Tech Support Forum banner
Status
Not open for further replies.

Downloaded .EXE File Causing Auot Install of many Programs. Help!

5K views 27 replies 2 participants last post by  chemist 
#1 ·
Downloaded .EXE File Causing Auto Install of many Programs. Help!

Hi Tech Support,

I downloaded a .exe file for clashbot that turned out to be a dud and started installing many programs onto the PC. I tried to manually uninstall them but it would just install more.

Below is the DDS.txt

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17909 BrowserJavaVersion: 11.45.2
Run by Vicki at 17:06:44 on 2015-07-19
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8130.4532 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall *Enabled* {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Users\Vicki\AppData\Roaming\TWV\MediaService.exe
C:\Program Files (x86)\2F8B4820-1437277603-11DD-B021-BCEE7B8C64A3\knsk810B.tmpfs
C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\NST.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\Common Files\Goobzo\GBUpdate\smu.exe
C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
C:\Program Files (x86)\BlueStacks\HD-Service.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\NST.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\BlueStacks\HD-Network.exe
C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe
C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\TeamViewer\TeamViewer.exe
C:\Program Files (x86)\TeamViewer\tv_w32.exe
C:\Program Files (x86)\TeamViewer\tv_x64.exe
C:\Windows\system32\GWX\GWX.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\helppane.exe
C:\Users\Vicki\AppData\Local\Temp\amisetup9518__12900.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\McAfee\CSP\1.5.450.0\McCSPServiceHost.exe
C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
C:\Program Files\McAfee\MSC\McAPExe.exe
C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
C:\Program Files\McAfee\MAT\McPvTray.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Users\Vicki\AppData\Roaming\TWV\winpl.exe
C:\Users\Vicki\AppData\Roaming\TWV\winpl.exe
C:\Users\Vicki\AppData\Roaming\TWV\winpl.exe
C:\Users\Vicki\AppData\Roaming\TWV\winpl.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
mWinlogon: Userinit = userinit.exe
BHO: Skype for Business Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll
BHO: McAfee SafeKey Vault: {9DB059B3-DD36-4a55-846C-59BE42A1202A} - C:\Program Files (x86)\SafeKey\LPToolbar.dll
BHO: Norton Identity Protection: {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\CoIEPlg.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll
TB: Norton Identity Safe Toolbar: {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\CoIEPlg.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
TB: McAfee SafeKey: {61D700C1-7D8D-43c5-9C13-4FF85157CFE6} - C:\Program Files (x86)\SafeKey\LPToolbar.dll
uRun: [Spotify Web Helper] "C:\Users\Vicki\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [Dropbox Update] "C:\Users\Vicki\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
uRun: [Bubble Dock] "C:\Users\Vicki\AppData\Roaming\Nosibay\Bubble Dock\LBubble Dock.exe" /winstartup
uRun: [WindApp] "C:\Users\Vicki\AppData\Roaming\Store\WindApp\WindApp.exe" /winstartup
uRun: [DeskBar] C:\Users\Vicki\AppData\Local\DeskBar\dblaunch.exe
uRun: [Itibiti.exe] C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
uRunOnce: [IDSS_STARTUP] C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\coSAStub.exe /install /force
uRunOnce: [DelTr267338] cmd.exe /c rd /s /q "C:\Users\Vicki\AppData\Roaming\Tny_Cassiopesa"
uRunOnce: [Tny_Cassiopesa] <no file>
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe
mRun: [ospd_us_016010034] "C:\Program Files (x86)\ospd_us_016010034\ospd_us_016010034.exe"
mRun: [mcpltui_exe] "C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe" /platui /runkey
mRunOnce: [SpaceSondPro_v87.1083] C:\Program Files (x86)\SpaceSondPro_v87.1083\SpaceSondPro_Service.exe ro
mRunOnce: [upospd_us_016010034.exe] C:\Users\Vicki\AppData\Local\ospd_us_016010034\upospd_us_016010034.exe -runonce
mRunOnce: [DelTr267338] cmd.exe /c rd /s /q "C:\Users\Vicki\AppData\Roaming\Tny_Cassiopesa"
mRunOnce: [SpUninstallCleanUp] REG delete HKEY_LOCAL_MACHINE\Software\SearchProtect /f
StartupFolder: C:\Users\Vicki\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Vicki\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~2.LNK - C:\Program Files (x86)\Common Files\lpuninstall.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~1.LNK - C:\Program Files (x86)\Common Files\lpuninstall.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~1\Office15\EXCEL.EXE/3000
IE: SafeKey - C:\Users\Vicki\AppData\LocalLow\SafeKey\context.html?cmd=lastpass
IE: SafeKey Fill Forms - C:\Users\Vicki\AppData\LocalLow\SafeKey\context.html?cmd=fillforms
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~1\Office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {9DB059B3-DD36-4a55-846C-59BE42A1202A} - C:\Program Files (x86)\SafeKey\LPToolbar.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{1DAFF43E-DB8F-4FCE-BAE5-55801F2B8A01} : NameServer = 82.163.143.131,82.163.142.133
TCP: Interfaces\{1DAFF43E-DB8F-4FCE-BAE5-55801F2B8A01} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{1DAFF43E-DB8F-4FCE-BAE5-55801F2B8A01}\030323431453645333032423 : DHCPNameServer = 192.168.11.1
TCP: Interfaces\{1DAFF43E-DB8F-4FCE-BAE5-55801F2B8A01}\342473839393 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{1DAFF43E-DB8F-4FCE-BAE5-55801F2B8A01}\34C414358402F4640284F4553554F52374548545 : NameServer = 82.163.143.131,82.163.142.133
TCP: Interfaces\{1DAFF43E-DB8F-4FCE-BAE5-55801F2B8A01}\34C414358402F4640284F4553554F52374548545 : DHCPNameServer = 192.168.1.250
TCP: Interfaces\{1DAFF43E-DB8F-4FCE-BAE5-55801F2B8A01}\E4544574541425F5548545 : DHCPNameServer = 192.168.1.250
TCP: Interfaces\{45EB96AC-16FC-42F4-A9C5-90F24D23609D} : NameServer = 82.163.143.131,82.163.142.133
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.134\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = about:blank
x64-BHO: Skype for Business Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-BHO: McAfee SafeKey Vault: {9DB059B3-DD36-4a55-846C-59BE42A1202A} - C:\Program Files (x86)\SafeKey\LPToolbar_x64.dll
x64-BHO: Norton Identity Protection: {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.11.42\CoIEPlg.dll
x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
x64-TB: Norton Identity Safe Toolbar: {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.11.42\CoIEPlg.dll
x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-TB: McAfee SafeKey: {61D700C1-7D8D-43c5-9C13-4FF85157CFE6} - C:\Program Files (x86)\SafeKey\LPToolbar_x64.dll
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
x64-Run: [RtHDVBg_DTS] "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /DTSU2P
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [SpaceSoundPro] "C:\Program Files\SpaceSoundPro\SpaceSoundPro.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {9DB059B3-DD36-4a55-846C-59BE42A1202A} - C:\Program Files (x86)\SafeKey\LPToolbar_x64.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-DPF: {AA570693-00E2-4907-B6F1-60A1199B030C} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Vicki\AppData\Roaming\Mozilla\Firefox\Profiles\55xvqotf.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.cassiopessa.com/?f=1&a=csp_tuto1_15_29&cd=2XzuyEtN2Y1L1Qzu0B0C0E0EyB0Bzz0CyCyE0AtA0Bzz0C0FtN0D0Tzu0StCtBzyyEtN1L2XzutAtFtCtCtFtAtFtCtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StCtC0CyB0BzytC0AtGtD0DtC0AtGtByCyDyEtGtBzyyD0AtG0CyB0D0BtAzz0A0FtCyDyEzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0ByEtDtC0A0EyEtG0DtC0AtDtGyEyEtB0CtG0A0Ezz0EtGzzyD0F0EyEyC0B0AyEyDtAzz2QtN0A0LzuyE&cr=1026998881&ir=
FF - prefs.js: browser.search.selectedEngine - Search Module
FF - plugin: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2014-3-30 20464]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2015-2-17 864072]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2015-2-17 340448]
R1 ccSet_NST;Norton Identity Safe Settings Manager;C:\Windows\System32\drivers\NSTx64\7DE070B0.02A\ccSetx64.sys [2015-7-19 162392]
R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [2014-3-30 936728]
R2 BstHdAndroidSvc;BlueStacks Android Service;C:\Program Files (x86)\BlueStacks\HD-Service.exe [2015-3-24 433880]
R2 BstHdDrv;BlueStacks Hypervisor;C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2015-3-24 144600]
R2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [2015-3-24 388824]
R2 BstHdUpdaterSvc;BlueStacks Updater Service;C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [2015-3-24 798424]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-13 27136]
R2 DTSAudioSvc;DTSAudioSvc;C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [2014-3-30 240584]
R2 HomeNetSvc;McAfee Home Network;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2015-7-19 340744]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-5-11 733696]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2014-3-30 169432]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [2015-7-19 154856]
R2 McAPExe;McAfee AP Service;C:\Program Files\McAfee\MSC\McAPExe.exe [2015-7-19 753768]
R2 mccspsvc;McAfee CSP Service;C:\Program Files\Common Files\McAfee\CSP\1.5.450.0\McCSPServiceHost.exe [2015-4-8 207344]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2015-7-19 340744]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2015-7-19 340744]
R2 mcpltsvc;McAfee Platform Services;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2015-7-19 340744]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2015-7-19 340744]
R2 McPvDrv;McPvDrv Driver;C:\Windows\System32\drivers\McPvDrv.sys [2015-7-19 76064]
R2 MediaService;Media Service;C:\Users\Vicki\AppData\Roaming\TWV\MediaService.exe [2015-5-21 115712]
R2 mfemms;McAfee Service Controller;C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [2015-7-19 372144]
R2 migihuse;Menu Find;C:\Program Files (x86)\2F8B4820-1437277603-11DD-B021-BCEE7B8C64A3\knsk810B.tmpfs [2015-7-18 612864]
R2 NCO;Norton Identity Safe;C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\NST.exe [2015-7-19 131144]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-3-30 1593632]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-3-30 16939296]
R2 SMUpd;Search Module Update;C:\Program Files\Common Files\Goobzo\GBUpdate\smu.exe [2015-7-18 2855936]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-9-23 411968]
R2 TeamViewer;TeamViewer 10;C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2015-6-18 5495056]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2015-2-17 68784]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2014-3-30 368112]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2014-3-30 786416]
R3 mfeaack;McAfee Inc. mfeaack;C:\Windows\System32\drivers\mfeaack.sys [2015-2-17 401736]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2015-2-17 337888]
R3 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2015-7-19 232656]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2015-2-17 488000]
R3 mfencbdc;McAfee Inc. mfencbdc;C:\Windows\System32\drivers\mfencbdc.sys [2015-1-16 482600]
R3 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2015-7-19 250672]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-3-30 39200]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2014-3-30 805088]
R3 SMUpdd;Search Module UpdateD;C:\Program Files\Common Files\Goobzo\GBUpdate\smw.sys [2015-7-18 41632]
S2 0298121437280780mcinstcleanup;McAfee Application Installer Cleanup (0298121437280780);C:\Users\Vicki\AppData\Local\Temp\029812~1.EXE -cleanup -nolog --> C:\Users\Vicki\AppData\Local\Temp\029812~1.EXE -cleanup -nolog [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2015-7-19 197704]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2015-7-14 114688]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-5-11 822232]
S3 mfencrk;McAfee Inc. mfencrk;C:\Windows\System32\drivers\mfencrk.sys [2015-1-16 100720]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2014-1-23 178760]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-4-10 1255736]
.
=============== Created Last 30 ================
.
2015-07-19 04:40:17 32372200 ----a-w- C:\Program Files (x86)\Common Files\lpuninstall.exe
2015-07-19 04:40:16 197704 ----a-w- C:\Windows\System32\drivers\HipShieldK.sys
2015-07-19 04:40:15 76064 ----a-w- C:\Windows\System32\drivers\McPvDrv.sys
2015-07-19 04:40:15 -------- d-----w- C:\Users\Vicki\AppData\Local\McAfee File Lock
2015-07-19 04:40:12 -------- d-----w- C:\Program Files (x86)\SafeKey
2015-07-19 04:40:08 -------- d-----w- C:\Program Files (x86)\McAfee.com
2015-07-19 04:39:41 -------- d-----w- C:\Program Files\McAfee.com
2015-07-19 04:39:41 -------- d-----w- C:\Program Files\McAfee
2015-07-19 04:39:39 -------- d-----w- C:\Program Files (x86)\McAfee
2015-07-19 04:34:07 -------- d-----w- C:\ProgramData\3d2eec2000007582
2015-07-19 04:23:35 -------- d-----w- C:\FRST
2015-07-19 04:22:54 -------- d-----w- C:\Program Files (x86)\PCMATICPLUSSOL
2015-07-19 04:20:47 -------- d-----w- C:\Users\Vicki\AppData\Local\PCMATICPLUS_fixed
2015-07-19 04:05:23 162392 ----a-r- C:\Windows\System32\drivers\NSTx64\7DE070B0.02A\ccSetx64.sys
2015-07-19 04:05:20 -------- d-----w- C:\Windows\System32\drivers\NSTx64\7DE070B0.02A
2015-07-19 04:05:20 -------- d-----w- C:\Windows\System32\drivers\NSTx64
2015-07-19 04:05:20 -------- d-----w- C:\Program Files (x86)\Norton Identity Safe
2015-07-19 04:02:40 -------- d-----w- C:\Users\Vicki\AppData\Local\Chromium
2015-07-19 04:02:27 -------- d-----w- C:\ProgramData\InstallSightSDK
2015-07-19 04:02:18 -------- d-----w- C:\Users\Vicki\AppData\Roaming\Tny_Cassiopesa
2015-07-19 04:01:43 -------- d-----w- C:\Quarantine
2015-07-19 04:01:27 250672 ----a-w- C:\Windows\System32\mfevtps.exe
2015-07-19 04:01:26 -------- d-----w- C:\Program Files\Common Files\McAfee
2015-07-19 04:01:26 -------- d-----w- C:\Program Files (x86)\Common Files\McAfee
2015-07-19 03:57:23 -------- d-----w- C:\ProgramData\{49daa21b-fd28-36a9-49da-aa21bfd2886f}
2015-07-19 03:56:54 -------- d-----w- C:\Program Files\SpaceSoundPro
2015-07-19 03:56:47 -------- d-----w- C:\Program Files (x86)\predm
2015-07-19 03:51:05 -------- d-----w- C:\Users\Vicki\AppData\Local\BrowserAir
2015-07-19 03:50:44 -------- d-----w- C:\Program Files (x86)\Portable WeatherApp
2015-07-19 03:50:43 -------- d-----w- C:\Users\Vicki\AppData\Local\DeskBar
2015-07-19 03:50:33 -------- d-----w- C:\ProgramData\SearchModule
2015-07-19 03:50:32 -------- d-----w- C:\Program Files\Common Files\Goobzo
2015-07-19 03:50:25 -------- d-----w- C:\Users\Vicki\AppData\Local\Installer
2015-07-19 03:50:21 -------- d-----w- C:\Users\Vicki\AppData\Roaming\WTools
2015-07-19 03:50:17 -------- d-----w- C:\Users\Vicki\AppData\Roaming\Store
2015-07-19 03:50:11 -------- d-----w- C:\Users\Vicki\AppData\Roaming\Nosibay
2015-07-19 03:49:33 -------- d-----w- C:\Users\Vicki\AppData\Local\globalUpdate
2015-07-19 03:49:33 -------- d-----w- C:\Program Files (x86)\globalUpdate
2015-07-19 03:49:13 -------- d-----w- C:\Program Files\ffsecure
2015-07-19 03:48:43 -------- d-----w- C:\Users\Vicki\AppData\Roaming\TWV
2015-07-19 03:48:41 -------- d-----w- C:\Program Files (x86)\ospd_us_014010035
2015-07-19 03:48:34 -------- d-----w- C:\Users\Vicki\AppData\Local\ospd_us_016010034
2015-07-19 03:48:34 -------- d-----w- C:\Program Files (x86)\ospd_us_016010034
2015-07-19 03:47:37 -------- d-----w- C:\Users\Vicki\AppData\Local\2F8B4820-1437263257-11DD-B021-BCEE7B8C64A3
2015-07-19 03:46:43 -------- d-----w- C:\Program Files (x86)\2F8B4820-1437277603-11DD-B021-BCEE7B8C64A3
2015-07-19 02:35:41 -------- d-----w- C:\Users\Vicki\AppData\Local\Diagnostics
2015-07-14 23:53:25 2087424 ----a-w- C:\Windows\System32\ole32.dll
2015-07-07 01:12:26 -------- d-----w- C:\Users\Vicki\AppData\Roaming\NVIDIA
2015-07-03 02:15:08 -------- d-----w- C:\Users\Vicki\AppData\Roaming\qmacro
2015-07-03 02:15:07 -------- d-----w- C:\Users\Vicki\AppData\Roaming\mymacro
2015-06-25 11:13:50 26846912 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSO.DLL
2015-06-25 11:13:50 112326848 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSORES.DLL
2015-06-25 11:09:52 654520 ----a-w- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOSQM.EXE
2015-06-25 11:09:52 37422272 ----a-w- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSO.DLL
2015-06-25 11:09:52 112326848 ----a-w- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSORES.DLL
.
==================== Find3M ====================
.
2015-07-15 15:13:19 778416 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2015-07-15 15:13:19 142512 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-07-09 17:59:59 17856 ----a-w- C:\Windows\System32\CompatTelRunner.exe
2015-07-09 17:58:56 192000 ----a-w- C:\Windows\System32\wuwebv.dll
2015-07-09 17:58:55 98304 ----a-w- C:\Windows\System32\wudriver.dll
2015-07-09 17:58:55 3154944 ----a-w- C:\Windows\System32\wucltux.dll
2015-07-09 17:58:41 726528 ----a-w- C:\Windows\System32\generaltel.dll
2015-07-09 17:58:34 91136 ----a-w- C:\Windows\System32\WinSetupUI.dll
2015-07-09 17:58:31 765440 ----a-w- C:\Windows\System32\invagent.dll
2015-07-09 17:58:26 433664 ----a-w- C:\Windows\System32\devinv.dll
2015-07-09 17:58:25 12288 ----a-w- C:\Windows\System32\wu.upgrade.ps.dll
2015-07-09 17:58:24 1085440 ----a-w- C:\Windows\System32\appraiser.dll
2015-07-09 17:58:23 67584 ----a-w- C:\Windows\System32\acmigration.dll
2015-07-09 17:58:23 227328 ----a-w- C:\Windows\System32\aepdu.dll
2015-07-09 17:58:20 37376 ----a-w- C:\Windows\System32\wuapp.exe
2015-07-09 17:50:11 1145856 ----a-w- C:\Windows\System32\aeinv.dll
2015-07-09 17:43:25 93184 ----a-w- C:\Windows\SysWow64\wudriver.dll
2015-07-09 17:43:25 173056 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2015-07-09 17:42:47 34816 ----a-w- C:\Windows\SysWow64\wuapp.exe
2015-07-04 17:48:36 1414656 ----a-w- C:\Windows\SysWow64\ole32.dll
2015-07-03 18:05:54 41984 ----a-w- C:\Windows\System32\lpk.dll
2015-07-03 18:05:43 100864 ----a-w- C:\Windows\System32\fontsub.dll
2015-07-03 18:05:34 14336 ----a-w- C:\Windows\System32\dciman32.dll
2015-07-03 18:05:26 46080 ----a-w- C:\Windows\System32\atmlib.dll
2015-07-03 17:56:59 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2015-07-03 17:56:56 10240 ----a-w- C:\Windows\SysWow64\dciman32.dll
2015-07-03 17:56:52 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2015-07-03 17:55:42 25600 ----a-w- C:\Windows\SysWow64\lpk.dll
2015-07-03 16:52:31 372224 ----a-w- C:\Windows\System32\atmfd.dll
2015-07-03 16:42:38 299008 ----a-w- C:\Windows\SysWow64\atmfd.dll
2015-07-02 21:08:53 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2015-07-02 20:40:34 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2015-07-01 20:56:03 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2015-07-01 20:56:03 155584 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2015-07-01 20:49:53 210944 ----a-w- C:\Windows\System32\wdigest.dll
2015-07-01 20:49:47 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2015-07-01 20:49:45 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2015-07-01 20:49:45 136192 ----a-w- C:\Windows\System32\sspicli.dll
2015-07-01 20:49:42 342016 ----a-w- C:\Windows\System32\schannel.dll
2015-07-01 20:49:42 28160 ----a-w- C:\Windows\System32\secur32.dll
2015-07-01 20:49:41 1216512 ----a-w- C:\Windows\System32\rpcrt4.dll
2015-07-01 20:49:23 309760 ----a-w- C:\Windows\System32\ncrypt.dll
2015-07-01 20:49:22 315392 ----a-w- C:\Windows\System32\msv1_0.dll
2015-07-01 20:49:11 729088 ----a-w- C:\Windows\System32\kerberos.dll
2015-07-01 20:49:11 1461760 ----a-w- C:\Windows\System32\lsasrv.dll
2015-07-01 20:48:34 44032 ----a-w- C:\Windows\System32\cryptbase.dll
2015-07-01 20:48:34 22016 ----a-w- C:\Windows\System32\credssp.dll
2015-07-01 20:47:38 31232 ----a-w- C:\Windows\System32\lsass.exe
2015-07-01 20:47:18 64000 ----a-w- C:\Windows\System32\auditpol.exe
2015-07-01 20:43:51 60416 ----a-w- C:\Windows\System32\msobjs.dll
2015-07-01 20:43:37 146432 ----a-w- C:\Windows\System32\msaudite.dll
2015-07-01 20:39:24 686080 ----a-w- C:\Windows\System32\adtschema.dll
2015-07-01 20:30:43 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2015-07-01 20:30:40 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2015-07-01 20:30:37 248832 ----a-w- C:\Windows\SysWow64\schannel.dll
2015-07-01 20:30:37 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2015-07-01 20:30:33 221184 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2015-07-01 20:30:32 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2015-07-01 20:30:27 552960 ----a-w- C:\Windows\SysWow64\kerberos.dll
2015-07-01 20:30:21 36864 ----a-w- C:\Windows\SysWow64\cryptbase.dll
2015-07-01 20:30:21 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2015-07-01 20:29:46 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2015-07-01 20:29:34 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2015-07-01 20:29:34 665088 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2015-07-01 20:27:04 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll
2015-07-01 20:26:52 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2015-07-01 20:24:59 686080 ----a-w- C:\Windows\SysWow64\adtschema.dll
2015-07-01 19:27:34 159232 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2015-07-01 19:26:43 290816 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2015-07-01 19:26:37 129024 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2015-06-27 02:47:11 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2015-06-27 02:43:26 5923840 ----a-w- C:\Windows\System32\jscript9.dll
2015-06-27 01:58:17 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2015-06-27 01:39:37 4520448 ----a-w- C:\Windows\SysWow64\jscript9.dll
2015-06-25 08:57:44 3207168 ----a-w- C:\Windows\System32\win32k.sys
2015-06-20 20:06:50 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2015-06-20 19:50:10 66560 ----a-w- C:\Windows\System32\iesetup.dll
2015-06-20 19:49:17 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2015-06-20 19:49:09 417792 ----a-w- C:\Windows\System32\html.iec
2015-06-20 19:49:08 584192 ----a-w- C:\Windows\System32\vbscript.dll
2015-06-20 19:48:29 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2015-06-20 19:34:46 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2015-06-20 19:34:45 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2015-06-20 19:25:28 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2015-06-20 19:13:07 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-06-20 18:46:53 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2015-06-20 18:46:48 2125824 ----a-w- C:\Windows\System32\inetcpl.cpl
2015-06-20 18:26:01 2427392 ----a-w- C:\Windows\System32\wininet.dll
2015-06-19 18:25:41 504320 ----a-w- C:\Windows\SysWow64\vbscript.dll
2015-06-19 18:25:35 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2015-06-19 18:24:43 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2015-06-19 18:24:27 341504 ----a-w- C:\Windows\SysWow64\html.iec
2015-06-19 18:23:26 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2015-06-19 18:13:10 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2015-06-19 17:57:45 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2015-06-19 17:40:04 2052608 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2015-06-19 17:39:13 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2015-06-19 17:15:43 1951232 ----a-w- C:\Windows\SysWow64\wininet.dll
2015-06-17 17:47:05 404992 ----a-w- C:\Windows\System32\gdi32.dll
2015-06-17 17:37:03 312320 ----a-w- C:\Windows\SysWow64\gdi32.dll
.
============= FINISH: 17:06:56.83 ===============
 
See less See more
#3 ·
re: Downloaded .EXE File Causing Auto Install of many Programs. Help!

Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

I see you have P2P software ( uTorrent ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

A reference for the risk of these programs is here

I would strongly recommend that you uninstall it. You can do so via Control Panel >> Programs and Features.

------------------------------------------------------

Please uninstall the following via Start->(or My Computer)->Control Panel->(Programs)->Programs and Features if they still exist:

Itibiti RTC<<Please read this

Please delete the following Folder if it still exists:

C:\Program Files (x86)\Itibiti Soft Phone

------------------------------------------------------

Press the Windows "logo" key and "R" key then copy/paste the following single-line command into the Run box and click OK:

cmd /c rd /s /q "%userprofile%\AppData\Roaming\Itibiti Soft Phone"

A DOS window will open and close again, this is normal.

Repeat for the following:

cmd /c rd /s /q "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KNCTR"

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Do NOT click the green 'Download' button(if visible).
  • Click the blue 'Download now @bleepingcomputer' button.
  • Run AdwCleaner and select Scan
  • Once the Scan is done, select Cleaning
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[S#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.
If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------
 
#4 ·
re: Downloaded .EXE File Causing Auto Install of many Programs. Help!

Ad Cleaner Log

# AdwCleaner v4.208 - Logfile created 20/07/2015 at 20:40:51
# Updated 09/07/2015 by Xplode
# Database : 2015-07-15.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : Vicki - VICKI-PC
# Running from : C:\Users\Vicki\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****

[#] Service Deleted : SMUpd
Service Deleted : SMUpdd
[#] Service Deleted : MediaService
[#] Service Deleted : wsfd_1_10_0_19

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\SearchModule
Folder Deleted : C:\ProgramData\InstallSightSDK
Folder Deleted : C:\ProgramData\3d2eec2000007582
Folder Deleted : C:\ProgramData\{49daa21b-fd28-36a9-49da-aa21bfd2886f}
Folder Deleted : C:\Program Files (x86)\globalUpdate
Folder Deleted : C:\Program Files (x86)\predm
Folder Deleted : C:\Program Files (x86)\Tny_cassiopesa
Folder Deleted : C:\Program Files (x86)\Portable WeatherApp
Folder Deleted : C:\Program Files (x86)\WordShark_1.10.0.19
Folder Deleted : C:\Users\Vicki\AppData\Local\Temp\webget
Folder Deleted : C:\Windows\SysWOW64\config\systemprofile\AppData\Local\FlashGamesRockstar
Folder Deleted : C:\Program Files\Common Files\Goobzo
Folder Deleted : C:\Users\Vicki\AppData\Local\globalUpdate
Folder Deleted : C:\Users\Vicki\AppData\Local\DeskBar
Folder Deleted : C:\Users\Vicki\AppData\Local\2F8B4820-1437263257-11DD-B021-BCEE7B8C64A3
Folder Deleted : C:\Users\Vicki\AppData\Roaming\Mysearchdial
Folder Deleted : C:\Users\Vicki\AppData\Roaming\Nosibay
Folder Deleted : C:\Users\Vicki\AppData\Roaming\Store
Folder Deleted : C:\Users\Vicki\AppData\Roaming\WTools
Folder Deleted : C:\Users\Vicki\AppData\Roaming\TWV
Folder Deleted : C:\Users\Vicki\AppData\Roaming\Tny_cassiopesa
Folder Deleted : C:\Users\Vicki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bubble Dock
Folder Deleted : C:\Users\Vicki\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff
File Deleted : C:\END
File Deleted : C:\Windows\System32\drivers\wsfd_1_10_0_19.sys
File Deleted : C:\Users\Vicki\AppData\Roaming\Bubble Dock.boostrap.log
File Deleted : C:\Users\Vicki\AppData\Roaming\Bubble Dock.installation.log
File Deleted : C:\Users\Vicki\AppData\Roaming\Selection Tools.installation.log
File Deleted : C:\Users\Vicki\AppData\Roaming\WindApp.boostrap.log
File Deleted : C:\Users\Vicki\AppData\Roaming\WindApp.installation.log
File Deleted : C:\Users\Vicki\AppData\Roaming\AUSAMRFZ
File Deleted : C:\Users\Vicki\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Cassiopesa.lnk
File Deleted : C:\Users\Vicki\AppData\Roaming\Mozilla\Firefox\Profiles\55xvqotf.default\searchplugins\trovi.xml
File Deleted : C:\Users\Vicki\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_www.cassiopessa.com_0.localstorage

***** [ Scheduled tasks ] *****

Task Deleted : Smp
Task Deleted : Selection Tools Update
Task Deleted : amiupdaterExd
Task Deleted : amiupdaterExi
Task Deleted : Tny_cassiopesa
Task Deleted : UPDTEXE4_WDR
Task Deleted : IE_ERR4WDR
Task Deleted : AUSAMRFZ
Task Deleted : WordShark Auto Updater 1.10.0.19 Core
Task Deleted : WordShark Auto Updater 1.10.0.19 Pending Update
Task Deleted : SMW_UpdateTask_Time_313338343339383538372d574a324178345a2a376c455a

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Users\Public\Desktop\Google Chrome.lnk
Shortcut Disinfected : C:\Users\Public\Desktop\Mozilla Firefox.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Shortcut Disinfected : C:\Users\Vicki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\Vicki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Shortcut Disinfected : C:\Users\Vicki\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Shortcut Disinfected : C:\Users\Vicki\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Shortcut Disinfected : C:\Users\Vicki\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
Shortcut Disinfected : C:\Users\Vicki\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\Vicki\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Mozilla Firefox.lnk

***** [ Registry ] *****

Key Deleted : HKCU\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Bubble Dock]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [WindApp]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Itibiti.exe]
Key Deleted : HKLM\SOFTWARE\5c3743f1-e544-a5be-934b-e0e6d3029df2
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D6A5312-AB4D-41AA-8BED-0E019B87CA11}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458E-AE16-1C1D8255C28A}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458E-AE16-1C1D8255C28A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0BFA9D85-1B59-498F-A248-222E4E75C76D}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{29D0E3B7-740F-4843-B83C-38AE154CF616}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{652E2A13-36BB-43F9-9B4A-FE8E78FBBB76}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9143e921-7c9a-4d27-ac43-eaccc78cc55a}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9143e921-7c9a-4d27-ac43-eaccc78cc55a}
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Nosibay
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\Store
Key Deleted : HKCU\Software\Tutorials
Key Deleted : HKCU\Software\TutoTag
Key Deleted : HKCU\Software\WTools
Key Deleted : HKCU\Software\Online video player
Key Deleted : HKCU\Software\TWV OK
Key Deleted : HKCU\Software\twv
Key Deleted : HKCU\Software\Tny_Cassiopesa
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\CompeteInc
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\Tutorials
Key Deleted : HKLM\SOFTWARE\SearchModule
Key Deleted : HKLM\SOFTWARE\WordShark_1.10.0.19
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Bubble Dock
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Selection Tools
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Online video player
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search module
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Tny_Cassiopesa
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WordShark_1.10.0.19
Key Deleted : [x64] HKLM\SOFTWARE\SearchModule
Key Deleted : [x64] HKLM\SOFTWARE\WebBar

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17909


-\\ Mozilla Firefox v38.0.5 (x86 en-US)

[55xvqotf.default\prefs.js] - Line Deleted : user_pref("browser.startup.homepage", "hxxp://www.cassiopessa.com/?f=1&a=csp_tuto1_15_29&cd=2XzuyEtN2Y1L1Qzu0B0C0E0EyB0Bzz0CyCyE0AtA0Bzz0C0FtN0D0Tzu0StCtBzyyEtN1L2XzutAtFtCtCtFtAtFtCtN1L1CzutN1L1G1B1V[...]

-\\ Google Chrome v43.0.2357.134

[C:\Users\Vicki\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www-searching.com/search.aspx?s=F7Jzamobl03687,0613dba0-5ab9-4d84-8bf0-27762883d8af,&q={searchTerms}
[C:\Users\Vicki\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : pflphaooapbgpeakohlggbpidpppgdff
[C:\Users\Vicki\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Homepage] : hxxp://www-searching.com/?s=F7Jzamobl03687,0613dba0-5ab9-4d84-8bf0-27762883d8af,
[C:\Users\Vicki\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Startup_URLs] : hxxp://www-searching.com/?s=F7Jzamobl03687,0613dba0-5ab9-4d84-8bf0-27762883d8af,
[C:\Users\Vicki\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Default_Search_Provider_Data] :

-\\ Chromium v


*************************

AdwCleaner[R0].txt - [21964 bytes] - [20/07/2015 20:40:23]
AdwCleaner[S0].txt - [9825 bytes] - [20/07/2015 20:40:51]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9884 bytes] ##########


Farbar Log

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-07-2015
Ran by Vicki (administrator) on VICKI-PC on 20-07-2015 20:43:07
Running from C:\Users\Vicki\Desktop
Loaded Profiles: Vicki (Available Profiles: Vicki)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
() C:\Program Files (x86)\2F8B4820-1437277603-11DD-B021-BCEE7B8C64A3\knsk810B.tmpfs
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\NST.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\NST.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
() C:\Users\Vicki\AppData\Local\ospd_us_016010034\upospd_us_016010034.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Spotify Ltd) C:\Users\Vicki\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Dropbox, Inc.) C:\Users\Vicki\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
() C:\Program Files (x86)\ospd_us_016010034\ospd_us_016010034.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(SafeKey) C:\Program Files (x86)\SafeKey\npmcafee.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-19] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-06] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-01-20] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [SpaceSoundPro] => "C:\Program Files\SpaceSoundPro\SpaceSoundPro.exe"
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-25] (Intel Corporation)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [863960 2015-03-24] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [ospd_us_016010034] => C:\Program Files (x86)\ospd_us_016010034\ospd_us_016010034.exe [3984016 2015-07-17] ()
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe [719272 2015-04-02] (McAfee, Inc.)
HKLM-x32\...\RunOnce: [upospd_us_016010034.exe] => C:\Users\Vicki\AppData\Local\ospd_us_016010034\upospd_us_016010034.exe [3288720 2015-07-17] ()
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-897019477-3370126768-1679138433-1000\...\Run: [Spotify Web Helper] => C:\Users\Vicki\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1178168 2014-08-22] (Spotify Ltd)
HKU\S-1-5-21-897019477-3370126768-1679138433-1000\...\Run: [Dropbox Update] => C:\Users\Vicki\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-16] (Dropbox, Inc.)
HKU\S-1-5-21-897019477-3370126768-1679138433-1000\...\Run: [DeskBar] => C:\Users\Vicki\AppData\Local\DeskBar\dblaunch.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install SafeKey FF RunOnce.lnk [2015-07-19]
ShortcutTarget: Install SafeKey FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (McAfee)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install SafeKey IE RunOnce.lnk [2015-07-19]
ShortcutTarget: Install SafeKey IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (McAfee)
Startup: C:\Users\Vicki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-05-25]
ShortcutTarget: Dropbox.lnk -> C:\Users\Vicki\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Vicki\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Vicki\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Vicki\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Vicki\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Vicki\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Vicki\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Vicki\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Vicki\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-897019477-3370126768-1679138433-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-897019477-3370126768-1679138433-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-897019477-3370126768-1679138433-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN.com - Hotmail, Outlook, Skype, Bing, Latest News, Photos & Videos
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-06-25] (Microsoft Corporation)
BHO: McAfee SafeKey Vault -> {9DB059B3-DD36-4a55-846C-59BE42A1202A} -> C:\Program Files (x86)\SafeKey\LPToolbar_x64.dll [2015-07-19] (McAfee)
BHO: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.11.42\coIEPlg.dll [2015-06-12] (Symantec Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-06-25] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-17] (Oracle Corporation)
BHO-x32: McAfee SafeKey Vault -> {9DB059B3-DD36-4a55-846C-59BE42A1202A} -> C:\Program Files (x86)\SafeKey\LPToolbar.dll [2015-07-19] (McAfee)
BHO-x32: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\coIEPlg.dll [2015-06-12] (Symantec Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-21] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-17] (Oracle Corporation)
Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.11.42\coIEPlg.dll [2015-06-12] (Symantec Corporation)
Toolbar: HKLM - McAfee SafeKey - {61D700C1-7D8D-43c5-9C13-4FF85157CFE6} - C:\Program Files (x86)\SafeKey\LPToolbar_x64.dll [2015-07-19] (McAfee)
Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\coIEPlg.dll [2015-06-12] (Symantec Corporation)
Toolbar: HKLM-x32 - McAfee SafeKey - {61D700C1-7D8D-43c5-9C13-4FF85157CFE6} - C:\Program Files (x86)\SafeKey\LPToolbar.dll [2015-07-19] (McAfee)
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} https://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-07-03] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-07-03] (McAfee, Inc.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-03-12] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-07-03] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-07-03] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2015-04-07] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2015-04-07] (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1DAFF43E-DB8F-4FCE-BAE5-55801F2B8A01}: [NameServer] 82.163.143.131,82.163.142.133
Tcpip\..\Interfaces\{1DAFF43E-DB8F-4FCE-BAE5-55801F2B8A01}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{45EB96AC-16FC-42F4-A9C5-90F24D23609D}: [NameServer] 82.163.143.131,82.163.142.133
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Vicki\AppData\Roaming\Mozilla\Firefox\Profiles\55xvqotf.default
FF NewTab: about:newtab
FF SelectedSearchEngine: Search Module
FF DefaultSearchEngine: Search Module
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-15] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-04-07] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-15] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-17] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-04-07] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-09-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-09-13] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation)
FF SearchPlugin: C:\Users\Vicki\AppData\Roaming\Mozilla\Firefox\Profiles\55xvqotf.default\searchplugins\smod.xml [2015-07-18]
FF Extension: McAfee SafeKey - C:\Users\Vicki\AppData\Roaming\Mozilla\Firefox\Profiles\55xvqotf.default\Extensions\{072844D3-7DEE-45F6-A406-E87F76302E4B} [2015-07-19]
FF Extension: Distill Web Monitor (formerly AlertBox) - C:\Users\Vicki\AppData\Roaming\Mozilla\Firefox\Profiles\55xvqotf.default\Extensions\alertbox@ajitk.com.xpi [2014-08-01]
FF Extension: FF Secure - C:\Users\Vicki\AppData\Roaming\Mozilla\Firefox\Profiles\55xvqotf.default\Extensions\jid1-yhyb03AEVBwcGw@jetpack.xpi [2015-07-18]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2015-07-19]
FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.11.42\coFFPlgn
FF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.11.42\coFFPlgn [2015-07-20]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2015-07-19]
FF Extension: No Name - C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12191.xpi [not found]
StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR Profile: C:\Users\Vicki\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (McAfee SafeKey) - C:\Users\Vicki\AppData\Local\Google\Chrome\User Data\Default\Extensions\agbnjankikoaabjkmfbaceggjliabkbn [2015-07-20]
CHR Extension: (Google Docs) - C:\Users\Vicki\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-04]
CHR Extension: (Google Drive) - C:\Users\Vicki\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-04]
CHR Extension: (YouTube) - C:\Users\Vicki\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-04]
CHR Extension: (Google Search) - C:\Users\Vicki\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-04]
CHR Extension: (Turkopticon) - C:\Users\Vicki\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgefbojfgdddnignhmfmnencgiloojpe [2015-04-11]
CHR Extension: (AdBlock) - C:\Users\Vicki\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-05-04]
CHR Extension: (Norton Identity Safe) - C:\Users\Vicki\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-08-22]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Vicki\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14]
CHR Extension: (Qmee) - C:\Users\Vicki\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbaanpgkpkoamihninlcegnjclcpibde [2015-04-12]
CHR Extension: (Google Wallet) - C:\Users\Vicki\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-04]
CHR Extension: (Gmail) - C:\Users\Vicki\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-04]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-07-20]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\Exts\Chrome.crx [2015-07-19]
CHR HKLM-x32\...\Chrome\Extension: [agbnjankikoaabjkmfbaceggjliabkbn] - C:\Program Files (x86)\SafeKey\lpchrome.crx [2015-07-19]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-07-20]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\Exts\Chrome.crx [2015-07-19]
StartMenuInternet: Google Chrome - chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-05-07] ()
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [433880 2015-03-24] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [388824 2015-03-24] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [798424 2015-03-24] (BlueStack Systems, Inc.)
R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [240584 2012-10-02] (DTS, Inc)
S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
R2 McAfee SiteAdvisor Service; c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [155368 2015-07-03] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [753768 2015-04-07] (McAfee, Inc.)
S2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.5.450.0\McCSPServiceHost.exe [207344 2015-04-08] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [612688 2015-04-09] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-02-17] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [372144 2015-04-01] (McAfee, Inc.)
R3 mfevtp; C:\Windows\system32\mfevtps.exe [250672 2015-02-17] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\NST.exe [131144 2015-03-05] (Symantec Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-01-20] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16939296 2014-01-20] (NVIDIA Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5495056 2015-06-18] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 migihuse; C:\Program Files (x86)\2F8B4820-1437277603-11DD-B021-BCEE7B8C64A3\knsk810B.tmpfs [X]
S2 wssvc_1.10.0.19; "C:\Program Files (x86)\WordShark_1.10.0.19\Service\wssvc.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [144600 2015-03-24] (BlueStack Systems)
R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE070B0.02A\ccSetx64.sys [162392 2013-09-27] (Symantec Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [68784 2015-02-17] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R2 McPvDrv; C:\Windows\system32\drivers\McPvDrv.sys [76064 2015-03-27] (McAfee, Inc.)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [401736 2015-02-17] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [337888 2015-02-17] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [488000 2015-02-17] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [864072 2015-02-17] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [482600 2015-01-16] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [100720 2015-01-16] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340448 2015-02-17] (McAfee, Inc.)
S3 npf; C:\Users\Vicki\AppData\Local\Temp\HouseCall\tmase\nmap\npf\x64\npf.sys [36600 2014-08-19] (Riverbed Technology, Inc.)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-20 20:43 - 2015-07-20 20:43 - 00027075 _____ C:\Users\Vicki\Desktop\FRST.txt
2015-07-20 20:43 - 2015-07-20 20:43 - 00000000 ____D C:\Users\Vicki\Desktop\FRST-OlderVersion
2015-07-20 20:40 - 2015-07-20 20:41 - 00000000 ____D C:\AdwCleaner
2015-07-20 20:39 - 2015-07-20 20:39 - 02248704 _____ C:\Users\Vicki\Downloads\AdwCleaner (1).exe
2015-07-20 20:39 - 2015-07-20 20:39 - 02248704 _____ C:\Users\Vicki\Desktop\AdwCleaner.exe
2015-07-19 17:07 - 2015-07-19 17:07 - 00008753 _____ C:\Users\Vicki\Desktop\attach.txt
2015-07-19 17:07 - 2015-07-19 17:06 - 00034691 _____ C:\Users\Vicki\Desktop\dds.txt
2015-07-19 17:06 - 2015-07-19 17:06 - 00688992 ____R (Swearware) C:\Users\Vicki\Downloads\dds.scr
2015-07-19 06:05 - 2015-07-19 06:05 - 00000000 ____D C:\Windows\System32\Tasks\Norton Identity Safe
2015-07-19 00:40 - 2015-07-20 20:32 - 00000000 __RSD C:\Users\Vicki\Documents\McAfee Vaults
2015-07-19 00:40 - 2015-07-19 00:40 - 00001916 _____ C:\Users\Public\Desktop\McAfee Multi Access - Total Protection.lnk
2015-07-19 00:40 - 2015-07-19 00:40 - 00000000 ____D C:\Users\Vicki\AppData\Local\McAfee File Lock
2015-07-19 00:40 - 2015-07-19 00:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-07-19 00:40 - 2015-07-19 00:40 - 00000000 ____D C:\Program Files (x86)\SafeKey
2015-07-19 00:40 - 2015-07-19 00:40 - 00000000 ____D C:\Program Files (x86)\McAfee.com
2015-07-19 00:40 - 2015-03-27 10:08 - 00076064 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\McPvDrv.sys
2015-07-19 00:40 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
2015-07-19 00:39 - 2015-07-20 20:41 - 00000000 ____D C:\Program Files (x86)\McAfee
2015-07-19 00:39 - 2015-07-19 00:40 - 00000000 ____D C:\Program Files\McAfee
2015-07-19 00:39 - 2015-07-19 00:39 - 00000000 ____D C:\Program Files\McAfee.com
2015-07-19 00:24 - 2015-07-19 00:25 - 02134528 _____ (Farbar) C:\Users\Vicki\Downloads\FRST64 (1).exe
2015-07-19 00:23 - 2015-07-20 20:43 - 00000000 ____D C:\FRST
2015-07-19 00:22 - 2015-07-20 20:43 - 02135552 _____ (Farbar) C:\Users\Vicki\Desktop\FRST64.exe
2015-07-19 00:22 - 2015-07-19 00:31 - 00000000 ____D C:\Program Files (x86)\PCMATICPLUSSOL
2015-07-19 00:22 - 2015-07-19 00:22 - 00003688 _____ C:\Windows\System32\Tasks\IEError
2015-07-19 00:22 - 2015-07-19 00:22 - 00003682 _____ C:\Windows\System32\Tasks\boosterpop
2015-07-19 00:22 - 2015-07-19 00:22 - 00003496 _____ C:\Windows\System32\Tasks\AI_Updater
2015-07-19 00:20 - 2015-07-19 00:20 - 00000000 ____D C:\Users\Vicki\AppData\Local\PCMATICPLUS_fixed
2015-07-19 00:14 - 2015-07-19 00:16 - 07720664 _____ (McAfee, Inc.) C:\Users\Vicki\Downloads\McAfeeSetup-Serial (1).exe
2015-07-19 00:13 - 2015-07-19 00:17 - 02494944 _____ (Trend Micro Inc.) C:\Users\Vicki\Downloads\HousecallLauncher64 (1).exe
2015-07-19 00:07 - 2015-07-19 00:07 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-07-19 00:05 - 2015-07-19 00:05 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Identity Safe
2015-07-19 00:05 - 2015-07-19 00:05 - 00000000 ____D C:\Windows\system32\Drivers\NSTx64
2015-07-19 00:05 - 2015-07-19 00:05 - 00000000 ____D C:\Program Files (x86)\Norton Identity Safe
2015-07-19 00:02 - 2015-07-19 00:02 - 00000000 ____D C:\Users\Vicki\AppData\Local\Chromium
2015-07-19 00:01 - 2015-07-19 03:40 - 00000000 ____D C:\ProgramData\McAfee
2015-07-19 00:01 - 2015-07-19 00:40 - 00000000 ____D C:\Quarantine
2015-07-19 00:01 - 2015-07-19 00:40 - 00000000 ____D C:\Program Files\Common Files\McAfee
2015-07-19 00:01 - 2015-07-19 00:01 - 07720664 _____ (McAfee, Inc.) C:\Users\Vicki\Downloads\McAfeeSetup-Serial.exe
2015-07-19 00:01 - 2015-07-19 00:01 - 00452682 _____ C:\Users\Vicki\AppData\Local\census.cache
2015-07-19 00:01 - 2015-07-19 00:01 - 00177677 _____ C:\Users\Vicki\AppData\Local\ars.cache
2015-07-19 00:01 - 2015-02-17 14:36 - 00250672 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe
2015-07-18 23:59 - 2015-07-19 00:06 - 00000010 _____ C:\Users\Vicki\AppData\Local\sponge.last.runtime.cache
2015-07-18 23:57 - 2015-07-19 11:57 - 00000340 _____ C:\Windows\Tasks\Bidaily Synchronize Task[8da6].job
2015-07-18 23:57 - 2015-07-18 23:57 - 00003252 _____ C:\Windows\System32\Tasks\Bidaily Synchronize Task[8da6]
2015-07-18 23:54 - 2015-07-18 23:54 - 02494944 _____ (Trend Micro Inc.) C:\Users\Vicki\Downloads\HousecallLauncher64.exe
2015-07-18 23:54 - 2015-07-18 23:54 - 00000036 _____ C:\Users\Vicki\AppData\Local\housecall.guid.cache
2015-07-18 23:51 - 2015-07-18 23:51 - 00003604 _____ C:\Windows\System32\Tasks\BAUpd
2015-07-18 23:51 - 2015-07-18 23:51 - 00000000 ____D C:\Users\Vicki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserAir
2015-07-18 23:51 - 2015-07-18 23:51 - 00000000 ____D C:\Users\Vicki\AppData\Local\BrowserAir
2015-07-18 23:50 - 2015-07-18 23:50 - 00003856 _____ C:\Windows\System32\Tasks\SMWUpd
2015-07-18 23:50 - 2015-07-18 23:50 - 00003628 _____ C:\Windows\System32\Tasks\HDNINSTSCHD
2015-07-18 23:49 - 2015-07-19 00:43 - 00000000 ____D C:\Program Files\ffsecure
2015-07-18 23:48 - 2015-07-20 20:41 - 00000000 ____D C:\Users\Vicki\AppData\Local\ospd_us_016010034
2015-07-18 23:48 - 2015-07-19 00:16 - 00000000 ____D C:\Program Files (x86)\ospd_us_016010034
2015-07-18 23:48 - 2015-07-18 23:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ONESOFTPERDAY
2015-07-18 23:48 - 2015-07-18 23:48 - 00000000 ____D C:\Program Files (x86)\ospd_us_014010035
2015-07-18 23:46 - 2015-07-19 16:07 - 00000000 ____D C:\Program Files (x86)\2F8B4820-1437277603-11DD-B021-BCEE7B8C64A3
2015-07-14 19:54 - 2015-07-09 13:58 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-07-14 19:54 - 2015-07-09 13:58 - 02603008 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-07-14 19:54 - 2015-07-09 13:58 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-07-14 19:54 - 2015-07-09 13:58 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-07-14 19:54 - 2015-07-09 13:58 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-07-14 19:54 - 2015-07-09 13:58 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-07-14 19:54 - 2015-07-09 13:58 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-07-14 19:54 - 2015-07-09 13:58 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-07-14 19:54 - 2015-07-09 13:58 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-07-14 19:54 - 2015-07-09 13:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-07-14 19:54 - 2015-07-09 13:58 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-07-14 19:54 - 2015-07-09 13:43 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-07-14 19:54 - 2015-07-09 13:43 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-07-14 19:54 - 2015-07-09 13:43 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-07-14 19:54 - 2015-07-09 13:43 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-07-14 19:54 - 2015-07-09 13:42 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-07-14 19:54 - 2015-07-02 17:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-07-14 19:54 - 2015-07-02 17:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-07-14 19:54 - 2015-07-02 16:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-07-14 19:54 - 2015-07-02 16:49 - 25193984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-14 19:54 - 2015-07-02 16:46 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-07-14 19:54 - 2015-07-02 16:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-07-14 19:54 - 2015-07-02 16:23 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-14 19:54 - 2015-07-02 16:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-07-14 19:54 - 2015-07-02 16:12 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-14 19:54 - 2015-07-02 15:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-07-14 19:54 - 2015-07-02 15:20 - 14453248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-14 19:54 - 2015-07-02 14:59 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-14 19:54 - 2015-06-26 22:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-07-14 19:54 - 2015-06-26 22:43 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-14 19:54 - 2015-06-26 21:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-07-14 19:54 - 2015-06-26 21:39 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-07-14 19:54 - 2015-06-25 14:09 - 00389832 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-07-14 19:54 - 2015-06-25 13:43 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-07-14 19:54 - 2015-06-25 04:57 - 03207168 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-14 19:54 - 2015-06-20 16:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-07-14 19:54 - 2015-06-20 15:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-07-14 19:54 - 2015-06-20 15:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-14 19:54 - 2015-06-20 15:49 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-14 19:54 - 2015-06-20 15:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-07-14 19:54 - 2015-06-20 15:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-07-14 19:54 - 2015-06-20 15:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-14 19:54 - 2015-06-20 15:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-07-14 19:54 - 2015-06-20 15:34 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-14 19:54 - 2015-06-20 15:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-07-14 19:54 - 2015-06-20 15:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-07-14 19:54 - 2015-06-20 15:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-07-14 19:54 - 2015-06-20 15:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-14 19:54 - 2015-06-20 15:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-07-14 19:54 - 2015-06-20 15:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-14 19:54 - 2015-06-20 15:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-14 19:54 - 2015-06-20 15:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-14 19:54 - 2015-06-20 14:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-14 19:54 - 2015-06-20 14:48 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-07-14 19:54 - 2015-06-20 14:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-14 19:54 - 2015-06-20 14:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-07-14 19:54 - 2015-06-20 14:26 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-14 19:54 - 2015-06-20 14:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-14 19:54 - 2015-06-19 14:25 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-07-14 19:54 - 2015-06-19 14:25 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-07-14 19:54 - 2015-06-19 14:24 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-07-14 19:54 - 2015-06-19 14:24 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-07-14 19:54 - 2015-06-19 14:23 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-07-14 19:54 - 2015-06-19 14:17 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-07-14 19:54 - 2015-06-19 14:16 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-07-14 19:54 - 2015-06-19 14:13 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-07-14 19:54 - 2015-06-19 14:13 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-07-14 19:54 - 2015-06-19 14:03 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-07-14 19:54 - 2015-06-19 13:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-07-14 19:54 - 2015-06-19 13:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-07-14 19:54 - 2015-06-19 13:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-07-14 19:54 - 2015-06-19 13:51 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-07-14 19:54 - 2015-06-19 13:40 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-07-14 19:54 - 2015-06-19 13:40 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-07-14 19:54 - 2015-06-19 13:39 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-07-14 19:54 - 2015-06-19 13:15 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-07-14 19:54 - 2015-06-19 13:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-07-14 19:54 - 2015-06-17 13:47 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-14 19:54 - 2015-06-17 13:37 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-07-14 19:54 - 2015-06-01 20:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-07-14 19:54 - 2015-06-01 19:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
2015-07-14 19:53 - 2015-07-09 13:59 - 00017856 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-07-14 19:53 - 2015-07-09 13:58 - 01085440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-07-14 19:53 - 2015-07-09 13:58 - 00765440 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-07-14 19:53 - 2015-07-09 13:58 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-07-14 19:53 - 2015-07-09 13:58 - 00433664 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-07-14 19:53 - 2015-07-09 13:58 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-07-14 19:53 - 2015-07-09 13:58 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-07-14 19:53 - 2015-07-09 13:50 - 01145856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-07-14 19:53 - 2015-07-04 14:07 - 02087424 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-14 19:53 - 2015-07-04 13:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-07-14 19:53 - 2015-07-03 14:05 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-07-14 19:53 - 2015-07-03 14:05 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-14 19:53 - 2015-07-03 14:05 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-07-14 19:53 - 2015-07-03 14:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-07-14 19:53 - 2015-07-03 13:56 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-07-14 19:53 - 2015-07-03 13:56 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-07-14 19:53 - 2015-07-03 13:56 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-07-14 19:53 - 2015-07-03 13:55 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-07-14 19:53 - 2015-07-03 12:52 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-14 19:53 - 2015-07-03 12:42 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-07-14 19:53 - 2015-07-01 16:56 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-14 19:53 - 2015-07-01 16:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-07-14 19:53 - 2015-07-01 16:49 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-07-14 19:53 - 2015-07-01 16:49 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-14 19:53 - 2015-07-01 16:49 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-14 19:53 - 2015-07-01 16:49 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-07-14 19:53 - 2015-07-01 16:49 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-14 19:53 - 2015-07-01 16:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-07-14 19:53 - 2015-07-01 16:49 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-07-14 19:53 - 2015-07-01 16:49 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-07-14 19:53 - 2015-07-01 16:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-07-14 19:53 - 2015-07-01 16:49 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-07-14 19:53 - 2015-07-01 16:49 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-07-14 19:53 - 2015-07-01 16:48 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-07-14 19:53 - 2015-07-01 16:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-07-14 19:53 - 2015-07-01 16:47 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-07-14 19:53 - 2015-07-01 16:47 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-07-14 19:53 - 2015-07-01 16:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-07-14 19:53 - 2015-07-01 16:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-07-14 19:53 - 2015-07-01 16:39 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-07-14 19:53 - 2015-07-01 16:30 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-07-14 19:53 - 2015-07-01 16:30 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-07-14 19:53 - 2015-07-01 16:30 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-07-14 19:53 - 2015-07-01 16:30 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-07-14 19:53 - 2015-07-01 16:30 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-07-14 19:53 - 2015-07-01 16:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-07-14 19:53 - 2015-07-01 16:30 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-07-14 19:53 - 2015-07-01 16:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-07-14 19:53 - 2015-07-01 16:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-07-14 19:53 - 2015-07-01 16:29 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-07-14 19:53 - 2015-07-01 16:29 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-07-14 19:53 - 2015-07-01 16:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-07-14 19:53 - 2015-07-01 16:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-07-14 19:53 - 2015-07-01 16:26 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-07-14 19:53 - 2015-07-01 16:24 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-07-14 19:53 - 2015-07-01 15:27 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-14 19:53 - 2015-07-01 15:26 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-14 19:53 - 2015-07-01 15:26 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-14 19:53 - 2015-06-15 17:50 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-07-14 19:53 - 2015-06-15 17:45 - 03242496 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-14 19:53 - 2015-06-15 17:45 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-14 19:53 - 2015-06-15 17:45 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-07-14 19:53 - 2015-06-15 17:45 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-07-14 19:53 - 2015-06-15 17:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-14 19:53 - 2015-06-15 17:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-07-14 19:53 - 2015-06-15 17:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-07-14 19:53 - 2015-06-15 17:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-07-14 19:53 - 2015-06-15 17:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-07-14 19:53 - 2015-06-15 17:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2015-07-14 19:53 - 2015-06-15 17:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2015-07-14 19:53 - 2015-04-27 15:23 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-07-14 19:53 - 2015-04-27 15:23 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-07-14 19:53 - 2015-04-27 15:23 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-07-14 19:53 - 2015-04-27 15:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-07-14 19:53 - 2015-04-27 15:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-07-14 19:53 - 2015-04-27 15:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-07-14 19:53 - 2015-04-27 15:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-07-14 19:53 - 2015-04-27 15:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-07-12 00:43 - 2015-07-12 04:11 - 00000000 ____D C:\Users\Vicki\Desktop\ClashBot_7.3
2015-07-10 21:04 - 2015-07-10 21:04 - 00000000 ____D C:\Users\Vicki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-07-06 21:12 - 2015-07-06 21:12 - 00000000 ____D C:\Users\Vicki\AppData\Roaming\NVIDIA
2015-07-02 23:44 - 2015-07-03 06:07 - 00000000 ____D C:\Users\Vicki\Desktop\ClashBot_7.1
2015-07-02 22:15 - 2015-07-02 22:15 - 00000000 ____D C:\Users\Vicki\AppData\Roaming\WinRAR
2015-07-02 22:15 - 2015-07-02 22:15 - 00000000 ____D C:\Users\Vicki\AppData\Roaming\qmacro
2015-07-02 22:15 - 2015-07-02 22:15 - 00000000 ____D C:\Users\Vicki\AppData\Roaming\mymacro
2015-07-02 22:14 - 2015-07-02 22:14 - 01941744 _____ C:\Users\Vicki\Downloads\winrar-x64-521.exe
2015-07-02 22:14 - 2015-07-02 22:14 - 00000000 ____D C:\Users\Vicki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-07-02 22:14 - 2015-07-02 22:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-07-02 22:14 - 2015-07-02 22:14 - 00000000 ____D C:\Program Files\WinRAR
2015-07-02 22:11 - 2015-07-02 22:13 - 08132834 _____ C:\Users\Vicki\Downloads\LazyPressingV8.1Pro.rar

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-20 20:42 - 2015-05-25 14:44 - 00000000 ___RD C:\Users\Vicki\Dropbox
2015-07-20 20:42 - 2015-05-25 14:44 - 00000000 ____D C:\Users\Vicki\AppData\Roaming\Dropbox
2015-07-20 20:41 - 2014-08-01 09:02 - 00001061 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-07-20 20:41 - 2014-08-01 09:02 - 00001049 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-07-20 20:41 - 2014-05-04 10:29 - 00001286 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-20 20:41 - 2014-05-04 10:29 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-20 20:41 - 2014-05-04 10:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-07-20 20:41 - 2014-03-30 12:59 - 00000000 ____D C:\ProgramData\NVIDIA
2015-07-20 20:41 - 2014-03-30 12:56 - 01160290 _____ C:\Windows\WindowsUpdate.log
2015-07-20 20:41 - 2014-03-30 12:56 - 00000989 _____ C:\Users\Vicki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-07-20 20:41 - 2010-11-20 23:47 - 00754562 _____ C:\Windows\PFRO.log
2015-07-20 20:41 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-20 20:41 - 2009-07-14 00:51 - 00045030 _____ C:\Windows\setupact.log
2015-07-20 20:40 - 2009-07-14 00:45 - 00031280 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-20 20:40 - 2009-07-14 00:45 - 00031280 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-20 20:36 - 2014-08-09 20:39 - 00000000 ____D C:\Users\Vicki\AppData\Roaming\uTorrent
2015-07-20 20:35 - 2009-07-14 01:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-19 17:13 - 2014-12-20 10:23 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-19 17:09 - 2015-06-16 19:58 - 00000918 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-897019477-3370126768-1679138433-1000UA.job
2015-07-19 17:09 - 2015-03-08 16:54 - 00000000 ____D C:\Users\Vicki\AppData\Local\CrashDumps
2015-07-19 16:53 - 2014-05-04 10:29 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-19 09:09 - 2015-06-16 19:58 - 00000866 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-897019477-3370126768-1679138433-1000Core.job
2015-07-19 00:07 - 2015-06-18 08:20 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2015-07-19 00:07 - 2009-07-14 01:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-07-19 00:06 - 2014-04-06 12:53 - 00000000 ____D C:\ProgramData\Norton
2015-07-18 22:37 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
2015-07-18 09:04 - 2015-06-16 19:58 - 00003888 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-897019477-3370126768-1679138433-1000UA
2015-07-18 09:04 - 2015-06-16 19:58 - 00003492 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-897019477-3370126768-1679138433-1000Core
2015-07-18 03:00 - 2014-04-10 21:10 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-07-18 03:00 - 2014-04-10 21:07 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-07-15 20:48 - 2014-05-04 10:29 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-15 20:48 - 2014-05-04 10:29 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-15 11:13 - 2014-12-20 10:23 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-15 11:13 - 2014-12-20 10:23 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-15 11:13 - 2014-12-20 10:23 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-15 03:46 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2015-07-15 03:21 - 2009-07-14 00:45 - 00433744 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-15 03:20 - 2014-12-17 22:22 - 00000000 ____D C:\Windows\system32\appraiser
2015-07-15 03:20 - 2014-05-10 23:19 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-07-15 03:20 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-07-15 03:01 - 2009-07-13 22:34 - 00000478 _____ C:\Windows\win.ini
2015-07-13 20:52 - 2014-08-01 09:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-12 03:00 - 2015-04-11 22:59 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-07-12 03:00 - 2015-04-11 22:59 - 00000000 ___SD C:\Windows\system32\GWX
2015-07-06 16:40 - 2014-06-20 14:39 - 00000000 ____D C:\Users\Public\Downloads\Norton
2015-06-24 10:08 - 2015-06-18 08:20 - 00000971 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-06-24 10:08 - 2015-06-18 08:20 - 00000959 _____ C:\Users\Public\Desktop\TeamViewer 10.lnk

==================== Files in the root of some directories =======

2015-07-19 00:40 - 2015-07-19 00:40 - 32372200 _____ (McAfee) C:\Program Files (x86)\Common Files\lpuninstall.exe
2015-07-19 00:01 - 2015-07-19 00:01 - 0177677 _____ () C:\Users\Vicki\AppData\Local\ars.cache
2015-07-19 00:01 - 2015-07-19 00:01 - 0452682 _____ () C:\Users\Vicki\AppData\Local\census.cache
2015-07-18 23:54 - 2015-07-18 23:54 - 0000036 _____ () C:\Users\Vicki\AppData\Local\housecall.guid.cache
2015-07-18 23:59 - 2015-07-19 00:06 - 0000010 _____ () C:\Users\Vicki\AppData\Local\sponge.last.runtime.cache
2014-03-30 13:08 - 2014-03-30 13:08 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\Vicki\AppData\Local\Temp\amisetup9518__12900.exe
C:\Users\Vicki\AppData\Local\Temp\bedhchejca.exe
C:\Users\Vicki\AppData\Local\Temp\compete.exe
C:\Users\Vicki\AppData\Local\Temp\CRACKED Clashbot With VIP Fea Downloader__3687_i1560667525_il1294432.exe
C:\Users\Vicki\AppData\Local\Temp\cw.exe
C:\Users\Vicki\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmptheuat.dll
C:\Users\Vicki\AppData\Local\Temp\JuniperSetupClientInstaller.exe
C:\Users\Vicki\AppData\Local\Temp\McCSPInstall.dll
C:\Users\Vicki\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Vicki\AppData\Local\Temp\nvStInst.exe
C:\Users\Vicki\AppData\Local\Temp\Prompt-Downloader-1916998687.exe
C:\Users\Vicki\AppData\Local\Temp\Quarantine.exe
C:\Users\Vicki\AppData\Local\Temp\sqlite3.dll
C:\Users\Vicki\AppData\Local\Temp\Uninstall.exe
C:\Users\Vicki\AppData\Local\Temp\UninstallModule.exe
C:\Users\Vicki\AppData\Local\Temp\USkinDLL.dll
C:\Users\Vicki\AppData\Local\Temp\_is1F91.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-13 21:10

==================== End of log ============================
 

Attachments

#5 ·
re: Downloaded .EXE File Causing Auto Install of many Programs. Help!

Hello alildusty. Sorry about Itibiti RTC. You won't see it in Programs and Features until after this fix with FRST64.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

Emergency Backup Procedure - Tech Support Forum

Also, if you haven't done so already, create a system repair disc. It's really easy and quick.

How To Create a Windows 7 System Repair Disc [Easy]

------------------------------------------------------

Please uninstall the following via Start->(or Computer)->Control Panel->(Programs)->Programs and Features if they still exist:

BrowserAir
ffsecure Uninstall


These entries are classified as adware, or other potentially unwanted software.

------------------------------------------------------
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST64.exe
  • If asked to change 'Encoding:' to 'Unicode:', please agree and save it.

    NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    createrestorepoint:
    Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
    Task: {0FD35938-C416-4BF8-9C51-95AD6731A512} - System32\Tasks\boosterpop => C:\Program Files (x86)\PCMATICPLUSSOL\Quarantine.exe
    Task: {13A6730A-8083-425A-9A97-E9C961D3AB33} - System32\Tasks\HDNINSTSCHD => C:\Windows\PCBHDNW\hdnInstaller.exe <==== ATTENTION
    Task: {26010272-DC39-48EB-9F51-09A0E0B949DD} - System32\Tasks\IEError => C:\Program Files (x86)\PCMATICPLUSSOL\virusIEFilter.exe
    Task: {3CD134A3-5D02-45AB-93EC-D9257F8E6225} - System32\Tasks\AI_Updater => C:\Program Files (x86)\PCMATICPLUSSOL\updater.exe
    Task: {45387387-D786-4233-A053-E513FEE7452E} - System32\Tasks\SMWUpd => C:\Program Files\Common Files\Goobzo\GBUpdate\updater.exe <==== ATTENTION
    Task: {8A0DED16-0ECE-4AEF-BA48-D6BED58B841F} - System32\Tasks\BAUpd => C:\Users\Vicki\AppData\Local\BrowserAir\Application\updater.exe
    Task: {EE6F3C66-3058-42D9-B874-ADFFC33EC487} - System32\Tasks\Bidaily Synchronize Task[8da6] => c:\programdata\{49daa21b-fd28-36a9-49da-aa21bfd2886f}\hqghumeaylnlf.exe <==== ATTENTION
    c:\programdata\{49daa21b-fd28-36a9-49da-aa21bfd2886f}
    C:\Program Files\Common Files\Goobzo
    C:\Windows\PCBHDNW
    Task: C:\Windows\Tasks\Bidaily Synchronize Task[8da6].job => c:\programdata\{49daa21b-fd28-36a9-49da-aa21bfd2886f}\hqghumeaylnlf.exe <==== ATTENTION
    FirewallRules: [{DB1E1459-9B46-47D1-B71E-157651E03BEA}] => (Allow) C:\Program Files (x86)\Max Driver Updater\maxdu.exe
    FirewallRules: [{F2C088C8-DF48-4E1E-89BE-60BA64CB04DA}] => (Allow) C:\Users\Vicki\AppData\Local\BrowserAir\Application\BrowserAir.exe
    () C:\Users\Vicki\AppData\Local\ospd_us_016010034\upospd_us_016010034.exe
    C:\Users\Vicki\AppData\Local\ospd_us_016010034
    () C:\Program Files (x86)\ospd_us_016010034\ospd_us_016010034.exe
    C:\Program Files (x86)\ospd_us_016010034
    HKLM-x32\...\Run: [ospd_us_016010034] => C:\Program Files (x86)\ospd_us_016010034\ospd_us_016010034.exe [3984016 2015-07-17] ()
    HKLM-x32\...\RunOnce: [upospd_us_016010034.exe] => C:\Users\Vicki\AppData\Local\ospd_us_016010034\upospd_us_016010034.exe [3288720 2015-07-17] ()
    HKLM\...\Policies\Explorer: [NoFolderOptions] 0
    HKLM\...\Policies\Explorer: [NoControlPanel] 0
    ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Vicki\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Vicki\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Vicki\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Vicki\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Vicki\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Vicki\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Vicki\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Vicki\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-897019477-3370126768-1679138433-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    FF SelectedSearchEngine: Search Module
    FF DefaultSearchEngine: Search Module
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF SearchPlugin: C:\Users\Vicki\AppData\Roaming\Mozilla\Firefox\Profiles\55xvqotf.default\searchplugins\smod.xml [2015-07-18]
    FF Extension: FF Secure - C:\Users\Vicki\AppData\Roaming\Mozilla\Firefox\Profiles\55xvqotf.default\Extensions\jid1-yhyb03AEVBwcGw@jetpack.xpi [2015-07-18]
    FF Extension: No Name - C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12191.xpi [not found]
    R2 migihuse; C:\Program Files (x86)\2F8B4820-1437277603-11DD-B021-BCEE7B8C64A3\knsk810B.tmpfs [X]
    S2 wssvc_1.10.0.19; "C:\Program Files (x86)\WordShark_1.10.0.19\Service\wssvc.exe" [X]
    C:\Program Files (x86)\WordShark_1.10.0.19
    2015-07-19 00:22 - 2015-07-19 00:31 - 00000000 ____D C:\Program Files (x86)\PCMATICPLUSSOL
    2015-07-19 00:22 - 2015-07-19 00:22 - 00003688 _____ C:\Windows\System32\Tasks\IEError
    2015-07-19 00:22 - 2015-07-19 00:22 - 00003682 _____ C:\Windows\System32\Tasks\boosterpop
    2015-07-19 00:22 - 2015-07-19 00:22 - 00003496 _____ C:\Windows\System32\Tasks\AI_Updater
    2015-07-19 00:20 - 2015-07-19 00:20 - 00000000 ____D C:\Users\Vicki\AppData\Local\PCMATICPLUS_fixed
    2015-07-18 23:57 - 2015-07-19 11:57 - 00000340 _____ C:\Windows\Tasks\Bidaily Synchronize Task[8da6].job
    2015-07-18 23:57 - 2015-07-18 23:57 - 00003252 _____ C:\Windows\System32\Tasks\Bidaily Synchronize Task[8da6]
    2015-07-18 23:51 - 2015-07-18 23:51 - 00003604 _____ C:\Windows\System32\Tasks\BAUpd
    2015-07-18 23:51 - 2015-07-18 23:51 - 00000000 ____D C:\Users\Vicki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserAir
    2015-07-18 23:51 - 2015-07-18 23:51 - 00000000 ____D C:\Users\Vicki\AppData\Local\BrowserAir
    2015-07-18 23:50 - 2015-07-18 23:50 - 00003856 _____ C:\Windows\System32\Tasks\SMWUpd
    2015-07-18 23:50 - 2015-07-18 23:50 - 00003628 _____ C:\Windows\System32\Tasks\HDNINSTSCHD
    2015-07-18 23:49 - 2015-07-19 00:43 - 00000000 ____D C:\Program Files\ffsecure
    2015-07-18 23:48 - 2015-07-20 20:41 - 00000000 ____D C:\Users\Vicki\AppData\Local\ospd_us_016010034
    2015-07-18 23:48 - 2015-07-19 00:16 - 00000000 ____D C:\Program Files (x86)\ospd_us_016010034
    2015-07-18 23:48 - 2015-07-18 23:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ONESOFTPERDAY
    2015-07-18 23:48 - 2015-07-18 23:48 - 00000000 ____D C:\Program Files (x86)\ospd_us_014010035
    2015-07-18 23:46 - 2015-07-19 16:07 - 00000000 ____D C:\Program Files (x86)\2F8B4820-1437277603-11DD-B021-BCEE7B8C64A3
    EmptyTemp:
    end
  • Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------
 
#6 ·
re: Downloaded .EXE File Causing Auto Install of many Programs. Help!

Fix result of Farbar Recovery Scan Tool (x64) Version:20-07-2015
Ran by Vicki at 2015-07-22 19:50:31 Run:1
Running from C:\Users\Vicki\Desktop
Loaded Profiles: Vicki (Available Profiles: Vicki)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
createrestorepoint:
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
Task: {0FD35938-C416-4BF8-9C51-95AD6731A512} - System32\Tasks\boosterpop => C:\Program Files (x86)\PCMATICPLUSSOL\Quarantine.exe
Task: {13A6730A-8083-425A-9A97-E9C961D3AB33} - System32\Tasks\HDNINSTSCHD => C:\Windows\PCBHDNW\hdnInstaller.exe <==== ATTENTION
Task: {26010272-DC39-48EB-9F51-09A0E0B949DD} - System32\Tasks\IEError => C:\Program Files (x86)\PCMATICPLUSSOL\virusIEFilter.exe
Task: {3CD134A3-5D02-45AB-93EC-D9257F8E6225} - System32\Tasks\AI_Updater => C:\Program Files (x86)\PCMATICPLUSSOL\updater.exe
Task: {45387387-D786-4233-A053-E513FEE7452E} - System32\Tasks\SMWUpd => C:\Program Files\Common Files\Goobzo\GBUpdate\updater.exe <==== ATTENTION
Task: {8A0DED16-0ECE-4AEF-BA48-D6BED58B841F} - System32\Tasks\BAUpd => C:\Users\Vicki\AppData\Local\BrowserAir\Application\updater.exe
Task: {EE6F3C66-3058-42D9-B874-ADFFC33EC487} - System32\Tasks\Bidaily Synchronize Task[8da6] => c:\programdata\{49daa21b-fd28-36a9-49da-aa21bfd2886f}\hqghumeaylnlf.exe <==== ATTENTION
c:\programdata\{49daa21b-fd28-36a9-49da-aa21bfd2886f}
C:\Program Files\Common Files\Goobzo
C:\Windows\PCBHDNW
Task: C:\Windows\Tasks\Bidaily Synchronize Task[8da6].job => c:\programdata\{49daa21b-fd28-36a9-49da-aa21bfd2886f}\hqghumeaylnlf.exe <==== ATTENTION
FirewallRules: [{DB1E1459-9B46-47D1-B71E-157651E03BEA}] => (Allow) C:\Program Files (x86)\Max DRIVER UPDATER\maxdu.exe
FirewallRules: [{F2C088C8-DF48-4E1E-89BE-60BA64CB04DA}] => (Allow) C:\Users\Vicki\AppData\Local\BrowserAir\Application\BrowserAir.exe
() C:\Users\Vicki\AppData\Local\ospd_us_016010034\upospd_us_016010034.exe
C:\Users\Vicki\AppData\Local\ospd_us_016010034
() C:\Program Files (x86)\ospd_us_016010034\ospd_us_016010034.exe
C:\Program Files (x86)\ospd_us_016010034
HKLM-x32\...\Run: [ospd_us_016010034] => C:\Program Files (x86)\ospd_us_016010034\ospd_us_016010034.exe [3984016 2015-07-17] ()
HKLM-x32\...\RunOnce: [upospd_us_016010034.exe] => C:\Users\Vicki\AppData\Local\ospd_us_016010034\upospd_us_016010034.exe [3288720 2015-07-17] ()
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Vicki\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Vicki\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Vicki\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Vicki\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Vicki\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Vicki\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Vicki\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Vicki\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft INTERNET EXPLORER: Policy restriction <======= ATTENTION
HKU\S-1-5-21-897019477-3370126768-1679138433-1000\SOFTWARE\Policies\Microsoft INTERNET EXPLORER: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF SelectedSearchEngine: Search Module
FF DefaultSearchEngine: Search Module
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF SearchPlugin: C:\Users\Vicki\AppData\Roaming\Mozilla\Firefox\Profiles\55xvqotf.default\searchplugins\smod.xml [2015-07-18]
FF Extension: FF Secure - C:\Users\Vicki\AppData\Roaming\Mozilla\Firefox\Profiles\55xvqotf.default\Extensions\jid1-yhyb03AEVBwcGw@jetpack.xpi [2015-07-18]
FF Extension: No Name - C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12191.xpi NOT FOUND]
R2 migihuse; C:\Program Files (x86)\2F8B4820-1437277603-11DD-B021-BCEE7B8C64A3\knsk810B.tmpfs [X]
S2 wssvc_1.10.0.19; "C:\Program Files (x86)\WordShark_1.10.0.19\Service\wssvc.exe" [X]
C:\Program Files (x86)\WordShark_1.10.0.19
2015-07-19 00:22 - 2015-07-19 00:31 - 00000000 ____D C:\Program Files (x86)\PCMATICPLUSSOL
2015-07-19 00:22 - 2015-07-19 00:22 - 00003688 _____ C:\Windows\System32\Tasks\IEError
2015-07-19 00:22 - 2015-07-19 00:22 - 00003682 _____ C:\Windows\System32\Tasks\boosterpop
2015-07-19 00:22 - 2015-07-19 00:22 - 00003496 _____ C:\Windows\System32\Tasks\AI_Updater
2015-07-19 00:20 - 2015-07-19 00:20 - 00000000 ____D C:\Users\Vicki\AppData\Local\PCMATICPLUS_fixed
2015-07-18 23:57 - 2015-07-19 11:57 - 00000340 _____ C:\Windows\Tasks\Bidaily Synchronize Task[8da6].job
2015-07-18 23:57 - 2015-07-18 23:57 - 00003252 _____ C:\Windows\System32\Tasks\Bidaily Synchronize Task[8da6]
2015-07-18 23:51 - 2015-07-18 23:51 - 00003604 _____ C:\Windows\System32\Tasks\BAUpd
2015-07-18 23:51 - 2015-07-18 23:51 - 00000000 ____D C:\Users\Vicki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserAir
2015-07-18 23:51 - 2015-07-18 23:51 - 00000000 ____D C:\Users\Vicki\AppData\Local\BrowserAir
2015-07-18 23:50 - 2015-07-18 23:50 - 00003856 _____ C:\Windows\System32\Tasks\SMWUpd
2015-07-18 23:50 - 2015-07-18 23:50 - 00003628 _____ C:\Windows\System32\Tasks\HDNINSTSCHD
2015-07-18 23:49 - 2015-07-19 00:43 - 00000000 ____D C:\Program Files\ffsecure
2015-07-18 23:48 - 2015-07-20 20:41 - 00000000 ____D C:\Users\Vicki\AppData\Local\ospd_us_016010034
2015-07-18 23:48 - 2015-07-19 00:16 - 00000000 ____D C:\Program Files (x86)\ospd_us_016010034
2015-07-18 23:48 - 2015-07-18 23:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ONESOFTPERDAY
2015-07-18 23:48 - 2015-07-18 23:48 - 00000000 ____D C:\Program Files (x86)\ospd_us_014010035
2015-07-18 23:46 - 2015-07-19 16:07 - 00000000 ____D C:\Program Files (x86)\2F8B4820-1437277603-11DD-B021-BCEE7B8C64A3
EmptyTemp:
end
*****************

Restore point was successfully created.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{730E03E4-350E-48E5-9D3E-4329903D454D}\\SystemComponent => value removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0FD35938-C416-4BF8-9C51-95AD6731A512}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0FD35938-C416-4BF8-9C51-95AD6731A512}" => key removed successfully
C:\Windows\System32\Tasks\boosterpop => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\boosterpop" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{13A6730A-8083-425A-9A97-E9C961D3AB33}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{13A6730A-8083-425A-9A97-E9C961D3AB33}" => key removed successfully
C:\Windows\System32\Tasks\HDNINSTSCHD => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HDNINSTSCHD" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{26010272-DC39-48EB-9F51-09A0E0B949DD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{26010272-DC39-48EB-9F51-09A0E0B949DD}" => key removed successfully
C:\Windows\System32\Tasks\IEError => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IEError" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3CD134A3-5D02-45AB-93EC-D9257F8E6225}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3CD134A3-5D02-45AB-93EC-D9257F8E6225}" => key removed successfully
C:\Windows\System32\Tasks\AI_Updater => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AI_Updater" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{45387387-D786-4233-A053-E513FEE7452E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{45387387-D786-4233-A053-E513FEE7452E}" => key removed successfully
C:\Windows\System32\Tasks\SMWUpd => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SMWUpd" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8A0DED16-0ECE-4AEF-BA48-D6BED58B841F} => key not found.
C:\Windows\System32\Tasks\BAUpd not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BAUpd => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EE6F3C66-3058-42D9-B874-ADFFC33EC487}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EE6F3C66-3058-42D9-B874-ADFFC33EC487}" => key removed successfully
C:\Windows\System32\Tasks\Bidaily Synchronize Task[8da6] => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Bidaily Synchronize Task[8da6]" => key removed successfully
"c:\programdata\{49daa21b-fd28-36a9-49da-aa21bfd2886f}" => File/Folder not found.
"C:\Program Files\Common Files\Goobzo" => File/Folder not found.
"C:\Windows\PCBHDNW" => File/Folder not found.
C:\Windows\Tasks\Bidaily Synchronize Task[8da6].job => moved successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DB1E1459-9B46-47D1-B71E-157651E03BEA} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F2C088C8-DF48-4E1E-89BE-60BA64CB04DA} => value not found.
[3728] C:\Users\Vicki\AppData\Local\ospd_us_016010034\upospd_us_016010034.exe => process closed successfully.
C:\Users\Vicki\AppData\Local\ospd_us_016010034 => moved successfully.
[3448] C:\Program Files (x86)\ospd_us_016010034\ospd_us_016010034.exe => process closed successfully.
C:\Program Files (x86)\ospd_us_016010034 => moved successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ospd_us_016010034 => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\upospd_us_016010034.exe => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFolderOptions => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Vicki\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.) => key not found.
"HKCR\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" => key removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Vicki\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.) => key not found.
"HKCR\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" => key removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Vicki\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.) => key not found.
"HKCR\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}" => key removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Vicki\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.) => key not found.
"HKCR\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}" => key removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Vicki\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.) => key not found.
"HKCR\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" => key removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Vicki\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.) => key not found.
"HKCR\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}" => key removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Vicki\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.) => key not found.
"HKCR\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" => key removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Vicki\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.) => key not found.
"HKCR\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}" => key removed successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
HKLM\SOFTWARE\Policies\Microsoft INTERNET EXPLORER: Policy restriction <======= ATTENTION => Error: No automatic fix found for this entry.
HKU\S-1-5-21-897019477-3370126768-1679138433-1000\SOFTWARE\Policies\Microsoft INTERNET EXPLORER: Policy restriction <======= ATTENTION => Error: No automatic fix found for this entry.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
Firefox SelectedSearchEngine removed successfully
Firefox DefaultSearchEngine removed successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
C:\Users\Vicki\AppData\Roaming\Mozilla\Firefox\Profiles\55xvqotf.default\searchplugins\smod.xml => moved successfully.
C:\Users\Vicki\AppData\Roaming\Mozilla\Firefox\Profiles\55xvqotf.default\Extensions\jid1-yhyb03AEVBwcGw@jetpack.xpi => moved successfully.
FF Extension: No Name - C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12191.xpi NOT FOUND] not found.
migihuse => Service not found.
wssvc_1.10.0.19 => Service stopped successfully.
wssvc_1.10.0.19 => Service removed successfully
C:\Program Files (x86)\WordShark_1.10.0.19 => moved successfully.
C:\Program Files (x86)\PCMATICPLUSSOL => moved successfully.
"C:\Windows\System32\Tasks\IEError" => File/Folder not found.
"C:\Windows\System32\Tasks\boosterpop" => File/Folder not found.
"C:\Windows\System32\Tasks\AI_Updater" => File/Folder not found.
C:\Users\Vicki\AppData\Local\PCMATICPLUS_fixed => moved successfully.
"C:\Windows\Tasks\Bidaily Synchronize Task[8da6].job" => File/Folder not found.
"C:\Windows\System32\Tasks\Bidaily Synchronize Task[8da6]" => File/Folder not found.
"C:\Windows\System32\Tasks\BAUpd" => File/Folder not found.
"C:\Users\Vicki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserAir" => File/Folder not found.
C:\Users\Vicki\AppData\Local\BrowserAir => moved successfully.
"C:\Windows\System32\Tasks\SMWUpd" => File/Folder not found.
"C:\Windows\System32\Tasks\HDNINSTSCHD" => File/Folder not found.
C:\Program Files\ffsecure => moved successfully.
"C:\Users\Vicki\AppData\Local\ospd_us_016010034" => File/Folder not found.
"C:\Program Files (x86)\ospd_us_016010034" => File/Folder not found.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ONESOFTPERDAY => moved successfully.
C:\Program Files (x86)\ospd_us_014010035 => moved successfully.
C:\Program Files (x86)\2F8B4820-1437277603-11DD-B021-BCEE7B8C64A3 => moved successfully.
EmptyTemp: => 8.4 GB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 19:51:39 ====
 

Attachments

#7 ·
re: Downloaded .EXE File Causing Auto Install of many Programs. Help!

Hello again, alildusty. How is the machine behaving?

Please download ComboFix and Save it to your Desktop.

**Note: It is important that it is saved directly to your desktop**

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Get help here

Double-click ComboFix.exe and follow the prompts to run it.

Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

When finished, it shall produce a log for you. Please post that log, C:\ComboFix.txt, in your next reply.

Please re-enable your antivirus before posting the ComboFix.txt log.

Note: If you get an 'Illegal operation attempted on a Registry key which has been marked for deletion' error message, please open Task Manager and 'End Process' on explorer.exe

Next, go File > New Task(Run...) and type explorer then press 'Enter'.

------------------------------------------------------
 
#8 ·
re: Downloaded .EXE File Causing Auto Install of many Programs. Help!

Hi Chemist, thanks for the help so far. Things are looking better but I'm still getting random ad pages to fake security/pc fixes that also create a pop up window that you have to exit out of. Hopefully this will be cleaned up soon as well. No more random programs being installed.

Combofix Log below and attached...


ComboFix 15-07-23.01 - Vicki 07/24/2015 10:02:49.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8130.5487 [GMT -4:00]
Running from: c:\users\Vicki\Downloads\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
FW: McAfee Firewall *Disabled* {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\SearchProtect
c:\program files (x86)\SearchProtect\EULA.txt
c:\program files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
c:\program files (x86)\SearchProtect\Main\bin\SPtool.dll
c:\program files (x86)\SearchProtect\Main\bin\uninstall.exe
c:\program files (x86)\SearchProtect\Main\bin\uninstall.pun
c:\program files (x86)\SearchProtect\Main\rep\cfi.bin
c:\program files (x86)\SearchProtect\Main\rep\edk.bin
c:\program files (x86)\SearchProtect\Main\rep\pni.bin
c:\program files (x86)\SearchProtect\Main\rep\SystemRepository.dat
c:\program files (x86)\SearchProtect\Main\rep\trn.bin
c:\program files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe
c:\program files (x86)\SearchProtect\SearchProtect\bin\RN32.dll
c:\program files (x86)\SearchProtect\SearchProtect\bin\SPtool64.exe
c:\program files (x86)\SearchProtect\SearchProtect\bin\VC32.dll
c:\program files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll
c:\program files (x86)\SearchProtect\SearchProtect\bin\VC64.dll
c:\program files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll
c:\program files (x86)\SearchProtect\UI\bin\cltmngui.exe
c:\program files (x86)\SearchProtect\UI\dialogs\Consent\consent.css
c:\program files (x86)\SearchProtect\UI\dialogs\Consent\consent.html
c:\program files (x86)\SearchProtect\UI\dialogs\Consent\consent.js
c:\program files (x86)\SearchProtect\UI\dialogs\Consent\defaults.js
c:\program files (x86)\SearchProtect\UI\dialogs\Images\Apply-default.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\Apply-onclick.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\Apply-Rollover.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\bg-dia.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\bg-uninstall.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\bg-with-logo.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\bg.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\bgNotif.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\bgSettings.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\bgSettingsDS.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\bgUninstall.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\btnBlue.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\btnClose.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\btnSilver.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\button-bg.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\checkbox.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\checkbox_checked.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\checkbox_def.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\close-win-def.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\close-win-over-click.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\gray-bg.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\hez-def-grey.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\hez-def.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\hez-selected.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\hez.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\icon-win.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\info-icon.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\menu-rollover.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\menu-selected.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\radio-button-def.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\radio-button-selected.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\radio-button.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\radio-button2.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\Settings-icon.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\SP_DialogBG.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\text-field.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\v.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\x.png
c:\program files (x86)\SearchProtect\UI\dialogs\libs\defaults.js
c:\program files (x86)\SearchProtect\UI\dialogs\libs\DialogAPI.js
c:\program files (x86)\SearchProtect\UI\dialogs\libs\dialogUtils.js
c:\program files (x86)\SearchProtect\UI\dialogs\libs\jquery.1.7.1.min.js
c:\program files (x86)\SearchProtect\UI\dialogs\libs\json2.min.js
c:\program files (x86)\SearchProtect\UI\dialogs\libs\main.js
c:\program files (x86)\SearchProtect\UI\dialogs\protection\defaults.js
c:\program files (x86)\SearchProtect\UI\dialogs\protection\protection.css
c:\program files (x86)\SearchProtect\UI\dialogs\protection\protection.html
c:\program files (x86)\SearchProtect\UI\dialogs\protection\protection.js
c:\program files (x86)\SearchProtect\UI\dialogs\protectionDS\defaults.js
c:\program files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.css
c:\program files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.html
c:\program files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.js
c:\program files (x86)\SearchProtect\UI\dialogs\settings.html
c:\program files (x86)\SearchProtect\UI\dialogs\settings\defaults.js
c:\program files (x86)\SearchProtect\UI\dialogs\settings\settings.css
c:\program files (x86)\SearchProtect\UI\dialogs\settings\settings.html
c:\program files (x86)\SearchProtect\UI\dialogs\settings\settings.js
c:\program files (x86)\SearchProtect\UI\dialogs\style.css
c:\program files (x86)\SearchProtect\UI\dialogs\uninstall\defaults.js
c:\program files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.css
c:\program files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.html
c:\program files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.js
c:\users\Vicki\AppData\Roaming\mymacro\qdisp.dll
D:\Autorun.inf
D:\Setup.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_CltMngSvc
-------\Service_npf
.
.
((((((((((((((((((((((((( Files Created from 2015-06-24 to 2015-07-24 )))))))))))))))))))))))))))))))
.
.
2015-07-22 23:50 . 2015-07-24 14:04 -------- d-----w- c:\users\Vicki\AppData\Local\avabvexvac
2015-07-22 23:50 . 2015-07-22 23:50 -------- d-----w- c:\users\Vicki\AppData\Local\SearchProtect
2015-07-22 23:49 . 2015-07-22 23:49 -------- d-----w- c:\program files (x86)\Coupoon
2015-07-21 00:40 . 2015-07-21 00:41 -------- d-----w- C:\AdwCleaner
2015-07-21 00:36 . 2015-07-15 03:19 41984 ----a-w- c:\windows\system32\lpk.dll
2015-07-21 00:36 . 2015-07-15 03:19 100864 ----a-w- c:\windows\system32\fontsub.dll
2015-07-21 00:36 . 2015-07-15 03:19 14336 ----a-w- c:\windows\system32\dciman32.dll
2015-07-21 00:36 . 2015-07-15 03:19 46080 ----a-w- c:\windows\system32\atmlib.dll
2015-07-21 00:36 . 2015-07-15 02:55 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2015-07-21 00:36 . 2015-07-15 02:55 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
2015-07-21 00:36 . 2015-07-15 02:55 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2015-07-21 00:36 . 2015-07-15 02:54 25600 ----a-w- c:\windows\SysWow64\lpk.dll
2015-07-21 00:36 . 2015-07-15 01:59 372224 ----a-w- c:\windows\system32\atmfd.dll
2015-07-21 00:36 . 2015-07-15 01:52 299008 ----a-w- c:\windows\SysWow64\atmfd.dll
2015-07-19 04:40 . 2015-07-19 04:40 32372200 ----a-w- c:\program files (x86)\Common Files\lpuninstall.exe
2015-07-19 04:01 . 2015-07-22 23:49 -------- d-----w- c:\programdata\McAfee
2015-07-19 03:50 . 2015-07-19 03:50 -------- d-----w- c:\users\Vicki\AppData\Local\Installer
2015-07-19 02:35 . 2015-07-19 02:35 -------- d-----w- c:\users\Vicki\AppData\Local\Diagnostics
2015-07-14 23:53 . 2015-07-04 18:07 2087424 ----a-w- c:\windows\system32\ole32.dll
2015-07-07 01:12 . 2015-07-07 01:12 -------- d-----w- c:\users\Vicki\AppData\Roaming\NVIDIA
2015-07-03 02:15 . 2015-07-03 02:15 -------- d-----w- c:\users\Vicki\AppData\Roaming\qmacro
2015-07-03 02:15 . 2015-07-24 14:05 -------- d-----w- c:\users\Vicki\AppData\Roaming\mymacro
2015-07-03 02:14 . 2015-07-03 02:14 -------- d-----w- c:\program files\WinRAR
2015-06-25 11:13 . 2015-06-25 11:13 26846912 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\MSO.DLL
2015-06-25 11:13 . 2015-06-25 11:13 112326848 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\MSORES.DLL
2015-06-25 11:09 . 2015-06-25 11:09 654520 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\MSOSQM.EXE
2015-06-25 11:09 . 2015-06-25 11:09 37422272 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\MSO.DLL
2015-06-25 11:09 . 2015-06-25 11:09 112326848 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\MSORES.DLL
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-07-15 15:13 . 2014-12-20 14:23 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-07-15 15:13 . 2014-12-20 14:23 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-07-02 07:16 . 2015-07-22 23:50 213776 ----a-w- c:\windows\apppatch\nbin\VC32Loader.dll
2015-07-02 07:16 . 2015-07-02 07:16 246544 ----a-w- c:\windows\apppatch\AppPatch64\VCLdr64.dll
2015-06-16 20:31 . 2015-06-16 20:31 1691816 ----a-w- c:\windows\system32\FM20.DLL
2015-06-15 22:27 . 2015-06-15 22:27 61312 ----a-w- c:\windows\system32\drivers\wsfd_1_10_0_19.sys
2015-05-25 18:24 . 2015-06-09 23:39 5569984 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-05-25 18:21 . 2015-06-09 23:39 1728960 ----a-w- c:\windows\system32\ntdll.dll
2015-05-25 18:19 . 2015-06-09 23:39 243712 ----a-w- c:\windows\system32\wow64.dll
2015-05-25 18:19 . 2015-06-09 23:39 362496 ----a-w- c:\windows\system32\wow64win.dll
2015-05-25 18:19 . 2015-06-09 23:39 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2015-05-25 18:19 . 2015-06-09 23:39 215040 ----a-w- c:\windows\system32\winsrv.dll
2015-05-25 18:19 . 2015-06-09 23:39 1255424 ----a-w- c:\windows\system32\diagtrack.dll
2015-05-25 18:19 . 2015-06-09 23:39 879104 ----a-w- c:\windows\system32\tdh.dll
2015-05-25 18:19 . 2015-06-09 23:39 503808 ----a-w- c:\windows\system32\srcore.dll
2015-05-25 18:19 . 2015-06-09 23:39 50176 ----a-w- c:\windows\system32\srclient.dll
2015-05-25 18:19 . 2015-06-09 23:39 113664 ----a-w- c:\windows\system32\sechost.dll
2015-05-25 18:19 . 2015-06-09 23:39 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2015-05-25 18:19 . 2015-06-09 23:39 424960 ----a-w- c:\windows\system32\KernelBase.dll
2015-05-25 18:19 . 2015-06-09 23:39 1162752 ----a-w- c:\windows\system32\kernel32.dll
2015-05-25 18:18 . 2015-06-09 23:39 43520 ----a-w- c:\windows\system32\csrsrv.dll
2015-05-25 18:18 . 2015-06-09 23:39 879104 ----a-w- c:\windows\system32\advapi32.dll
2015-05-25 18:18 . 2015-06-09 23:39 47104 ----a-w- c:\windows\system32\typeperf.exe
2015-05-25 18:18 . 2015-06-09 23:39 404992 ----a-w- c:\windows\system32\tracerpt.exe
2015-05-25 18:18 . 2015-06-09 23:39 112640 ----a-w- c:\windows\system32\smss.exe
2015-05-25 18:18 . 2015-06-09 23:39 296960 ----a-w- c:\windows\system32\rstrui.exe
2015-05-25 18:18 . 2015-06-09 23:39 43008 ----a-w- c:\windows\system32\relog.exe
2015-05-25 18:18 . 2015-06-09 23:39 104448 ----a-w- c:\windows\system32\logman.exe
2015-05-25 18:18 . 2015-06-09 23:39 19456 ----a-w- c:\windows\system32\diskperf.exe
2015-05-25 18:18 . 2015-06-09 23:39 338432 ----a-w- c:\windows\system32\conhost.exe
2015-05-25 18:11 . 2015-06-09 23:39 6656 ----a-w- c:\windows\system32\apisetschema.dll
2015-05-25 18:11 . 2015-06-09 23:39 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 23:39 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 23:39 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 23:39 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 23:39 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 23:39 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 23:39 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 23:39 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 23:39 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 23:39 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 23:39 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 23:39 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 23:39 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 23:39 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 23:39 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 23:39 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 23:39 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 23:39 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 23:39 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 23:39 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 23:39 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 23:39 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 23:39 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 23:39 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 23:39 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 23:39 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 23:39 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 23:39 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-25 18:07 . 2015-06-09 23:39 3989440 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2015-05-25 18:07 . 2015-06-09 23:39 3934144 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2015-05-25 18:04 . 2015-06-09 23:39 1310744 ----a-w- c:\windows\SysWow64\ntdll.dll
2015-05-25 18:01 . 2015-06-09 23:39 635392 ----a-w- c:\windows\SysWow64\tdh.dll
2015-05-25 18:01 . 2015-06-09 23:39 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2015-05-25 18:01 . 2015-06-09 23:39 92160 ----a-w- c:\windows\SysWow64\sechost.dll
2015-05-25 18:01 . 2015-06-09 23:39 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2015-05-25 18:01 . 2015-06-09 23:39 641536 ----a-w- c:\windows\SysWow64\advapi32.dll
2015-05-25 18:01 . 2015-06-09 23:39 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-05-25 18:00 . 2015-06-09 23:39 40448 ----a-w- c:\windows\SysWow64\typeperf.exe
2015-05-25 18:00 . 2015-06-09 23:39 364544 ----a-w- c:\windows\SysWow64\tracerpt.exe
2015-05-25 18:00 . 2015-06-09 23:39 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2015-05-25 18:00 . 2015-06-09 23:39 37888 ----a-w- c:\windows\SysWow64\relog.exe
2015-05-25 18:00 . 2015-06-09 23:39 82944 ----a-w- c:\windows\SysWow64\logman.exe
2015-05-25 18:00 . 2015-06-09 23:39 17408 ----a-w- c:\windows\SysWow64\diskperf.exe
2015-05-25 17:59 . 2015-06-09 23:39 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2015-05-25 17:59 . 2015-06-09 23:39 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll
2015-05-25 17:55 . 2015-06-09 23:39 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2015-05-25 17:55 . 2015-06-09 23:39 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2015-05-25 17:55 . 2015-06-09 23:39 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-25 17:55 . 2015-06-09 23:39 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-25 17:55 . 2015-06-09 23:39 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2015-05-25 17:55 . 2015-06-09 23:39 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2015-05-25 17:55 . 2015-06-09 23:39 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-25 17:55 . 2015-06-09 23:39 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2015-05-25 17:55 . 2015-06-09 23:39 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-25 17:55 . 2015-06-09 23:39 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-25 17:55 . 2015-06-09 23:39 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2015-05-25 17:55 . 2015-06-09 23:39 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-25 17:55 . 2015-06-09 23:39 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-25 17:55 . 2015-06-09 23:39 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2015-05-25 17:55 . 2015-06-09 23:39 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2015-05-25 17:55 . 2015-06-09 23:39 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-25 17:55 . 2015-06-09 23:39 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2015-05-25 17:55 . 2015-06-09 23:39 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2015-05-25 17:55 . 2015-06-09 23:39 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2015-05-25 17:55 . 2015-06-09 23:39 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-25 17:55 . 2015-06-09 23:39 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-25 17:55 . 2015-06-09 23:39 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-25 17:55 . 2015-06-09 23:39 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2015-05-25 17:55 . 2015-06-09 23:39 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2015-06-16 20:34 1730264 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2015-06-16 20:34 1730264 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2015-06-16 20:34 1730264 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\users\Vicki\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-08-22 1178168]
"Dropbox Update"="c:\users\Vicki\AppData\Local\Dropbox\Update\DropboxUpdate.exe" [2015-06-16 134512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2013-04-26 292848]
"BlueStacks Agent"="c:\program files (x86)\BlueStacks\HD-Agent.exe" [2015-03-24 863960]
"mcpltui_exe"="c:\program files\Common Files\McAfee\Platform\mcuicnt.exe" [2015-04-02 719272]
.
c:\users\Vicki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Vicki\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2015-5-25 43871968]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Install SafeKey FF RunOnce.lnk - c:\program files (x86)\Common Files\lpuninstall.exe -q -name=SafeKey -ffuuid {072844D3-7DEE-45F6-A406-E87F76302E4B} [2015-7-19 32372200]
Install SafeKey IE RunOnce.lnk - c:\program files (x86)\Common Files\lpuninstall.exe -p -name=SafeKey -ffuuid {072844D3-7DEE-45F6-A406-E87F76302E4B} [2015-7-19 32372200]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"RequireSignedAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HomeNetSvc;McAfee Home Network;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
R2 mccspsvc;McAfee CSP Service;c:\program files\Common Files\McAfee\CSP\1.5.450.0\McCSPServiceHost.exe;c:\program files\Common Files\McAfee\CSP\1.5.450.0\McCSPServiceHost.exe [x]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
R2 mcpltsvc;McAfee Platform Services;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys;c:\windows\SYSNATIVE\drivers\HipShieldK.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\DRIVERS\mfencrk.sys;c:\windows\SYSNATIVE\DRIVERS\mfencrk.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 SPPD;SPPD;c:\windows\system32\drivers\SPPD.sys;c:\windows\SYSNATIVE\drivers\SPPD.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]
S1 ccSet_NST;Norton Identity Safe Settings Manager;c:\windows\system32\drivers\NSTx64\7DE070B0.02A\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NSTx64\7DE070B0.02A\ccSetx64.sys [x]
S1 wsfd_1_10_0_19;wsfd_1_10_0_19;c:\windows\system32\drivers\wsfd_1_10_0_19.sys;c:\windows\SYSNATIVE\drivers\wsfd_1_10_0_19.sys [x]
S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe;c:\program files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
S2 BstHdUpdaterSvc;BlueStacks Updater Service;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 DTSAudioSvc;DTSAudioSvc;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [x]
S2 McAPExe;McAfee AP Service;c:\program files\McAfee\MSC\McAPExe.exe;c:\program files\McAfee\MSC\McAPExe.exe [x]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys;c:\windows\SYSNATIVE\drivers\McPvDrv.sys [x]
S2 mfemms;McAfee Service Controller;c:\program files\Common Files\McAfee\SystemCore\\mfemms.exe;c:\program files\Common Files\McAfee\SystemCore\\mfemms.exe [x]
S2 NCO;Norton Identity Safe;c:\program files (x86)\Norton Identity Safe\Engine\2014.7.11.42\NST.exe;c:\program files (x86)\Norton Identity Safe\Engine\2014.7.11.42\NST.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 UpdateCheck;UpdateCheck;c:\program files (x86)\Coupoon\UpdateCheck.exe run ;c:\program files (x86)\Coupoon\UpdateCheck.exe run [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 mfeaack;McAfee Inc. mfeaack;c:\windows\system32\drivers\mfeaack.sys;c:\windows\SYSNATIVE\drivers\mfeaack.sys [x]
S3 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]
S3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\DRIVERS\mfencbdc.sys;c:\windows\SYSNATIVE\DRIVERS\mfencbdc.sys [x]
S3 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-07-14 19:49 991048 ----a-w- c:\program files (x86)\Google\Chrome\Application\43.0.2357.134\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-07-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-20 15:13]
.
2015-07-19 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-897019477-3370126768-1679138433-1000Core.job
- c:\users\Vicki\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16 23:58]
.
2015-07-23 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-897019477-3370126768-1679138433-1000UA.job
- c:\users\Vicki\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16 23:58]
.
2015-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-05-04 14:29]
.
2015-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-05-04 14:29]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2015-06-16 20:31 2335448 ----a-w- c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2015-06-16 20:31 2335448 ----a-w- c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2015-06-16 20:31 2335448 ----a-w- c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-26 18:30 184856 ----a-w- c:\users\Vicki\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-26 18:30 184856 ----a-w- c:\users\Vicki\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-26 18:30 184856 ----a-w- c:\users\Vicki\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-26 18:30 184856 ----a-w- c:\users\Vicki\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-26 18:30 184856 ----a-w- c:\users\Vicki\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-26 18:30 184856 ----a-w- c:\users\Vicki\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-26 18:30 184856 ----a-w- c:\users\Vicki\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-26 18:30 184856 ----a-w- c:\users\Vicki\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2013-08-19 7202520]
"RtHDVBg_DTS"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2013-08-07 1321688]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-01-21 2234144]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-01-21 1179576]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.trovi.com/?gd=&ctid=CT3334623&octid=EB_ORIGINAL_CTID&ISID=M970B363E-A371-4CEC-B62F-FA56F72BCEEE&SearchSource=55&CUI=&UM=8&UP=SPF7C9BE1B-196C-41B0-8047-7B39C4AAD06D&D=072315&SSPV=
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office15\EXCEL.EXE/3000
IE: SafeKey - file://c:\users\Vicki\AppData\LocalLow\SafeKey\context.html?cmd=lastpass
IE: SafeKey Fill Forms - file://c:\users\Vicki\AppData\LocalLow\SafeKey\context.html?cmd=fillforms
IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{1DAFF43E-DB8F-4FCE-BAE5-55801F2B8A01}: NameServer = 82.163.143.131,82.163.142.133
TCP: Interfaces\{1DAFF43E-DB8F-4FCE-BAE5-55801F2B8A01}\34C414358402F4640284F4553554F52374548545: NameServer = 82.163.143.131,82.163.142.133
TCP: Interfaces\{45EB96AC-16FC-42F4-A9C5-90F24D23609D}: NameServer = 82.163.143.131,82.163.142.133
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Vicki\AppData\Roaming\Mozilla\Firefox\Profiles\55xvqotf.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.trovi.com/?gd=&ctid=CT3334623&octid=EB_ORIGINAL_CTID&ISID=M970B363E-A371-4CEC-B62F-FA56F72BCEEE&SearchSource=55&CUI=&UM=8&UP=SPF7C9BE1B-196C-41B0-8047-7B39C4AAD06D&D=072315&SSPV=
FF - prefs.js: browser.search.selectedEngine - Trovi
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-DeskBar - c:\users\Vicki\AppData\Local\DeskBar\dblaunch.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SpaceSoundPro - c:\program files\SpaceSoundPro\SpaceSoundPro.exe
AddRemove-SearchProtect - c:\progra~2\SearchProtect\Main\bin\uninstall.exe
AddRemove-WordShark_1.10.0.19 - c:\program files (x86)\WordShark_1.10.0.19\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NCO]
"ImagePath"="\"c:\program files (x86)\Norton Identity Safe\Engine\2014.7.11.42\NST.exe\" /s \"NCO\" /m \"c:\program files (x86)\Norton Identity Safe\Engine\2014.7.11.42\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\TeamViewer\TeamViewer_Service.exe
c:\program files (x86)\Coupoon\UpdateCheck.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\TeamViewer\TeamViewer.exe
c:\program files (x86)\TeamViewer\tv_w32.exe
.
**************************************************************************
.
Completion time: 2015-07-24 10:08:03 - machine was rebooted
ComboFix-quarantined-files.txt 2015-07-24 14:08
.
Pre-Run: 41,603,932,160 bytes free
Post-Run: 40,502,243,328 bytes free
.
- - End Of File - - CC84FA709F90DD814A10BF4B40AA0A06
A36C5E4F47E84449FF07ED3517B43A31
 

Attachments

#10 ·
re: Downloaded .EXE File Causing Auto Install of many Programs. Help!

Hello again, alildusty. You're very welcome. Did you uninstall Itibiti RTC?

------------------------------------------------------

It appears you altered some of the entries in the last FRST fix.

From your FRST.txt log, and the Fixlist.txt I gave you:

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-897019477-3370126768-1679138433-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
This is what was entered into the FRST box when you ran the fix:

HKLM\SOFTWARE\Policies\Microsoft INTERNET EXPLORER: Policy restriction <======= ATTENTION
HKU\S-1-5-21-897019477-3370126768-1679138433-1000\SOFTWARE\Policies\Microsoft INTERNET EXPLORER: Policy restriction <======= ATTENTION
Notice the missing backslashes. Please do not alter my Fixlist.txt entries, or the fixes won't work. Thanks.

------------------------------------------------------
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST64.exe
  • If asked to change 'Encoding:' to 'Unicode:', please agree and save it.

    NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    createrestorepoint:
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-897019477-3370126768-1679138433-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    EmptyTemp:
    end
  • Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------

Disable your antivirus and antispyware applications, usually via a right-click on the System Tray icon. They may otherwise interfere with ComboFix.

Open Notepad and copy/paste all the text in the codebox below into Notepad:

Code:
ClearJavaCache::

Folder::
c:\users\Vicki\AppData\Local\avabvexvac
c:\users\Vicki\AppData\Local\SearchProtect
c:\program files (x86)\Coupoon

DDS::
uStart Page = hxxp://www.trovi.com/?gd=&ctid=CT3334623&octid=EB_ORIGINAL_CTID&ISID=M970B363E-A371-4CEC-B62F-FA56F72BCEEE&SearchSource=55&CUI=&UM=8&UP=SPF7C9BE1B-196C-41B0-8047-7B39C4AAD06D&D=072315&SSPV=

Firefox::
FF - ProfilePath - c:\users\Vicki\AppData\Roaming\Mozilla\Firefox\Profiles\55xvqotf.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.trovi.com/?gd=&ctid=CT3334623&octid=EB_ORIGINAL_CTID&ISID=M970B363E-A371-4CEC-B62F-FA56F72BCEEE&SearchSource=55&CUI=&UM=8&UP=SPF7C9BE1B-196C-41B0-8047-7B39C4AAD06D&D=072315&SSPV=
FF - prefs.js: browser.search.selectedEngine - Trovi

DirLook::
c:\users\Vicki\AppData\Local\avabvexvac

Driver::
UpdateCheck
Save this Notepad file as CFScript.txt to your Desktop and then close the file.





Referring to the picture above, drag CFScript onto ComboFix.

If you are prompted to update ComboFix and have an internet connection, please choose Yes

Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

When finished, it shall produce a log for you. Please post that log, C:\ComboFix.txt, in your next reply.

Please re-enable your antivirus before posting the ComboFix.txt log.

------------------------------------------------------
 
#11 ·
re: Downloaded .EXE File Causing Auto Install of many Programs. Help!

Sorry, I didn't change the first fixlist entries. A clickable cloudscout ad link shows on the screen for random words. I had to fix both entries given this time to make sure no slashes was missing and I'm hoping I did it correctly.

Here's the fixlog.txt

Fix result of Farbar Recovery Scan Tool (x64) Version:25-07-2015
Ran by Vicki at 2015-07-25 21:10:01 Run:2
Running from C:\Users\Vicki\Desktop
Loaded Profiles: Vicki (Available Profiles: Vicki)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
createrestorepoint:
HKLM\SOFTWARE\Policies\Microsoft\INTERNET EXPLORER: Policy restriction <======= ATTENTION
HKU\S-1-5-21-897019477-3370126768-1679138433-1000\SOFTWARE\Policies\Microsoft\INTERNET EXPLORER: Policy restriction <======= ATTENTION
EmptyTemp:
end
*****************

Restore point was successfully created.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-897019477-3370126768-1679138433-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
EmptyTemp: => 45.1 MB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 21:10:12 ====



Here is the combofix log.

ComboFix 15-07-23.01 - Vicki 07/25/2015 21:18:52.2.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8130.5506 [GMT -4:00]
Running from: c:\users\Vicki\Desktop\ComboFix.exe
Command switches used :: c:\users\Vicki\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
FW: McAfee Firewall *Disabled* {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Coupoon
c:\program files (x86)\Coupoon\UpdateCheck.exe
c:\program files (x86)\SearchProtect
c:\program files (x86)\SearchProtect\CRASH_REPORT_P1404_T6052_D2015_07_24_T23_13_27.txt
c:\program files (x86)\SearchProtect\EULA.txt
c:\program files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
c:\program files (x86)\SearchProtect\Main\bin\SPtool.dll
c:\program files (x86)\SearchProtect\Main\bin\uninstall.exe
c:\program files (x86)\SearchProtect\Main\bin\uninstall.pun
c:\program files (x86)\SearchProtect\Main\rep\cfi.bin
c:\program files (x86)\SearchProtect\Main\rep\edk.bin
c:\program files (x86)\SearchProtect\Main\rep\pni.bin
c:\program files (x86)\SearchProtect\Main\rep\SystemRepository.dat
c:\program files (x86)\SearchProtect\Main\rep\trn.bin
c:\program files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe
c:\program files (x86)\SearchProtect\SearchProtect\bin\RN32.dll
c:\program files (x86)\SearchProtect\SearchProtect\bin\SPtool64.exe
c:\program files (x86)\SearchProtect\SearchProtect\bin\VC32.dll
c:\program files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll
c:\program files (x86)\SearchProtect\SearchProtect\bin\VC64.dll
c:\program files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll
c:\program files (x86)\SearchProtect\UI\bin\cltmngui.exe
c:\program files (x86)\SearchProtect\UI\dialogs\Consent\consent.css
c:\program files (x86)\SearchProtect\UI\dialogs\Consent\consent.html
c:\program files (x86)\SearchProtect\UI\dialogs\Consent\consent.js
c:\program files (x86)\SearchProtect\UI\dialogs\Consent\defaults.js
c:\program files (x86)\SearchProtect\UI\dialogs\Images\Apply-default.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\Apply-onclick.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\Apply-Rollover.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\bg-dia.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\bg-uninstall.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\bg-with-logo.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\bg.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\bgNotif.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\bgSettings.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\bgSettingsDS.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\bgUninstall.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\btnBlue.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\btnClose.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\btnSilver.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\button-bg.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\checkbox.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\checkbox_checked.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\checkbox_def.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\close-win-def.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\close-win-over-click.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\gray-bg.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\hez-def-grey.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\hez-def.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\hez-selected.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\hez.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\icon-win.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\info-icon.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\menu-rollover.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\menu-selected.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\radio-button-def.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\radio-button-selected.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\radio-button.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\radio-button2.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\Settings-icon.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\SP_DialogBG.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\text-field.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\v.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\x.png
c:\program files (x86)\SearchProtect\UI\dialogs\libs\defaults.js
c:\program files (x86)\SearchProtect\UI\dialogs\libs\DialogAPI.js
c:\program files (x86)\SearchProtect\UI\dialogs\libs\dialogUtils.js
c:\program files (x86)\SearchProtect\UI\dialogs\libs\jquery.1.7.1.min.js
c:\program files (x86)\SearchProtect\UI\dialogs\libs\json2.min.js
c:\program files (x86)\SearchProtect\UI\dialogs\libs\main.js
c:\program files (x86)\SearchProtect\UI\dialogs\protection\defaults.js
c:\program files (x86)\SearchProtect\UI\dialogs\protection\protection.css
c:\program files (x86)\SearchProtect\UI\dialogs\protection\protection.html
c:\program files (x86)\SearchProtect\UI\dialogs\protection\protection.js
c:\program files (x86)\SearchProtect\UI\dialogs\protectionDS\defaults.js
c:\program files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.css
c:\program files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.html
c:\program files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.js
c:\program files (x86)\SearchProtect\UI\dialogs\settings.html
c:\program files (x86)\SearchProtect\UI\dialogs\settings\defaults.js
c:\program files (x86)\SearchProtect\UI\dialogs\settings\settings.css
c:\program files (x86)\SearchProtect\UI\dialogs\settings\settings.html
c:\program files (x86)\SearchProtect\UI\dialogs\settings\settings.js
c:\program files (x86)\SearchProtect\UI\dialogs\style.css
c:\program files (x86)\SearchProtect\UI\dialogs\uninstall\defaults.js
c:\program files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.css
c:\program files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.html
c:\program files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.js
c:\users\Vicki\AppData\Local\avabvexvac
c:\users\Vicki\AppData\Local\avabvexvac\avabvexvac.exe
c:\users\Vicki\AppData\Local\avabvexvac\bahvxfk
c:\users\Vicki\AppData\Local\avabvexvac\mkfvxfk
c:\users\Vicki\AppData\Local\avabvexvac\pbqrmvbub
c:\users\Vicki\AppData\Local\avabvexvac\pvpqbjobmlpfqlovvawq
c:\users\Vicki\AppData\Local\avabvexvac\qokvxfk
c:\users\Vicki\AppData\Local\avabvexvac\rfobmlpfqlovvawq
c:\users\Vicki\AppData\Local\avabvexvac\rpboobmlpfqlovvawq
c:\users\Vicki\AppData\Local\avabvexvac\stb.dat
c:\users\Vicki\AppData\Local\avabvexvac\ycfvxfk
c:\users\Vicki\AppData\Local\SearchProtect
c:\users\Vicki\AppData\Local\SearchProtect\SearchProtect\rep\Cvc.dat
c:\users\Vicki\AppData\Local\SearchProtect\SearchProtect\rep\UserRepository.dat
c:\users\Vicki\AppData\Local\SearchProtect\SearchProtect\rep\UserSettings.dat
c:\users\Vicki\AppData\Local\SearchProtect\UI\rep\UIRepository.dat
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_CltMngSvc
-------\Service_UpdateCheck
.
.
((((((((((((((((((((((((( Files Created from 2015-06-26 to 2015-07-26 )))))))))))))))))))))))))))))))
.
.
2015-07-21 00:40 . 2015-07-21 00:41 -------- d-----w- C:\AdwCleaner
2015-07-21 00:36 . 2015-07-15 03:19 41984 ----a-w- c:\windows\system32\lpk.dll
2015-07-21 00:36 . 2015-07-15 03:19 100864 ----a-w- c:\windows\system32\fontsub.dll
2015-07-21 00:36 . 2015-07-15 03:19 14336 ----a-w- c:\windows\system32\dciman32.dll
2015-07-21 00:36 . 2015-07-15 03:19 46080 ----a-w- c:\windows\system32\atmlib.dll
2015-07-21 00:36 . 2015-07-15 02:55 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2015-07-21 00:36 . 2015-07-15 02:55 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
2015-07-21 00:36 . 2015-07-15 02:55 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2015-07-21 00:36 . 2015-07-15 02:54 25600 ----a-w- c:\windows\SysWow64\lpk.dll
2015-07-21 00:36 . 2015-07-15 01:59 372224 ----a-w- c:\windows\system32\atmfd.dll
2015-07-21 00:36 . 2015-07-15 01:52 299008 ----a-w- c:\windows\SysWow64\atmfd.dll
2015-07-19 04:40 . 2015-07-19 04:40 32372200 ----a-w- c:\program files (x86)\Common Files\lpuninstall.exe
2015-07-19 04:01 . 2015-07-22 23:49 -------- d-----w- c:\programdata\McAfee
2015-07-19 03:50 . 2015-07-19 03:50 -------- d-----w- c:\users\Vicki\AppData\Local\Installer
2015-07-19 02:35 . 2015-07-19 02:35 -------- d-----w- c:\users\Vicki\AppData\Local\Diagnostics
2015-07-14 23:53 . 2015-07-04 18:07 2087424 ----a-w- c:\windows\system32\ole32.dll
2015-07-07 01:12 . 2015-07-07 01:12 -------- d-----w- c:\users\Vicki\AppData\Roaming\NVIDIA
2015-07-03 02:15 . 2015-07-03 02:15 -------- d-----w- c:\users\Vicki\AppData\Roaming\qmacro
2015-07-03 02:15 . 2015-07-24 14:05 -------- d-----w- c:\users\Vicki\AppData\Roaming\mymacro
2015-07-03 02:14 . 2015-07-03 02:14 -------- d-----w- c:\program files\WinRAR
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-07-15 15:13 . 2014-12-20 14:23 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-07-15 15:13 . 2014-12-20 14:23 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-07-02 07:16 . 2015-07-24 22:23 213776 ----a-w- c:\windows\apppatch\nbin\VC32Loader.dll
2015-07-02 07:16 . 2015-07-02 07:16 246544 ----a-w- c:\windows\apppatch\AppPatch64\VCLdr64.dll
2015-06-16 20:31 . 2015-06-16 20:31 1691816 ----a-w- c:\windows\system32\FM20.DLL
2015-06-15 22:27 . 2015-06-15 22:27 61312 ----a-w- c:\windows\system32\drivers\wsfd_1_10_0_19.sys
2015-05-25 18:24 . 2015-06-09 23:39 5569984 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-05-25 18:21 . 2015-06-09 23:39 1728960 ----a-w- c:\windows\system32\ntdll.dll
2015-05-25 18:19 . 2015-06-09 23:39 243712 ----a-w- c:\windows\system32\wow64.dll
2015-05-25 18:19 . 2015-06-09 23:39 362496 ----a-w- c:\windows\system32\wow64win.dll
2015-05-25 18:19 . 2015-06-09 23:39 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2015-05-25 18:19 . 2015-06-09 23:39 215040 ----a-w- c:\windows\system32\winsrv.dll
2015-05-25 18:19 . 2015-06-09 23:39 1255424 ----a-w- c:\windows\system32\diagtrack.dll
2015-05-25 18:19 . 2015-06-09 23:39 879104 ----a-w- c:\windows\system32\tdh.dll
2015-05-25 18:19 . 2015-06-09 23:39 503808 ----a-w- c:\windows\system32\srcore.dll
2015-05-25 18:19 . 2015-06-09 23:39 50176 ----a-w- c:\windows\system32\srclient.dll
2015-05-25 18:19 . 2015-06-09 23:39 113664 ----a-w- c:\windows\system32\sechost.dll
2015-05-25 18:19 . 2015-06-09 23:39 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2015-05-25 18:19 . 2015-06-09 23:39 424960 ----a-w- c:\windows\system32\KernelBase.dll
2015-05-25 18:19 . 2015-06-09 23:39 1162752 ----a-w- c:\windows\system32\kernel32.dll
2015-05-25 18:18 . 2015-06-09 23:39 43520 ----a-w- c:\windows\system32\csrsrv.dll
2015-05-25 18:18 . 2015-06-09 23:39 879104 ----a-w- c:\windows\system32\advapi32.dll
2015-05-25 18:18 . 2015-06-09 23:39 47104 ----a-w- c:\windows\system32\typeperf.exe
2015-05-25 18:18 . 2015-06-09 23:39 404992 ----a-w- c:\windows\system32\tracerpt.exe
2015-05-25 18:18 . 2015-06-09 23:39 112640 ----a-w- c:\windows\system32\smss.exe
2015-05-25 18:18 . 2015-06-09 23:39 296960 ----a-w- c:\windows\system32\rstrui.exe
2015-05-25 18:18 . 2015-06-09 23:39 43008 ----a-w- c:\windows\system32\relog.exe
2015-05-25 18:18 . 2015-06-09 23:39 104448 ----a-w- c:\windows\system32\logman.exe
2015-05-25 18:18 . 2015-06-09 23:39 19456 ----a-w- c:\windows\system32\diskperf.exe
2015-05-25 18:18 . 2015-06-09 23:39 338432 ----a-w- c:\windows\system32\conhost.exe
2015-05-25 18:11 . 2015-06-09 23:39 6656 ----a-w- c:\windows\system32\apisetschema.dll
2015-05-25 18:11 . 2015-06-09 23:39 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 23:39 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 23:39 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 23:39 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 23:39 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 23:39 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 23:39 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 23:39 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 23:39 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 23:39 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 23:39 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 23:39 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 23:39 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 23:39 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 23:39 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 23:39 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 23:39 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 23:39 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 23:39 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 23:39 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 23:39 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 23:39 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 23:39 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 23:39 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 23:39 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 23:39 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 23:39 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-25 18:11 . 2015-06-09 23:39 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-25 18:07 . 2015-06-09 23:39 3989440 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2015-05-25 18:07 . 2015-06-09 23:39 3934144 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2015-05-25 18:04 . 2015-06-09 23:39 1310744 ----a-w- c:\windows\SysWow64\ntdll.dll
2015-05-25 18:01 . 2015-06-09 23:39 635392 ----a-w- c:\windows\SysWow64\tdh.dll
2015-05-25 18:01 . 2015-06-09 23:39 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2015-05-25 18:01 . 2015-06-09 23:39 92160 ----a-w- c:\windows\SysWow64\sechost.dll
2015-05-25 18:01 . 2015-06-09 23:39 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2015-05-25 18:01 . 2015-06-09 23:39 641536 ----a-w- c:\windows\SysWow64\advapi32.dll
2015-05-25 18:01 . 2015-06-09 23:39 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-05-25 18:00 . 2015-06-09 23:39 40448 ----a-w- c:\windows\SysWow64\typeperf.exe
2015-05-25 18:00 . 2015-06-09 23:39 364544 ----a-w- c:\windows\SysWow64\tracerpt.exe
2015-05-25 18:00 . 2015-06-09 23:39 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2015-05-25 18:00 . 2015-06-09 23:39 37888 ----a-w- c:\windows\SysWow64\relog.exe
2015-05-25 18:00 . 2015-06-09 23:39 82944 ----a-w- c:\windows\SysWow64\logman.exe
2015-05-25 18:00 . 2015-06-09 23:39 17408 ----a-w- c:\windows\SysWow64\diskperf.exe
2015-05-25 17:59 . 2015-06-09 23:39 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2015-05-25 17:59 . 2015-06-09 23:39 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll
2015-05-25 17:55 . 2015-06-09 23:39 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2015-05-25 17:55 . 2015-06-09 23:39 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2015-05-25 17:55 . 2015-06-09 23:39 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-25 17:55 . 2015-06-09 23:39 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-25 17:55 . 2015-06-09 23:39 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2015-05-25 17:55 . 2015-06-09 23:39 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2015-05-25 17:55 . 2015-06-09 23:39 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-25 17:55 . 2015-06-09 23:39 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2015-05-25 17:55 . 2015-06-09 23:39 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-25 17:55 . 2015-06-09 23:39 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-25 17:55 . 2015-06-09 23:39 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2015-05-25 17:55 . 2015-06-09 23:39 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-25 17:55 . 2015-06-09 23:39 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-25 17:55 . 2015-06-09 23:39 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2015-05-25 17:55 . 2015-06-09 23:39 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2015-05-25 17:55 . 2015-06-09 23:39 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-25 17:55 . 2015-06-09 23:39 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2015-05-25 17:55 . 2015-06-09 23:39 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2015-05-25 17:55 . 2015-06-09 23:39 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2015-05-25 17:55 . 2015-06-09 23:39 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-25 17:55 . 2015-06-09 23:39 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-25 17:55 . 2015-06-09 23:39 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-25 17:55 . 2015-06-09 23:39 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2015-05-25 17:55 . 2015-06-09 23:39 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\users\Vicki\AppData\Local\avabvexvac ----
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2015-06-16 20:34 1730264 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2015-06-16 20:34 1730264 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2015-06-16 20:34 1730264 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\users\Vicki\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-08-22 1178168]
"Dropbox Update"="c:\users\Vicki\AppData\Local\Dropbox\Update\DropboxUpdate.exe" [2015-06-16 134512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2013-04-26 292848]
"BlueStacks Agent"="c:\program files (x86)\BlueStacks\HD-Agent.exe" [2015-03-24 863960]
"mcpltui_exe"="c:\program files\Common Files\McAfee\Platform\mcuicnt.exe" [2015-04-02 719272]
.
c:\users\Vicki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Vicki\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2015-5-25 44236896]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Install SafeKey FF RunOnce.lnk - c:\program files (x86)\Common Files\lpuninstall.exe -q -name=SafeKey -ffuuid {072844D3-7DEE-45F6-A406-E87F76302E4B} [2015-7-19 32372200]
Install SafeKey IE RunOnce.lnk - c:\program files (x86)\Common Files\lpuninstall.exe -p -name=SafeKey -ffuuid {072844D3-7DEE-45F6-A406-E87F76302E4B} [2015-7-19 32372200]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"RequireSignedAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HomeNetSvc;McAfee Home Network;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
R2 mccspsvc;McAfee CSP Service;c:\program files\Common Files\McAfee\CSP\1.5.450.0\McCSPServiceHost.exe;c:\program files\Common Files\McAfee\CSP\1.5.450.0\McCSPServiceHost.exe [x]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys;c:\windows\SYSNATIVE\drivers\HipShieldK.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\DRIVERS\mfencrk.sys;c:\windows\SYSNATIVE\DRIVERS\mfencrk.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 SPPD;SPPD;c:\windows\system32\drivers\SPPD.sys;c:\windows\SYSNATIVE\drivers\SPPD.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]
S1 ccSet_NST;Norton Identity Safe Settings Manager;c:\windows\system32\drivers\NSTx64\7DE070B0.02A\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NSTx64\7DE070B0.02A\ccSetx64.sys [x]
S1 wsfd_1_10_0_19;wsfd_1_10_0_19;c:\windows\system32\drivers\wsfd_1_10_0_19.sys;c:\windows\SYSNATIVE\drivers\wsfd_1_10_0_19.sys [x]
S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe;c:\program files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
S2 BstHdUpdaterSvc;BlueStacks Updater Service;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 DTSAudioSvc;DTSAudioSvc;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [x]
S2 McAPExe;McAfee AP Service;c:\program files\McAfee\MSC\McAPExe.exe;c:\program files\McAfee\MSC\McAPExe.exe [x]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 mcpltsvc;McAfee Platform Services;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys;c:\windows\SYSNATIVE\drivers\McPvDrv.sys [x]
S2 mfemms;McAfee Service Controller;c:\program files\Common Files\McAfee\SystemCore\\mfemms.exe;c:\program files\Common Files\McAfee\SystemCore\\mfemms.exe [x]
S2 NCO;Norton Identity Safe;c:\program files (x86)\Norton Identity Safe\Engine\2014.7.11.42\NST.exe;c:\program files (x86)\Norton Identity Safe\Engine\2014.7.11.42\NST.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 mfeaack;McAfee Inc. mfeaack;c:\windows\system32\drivers\mfeaack.sys;c:\windows\SYSNATIVE\drivers\mfeaack.sys [x]
S3 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]
S3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\DRIVERS\mfencbdc.sys;c:\windows\SYSNATIVE\DRIVERS\mfencbdc.sys [x]
S3 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-07-24 18:55 995144 ----a-w- c:\program files (x86)\Google\Chrome\Application\44.0.2403.107\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-07-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-20 15:13]
.
2015-07-19 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-897019477-3370126768-1679138433-1000Core.job
- c:\users\Vicki\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16 23:58]
.
2015-07-26 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-897019477-3370126768-1679138433-1000UA.job
- c:\users\Vicki\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16 23:58]
.
2015-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-05-04 14:29]
.
2015-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-05-04 14:29]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2015-06-16 20:31 2335448 ----a-w- c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2015-06-16 20:31 2335448 ----a-w- c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2015-06-16 20:31 2335448 ----a-w- c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-07-07 19:24 184856 ----a-w- c:\users\Vicki\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-07-07 19:24 184856 ----a-w- c:\users\Vicki\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-07-07 19:24 184856 ----a-w- c:\users\Vicki\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-07-07 19:24 184856 ----a-w- c:\users\Vicki\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-07-07 19:24 184856 ----a-w- c:\users\Vicki\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-07-07 19:24 184856 ----a-w- c:\users\Vicki\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-07-07 19:24 184856 ----a-w- c:\users\Vicki\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-07-07 19:24 184856 ----a-w- c:\users\Vicki\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2013-08-19 7202520]
"RtHDVBg_DTS"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2013-08-07 1321688]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-01-21 2234144]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-01-21 1179576]
"SpaceSoundPro"="c:\program files\SpaceSoundPro\SpaceSoundPro.exe" [BU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office15\EXCEL.EXE/3000
IE: SafeKey - file://c:\users\Vicki\AppData\LocalLow\SafeKey\context.html?cmd=lastpass
IE: SafeKey Fill Forms - file://c:\users\Vicki\AppData\LocalLow\SafeKey\context.html?cmd=fillforms
IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{1DAFF43E-DB8F-4FCE-BAE5-55801F2B8A01}: NameServer = 82.163.143.131,82.163.142.133
TCP: Interfaces\{1DAFF43E-DB8F-4FCE-BAE5-55801F2B8A01}\34C414358402F4640284F4553554F52374548545: NameServer = 82.163.143.131,82.163.142.133
TCP: Interfaces\{45EB96AC-16FC-42F4-A9C5-90F24D23609D}: NameServer = 82.163.143.131,82.163.142.133
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Vicki\AppData\Roaming\Mozilla\Firefox\Profiles\55xvqotf.default\
FF - prefs.js: browser.search.selectedEngine - Trovi
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-SearchProtect - c:\progra~2\SearchProtect\Main\bin\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NCO]
"ImagePath"="\"c:\program files (x86)\Norton Identity Safe\Engine\2014.7.11.42\NST.exe\" /s \"NCO\" /m \"c:\program files (x86)\Norton Identity Safe\Engine\2014.7.11.42\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\TeamViewer\TeamViewer_Service.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\TeamViewer\TeamViewer.exe
c:\program files (x86)\TeamViewer\tv_w32.exe
.
**************************************************************************
.
Completion time: 2015-07-25 21:23:33 - machine was rebooted
ComboFix-quarantined-files.txt 2015-07-26 01:23
ComboFix2.txt 2015-07-24 14:08
.
Pre-Run: 42,431,512,576 bytes free
Post-Run: 41,884,057,600 bytes free
.
- - End Of File - - DD13F5A8F38C9396652BF3ABCCF769A2
A36C5E4F47E84449FF07ED3517B43A31
 

Attachments

#13 ·
re: Downloaded .EXE File Causing Auto Install of many Programs. Help!

Hello again, alildusty. Thanks for letting me know. Yes, it worked that time.

Are you fixing this machine remotely using TeamViewer?

See if you can remove Trovi search engine in Firefox:

https://support.mozilla.org/en-US/k...manage-search-engines#w_remove-search-engines

------------------------------------------------------

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Double-click mbam-setup-2.1.8.1057.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish
  • At the end of the installation, a database update will be performed.
  • Click on Scan Now
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Remove Selected to allow MBAM to clean what was detected.
  • In most cases, a restart will be required and a prompt will be shown.
  • Wait for the prompt to restart the computer to appear, then click on Yes
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double-click on the scan log which shows the Date and Time of the scan just performed.
  • Click Export
  • Click Text file (*.txt)
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named File Saved should appear stating "Your file has been successfully exported".
  • Click Ok
  • Please post that saved log in your next reply.
------------------------------------------------------
 
#14 ·
re: Downloaded .EXE File Causing Auto Install of many Programs. Help!

No, I'm not remotely fixing PC. I do have TeamViewer installed on PC to remotely access it from time to time.

Trovi Search Engine has been removed.

Ran the Malwarebytes. FYI, still seeing the CloudScout links on webpages after running it.

Malwarebytes Log

Malwarebytes Anti-Malware
www.malwarebytes.org


Error, 7/26/2015 4:32 PM, SYSTEM, VICKI-PC, Update, Bad md5 or size: akadomains, 11,
Error, 7/26/2015 4:32 PM, SYSTEM, VICKI-PC, Update, Bad md5 or size: akaips, 11,
Update, 7/26/2015 4:32 PM, SYSTEM, VICKI-PC, Manual, Remediation Database, 2015.5.13.1, 2015.7.20.1,
Update, 7/26/2015 4:32 PM, SYSTEM, VICKI-PC, Manual, IP Database, 0.0.0.0, 2015.7.24.3,
Update, 7/26/2015 4:32 PM, SYSTEM, VICKI-PC, Manual, Rootkit Database, 2015.6.2.1, 2015.7.22.1,
Update, 7/26/2015 4:32 PM, SYSTEM, VICKI-PC, Manual, Domain Database, 0.0.0.0, 2015.7.24.2,
Update, 7/26/2015 4:32 PM, SYSTEM, VICKI-PC, Manual, AKA IP Database, 0.0.0.0, 2015.7.15.1,
Update, 7/26/2015 4:32 PM, SYSTEM, VICKI-PC, Manual, AKA Domain Database, 0.0.0.0, 2015.7.25.5,
Update, 7/26/2015 4:33 PM, SYSTEM, VICKI-PC, Manual, Malware Database, 2015.6.3.3, 2015.7.26.6,
Error, 7/26/2015 4:42 PM, SYSTEM, VICKI-PC, Protection, IsLicensed, 13,
Protection, 7/26/2015 4:42 PM, SYSTEM, VICKI-PC, Protection, Malware Protection, Stopping,
Protection, 7/26/2015 4:42 PM, SYSTEM, VICKI-PC, Protection, Malware Protection, Stopped,

(end)
 

Attachments

#15 ·
re: Downloaded .EXE File Causing Auto Install of many Programs. Help!

Hello again, alildusty. It appears you posted a Protection Log, not a Scan Log.

Open MBAM > History > Application Logs and double-click the latest Scan Log > Export > Text file(*.txt) > name it > save it, then post the contents of the log in your next reply. Thanks.

------------------------------------------------------

CloudScout(CloudGuard) is stubborn to get rid of without resetting Chrome back to defaults. Probably best to do the same to IE and FF.

Please reset Chrome to defaults. You will lose everything except your bookmarks or passwords.

https://support.google.com/chrome/answer/3296214?hl=en

------------------------------------------------------

Please run AdwCleaner again as before(Scan then Cleaning), and post that log in your next reply also.

Finally, please look through your Programs and Features and let me know if you see something that you didn't install.

------------------------------------------------------
 
#16 ·
re: Downloaded .EXE File Causing Auto Install of many Programs. Help!

Malware Bytes Log

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/26/2015
Scan Time: 6:19 PM
Logfile: Malbytes Scan.txt
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.07.26.06
Rootkit Database: v2015.07.22.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Vicki

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 357458
Time Elapsed: 4 min, 19 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 2
PUP.Optional.Goobzo.A, C:\Users\Vicki\AppData\Local\Installer\Install_14449, , [f5698165c5c576c0a122828729daac54],
PUP.Optional.Goobzo.A, C:\Users\Vicki\AppData\Local\Installer\Install_17404, , [471710d6701a8bab883ba96014ef7a86],

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)



New AdwCleaner Log

# AdwCleaner v4.208 - Logfile created 26/07/2015 at 18:17:23
# Updated 09/07/2015 by Xplode
# Database : 2015-07-26.2 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : Vicki - VICKI-PC
# Running from : C:\Users\Vicki\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

File Deleted : C:\Windows\AppPatch\Custom\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\yahoo.xml

***** [ Scheduled tasks ] *****

Task Deleted : avabvexvac
Task Deleted : WordShark Auto Updater 1.10.0.19 Pending Update
Task Deleted : WordShark Auto Updater 1.10.0.19 Core

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\smu.exe
Key Deleted : HKCU\Software\Tutorials
Key Deleted : HKCU\Software\SpaceSoundPro
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17909


-\\ Mozilla Firefox v38.0.5 (x86 en-US)


-\\ Google Chrome v44.0.2403.107


-\\ Chromium v


*************************

AdwCleaner[R0].txt - [21964 bytes] - [20/07/2015 20:40:23]
AdwCleaner[R1].txt - [1680 bytes] - [26/07/2015 18:14:28]
AdwCleaner[R2].txt - [1739 bytes] - [26/07/2015 18:16:57]
AdwCleaner[S0].txt - [10000 bytes] - [20/07/2015 20:40:51]
AdwCleaner[S1].txt - [1594 bytes] - [26/07/2015 18:17:23]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1653 bytes] ##########
 

Attachments

#17 ·
re: Downloaded .EXE File Causing Auto Install of many Programs. Help!

Hello again, alildusty. Did you reset Chrome? Anything suspicious in your installed programs?

Hopefully we can prevent it from coming back again and again.

Please run FRST64 again and post/attach the logs as before.

Make sure you tick the Addition.txt box before running FRST64.

------------------------------------------------------

Please go to: VirusTotal
  • Click the Choose File button.
  • Please copy/paste the following bolded text into the 'File name:' box:

    C:\Qoobox\Quarantine\C\users\Vicki\AppData\Local\avabvexvac\avabvexvac.exe.vir

  • Click Open then click the Scan it! button just below.
  • This will scan the file. Please be patient.
  • If you get a message saying File already analysed: click Reanalyse
  • Once scanned, copy and paste the URL from your browser address bar in your next reply.
------------------------------------------------------
 
#18 · (Edited)
re: Downloaded .EXE File Causing Auto Install of many Programs. Help!

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:25-07-2015
Ran by Vicki (administrator) on VICKI-PC (27-07-2015 21:04:41)
Running from C:\Users\Vicki\Desktop
Loaded Profiles: Vicki (Available Profiles: Vicki)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Spotify Ltd) C:\Users\Vicki\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(Dropbox, Inc.) C:\Users\Vicki\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\NST.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\NST.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(McAfee, Inc.) C:\Program Files\McAfee\MAT\McPvTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.5.450.0\McCSPServiceHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-19] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-06] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-01-20] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-25] (Intel Corporation)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [863960 2015-03-24] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe [719272 2015-04-02] (McAfee, Inc.)
HKU\S-1-5-21-897019477-3370126768-1679138433-1000\...\Run: [Spotify Web Helper] => C:\Users\Vicki\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1178168 2014-08-22] (Spotify Ltd)
HKU\S-1-5-21-897019477-3370126768-1679138433-1000\...\Run: [Dropbox Update] => C:\Users\Vicki\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-16] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install SafeKey FF RunOnce.lnk [2015-07-19]
ShortcutTarget: Install SafeKey FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (McAfee)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install SafeKey IE RunOnce.lnk [2015-07-19]
ShortcutTarget: Install SafeKey IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (McAfee)
Startup: C:\Users\Vicki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-05-25]
ShortcutTarget: Dropbox.lnk -> C:\Users\Vicki\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Vicki\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Vicki\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Vicki\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Vicki\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Vicki\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Vicki\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Vicki\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-07-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Vicki\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-07-07] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-897019477-3370126768-1679138433-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com - Hotmail, Outlook, Skype, Bing, Latest News, Photos & Videos
HKU\S-1-5-21-897019477-3370126768-1679138433-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-897019477-3370126768-1679138433-1000 -> {007FC025-7049-4961-A1A4-88B7518C470E} URL = https://search.yahoo.com/search?fr=mcafee&type=C011US1134D20150719&p={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-06-25] (Microsoft Corporation)
BHO: McAfee SafeKey Vault -> {9DB059B3-DD36-4a55-846C-59BE42A1202A} -> C:\Program Files (x86)\SafeKey\LPToolbar_x64.dll [2015-07-19] (McAfee)
BHO: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.11.42\coIEPlg.dll [2015-06-26] (Symantec Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-06-25] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-17] (Oracle Corporation)
BHO-x32: McAfee SafeKey Vault -> {9DB059B3-DD36-4a55-846C-59BE42A1202A} -> C:\Program Files (x86)\SafeKey\LPToolbar.dll [2015-07-19] (McAfee)
BHO-x32: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\coIEPlg.dll [2015-06-26] (Symantec Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-21] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-17] (Oracle Corporation)
Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.11.42\coIEPlg.dll [2015-06-26] (Symantec Corporation)
Toolbar: HKLM - McAfee SafeKey - {61D700C1-7D8D-43c5-9C13-4FF85157CFE6} - C:\Program Files (x86)\SafeKey\LPToolbar_x64.dll [2015-07-19] (McAfee)
Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\coIEPlg.dll [2015-06-26] (Symantec Corporation)
Toolbar: HKLM-x32 - McAfee SafeKey - {61D700C1-7D8D-43c5-9C13-4FF85157CFE6} - C:\Program Files (x86)\SafeKey\LPToolbar.dll [2015-07-19] (McAfee)
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} https://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-07-21] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-07-21] (McAfee, Inc.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-03-12] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-07-21] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-07-21] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2015-04-07] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2015-04-07] (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1DAFF43E-DB8F-4FCE-BAE5-55801F2B8A01}: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Vicki\AppData\Roaming\Mozilla\Firefox\Profiles\84hxwpfw.default-1437948450356
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-15] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-04-07] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-15] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-17] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-04-07] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-09-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-09-13] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation)
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2015-07-19]
FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.11.42\coFFPlgn
FF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.11.42\coFFPlgn [2015-07-27]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2015-07-19]
StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR Profile: C:\Users\Vicki\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Vicki\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-04]
CHR Extension: (Google Drive) - C:\Users\Vicki\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-04]
CHR Extension: (YouTube) - C:\Users\Vicki\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-04]
CHR Extension: (Google Search) - C:\Users\Vicki\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-04]
CHR Extension: (Turkopticon) - C:\Users\Vicki\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgefbojfgdddnignhmfmnencgiloojpe [2015-04-11]
CHR Extension: (AdBlock) - C:\Users\Vicki\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-05-04]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Vicki\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Vicki\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-04]
CHR Extension: (Gmail) - C:\Users\Vicki\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-04]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-07-22]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\Exts\Chrome.crx [2015-07-19]
CHR HKLM-x32\...\Chrome\Extension: [agbnjankikoaabjkmfbaceggjliabkbn] - C:\Program Files (x86)\SafeKey\lpchrome.crx [2015-07-19]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-07-22]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\Exts\Chrome.crx [2015-07-19]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-05-07] ()
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [433880 2015-03-24] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [388824 2015-03-24] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [798424 2015-03-24] (BlueStack Systems, Inc.)
R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [240584 2012-10-02] (DTS, Inc)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [155368 2015-07-21] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [753768 2015-04-07] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.5.450.0\McCSPServiceHost.exe [207344 2015-04-08] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [612688 2015-04-09] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-02-17] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [372144 2015-04-01] (McAfee, Inc.)
R3 mfevtp; C:\Windows\system32\mfevtps.exe [250672 2015-02-17] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\NST.exe [131144 2015-03-05] (Symantec Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-01-20] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16939296 2014-01-20] (NVIDIA Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5495056 2015-06-18] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [144600 2015-03-24] (BlueStack Systems)
R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE070B0.02A\ccSetx64.sys [162392 2013-09-27] (Symantec Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [68784 2015-02-17] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R2 McPvDrv; C:\Windows\system32\drivers\McPvDrv.sys [76064 2015-03-27] (McAfee, Inc.)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [401736 2015-02-17] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [337888 2015-02-17] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [488000 2015-02-17] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [864072 2015-02-17] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [482600 2015-01-16] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [100720 2015-01-16] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340448 2015-02-17] (McAfee, Inc.)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-26 18:26 - 2015-07-26 18:26 - 00001264 _____ C:\Users\Vicki\Desktop\Malbytes Scan.txt
2015-07-26 18:24 - 2015-07-26 18:24 - 00001262 _____ C:\Users\Vicki\Desktop\MAM Results.txt
2015-07-26 18:07 - 2015-07-26 18:07 - 00000000 ____D C:\Users\Vicki\Desktop\Old Firefox Data
2015-07-26 16:31 - 2015-07-26 18:25 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-26 16:31 - 2015-07-26 16:31 - 00001102 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-26 16:31 - 2015-07-26 16:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-26 16:31 - 2015-07-26 16:31 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-26 16:31 - 2015-07-26 16:31 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-26 16:31 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-07-26 16:31 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-07-26 16:31 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-07-26 16:30 - 2015-07-26 16:30 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Vicki\Downloads\mbam-setup-2.1.8.1057.exe
2015-07-25 21:23 - 2015-07-25 21:23 - 00037832 _____ C:\ComboFix.txt
2015-07-24 20:10 - 2015-07-24 20:10 - 00000000 ____D C:\Users\Vicki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-07-24 09:56 - 2011-06-26 02:45 - 00256000 _____ C:\Windows\PEV.exe
2015-07-24 09:56 - 2010-11-07 13:20 - 00208896 _____ C:\Windows\MBR.exe
2015-07-24 09:56 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-07-24 09:56 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-07-24 09:56 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-07-24 09:56 - 2000-08-30 20:00 - 00098816 _____ C:\Windows\sed.exe
2015-07-24 09:56 - 2000-08-30 20:00 - 00080412 _____ C:\Windows\grep.exe
2015-07-24 09:56 - 2000-08-30 20:00 - 00068096 _____ C:\Windows\zip.exe
2015-07-24 09:55 - 2015-07-25 21:23 - 00000000 ____D C:\Qoobox
2015-07-24 09:55 - 2015-07-25 21:21 - 00000000 ____D C:\Windows\erdnt
2015-07-24 09:55 - 2015-07-24 09:58 - 05633622 ____R (Swearware) C:\Users\Vicki\Desktop\ComboFix.exe
2015-07-22 19:49 - 2015-07-22 19:49 - 00003344 _____ C:\Windows\System32\Tasks\McAfee Remediation (Prepare)
2015-07-20 20:43 - 2015-07-27 21:04 - 00024887 _____ C:\Users\Vicki\Desktop\FRST.txt
2015-07-20 20:43 - 2015-07-25 21:09 - 00000000 ____D C:\Users\Vicki\Desktop\FRST-OlderVersion
2015-07-20 20:43 - 2015-07-20 20:43 - 00038683 _____ C:\Users\Vicki\Desktop\Addition.txt
2015-07-20 20:40 - 2015-07-26 18:17 - 00000000 ____D C:\AdwCleaner
2015-07-20 20:39 - 2015-07-20 20:39 - 02248704 _____ C:\Users\Vicki\Downloads\AdwCleaner (1).exe
2015-07-20 20:39 - 2015-07-20 20:39 - 02248704 _____ C:\Users\Vicki\Desktop\AdwCleaner.exe
2015-07-20 20:36 - 2015-07-14 23:19 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-07-20 20:36 - 2015-07-14 23:19 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-20 20:36 - 2015-07-14 23:19 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-07-20 20:36 - 2015-07-14 23:19 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-07-20 20:36 - 2015-07-14 22:55 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-07-20 20:36 - 2015-07-14 22:55 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-07-20 20:36 - 2015-07-14 22:55 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-07-20 20:36 - 2015-07-14 22:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-07-20 20:36 - 2015-07-14 21:59 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-20 20:36 - 2015-07-14 21:52 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-07-19 17:07 - 2015-07-19 17:07 - 00008753 _____ C:\Users\Vicki\Desktop\attach.txt
2015-07-19 17:07 - 2015-07-19 17:06 - 00034691 _____ C:\Users\Vicki\Desktop\dds.txt
2015-07-19 17:06 - 2015-07-19 17:06 - 00688992 ____R (Swearware) C:\Users\Vicki\Downloads\dds.scr
2015-07-19 06:05 - 2015-07-19 06:05 - 00000000 ____D C:\Windows\System32\Tasks\Norton Identity Safe
2015-07-19 00:40 - 2015-07-27 19:58 - 00000000 __RSD C:\Users\Vicki\Documents\McAfee Vaults
2015-07-19 00:40 - 2015-07-19 00:40 - 00001916 _____ C:\Users\Public\Desktop\McAfee Multi Access - Total Protection.lnk
2015-07-19 00:40 - 2015-07-19 00:40 - 00000000 ____D C:\Users\Vicki\AppData\Local\McAfee File Lock
2015-07-19 00:40 - 2015-07-19 00:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-07-19 00:40 - 2015-07-19 00:40 - 00000000 ____D C:\Program Files (x86)\SafeKey
2015-07-19 00:40 - 2015-07-19 00:40 - 00000000 ____D C:\Program Files (x86)\McAfee.com
2015-07-19 00:40 - 2015-03-27 10:08 - 00076064 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\McPvDrv.sys
2015-07-19 00:40 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
2015-07-19 00:39 - 2015-07-22 19:52 - 00000000 ____D C:\Program Files (x86)\McAfee
2015-07-19 00:39 - 2015-07-19 00:40 - 00000000 ____D C:\Program Files\McAfee
2015-07-19 00:39 - 2015-07-19 00:39 - 00000000 ____D C:\Program Files\McAfee.com
2015-07-19 00:24 - 2015-07-19 00:25 - 02134528 _____ (Farbar) C:\Users\Vicki\Downloads\FRST64 (1).exe
2015-07-19 00:23 - 2015-07-27 21:04 - 00000000 ____D C:\FRST
2015-07-19 00:22 - 2015-07-25 21:09 - 02146816 _____ (Farbar) C:\Users\Vicki\Desktop\FRST64.exe
2015-07-19 00:14 - 2015-07-19 00:16 - 07720664 _____ (McAfee, Inc.) C:\Users\Vicki\Downloads\McAfeeSetup-Serial (1).exe
2015-07-19 00:13 - 2015-07-19 00:17 - 02494944 _____ (Trend Micro Inc.) C:\Users\Vicki\Downloads\HousecallLauncher64 (1).exe
2015-07-19 00:07 - 2015-07-19 00:07 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-07-19 00:05 - 2015-07-19 00:05 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Identity Safe
2015-07-19 00:05 - 2015-07-19 00:05 - 00000000 ____D C:\Windows\system32\Drivers\NSTx64
2015-07-19 00:05 - 2015-07-19 00:05 - 00000000 ____D C:\Program Files (x86)\Norton Identity Safe
2015-07-19 00:02 - 2015-07-19 00:02 - 00000000 ____D C:\Users\Vicki\AppData\Local\Chromium
2015-07-19 00:01 - 2015-07-22 19:49 - 00000000 ____D C:\ProgramData\McAfee
2015-07-19 00:01 - 2015-07-19 00:40 - 00000000 ____D C:\Quarantine
2015-07-19 00:01 - 2015-07-19 00:40 - 00000000 ____D C:\Program Files\Common Files\McAfee
2015-07-19 00:01 - 2015-07-19 00:01 - 07720664 _____ (McAfee, Inc.) C:\Users\Vicki\Downloads\McAfeeSetup-Serial.exe
2015-07-19 00:01 - 2015-07-19 00:01 - 00452682 _____ C:\Users\Vicki\AppData\Local\census.cache
2015-07-19 00:01 - 2015-07-19 00:01 - 00177677 _____ C:\Users\Vicki\AppData\Local\ars.cache
2015-07-19 00:01 - 2015-02-17 14:36 - 00250672 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe
2015-07-18 23:59 - 2015-07-19 00:06 - 00000010 _____ C:\Users\Vicki\AppData\Local\sponge.last.runtime.cache
2015-07-18 23:54 - 2015-07-18 23:54 - 02494944 _____ (Trend Micro Inc.) C:\Users\Vicki\Downloads\HousecallLauncher64.exe
2015-07-18 23:54 - 2015-07-18 23:54 - 00000036 _____ C:\Users\Vicki\AppData\Local\housecall.guid.cache
2015-07-14 19:54 - 2015-07-09 13:58 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-07-14 19:54 - 2015-07-09 13:58 - 02603008 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-07-14 19:54 - 2015-07-09 13:58 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-07-14 19:54 - 2015-07-09 13:58 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-07-14 19:54 - 2015-07-09 13:58 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-07-14 19:54 - 2015-07-09 13:58 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-07-14 19:54 - 2015-07-09 13:58 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-07-14 19:54 - 2015-07-09 13:58 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-07-14 19:54 - 2015-07-09 13:58 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-07-14 19:54 - 2015-07-09 13:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-07-14 19:54 - 2015-07-09 13:58 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-07-14 19:54 - 2015-07-09 13:43 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-07-14 19:54 - 2015-07-09 13:43 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-07-14 19:54 - 2015-07-09 13:43 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-07-14 19:54 - 2015-07-09 13:43 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-07-14 19:54 - 2015-07-09 13:42 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-07-14 19:54 - 2015-07-02 17:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-07-14 19:54 - 2015-07-02 17:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-07-14 19:54 - 2015-07-02 16:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-07-14 19:54 - 2015-07-02 16:49 - 25193984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-14 19:54 - 2015-07-02 16:46 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-07-14 19:54 - 2015-07-02 16:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-07-14 19:54 - 2015-07-02 16:23 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-14 19:54 - 2015-07-02 16:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-07-14 19:54 - 2015-07-02 16:12 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-14 19:54 - 2015-07-02 15:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-07-14 19:54 - 2015-07-02 15:20 - 14453248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-14 19:54 - 2015-07-02 14:59 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-14 19:54 - 2015-06-26 22:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-07-14 19:54 - 2015-06-26 22:43 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-14 19:54 - 2015-06-26 21:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-07-14 19:54 - 2015-06-26 21:39 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-07-14 19:54 - 2015-06-25 14:09 - 00389832 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-07-14 19:54 - 2015-06-25 13:43 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-07-14 19:54 - 2015-06-25 04:57 - 03207168 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-14 19:54 - 2015-06-20 16:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-07-14 19:54 - 2015-06-20 15:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-07-14 19:54 - 2015-06-20 15:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-14 19:54 - 2015-06-20 15:49 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-14 19:54 - 2015-06-20 15:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-07-14 19:54 - 2015-06-20 15:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-07-14 19:54 - 2015-06-20 15:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-14 19:54 - 2015-06-20 15:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-07-14 19:54 - 2015-06-20 15:34 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-14 19:54 - 2015-06-20 15:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-07-14 19:54 - 2015-06-20 15:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-07-14 19:54 - 2015-06-20 15:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-07-14 19:54 - 2015-06-20 15:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-14 19:54 - 2015-06-20 15:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-07-14 19:54 - 2015-06-20 15:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-14 19:54 - 2015-06-20 15:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-14 19:54 - 2015-06-20 15:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-14 19:54 - 2015-06-20 14:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-14 19:54 - 2015-06-20 14:48 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-07-14 19:54 - 2015-06-20 14:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-14 19:54 - 2015-06-20 14:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-07-14 19:54 - 2015-06-20 14:26 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-14 19:54 - 2015-06-20 14:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-14 19:54 - 2015-06-19 14:25 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-07-14 19:54 - 2015-06-19 14:25 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-07-14 19:54 - 2015-06-19 14:24 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-07-14 19:54 - 2015-06-19 14:24 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-07-14 19:54 - 2015-06-19 14:23 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-07-14 19:54 - 2015-06-19 14:17 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-07-14 19:54 - 2015-06-19 14:16 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-07-14 19:54 - 2015-06-19 14:13 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-07-14 19:54 - 2015-06-19 14:13 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-07-14 19:54 - 2015-06-19 14:03 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-07-14 19:54 - 2015-06-19 13:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-07-14 19:54 - 2015-06-19 13:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-07-14 19:54 - 2015-06-19 13:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-07-14 19:54 - 2015-06-19 13:51 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-07-14 19:54 - 2015-06-19 13:40 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-07-14 19:54 - 2015-06-19 13:40 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-07-14 19:54 - 2015-06-19 13:39 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-07-14 19:54 - 2015-06-19 13:15 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-07-14 19:54 - 2015-06-19 13:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-07-14 19:54 - 2015-06-17 13:47 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-14 19:54 - 2015-06-17 13:37 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-07-14 19:54 - 2015-06-01 20:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-07-14 19:54 - 2015-06-01 19:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
2015-07-14 19:53 - 2015-07-09 13:59 - 00017856 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-07-14 19:53 - 2015-07-09 13:58 - 01085440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-07-14 19:53 - 2015-07-09 13:58 - 00765440 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-07-14 19:53 - 2015-07-09 13:58 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-07-14 19:53 - 2015-07-09 13:58 - 00433664 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-07-14 19:53 - 2015-07-09 13:58 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-07-14 19:53 - 2015-07-09 13:58 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-07-14 19:53 - 2015-07-09 13:50 - 01145856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-07-14 19:53 - 2015-07-04 14:07 - 02087424 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-14 19:53 - 2015-07-04 13:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-07-14 19:53 - 2015-07-01 16:56 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-14 19:53 - 2015-07-01 16:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-07-14 19:53 - 2015-07-01 16:49 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-07-14 19:53 - 2015-07-01 16:49 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-14 19:53 - 2015-07-01 16:49 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-14 19:53 - 2015-07-01 16:49 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-07-14 19:53 - 2015-07-01 16:49 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-14 19:53 - 2015-07-01 16:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-07-14 19:53 - 2015-07-01 16:49 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-07-14 19:53 - 2015-07-01 16:49 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-07-14 19:53 - 2015-07-01 16:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-07-14 19:53 - 2015-07-01 16:49 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-07-14 19:53 - 2015-07-01 16:49 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-07-14 19:53 - 2015-07-01 16:48 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-07-14 19:53 - 2015-07-01 16:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-07-14 19:53 - 2015-07-01 16:47 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-07-14 19:53 - 2015-07-01 16:47 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-07-14 19:53 - 2015-07-01 16:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-07-14 19:53 - 2015-07-01 16:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-07-14 19:53 - 2015-07-01 16:39 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-07-14 19:53 - 2015-07-01 16:30 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-07-14 19:53 - 2015-07-01 16:30 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-07-14 19:53 - 2015-07-01 16:30 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-07-14 19:53 - 2015-07-01 16:30 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-07-14 19:53 - 2015-07-01 16:30 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-07-14 19:53 - 2015-07-01 16:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-07-14 19:53 - 2015-07-01 16:30 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-07-14 19:53 - 2015-07-01 16:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-07-14 19:53 - 2015-07-01 16:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-07-14 19:53 - 2015-07-01 16:29 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-07-14 19:53 - 2015-07-01 16:29 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-07-14 19:53 - 2015-07-01 16:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-07-14 19:53 - 2015-07-01 16:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-07-14 19:53 - 2015-07-01 16:26 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-07-14 19:53 - 2015-07-01 16:24 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-07-14 19:53 - 2015-07-01 15:27 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-14 19:53 - 2015-07-01 15:26 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-14 19:53 - 2015-07-01 15:26 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-14 19:53 - 2015-06-15 17:50 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-07-14 19:53 - 2015-06-15 17:45 - 03242496 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-14 19:53 - 2015-06-15 17:45 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-14 19:53 - 2015-06-15 17:45 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-07-14 19:53 - 2015-06-15 17:45 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-07-14 19:53 - 2015-06-15 17:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-14 19:53 - 2015-06-15 17:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-07-14 19:53 - 2015-06-15 17:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-07-14 19:53 - 2015-06-15 17:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-07-14 19:53 - 2015-06-15 17:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-07-14 19:53 - 2015-06-15 17:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2015-07-14 19:53 - 2015-06-15 17:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2015-07-14 19:53 - 2015-04-27 15:23 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-07-14 19:53 - 2015-04-27 15:23 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-07-14 19:53 - 2015-04-27 15:23 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-07-14 19:53 - 2015-04-27 15:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-07-14 19:53 - 2015-04-27 15:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-07-14 19:53 - 2015-04-27 15:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-07-14 19:53 - 2015-04-27 15:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-07-14 19:53 - 2015-04-27 15:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-07-12 00:43 - 2015-07-12 04:11 - 00000000 ____D C:\Users\Vicki\Desktop\ClashBot_7.3
2015-07-06 21:12 - 2015-07-06 21:12 - 00000000 ____D C:\Users\Vicki\AppData\Roaming\NVIDIA
2015-07-02 23:44 - 2015-07-03 06:07 - 00000000 ____D C:\Users\Vicki\Desktop\ClashBot_7.1
2015-07-02 22:15 - 2015-07-24 10:05 - 00000000 ____D C:\Users\Vicki\AppData\Roaming\mymacro
2015-07-02 22:15 - 2015-07-02 22:15 - 00000000 ____D C:\Users\Vicki\AppData\Roaming\WinRAR
2015-07-02 22:15 - 2015-07-02 22:15 - 00000000 ____D C:\Users\Vicki\AppData\Roaming\qmacro
2015-07-02 22:14 - 2015-07-02 22:14 - 01941744 _____ C:\Users\Vicki\Downloads\winrar-x64-521.exe
2015-07-02 22:14 - 2015-07-02 22:14 - 00000000 ____D C:\Users\Vicki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-07-02 22:14 - 2015-07-02 22:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-07-02 22:14 - 2015-07-02 22:14 - 00000000 ____D C:\Program Files\WinRAR
2015-07-02 22:11 - 2015-07-02 22:13 - 08132834 _____ C:\Users\Vicki\Downloads\LazyPressingV8.1Pro.rar

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-27 21:04 - 2014-03-30 12:56 - 01379630 _____ C:\Windows\WindowsUpdate.log
2015-07-27 20:53 - 2014-05-04 10:29 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-27 20:53 - 2014-05-04 10:29 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-27 20:31 - 2009-07-14 00:45 - 00031280 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-27 20:31 - 2009-07-14 00:45 - 00031280 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-27 20:13 - 2014-12-20 10:23 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-27 20:09 - 2015-06-16 19:58 - 00000918 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-897019477-3370126768-1679138433-1000UA.job
2015-07-27 20:03 - 2009-07-14 01:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-27 19:57 - 2015-05-25 14:44 - 00000000 ___RD C:\Users\Vicki\Dropbox
2015-07-27 19:56 - 2015-05-25 14:44 - 00000000 ____D C:\Users\Vicki\AppData\Roaming\Dropbox
2015-07-27 19:56 - 2014-03-30 12:59 - 00000000 ____D C:\ProgramData\NVIDIA
2015-07-27 19:56 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-27 19:56 - 2009-07-14 00:51 - 00047046 _____ C:\Windows\setupact.log
2015-07-26 18:25 - 2015-03-08 16:54 - 00000000 ____D C:\Users\Vicki\AppData\Local\CrashDumps
2015-07-26 18:00 - 2014-03-30 13:04 - 00000000 ____D C:\Windows\System32\Tasks\ASUS
2015-07-26 16:42 - 2010-11-20 23:47 - 00765570 _____ C:\Windows\PFRO.log
2015-07-25 21:22 - 2009-07-13 22:34 - 00000215 _____ C:\Windows\system.ini
2015-07-25 21:21 - 2009-07-13 22:34 - 76333056 _____ C:\Windows\system32\config\SOFTWARE.bak
2015-07-25 21:21 - 2009-07-13 22:34 - 44253184 _____ C:\Windows\system32\config\COMPONENTS.bak
2015-07-25 21:21 - 2009-07-13 22:34 - 20447232 _____ C:\Windows\system32\config\SYSTEM.bak
2015-07-25 21:21 - 2009-07-13 22:34 - 00245760 _____ C:\Windows\system32\config\DEFAULT.bak
2015-07-25 21:21 - 2009-07-13 22:34 - 00028672 _____ C:\Windows\system32\config\SAM.bak
2015-07-25 21:21 - 2009-07-13 22:34 - 00024576 _____ C:\Windows\system32\config\SECURITY.bak
2015-07-25 21:07 - 2015-04-11 22:59 - 00000000 ___SD C:\Windows\system32\GWX
2015-07-24 14:55 - 2014-05-04 10:29 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-24 10:08 - 2009-07-13 23:20 - 00000000 __RHD C:\Users\Default
2015-07-22 19:49 - 2015-06-10 03:22 - 00000000 ____D C:\Program Files\Common Files\AV
2015-07-22 19:43 - 2009-07-14 00:45 - 00433744 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-20 20:41 - 2014-08-01 09:02 - 00001061 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-07-20 20:41 - 2014-08-01 09:02 - 00001049 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-07-20 20:41 - 2014-05-04 10:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-07-20 20:41 - 2014-03-30 12:56 - 00000989 _____ C:\Users\Vicki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-07-20 20:36 - 2014-08-09 20:39 - 00000000 ____D C:\Users\Vicki\AppData\Roaming\uTorrent
2015-07-19 09:09 - 2015-06-16 19:58 - 00000866 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-897019477-3370126768-1679138433-1000Core.job
2015-07-19 00:07 - 2015-06-18 08:20 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2015-07-19 00:07 - 2009-07-14 01:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-07-19 00:06 - 2014-04-06 12:53 - 00000000 ____D C:\ProgramData\Norton
2015-07-18 22:37 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
2015-07-18 09:04 - 2015-06-16 19:58 - 00003888 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-897019477-3370126768-1679138433-1000UA
2015-07-18 09:04 - 2015-06-16 19:58 - 00003492 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-897019477-3370126768-1679138433-1000Core
2015-07-18 03:00 - 2014-04-10 21:10 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-07-18 03:00 - 2014-04-10 21:07 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-07-15 20:48 - 2014-05-04 10:29 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-15 20:48 - 2014-05-04 10:29 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-15 11:13 - 2014-12-20 10:23 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-15 11:13 - 2014-12-20 10:23 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-15 11:13 - 2014-12-20 10:23 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-15 03:46 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2015-07-15 03:20 - 2014-12-17 22:22 - 00000000 ____D C:\Windows\system32\appraiser
2015-07-15 03:20 - 2014-05-10 23:19 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-07-15 03:20 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-07-15 03:01 - 2009-07-13 22:34 - 00000478 _____ C:\Windows\win.ini
2015-07-13 20:52 - 2014-08-01 09:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-12 03:00 - 2015-04-11 22:59 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-07-06 16:40 - 2014-06-20 14:39 - 00000000 ____D C:\Users\Public\Downloads\Norton

==================== Files in the root of some directories =======

2015-07-19 00:40 - 2015-07-19 00:40 - 32372200 _____ (McAfee) C:\Program Files (x86)\Common Files\lpuninstall.exe
2015-07-19 00:01 - 2015-07-19 00:01 - 0177677 _____ () C:\Users\Vicki\AppData\Local\ars.cache
2015-07-19 00:01 - 2015-07-19 00:01 - 0452682 _____ () C:\Users\Vicki\AppData\Local\census.cache
2015-07-18 23:54 - 2015-07-18 23:54 - 0000036 _____ () C:\Users\Vicki\AppData\Local\housecall.guid.cache
2015-07-18 23:59 - 2015-07-19 00:06 - 0000010 _____ () C:\Users\Vicki\AppData\Local\sponge.last.runtime.cache
2014-03-30 13:08 - 2014-03-30 13:08 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\Vicki\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpt6sbjq.dll
C:\Users\Vicki\AppData\Local\Temp\Quarantine.exe
C:\Users\Vicki\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-24 11:46

==================== End of log ============================
 

Attachments

#20 ·
re: Downloaded .EXE File Causing Auto Install of many Programs. Help!

Hello again, alildusty.
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST64.exe
  • If asked to change 'Encoding:' to 'Unicode:', please agree and save it.

    NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    createrestorepoint:
    FirewallRules: [{A34A273C-AD3C-434D-AA2F-C7CA1DA3F2B2}] => (Allow) C:\Users\Vicki\AppData\Roaming\TWV\TWV.exe
    FirewallRules: [{823BF9DE-6E3D-4C5D-910D-EBEEF253B66F}] => (Allow) C:\Users\Vicki\AppData\Roaming\TWV\upd.exe
    C:\Users\Vicki\AppData\Roaming\TWV
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-897019477-3370126768-1679138433-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
    EmptyTemp:
    end
  • Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------

Your Java is out of date.

Java(TM) 8 Update 45 can be updated from the Java Control Panel. Go Start > Control Panel > Programs > Java (looks like a coffee cup) > Update Tab > Update Now. An update should begin; follow the prompts.

Make sure you untick the box next to whatever free program they prompt you to install, unless you want it.
  • After the install is complete, go back to your Control Panel and click the Java icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button.
    • There are two options checked in the window to clear the cache - Leave BOTH Checked
      • Cached Applications and Applets
      • Trace and Log Files
    • Click OK on Delete Temporary Files Window.
      Note: This deletes ALL the Downloaded Cached Applications and Applets from the CACHE
    • Click OK to leave the Temporary Files Window.
    • Click OK to leave the Java Control Panel.
------------------------------------------------------

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

In Microsoft Windows Vista/Win7, you must open the Web browser via a right-click using the Run as administrator command.

Go here and click 'Run ESET Online Scanner'.
  • If you are not using Internet Explorer, double-click esetsmartinstaller_enu.exe to install it, then click 'Run'.
  • Turn off the real-time scanner of any existing antivirus program while performing the online scan. Here's how
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • If using Internet Explorer, allow the ActiveX control to install when asked.
  • Once the components have downloaded, tick the option Enable detection of potentially unwanted applications
  • Click on Advanced Settings
  • Make sure that the option Remove found threats is unticked.
  • Ensure these options are ticked:
    • Scan Archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Next to 'Current scan targets: Operating memory, Local drives', click the Change... button.
  • Tick all the boxes that correspond to your external/inserted drives.
  • Click Start
  • Wait for the scan to finish.
  • When the scan is done, if it shows a screen that says "Threats found!", click "List of found threats", and then click "Export to text file..."
  • Save that text file to your desktop, and then copy/paste the contents in your next reply.
------------------------------------------------------

Please post the following in your next reply:

Fixlog.tx
ESET report
 
#21 ·
Re: Downloaded .EXE File Causing Auto Install of many Programs. Help!

Fix Log


Fix result of Farbar Recovery Scan Tool (x64) Version:25-07-2015
Ran by Vicki at 2015-07-28 20:46:56 Run:3
Running from C:\Users\Vicki\Desktop
Loaded Profiles: Vicki (Available Profiles: Vicki)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
createrestorepoint:
FirewallRules: [{A34A273C-AD3C-434D-AA2F-C7CA1DA3F2B2}] => (Allow) C:\Users\Vicki\AppData\Roaming\TWV\TWV.exe
FirewallRules: [{823BF9DE-6E3D-4C5D-910D-EBEEF253B66F}] => (Allow) C:\Users\Vicki\AppData\Roaming\TWV\upd.exe
C:\Users\Vicki\AppData\Roaming\TWV
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-897019477-3370126768-1679138433-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
EmptyTemp:
end
*****************

Restore point was successfully created.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A34A273C-AD3C-434D-AA2F-C7CA1DA3F2B2} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{823BF9DE-6E3D-4C5D-910D-EBEEF253B66F} => value removed successfully
"C:\Users\Vicki\AppData\Roaming\TWV" => File/Folder not found.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-897019477-3370126768-1679138433-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKLM\SOFTWARE\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => key removed successfully
EmptyTemp: => 33.1 MB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 20:47:02 ====


ESET Log


C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdate\smci32.dll.vir a variant of Win32/SBWatchman.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdate\smci64.dll.vir a variant of Win64/SBWatchman.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdate\smi32.exe.vir a variant of Win32/SBWatchman.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdate\smi64.exe.vir a variant of MSIL/SBWatchman.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdate\smu.exe.vir a variant of Win64/SBWatchman.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdate\SMUninstall.exe.vir a variant of Win32/SBWatchman.E potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\WordShark_1.10.0.19\Service\wssvc.exe.vir a variant of Win32/Adware.Vitruvian.F application
C:\AdwCleaner\Quarantine\C\ProgramData\{49daa21b-fd28-36a9-49da-aa21bfd2886f}\hqghumeaylnlf.exe.vir a variant of Win32/Adware.SpeedingUpMyPC.AP application
C:\AdwCleaner\Quarantine\C\Users\Vicki\AppData\Local\DeskBar\2.6.1.1668\DeskBar.exe.vir a variant of Win32/Packed.Themida suspicious application
C:\AdwCleaner\Quarantine\C\Users\Vicki\AppData\Local\DeskBar\2.6.2.55\DeskBar.exe.vir a variant of Win32/Packed.Themida suspicious application
C:\AdwCleaner\Quarantine\C\Users\Vicki\AppData\Roaming\Nosibay\Bubble Dock\Bubble Dock Uninstall.exe.vir Win32/BubbleDock.C potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Vicki\AppData\Roaming\Nosibay\Bubble Dock\Bubble Dock Update.exe.vir Win32/BubbleDock.C potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Vicki\AppData\Roaming\Nosibay\Bubble Dock\Bubble Dock.exe.vir a variant of Win32/BubbleDock.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Vicki\AppData\Roaming\Tny_cassiopesa\UpdateProc\bkup.dat.vir VBS/Kryptik.DY trojan
C:\AdwCleaner\Quarantine\C\Users\Vicki\AppData\Roaming\Tny_cassiopesa\UpdateProc\UpdateTask.exe.vir a variant of Win32/DealPly.AY potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Vicki\AppData\Roaming\WTools\Selection Tools\Selection Tools Uninstall.exe.vir Win32/BubbleDock.C potentially unwanted application
C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\wsfd_1_10_0_19.sys.vir a variant of Win64/NetFilter.A potentially unsafe application
C:\FRST\Quarantine\C\Program Files (x86)\2F8B4820-1437277603-11DD-B021-BCEE7B8C64A3\vnsf7C24.tmp multiple threats
C:\FRST\Quarantine\C\Program Files (x86)\ospd_us_016010034\onesoftperday_widget.exe a variant of Win32/AdWare.EoRezo.AU application
C:\FRST\Quarantine\C\Program Files (x86)\ospd_us_016010034\ospd_us_016010034.exe a variant of Win32/AdWare.EoRezo.AU application
C:\FRST\Quarantine\C\Program Files (x86)\ospd_us_016010034\predm.exe a variant of Win32/Adware.EoRezo.AZ application
C:\FRST\Quarantine\C\Program Files (x86)\WordShark_1.10.0.19\Service\wssvc.exe a variant of Win32/Adware.Vitruvian.F application
C:\FRST\Quarantine\C\Users\Vicki\AppData\Local\ospd_us_016010034\upospd_us_016010034.exe a variant of Win32/Adware.EoRezo.AJ application
C:\FRST\Quarantine\C\Users\Vicki\AppData\Local\ospd_us_016010034\Download\myoffergroup_us6.exe multiple threats
C:\FRST\Quarantine\C\Users\Vicki\AppData\Local\PCMATICPLUS_fixed\PCMATICPLUS_fixed.exe a variant of MSIL/RegProCleaner.A potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\Coupoon\UpdateCheck.exe.vir a variant of Win32/Adware.Adpeak.S application
C:\Qoobox\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe.vir a variant of Win32/Conduit.SearchProtect.Y potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\SPtool.dll.vir a variant of Win32/Conduit.SearchProtect.Y potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe.vir a variant of Win32/ClientConnect.A potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\uninstall.pun.vir a variant of Win32/ClientConnect.A potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe.vir a variant of Win32/Conduit.SearchProtect.Y potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\RN32.dll.vir a variant of Win32/ClientConnect.A potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPtool64.exe.vir a variant of Win32/ClientConnect.A potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32.dll.vir a variant of Win32/ClientConnect.A potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll.vir a variant of Win32/ClientConnect.A potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64.dll.vir a variant of Win32/ClientConnect.A potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll.vir a variant of Win32/ClientConnect.A potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe.vir a variant of Win32/Conduit.SearchProtect.Y potentially unwanted application
C:\Qoobox\Quarantine\C\Users\Vicki\AppData\Local\avabvexvac\avabvexvac.exe.vir a variant of Win32/Conduit.SearchProtect.Y potentially unwanted application
C:\Qoobox\Quarantine\C\Users\Vicki\AppData\Local\avabvexvac\pbqrmvbub.vir a variant of Win32/ClientConnect.A potentially unwanted application
C:\Users\Vicki\AppData\Roaming\uTorrent\updates\3.4.2_32691.exe a variant of Win32/AdkDLLWrapper.A potentially unwanted application
C:\Users\Vicki\Downloads\LazyPressingV8.1Pro.rar a variant of Win32/Packed.Themida suspicious application
C:\Users\Vicki\Downloads\uTorrent.exe a variant of Win32/AdkDLLWrapper.A potentially unwanted application
C:\Users\Vicki\Dropbox\clash\LazyPressingV8.2Pro.rar a variant of Win32/Packed.Themida suspicious application
\\Vicki-pc\Users\Vicki\AppData\Roaming\uTorrent\updates\3.4.2_32691.exe a variant of Win32/AdkDLLWrapper.A potentially unwanted application
\\Vicki-pc\Users\Vicki\Downloads\LazyPressingV8.1Pro.rar a variant of Win32/Packed.Themida suspicious application
\\Vicki-pc\Users\Vicki\Downloads\uTorrent.exe a variant of Win32/AdkDLLWrapper.A potentially unwanted application
\\Vicki-pc\Users\Vicki\Dropbox\clash\LazyPressingV8.2Pro.rar a variant of Win32/Packed.Themida suspicious application
 

Attachments

#22 ·
Re: Downloaded .EXE File Causing Auto Install of many Programs. Help!

Hello again, alildusty. Please answer, it helps.

Did you reset Chrome?
Anything suspicious in your installed programs?
Are you still seeing the CloudScout links?

------------------------------------------------------

Qoobox is ComboFixs quarantine folder. Those, and AdwCleaner and FRST finds will get deleted when we uninstall those applications.

Open Notepad and copy/paste the entire contents of the codebox below into Notepad:

Code:
@echo off
if exist "%temp%\log.txt" del "%temp%\log.txt"

for %%g in (

"C:\Users\Vicki\AppData\Roaming\uTorrent\updates\3.4.2_32691.exe"
"C:\Users\Vicki\Downloads\LazyPressingV8.1Pro.rar"
"C:\Users\Vicki\Downloads\uTorrent.exe"
"C:\Users\Vicki\Dropbox\clash\LazyPressingV8.2Pro.rar"


) do (
del /a/f/q %%g >nul 2>&1
if exist %%g echo.%%~g>>"%temp%\log.txt"
)


if exist "%temp%\log.txt" ( start notepad "%temp%\log.txt"
) else echo.Deleted Successfully !!

pause
del %0
Save this Notepad file as fix.bat and choose to Save as type: - All Files then close the Notepad file.
It should look like this:


Right-click on fix.bat and choose 'Run as administrator' to allow it to run.

Tell me what it says in your next reply. Press any key to continue.

------------------------------------------------------
 
#23 ·
Re: Downloaded .EXE File Causing Auto Install of many Programs. Help!

Sorry about that.

Yes, Chrome has been reset
I don't see any additional suspicious programs installed
No more CloudScout links as well.

After running the fix.bat it says successfully deleted.
 
#26 ·
Re: Downloaded .EXE File Causing Auto Install of many Programs. Help!

Congratulations. Well done! Your logs appear clean. You should be good to go.

Please disable McAfee before uninstalling ComboFix and then re-enable it after doing so.

Press the Windows "logo" key and "R" key and Copy/Paste the following single-line command into the Run box and click OK:

combofix /uninstall

This will uninstall ComboFix and delete ComboFix's quarantine folder. It will also implement some cleanup procedures, remove old System Restore Points which contain previous infections, and create a fresh, clean System Restore Point.

Please re-enable your antivirus program and any other antispyware programs disabled earlier if you haven't already.
  • Run AdwCleaner and select Uninstall
  • Confirm by clicking Yes
------------------------------------------------------

Press the Windows "logo" key and "R" key then copy/paste the following single-line command into the Run box and click OK:

cmd /c rd /s /q "C:\FRST"

A DOS window will open and close again, this is normal.

------------------------------------------------------

You can safely delete any tools downloaded or any logs, files, and any shortcuts on your desktop that were created during this fix.

Keep MBAM, update and run a Quick Scan weekly.

Empty your Recycle Bin if it does not do so automatically.

------------------------------------------------------

MICROSOFT UPDATES
It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft and download all the critical updates to help prevent possible re-infection.

------------------------------------------------------

Important

Due to continued exploits of zero-day vulnerabilities in Oracle's Java application, it is the recommendation of many security experts, as well as the TSF Security Team, that you disable Java in your web browsers.

Java

US-CERT Alert TA13-010A - Oracle Java 7 Security Manager Bypass Vulnerability

We recommend disabling Java in your browsers, and enabling it only when needed by certain websites.

Please disable Java in your browser(s) by following these instructions:

How do I disable Java in my web browser?

------------------------------------------------------

Make sure you backup your system, so possible reformatting in the future isn't necessary:

Support - Windows Help

------------------------------------------------------

SPYWARE PREVENTION
In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read this well written article:
To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware, or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an add-on available for IE, Firefox, and Chrome.
  • MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is the IP of your local computer. See guide here and for Windows 7 here
Keep your antivirus program and antispyware programs updated and scan with them on a regular basis.

Please respond to this thread one more time so we can mark this thread as resolved.
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top