408CFAD9-8F13-
4747-8EC7-770A339C7237} -> Not selected
[PUP] HKEY_CLASSES_ROOT\CLSID\{4E92DB5F-AAD9-
49D3-8EAB-B40CBE5B1FF7} -> Not selected
[PUP] HKEY_CLASSES_ROOT\CLSID\{933B95E2-E7B7-
4AD9-B952-7AC336682AE3} -> Not selected
[PUP] HKEY_CLASSES_ROOT\CLSID\{94496571-6AC5-
4836-82D5-D46260C44B17} -> Not selected
[PUP] HKEY_CLASSES_ROOT\CLSID\{95B7759C-8C7F-
4BF1-B163-73684A933233} -> Not selected
[PUP] HKEY_CLASSES_ROOT\CLSID\{B658800C-F66E-
4EF3-AB85-6C0C227862A9} -> Not selected
[PUP] HKEY_CLASSES_ROOT\CLSID\{BC9FD17D-30F6-
4464-9E53-596A90AFF023} -> Not selected
[PUP] HKEY_CLASSES_ROOT\CLSID\{DE9028D0-5FFA-
4E69-94E3-89EE8741F468} -> Not selected
[PUP] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-
4EB7-A673-4ED3E9456D39} -> Not selected
[PUP] HKEY_CLASSES_ROOT\CLSID\{F25AF245-4A81-
40DC-92F9-E9021F207706} -> Not selected
[PUP] HKEY_LOCAL_MACHINE\Software\Microsoft
\Windows\CurrentVersion\Explorer\Browser Helper Objects
\{95B7759C-8C7F-4BF1-B163-73684A933233} -> Not selected
[PUP] HKEY_LOCAL_MACHINE\Software\Microsoft
\Windows\CurrentVersion\Run | vProt : "C:\Program Files
\AVG Secure Search\vprot.exe" -> Not selected
[Suspicious.Path] HKEY_LOCAL_MACHINE\System
\CurrentControlSet\Services\Agent (C:\Windows
\VPDAgent.exe) -> Not selected
[PUP] HKEY_LOCAL_MACHINE\System\CurrentControlSet
\Services\vToolbarUpdater18.1.9 (C:\Program Files\Common
Files\AVG Secure Search\vToolbarUpdater
\18.1.9\ToolbarUpdater.exe) -> Not selected
[Suspicious.Path] HKEY_LOCAL_MACHINE\System
\ControlSet001\Services\Agent (C:\Windows\VPDAgent.exe)
-> Not selected
[PUP] HKEY_LOCAL_MACHINE\System
\ControlSet001\Services\vToolbarUpdater18.1.9 (C:\Program
Files\Common Files\AVG Secure Search\vToolbarUpdater
\18.1.9\ToolbarUpdater.exe) -> Not selected
[Suspicious.Path] HKEY_LOCAL_MACHINE\System
\ControlSet002\Services\Agent (C:\Windows\VPDAgent.exe)
-> Not selected
[PUP] HKEY_LOCAL_MACHINE\System
\ControlSet002\Services\vToolbarUpdater18.1.9 (C:\Program
Files\Common Files\AVG Secure Search\vToolbarUpdater
\18.1.9\ToolbarUpdater.exe) -> Not selected
[PUM.HomePage] HKEY_USERS\S-1-5-21-1241181004-
2622625590-1122715860-1000\Software\Microsoft\Internet
Explorer\Main | Start Page : http://search.conduit.com?
SearchSource=10&CUI=UN42947427976486298&UM=2&ctid
=CT3310511 -> Not selected
[PUM.Dns] HKEY_LOCAL_MACHINE\System
\CurrentControlSet\Services\Tcpip\Parameters |
DhcpNameServer : 68.105.28.12 68.105.29.12 68.105.28.11
[UNITED STATES (US)][UNITED STATES (US)][UNITED
STATES (US)] -> Not selected
[PUM.Dns] HKEY_LOCAL_MACHINE\System
\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer :
68.105.28.12 68.105.29.12 68.105.28.11 [UNITED STATES
(US)][UNITED STATES (US)][UNITED STATES (US)] ->
Not selected
[PUM.Dns] HKEY_LOCAL_MACHINE\System
\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer :
68.105.28.12 68.105.29.12 68.105.28.11 [UNITED STATES
(US)][UNITED STATES (US)][UNITED STATES (US)] ->
Not selected
[PUM.Dns] HKEY_LOCAL_MACHINE\System
\CurrentControlSet\Services\Tcpip\Parameters\Interfaces
\{0841394A-6C4A-4D06-B8A9-908F53338C1A} |
DhcpNameServer : 68.105.28.12 68.105.29.12 68.105.28.11
[UNITED STATES (US)][UNITED STATES (US)][UNITED
STATES (US)] -> Not selected
[PUM.Dns] HKEY_LOCAL_MACHINE\System
\ControlSet001\Services\Tcpip\Parameters\Interfaces
\{0841394A-6C4A-4D06-B8A9-908F53338C1A} |
DhcpNameServer : 68.105.28.12 68.105.29.12 68.105.28.11
[UNITED STATES (US)][UNITED STATES (US)][UNITED
STATES (US)] -> Not selected
[PUM.Dns] HKEY_LOCAL_MACHINE\System
\ControlSet002\Services\Tcpip\Parameters\Interfaces
\{0841394A-6C4A-4D06-B8A9-908F53338C1A} |
DhcpNameServer : 68.105.28.12 68.105.29.12 68.105.28.11
[UNITED STATES (US)][UNITED STATES (US)][UNITED
STATES (US)] -> Not selected
[PUM.Policies] HKEY_LOCAL_MACHINE\Software
\Microsoft\Windows\CurrentVersion\Policies\System |
ConsentPromptBehaviorAdmin : 0 -> Not selected
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software
\Microsoft\Windows\CurrentVersion\Explorer
\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-
A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software
\Microsoft\Windows\CurrentVersion\Explorer
\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-
89c5-5595fe6b30ee} : 1 -> Not selected
¤¤¤ Tasks : 6 ¤¤¤
[Suspicious.Path] AVG-Secure-Search-
Update_JUNE2013_HP_rmv.job -- C:\Windows\TEMP
\{53F56097-F45E-4F99-B93E-FBF084EA5B1B}.exe (--
uninstall=1) -> Deleted
[Suspicious.Path] AVG-Secure-Search-
Update_JUNE2013_TB_rmv.job -- C:\Windows\TEMP
\{01066B39-936A-4A36-8131-7648FA3EB119}.exe (--
uninstall=1) -> Deleted
[Suspicious.Path] EasyShare Registration Task.job -- C:
\Windows\system32\rundll32.exe (C:\PROGRA~2\Kodak
\EasyShareSetup\$REGIS~1\Registration_8.3.20.1.sxt
_RegistrationOffer@16) -> Deleted
[Suspicious.Path] \\AVG-Secure-Search-
Update_JUNE2013_HP_rmv -- C:\Windows\TEMP\{53F56097
-F45E-4F99-B93E-FBF084EA5B1B}.exe (--uninstall=1) ->
Deleted
[Suspicious.Path] \\AVG-Secure-Search-
Update_JUNE2013_TB_rmv -- C:\Windows\TEMP\{01066B39
-936A-4A36-8131-7648FA3EB119}.exe (--uninstall=1) ->
Deleted
[Suspicious.Path] \\EasyShare Registration Task -- C:
\Windows\system32\rundll32.exe (C:\PROGRA~2\Kodak
\EasyShareSetup\$REGIS~1\Registration_8.3.20.1.sxt
_RegistrationOffer@16) -> Deleted
¤¤¤ Files : 0 ¤¤¤
¤¤¤ Hosts File : 0 ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
¤¤¤ Web browsers : 3 ¤¤¤
[PUP][FIREFX:Addon] am53b3xu.default-1411387983416 :
Yahoo Toolbar [{635abd67-4fe9-1b23-4f01-e679fa7484c1}] ->
Not selected
[PUP][FIREFX:Addon] am53b3xu.default-1411387983416 :
AVG Security Toolbar [avg@toolbar] -> Not selected
[PUM.HomePage][FIREFX:Config] am53b3xu.default-
1411387983416 : user_pref("browser.startup.homepage",
"http://ww2.cox.com/myconnection/sandiego/home.cox"); ->
Not selected
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST500DM005 HD502HJ ATA Device
+++++
--- User ---
[MBR] d6ee5a03d26b92a31bbdf00f5ac7c31f
[BSP] 3483a0ead32cde755d5a21e8b3276fb1 : Windows
Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 |
Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors):
206848 | Size: 476838 MB
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: SAMSUNG HD103UI USB Device ++
+++
--- User ---
[MBR] c4dbe81c6a0c74f7492d9307f88a5514
[BSP] 33dc70ac5737f33ef7a66f73c56595eb : Windows XP
MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 63 |
Size: 953867 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )
============================================
RKreport_SCN_11252014_060639.log
November 25th, 2014, 10:53 AM
#4
Created new restore point.
Ran Malwarebytes Anti-RootKit. Logs follow:
Malwarebytes Anti-Rootkit BETA 1.08.2.1001
www.malwarebytes.org
Database version: v2014.11.25.06
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.17420
Owner :: OWNER-PC [administrator]
11/25/2014 6:15:14 AM
mbar-log-2014-11-25 (06-15-14).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 353863
Time elapsed: 30 minute(s), 52 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.2.1001
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x86
Account is Administrative
Internet Explorer version: 11.0.9600.17420
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 2.893000 GHz
Memory total: 3673481216, free: 1063571456
Downloaded database version: v2014.11.25.06
Downloaded database version: v2014.11.22.01
Initializing...
======================
------------ Kernel report ------------
11/25/2014 06:15:02
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\halmacpi.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\drivers\mfehidk.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\mfewfpk.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\Drivers\SmartDefragDriver.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\drivers\NST\0200000.010\ccSetx86.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\??\C:\Windows\system32\drivers\avgtpx86.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\igdkmd32.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\TeeDriver.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rt86win7.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHDA.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\mfeavfk.sys
\SystemRoot\system32\drivers\mfefirek.sys
\SystemRoot\system32\DRIVERS\mfencbdc.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\usbscan.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\parvdm.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\drivers\mfeapfk.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\cfwids.sys
\??\C:\Program Files\IObit\IObit Malware Fighter\drivers\win7_x86\regfilter.sys
\??\C:\Program Files\IObit\IObit Malware Fighter\Drivers\win7_x86\FileMonitor.sys
\??\C:\Program Files\IObit\IObit Malware Fighter\drivers\win7_x86\UrlFilter.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\SystemRoot\system32\drivers\spsys.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\comdlg32.dll
\Windows\System32\ws2_32.dll
\Windows\System32\kernel32.dll
\Windows\System32\msctf.dll
\Windows\System32\urlmon.dll
\Windows\System32\imm32.dll
\Windows\System32\Wldap32.dll
\Windows\System32\ole32.dll
\Windows\System32\setupapi.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\msvcrt.dll
\Windows\System32\psapi.dll
\Windows\System32\user32.dll
\Windows\System32\difxapi.dll
\Windows\System32\lpk.dll
\Windows\System32\nsi.dll
\Windows\System32\shell32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\iertutil.dll
\Windows\System32\gdi32.dll
\Windows\System32\sechost.dll
\Windows\System32\usp10.dll
\Windows\System32\wininet.dll
\Windows\System32\advapi32.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffffff87258400
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000006b\
Lower Device Object: 0xffffffff870ec888
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff86cad688
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xffffffff85ed9908
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff86cad688, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff86cad368, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff86cad688, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff867ba918, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff85ed9908, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: B71899DD
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition file system is NTFS
Partition is bootable
Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 206848 Numsec = 976564224
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 500107862016 bytes
Sector size: 512 bytes
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffffff87258400, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff870ecd10, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff87258400, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff870ec888, DeviceName: \Device\0000006b\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: E939140F
Partition information:
Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 1953520002
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 1000204886016 bytes
Sector size: 512 bytes
Done!
Scan finished
=======================================
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removal finished
November 25th, 2014, 08:41 PM
#5
Please disable "word wrap" in Notepad because some logs are hard to read.
Please download ComboFix from Here , Here or Here to your Desktop.
**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
Never rename Combofix unless instructed. Close any open browsers. Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results" .Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask. Close any open browsers. WARNING: Combofix will disconnect your machine from the Internet as soon as it startsPlease do not attempt to re-connect your machine back to the Internet until Combofix has completely finished. If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
If the connection is not there use restore point you created prior to running Combofix. Double click on combofix.exe & follow the prompts.
NOTE1. If Combofix asks you to install Recovery Console , please allow it.
NOTE 2. If Combofix asks you to update the program, always do so .
When finished, it will produce a report for you. Please post the "C:\ComboFix.txt"
**Note 1 : Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users : ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3 : If you receive an error Illegal operation attempted on a registery key that has been marked for deletion , restart computer to fix the issue.
**Note 4 : Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.
Make sure, you re-enable your security programs, when you're done with Combofix.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
NOTE.
If, for some reason, Combofix refuses to run , try the following...
Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com ) to your desktop .
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
rKill.exe : http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/
Restart computer in safe mode
Double-click on the Rkill desktop icon to run the tool. If using Vista or Windows 7 right-click on it and choose Run As Administrator .A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully. If not, delete the file, then download and use the one provided in Link 2 . Do not reboot until instructed. If the tool does not run from any of the links provided, please let me know.
When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.
Once you've gotten one of them to run, immediately run your_name .exe by double clicking on it.
IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt .
November 26th, 2014, 12:26 AM
#6
Ran ComboFix. Log follows (I hope the word wrap was disabled properly this time...my apologies):
ComboFix 14-11-25.01 - Owner 11/25/2014 19:29:37.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3503.1938 [GMT -8:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\AdobePDF.dll
E:\install.exe
.
Infected copy of c:\windows\system32\samsrv.dll was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-directory-services-sam_31bf3856ad364e35_6.1.7601.17514_none_b3f5c348ff36a76f\samsrv.dll
.
.
((((((((((((((((((((((((( Files Created from 2014-10-26 to 2014-11-26 )))))))))))))))))))))))))))))))
.
.
2014-11-26 03:41 . 2014-11-26 03:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-11-25 14:15 . 2014-11-25 14:50 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-11-25 14:00 . 2014-11-25 14:00 34808 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-11-25 14:00 . 2014-11-25 14:00 -------- d-----w- c:\programdata\RogueKiller
2014-11-23 20:40 . 2014-11-25 14:15 119000 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-11-23 20:40 . 2014-11-25 14:14 79576 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-11-23 20:40 . 2014-11-23 20:40 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-11-23 20:40 . 2014-11-23 20:40 -------- d-----w- c:\programdata\Malwarebytes
2014-11-23 20:40 . 2014-10-01 19:11 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-11-23 20:40 . 2014-10-01 19:11 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-11-23 17:44 . 2014-11-23 17:44 -------- d-----w- c:\program files\Common Files\Java
2014-11-23 17:43 . 2014-11-23 17:43 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-11-23 17:41 . 2014-11-23 17:41 1892056 ----a-w- c:\windows\system32\RTSndMgr.cpl
2014-11-23 17:41 . 2014-11-23 17:41 3086040 ----a-w- c:\windows\system32\drivers\RTKVHDA.sys
2014-11-23 17:41 . 2014-11-23 17:41 2566872 ----a-w- c:\windows\system32\RtkPgExt.dll
2014-11-23 17:41 . 2014-11-23 17:41 916696 ----a-w- c:\windows\system32\RtkCoInstII.dll
2014-11-23 17:41 . 2014-11-23 17:41 782040 ----a-w- c:\windows\system32\RtkApoApi.dll
2014-11-23 17:41 . 2014-11-23 17:41 1099203 ----a-w- c:\windows\system32\drivers\RTAIODAT.DAT
2014-11-23 17:41 . 2014-11-23 17:41 2474200 ----a-w- c:\windows\system32\RltkAPO.dll
2014-11-23 17:41 . 2014-11-23 17:41 900696 ----a-w- c:\windows\system32\MaxxAudioAPOShell.dll
2014-11-23 17:41 . 2014-11-23 17:41 1940056 ----a-w- c:\windows\system32\MaxxAudioEQ.dll
2014-11-23 17:41 . 2014-11-23 17:41 86488 ----a-w- c:\windows\system32\drivers\TeeDriver.sys
2014-11-23 17:36 . 2014-11-23 17:36 76872 ----a-w- c:\windows\system32\RtNicProp32.dll
2014-11-23 17:36 . 2014-11-23 17:36 719064 ----a-w- c:\windows\system32\drivers\Rt86win7.sys
2014-11-23 15:40 . 2014-11-23 15:40 -------- d-----w- c:\program files\TeamViewer
2014-11-23 01:53 . 2014-11-23 01:53 -------- d-sh--w- c:\users\Owner\AppData\Local\EmieBrowserModeList
2014-11-18 18:10 . 2014-11-18 18:10 550912 ----a-w- c:\windows\system32\kerberos.dll
2014-11-18 18:10 . 2014-11-18 18:10 186880 ----a-w- c:\windows\system32\pku2u.dll
2014-11-14 05:31 . 2014-11-14 05:31 2363904 ----a-w- c:\windows\system32\msi.dll
2014-11-14 05:31 . 2014-11-14 05:31 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-11-14 05:31 . 2014-11-14 05:31 1237504 ----a-w- c:\windows\system32\msxml3.dll
2014-11-14 05:31 . 2014-11-14 05:31 681984 ----a-w- c:\windows\system32\adtschema.dll
2014-11-14 05:31 . 2014-11-14 05:31 523776 ----a-w- c:\windows\system32\termsrv.dll
2014-11-14 05:31 . 2014-11-14 05:31 146432 ----a-w- c:\windows\system32\msaudite.dll
2014-11-14 05:31 . 2014-11-14 05:31 136632 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-11-14 05:31 . 2014-11-14 05:31 1059840 ----a-w- c:\windows\system32\lsasrv.dll
2014-11-14 05:30 . 2014-11-14 05:30 2379264 ----a-w- c:\windows\system32\win32k.sys
2014-11-14 05:30 . 2014-11-14 05:30 67584 ----a-w- c:\windows\system32\packager.dll
2014-11-14 05:30 . 2014-11-14 05:30 571904 ----a-w- c:\windows\system32\oleaut32.dll
2014-11-14 05:30 . 2014-11-14 05:30 475136 ----a-w- c:\windows\system32\audiosrv.dll
2014-11-14 05:30 . 2014-11-14 05:30 442880 ----a-w- c:\windows\system32\AUDIOKSE.dll
2014-11-14 05:30 . 2014-11-14 05:30 374784 ----a-w- c:\windows\system32\AudioEng.dll
2014-11-14 05:30 . 2014-11-14 05:30 275968 ----a-w- c:\windows\system32\EncDump.dll
2014-11-14 05:30 . 2014-11-14 05:30 195584 ----a-w- c:\windows\system32\AudioSes.dll
2014-11-14 05:28 . 2014-11-14 05:28 701440 ----a-w- c:\windows\system32\IMJP10K.DLL
2014-11-14 05:28 . 2014-11-14 05:28 65536 ----a-w- c:\windows\system32\TSpkg.dll
2014-11-14 05:28 . 2014-11-14 05:28 259584 ----a-w- c:\windows\system32\msv1_0.dll
2014-11-14 05:28 . 2014-11-14 05:28 248832 ----a-w- c:\windows\system32\schannel.dll
2014-11-14 05:28 . 2014-11-14 05:28 221184 ----a-w- c:\windows\system32\ncrypt.dll
2014-11-14 05:28 . 2014-11-14 05:28 17408 ----a-w- c:\windows\system32\credssp.dll
2014-11-14 05:28 . 2014-11-14 05:28 172032 ----a-w- c:\windows\system32\wdigest.dll
2014-11-14 05:21 . 2014-11-05 17:50 254464 ----a-w- c:\windows\system32\generaltel.dll
2014-11-14 05:21 . 2014-11-05 17:50 203776 ----a-w- c:\windows\system32\aepdu.dll
2014-11-14 05:21 . 2014-11-05 17:47 302592 ----a-w- c:\windows\system32\aeinv.dll
2014-11-08 17:09 . 2014-11-08 17:09 -------- d-----w- c:\programdata\Smith Micro
2014-11-08 17:08 . 2014-11-08 17:08 -------- d-----w- c:\users\Owner\AppData\Roaming\Smith Micro
2014-11-08 16:42 . 2014-11-08 16:42 217088 ----a-r- c:\users\Owner\AppData\Roaming\Microsoft\Installer\{2C69ABC9-55B7-410E-89AB-4CBD84D8D37B}\ARPPRODUCTICON.exe
2014-11-08 16:35 . 2014-11-08 16:40 -------- d-----w- c:\program files\Summitsoft
2014-11-08 16:14 . 2014-11-08 16:14 -------- d-----w- c:\users\Owner\AppData\Local\HCSShell
2014-10-29 01:10 . 2014-10-29 01:10 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2014-10-29 01:10 . 2014-10-29 01:10 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2014-10-29 01:10 . 2014-10-29 01:10 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2014-10-29 01:10 . 2014-10-29 01:10 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2014-10-29 01:10 . 2014-10-29 01:10 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2014-10-29 01:09 . 2014-10-29 01:10 -------- d-----w- c:\program files\QuickTime
2014-10-29 01:09 . 2014-10-29 01:09 -------- d-----w- c:\programdata\Apple Computer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-11-25 20:24 . 2014-11-21 02:54 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2014-11-23 17:38 . 2012-03-20 06:26 11049984 ----a-w- c:\windows\system32\igdumd32.dll
2014-11-23 17:38 . 2012-05-31 17:33 11176448 ----a-w- c:\windows\system32\igd10umd32.dll
2014-11-23 17:36 . 2012-05-31 17:37 100896 ----a-w- c:\windows\system32\RTNUninst32.dll
2014-11-12 15:36 . 2012-05-31 19:32 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-11-12 15:36 . 2012-05-31 19:32 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-10-15 05:17 . 2014-10-15 05:17 4922368 ----a-w- c:\windows\system32\mstscax.dll
2014-10-15 05:17 . 2014-10-15 05:17 37376 ----a-w- c:\windows\system32\tsgqec.dll
2014-10-15 05:17 . 2014-10-15 05:17 2744320 ----a-w- c:\windows\system32\rdpcorets.dll
2014-10-15 05:17 . 2014-10-15 05:17 269312 ----a-w- c:\windows\system32\aaclient.dll
2014-10-15 05:17 . 2014-10-15 05:17 1050112 ----a-w- c:\windows\system32\mstsc.exe
2014-10-15 05:16 . 2014-10-15 05:16 31232 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2014-10-15 05:16 . 2014-10-15 05:16 304128 ----a-w- c:\windows\system32\winlogon.exe
2014-10-15 05:16 . 2014-10-15 05:16 184320 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2014-10-15 05:16 . 2014-10-15 05:16 157696 ----a-w- c:\windows\system32\winsta.dll
2014-10-15 05:16 . 2014-10-15 05:16 130048 ----a-w- c:\windows\system32\rdpcorekmts.dll
2014-10-15 05:14 . 2014-10-15 05:14 372736 ----a-w- c:\windows\system32\rastls.dll
2014-10-15 05:12 . 2014-10-15 05:12 81560 ----a-w- c:\windows\system32\mscories.dll
2014-10-15 05:12 . 2014-10-15 05:12 156824 ----a-w- c:\windows\system32\mscorier.dll
2014-10-15 05:12 . 2014-10-15 05:12 1131664 ----a-w- c:\windows\system32\dfshim.dll
2014-10-15 05:11 . 2014-10-15 05:11 988160 ----a-w- c:\windows\system32\drmv2clt.dll
2014-10-15 05:11 . 2014-10-15 05:11 96768 ----a-w- c:\windows\system32\appidpolicyconverter.exe
2014-10-15 05:11 . 2014-10-15 05:11 8192 ----a-w- c:\windows\system32\spwmp.dll
2014-10-15 05:11 . 2014-10-15 05:11 81408 ----a-w- c:\windows\system32\cryptsp.dll
2014-10-15 05:11 . 2014-10-15 05:11 744960 ----a-w- c:\windows\system32\blackbox.dll
2014-10-15 05:11 . 2014-10-15 05:11 617984 ----a-w- c:\windows\system32\wmdrmsdk.dll
2014-10-15 05:11 . 2014-10-15 05:11 593920 ----a-w- c:\windows\system32\drivers\PEAuth.sys
2014-10-15 05:11 . 2014-10-15 05:11 521384 ----a-w- c:\windows\system32\winload.exe
2014-10-15 05:11 . 2014-10-15 05:11 50688 ----a-w- c:\windows\system32\appidapi.dll
2014-10-15 05:11 . 2014-10-15 05:11 504320 ----a-w- c:\windows\system32\msscp.dll
2014-10-15 05:11 . 2014-10-15 05:11 50176 ----a-w- c:\windows\system32\setbcdlocale.dll
2014-10-15 05:11 . 2014-10-15 05:11 50176 ----a-w- c:\windows\system32\rrinstaller.exe
2014-10-15 05:11 . 2014-10-15 05:11 50176 ----a-w- c:\windows\system32\drivers\appid.sys
2014-10-15 05:11 . 2014-10-15 05:11 489984 ----a-w- c:\windows\system32\evr.dll
2014-10-15 05:11 . 2014-10-15 05:11 455752 ----a-w- c:\windows\system32\winresume.exe
2014-10-15 05:11 . 2014-10-15 05:11 4096 ----a-w- c:\windows\system32\msdxm.ocx
2014-10-15 05:11 . 2014-10-15 05:11 4096 ----a-w- c:\windows\system32\dxmasf.dll
2014-10-15 05:11 . 2014-10-15 05:11 409272 ----a-w- c:\windows\system32\ci.dll
2014-10-15 05:11 . 2014-10-15 05:11 406016 ----a-w- c:\windows\system32\drmmgrtn.dll
2014-10-15 05:11 . 2014-10-15 05:11 3970488 ----a-w- c:\windows\system32\ntkrnlpa.exe
2014-10-15 05:11 . 2014-10-15 05:11 3914680 ----a-w- c:\windows\system32\ntoskrnl.exe
2014-10-15 05:11 . 2014-10-15 05:11 354816 ----a-w- c:\windows\system32\mfplat.dll
2014-10-15 05:11 . 2014-10-15 05:11 3208704 ----a-w- c:\windows\system32\mf.dll
2014-10-15 05:11 . 2014-10-15 05:11 27648 ----a-w- c:\windows\system32\appidsvc.dll
2014-10-15 05:11 . 2014-10-15 05:11 265216 ----a-w- c:\windows\system32\msnetobj.dll
2014-10-15 05:11 . 2014-10-15 05:11 23040 ----a-w- c:\windows\system32\mfpmp.exe
2014-10-15 05:11 . 2014-10-15 05:11 2048 ----a-w- c:\windows\system32\mferror.dll
2014-10-15 05:11 . 2014-10-15 05:11 179200 ----a-w- c:\windows\system32\wintrust.dll
2014-10-15 05:11 . 2014-10-15 05:11 16896 ----a-w- c:\windows\system32\appidcertstorecheck.exe
2014-10-15 05:11 . 2014-10-15 05:11 157184 ----a-w- c:\windows\system32\pcasvc.dll
2014-10-15 05:11 . 2014-10-15 05:11 143872 ----a-w- c:\windows\system32\cryptsvc.dll
2014-10-15 05:11 . 2014-10-15 05:11 1329664 ----a-w- c:\windows\system32\quartz.dll
2014-10-15 05:11 . 2014-10-15 05:11 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2014-10-15 05:11 . 2014-10-15 05:11 1174528 ----a-w- c:\windows\system32\crypt32.dll
2014-10-15 05:11 . 2014-10-15 05:11 103424 ----a-w- c:\windows\system32\mfps.dll
2014-10-15 05:11 . 2014-10-15 05:11 1005056 ----a-w- c:\windows\system32\cryptui.dll
2014-10-02 21:23 . 2014-10-02 21:23 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2014-10-02 21:23 . 2014-10-02 21:23 69632 ----a-w- c:\windows\system32\QuickTime.qts
2014-09-25 01:40 . 2014-10-02 12:26 519680 ----a-w- c:\windows\system32\qdvd.dll
2014-09-10 15:02 . 2014-09-10 15:02 2285056 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2014-09-09 21:47 . 2014-09-27 11:08 2048 ----a-w- c:\windows\system32\tzres.dll
2014-08-31 12:24 . 2012-07-17 21:37 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
2014-11-23 17:30 752960 ----a-w- c:\program files\IObit\IObit Uninstaller\UninstallExplorer32.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2014-08-25 15:59 3627032 ----a-w- c:\program files\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F}]
2014-06-11 23:20 464720 ----a-w- c:\program files\IObit\IObit Malware Fighter\adsremoval\IE\Adblock.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll" [2014-08-25 3627032]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco1]
@="{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}"
[HKEY_CLASSES_ROOT\CLSID\{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}]
2014-09-26 21:40 1029280 ----a-w- c:\program files\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x86.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco2]
@="{853B7E05-C47D-4985-909A-D0DC5C6D7303}"
[HKEY_CLASSES_ROOT\CLSID\{853B7E05-C47D-4985-909A-D0DC5C6D7303}]
2014-09-26 21:40 1029280 ----a-w- c:\program files\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x86.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco3]
@="{42D38F2E-98E9-4382-B546-E24E4D6D04BB}"
[HKEY_CLASSES_ROOT\CLSID\{42D38F2E-98E9-4382-B546-E24E4D6D04BB}]
2014-09-26 21:40 1029280 ----a-w- c:\program files\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x86.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"California Fonts Loader"="c:\program files\California Font Manager\CaliforniaFonts.exe" [2012-02-29 628736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2014-04-26 517392]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2014-08-25 2640408]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2014-09-20 557768]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe" [2014-09-12 3499920]
"Adobe Creative Cloud"="c:\program files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" [2014-10-06 2694320]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2014-10-02 421888]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2014-11-23 145904]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2014-11-23 181232]
"Persistence"="c:\windows\system32\igfxpers.exe" [2014-11-23 189936]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2014-11-23 12021464]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-09-27 271744]
"IObit Malware Fighter"="c:\program files\IObit\IObit Malware Fighter\IMF.exe" [2014-10-14 1802048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"RAInstaller c:\program files\RealArcade\Installer\commonResources\GameHouse\gamehouse_"="rmdir" [X]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 7"="c:\program files\IObit\Advanced SystemCare 7\ASCTray.exe" [2014-08-22 2281248]
"Backblaze"="c:\program files\Backblaze\bzbui.exe" [2014-11-26 493672]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Event Planner Reminder.lnk - c:\program files\Creative Home\Hallmark Card Studio 2015\Planner\PLNRnote.exe [2014-7-24 364032]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Event Planner Reminder.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Event Planner Reminder.lnk
backup=c:\windows\pss\Event Planner Reminder.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Scan2PC.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Scan2PC.lnk
backup=c:\windows\pss\Scan2PC.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PowerReg SchedulerV2.exe]
path=c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg SchedulerV2.exe
backup=c:\windows\pss\PowerReg SchedulerV2.exe.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2014-09-12 09:43 3499920 ----a-w- c:\program files\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2014-08-21 16:30 959176 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Creative Cloud]
2014-10-06 12:31 2694320 ----a-w- c:\program files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2014-09-20 02:22 557768 ----a-w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5.5ServiceManager]
2011-01-12 14:08 1523360 ----a-w- c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS6ServiceManager]
2013-04-25 10:50 1075296 ----a-w- c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-09-14 03:51 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-10-28 02:17 207424 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Backblaze]
2014-11-26 00:09 493672 ----a-w- c:\program files\Backblaze\bzbui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\California Fonts Loader]
2012-02-29 04:31 628736 ----a-w- c:\program files\California Font Manager\CaliforniaFonts.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonQuickMenu]
2012-04-03 20:26 1273448 ----a-w- c:\program files\Canon\Quick Menu\CNQMMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2014-11-23 17:38 181232 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2014-11-23 17:38 145904 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IObit Malware Fighter]
2014-10-14 02:47 1802048 ----a-w- c:\program files\IObit\IObit Malware Fighter\IMF.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcpltui_exe]
2014-04-26 01:29 517392 ----a-w- c:\program files\McAfee.com\Agent\mcagent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcui_exe]
2014-04-26 01:29 517392 ----a-w- c:\program files\McAfee.com\Agent\mcagent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2014-11-23 17:38 189936 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2014-10-02 21:23 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2014-11-23 17:41 12021464 ----a-w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2014-09-27 06:47 271744 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 21:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vProt]
2014-08-25 15:59 2640408 ----a-w- c:\program files\AVG Secure Search\vprot.exe
.
R2 LiveUpdateSvc;LiveUpdate;c:\program files\IObit\LiveUpdate\LiveUpdate.exe [2014-11-23 2283296]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2013-09-23 147912]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-11-14 102912]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe [2014-04-09 235696]
R3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\DRIVERS\mfencrk.sys [2014-08-20 81296]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-06-19 14848]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-06-19 49664]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2013-06-19 27136]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-05-31 1343400]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2014-06-20 217224]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2014-06-04 18624]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2014-08-11 42784]
S1 ccSet_NST;Norton Safe Web Lite Settings Manager;c:\windows\system32\drivers\NST\0200000.010\ccSetx86.sys [2011-08-08 132744]
S2 AdvancedSystemCareService7;Advanced SystemCare Service 7;c:\program files\IObit\Advanced SystemCare 7\ASCService.exe [2014-08-19 893216]
S2 Agent;VPDAgent;c:\windows\VPDAgent.exe [2012-03-06 192512]
S2 bzserv;Backblaze Service;c:\program files\Backblaze\bzserv.exe [2014-11-26 234600]
S2 HomeNetSvc;McAfee Home Network;c:\program files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [2013-07-30 281560]
S2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [2014-10-01 344896]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2012-08-31 167784]
S2 McAPExe;McAfee AP Service;c:\program files\McAfee\MSC\McAPExe.exe [2014-04-26 145568]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [2013-07-30 281560]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [2013-07-30 281560]
S2 mcpltsvc;McAfee Platform Services;c:\program files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [2013-07-30 281560]
S2 mfecore;McAfee Anti-Malware Core;c:\program files\Common Files\McAfee\AMCore\mcshield.exe [2014-08-20 655936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2014-06-20 169800]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2014-06-20 179600]
S2 NSL;Norton Safe Web Lite;c:\program files\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe [2011-08-10 138760]
S2 ogmservice;Online Games Manager;c:\program files\Online Games Manager\ogmservice.exe [2014-03-27 581568]
S2 Scan2PC;Scan2PC;c:\program files\Scan2PC\Sc2PCSvc.exe [2009-07-28 69632]
S2 TeamViewer9;TeamViewer 9;c:\program files\TeamViewer\Version9\TeamViewer_Service.exe [2014-09-12 4799760]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]
S2 vToolbarUpdater18.1.9;vToolbarUpdater18.1.9;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [2014-08-11 1820184]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2014-06-20 62832]
S3 FileMonitor;FileMonitor;c:\program files\IObit\IObit Malware Fighter\Drivers\win7_x86\FileMonitor.sys [2013-03-23 21480]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2012-04-24 169752]
S3 MEI;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\TeeDriver.sys [2014-11-23 86488]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2014-06-20 369248]
S3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\DRIVERS\mfencbdc.sys [2014-08-20 350240]
S3 RegFilter;RegFilter;c:\program files\IObit\IObit Malware Fighter\drivers\win7_x86\regfilter.sys [2013-11-20 32288]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2014-11-23 719064]
S3 UrlFilter;UrlFilter;c:\program files\IObit\IObit Malware Fighter\drivers\win7_x86\UrlFilter.sys [2013-11-20 20944]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2014-11-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-31 15:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&CUI=UN42947427976486298&UM=2&ctid=CT3310511
mStart Page = about :blank
TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\am53b3xu.default-1411387983416\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://ww2.cox.com/myconnection/sandiego/home.cox
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-Advanced SystemCare 6 - c:\program files\IObit\Advanced SystemCare 6\ASCTray.exe
MSConfigStartUp-SearchSettings - c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NSL]
"ImagePath"="\"c:\program files\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe\" /s \"NSL\" /m \"c:\program files\Norton Safe Web Lite\Engine\2.0.0.16\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5d,bf,40,19,6a,27,18,42,b5,08,5d,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5d,bf,40,19,6a,27,18,42,b5,08,5d,\
.
[HKEY_USERS\S-1-5-21-1241181004-2622625590-1122715860-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1241181004-2622625590-1122715860-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-1241181004-2622625590-1122715860-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D105354C-7C28-8B52-49FC-3D317FC4B66B}*]
"iaaifkdbcmhghefhcg"=hex:6a,61,68,62,65,64,65,68,67,6d,6a,6d,6b,6d,67,6d,6b,62,
6d,6d,00,00
"hakicpojmjnmoekh"=hex:6a,61,68,62,65,64,65,68,67,6d,6a,6d,6b,6d,67,6d,6b,62,
6d,6d,00,00
"hanpfofjocfdobkf"=hex:63,63,69,6d,70,61,69,6e,65,66,64,70,6f,61,6c,64,6c,68,
6d,69,63,65,64,64,6b,69,66,6c,64,64,67,62,68,66,6c,6d,6c,6e,69,69,67,69,68,\
.
[HKEY_USERS\S-1-5-21-1241181004-2622625590-1122715860-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E031DDDE-7E65-502B-56CD-D21900E0135C}*]
"iaoafcdfmbhdjocknp"=hex:69,61,65,61,6b,61,70,64,67,6e,63,65,6a,70,61,67,68,70,
00,00
"hamahhapcnoojbin"=hex:69,61,65,61,6b,61,70,64,67,6e,63,65,6a,70,61,67,68,70,
00,00
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_223_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_223_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{D105354C-7C28-8B52-49FC-3D317FC4B66B}\InProcServer32*]
"jagimocpnigbbghiomoj"=hex:6a,61,68,62,65,64,65,68,67,6d,6a,6d,6b,6d,67,6d,6b,
62,6d,6d,00,00
"iagigfinbplpolgphn"=hex:6a,61,68,62,65,64,65,68,67,6d,6a,6d,6b,6d,67,6d,6b,62,
6d,6d,00,00
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E031DDDE-7E65-502B-56CD-D21900E0135C}\InProcServer32*]
"jaibgbfjbgmhagpmndom"=hex:69,61,65,61,6b,61,70,64,67,6e,63,65,6a,70,61,67,68,
70,00,00
"iaibmalichgmihefpd"=hex:69,61,65,61,6b,61,70,64,67,6e,63,65,6a,70,61,67,68,70,
00,00
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(9404)
c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\PSIService.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\IObit\Advanced SystemCare 7\Monitor.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Common Files\McAfee\SystemCore\mfefire.exe
c:\program files\Common Files\McAfee\Platform\mcuicnt.exe
c:\program files\IObit\IObit Uninstaller\UninstallMonitor.exe
c:\program files\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
c:\program files\IObit\Advanced SystemCare 7\RealTimeProtector.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Backblaze\bzfilelist.exe
c:\windows\system32\conhost.exe
c:\program files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
c:\program files\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
c:\program files\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
c:\program files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\windows\system32\sppsvc.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\RunDll32.exe
.
**************************************************************************
.
Completion time: 2014-11-25 19:57:36 - machine was rebooted
ComboFix-quarantined-files.txt 2014-11-26 03:57
.
Pre-Run: 349,681,725,440 bytes free
Post-Run: 350,401,171,456 bytes free
.
- - End Of File - - 13F5B3C58CE206A103BCB2C84DD5BE45
A36C5E4F47E84449FF07ED3517B43A31
November 26th, 2014, 01:29 AM
#7
Uninstall Advanced SystemCare.
Registry cleaners/optimizers are not recommended for several reasons:
Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable .
The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers " all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry . Not all registry cleaners are created equal . There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry ". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work. Not all registry cleaners create a backup of the registry before making changes . If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry. Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools. The usefulness of cleaning the registry is highly overrated and can be dangerous . In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results ".
Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great .
Please download AdwCleaner by Xplode onto your desktop.
Close all open programs and internet browsers. Double click on adwcleaner.exe to run the tool. Click on Scan button. When the scan has finished click on Clean button. Your computer will be rebooted automatically. A text file will open after the restart. Please post the contents of that logfile with your next reply. You can find the logfile at C:\AdwCleaner[S1].txt as well.
Please download Junkware Removal Tool to your desktop.
Shut down your protection software now to avoid potential conflicts. Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator". The tool will open and start scanning your system. Please be patient as this can take a while to complete depending on your system's specifications. On completion, a log (JRT.txt) is saved to your desktop and will automatically open. Post the contents of JRT.txt into your next message.
Please download Farbar Recovery Scan Tool and save it to your Desktop.
Note : You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer. Press Scan button. It will make a log (FRST.txt ) in the same directory the tool is run. Please copy and paste it to your reply. The first time the tool is run, it makes also another log (Addition.txt ). Please copy and paste it to your reply.
November 26th, 2014, 08:55 AM
#8
Here I go....
Uninstalled Advanced SystemCare.
Ran AdwCleaner and Junkware Removal Tool (logs duplicated below).
Could not run Farbar Recovery Scan Tool - the following message popped up:
Line 10308 (File ""):
Error "EndIf statement with no matching "If" statement.
The logs:
# AdwCleaner v4.102 - Report created 26/11/2014 at 04:33:34
# Updated 23/11/2014 by Xplode
# Database : 2014-11-25.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : Owner - OWNER-PC
# Running from : C:\Users\Owner\Desktop\adwcleaner_4.102.exe
# Option : Clean
***** [ Services ] *****
Service Deleted : vToolbarUpdater18.1.9
***** [ Files / Folders ] *****
Folder Deleted : C:\Users\Owner\Favorites\Tutorials
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\ProgramData\Alawar Entertainment
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
Folder Deleted : C:\Program Files\AVG Secure Search
Folder Deleted : C:\Program Files\AVG Security Toolbar
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\SmartTweak
Folder Deleted : C:\Program Files\Uninstaller
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
Folder Deleted : C:\Users\Owner\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Owner\AppData\Local\Conduit
Folder Deleted : C:\Users\Owner\AppData\Local\genienext
Folder Deleted : C:\Users\Owner\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Owner\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Owner\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\Owner\AppData\Roaming\Optimizer Pro
Folder Deleted : C:\Users\Owner\AppData\Roaming\ParetoLogic
Folder Deleted : C:\Users\Owner\AppData\Roaming\Alawar Entertainment
Folder Deleted : C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SmartTweak Software
Folder Deleted : C:\Users\Owner\Desktop\Tutorials
Folder Deleted : C:\Users\Owner\Documents\Optimizer Pro
Folder Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\am53b3xu.default-1411387983416\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Folder Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\p4wtfm8m.default-1407511791679\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Folder Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\am53b3xu.default-1411387983416\Extensions\adremoveext@adremoveext.net
Folder Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\p4wtfm8m.default-1407511791679\Extensions\adremoveext@adremoveext.net
Folder Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\rntoc33p.default-1379719655683\Extensions\adremoveext@adremoveext.net
Folder Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fopdddcinljmpmioaklghcalngfhbaen
Folder Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkcefkcdkepgkpbgncjchhbjgoanleod
File Deleted : C:\Users\Owner\AppData\LocalLow\SkwConfig.bin
***** [ Scheduled Tasks ] *****
Task Deleted : Driver Booster Scan
Task Deleted : Driver Booster Update
***** [ Shortcuts ] *****
***** [ Registry ] *****
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\conduit.com
Key Deleted : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{30CEEEA2-3742-40e4-85DD-812BF1CBB83D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30CEEEA2-3742-40e4-85DD-812BF1CBB83D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30CEEEA2-3742-40e4-85DD-812BF1CBB83D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{30CEEEA2-3742-40e4-85DD-812BF1CBB83D}]
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3774A2CA-97AE-4487-9287-92DC850D862D}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\smarttweak
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Freeze.com
Key Deleted : HKLM\SOFTWARE\ParetoLogic
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : HKLM\SOFTWARE\Trymedia Systems
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.0.3
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NST
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17420
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
-\\ Mozilla Firefox v33.1 (x86 en-US)
[am53b3xu.default-1411387983416\prefs.js] - Line Deleted : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\FireFoxExt\\18.1.9.799");
[am53b3xu.default-1411387983416\prefs.js] - Line Deleted : user_pref("avg.userPreferences.URLBarFocus.whiteList", "bing\\.comgoogle\\.\\w+yahoo\\.\\w+gmail\\.\\w+hotmail\\.\\w+live\\.\\w+isearch\\.avg\\.commysearch\\.avg\\.com");
-\\ Google Chrome v
*************************
AdwCleaner[R0].txt - [9819 octets] - [26/11/2014 04:31:19]
AdwCleaner[S0].txt - [9892 octets] - [26/11/2014 04:33:34]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9952 octets] ##########
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.9 (11.15.2014:2)
OS: Windows 7 Home Premium x86
Ran by Owner on Wed 11/26/2014 at 4:44:29.70
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
Successfully deleted: [File] C:\Windows\System32\Tasks\Driver Booster SkipUAC (SYSTEM)
Successfully deleted: [File] "C:\Windows\couponprinter.ocx"
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\ammyy"
Successfully deleted: [Folder] "C:\ProgramData\pc1data"
Successfully deleted: [Folder] "C:\Program Files\coupons"
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{0817BA02-3957-4CA9-98DD-015976C374CE}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{09257A49-CB6A-4EA9-8E50-00784BB3524F}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{0A407710-599B-464F-8009-C6D5FD26675A}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{0CF82B95-8FFD-4D3A-B2FE-5B48C96F0E2E}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{131DF55C-383B-4732-9746-58AC279F4C1B}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{13A8A873-5FCF-4CCC-94A3-F0309EA615E2}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{144DEC27-1032-49CC-A8D8-BA09744D5EC5}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{19CE05A2-6D65-42D6-8FCE-C608BAE165BE}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{1CABB23A-1E38-4B23-9FCE-C674AC6A5076}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{23679591-6B93-43C5-9B2B-04390B24889D}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{33A7F716-3123-4447-8356-A7C94241859D}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{36F520AA-75D3-4413-AA1F-1556D947D47D}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{3CCDD2DF-5777-4D59-8D4A-85EA28729409}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{40C6AF96-4BF9-4364-BA40-EB080D9EF766}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{424DDF44-F97A-4DF3-85D3-4EF92558EBA7}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{4517500A-D7CB-4420-920D-073209863FD6}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{55288609-DC26-475D-BA1A-3C845BF2D8B2}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{5563CDA6-6FB4-4FE5-932B-6C4D7C571E9B}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{5581B6A1-6920-4E91-9A6E-C7CCDE835790}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{5B792AAE-22BB-4F9C-B008-1ED2331A8E6C}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{5BA73EB7-6B42-4E12-9A9A-6E22096B1986}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{6149C576-C242-479A-8621-016A62E2865E}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{6222C945-DD15-4E18-B209-50F29CB17453}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{627BFE7E-0F79-41A6-AF13-D0D9BEB9C794}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{64B2F7D7-A95A-4FBF-AC39-1B91C80B4C4A}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{658A5E0D-3B0A-412A-BCB4-5DF23B5E8C4D}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{6C06F702-E764-418A-8690-42914948E1A9}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{7EEE6D4F-0CAE-4E17-83C9-17C03CFF0D21}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{7F6E2112-5710-4997-9CFB-A675FB0DE166}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{8AED9039-2C77-48E4-B286-FD5A208D0D45}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{8F3725D2-6327-4D25-BD8F-F4899105BA3A}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{915D5B55-62D2-49A9-8741-F30541099E1A}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{97B03D4B-35CB-47C8-AB41-98F695E2412B}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{994C455F-2421-4C6F-92EC-6D2BF624C57C}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{99FEEC30-4362-443E-8C6C-A6938294117F}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{AB7D22B3-3B6B-4AC3-BC92-2621A703AD7E}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{C1AFA01E-D595-4165-B84E-D9AB0525D905}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{C7740A91-3D74-4782-952A-522E52A50E1C}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{D085CF5A-B549-44E3-B934-7A7A8E93FF34}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{D409DBAC-F9FC-403C-946D-AC5C49F73C61}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{D615A274-C94A-4A34-8E97-8DB39C2F2DFD}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{D81A8173-CAAD-4C76-B3B5-605B4C8413E7}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{D87882D8-982B-41E4-A9F0-EA240A421817}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{D9BA70BE-AC44-42CD-BCA9-268D5B23F89A}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{DF855E96-A307-4048-B717-02A698329556}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{E1AFC45F-4D13-4DA8-87A1-7C8BF94AF341}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{E62A60AB-DB3C-4EB1-9548-BD07CE887B29}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{F346195A-477D-44C2-B153-08D3793FA810}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{F4312DC9-6D77-485C-B92C-A74930D5DCFC}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{F521A18F-7F1C-4AA1-9430-4A983B617425}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{F7CA3A08-EE62-4B7E-B9C3-8A042F8CF9F4}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{FA0A8462-D08B-4BDE-B31C-0140BC7D0C4C}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{FA3317AD-A53A-4436-9807-F26373B70DA2}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{FBA6AFB5-120C-4E75-AF8E-0711D347E14B}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{FCD39755-7195-49C7-A3B5-4E750F828C89}
~~~ FireFox
Emptied folder: C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\am53b3xu.default-1411387983416\minidumps [37 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 11/26/2014 at 4:46:05.93
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
November 26th, 2014, 09:38 PM
#9
Delete your FRST file, download new one and try again.
November 26th, 2014, 09:57 PM
#10
Deleted FRST file, downloaded new one, and ran scan. First part of Log FRST follows (complete log is too long for form):
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-11-2014 01
Ran by Owner (administrator) on OWNER-PC on 26-11-2014 17:48:44
Running from C:\Users\Owner\Desktop
Loaded Profile: Owner (Available profiles: Owner)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Two Pilots) C:\Windows\VPDAgent.exe
(IObit) C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
() C:\Program Files\Backblaze\bzserv.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Symantec Corporation) C:\Program Files\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe
(RealNetworks, Inc.) C:\Program Files\Online Games Manager\ogmservice.exe
() C:\Windows\System32\PSIService.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files\Scan2PC\Sc2PCSvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\AMCore\mcshield.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Creative Home) C:\Program Files\Creative Home\Hallmark Card Studio 2015\Planner\PLNRnote.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(IObit) C:\Program Files\IObit\IObit Uninstaller\UninstallMonitor.exe
() C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\Platform\McUICnt.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\Platform\Core\mchost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [517392 2014-04-25] (McAfee, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-09-19] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499920 2014-09-12] (Adobe Systems Inc.)
HKLM\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2014-10-06] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12021464 2014-11-23] (Realtek Semiconductor)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM\...\Run: [IObit Malware Fighter] => C:\Program Files\IObit\IObit Malware Fighter\IMF.exe [1802048 2014-10-13] (IObit)
HKLM\...\RunOnce: [RAInstaller C:\Program Files\RealArcade\Installer\commonResources\GameHouse\gamehouse_] => cmd.exe /c "rmdir /S /Q "C:\Program Files\RealArcade\Installer\commonResources\GameHouse\gamehouse_""
HKU\S-1-5-21-1241181004-2622625590-1122715860-1000\...\Run: [California Fonts Loader] => C:\Program Files\California Font Manager\CaliforniaFonts.exe [628736 2012-02-28] (SqueakyChocolate, LLC)
HKU\S-1-5-18\...\Run: [Advanced SystemCare 7] => "C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto
HKU\S-1-5-18\...\Run: [Backblaze] => C:\Program Files\Backblaze\bzbui.exe [493672 2014-11-25] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Event Planner Reminder.lnk
ShortcutTarget: Event Planner Reminder.lnk -> C:\Program Files\Creative Home\Hallmark Card Studio 2015\Planner\PLNRnote.exe (Creative Home)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x86.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x86.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x86.dll ()
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
November 26th, 2014, 09:57 PM
#11
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir...=ie&ar=msnhome
HKU\S-1-5-21-1241181004-2622625590-1122715860-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
HKU\S-1-5-21-1241181004-2622625590-1122715860-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x3858F7E4FC98CD01
HKU\S-1-5-21-1241181004-2622625590-1122715860-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about :blank
URLSearchHook: HKU\S-1-5-21-1241181004-2622625590-1122715860-1000 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
HKU\S-1-5-21-1241181004-2622625590-1122715860-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {3774A2CA-97AE-4487-9287-92DC850D862D} URL =
SearchScopes: HKU\S-1-5-21-1241181004-2622625590-1122715860-1000 -> DefaultScope {DA6A0AE5-8D17-4EB4-B086-57ECB564DC5F} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=800236&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1241181004-2622625590-1122715860-1000 -> {34749075-7842-402F-804A-E96032AF4EC5} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1241181004-2622625590-1122715860-1000 -> {5A94B4B8-9225-4FB5-A9A0-26ECD95D7009} URL = http://search.yahoo.com/search?fr=mcafee&type=A011US636&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-1241181004-2622625590-1122715860-1000 -> {DA6A0AE5-8D17-4EB4-B086-57ECB564DC5F} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=800236&p={searchTerms}
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll (IObit)
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Ads Removal -> {9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} -> C:\Program Files\IObit\IObit Malware Fighter\adsremoval\IE\Adblock.dll (Adblock)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO: Advanced SystemCare Browser Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - No Name - {30CEEEA2-3742-40e4-85DD-812BF1CBB83D} - No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 68.105.28.12 68.105.29.12 68.105.28.11
FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\am53b3xu.default-1411387983416
FF DefaultSearchEngine: Yahoo
FF SelectedSearchEngine: Yahoo
FF Homepage: hxxp://ww2.cox.com/myconnection/sandiego/home.cox
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin: @java.com/DTPlugin,version=10.72.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.72.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Owner\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\avg-secure-search.xml
FF Extension: DownloadHelper - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\am53b3xu.default-1411387983416\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-23]
FF Extension: Pin It Button - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\am53b3xu.default-1411387983416\Extensions\jid1-YcMV6ngYmQRA2w@jetpack.xpi [2014-09-22]
FF Extension: AmazonSmile 1Button for Firefox - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\am53b3xu.default-1411387983416\Extensions\smile1Button@amazon.com.xpi [2014-10-12]
FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2012-12-29]
FF HKLM\...\Firefox\Extensions: [{203FB6B2-2E1E-4474-863B-4C483ECCE78E}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2.0.0.16\coFFNST
FF Extension: Norton Safe Web Lite Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2.0.0.16\coFFNST [2014-11-26]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2013-06-09]
FF HKU\S-1-5-21-1241181004-2622625590-1122715860-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
FF Extension: No Name - web2pdfextension@web2pdf.adobed otcom [Not Found]
Chrome:
=======
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-09-12]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2014-11-20]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 Agent; C:\Windows\VPDAgent.exe [192512 2012-03-06] (Two Pilots) [File not signed]
R2 bzserv; C:\Program Files\Backblaze\bzserv.exe [234600 2014-11-25] ()
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [279024 2014-11-23] (Intel Corporation)
R2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R3 ICCS; C:\Program Files\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [169752 2012-04-24] (Intel Corporation)
R2 IMFservice; C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe [344896 2014-09-30] (IObit)
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2283296 2014-11-23] (IObit)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [145568 2014-04-25] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [472072 2014-09-04] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [655936 2014-08-20] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [169800 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [179600 2014-06-20] (McAfee, Inc.)
R2 NSL; C:\Program Files\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe [138760 2011-08-10] (Symantec Corporation)
R2 ogmservice; C:\Program Files\Online Games Manager\ogmservice.exe [581568 2014-03-27] (RealNetworks, Inc.)
U2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [174656 2006-11-02] () [File not signed]
R2 Scan2PC; C:\Program Files\Scan2PC\Sc2PCSvc.exe [69632 2009-07-28] () [File not signed]
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42784 2014-08-11] (AVG Technologies)
R1 ccSet_NST; C:\Windows\system32\drivers\NST\0200000.010\ccSetx86.sys [132744 2011-08-08] (Symantec Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [62832 2014-06-20] (McAfee, Inc.)
S4 FileMonitor; C:\Program Files\IObit\IObit Malware Fighter\Drivers\win7_x86\FileMonitor.sys [21480 2013-03-23] (IObit)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [147912 2013-09-23] (McAfee, Inc.)
R3 MEI; C:\Windows\System32\DRIVERS\TeeDriver.sys [86488 2014-11-23] (Intel Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [135968 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [238176 2014-06-20] (McAfee, Inc.)
S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [67816 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [369248 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [576048 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [350240 2014-08-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [81296 2014-08-20] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [217224 2014-06-20] (McAfee, Inc.)
R3 RegFilter; C:\Program Files\IObit\IObit Malware Fighter\drivers\win7_x86\regfilter.sys [32288 2013-11-19] (IObit.com)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [18624 2014-06-04] (IObit)
S3 UrlFilter; C:\Program Files\IObit\IObit Malware Fighter\drivers\win7_x86\UrlFilter.sys [20944 2013-11-19] (IObit.com)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Owner\AppData\Local\Temp\catchme.sys [X]
S3 gdrv; No ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-26 17:48 - 2014-11-26 17:49 - 00022215 _____ () C:\Users\Owner\Desktop\FRST.txt
2014-11-26 17:48 - 2014-11-26 17:48 - 00000000 ____D () C:\FRST
2014-11-26 17:43 - 2014-11-26 17:43 - 01109504 _____ (Farbar) C:\Users\Owner\Desktop\FRST.exe
2014-11-26 08:54 - 2014-11-26 08:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-11-26 04:44 - 2014-11-26 04:44 - 00000000 ____D () C:\Windows\ERUNT
2014-11-26 04:31 - 2014-11-26 04:36 - 00000000 ____D () C:\AdwCleaner
2014-11-26 04:18 - 2014-11-26 04:18 - 02148864 _____ () C:\Users\Owner\Desktop\adwcleaner_4.102.exe
2014-11-26 04:18 - 2014-11-26 04:18 - 01707532 _____ (Thisisu) C:\Users\Owner\Desktop\JRT.exe
2014-11-25 19:57 - 2014-11-25 19:57 - 00036530 _____ () C:\ComboFix.txt
2014-11-25 19:27 - 2014-11-25 19:57 - 00000000 ____D () C:\Qoobox
2014-11-25 19:27 - 2014-11-25 19:57 - 00000000 ____D () C:\ComboFix
2014-11-25 19:27 - 2011-06-25 22:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-11-25 19:27 - 2010-11-07 09:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-11-25 19:27 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-11-25 19:27 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-11-25 19:27 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-11-25 19:27 - 2000-08-30 16:00 - 00098816 _____ () C:\Windows\sed.exe
2014-11-25 19:27 - 2000-08-30 16:00 - 00080412 _____ () C:\Windows\grep.exe
2014-11-25 19:27 - 2000-08-30 16:00 - 00068096 _____ () C:\Windows\zip.exe
2014-11-25 19:26 - 2014-11-25 19:54 - 00000000 ____D () C:\Windows\erdnt
2014-11-25 16:56 - 2014-11-25 16:56 - 05599228 ____R (Swearware) C:\Users\Owner\Desktop\ComboFix.exe
2014-11-25 06:15 - 2014-11-25 06:50 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-11-25 06:14 - 2014-11-25 06:50 - 00000000 ____D () C:\Users\Owner\Desktop\mbar
2014-11-25 06:00 - 2014-11-25 06:00 - 00034808 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-11-25 06:00 - 2014-11-25 06:00 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-11-25 05:57 - 2014-11-25 05:57 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Owner\Desktop\mbar-1.08.2.1001.exe
2014-11-25 05:56 - 2014-11-25 05:56 - 15196248 _____ () C:\Users\Owner\Desktop\RogueKiller.exe
2014-11-23 13:23 - 2014-11-23 13:23 - 00688992 ____R (Swearware) C:\Users\Owner\Downloads\dds.com
2014-11-23 12:40 - 2014-11-25 06:15 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-23 12:40 - 2014-11-25 06:14 - 00079576 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-23 12:40 - 2014-11-23 12:40 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-23 12:40 - 2014-11-23 12:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-23 12:40 - 2014-11-23 12:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-23 12:40 - 2014-11-23 12:40 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-11-23 12:40 - 2014-10-01 11:11 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-23 12:40 - 2014-10-01 11:11 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-23 10:40 - 2014-11-23 10:41 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Owner\Downloads\mbam-setup-2.0.3.1025.exe
2014-11-23 10:07 - 2014-11-23 10:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
2014-11-23 10:06 - 2014-11-23 10:06 - 32809520 _____ (IObit ) C:\Users\Owner\Downloads\IObit-Malware-Fighter-Setup(2).exe
2014-11-23 09:44 - 2014-11-23 09:44 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-11-23 09:44 - 2014-11-23 09:43 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-11-23 09:43 - 2014-11-23 09:43 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-11-23 09:43 - 2014-11-23 09:43 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-11-23 09:43 - 2014-11-23 09:43 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-11-23 09:43 - 2014-11-23 09:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-11-23 09:41 - 2014-11-23 09:41 - 03086040 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHDA.sys
2014-11-23 09:41 - 2014-11-23 09:41 - 02566872 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkPgExt.dll
2014-11-23 09:41 - 2014-11-23 09:41 - 02474200 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO.dll
2014-11-23 09:41 - 2014-11-23 09:41 - 01940056 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ.dll
2014-11-23 09:41 - 2014-11-23 09:41 - 01892056 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSndMgr.cpl
2014-11-23 09:41 - 2014-11-23 09:41 - 01099203 _____ () C:\Windows\system32\Drivers\RTAIODAT.DAT
2014-11-23 09:41 - 2014-11-23 09:41 - 00916696 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoInstII.dll
2014-11-23 09:41 - 2014-11-23 09:41 - 00900696 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell.dll
2014-11-23 09:41 - 2014-11-23 09:41 - 00782040 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApoApi.dll
2014-11-23 09:41 - 2014-11-23 09:41 - 00086488 _____ (Intel Corporation) C:\Windows\system32\Drivers\TeeDriver.sys
2014-11-23 09:38 - 2014-11-23 09:38 - 10812928 _____ (Intel Corporation) C:\Windows\system32\ig4icd32.dll
2014-11-23 09:38 - 2014-11-23 09:38 - 09023488 _____ (Intel Corporation) C:\Windows\system32\igfxress.dll
2014-11-23 09:38 - 2014-11-23 09:38 - 06231536 _____ (Intel Corporation) C:\Windows\system32\GfxUI.exe
2014-11-23 09:38 - 2014-11-23 09:38 - 03768320 _____ (Intel Corporation) C:\Windows\system32\Drivers\igdkmd32.sys
2014-11-23 09:38 - 2014-11-23 09:38 - 00438272 _____ (Intel Corporation) C:\Windows\system32\igfxrell.lrc
2014-11-23 09:38 - 2014-11-23 09:38 - 00437760 _____ (Intel Corporation) C:\Windows\system32\igfxrfra.lrc
2014-11-23 09:38 - 2014-11-23 09:38 - 00437760 _____ (Intel Corporation) C:\Windows\system32\igfxresn.lrc
2014-11-23 09:38 - 2014-11-23 09:38 - 00437248 _____ (Intel Corporation) C:\Windows\system32\igfxrrus.lrc
2014-11-23 09:38 - 2014-11-23 09:38 - 00437248 _____ (Intel Corporation) C:\Windows\system32\igfxrrom.lrc
2014-11-23 09:38 - 2014-11-23 09:38 - 00436736 _____ (Intel Corporation) C:\Windows\system32\igfxrsky.lrc
2014-11-23 09:38 - 2014-11-23 09:38 - 00436736 _____ (Intel Corporation) C:\Windows\system32\igfxrptg.lrc
2014-11-23 09:38 - 2014-11-23 09:38 - 00436736 _____ (Intel Corporation) C:\Windows\system32\igfxrplk.lrc
2014-11-23 09:38 - 2014-11-23 09:38 - 00436736 _____ (Intel Corporation) C:\Windows\system32\igfxrnld.lrc
2014-11-23 09:38 - 2014-11-23 09:38 - 00436736 _____ (Intel Corporation) C:\Windows\system32\igfxrita.lrc
2014-11-23 09:38 - 2014-11-23 09:38 - 00436736 _____ (Intel Corporation) C:\Windows\system32\igfxrhrv.lrc
2014-11-23 09:38 - 2014-11-23 09:38 - 00436736 _____ (Intel Corporation) C:\Windows\system32\igfxrdeu.lrc
2014-11-23 09:38 - 2014-11-23 09:38 - 00436224 _____ (Intel Corporation) C:\Windows\system32\igfxrhun.lrc
2014-11-23 09:38 - 2014-11-23 09:38 - 00436224 _____ (Intel Corporation) C:\Windows\system32\igfxrfin.lrc
2014-11-23 09:38 - 2014-11-23 09:38 - 00436224 _____ (Intel Corporation) C:\Windows\system32\igfxrcsy.lrc
2014-11-23 09:38 - 2014-11-23 09:38 - 00435712 _____ (Intel Corporation) C:\Windows\system32\igfxrtrk.lrc
2014-11-23 09:38 - 2014-11-23 09:38 - 00435712 _____ (Intel Corporation) C:\Windows\system32\igfxrsve.lrc
2014-11-23 09:38 - 2014-11-23 09:38 - 00435712 _____ (Intel Corporation) C:\Windows\system32\igfxrslv.lrc
2014-11-23 09:38 - 2014-11-23 09:38 - 00435712 _____ (Intel Corporation) C:\Windows\system32\igfxrptb.lrc
2014-11-23 09:38 - 2014-11-23 09:38 - 00435712 _____ (Intel Corporation) C:\Windows\system32\igfxrnor.lrc
2014-11-23 09:38 - 2014-11-23 09:38 - 00435200 _____ (Intel Corporation) C:\Windows\system32\igfxrtha.lrc
2014-11-23 09:38 - 2014-11-23 09:38 - 00435200 _____ (Intel Corporation) C:\Windows\system32\igfxrdan.lrc
2014-11-23 09:38 - 2014-11-23 09:38 - 00433664 _____ (Intel Corporation) C:\Windows\system32\igfxrheb.lrc
2014-11-23 09:38 - 2014-11-23 09:38 - 00433664 _____ (Intel Corporation) C:\Windows\system32\igfxrara.lrc
2014-11-23 09:38 - 2014-11-23 09:38 - 00430080 _____ (Intel Corporation) C:\Windows\system32\igfxrjpn.lrc
2014-11-23 09:38 - 2014-11-23 09:38 - 00429056 _____ (Intel Corporation) C:\Windows\system32\igfxrkor.lrc
2014-11-23 09:38 - 2014-11-23 09:38 - 00427008 _____ (Intel Corporation) C:\Windows\system32\igfxrcht.lrc
2014-11-23 09:38 - 2014-11-23 09:38 - 00426496 _____ (Intel Corporation) C:\Windows\system32\igfxrchs.lrc
2014-11-23 09:38 - 2014-11-23 09:38 - 00330752 _____ (Intel Corporation) C:\Windows\system32\igfxdev.dll
2014-11-23 09:38 - 2014-11-23 09:38 - 00313344 _____ (Intel Corporation) C:\Windows\system32\igfxpph.dll
2014-11-23 09:38 - 2014-11-23 09:38 - 00286208 _____ (Intel Corporation) C:\Windows\system32\igfxTMM.dll
2014-11-23 09:38 - 2014-11-23 09:38 - 00284160 _____ (Intel Corporation) C:\Windows\system32\igfxrenu.lrc
2014-11-23 09:38 - 2014-11-23 09:38 - 00279024 _____ (Intel Corporation) C:\Windows\system32\IntelCpHeciSvc.exe
2014-11-23 09:38 - 2014-11-23 09:38 - 00271856 _____ (Intel Corporation) C:\Windows\system32\igfxsrvc.exe
2014-11-23 09:38 - 2014-11-23 09:38 - 00199152 _____ (Intel Corporation) C:\Windows\system32\igfxext.exe
2014-11-23 09:38 - 2014-11-23 09:38 - 00189936 _____ (Intel Corporation) C:\Windows\system32\igfxpers.exe
2014-11-23 09:38 - 2014-11-23 09:38 - 00181232 _____ (Intel Corporation) C:\Windows\system32\hkcmd.exe
2014-11-23 09:38 - 2014-11-23 09:38 - 00175616 _____ (Intel Corporation) C:\Windows\system32\gfxSrvc.dll
2014-11-23 09:38 - 2014-11-23 09:38 - 00145904 _____ (Intel Corporation) C:\Windows\system32\igfxtray.exe
2014-11-23 09:38 - 2014-11-23 09:38 - 00130048 _____ (Intel Corporation) C:\Windows\system32\igfxdo.dll
2014-11-23 09:38 - 2014-11-23 09:38 - 00120320 _____ (Intel Corporation) C:\Windows\system32\igfxcpl.cpl
2014-11-23 09:38 - 2014-11-23 09:38 - 00102400 _____ (Intel Corporation) C:\Windows\system32\igfxCoIn_v3517.dll
2014-11-23 09:38 - 2014-11-23 09:38 - 00096256 _____ (Intel Corporation) C:\Windows\system32\hccutils.dll
2014-11-23 09:38 - 2014-11-23 09:38 - 00078848 _____ () C:\Windows\system32\igdde32.dll
2014-11-23 09:38 - 2014-11-23 09:38 - 00067956 _____ () C:\Windows\system32\iglhxs32.vp
2014-11-23 09:38 - 2014-11-23 09:38 - 00059904 _____ (Intel Corporation) C:\Windows\system32\igfxsrvc.dll
2014-11-23 09:38 - 2014-11-23 09:38 - 00025088 _____ (Intel Corporation) C:\Windows\system32\igfxexps.dll
2014-11-23 09:38 - 2014-11-23 09:38 - 00009728 _____ ( ) C:\Windows\system32\IGFXDEVLib.dll
2014-11-23 09:36 - 2014-11-23 09:36 - 00719064 _____ (Realtek ) C:\Windows\system32\Drivers\Rt86win7.sys
2014-11-23 09:36 - 2014-11-23 09:36 - 00076872 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp32.dll
2014-11-23 09:30 - 2014-11-23 09:45 - 00002020 _____ () C:\Users\Public\Desktop\Driver Booster 2.lnk
2014-11-23 09:30 - 2014-11-23 09:30 - 00001138 _____ () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2014-11-23 09:30 - 2014-11-23 09:30 - 00001114 _____ () C:\Users\Public\Desktop\IObit Uninstaller.lnk
2014-11-23 09:30 - 2014-11-23 09:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 2
2014-11-23 09:29 - 2014-11-23 09:29 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled
2014-11-23 09:28 - 2014-11-23 10:07 - 00001135 _____ () C:\Users\Public\Desktop\IObit Malware Fighter.lnk
2014-11-23 09:27 - 2014-11-23 09:27 - 32809520 _____ (IObit ) C:\Users\Owner\Downloads\IObit-Malware-Fighter-Setup(1).exe
2014-11-23 08:55 - 2014-11-23 09:19 - 00001664 _____ () C:\Users\Owner\Documents\krump.txt
2014-11-23 07:40 - 2014-11-23 07:40 - 00001136 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-11-23 07:40 - 2014-11-23 07:40 - 00001124 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-11-23 07:40 - 2014-11-23 07:40 - 00000000 ____D () C:\Program Files\TeamViewer
2014-11-23 07:38 - 2014-11-23 07:39 - 06588560 _____ (TeamViewer GmbH) C:\Users\Owner\Downloads\TeamViewer_Setup_en.exe
2014-11-23 06:04 - 2014-11-26 06:36 - 00001418 _____ () C:\Windows\setupact.log
2014-11-23 06:04 - 2014-11-23 06:04 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-23 06:03 - 2014-11-26 04:37 - 00015218 _____ () C:\Windows\PFRO.log
2014-11-22 17:53 - 2014-11-22 17:53 - 00000000 __SHD () C:\Users\Owner\AppData\Local\EmieBrowserModeList
2014-11-19 16:58 - 2014-11-19 16:58 - 08941445 _____ () C:\Users\Owner\Downloads\wg_ink_and_water_brushes.zip
2014-11-19 05:36 - 2014-11-19 05:36 - 00002067 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Lightroom 5.7.lnk
2014-11-19 05:36 - 2014-11-19 05:36 - 00002055 _____ () C:\Users\Public\Desktop\Lightroom 5.7.lnk
2014-11-18 10:10 - 2014-11-18 10:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-18 10:10 - 2014-11-18 10:10 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-13 21:31 - 2014-11-13 21:31 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-13 21:31 - 2014-11-13 21:31 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-13 21:31 - 2014-11-13 21:31 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-13 21:31 - 2014-11-13 21:31 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-13 21:31 - 2014-11-13 21:31 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-13 21:31 - 2014-11-13 21:31 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-13 21:31 - 2014-11-13 21:31 - 00136632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-13 21:31 - 2014-11-13 21:31 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-13 21:30 - 2014-11-13 21:30 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-13 21:30 - 2014-11-13 21:30 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-13 21:30 - 2014-11-13 21:30 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-13 21:30 - 2014-11-13 21:30 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-13 21:30 - 2014-11-13 21:30 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-13 21:30 - 2014-11-13 21:30 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-13 21:30 - 2014-11-13 21:30 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-13 21:30 - 2014-11-13 21:30 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-13 21:28 - 2014-11-13 21:28 - 00701440 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-13 21:28 - 2014-11-13 21:28 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-13 21:28 - 2014-11-13 21:28 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-13 21:28 - 2014-11-13 21:28 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-13 21:28 - 2014-11-13 21:28 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-13 21:28 - 2014-11-13 21:28 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-13 21:28 - 2014-11-13 21:28 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-13 21:27 - 2014-11-13 21:27 - 19781632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-13 21:27 - 2014-11-13 21:27 - 12819456 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-13 21:27 - 2014-11-13 21:27 - 04298240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-13 21:27 - 2014-11-13 21:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-13 21:27 - 2014-11-13 21:27 - 02277376 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-13 21:27 - 2014-11-13 21:27 - 02051072 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-13 21:27 - 2014-11-13 21:27 - 01892864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-13 21:27 - 2014-11-13 21:27 - 01310208 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-13 21:27 - 2014-11-13 21:27 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-13 21:27 - 2014-11-13 21:27 - 00708096 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-13 21:27 - 2014-11-13 21:27 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-13 21:27 - 2014-11-13 21:27 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-13 21:27 - 2014-11-13 21:27 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-13 21:27 - 2014-11-13 21:27 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-13 21:27 - 2014-11-13 21:27 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-13 21:27 - 2014-11-13 21:27 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-13 21:27 - 2014-11-13 21:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-13 21:27 - 2014-11-13 21:27 - 00341168 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-13 21:27 - 2014-11-13 21:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-13 21:27 - 2014-11-13 21:27 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-13 21:27 - 2014-11-13 21:27 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-13 21:27 - 2014-11-13 21:27 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-13 21:27 - 2014-11-13 21:27 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-13 21:27 - 2014-11-13 21:27 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-13 21:27 - 2014-11-13 21:27 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-13 21:27 - 2014-11-13 21:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-13 21:27 - 2014-11-13 21:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-13 21:27 - 2014-11-13 21:27 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-13 21:27 - 2014-11-13 21:27 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-13 21:27 - 2014-11-13 21:27 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-13 21:21 - 2014-11-05 09:50 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-13 21:21 - 2014-11-05 09:50 - 00203776 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-13 21:21 - 2014-11-05 09:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-10 08:29 - 2014-11-10 08:30 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-11-09 05:11 - 2014-11-09 05:12 - 34332118 _____ () C:\Users\Owner\Downloads\tbrusha(8).exe
2014-11-08 09:18 - 2014-11-08 09:27 - 00000000 ____D () C:\Users\Owner\Desktop\Creative Arts Pack 1
2014-11-08 09:09 - 2014-11-08 09:09 - 00000000 ____D () C:\ProgramData\Smith Micro
2014-11-08 09:08 - 2014-11-08 09:08 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Smith Micro
2014-11-08 09:07 - 2014-11-08 09:07 - 00001187 _____ () C:\Users\Public\Desktop\ScatterShow.lnk
2014-11-08 08:41 - 2014-11-08 08:41 - 21477336 _____ (Creative Home ) C:\Users\Owner\Downloads\HallmarkCardStudio2015BonusPack(1).exe
2014-11-08 08:40 - 2014-11-08 08:59 - 717993680 _____ (Summitsoft Corporation) C:\Users\Owner\Downloads\CreativeArts1_N.exe
2014-11-08 08:40 - 2014-11-08 08:41 - 27930984 _____ (Smith Micro Software, Inc. ) C:\Users\Owner\Downloads\ScatterShow_UniversalWin_1.1(1).exe
2014-11-08 08:40 - 2014-11-08 08:40 - 00002094 _____ () C:\Users\Public\Desktop\FontManagementSystem.lnk
2014-11-08 08:35 - 2014-11-08 08:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Summitsoft
2014-11-08 08:35 - 2014-11-08 08:40 - 00000000 ____D () C:\Program Files\Summitsoft
2014-11-08 08:35 - 2014-11-08 08:35 - 00002012 _____ () C:\Users\Public\Desktop\3D Text Studio.lnk
2014-11-08 08:14 - 2014-11-08 08:14 - 00000000 ____D () C:\Users\Owner\AppData\Local\HCSShell
2014-11-08 08:03 - 2014-11-08 08:03 - 00002337 _____ () C:\Users\Public\Desktop\Hallmark Card Studio 2015.lnk
2014-11-08 07:30 - 2014-11-08 07:35 - 202529472 _____ (Creative Home ) C:\Users\Owner\Downloads\HallmarkCardStudio2015ESD_16.0.0.11(1).exe
2014-11-08 07:29 - 2014-11-08 07:37 - 306604176 _____ (Summtisoft Corporation) C:\Users\Owner\Downloads\CreativeFonts-Full.exe
2014-11-08 07:29 - 2014-11-08 07:34 - 202529472 _____ (Creative Home ) C:\Users\Owner\Downloads\HallmarkCardStudio2015ESD_16.0.0.11.exe
2014-11-08 07:29 - 2014-11-08 07:29 - 27930984 _____ (Smith Micro Software, Inc. ) C:\Users\Owner\Downloads\ScatterShow_UniversalWin_1.1.exe
2014-11-08 07:29 - 2014-11-08 07:29 - 21477336 _____ (Creative Home ) C:\Users\Owner\Downloads\HallmarkCardStudio2015BonusPack.exe
2014-11-08 07:16 - 2014-11-08 07:17 - 84392194 _____ () C:\Users\Owner\Downloads\AdvancedExtraction(1).mp4
2014-11-08 07:16 - 2014-11-08 07:17 - 61606982 _____ () C:\Users\Owner\Downloads\AdvancedShadowing(1).mp4
2014-11-08 07:16 - 2014-11-08 07:16 - 01389604 _____ () C:\Users\Owner\Downloads\AdvancedExtraction(1).zip
2014-11-08 07:16 - 2014-11-08 07:16 - 01145847 _____ () C:\Users\Owner\Downloads\AdvancedShadowingWithPSP(1).zip
2014-11-08 04:46 - 2014-11-08 04:47 - 84392194 _____ () C:\Users\Owner\Downloads\AdvancedExtraction.mp4
2014-11-08 04:46 - 2014-11-08 04:47 - 61606982 _____ () C:\Users\Owner\Downloads\AdvancedShadowing.mp4
2014-11-08 04:46 - 2014-11-08 04:46 - 01389604 _____ () C:\Users\Owner\Downloads\AdvancedExtraction.zip
2014-11-08 04:46 - 2014-11-08 04:46 - 01145847 _____ () C:\Users\Owner\Downloads\AdvancedShadowingWithPSP.zip
2014-11-08 04:45 - 2014-11-08 04:46 - 60295542 _____ () C:\Users\Owner\Downloads\PlayingWithVectors.mp4
2014-11-08 04:45 - 2014-11-08 04:45 - 00725519 _____ () C:\Users\Owner\Downloads\Playing_with_Vectors.zip
2014-11-03 19:36 - 2014-11-03 19:38 - 96490796 _____ () C:\Users\Owner\Downloads\SeamlessDesignWithPaintshopPro.mp4
2014-11-03 19:36 - 2014-11-03 19:36 - 02484201 _____ () C:\Users\Owner\Downloads\Seamless_Design_with_PaintshopPro.zip
2014-11-03 09:51 - 2014-11-03 09:53 - 00000000 ____D () C:\Users\Owner\Documents\Will info
2014-11-03 08:17 - 2014-11-03 08:17 - 00668943 _____ () C:\Users\Owner\Downloads\gold_gradient_by_roula33-d4dkxnp.zip
2014-10-28 17:09 - 2014-10-28 17:10 - 00000000 ____D () C:\Program Files\QuickTime
2014-10-28 17:09 - 2014-10-28 17:09 - 00001815 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-10-28 17:09 - 2014-10-28 17:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-10-28 17:09 - 2014-10-28 17:09 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-10-27 19:10 - 2014-10-27 19:11 - 07671162 _____ () C:\Users\Owner\Downloads\Attachments_20141027.zip
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-26 17:36 - 2012-05-31 11:32 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-26 14:51 - 2012-05-31 09:19 - 01215722 _____ () C:\Windows\WindowsUpdate.log
2014-11-26 14:11 - 2013-03-13 09:12 - 00000000 ____D () C:\Users\Owner\Desktop\Journal
2014-11-26 10:37 - 2009-07-13 18:37 - 00000000 ____D () C:\Windows\rescache
2014-11-26 06:45 - 2009-07-13 20:34 - 00029120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-26 06:45 - 2009-07-13 20:34 - 00029120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-26 06:38 - 2014-08-17 04:41 - 00000000 ____D () C:\Users\Owner\AppData\Local\Adobe
2014-11-26 06:36 - 2009-07-13 20:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-26 05:36 - 2012-05-31 11:32 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-11-26 05:36 - 2012-05-31 11:32 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-11-26 04:36 - 2012-06-05 05:33 - 00000000 ___RD () C:\Users\Owner\Desktop\Tutorials
2014-11-26 04:23 - 2013-06-04 07:26 - 00000000 ____D () C:\Program Files\IObit
2014-11-25 19:57 - 2009-07-13 18:37 - 00000000 __RHD () C:\Users\Default
2014-11-25 19:57 - 2009-07-13 18:37 - 00000000 ___RD () C:\Users\Public
2014-11-25 19:44 - 2009-07-13 18:04 - 00000215 _____ () C:\Windows\system.ini
2014-11-25 16:10 - 2013-11-18 12:19 - 00000000 ____D () C:\Program Files\Backblaze
2014-11-23 15:08 - 2012-06-11 07:33 - 00000000 ____D () C:\Users\Owner\AppData\Local\CrashDumps
2014-11-23 13:10 - 2009-07-13 20:33 - 03910712 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-23 13:00 - 2013-11-24 08:04 - 00000000 ____D () C:\ProgramData\ProductData
2014-11-23 13:00 - 2009-07-13 18:37 - 00000000 ____D () C:\Windows\Resources
2014-11-23 12:38 - 2012-05-31 10:25 - 00146328 _____ () C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-23 09:44 - 2012-05-31 10:21 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR
2014-11-23 09:42 - 2012-05-31 09:36 - 00000000 ____D () C:\Windows\system32\RTCOM
2014-11-23 09:38 - 2012-05-31 09:33 - 11176448 _____ (Intel Corporation) C:\Windows\system32\igd10umd32.dll
2014-11-23 09:38 - 2012-03-19 22:26 - 11049984 _____ (Intel Corporation) C:\Windows\system32\igdumd32.dll
2014-11-23 09:36 - 2012-05-31 09:37 - 00100896 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst32.dll
2014-11-23 09:28 - 2013-06-04 07:26 - 00000000 ____D () C:\ProgramData\IObit
2014-11-22 22:48 - 2014-04-03 04:37 - 53444608 _____ () C:\Windows\system32\config\software.iobit
2014-11-22 22:48 - 2014-04-03 04:37 - 00405504 _____ () C:\Windows\system32\config\default.iobit
2014-11-22 22:48 - 2014-04-03 04:37 - 00061440 _____ () C:\Windows\system32\config\sam.iobit
2014-11-22 22:48 - 2014-04-03 04:37 - 00024576 _____ () C:\Windows\system32\config\security.iobit
2014-11-22 22:48 - 2012-05-31 09:19 - 00000000 ____D () C:\Users\Owner
2014-11-21 15:45 - 2012-06-21 05:30 - 00000000 ____D () C:\Users\Owner\Desktop\Dave
2014-11-21 15:43 - 2012-06-04 07:27 - 02578432 ____R () C:\Users\Public\Documents\ESBK.mb
2014-11-21 15:42 - 2012-06-04 07:27 - 05783552 ____R () C:\Users\Public\Documents\ESBK.mbb
2014-11-20 09:57 - 2012-06-30 08:17 - 00000000 ____D () C:\Users\Owner\Desktop\Other Extras
2014-11-19 05:34 - 2012-05-31 10:21 - 00000000 ____D () C:\Program Files\Adobe
2014-11-18 03:34 - 2014-04-25 07:29 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-18 03:33 - 2013-08-14 07:24 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-18 03:21 - 2012-05-31 10:03 - 100445232 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-16 05:49 - 2014-04-03 04:43 - 53444608 _____ () C:\Windows\system32\config\SOFTWARE.iodefrag.bak
2014-11-16 05:49 - 2014-04-03 04:43 - 00405504 _____ () C:\Windows\system32\config\DEFAULT.iodefrag.bak
2014-11-16 05:49 - 2014-04-03 04:43 - 00061440 _____ () C:\Windows\system32\config\SAM.iodefrag.bak
2014-11-16 05:49 - 2014-04-03 04:43 - 00024576 _____ () C:\Windows\system32\config\SECURITY.iodefrag.bak
2014-11-14 06:23 - 2009-07-13 18:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-11-11 18:40 - 2012-06-09 10:15 - 01268597 _____ () C:\Windows\system32\gcpr
2014-11-11 03:45 - 2012-06-01 15:32 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-11-09 05:15 - 2012-09-28 07:53 - 00002005 _____ () C:\Users\Owner\Desktop\TwistedBrush Pro Studio.lnk
2014-11-09 05:15 - 2012-09-06 09:01 - 00001159 _____ () C:\Users\Owner\Desktop\TwistedBrush FAQ.lnk
2014-11-08 09:36 - 2012-08-28 06:56 - 00001109 _____ () C:\Users\Owner\Desktop\California Font Manager.lnk
2014-11-08 09:07 - 2012-06-04 12:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smith Micro
2014-11-08 09:07 - 2012-06-04 12:40 - 00000000 ____D () C:\Program Files\Smith Micro
2014-11-08 08:39 - 2012-06-04 11:12 - 00000000 ____D () C:\Users\Owner\AppData\Local\Downloaded Installations
2014-11-08 08:14 - 2013-03-17 10:34 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Creative Home
2014-11-08 08:12 - 2012-12-13 15:16 - 00000000 ____D () C:\Users\Owner\AppData\Local\NovaRegister
2014-11-08 08:11 - 2012-12-13 15:13 - 00000000 ____D () C:\Users\Owner\AppData\Local\Creative Home
2014-11-08 08:10 - 2012-12-13 15:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hallmark
2014-11-08 08:10 - 2012-12-13 15:06 - 00000000 ____D () C:\Program Files\Creative Home
2014-11-04 09:36 - 2010-11-20 13:01 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-04 08:25 - 2009-07-13 18:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-01 08:22 - 2012-10-06 17:10 - 00000000 ____D () C:\Users\Owner\Desktop\Delete
2014-10-29 16:46 - 2013-01-19 12:15 - 00000000 ____D () C:\Program Files\Common Files\Mcafee
2014-10-29 05:42 - 2013-12-03 07:54 - 00000000 ____D () C:\Users\Owner\Documents\2014
Some content of TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\Quarantine.exe
C:\Users\Owner\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-11-26 08:50
==================== End Of Log ============================
November 26th, 2014, 09:58 PM
#12
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 26-11-2014 01
Ran by Owner at 2014-11-26 17:50:23
Running from C:\Users\Owner\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: IObit Malware Fighter (Disabled - Up to date) {A751AC20-3B48-5237-898A-78C4436BB78D}
FW: McAfee Firewall (Disabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
3DTextStudio (HKLM\...\{ECFE53BC-5D24-4C5D-B606-DF9260418768}) (Version: 3.03 - Summitsoft)
abrMate version 1.0 (HKLM\...\abrMate_is1) (Version: 1.0 - )
Adobe Acrobat XI Pro (HKLM\...\{23D3F585-AE29-4670-8E3E-64A0EFB29240}) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Acrobat XI Pro (HKLM\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.09 - Adobe Systems)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Bridge CC (HKLM\...\{B42E718A-AAE9-4C7D-8990-2AE4C4FE87DF}) (Version: 6.1 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM\...\Adobe Creative Cloud) (Version: 2.8.0.447 - Adobe Systems Incorporated)
Adobe Edge Reflow CC Preview (HKLM\...\{AC41E46F-969F-439B-84C9-D5DA8C783E9D}) (Version: 0.32.13658 - Adobe Systems Incorporated)
Adobe Exchange Panel (HKLM\...\{41A12FFC-89E9-4743-A51E-00975CA31F40}) (Version: 1 - Adobe Systems Incorporated)
Adobe Extension Manager CC (HKLM\...\{244FD30F-63F1-49B9-9D98-1150FF4FFCB1}) (Version: 7.3.2 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Illustrator CC 2014 (32 Bit) (HKLM\...\{8913FAF3-5BFE-45BA-AF57-67AF4BA67898}) (Version: 18.1.0 - Adobe Systems Incorporated)
Adobe Illustrator CS6 (HKLM\...\{4869414E-7AEA-4C8E-BE1C-8D40977FD517}) (Version: 16.0 - Adobe Systems Incorporated)
Adobe InDesign CC 2014 (32-bit) (HKLM\...\{37BEE0A4-72B9-1014-A77C-C46F3F2C3207}) (Version: 10.1.0.070 - Adobe Systems Incorporated)
Adobe InDesign CS6 (HKLM\...\{CFB770D7-8D43-1014-922B-CC2715FADE3F}) (Version: 8.0.2.413 - Adobe Systems Incorporated)
Adobe Muse (HKLM\...\{9A554C9D-E12D-4205-8101-9F4337CD5673}) (Version: 3.2 - Adobe Systems Incorporated)
Adobe Muse (HKLM\...\AdobeMuse) (Version: 3.2.2 - Adobe Systems Incorporated)
Adobe Photoshop CC (HKLM\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (32 Bit) (HKLM\...\{7C25E7A0-A0A1-4B87-BB30-BF0FBDC37878}) (Version: 15.2.1 - Adobe Systems Incorporated)
Adobe Photoshop CS5.1 (HKLM\...\{9158FF30-78D7-40EF-B83E-451AC5334640}) (Version: 12.1 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 4.4 (HKLM\...\{FA6F726E-AA8D-492A-B18A-A5945C337FCE}) (Version: 4.4.1 - Adobe)
Adobe Photoshop Lightroom 5.7 (HKLM\...\{BA600B89-5E5B-4F1E-8B56-D64656A1AF26}) (Version: 5.7.0 - Adobe Systems Incorporated)
Adobe Reader XI (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)
Adobe® Content Viewer (HKLM\...\com.adobe.dmp.contentviewer) (Version: 3.4.3 - Adobe Systems, Incorporated)
Alien Skin Eye Candy 5 Impact (HKLM\...\EyeCandy5Impact) (Version: - )
Alien Skin Eye Candy 5 Nature (HKLM\...\EyeCandy5Nature) (Version: - )
Alien Skin Eye Candy 5 Textures (HKLM\...\EyeCandy5Textures) (Version: - )
Alien Skin Image Doctor (HKLM\...\Image Doctor) (Version: - )
Alien Skin Splat! (HKLM\...\Splat) (Version: - )
AllMyNotes Organizer (HKLM\...\AllMyNotes Organizer) (Version: 3.10 - Vladonai Software)
Amazon Kindle (HKLM\...\Amazon Kindle) (Version: - Amazon)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft PhotoImpression (HKLM\...\{6C5D7191-140A-11D6-B5A0-0050DA208A93}) (Version: - )
ArcSoft Print Creations - Album Page (HKLM\...\{E6B4117F-AC59-4B13-9274-EB136E8897EE}) (Version: - ArcSoft)
ArcSoft Print Creations - Funhouse (HKLM\...\{9591C049-5CAE-4E89-A8D9-191F1899628B}) (Version: - ArcSoft)
ArcSoft Print Creations - Greeting Card (HKLM\...\{F04F9557-81A9-4293-BC49-2C216FA325A7}) (Version: - ArcSoft)
ArcSoft Print Creations - Photo Book (HKLM\...\{56589DFE-0C29-4DFE-8E42-887B771ECD23}) (Version: - ArcSoft)
ArcSoft Print Creations - Photo Calendar (HKLM\...\{CA9ED5E4-1548-485B-A293-417840060158}) (Version: - ArcSoft)
ArcSoft Print Creations - Scrapbook (HKLM\...\{B0D83FCD-9D42-43ED-8315-250326AADA02}) (Version: - ArcSoft)
ArcSoft Print Creations - Slimline Card (HKLM\...\{007B37D9-0C45-4202-834B-DD5FAAE99D63}) (Version: - ArcSoft)
ArcSoft Print Creations (HKLM\...\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}) (Version: 2.8.255.384 - ArcSoft)
ArtRage Studio Pro (HKLM\...\{F4BF6344-7223-41DB-8C76-8E964335DF3C}) (Version: 3.5.4 - Ambient Design)
Backblaze (HKLM\...\Backblaze) (Version: - Backblaze, Inc)
California Font Manager 2.5.0 (HKLM\...\California Font Manager) (Version: 2.5.0 - California Fonts)
Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version: - )
Canon IJ Scan Utility (HKLM\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon MG6300 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6300_series) (Version: 1.00 - Canon Inc.)
Canon MG6300 series On-screen Manual (HKLM\...\Canon MG6300 series On-screen Manual) (Version: 7.5.0 - Canon Inc.)
Canon MG6300 series User Registration (HKLM\...\Canon MG6300 series User Registration) (Version: - Canon Inc.)
Canon My Image Garden (HKLM\...\Canon My Image Garden) (Version: 1.0.0 - Canon Inc.)
Canon My Image Garden Design Files (HKLM\...\Canon My Image Garden Design Files) (Version: 1.0.0 - Canon Inc.)
Canon My Printer (HKLM\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)
Canon Quick Menu (HKLM\...\CanonQuickMenu) (Version: 2.0.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 3.20 - Piriform)
CCScore (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
Cisco WebEx Meetings (HKLM\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Corel KPT Collection (HKLM\...\_{5ACF958F-3106-4F13-B947-FC6DF23E1A53}) (Version: 1.0.0.103 - Corel Corporation)
Corel KPT Collection (HKLM\...\_{B16DC136-9583-4C54-BE27-F001BBC546B1}) (Version: 1.0.0.109 - Corel Corporation)
Corel KPT Collection (HKLM\...\_{C59A783C-FF5C-40BE-843A-5458513D655B}) (Version: 1.0.0.46 - Corel Corporation)
Corel KPT Collection (Version: 1.0.0.103 - Corel Corporation) Hidden
Corel KPT Collection (Version: 1.0.0.109 - Corel Corporation) Hidden
Corel KPT Collection (Version: 1.00.0000 - Corel Corporation) Hidden
Corel KPT Collection for PSPX4 (HKLM\...\_{031338C0-4C21-4DAC-875B-26ACD7ADDF23}) (Version: - Corel Corporation)
Corel PaintShop Pro Brush Content (Version: 1.0.0.39 - Corel Corporation) Hidden
Corel PaintShop Pro Brush Content (Version: 1.00.0000 - Corel Corporation) Hidden
Corel PaintShop Pro Misc Content (Version: 1.0.0.42 - Corel Corporation) Hidden
Corel PaintShop Pro Misc Content (Version: 1.0.0.43 - Corel Corporation) Hidden
Corel PaintShop Pro Misc Content (Version: 1.0.0.44 - Corel Corporation) Hidden
Corel PaintShop Pro Misc Content (Version: 1.0.0.45 - Corel Corporation) Hidden
Corel PaintShop Pro Misc Content (Version: 1.00.0000 - Corel Corporation) Hidden
Corel PaintShop Pro Picture Frame Content (Version: 1.0.0.41 - Corel Corporation) Hidden
Corel PaintShop Pro Picture Frame Content (Version: 1.00.0000 - Corel Corporation) Hidden
Corel PaintShop Pro Picture Tube Content (Version: 1.0.0.40 - Corel Corporation) Hidden
Corel PaintShop Pro Picture Tube Content (Version: 1.00.0000 - Corel Corporation) Hidden
Corel PaintShop Pro X4 (HKLM\...\_{00580795-581C-4587-B9F2-37320D7AB37F}) (Version: 14.2.0.1 - Corel Corporation)
Corel PaintShop Pro X4 (Version: 14.2.0.1 - Corel Corporation) Hidden
Corel PaintShop Pro X5 (HKLM\...\_{1563C6F2-E9B5-42DE-9EA6-207C9A8C2DFB}) (Version: 15.1.0.10 - Corel Corporation)
Corel PaintShop Pro X5 (Version: 15.3.0.8 - Corel Corporation) Hidden
Corel PaintShop Pro X6 (HKLM\...\_{166D1CB6-DD8A-40DD-9E25-4D31D2D6DE4D}) (Version: 16.2.0.20 - Corel Corporation)
Corel PaintShop Pro X6 (Version: 16.2.0.20 - Corel Corporation) Hidden
Corel PaintShop Pro X7 (HKLM\...\_{176F50D6-6857-49CE-B731-65F757EE3F0D}) (Version: 17.0.0.199 - Corel Corporation)
Corel PaintShop Pro X7 (Version: 17.0.0.199 - Corel Corporation) Hidden
Creative Content (Version: 1.0.0.103 - Corel Corporation) Hidden
Creative Content (Version: 1.0.0.114 - Corel Corporation) Hidden
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Delicious - Emily's Honeymoon Cruise Premium Edition (HKLM\...\2a8a3cecb1d4e2312a19d96a344ecf2a) (Version: - GameHouse)
Driver Booster 2 (HKLM\...\Driver Booster_is1) (Version: 2.0 - IObit)
Dropbox (HKU\S-1-5-21-1241181004-2622625590-1122715860-1000\...\Dropbox) (Version: 2.0.22 - Dropbox, Inc.)
EPSON Copy Utility (HKLM\...\{B69CC1A5-0404-11D6-ABCB-005004C21D30}) (Version: - )
EPSON Photo Print (HKLM\...\EPSON Photo Print) (Version: - )
EPSON Scanner Reference Guide (HKLM\...\Silent Package Run-Time Sample) (Version: - )
EPSON Smart Panel (HKLM\...\{6C11D561-620B-47DA-A693-4C597F3CDF40}) (Version: - )
EPSON TWAIN 5 (HKLM\...\{254BEB3E-1085-4D66-9CDC-0152C0DC2E93}) (Version: 5.71.0000 - SEIKO EPSON Corp.)
ESSBrwr (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
ESSCDBK (Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden
ESScore (Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden
ESSgui (Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden
ESSini (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
ESSPCD (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
ESSPDock (Version: 6.03.0001.0004 - EASTMAN KODAK Company) Hidden
ESSTOOLS (Version: 5.00.0000.0004 - EASTMAN KODAK Company) Hidden
essvatgt (Version: 8.00.0000.0001 - EASTMAN KODAK Company) Hidden
FaceFilter Studio 2 (HKLM\...\{F59205C8-E5FB-43F5-AAB2-16C1760D4F59}) (Version: 2.0 - Reallusion)
fflink (Version: 6.02.1001.0001 - EASTMAN KODAK Company) Hidden
Filter Forge 3.014 (HKLM\...\Filter Forge 3_is1) (Version: - Filter Forge, Inc.)
Filter Forge 4.011 (HKLM\...\Filter Forge 4_is1) (Version: - Filter Forge, Inc.)
FontManagementSystem (HKLM\...\{3F2E8044-BA23-4604-AB00-BB164410964C}) (Version: 4.3.0 - Summitsoft)
Genetica 3.6 (HKLM\...\{E7979E13-F567-4D22-A7EF-9EBD1B6A6E9C}) (Version: 3.6 - Spiral Graphics Inc.)
Gliftex10 10, 0, 0, 1 (HKLM\...\{2D282FD8-FCCD-4BFA-9141-86DC1EED9E25}) (Version: 10, 0, 0, 1 - Ransen Software)
GreenCloud Printer 7.4.2.1 (HKLM\...\{F36B43F0-3BE6-48BA-A22D-3C098092BB3F}_is1) (Version: 7.4.2.1 - ObviousIdea)
Hallmark Card Studio 2014 (HKLM\...\{B9FF36AF-29F6-47EC-BE07-D3FB2CA02531}) (Version: 15.0.2.1 - Creative Home)
Hallmark Card Studio 2014 Bonus Pack (HKLM\...\{D26A6D9D-C379-467C-993B-2453EB876D05}) (Version: 1.0.0.1 - Creative Home)
Hallmark Card Studio 2014 Holiday Pack (HKLM\...\{2520DF70-7953-4162-AE4B-3044E13B999E}) (Version: 1.0.0.4 - Creative Home)
Hallmark Card Studio 2015 (HKLM\...\{F2117332-1A36-4D3B-854D-A8D10735B4DF}) (Version: 16.0.0.11 - Creative Home)
Hallmark Card Studio 2015 Bonus Pack (HKLM\...\{2C69ABC9-55B7-410E-89AB-4CBD84D8D37B}) (Version: 1.0.0.1 - Creative Home)
ICA (Version: 14.2.0.1 - Corel Corporation) Hidden
ICA (Version: 15.1.0.10 - Corel Corporation) Hidden
ICA (Version: 16.1.0.48 - Corel Corporation) Hidden
ICA (Version: 17.0.0.199 - Corel Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Intel(R) Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3517 - Intel Corporation)
IObit Malware Fighter (HKLM\...\IObit Malware Fighter_is1) (Version: 2.5 - IObit)
IObit Uninstaller (HKLM\...\IObitUninstall) (Version: 4.0.4.27 - IObit)
IPM_PSP_COM (Version: 14.2.0.1 - Corel Corporation) Hidden
IPM_PSP_COM (Version: 15.1.0.10 - Corel Corporation) Hidden
IPM_PSP_COM (Version: 16.1.0.48 - Corel Corporation) Hidden
IPM_PSP_COM (Version: 17.0.0.199 - Corel Corporation) Hidden
Jasc Animation Shop 3 (HKLM\...\{7C4196CA-CA41-4F34-9C08-7724E7705D52}) (Version: 3.11 - Jasc Software Inc)
Jasc Paint Shop Pro 9 (HKLM\...\{F843C6A3-224D-4615-94F8-3C461BD9AEA0}) (Version: 9.01.0000 - Jasc Software Inc)
Jasc Paint Shop Pro 9.01 Patch (HKLM\...\Jasc Paint Shop Pro 9.01 Patch) (Version: - )
Java 7 Update 72 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217072FF}) (Version: 7.0.720 - Oracle)
JavaFX 2.1.0 (HKLM\...\{1111706F-666A-4037-7777-210328764D10}) (Version: 2.1.0 - Oracle Corporation)
Junk Mail filter update (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
kgcbaby (Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden
kgchday (Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden
kgchlwn (Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden
kgcinvt (Version: 5.03.0000.0003 - EASTMAN KODAK Company) Hidden
kgckids (Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden
kgcmove (Version: 5.03.0000.0003 - EASTMAN KODAK Company) Hidden
kgcvday (Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden
K-Lite Codec Pack 8.8.0 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 8.8.0 - )
Kodak EasyShare software (HKLM\...\{D32470A1-B10C-4059-BA53-CF0486F68EBC}) (Version: - Eastman Kodak Company)
Lightroom 4.3 (HKLM\...\{3c5418ff-7dea-4a37-8c52-45c670677773}) (Version: 4.3 - Adobe Systems Incorporated)
Livebrush (HKLM\...\com.livebrush) (Version: 1.5 - MoreMeYou)
Livebrush (Version: 1.5 - MoreMeYou) Hidden
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
McAfee SecurityCenter (HKLM\...\MSC) (Version: 12.8.992 - McAfee, Inc.)
McAfee SiteAdvisor (HKLM\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.154 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Expression Web 4 (HKLM\...\Web_4.0.1460.0) (Version: 4.0.1460.0 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Windows Media Video 9 VCM (HKLM\...\WMV9_VCM) (Version: - )
Movie Maker (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 33.1 (x86 en-US) (HKLM\...\Mozilla Firefox 33.1 (x86 en-US)) (Version: 33.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (Version: 16.4.1108.0727 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
netbrdg (Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
Nik Color Efex Pro 3.0 (HKLM\...\_{BA7B3A61-EB8C-4C70-8179-93DDA248AA49}) (Version: 1.0.0.53 - Corel Corporation)
Nik Color Efex Pro 3.0 (Version: 1.00.0000 - Corel Corporation) Hidden
OfotoXMI (Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden
Online Games Manager v1.30 (HKLM\...\Online Games Manager) (Version: 1.30.14 - Real Networks, Inc.)
OpenOffice 4.1.1 (HKLM\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
Patternshop (HKLM\...\{F6F6E41D-01CD-4C49-9909-038E2B442E5B}) (Version: 1.5.0 - Lemci)
PC Attorney (HKLM\...\PC Attorney) (Version: - )
PDF Settings CC (Version: 12.0 - Adobe Systems Incorporated) Hidden
PDF Settings CS5 (Version: 10.0 - Adobe Systems Incorporated) Hidden
PDF Settings CS6 (Version: 11.0 - Adobe Systems Incorporated) Hidden
Pdf995 (HKLM\...\Pdf995) (Version: - )
PdfEdit995 (HKLM\...\PdfEdit995) (Version: - )
Photo Common (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Photo Gallery (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Poser 10 version 10.0.3 (HKLM\...\Poser 10_is1) (Version: 10.0.3 - Smith Micro Software, Inc.)
PoserContent2014 (HKLM\...\PoserContent2014_is1) (Version: 10.0.0 - Smith Micro Software, Inc.)
PSPPContent (Version: 14.2.0.1 - Corel Corporation) Hidden
PSPPContent (Version: 15.3.0.8 - Corel Corporation) Hidden
PSPPContent (Version: 16.1.0.48 - Corel Corporation) Hidden
PSPPContent (Version: 17.0.0.199 - Corel Corporation) Hidden
PSPPHelp (Version: 14.2.0.1 - Corel Corporation) Hidden
PSPPHelp (Version: 15.1.0.10 - Corel Corporation) Hidden
PSPPHelp (Version: 16.1.0.48 - Corel Corporation) Hidden
PSPPHelp (Version: 17.0.0.199 - Corel Corporation) Hidden
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.46.531.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.)
Scan2PC (HKLM\...\{E59F8AF2-78D4-4355-B0EF-58C466C1242C}) (Version: 1.3.0.12 - Q)
ScanToWeb (HKLM\...\{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}) (Version: - )
ScatterShow version 1.1 (HKLM\...\{7BD9ADD8-2077-4067-A770-4A033285B697}_is1) (Version: 1.1 - Smith Micro Software, Inc.)
Setup (Version: 14.2.0.1 - Corel Corporation) Hidden
Setup (Version: 15.1.0.10 - Corel Corporation) Hidden
Setup (Version: 16.1.0.48 - Corel Corporation) Hidden
Setup (Version: 17.0.0.199 - Corel Corporation) Hidden
SFR (Version: 8.01.0000.0001 - Eastman Kodak Company) Hidden
Shared C Run-time for x86 (Version: 10.0.0 - McAfee) Hidden
SHASTA (Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
Signature995 (HKLM\...\Signature995) (Version: - )
Sketch Drawer 1.3 (HKLM\...\Sketch Drawer_is1) (Version: 1.3 - SoftOrbits)
skin0001 (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
SKINXSDK (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
Smart Defrag 3 (HKLM\...\Smart Defrag 3_is1) (Version: 3.2 - IObit)
Smith Micro Download Manager version 1.0 (HKLM\...\{89816111-4490-46FB-B141-63EA77077A94}_is1) (Version: 1.0 - Smith Micro Software, Inc.)
staticcr (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
Surfing Protection (HKLM\...\IObit Surfing Protection_is1) (Version: 1.0 - IObit)
TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
Topaz Simplify 4 (HKLM\...\Topaz Simplify 4) (Version: 4.1.1 - Topaz Labs, LLC)
TwistedBrush Pro Studio (HKU\S-1-5-21-1241181004-2622625590-1122715860-1000\...\TwistedBrush Pro Studio) (Version: - )
Ultimate Creative Collection (X5) (HKLM\...\_{AE4364BD-ED09-4D94-8DA2-315C10A57CD1}) (Version: 1.0.0.50 - Corel Corporation)
Ultimate Creative Collection (X5) (Version: 1.00.0000 - Corel Corporation) Hidden
VPRINTOL (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinZip 15.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C24011}) (Version: 15.5.9580 - WinZip Computing, S.L. )
WIRELESS (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
Xara Xtreme 5 (HKLM\...\MAGIX_{1C78055D-F54D-46F4-9A51-19E3CF6BB20E}) (Version: 5.1.2.17971 - Xara Group Ltd)
Xara Xtreme 5 (Version: 5.1.2.17971 - Xara Group Ltd) Hidden
XYplorer 11.90 (HKLM\...\XYplorer) (Version: 11.90 - Donald Lessau)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-1241181004-2622625590-1122715860-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1241181004-2622625590-1122715860-1000_Classes\CLSID\{8B0FA615-584F-40DC-85C7-78901AC6B80A}\InprocServer32 -> C:\Program Files\Xara\Xara_Xtreme_5\XaraDLLs\XarThumb.dll (Xara Group Ltd.)
CustomCLSID: HKU\S-1-5-21-1241181004-2622625590-1122715860-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1241181004-2622625590-1122715860-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1241181004-2622625590-1122715860-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1241181004-2622625590-1122715860-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
==================== Restore Points =========================
14-11-2014 05:27:21 Windows Modules Installer
17-11-2014 03:00:19 Windows Backup
18-11-2014 11:18:44 Windows Update
18-11-2014 18:09:31 Windows Modules Installer
23-11-2014 17:35:36 Driver Booster : Adobe AIR
24-11-2014 03:00:13 Windows Backup
25-11-2014 14:12:09 Before New AntiVirus
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 18:04 - 2014-11-25 19:44 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {09BF6B99-3D89-42FB-9723-77D9FC5409F0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {0A8F8952-AD4D-4FF4-8963-CA90798E98F2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-06-22] (Piriform Ltd)
Task: {35CCD8A4-E5F3-4DDA-9121-8409E8426F1B} - System32\Tasks\AdobeAAMUpdater-1.0-Owner-PC-Owner => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-09-19] (Adobe Systems Incorporated)
Task: {35FB635F-4F04-4D19-8137-BE13E919A199} - \Driver Booster SkipUAC (SYSTEM) No Task File <==== ATTENTION
Task: {5C0E9121-BC1E-4196-9C5B-BF174EDBBCE6} - System32\Tasks\SmartDefrag3_Update => C:\Program Files\IObit\Smart Defrag 3\AutoUpdate.exe [2014-07-03] (IObit)
Task: {79AF16C3-B618-4385-AF81-D83562529AA6} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-11-23] (IObit)
Task: {7D921767-B2E2-4BC4-8F46-3E86831FCD47} - System32\Tasks\Uninstaller_SkipUac_Owner => C:\Program Files\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-11-23] (IObit)
Task: {943E001E-77B2-471C-BBB1-340A7892C609} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-26] (Adobe Systems Incorporated)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2012-06-09 10:15 - 2012-03-06 06:05 - 00048640 _____ () C:\Windows\System32\gcprpm.dll
2012-06-05 06:39 - 2012-06-05 06:39 - 00036864 _____ () C:\Windows\System32\pdf995mon.dll
2014-09-26 13:40 - 2014-09-26 13:40 - 01029280 _____ () C:\Program Files\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x86.dll
2013-11-18 12:20 - 2014-11-25 16:09 - 00234600 _____ () C:\Program Files\Backblaze\bzserv.exe
2006-11-02 19:40 - 2006-11-02 19:40 - 00174656 _____ () C:\Windows\system32\PSIService.exe
2013-06-22 13:12 - 2009-07-28 07:43 - 00069632 _____ () C:\Program Files\Scan2PC\Sc2PCSvc.exe
2014-09-28 20:01 - 2014-09-28 20:01 - 36730032 _____ () C:\Program Files\Adobe\Adobe Creative Cloud\CEF\libcef.dll
2012-05-31 09:33 - 2011-06-09 18:36 - 00094208 _____ () C:\Windows\System32\IccLibDll.dll
2014-09-26 13:40 - 2014-09-26 13:40 - 06237856 _____ () C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2014-09-28 20:01 - 2014-09-28 20:01 - 00746160 _____ () C:\Program Files\Adobe\Adobe Creative Cloud\CEF\libglesv2.dll
2014-09-28 20:01 - 2014-09-28 20:01 - 00136368 _____ () C:\Program Files\Adobe\Adobe Creative Cloud\CEF\libegl.dll
2014-11-10 08:29 - 2014-11-10 08:30 - 03649648 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-11-26 05:36 - 2014-11-26 05:36 - 16841392 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_239.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\ProgramData\TEMP:F8B88761
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Event Planner Reminder.lnk => C:\Windows\pss\Event Planner Reminder.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk => C:\Windows\pss\Kodak EasyShare software.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Scan2PC.lnk => C:\Windows\pss\Scan2PC.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PowerReg SchedulerV2.exe => C:\Windows\pss\PowerReg SchedulerV2.exe.Startup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS5.5ServiceManager => "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ArcSoft Connection Service => C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
MSCONFIG\startupreg: Backblaze => "C:\Program Files\Backblaze\bzbui.exe" -quiet
MSCONFIG\startupreg: California Fonts Loader => "C:\Program Files\California Font Manager\CaliforniaFonts.exe" /scanfolder
MSCONFIG\startupreg: CanonQuickMenu => C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE /logon
MSCONFIG\startupreg: HotKeysCmds => "C:\Windows\system32\hkcmd.exe"
MSCONFIG\startupreg: IgfxTray => "C:\Windows\system32\igfxtray.exe"
MSCONFIG\startupreg: IObit Malware Fighter => "C:\Program Files\IObit\IObit Malware Fighter\IMF.exe" /autostart
MSCONFIG\startupreg: mcpltui_exe => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
MSCONFIG\startupreg: mcui_exe => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
MSCONFIG\startupreg: Persistence => "C:\Windows\system32\igfxpers.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SwitchBoard => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: vProt => "C:\Program Files\AVG Secure Search\vprot.exe"
========================= Accounts: ==========================
Administrator (S-1-5-21-1241181004-2622625590-1122715860-500 - Administrator - Disabled)
Guest (S-1-5-21-1241181004-2622625590-1122715860-501 - Limited - Disabled)
Owner (S-1-5-21-1241181004-2622625590-1122715860-1000 - Administrator - Enabled) => C:\Users\Owner
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (11/26/2014 06:37:48 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (11/26/2014 08:51:11 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {209500FC-6B45-4693-8871-6296C4843751}
Microsoft Office Sessions:
=========================
Error: (11/26/2014 06:37:48 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
CodeIntegrity Errors:
===================================
Date: 2013-11-04 09:09:09.115
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\Mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.
Date: 2013-11-04 09:09:09.113
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\Mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.
Date: 2013-09-24 05:53:18.010
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\Mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.
Date: 2013-09-24 05:53:18.008
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\Mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.
Date: 2013-09-23 06:29:56.762
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\Mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.
Date: 2013-09-23 06:29:56.757
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\Mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.
Date: 2013-09-20 05:27:17.106
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\Mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.
Date: 2013-09-20 05:27:17.103
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\Mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.
Date: 2013-09-15 05:45:27.114
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\Mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.
Date: 2013-09-15 05:45:27.097
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\Mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel(R) Pentium(R) CPU G850 @ 2.90GHz
Percentage of memory in use: 44%
Total physical RAM: 3503.3 MB
Available physical RAM: 1941.26 MB
Total Pagefile: 7004.9 MB
Available Pagefile: 4979.84 MB
Total Virtual: 2047.88 MB
Available Virtual: 1899.79 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:465.66 GB) (Free:325.37 GB) NTFS
Drive e: (Lacie) (Fixed) (Total:931.51 GB) (Free:363.96 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: B71899DD)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: E939140F)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
==================== End Of Log ============================
November 26th, 2014, 10:14 PM
#13
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt ). Please post it to your reply.
Attached Files
November 26th, 2014, 10:28 PM
#14
Good grief, you're fast. Attached is the log you requested. Thank you.
Fixlog.txt
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 26-11-2014 01
Ran by Owner at 2014-11-26 18:25:21 Run:1
Running from C:\Users\Owner\Desktop
Loaded Profile: Owner (Available profiles: Owner)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
HKU\S-1-5-18\...\Run: [Advanced SystemCare 7] => "C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto
C:\Program Files\IObit\Advanced SystemCare 7
HKU\S-1-5-21-1241181004-2622625590-1122715860-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {3774A2CA-97AE-4487-9287-92DC850D862D} URL =
BHO: Advanced SystemCare Browser Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
C:\Program Files\IObit\Surfing Protection
Toolbar: HKLM - No Name - {30CEEEA2-3742-40e4-85DD-812BF1CBB83D} - No File
FF Extension: No Name - web2pdfextension@web2pdf.adobed otcom [Not Found]
S3 catchme; \??\C:\Users\Owner\AppData\Local\Temp\catchme.sys [X]
S3 gdrv; No ImagePath
C:\Users\Owner\AppData\Local\Temp\Quarantine.exe
C:\Users\Owner\AppData\Local\Temp\sqlite3.dll
Task: {35FB635F-4F04-4D19-8137-BE13E919A199} - \Driver Booster SkipUAC (SYSTEM) No Task File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\ProgramData\TEMP:F8B88761
*****************
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\Advanced SystemCare 7 => value deleted successfully.
"C:\Program Files\IObit\Advanced SystemCare 7" => File/Directory not found.
"HKU\S-1-5-21-1241181004-2622625590-1122715860-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}" => Key deleted successfully.
"HKCR\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}" => Key deleted successfully.
C:\Program Files\IObit\Surfing Protection => Moved successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{30CEEEA2-3742-40e4-85DD-812BF1CBB83D} => value deleted successfully.
"HKCR\CLSID\{30CEEEA2-3742-40e4-85DD-812BF1CBB83D}" => Key not found.
FF Extension: No Name - web2pdfextension@web2pdf.adobed otcom [Not Found] => not found.
catchme => Service deleted successfully.
gdrv => Service deleted successfully.
C:\Users\Owner\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\sqlite3.dll => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{35FB635F-4F04-4D19-8137-BE13E919A199}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{35FB635F-4F04-4D19-8137-BE13E919A199}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster SkipUAC (SYSTEM)" => Key deleted successfully.
C:\ProgramData\TEMP => ":373E1720" ADS removed successfully.
C:\ProgramData\TEMP => ":F8B88761" ADS removed successfully.
==== End of Fixlog ====
November 26th, 2014, 10:48 PM
#15
Good
Last scans...
Download Security Check from here or here and save it to your Desktop .
Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt ; please post the contents of that document.
NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:
Internet Services Windows Firewall System Restore Security Center Windows Update Windows Defender Other Services Press "Scan ". It will create a log (FSS.txt) in the same directory the tool is run. Please copy and paste the log to your reply.
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
Double click on TFC.exe to run the program. Click on Start button to begin cleaning process. TFC will close all running programs, and it may ask you to restart computer.
Download Sophos Free Virus Removal Tool and save it to your desktop.
Double click the icon and select Run Click Next Select I accept the terms in this license agreement , then click Next twice Click Install Click Finish to launch the program Once the virus database has been updated click Start Scanning If any threats are found click Details , then View log file... (bottom left hand corner) Copy and paste the results in your reply Close the Notepad document, close the Threat Details screen, then click Start cleanup Click Exit to close the program
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
Forum Rules