January 2nd, 2015, 09:41 PM
#16
Here is my ADWCleaner report..I see it got som eof the Vosteran junk
# AdwCleaner v4.106 - Report created 02/01/2015 at 20:35:35
# Updated 21/12/2014 by Xplode
# Database : 2015-01-01.1 [Live]
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : HP - HP-TOWER
# Running from : C:\Users\HP\Desktop\adwcleaner_4.106.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\WKYrEcNJ.default\Extensions\ascsurfingprotection@iobit.com
File Deleted : C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\WKYrEcNJ.default\user.js
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17496
-\\ Mozilla Firefox v34.0.5 (x86 en-GB)
[WKYrEcNJ.default\prefs.js] - Line Deleted : user_pref("browser.search.order.1", "default-search.net");
[WKYrEcNJ.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "Vosteran");
[WKYrEcNJ.default\prefs.js] - Line Deleted : user_pref("extensions.srchvstrn.hmpgUrl", "hxxp://Vosteran.com/?f=1&a=vst_app_14_47_ff&cd=2XzuyEtN2Y1L1QzutDtDtCtC0DzztB0C0A0DyDtCyD0FyEtAtN0D0Tzu0StCtDyDtAtN1L2XzutAtFyCtFtBtFtDtN1L1CzutCyEtBzytDyD1V[...]
[WKYrEcNJ.default\prefs.js] - Line Deleted : user_pref("extensions.srchvstrn.newTabUrl", "hxxp://Vosteran.com/?f=2&a=vst_app_14_47_ff&cd=2XzuyEtN2Y1L1QzutDtDtCtC0DzztB0C0A0DyDtCyD0FyEtAtN0D0Tzu0StCtDyDtAtN1L2XzutAtFyCtFtBtFtDtN1L1CzutCyEtBzytDyD[...]
[WKYrEcNJ.default\prefs.js] - Line Deleted : user_pref("extensions.srchvstrn.prtnrId", "WSE_Vosteran");
[WKYrEcNJ.default\prefs.js] - Line Deleted : user_pref("extensions.srchvstrn.srchPrvdr", "Vosteran");
[WKYrEcNJ.default\prefs.js] - Line Deleted : user_pref("extensions.srchvstrn.tlbrSrchUrl", "hxxp://Vosteran.com/?f=3&a=vst_app_14_47_ff&cd=2XzuyEtN2Y1L1QzutDtDtCtC0DzztB0C0A0DyDtCyD0FyEtAtN0D0Tzu0StCtDyDtAtN1L2XzutAtFyCtFtBtFtDtN1L1CzutCyEtBzytD[...]
*************************
AdwCleaner[R0].txt - [2115 octets] - [02/01/2015 20:30:52]
AdwCleaner[S0].txt - [2119 octets] - [02/01/2015 20:35:35]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2179 octets] ##########
January 2nd, 2015, 09:52 PM
#17
Here is my ADWCleaner report..I see it got som eof the Vosteran junk
# AdwCleaner v4.106 - Report created 02/01/2015 at 20:35:35
# Updated 21/12/2014 by Xplode
# Database : 2015-01-01.1 [Live]
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : HP - HP-TOWER
# Running from : C:\Users\HP\Desktop\adwcleaner_4.106.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\WKYrEcNJ.default\Extensions\ascsurfingprotection@iobit.com
File Deleted : C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\WKYrEcNJ.default\user.js
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17496
-\\ Mozilla Firefox v34.0.5 (x86 en-GB)
[WKYrEcNJ.default\prefs.js] - Line Deleted : user_pref("browser.search.order.1", "default-search.net");
[WKYrEcNJ.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "Vosteran");
[WKYrEcNJ.default\prefs.js] - Line Deleted : user_pref("extensions.srchvstrn.hmpgUrl", "hxxp://Vosteran.com/?f=1&a=vst_app_14_47_ff&cd=2XzuyEtN2Y1L1QzutDtDtCtC0DzztB0C0A0DyDtCyD0FyEtAtN0D0Tzu0StCtDyDtAtN1L2XzutAtFyCtFtBtFtDtN1L1CzutCyEtBzytDyD1V[...]
[WKYrEcNJ.default\prefs.js] - Line Deleted : user_pref("extensions.srchvstrn.newTabUrl", "hxxp://Vosteran.com/?f=2&a=vst_app_14_47_ff&cd=2XzuyEtN2Y1L1QzutDtDtCtC0DzztB0C0A0DyDtCyD0FyEtAtN0D0Tzu0StCtDyDtAtN1L2XzutAtFyCtFtBtFtDtN1L1CzutCyEtBzytDyD[...]
[WKYrEcNJ.default\prefs.js] - Line Deleted : user_pref("extensions.srchvstrn.prtnrId", "WSE_Vosteran");
[WKYrEcNJ.default\prefs.js] - Line Deleted : user_pref("extensions.srchvstrn.srchPrvdr", "Vosteran");
[WKYrEcNJ.default\prefs.js] - Line Deleted : user_pref("extensions.srchvstrn.tlbrSrchUrl", "hxxp://Vosteran.com/?f=3&a=vst_app_14_47_ff&cd=2XzuyEtN2Y1L1QzutDtDtCtC0DzztB0C0A0DyDtCyD0FyEtAtN0D0Tzu0StCtDyDtAtN1L2XzutAtFyCtFtBtFtDtN1L1CzutCyEtBzytD[...]
*************************
AdwCleaner[R0].txt - [2115 octets] - [02/01/2015 20:30:52]
AdwCleaner[S0].txt - [2119 octets] - [02/01/2015 20:35:35]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2179 octets] ##########
January 2nd, 2015, 09:52 PM
#18
Here is the JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Professional x64
Ran by HP on 02-Jan-15 at 20:49:36.35
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Successfully deleted the following from C:\Users\HP\AppData\Roaming\mozilla\firefox\profiles\WKYrEcNJ.default\prefs.js
user_pref("adblock.patterns", "*doubleclick* !Filterset.G[hxxp://www.pierceive.com/]=2007-06-02a /(adwork\\.net|(bannex|mbn)\\.com)\\.ua/ /(be|context|impresiones)web\\.com/ /
user_pref("extensions.adblockplus.synch.Filterset.G.patterns", "!Filterset.G[hxxp://www.pierceive.com/]=2008-03-08a-MERGED .adquest.nl .***********.com .geldrace.nl .site-id.n
user_pref("fgupdater.patterns", "!Filterset.G[hxxp://www.pierceive.com/]=2008-03-08a-MERGED .adquest.nl .***********.com .geldrace.nl .site-id.nl /(\\Wadv|banner|promo)s?(\\.(
Emptied folder: C:\Users\HP\AppData\Roaming\mozilla\firefox\profiles\WKYrEcNJ.default\minidumps [1 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02-Jan-15 at 20:51:07.16
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
January 2nd, 2015, 09:59 PM
#19
Here is the JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Professional x64
Ran by HP on 02-Jan-15 at 20:49:36.35
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Successfully deleted the following from C:\Users\HP\AppData\Roaming\mozilla\firefox\profiles\WKYrEcNJ.default\prefs.js
user_pref("adblock.patterns", "*doubleclick* !Filterset.G[hxxp://www.pierceive.com/]=2007-06-02a /(adwork\\.net|(bannex|mbn)\\.com)\\.ua/ /(be|context|impresiones)web\\.com/ /
user_pref("extensions.adblockplus.synch.Filterset.G.patterns", "!Filterset.G[hxxp://www.pierceive.com/]=2008-03-08a-MERGED .adquest.nl .***********.com .geldrace.nl .site-id.n
user_pref("fgupdater.patterns", "!Filterset.G[hxxp://www.pierceive.com/]=2008-03-08a-MERGED .adquest.nl .***********.com .geldrace.nl .site-id.nl /(\\Wadv|banner|promo)s?(\\.(
Emptied folder: C:\Users\HP\AppData\Roaming\mozilla\firefox\profiles\WKYrEcNJ.default\minidumps [1 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02-Jan-15 at 20:51:07.16
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
January 2nd, 2015, 10:05 PM
#20
Sorry about the double posts ..I will watch out for them in the future
Here is the FRST.TXT file
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-01-2015
Ran by HP (administrator) on HP-TOWER on 02-01-2015 21:01:52
Running from C:\Users\HP\Desktop
Loaded Profile: HP (Available profiles: user & HP)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Windows\System32\nvwmi64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Windows\System32\nvwmi64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Broadcom Corporation) C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(brother) C:\Program Files (x86)\Brownie\BrStsW64.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brownie\BRNIPMON.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10143264 2010-03-31] (Realtek Semiconductor)
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2728736 2014-08-19] ()
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [656920 2011-02-01] (PDF Complete Inc)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-11-24] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [BrStsWnd] => C:\Program Files (x86)\Brownie\BrstsW64.exe [3695416 2009-06-11] (brother)
HKU\S-1-5-21-2704499606-3232555996-1048322368-1001\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2741616 2011-03-04] (Hewlett-Packard Company)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-2704499606-3232555996-1048322368-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir...=ie&ar=msnhome
HKU\S-1-5-21-2704499606-3232555996-1048322368-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\WKYrEcNJ.default
FF Homepage: about :home
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Extension: Avira Browser Safety - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\WKYrEcNJ.default\Extensions\abs@avira.com [2014-12-19]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\WKYrEcNJ.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2014-12-19]
FF Extension: FEBE - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\WKYrEcNJ.default\Extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3} [2014-12-19]
FF Extension: DownloadHelper - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\WKYrEcNJ.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-12-19]
FF Extension: ruTorrent add - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\WKYrEcNJ.default\Extensions\rtadd@alexey.kolokolnikov.xpi [2014-12-19]
FF Extension: Copy As Plain Text - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\WKYrEcNJ.default\Extensions\{1a5dabbd-0e74-41da-b532-a364bb552cab}.xpi [2014-12-26]
FF Extension: Adblock Plus - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\WKYrEcNJ.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-19]
FF Extension: MetaProducts Integration - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\WKYrEcNJ.default\Extensions\{D249FD00-4DF9-11D9-9FDC-0080481ADA61}.xpi [2014-12-22]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
S3 becldr3Service; C:\Program Files (x86)\BCL Technologies\easyConverter SDK 3\Common\becldr.exe [176128 2011-04-19] () [File not signed]
R2 BrcmMgmtAgent; C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [164200 2010-07-30] (Broadcom Corporation)
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2011-03-04] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 NVWMI; C:\Windows\system32\nvwmi64.exe [2683736 2014-08-19] ()
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1127448 2011-02-01] (PDF Complete Inc)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-11-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-11-24] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-11-24] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-02] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-01-02] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-02 21:01 - 2015-01-02 21:02 - 00010861 _____ () C:\Users\HP\Desktop\FRST.txt
2015-01-02 21:01 - 2015-01-02 21:01 - 00000000 ____D () C:\FRST
2015-01-02 21:00 - 2015-01-02 20:59 - 02123264 _____ (Farbar) C:\Users\HP\Desktop\FRST64.exe
2015-01-02 20:51 - 2015-01-02 20:51 - 00001401 _____ () C:\Users\HP\Desktop\JRT.txt
2015-01-02 20:49 - 2015-01-02 20:49 - 00000000 ____D () C:\Windows\ERUNT
2015-01-02 20:43 - 2015-01-02 20:42 - 01707939 _____ (Thisisu) C:\Users\HP\Desktop\JRT.exe
2015-01-02 20:30 - 2015-01-02 20:35 - 00000000 ____D () C:\AdwCleaner
2015-01-02 20:29 - 2015-01-02 20:28 - 02173952 _____ () C:\Users\HP\Desktop\adwcleaner_4.106.exe
2015-01-02 20:03 - 2015-01-02 20:03 - 00021199 _____ () C:\ComboFix.txt
2015-01-02 19:54 - 2015-01-02 20:03 - 00000000 ____D () C:\Qoobox
2015-01-02 19:54 - 2015-01-02 20:02 - 00000000 ____D () C:\Windows\erdnt
2015-01-02 19:54 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-01-02 19:54 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-01-02 19:54 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-01-02 19:54 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-01-02 19:54 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-01-02 19:54 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2015-01-02 19:54 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2015-01-02 19:54 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2015-01-02 19:52 - 2015-01-02 19:52 - 05605575 ____R (Swearware) C:\Users\HP\Desktop\ComboFix.exe
2015-01-02 19:24 - 2015-01-02 19:36 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-02 19:19 - 2015-01-02 19:36 - 00000000 ____D () C:\Users\HP\Desktop\mbar
2015-01-02 19:14 - 2015-01-02 19:15 - 16448208 _____ (Malwarebytes Corp.) C:\Users\HP\Desktop\mbar-1.08.2.1001.exe
2015-01-02 19:07 - 2015-01-02 19:07 - 00002654 _____ () C:\Users\HP\Desktop\RKreport_DEL_01022015_190711.log
2015-01-02 19:00 - 2015-01-02 19:00 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-01-02 19:00 - 2015-01-02 19:00 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-01-02 18:57 - 2015-01-02 18:58 - 15298136 _____ () C:\Users\HP\Desktop\RogueKiller.exe
2015-01-01 13:45 - 2015-01-01 13:45 - 00023862 _____ () C:\Users\HP\Desktop\dds.txt
2015-01-01 13:45 - 2015-01-01 13:45 - 00005002 _____ () C:\Users\HP\Desktop\attach.txt
2015-01-01 13:43 - 2015-01-01 13:43 - 00688992 ____R (Swearware) C:\Users\HP\Desktop\dds.com
2014-12-31 20:28 - 2014-12-31 20:28 - 00000000 ____D () C:\Users\HP\AppData\Roaming\9638
2014-12-31 20:21 - 2014-12-31 20:21 - 00001133 _____ () C:\Users\Public\Desktop\DVDFab 9 US.lnk
2014-12-31 20:21 - 2014-12-31 20:21 - 00000000 ____D () C:\Users\HP\AppData\Roaming\8270
2014-12-31 20:21 - 2014-12-31 20:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDFab 9 US
2014-12-31 20:20 - 2014-12-31 20:21 - 00000000 ____D () C:\Program Files (x86)\DVDFab 9 US
2014-12-30 16:27 - 2014-12-30 16:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-12-30 16:27 - 2014-12-30 16:27 - 00000000 ____D () C:\Program Files\7-Zip
2014-12-30 15:39 - 2014-12-30 15:39 - 00000461 _____ () C:\Users\HP\Desktop\C OS - Shortcut.lnk
2014-12-29 23:17 - 2014-12-29 23:17 - 00001808 _____ () C:\Users\HP\Desktop\Amp_&_Ant_Settings - Shortcut.lnk
2014-12-29 23:13 - 2014-12-29 23:13 - 00001598 _____ () C:\Users\HP\Desktop\Dell_Ham_Logs.lnk
2014-12-29 20:35 - 2014-12-29 20:35 - 00000000 ____D () C:\ProgramData\LightScribe
2014-12-29 20:26 - 2014-12-29 20:35 - 00000000 ____D () C:\Users\HP\AppData\Roaming\Nero
2014-12-29 20:25 - 2014-12-29 20:25 - 00002913 _____ () C:\Users\Public\Desktop\Nero 2015.lnk
2014-12-29 20:25 - 2014-12-29 20:25 - 00000000 ____D () C:\Windows\System32\Tasks\Nero
2014-12-29 20:24 - 2014-12-29 20:25 - 00000000 ____D () C:\ProgramData\Nero
2014-12-29 20:24 - 2014-12-29 20:25 - 00000000 ____D () C:\Program Files (x86)\Nero
2014-12-29 20:24 - 2014-12-29 20:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
2014-12-29 20:22 - 2014-12-29 20:22 - 00002042 _____ () C:\Users\Public\Desktop\LightScribe.lnk
2014-12-29 20:22 - 2014-12-29 20:22 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling
2014-12-29 20:22 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2014-12-29 20:22 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2014-12-29 20:22 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2014-12-29 20:22 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2014-12-29 20:22 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2014-12-29 19:48 - 2014-12-29 19:48 - 00001981 _____ () C:\Users\Public\Desktop\DVD Decrypter.lnk
2014-12-29 19:48 - 2014-12-29 19:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Decrypter
2014-12-29 19:48 - 2014-12-29 19:48 - 00000000 ____D () C:\Program Files (x86)\DVD Decrypter
2014-12-29 18:42 - 2014-12-31 20:21 - 00000000 ____D () C:\Users\HP\AppData\Roaming\DVDFab9
2014-12-29 18:42 - 2014-12-29 18:42 - 00001004 _____ () C:\Users\Public\Desktop\DVDFab 9.lnk
2014-12-29 18:42 - 2014-12-29 18:42 - 00000000 ____D () C:\Users\HP\Documents\DVDFab9
2014-12-29 18:42 - 2014-12-29 18:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDFab 9
2014-12-29 18:41 - 2014-12-29 18:42 - 00000000 ____D () C:\Program Files (x86)\DVDFab 9
2014-12-23 16:15 - 2014-12-23 16:17 - 00000000 ____D () C:\Users\HP\AppData\Roaming\X-Chat 2
2014-12-23 16:15 - 2014-12-23 16:16 - 00000000 ____D () C:\Program Files (x86)\xchat
2014-12-23 16:15 - 2014-12-23 16:15 - 00001838 _____ () C:\Users\Public\Desktop\XChat.lnk
2014-12-23 16:15 - 2014-12-23 16:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XChat
2014-12-22 17:12 - 2014-12-22 17:33 - 00000000 ____D () C:\Users\HP\AppData\Local\HouloVD
2014-12-22 17:12 - 2014-12-22 17:12 - 00001107 _____ () C:\Users\Public\Desktop\Houlo Video Downloader.lnk
2014-12-22 17:12 - 2014-12-22 17:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Houlo Video Downloader
2014-12-22 17:12 - 2014-12-22 17:12 - 00000000 ____D () C:\Program Files (x86)\Houlo Video Downloader
2014-12-22 11:59 - 2014-12-22 11:59 - 00001155 _____ () C:\Users\HP\Desktop\Band Master.lnk
2014-12-22 11:59 - 2014-12-22 11:59 - 00000000 ____D () C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Band Master
2014-12-22 11:59 - 2014-12-22 11:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Omni-Rig
2014-12-22 11:58 - 2014-12-22 11:58 - 00001124 _____ () C:\Users\HP\Desktop\DX Atlas.lnk
2014-12-22 11:58 - 2014-12-22 11:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DX Atlas
2014-12-22 11:56 - 2014-12-22 11:56 - 00001143 _____ () C:\Users\HP\Desktop\IonoProbe.lnk
2014-12-22 11:56 - 2014-12-22 11:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IonoProbe
2014-12-22 11:55 - 2014-12-22 11:59 - 00000000 ____D () C:\Users\HP\AppData\Roaming\Afreet
2014-12-22 11:55 - 2014-12-22 11:59 - 00000000 ____D () C:\Program Files (x86)\Afreet
2014-12-22 11:55 - 2014-12-22 11:55 - 00002311 _____ () C:\Users\Public\Desktop\ITS HF Propagation.lnk
2014-12-22 11:55 - 2014-12-22 11:55 - 00001112 _____ () C:\Users\HP\Desktop\Ham CAP.lnk
2014-12-22 11:55 - 2014-12-22 11:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ITS HF Propagation
2014-12-22 11:55 - 2014-12-22 11:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ham CAP
2014-12-22 11:55 - 2014-12-22 11:55 - 00000000 ____D () C:\itshfbc
2014-12-22 11:51 - 2014-12-22 11:51 - 00000000 ____D () C:\ProgramData\CheckPoint
2014-12-22 11:28 - 2014-12-22 11:28 - 00001959 _____ () C:\Users\user\Desktop\MetaProducts Mass Downloader.lnk
2014-12-22 11:28 - 2014-12-22 11:28 - 00001959 _____ () C:\Users\HP\Desktop\MetaProducts Mass Downloader.lnk
2014-12-22 11:28 - 2014-12-22 11:28 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MetaProducts Mass Downloader
2014-12-22 11:28 - 2014-12-22 11:28 - 00000000 ____D () C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MetaProducts Mass Downloader
2014-12-22 11:28 - 2014-12-22 11:28 - 00000000 ____D () C:\Program Files (x86)\Mass Downloader
2014-12-22 11:26 - 2014-12-22 11:26 - 00002058 _____ () C:\Users\user\Desktop\Download Express Projects list.lnk
2014-12-22 11:26 - 2014-12-22 11:26 - 00002058 _____ () C:\Users\HP\Desktop\Download Express Projects list.lnk
2014-12-22 11:26 - 2014-12-22 11:26 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MetaProducts Download Express
2014-12-22 11:26 - 2014-12-22 11:26 - 00000000 ____D () C:\Users\user\AppData\Roaming\MetaProducts
2014-12-22 11:25 - 2014-12-22 11:34 - 00000000 ____D () C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MetaProducts Download Express
2014-12-22 11:25 - 2014-12-22 11:27 - 00000000 ____D () C:\Users\HP\AppData\Roaming\MetaProducts
2014-12-22 11:25 - 2014-12-22 11:26 - 00000000 ____D () C:\Program Files (x86)\Download Express
2014-12-22 11:20 - 2014-12-22 11:20 - 00000000 ____D () C:\Users\HP\Documents\Pdf2Word
2014-12-22 11:19 - 2014-12-22 11:19 - 00001136 _____ () C:\Users\Public\Desktop\PDF2Word Converter (bioPDF).lnk
2014-12-22 11:19 - 2014-12-22 11:19 - 00000000 ____D () C:\Users\HP\AppData\Roaming\Pdf2Word
2014-12-22 11:19 - 2014-12-22 11:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\bioPDF
2014-12-22 11:19 - 2014-12-22 11:19 - 00000000 ____D () C:\Program Files (x86)\bioPDF
2014-12-22 11:19 - 2014-12-22 11:19 - 00000000 ____D () C:\Program Files (x86)\BCL Technologies
2014-12-22 11:16 - 2014-12-22 11:16 - 00000000 ____D () C:\Users\HP\AppData\Roaming\PDF Writer
2014-12-22 11:16 - 2014-12-22 11:16 - 00000000 ____D () C:\Users\HP\AppData\Local\PDF Writer
2014-12-22 11:13 - 2014-12-22 11:14 - 00000000 ____D () C:\ProgramData\PDF Writer
2014-12-22 11:13 - 2014-12-22 11:13 - 00000929 _____ () C:\Users\HP\Desktop\Bullzip PDF Printer.lnk
2014-12-22 11:13 - 2014-12-22 11:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bullzip
2014-12-22 11:13 - 2014-12-22 11:13 - 00000000 ____D () C:\Program Files\Common Files\Bullzip
2014-12-22 11:13 - 2014-12-22 11:13 - 00000000 ____D () C:\Program Files\Bullzip
2014-12-22 11:13 - 2014-11-19 08:08 - 00228352 _____ (Bullzip) C:\Windows\SysWOW64\bzFlRdr.dll
2014-12-22 11:13 - 2013-09-01 05:59 - 01103872 _____ () C:\Windows\SysWOW64\CBLCtlsU.ocx
2014-12-22 11:13 - 2013-07-13 05:15 - 00805376 _____ () C:\Windows\SysWOW64\EditCtlsU.ocx
2014-12-22 11:13 - 2013-07-12 15:57 - 00539648 _____ () C:\Windows\SysWOW64\LblCtlsU.ocx
2014-12-22 11:13 - 2013-04-05 06:55 - 00476160 _____ () C:\Windows\SysWOW64\TabStripCtlU.ocx
2014-12-22 11:13 - 2013-03-28 16:13 - 00645632 _____ () C:\Windows\SysWOW64\BtnCtlsU.ocx
2014-12-22 11:13 - 2013-03-03 07:37 - 01061888 _____ () C:\Windows\SysWOW64\ExLvwU.ocx
2014-12-22 11:13 - 2008-07-09 08:08 - 00103424 _____ (Bullzip) C:\Windows\SysWOW64\bzDCT.dll
2014-12-21 15:04 - 2014-12-22 11:12 - 00000952 _____ () C:\Users\user\Desktop\Directory Printer.lnk
2014-12-21 15:04 - 2014-12-22 11:12 - 00000952 _____ () C:\Users\HP\Desktop\Directory Printer.lnk
2014-12-21 15:04 - 2014-12-22 11:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Directory Printer
2014-12-21 15:04 - 2014-12-22 11:12 - 00000000 ____D () C:\Program Files (x86)\Dirprint
2014-12-21 14:27 - 2014-12-21 14:27 - 00000962 _____ () C:\Users\user\Desktop\Tag&Rename.lnk
2014-12-21 14:27 - 2014-12-21 14:27 - 00000962 _____ () C:\Users\HP\Desktop\Tag&Rename.lnk
2014-12-21 14:27 - 2014-12-21 14:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tag&Rename
2014-12-21 14:27 - 2014-12-21 14:27 - 00000000 ____D () C:\Program Files (x86)\TagRename
2014-12-21 14:05 - 2014-12-21 14:06 - 07732070 _____ () C:\Users\HP\Downloads\HouloVD-Setup.exe
2014-12-21 12:46 - 2014-12-21 12:46 - 00000152 _____ () C:\Windows\BRVIDEO.INI
2014-12-21 12:46 - 2014-12-21 12:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother HL-2170W
2014-12-21 12:46 - 2014-12-21 12:46 - 00000000 _____ () C:\Windows\brmx2001.ini
2014-12-21 12:45 - 2014-12-21 12:46 - 00009868 _____ () C:\Windows\HL-2170W.INI
2014-12-21 12:45 - 2014-12-21 12:45 - 00000410 _____ () C:\Windows\BRWMARK.INI
2014-12-21 12:45 - 2014-12-21 12:45 - 00000034 _____ () C:\Windows\SysWOW64\BD2170W.DAT
2014-12-21 12:45 - 2014-12-21 12:45 - 00000000 ____D () C:\Program Files (x86)\Brownie
2014-12-21 12:45 - 2014-12-21 12:45 - 00000000 ____D () C:\Program Files (x86)\Brother
2014-12-21 12:45 - 2009-05-25 19:14 - 00196608 ____N (brother) C:\Windows\SysWOW64\Pdrvinst.dll
2014-12-21 12:45 - 2007-08-19 11:34 - 00094208 _____ (Brother Industries Ltd) C:\Windows\SysWOW64\BRRBTOOL.EXE
2014-12-21 12:45 - 2006-12-21 11:23 - 00176128 _____ (Brother Industries, Ltd.) C:\Windows\SysWOW64\BROSNMP.DLL
2014-12-21 12:45 - 2004-09-23 10:00 - 00024223 _____ (brother Industries Ltd) C:\Windows\SysWOW64\BRLM03A.DLL
2014-12-21 12:45 - 2004-08-10 01:00 - 00000114 _____ () C:\Windows\SysWOW64\brlmw03a.ini
2014-12-21 12:45 - 2004-08-10 00:42 - 00077824 _____ (Brother Industries, Ltd.) C:\Windows\SysWOW64\brlmw03a.dll
2014-12-21 12:44 - 2015-01-02 20:57 - 00000319 _____ () C:\Windows\Brownie.ini
2014-12-21 12:31 - 2014-12-21 12:31 - 00000988 _____ () C:\Users\Public\Desktop\Winamp.lnk
2014-12-21 12:31 - 2014-12-21 12:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp
2014-12-21 12:31 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2014-12-21 12:31 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2014-12-21 12:30 - 2014-12-21 12:34 - 00000000 ____D () C:\Users\HP\AppData\Roaming\Winamp
2014-12-21 12:30 - 2014-12-21 12:31 - 00000000 ____D () C:\Program Files (x86)\Winamp
2014-12-21 10:39 - 2014-12-21 10:39 - 00000703 _____ () C:\Windows\NewsRover.INI
2014-12-21 10:13 - 2014-12-22 22:34 - 00000000 ____D () C:\NewsRoverData
2014-12-21 10:12 - 2014-12-21 10:13 - 00000000 ____D () C:\Program Files\NewsRover
2014-12-21 10:12 - 2014-12-21 10:12 - 00108755 _____ () C:\Windows\News Rover Uninstaller.exe
2014-12-21 10:12 - 2014-12-21 10:12 - 00001631 _____ () C:\Users\HP\Desktop\NewsRover.lnk
2014-12-21 10:12 - 2014-12-21 10:12 - 00000000 ____D () C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\News Rover
2014-12-21 10:01 - 2014-12-13 00:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-21 10:01 - 2014-12-12 22:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-20 19:33 - 2014-12-22 17:03 - 00000000 ____D () C:\Users\HP\dwhelper
2014-12-20 19:02 - 2014-12-20 19:02 - 05042176 _____ () C:\Users\HP\Downloads\tqsl-2.0.3.msi.txt
2014-12-20 17:29 - 2014-12-20 17:32 - 00000000 ____D () C:\Users\HP\AppData\Roaming\FileZilla
2014-12-20 17:29 - 2014-12-20 17:29 - 00002009 _____ () C:\Users\Public\Desktop\FileZilla Client.lnk
2014-12-20 17:29 - 2014-12-20 17:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2014-12-20 17:29 - 2014-12-20 17:29 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2014-12-20 16:53 - 2014-11-11 07:26 - 00018944 _____ () C:\Users\HP\Desktop\Data_Allowance_01.xls
2014-12-20 15:00 - 2014-12-20 15:02 - 05806407 _____ () C:\Users\HP\Downloads\FSViewerSetup53.exe
2014-12-20 14:16 - 2014-12-20 14:16 - 00002623 _____ () C:\Users\HP\Desktop\Microsoft Access.lnk
2014-12-20 14:10 - 2014-12-20 14:10 - 00000000 ____D () C:\Windows\Minidump
2014-12-20 14:09 - 2014-12-20 14:09 - 501022058 _____ () C:\Windows\MEMORY.DMP
2014-12-20 14:07 - 2014-12-20 14:07 - 00000376 _____ () C:\Windows\ODBC.INI
2014-12-20 14:06 - 2014-12-20 14:06 - 00002673 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Outlook.lnk
2014-12-20 14:06 - 2014-12-20 14:06 - 00002657 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Excel.lnk
2014-12-20 14:06 - 2014-12-20 14:06 - 00002655 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Word.lnk
2014-12-20 14:06 - 2014-12-20 14:06 - 00002625 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft PowerPoint.lnk
2014-12-20 14:06 - 2014-12-20 14:06 - 00002623 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Access.lnk
2014-12-20 14:06 - 2014-12-20 14:06 - 00002609 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Open Office Document.lnk
2014-12-20 14:06 - 2014-12-20 14:06 - 00002599 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\New Office Document.lnk
2014-12-20 14:06 - 2014-12-20 14:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2014-12-20 14:05 - 2014-12-20 14:05 - 00000000 ____D () C:\Windows\Msagent
2014-12-20 14:04 - 2014-12-20 14:04 - 00000000 ____D () C:\Users\HP\AppData\Roaming\Microsoft Web Folders
2014-12-20 14:04 - 2014-12-20 14:04 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-12-20 13:46 - 2014-12-20 13:46 - 00000000 ____D () C:\Users\HP\AppData\Roaming\TrustedQSL
2014-12-20 13:45 - 2014-12-20 13:45 - 00001027 _____ () C:\Users\HP\Desktop\TQSLCert.lnk
2014-12-20 13:45 - 2014-12-20 13:45 - 00001003 _____ () C:\Users\HP\Desktop\TQSL.lnk
2014-12-20 13:45 - 2014-12-20 13:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrustedQSL
2014-12-20 13:45 - 2014-12-20 13:45 - 00000000 ____D () C:\Program Files (x86)\TrustedQSL
2014-12-20 11:41 - 2014-12-20 11:41 - 00000776 _____ () C:\Users\user\Desktop\SpotCollector.lnk
2014-12-20 11:41 - 2014-12-20 11:41 - 00000776 _____ () C:\Users\HP\Desktop\SpotCollector.lnk
2014-12-20 11:40 - 2014-12-20 11:40 - 00000716 _____ () C:\Users\user\Desktop\PropView.lnk
2014-12-20 11:40 - 2014-12-20 11:40 - 00000716 _____ () C:\Users\HP\Desktop\PropView.lnk
2014-12-20 11:39 - 2014-12-20 11:39 - 00000740 _____ () C:\Users\user\Desktop\Pathfinder.lnk
2014-12-20 11:39 - 2014-12-20 11:39 - 00000740 _____ () C:\Users\HP\Desktop\Pathfinder.lnk
2014-12-20 11:37 - 2014-12-20 11:37 - 00000688 _____ () C:\Users\user\Desktop\DXView.lnk
2014-12-20 11:37 - 2014-12-20 11:37 - 00000688 _____ () C:\Users\HP\Desktop\DXView.lnk
2014-12-20 11:36 - 2014-12-20 11:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DXLab Suite
2014-12-20 11:36 - 2014-12-20 11:36 - 00000716 _____ () C:\Users\user\Desktop\DXKeeper.lnk
2014-12-20 11:36 - 2014-12-20 11:36 - 00000716 _____ () C:\Users\HP\Desktop\DXKeeper.lnk
2014-12-20 11:35 - 2014-12-20 11:35 - 00380445 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.000
2014-12-20 11:35 - 2014-12-20 11:35 - 00030749 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.001
2014-12-20 11:35 - 2014-12-20 11:35 - 00000000 ____D () C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DXLab Suite
2014-12-20 11:34 - 2014-12-20 12:35 - 00000000 ____D () C:\DXLab
2014-12-20 11:34 - 2014-12-20 11:40 - 00249856 ____N (Microsoft Corporation) C:\Windows\Setup1.exe
2014-12-20 11:34 - 2014-12-20 11:40 - 00073216 _____ (Microsoft Corporation) C:\Windows\ST6UNST.EXE
2014-12-20 11:34 - 2014-12-20 11:34 - 00000741 _____ () C:\Users\user\Desktop\DXLabLauncher.lnk
2014-12-20 11:34 - 2014-12-20 11:34 - 00000741 _____ () C:\Users\HP\Desktop\DXLabLauncher.lnk
2014-12-20 11:34 - 2014-12-20 11:34 - 00000000 ____D () C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DXLabLauncher
2014-12-20 11:33 - 2014-12-20 11:33 - 02088960 _____ () C:\Users\HP\Downloads\DXLabLauncher197Archive.exe
2014-12-19 19:55 - 2014-12-19 19:55 - 00001247 _____ () C:\Users\HP\Desktop\Ham PC.lnk
2014-12-19 19:42 - 2014-12-26 22:33 - 00000000 ____D () C:\Users\HP\AppData\Roaming\Skype
2014-12-19 19:42 - 2014-12-19 19:42 - 00000000 ____D () C:\Users\HP\AppData\Local\Skype
2014-12-19 19:41 - 2014-12-19 19:41 - 00002697 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-12-19 19:41 - 2014-12-19 19:41 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-12-19 19:41 - 2014-12-19 19:41 - 00000000 ____D () C:\ProgramData\Skype
2014-12-19 19:41 - 2014-12-19 19:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-12-19 19:36 - 2014-12-19 19:36 - 01548384 _____ (Skype Technologies S.A.) C:\Users\HP\Downloads\SkypeSetup.exe
2014-12-19 19:23 - 2014-12-19 19:23 - 00000000 ____D () C:\Users\HP\AppData\Roaming\Macromedia
2014-12-19 19:23 - 2014-12-19 19:23 - 00000000 ____D () C:\Users\HP\AppData\Local\Macromedia
2014-12-19 19:22 - 2014-12-19 19:23 - 00000000 ____D () C:\Users\HP\AppData\Local\Adobe
2014-12-19 19:22 - 2014-12-19 19:22 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-19 19:22 - 2014-12-19 19:22 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-19 19:22 - 2014-12-19 19:22 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2014-12-19 19:22 - 2014-12-19 19:22 - 00000000 ____D () C:\Windows\system32\Macromed
2014-12-19 19:15 - 2015-01-02 18:56 - 00000000 ____D () C:\Users\HP\Documents\FEBE
2014-12-19 18:55 - 2014-12-20 19:33 - 00000000 ____D () C:\Users\HP\AppData\Roaming\vlc
2014-12-19 18:55 - 2014-12-19 18:55 - 00001072 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-12-19 18:55 - 2014-12-19 18:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-12-19 18:55 - 2014-12-19 18:55 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-12-19 16:07 - 2014-12-19 16:07 - 00000000 ____D () C:\Users\HP\AppData\Local\Mozilla
2014-12-19 16:06 - 2014-12-19 16:06 - 00001165 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-12-19 16:06 - 2014-12-19 16:06 - 00001153 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-12-19 16:06 - 2014-12-19 16:06 - 00000000 ____D () C:\ProgramData\Mozilla
2014-12-19 16:06 - 2014-12-19 16:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-19 16:06 - 2014-12-19 16:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-19 15:45 - 2015-01-02 20:57 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-19 15:44 - 2015-01-02 19:22 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-19 15:44 - 2014-12-19 15:44 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-19 15:44 - 2014-12-19 15:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-19 15:44 - 2014-12-19 15:44 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-19 15:44 - 2014-12-19 15:44 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-19 15:44 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-19 15:44 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-19 14:57 - 2014-12-19 14:57 - 00000000 ____D () C:\Users\HP\AppData\Roaming\Avira
2014-12-19 14:54 - 2014-12-19 14:52 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-12-19 14:52 - 2014-12-19 16:07 - 00000000 ____D () C:\Users\HP\AppData\Roaming\Mozilla
2014-12-19 14:51 - 2014-11-24 10:23 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-12-19 14:51 - 2014-11-24 10:23 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-12-19 14:51 - 2014-11-24 10:23 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-12-19 14:48 - 2014-12-29 20:22 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-19 14:48 - 2014-12-19 14:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-12-19 14:48 - 2014-12-19 14:51 - 00000000 ____D () C:\ProgramData\Avira
2014-12-19 14:48 - 2014-12-19 14:51 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-12-19 14:48 - 2014-12-19 14:48 - 00001135 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-12-19 14:28 - 2014-11-26 20:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-19 14:28 - 2014-11-26 20:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-19 14:28 - 2014-11-21 22:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-19 14:28 - 2014-11-21 22:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-19 14:28 - 2014-11-21 22:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-19 14:28 - 2014-11-21 21:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-19 14:28 - 2014-11-21 21:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-19 14:28 - 2014-11-21 21:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-19 14:28 - 2014-11-21 21:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-19 14:28 - 2014-11-21 21:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-19 14:28 - 2014-11-21 21:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-19 14:28 - 2014-11-21 21:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-19 14:28 - 2014-11-21 21:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-19 14:28 - 2014-11-21 21:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-19 14:28 - 2014-11-21 21:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-19 14:28 - 2014-11-21 21:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-19 14:28 - 2014-11-21 21:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-19 14:28 - 2014-11-21 21:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-19 14:28 - 2014-11-21 21:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-19 14:28 - 2014-11-21 21:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-19 14:28 - 2014-11-21 21:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-19 14:28 - 2014-11-21 21:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-19 14:28 - 2014-11-21 21:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-19 14:28 - 2014-11-21 21:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-19 14:28 - 2014-11-21 21:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-19 14:28 - 2014-11-21 21:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-19 14:28 - 2014-11-21 21:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-19 14:28 - 2014-11-21 21:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-19 14:28 - 2014-11-21 21:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-19 14:28 - 2014-11-21 20:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-19 14:28 - 2014-11-21 20:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-19 14:28 - 2014-11-21 20:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-19 14:28 - 2014-11-21 20:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-19 14:28 - 2014-11-21 20:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-19 14:28 - 2014-11-21 20:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-19 14:28 - 2014-11-21 20:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-19 14:28 - 2014-11-21 20:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-19 14:28 - 2014-11-21 20:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-19 14:28 - 2014-11-21 20:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-19 14:28 - 2014-11-21 20:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-19 14:28 - 2014-11-21 20:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-19 14:28 - 2014-11-21 20:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-19 14:28 - 2014-11-21 20:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-19 14:28 - 2014-11-21 20:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-19 14:28 - 2014-11-21 20:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-19 14:28 - 2014-11-21 20:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-19 14:28 - 2014-11-21 20:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-19 14:28 - 2014-11-21 20:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-19 14:28 - 2014-11-21 20:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-19 14:28 - 2014-11-21 20:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-19 14:28 - 2014-11-21 20:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-19 14:28 - 2014-11-21 20:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-19 14:28 - 2014-11-21 19:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-19 14:28 - 2014-11-21 19:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-19 14:27 - 2014-12-30 15:24 - 00000000 ____D () C:\00_Mark
2014-12-19 14:24 - 2014-12-19 14:24 - 00000000 ____D () C:\Users\HP\AppData\Local\Hewlett-Packard
2014-12-19 14:11 - 2014-11-10 22:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-19 14:11 - 2014-11-10 21:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-19 14:06 - 2014-12-19 14:06 - 00000000 __SHD () C:\Users\HP\AppData\Local\EmieUserList
2014-12-19 14:06 - 2014-12-19 14:06 - 00000000 __SHD () C:\Users\HP\AppData\Local\EmieSiteList
2014-12-19 14:06 - 2014-12-19 14:06 - 00000000 __SHD () C:\Users\HP\AppData\Local\EmieBrowserModeList
2014-12-19 13:40 - 2014-12-20 14:12 - 00062768 _____ () C:\Users\HP\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-19 13:37 - 2014-12-22 11:16 - 00000000 ____D () C:\Users\HP\AppData\Local\PDFC
2014-12-19 13:36 - 2014-12-19 13:36 - 00001419 _____ () C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-19 13:36 - 2014-12-19 13:36 - 00000000 ____D () C:\Users\HP\AppData\Roaming\Adobe
2014-12-19 13:34 - 2014-12-20 19:33 - 00000000 ____D () C:\Users\HP
2014-12-19 13:34 - 2014-12-20 16:54 - 00000000 ____D () C:\Users\HP\AppData\Local\VirtualStore
2014-12-19 13:34 - 2014-12-19 13:34 - 00000020 ___SH () C:\Users\HP\ntuser.ini
2014-12-19 13:34 - 2009-07-13 23:54 - 00000000 ___RD () C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-19 13:34 - 2009-07-13 23:49 - 00000000 ___RD () C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-02 20:59 - 2013-08-16 16:40 - 01284825 _____ () C:\Windows\WindowsUpdate.log
2015-01-02 20:56 - 2013-08-16 16:40 - 00000000 ____D () C:\ProgramData\PDFC
2015-01-02 20:54 - 2013-08-16 16:35 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-02 20:54 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-02 20:54 - 2009-07-13 23:51 - 00040954 _____ () C:\Windows\setupact.log
2015-01-02 20:53 - 2009-07-13 23:45 - 00027568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-02 20:53 - 2009-07-13 23:45 - 00027568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-02 20:41 - 2009-07-14 00:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-02 20:36 - 2010-11-20 22:47 - 00185124 _____ () C:\Windows\PFRO.log
2015-01-02 20:03 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Default
2015-01-02 20:00 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini
2015-01-02 18:53 - 2013-08-16 14:15 - 00001945 _____ () C:\Windows\epplauncher.mif
2015-01-02 18:00 - 2014-09-15 10:30 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-12-21 12:45 - 2013-08-16 16:37 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-12-20 14:10 - 2009-07-13 23:45 - 00287032 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-20 14:06 - 2009-07-13 22:20 - 00000000 __RSD () C:\Windows\Media
2014-12-20 14:05 - 2010-11-21 02:17 - 00000000 ____D () C:\Windows\ShellNew
2014-12-20 14:05 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Help
2014-12-20 14:04 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system
2014-12-19 20:45 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-12-19 14:34 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-19 14:19 - 2013-08-16 13:31 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-19 14:17 - 2013-08-16 13:31 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-19 13:34 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-12-03 12:14 - 2014-12-02 19:59 - 00000000 ____D () C:\BITlog
2014-12-03 12:14 - 2013-08-16 14:08 - 00000000 ____D () C:\sysprep
2014-12-03 12:14 - 2009-07-13 23:46 - 00004312 _____ () C:\Windows\DtcInstall.log
Some content of TEMP:
====================
C:\Users\HP\AppData\Local\Temp\avgnt.exe
C:\Users\HP\AppData\Local\Temp\Quarantine.exe
C:\Users\HP\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-12-26 16:15
==================== End Of Log ============================
January 2nd, 2015, 10:06 PM
#21
Here is the Addition.txt file
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-01-2015
Ran by HP at 2015-01-02 21:02:24
Running from C:\Users\HP\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.36 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0936-000001000000}) (Version: 9.36.00.0 - Igor Pavlov)
ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Avira (HKLM-x32\...\{e7c7c227-b742-4878-9425-f09bbf9951db}) (Version: 1.1.27.25527 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.27.25527 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Band Master 1.51 (HKLM-x32\...\Band Master_is1) (Version: - )
BCL easyConverter 3.0 Licensing Module (BCL License) (x32 Version: 3.0.18 - BCL Technologies) Hidden
BCL easyConverter 3.0 Loader SDK Module (x32 Version: 3.0.18 - BCL Technologies) Hidden
BCL easyConverter 3.0 Module (Loader, BCL License) (x32 Version: 3.0.18 - BCL Technologies) Hidden
BCL easyConverter 3.0 Module (RTF, BCL License) (x32 Version: 3.0.18 - BCL Technologies) Hidden
BCL easyConverter 3.0 RTF SDK Module (x32 Version: 3.0.18 - BCL Technologies) Hidden
BCL easyConverter 3.0 SDK Module (x32 Version: 3.0.18 - BCL Technologies) Hidden
Broadcom Management Programs (HKLM\...\{18E893B6-28F0-495B-8448-AC40F4496728}) (Version: 14.2.4.4 - Broadcom Corporation)
Brother HL-2170W (HKLM-x32\...\{7F0D1654-263E-4370-BB6B-FF39E9D07665}) (Version: 1.00 - Brother)
Bullzip PDF Printer 10.10.0.2307 (HKLM\...\Bullzip PDF Printer_is1) (Version: 10.10.0.2307 - Bullzip)
Directory Printer 3.6 (HKLM-x32\...\Directory Printer_is1) (Version: - )
DVD Decrypter (Remove Only) (HKLM-x32\...\DVD Decrypter) (Version: - )
DVDFab 9.1.7.6 (28/11/2014) (HKLM-x32\...\DVDFab 9_is1) (Version: - Fengtao Software Inc.)
DVDFab 9.1.8.1 (24/12/2014) (HKLM-x32\...\DVDFab 9 US_is1) (Version: - Fengtao Software Inc.)
DX Atlas 2.30 (HKLM-x32\...\DX Atlas_is1) (Version: - Afreet Software, Inc.)
DXKeeper (HKLM-x32\...\ST6UNST #2) (Version: - )
DXLabLauncher (HKLM-x32\...\ST6UNST #1) (Version: - )
DXView (HKLM-x32\...\ST6UNST #3) (Version: - )
FileZilla Client 3.7.3 (HKLM-x32\...\FileZilla Client) (Version: 3.7.3 - Tim Kosse)
Ham CAP 1.80 (HKLM-x32\...\Ham CAP_is1) (Version: - Alex Shovkoplyas, VE3NEA)
Houlo Video Downloader (HKLM-x32\...\Houlo Video Downloader) (Version: - )
HP Performance Advisor (HKLM-x32\...\{A41ED7E1-DDAB-46E0-98EE-963642D35443}) (Version: 1.2.2813 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E92D47A1-D27D-430A-8368-0BAFD956507D}) (Version: 5.2.9.2 - Hewlett-Packard Company)
HPAsset component for HP Active Support Library (x32 Version: 3.0.2.2 - Hewlett-Packard) Hidden
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
IonoProbe 1.39 (HKLM-x32\...\IonoProbe_is1) (Version: - Afreet Software, Inc.)
ITS HF Propagation 2014.11.14 (HKLM\...\{1B328085-F1A5-4AB8-8986-0103C5800216}) (Version: 2014.11.14 - US Department of Commerce NTIA/ITS)
LightScribe System Software (HKLM-x32\...\{E0E55FC1-C53D-4F8D-B14B-B59C312747C8}) (Version: 1.18.22.2 - LightScribe)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MetaProducts Download Express (HKLM-x32\...\DownloadExpress) (Version: - )
MetaProducts Mass Downloader (HKLM-x32\...\MetaProducts Mass Downloader) (Version: - )
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2000 Professional (HKLM-x32\...\{00010409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)Addition.txt
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-GB)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
Nero BurningROM 2015 (HKLM-x32\...\{32CEC4AD-4BEF-4EB8-833E-47DAE9382653}) (Version: 16.0.01500 - Nero AG)
Nero Info (HKLM-x32\...\{B791E0AB-87A9-41A4-8D98-D13C2E37D928}) (Version: 16.0.1003 - Nero AG)
Nero Prerequisite Installer 4.0 (HKLM-x32\...\{4CC76B5A-EEEA-4ED5-B92A-3808EDA2C7B6}) (Version: 16.0.00500 - Nero AG)
News Rover -- Usenet newsreader (HKLM\...\News Rover) (Version: 20.0 Rev. 0 - S&H Computer Systems)
NVIDIA 3D Vision Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA Graphics Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA nView 141.24 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 141.24 - NVIDIA Corporation)
NVIDIA WMI 2.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVWMI) (Version: 2.18.0 - NVIDIA Corporation)
Omni-Rig 1.12 (HKLM-x32\...\Omni-Rig_is1) (Version: - Alex Shovkoplyas, VE3NEA)
Pathfinder (HKLM-x32\...\ST6UNST #4) (Version: - )
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.36 - PDF Complete, Inc)
PDF2Word Converter Version 1.0.8 (Build 164, bioPDF) (HKLM-x32\...\PDF2Word Converter (bioPDF)_is1) (Version: PDF2Word Converter - Version 1.0.8 (Build 164) - bioPDF)
Prerequisite installer (x32 Version: 16.0.0003 - Nero AG) Hidden
PropView (HKLM-x32\...\ST6UNST #5) (Version: - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6080 - Realtek Semiconductor Corp.)
RefManager 1.0 (HKLM-x32\...\RefManager_is1) (Version: - Afreet Software, Inc.)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SpotCollector (HKLM-x32\...\ST6UNST #6) (Version: - )
Tag&Rename (HKLM-x32\...\Tag&Rename_is1) (Version: 2.1.7.4 - SOFTPOINTER Ltd.)
TrustedQSL 1.13 (HKLM-x32\...\TrustedQSL_is1) (Version: - ARRL)
VLC media player 1.1.5 (HKLM-x32\...\VLC media player) (Version: 1.1.5 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
XChat 2 (remove only) (HKLM-x32\...\xchat) (Version: - )
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 21:34 - 2015-01-02 19:58 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {4DE20FE9-17A2-49E1-ACF4-47D751713450} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [2011-02-23] (Hewlett-Packard Company)
Task: {9184B1DA-A180-45E8-BC22-34889087CEBE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-02-23] (Hewlett-Packard Company)
Task: {9C9483C1-C162-4665-B47B-3FB4A701808F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-02-23] (Hewlett-Packard Company)
Task: {E6891AB1-D756-4D70-9DF5-209A3C4216D5} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [2014-07-21] (Nero AG)
==================== Loaded Modules (whitelisted) =============
2014-07-18 15:54 - 2014-08-19 22:15 - 02683736 _____ () C:\Windows\system32\nvwmi64.exe
2013-08-16 15:25 - 2014-07-02 13:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2010-01-02 09:42 - 2010-01-02 09:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2013-08-16 16:35 - 2014-08-19 22:15 - 00711456 _____ () C:\Program Files\NVIDIA Corporation\nview\nvshell.dll
2011-03-04 12:02 - 2011-03-04 12:02 - 02121728 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
2011-03-04 12:02 - 2011-03-04 12:02 - 07745536 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
2011-03-04 12:02 - 2011-03-04 12:02 - 00135168 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2014-12-02 20:05 - 2014-12-02 20:05 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\3d576cbc4ffc5ad06fd61510c5d8f326\IsdiInterop.ni.dll
2013-08-16 16:37 - 2010-03-03 22:08 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-2704499606-3232555996-1048322368-500 - Administrator - Disabled)
Guest (S-1-5-21-2704499606-3232555996-1048322368-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2704499606-3232555996-1048322368-1003 - Limited - Enabled)
HP (S-1-5-21-2704499606-3232555996-1048322368-1001 - Administrator - Enabled) => C:\Users\HP
user (S-1-5-21-2704499606-3232555996-1048322368-1000 - Administrator - Enabled) => C:\Users\user
==================== Faulty Device Manager Devices =============
Name: PS/2 Compatible Mouse
Description: PS/2 Compatible Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (01/02/2015 08:56:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Microsoft Office Sessions:
=========================
Error: (01/02/2015 08:56:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
CodeIntegrity Errors:
===================================
Date: 2015-01-02 19:57:44.688
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-01-02 19:57:44.625
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: Intel(R) Xeon(R) CPU W3565 @ 3.20GHz
Percentage of memory in use: 22%
Total physical RAM: 8175.22 MB
Available physical RAM: 6309.46 MB
Total Pagefile: 16348.63 MB
Available Pagefile: 14303.88 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: (C: OS) (Fixed) (Total:906.53 GB) (Free:827.29 GB) NTFS
Drive g: (G: Internal 2TB) (Fixed) (Total:1863.01 GB) (Free:1830.56 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: F21F501B)
Partition 1: (Active) - (Size=25 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=906.5 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 28CE9828)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
==================== End Of Log ============================
January 2nd, 2015, 11:01 PM
#22
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt ). Please post it to your reply.
Attached Files
January 2nd, 2015, 11:31 PM
#23
Thank you for all your help. Here is the Fixlog.txt
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-01-2015
Ran by HP at 2015-01-02 22:30:10 Run:1
Running from C:\Users\HP\Desktop
Loaded Profile: HP (Available profiles: user & HP)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
HKU\S-1-5-21-2704499606-3232555996-1048322368-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
C:\Users\HP\AppData\Local\Temp\avgnt.exe
C:\Users\HP\AppData\Local\Temp\Quarantine.exe
C:\Users\HP\AppData\Local\Temp\sqlite3.dll
*****************
"HKU\S-1-5-21-2704499606-3232555996-1048322368-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk" => Key deleted successfully.
catchme => Service deleted successfully.
C:\Users\HP\AppData\Local\Temp\avgnt.exe => Moved successfully.
C:\Users\HP\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\HP\AppData\Local\Temp\sqlite3.dll => Moved successfully.
==== End of Fixlog 22:30:10 ====
January 3rd, 2015, 12:18 AM
#24
Last scans...
Download Security Check from here or here and save it to your Desktop .
Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt ; please post the contents of that document.
NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:
Internet Services Windows Firewall System Restore Security Center Windows Update Windows Defender Other Services Press "Scan ". It will create a log (FSS.txt) in the same directory the tool is run. Please copy and paste the log to your reply.
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
Double click on TFC.exe to run the program. Click on Start button to begin cleaning process. TFC will close all running programs, and it may ask you to restart computer.
Download Sophos Free Virus Removal Tool and save it to your desktop.
Double click the icon and select Run Click Next Select I accept the terms in this license agreement , then click Next twice Click Install Click Finish to launch the program Once the virus database has been updated click Start Scanning If any threats are found click Details , then View log file... (bottom left hand corner) Copy and paste the results in your reply Close the Notepad document, close the Threat Details screen, then click Start cleanup Click Exit to close the program
January 3rd, 2015, 09:53 AM
#25
Here are my Security Check results
Results of screen317's Security Check version 0.99.93
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Avira Desktop
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Adobe Flash Player 16.0.0.235
Mozilla Firefox (34.0.5)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbam.exe
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
Malwarebytes Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
January 3rd, 2015, 09:58 AM
#26
Here are the results of the Farbar Service Scanner
Farbar Service Scanner Version: 21-07-2014
Ran by HP (administrator) on 03-01-2015 at 08:56:17
Running from "C:\Users\HP\Desktop"
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Action Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
Other Services:
==============
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
**** End of log ****
January 3rd, 2015, 11:44 AM
#27
I ran TFC and then I ran Sohos. Sophos came back with no threats and my pc was found to be clean
January 3rd, 2015, 12:29 PM
#28
Your computer is clean
1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.
Double-click Delfix.exe to start the tool.
Make sure the following items are checked:
Activate UAC (optional; some users prefer to keep it off) Remove disinfection tools Create registry backup Purge System Restore Reset system settings
Now click "Run " and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.
2. Make sure Windows Updates are current.
3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately !
4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")
5. Download, and install WOT (Web OF Trust): http://www.mywot.com/ . It'll warn you (in most cases) about dangerous web sites.
6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.
7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).
8. Download and install Secunia Personal Software Inspector (PSI) : http://secunia.com/vulnerability_scanning/personal/ . The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.
9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker .
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.
10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware ), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.
11. Read:
How did I get infected?, With steps so it does not happen again! : http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet : http://www.bleepingcomputer.com/tuto...r-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings : http://www.bleepingcomputer.com/foru.../#entry3187642
12. Please, let me know, how your computer is doing.
January 3rd, 2015, 02:19 PM
#29
I ran Delfix OK.
Many thanks for all your help. My pC seems to be working really well
Again thanks for all your help
January 3rd, 2015, 02:25 PM
#30
Way to go!!
Good luck and stay safe
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
Forum Rules