User Tag List

Help please

This is a discussion on Help please within the Resolved HJT Threads forums, part of the Tech Support Forum category. My pc is in popup hell! It lags and pops up in firefox and chrome sometimes 6 pop ups at


 
 
Thread Tools Search this Thread
Old 09-06-2015, 07:23 PM   #1
Registered Member
 
Join Date: Sep 2015
Posts: 17
OS: Windows 7



My pc is in popup hell! It lags and pops up in firefox and chrome sometimes 6 pop ups at a time. sometimes about pc virus and sometimes other stuff.
My virus scan shows nothing when scanned

Help please

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17937 BrowserJavaVersion: 11.40.2
Run by NorrisFamily at 20:04:34 on 2015-09-06
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8097.3694 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Enabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\daugava\Upbgbeie.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
c:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
c:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Program Files\daugava\csrcc.exe
C:\Program Files\daugava\Weekfqwb.exe
C:\Program Files (x86)\DELL\DELLOSD\DellOSDService.exe
C:\Program Files (x86)\DELL\DELLOSD\TestDispChangedEvent.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\OSDSrv.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\TELUS\TELUS security advisor\ServicepointService.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Updater By Sweetpacks\ExtensionUpdaterService.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\daugava\Ejemidvlf.exe
C:\Program Files\daugava\Ejemidvlf64.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\GWX\GWX.exe
C:\Program Files (x86)\DELL\DELLOSD\FastUserSwitching.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\DELL\Dell KM632 Wireless Keyboard Caps Lock Indicator\LaunchOSDSrv.exe
C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\IndicatorOSD.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
C:\Program Files (x86)\DELL\DELLOSD\MediaButtons.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\TELUS\TELUS security advisor\Tsa.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe
C:\PROGRA~2\MICROS~3\Office14\WINWORD.EXE
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Windows\splwow64.exe
c:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
c:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Dell Update\DellUpService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\Dell Update\DellUpTray.exe
C:\Program Files\Dell\DellDataVault\DellDataVault.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Origin\Origin.exe
C:\Windows\explorer.exe
C:\Program Files (x86)\DELL\DELLOSD\DELLOSD.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mStart Page = about:blank
mWinlogon: Userinit = userinit.exe
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll
BHO: Updater By Sweetpacks: {DEDAF650-12B8-48f5-A843-BBA100716106} - C:\Program Files\Updater By Sweetpacks\Extension32.dll
BHO: SweetPacks Browser Helper: {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
BHO: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Funmoods Toolbar: {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} -
TB: SweetPacks Toolbar for Internet Explorer: {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [MyTomTomSA.exe] "C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe"
uRun: [Facebook Update] "C:\Users\NorrisFamily\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
mRun: [DELLOSD] C:\Program Files (x86)\DELL\DELLOSD\FastUserSwitching.exe
mRun: [Chicony_OSD] "C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\LaunchOSDSrv.exe"
mRun: [StickyNotesWidget] "c:\Program Files (x86)\Dell Touch Software Suite\StickyNotes\notes_startup_widgets.exe" "c:\Program Files (x86)\Dell Touch Software Suite\StickyNotes\start.umj"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [FAStartup] <no file>
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDDMST~1.LNK - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDSMAR~1.LNK - C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {63F5866B-A7C5-40B4-9A89-0CCA99726C8D} - hxxps://secure.logmeinrescue.com/Customer/x86/RescueDownloader.cab
TCP: NameServer = 192.168.1.254 75.153.176.9
TCP: Interfaces\{5BF47A3D-314F-41DA-81BB-3E63CB9EC62E} : DHCPNameServer = 192.168.1.254 75.153.176.9
TCP: Interfaces\{5BF47A3D-314F-41DA-81BB-3E63CB9EC62E}\03431393 : DHCPNameServer = 192.168.1.254 75.153.176.1
TCP: Interfaces\{5BF47A3D-314F-41DA-81BB-3E63CB9EC62E}\4554C4553503933373 : DHCPNameServer = 192.168.1.254 75.153.176.9
TCP: Interfaces\{5BF47A3D-314F-41DA-81BB-3E63CB9EC62E}\E4F627279637 : DHCPNameServer = 192.168.1.254 75.153.176.9
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = about:blank
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll
x64-BHO: Updater By Sweetpacks: {DEDAF650-12B8-48f5-A843-BBA100716106} - C:\Program Files\Updater By Sweetpacks\Extension64.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [IntelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray
x64-Run: [BTMTrayAgent] rundll32.exe "c:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [daugava] C:\Program Files\daugava\Ejemidvlf.exe
x64-Run: [daugava64] C:\Program Files\daugava\Ejemidvlf64.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_40-windows-i586.cab
x64-DPF: {CAFEEFAC-0018-0000-0040-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_40-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_40-windows-i586.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\NorrisFamily\AppData\Roaming\Mozilla\Firefox\Profiles\tiqqnckt.default-1375305067190\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.startup.homepage -
FF - prefs.js: keyword.URL - hxxp://mysearch.sweetpacks.com?src=6&barid=79890939703080431061329885315450452091&crg=3.5000006.10058&ppd=&did=10729&st=23&q=
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2015-3-4 280376]
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2011-10-11 25960]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-10-11 55856]
R1 cherimoya;cherimoya;C:\Windows\System32\drivers\cherimoya.sys [2015-7-26 61336]
R2 65f825de-0adc-4791-a1e5-209aa6f7ea76;65f825de-0adc-4791-a1e5-209aa6f7ea76;C:\Program Files\daugava\Upbgbeie.exe [2015-7-26 284320]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-10-11 98208]
R2 AMPPALR3;Intel® Centrino® Bluetooth 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-4-21 1136640]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-3-30 923984]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-3-30 1001808]
R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-4-21 134928]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2015-5-1 1394816]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2015-5-1 1772672]
R2 csrcc;csrcc;C:\Program Files\daugava\csrcc.exe [2015-7-26 1447584]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2015-3-18 822496]
R2 daugava Updater;daugava Updater;C:\Program Files\daugava\Weekfqwb.exe [2015-7-26 173216]
R2 Dell WMI Service;Dell WMI Service;C:\Program Files (x86)\DELL\DELLOSD\DellOSDService.exe [2011-10-11 98304]
R2 DellDataVault;Dell Data Vault;C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2015-5-22 2573520]
R2 DellDataVaultWiz;Dell Data Vault Wizard;C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [2015-5-22 201936]
R2 DellUpdate;Dell Update Service;C:\Program Files (x86)\Dell Update\DellUpService.exe [2015-8-27 237272]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-13 27136]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2015-3-4 124568]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\DELL\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
R2 OSDSvc;ChiconyOSDService;C:\Program Files (x86)\DELL\Dell KM632 Wireless Keyboard Caps Lock Indicator\OSDSrv.exe [2011-10-11 176128]
R2 ServicepointService;ServicepointService;C:\Program Files (x86)\TELUS\TELUS security advisor\ServicepointService.exe [2012-1-6 689464]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2014-10-8 534184]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-10-11 1692480]
R2 SupportAssistAgent;Dell SupportAssist Agent;C:\Program Files (x86)\DELL\SupportAssistAgent\bin\SupportAssistAgent.exe [2015-6-11 20648]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-10-11 2656280]
R2 Updater By Sweetpacks;Updater By Sweetpacks;C:\Program Files\Updater By Sweetpacks\ExtensionUpdaterService.exe [2013-10-15 188760]
R2 WDDMService;WD SmartWare Drive Manager Service;C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-11-13 129536]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
R3 AMPPAL;Intel(R) Centrino(R) Bluetooth 3.0 + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2011-4-21 294912]
R3 AVer7231_x64;AVerMedia 7231 capture service;C:\Windows\System32\drivers\AVer7231_x64.sys [2011-10-11 1800064]
R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-3-30 1321296]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\drivers\btmaux.sys [2011-3-8 51712]
R3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2011-3-8 274944]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2011-10-11 176096]
R3 DDDriver;DDDriver;C:\Windows\System32\drivers\DDDriver64Dcsa.sys [2015-1-30 23760]
R3 DellProf;DellProf;C:\Windows\System32\drivers\DellProf.sys [2015-5-22 24240]
R3 iBtFltCoex;iBtFltCoex;C:\Windows\System32\drivers\iBtFltCoex.sys [2011-3-22 59904]
R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2011-5-17 25496]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2015-4-30 366544]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-10-11 412776]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2014-10-8 766632]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2014-10-8 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2014-10-8 29352]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2014-10-8 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2014-10-8 211104]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-4-12 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-4-11 124088]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-1-2 315488]
S3 AMPPALP;Intel(R) Centrino(R) Bluetooth 3.0 + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2011-4-21 294912]
S3 FACAP;facap, FastAccess Video Capture;C:\Windows\System32\drivers\facap.sys [2008-9-24 238848]
S3 GamesAppIntegrationService;GamesAppIntegrationService;C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [2014-4-24 255040]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 203344]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2015-8-11 114688]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-10-11 158976]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2011-5-17 34200]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-5-2 340240]
S3 Origin Client Service;Origin Client Service;C:\Program Files (x86)\Origin\OriginClientService.exe [2014-12-25 2057736]
S3 pmxdrv;pmxdrv;C:\Windows\System32\drivers\pmxdrv.sys [2012-6-20 31152]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUVStor.sys [2011-10-11 311400]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2014-8-15 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-12-2 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2015-09-06 15:05:00 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0CCF028D-5BF2-4FBD-A1ED-74D1AD91E0C1}\offreg.868.dll
2015-09-06 15:03:25 11745192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0CCF028D-5BF2-4FBD-A1ED-74D1AD91E0C1}\mpengine.dll
2015-09-06 05:14:22 11745192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-09-05 20:16:07 -------- d-----w- C:\Program Files (x86)\Minecraft
2015-09-03 23:29:15 -------- d-----w- C:\ProgramData\Package Cache
2015-09-03 21:31:12 1190000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{741DB20D-061E-4898-98B9-9ABDC2A953F2}\gapaengine.dll
2015-09-01 20:59:13 -------- d-----w- C:\Program Files\iPod
2015-09-01 20:59:12 -------- d-----w- C:\Program Files\iTunes
2015-09-01 20:59:12 -------- d-----w- C:\Program Files (x86)\iTunes
2015-09-01 15:48:47 1190000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3F71C1DD-E43D-459F-8514-1188BEFCB989}\gapaengine.dll
2015-08-29 17:38:30 1190000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4A2FC283-6F49-4D5B-8CAF-BC52FA035418}\gapaengine.dll
2015-08-29 17:28:47 -------- d-----w- C:\Program Files (x86)\Dell Update
2015-08-19 09:00:54 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2015-08-19 09:00:53 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2015-08-12 09:24:04 124624 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 09:24:04 103120 ----a-w- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-08-11 20:26:45 9284296 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2015-08-11 20:22:07 52736 ----a-w- C:\Windows\System32\basesrv.dll
2015-08-11 20:19:47 260096 ----a-w- C:\Windows\System32\WebClnt.dll
.
==================== Find3M ====================
.
2015-08-11 20:27:09 778440 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2015-08-11 20:27:08 142536 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-07-30 1857 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2015-07-30 1857 1648128 ----a-w- C:\Windows\System32\DWrite.dll
2015-07-30 1857 1180160 ----a-w- C:\Windows\System32\FntCache.dll
2015-07-30 1842 41984 ----a-w- C:\Windows\System32\lpk.dll
2015-07-30 1839 100864 ----a-w- C:\Windows\System32\fontsub.dll
2015-07-30 1835 14336 ----a-w- C:\Windows\System32\dciman32.dll
2015-07-30 1834 46080 ----a-w- C:\Windows\System32\atmlib.dll
2015-07-30 17:57:30 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2015-07-30 17:57:30 1251328 ----a-w- C:\Windows\SysWow64\DWrite.dll
2015-07-30 17:57:08 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2015-07-30 17:57:05 10240 ----a-w- C:\Windows\SysWow64\dciman32.dll
2015-07-30 17:57:02 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2015-07-30 17:55:56 25600 ----a-w- C:\Windows\SysWow64\lpk.dll
2015-07-30 16:56:07 3208192 ----a-w- C:\Windows\System32\win32k.sys
2015-07-30 16:52:53 372736 ----a-w- C:\Windows\System32\atmfd.dll
2015-07-30 16:49:55 299520 ----a-w- C:\Windows\SysWow64\atmfd.dll
2015-07-28 20:09:44 17344 ----a-w- C:\Windows\System32\CompatTelRunner.exe
2015-07-28 20:05:53 774656 ----a-w- C:\Windows\System32\invagent.dll
2015-07-28 20:05:50 743424 ----a-w- C:\Windows\System32\generaltel.dll
2015-07-28 20:05:47 437760 ----a-w- C:\Windows\System32\devinv.dll
2015-07-28 20:05:45 1116672 ----a-w- C:\Windows\System32\appraiser.dll
2015-07-28 20:05:44 69120 ----a-w- C:\Windows\System32\acmigration.dll
2015-07-28 20:05:44 227328 ----a-w- C:\Windows\System32\aepdu.dll
2015-07-28 19:55:14 1148416 ----a-w- C:\Windows\System32\aeinv.dll
2015-07-20 18:12:45 98304 ----a-w- C:\Windows\System32\wudriver.dll
2015-07-20 18:12:45 3154944 ----a-w- C:\Windows\System32\wucltux.dll
2015-07-20 18:12:45 192000 ----a-w- C:\Windows\System32\wuwebv.dll
2015-07-20 18:12:16 91136 ----a-w- C:\Windows\System32\WinSetupUI.dll
2015-07-20 18:12:05 12288 ----a-w- C:\Windows\System32\wu.upgrade.ps.dll
2015-07-20 18:12:02 37376 ----a-w- C:\Windows\System32\wuapp.exe
2015-07-20 17:56:49 93184 ----a-w- C:\Windows\SysWow64\wudriver.dll
2015-07-20 17:56:49 173056 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2015-07-20 17:56:08 34816 ----a-w- C:\Windows\SysWow64\wuapp.exe
2015-07-16 20:54:33 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2015-07-16 20:37:26 66560 ----a-w- C:\Windows\System32\iesetup.dll
2015-07-16 20:36:31 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2015-07-16 20:36:22 417792 ----a-w- C:\Windows\System32\html.iec
2015-07-16 20:36:21 584192 ----a-w- C:\Windows\System32\vbscript.dll
2015-07-16 20:35:40 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2015-07-16 20:26:00 5923328 ----a-w- C:\Windows\System32\jscript9.dll
2015-07-16 20:21:50 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2015-07-16 20:21:47 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2015-07-16 20:21:25 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2015-07-16 20:12:23 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2015-07-16 20:00:07 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-07-16 19:51:47 504320 ----a-w- C:\Windows\SysWow64\vbscript.dll
2015-07-16 19:51:46 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2015-07-16 19:50:54 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2015-07-16 19:50:38 341504 ----a-w- C:\Windows\SysWow64\html.iec
2015-07-16 19:49:37 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2015-07-16 19:39:20 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2015-07-16 19:38:51 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2015-07-16 19:33:23 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2015-07-16 19:32:53 2125824 ----a-w- C:\Windows\System32\inetcpl.cpl
2015-07-16 19:24:03 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2015-07-16 19:12:42 2427904 ----a-w- C:\Windows\System32\wininet.dll
2015-07-16 19:12:39 4520448 ----a-w- C:\Windows\SysWow64\jscript9.dll
2015-07-16 1906 2052608 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2015-07-16 19:05:15 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2015-07-16 18:42:02 1951232 ----a-w- C:\Windows\SysWow64\wininet.dll
2015-07-15 18:15:12 5568960 ----a-w- C:\Windows\System32\ntoskrnl.exe
2015-07-15 18:15:11 94656 ----a-w- C:\Windows\System32\drivers\mountmgr.sys
2015-07-15 18:15:10 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2015-07-15 18:15:10 155584 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2015-07-15 18:12:09 1730496 ----a-w- C:\Windows\System32\ntdll.dll
2015-07-15 18:11:14 362496 ----a-w- C:\Windows\System32\wow64win.dll
2015-07-15 18:11:14 243712 ----a-w- C:\Windows\System32\wow64.dll
2015-07-15 18:11:14 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2015-07-15 18:11:13 215040 ----a-w- C:\Windows\System32\winsrv.dll
2015-07-15 18:11:01 210944 ----a-w- C:\Windows\System32\wdigest.dll
2015-07-15 18:09:57 338432 ----a-w- C:\Windows\System32\conhost.exe
2015-07-15 18:09:52 64000 ----a-w- C:\Windows\System32\auditpol.exe
2015-07-15 18:05:47 60416 ----a-w- C:\Windows\System32\msobjs.dll
2015-07-15 18:05:26 146432 ----a-w- C:\Windows\System32\msaudite.dll
2015-07-15 17:59:45 3989952 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2015-07-15 17:59:45 3934656 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2015-07-15 17:56:24 1311768 ----a-w- C:\Windows\SysWow64\ntdll.dll
2015-07-15 17:55:07 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2015-07-15 17:55:04 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2015-07-15 17:55:02 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2015-07-15 17:55:00 248832 ----a-w- C:\Windows\SysWow64\schannel.dll
2015-07-15 17:55:00 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2015-07-15 17:54:56 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2015-07-15 17:54:55 221184 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2015-07-15 17:54:54 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2015-07-15 17:54:49 552960 ----a-w- C:\Windows\SysWow64\kerberos.dll
2015-07-15 17:54:43 36864 ----a-w- C:\Windows\SysWow64\cryptbase.dll
2015-07-15 17:54:43 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2015-07-15 17:54:40 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2015-07-15 17:54:22 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2015-07-15 17:53:53 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2015-07-15 17:53:37 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2015-07-15 17:53:36 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2015-07-15 17:53:36 665088 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2015-07-15 17:53:36 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2015-07-15 17:49:10 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll
2015-07-15 17:48:14 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2015-07-15 16:46:59 159232 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
.
============= FINISH: 20:05:08.40 ===============
Attached Files
File Type: txt attach.txt (13.7 KB, 24 views)
Norr_62 is offline  
Sponsored Links
Advertisement
 
Old 09-06-2015, 08:12 PM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

Emergency Backup Procedure - Tech Support Forum

Also, if you haven't done so already, create a system repair disc. It's really easy and quick.

How To Create a Windows 7 System Repair Disc [Easy]

------------------------------------------------------

**Note - Please do NOT upgrade your OS to Windows 10 until your machine is clean, and we have uninstalled all our removal tools. Thanks.

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Do NOT click the green 'Download' button(if visible).
  • Click the blue 'Download now @bleepingcomputer' button.
  • Run AdwCleaner and select Scan
  • Once the Scan is done, select Cleaning
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[S#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.
  • Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 09-07-2015, 06:49 PM   #3
Registered Member
 
Join Date: Sep 2015
Posts: 17
OS: Windows 7



# AdwCleaner v5.006 - Logfile created 07/09/2015 at 19:44:34
# Updated 06/09/2015 by Xplode
# Database : 2015-09-07.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : NorrisFamily - OURPC
# Running from : C:\Users\NorrisFamily\Downloads\AdwCleaner.exe
# Option : Cleaning
# Support : Forum - ToolsLib

***** [ Services ] *****

[-] Service Deleted : cherimoya
[-] Service Deleted : csrcc
[-] Service Deleted : Updater By SweetPacks
[-] Service Deleted : daugava Updater
[-] Service Deleted : 65f825de-0adc-4791-a1e5-209aa6f7ea76

***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files\Updater By SweetPacks
[-] Folder Deleted : C:\Program Files\daugava
[-] Folder Deleted : C:\Program Files (x86)\MyPC Backup
[-] Folder Deleted : C:\Program Files (x86)\SweetIM
[-] Folder Deleted : C:\Program Files (x86)\Yontoo
[-] Folder Deleted : C:\ProgramData\Tarma Installer
[-] Folder Deleted : C:\Users\NorrisFamily\AppData\Local\StartNow
[-] Folder Deleted : C:\Users\NorrisFamily\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
[-] Folder Deleted : C:\Users\NorrisFamily\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj
[-] Folder Deleted : C:\Users\NorrisFamily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc
[-] Folder Deleted : C:\Users\NorrisFamily\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd
[-] Folder Deleted : C:\Users\NorrisFamily\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmbmildjdmppofnohldicmnkojfhggmb
[-] Folder Deleted : C:\Users\NorrisFamily\AppData\LocalLow\Funmoods
[-] Folder Deleted : C:\Users\NorrisFamily\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
[-] Folder Deleted : C:\Users\NorrisFamily\AppData\Roaming\Systweak
[#] Folder Deleted : C:\Users\NorrisFamily\AppData\Roaming\Mozilla\Firefox\Profiles\tiqqnckt.default-1375305067190\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi

***** [ Files ] *****

[-] File Deleted : C:\Users\NorrisFamily\AppData\Local\funmoods.crx
[-] File Deleted : C:\Users\NorrisFamily\AppData\Local\funmoods-speeddial.crx
[-] File Deleted : C:\Users\NorrisFamily\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage
[-] File Deleted : C:\Users\NorrisFamily\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage
[-] File Deleted : C:\Users\NorrisFamily\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jmbmildjdmppofnohldicmnkojfhggmb_0.localstorage
[-] File Deleted : C:\Users\NorrisFamily\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jmbmildjdmppofnohldicmnkojfhggmb_0.localstorage-journal
[-] File Deleted : C:\Users\NorrisFamily\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jmbmildjdmppofnohldicmnkojfhggmb
[-] File Deleted : C:\Users\NorrisFamily\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage
[-] File Deleted : C:\Users\NorrisFamily\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage-journal
[-] File Deleted : C:\Users\NorrisFamily\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.azlyrics.com_0.localstorage
[-] File Deleted : C:\Users\NorrisFamily\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.azlyrics.com_0.localstorage-journal
[-] File Deleted : C:\Users\NorrisFamily\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.lyricsfreak.com_0.localstorage
[-] File Deleted : C:\Users\NorrisFamily\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.lyricsfreak.com_0.localstorage-journal
[-] File Deleted : C:\Users\NorrisFamily\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.superfish.com_0.localstorage-journal
[-] File Deleted : C:\Users\NorrisFamily\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_plarium.com_0.localstorage
[-] File Deleted : C:\Users\NorrisFamily\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_plarium.com_0.localstorage-journal
[-] File Deleted : C:\Users\NorrisFamily\AppData\LocalLow\SkwConfig.bin
[-] File Deleted : C:\Users\NorrisFamily\AppData\Roaming\Mozilla\Firefox\Profiles\tiqqnckt.default-1375305067190\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
[-] File Deleted : C:\Users\NorrisFamily\AppData\Roaming\Mozilla\Firefox\Profiles\tiqqnckt.default-1375305067190\searchplugins\SweetIm.xml
[-] File Deleted : C:\Windows\Sysnative\roboot64.exe
[-] File Deleted : C:\Windows\Sysnative\drivers\cherimoya.sys

***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [Backup.old.Start Page]
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
[-] Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
[-] Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\f
[-] Key Deleted : HKLM\SOFTWARE\Classes\funmoods.dskBnd
[-] Key Deleted : HKLM\SOFTWARE\Classes\funmoods.dskBnd.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\funmoodsApp.appCore
[-] Key Deleted : HKLM\SOFTWARE\Classes\funmoodsApp.appCore.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
[-] Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
[-] Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
[-] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
[-] Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
[-] Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]
[-] Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{8E9E3331-D360-4f87-8803-52DE43566502}]
[-] Value Deleted : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{8E9E3331-D360-4f87-8803-52DE43566502}]
[-] Key Deleted : HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
[-] Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
[-] Key Deleted : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
[-] Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{425F4ABF-B8E4-402D-9E49-06E494EB8DBF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DEDAF650-12B8-48F5-A843-BBA100716106}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7D8DAE88-BC05-4578-8C29-E541FFBA5757}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{14EF423E-3EE8-44AE-9337-07AC3F27B744}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DEDAF650-12B8-48F5-A843-BBA100716106}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DEDAF650-12B8-48F5-A843-BBA100716106}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DEDAF650-12B8-48F5-A843-BBA100716106}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{38122A36-83B2-46B8-B39A-EC72A4614A07}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{EEE6C35B-6118-11DC-9C72-001320C79847}]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{EEE6C35C-6118-11DC-9C72-001320C79847}]
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{DEDAF650-12B8-48F5-A843-BBA100716106}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD2049E-E483-4425-8555-8E0775ACB631}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2D73F2D0-2FAB-458E-977D-2F9050E0ED60}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66D59105-FE06-43A4-B292-EB0097E9EB74}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9103C314-C4E2-4463-8934-B19BCB46236D}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DEDAF650-12B8-48F5-A843-BBA100716106}
[-] Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}
[-] Key Deleted : HKCU\Software\Conduit
[-] Key Deleted : HKCU\Software\IM
[-] Key Deleted : HKCU\Software\ImInstaller
[-] Key Deleted : HKCU\Software\Softonic
[-] Key Deleted : HKCU\Software\SweetIM
[-] Key Deleted : HKCU\Software\wscontb
[-] Key Deleted : HKCU\Software\Zugo
[-] Key Deleted : HKLM\SOFTWARE\dlQUE
[-] Key Deleted : HKLM\SOFTWARE\SweetIM
[-] Key Deleted : HKLM\SOFTWARE\systweak
[-] Key Deleted : HKLM\SOFTWARE\Updater By Sweetpacks
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F4E33CE5-A7AB-4F68-A7E7-F0AA84EF2D9E}
[!] Key Not Deleted : [x64] HKCU\Software\Conduit
[!] Key Not Deleted : [x64] HKCU\Software\IM
[!] Key Not Deleted : [x64] HKCU\Software\ImInstaller
[!] Key Not Deleted : [x64] HKCU\Software\Softonic
[!] Key Not Deleted : [x64] HKCU\Software\SweetIM
[!] Key Not Deleted : [x64] HKCU\Software\wscontb
[!] Key Not Deleted : [x64] HKCU\Software\Zugo
[-] Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
[-] Key Deleted : [x64] HKLM\SOFTWARE\Updater By Sweetpacks
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DEDAF650-12B8-48f5-A843-BBA100716106}_is1
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{f179b4aa-3249-4e0e-a45a-8519d6bcd424}_is1
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\5EC33E4FBA7A86F47A7E0FAA48FED2E9
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\5EC33E4FBA7A86F47A7E0FAA48FED2E9
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D6A6B2ED56AF24EA6335EAD6E91CA4
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7E7F552EF334C802D75A55F0F6344722
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EDC790504E1834DBC20C9A04328FD2
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97C3D0F82E712E241A2F969F45E3351C
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E7F556BF224D804D96A96F0F6344789
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE21F3FD57B244142880EF15A165A156
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\5EC33E4FBA7A86F47A7E0FAA48FED2E9
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0
[!] Key Not Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{FBD9499A-91EC-C593-1D50-7512683B52A6}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[!] Key Not Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
[!] Key Not Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{FBD9499A-91EC-C593-1D50-7512683B52A6}
[!] Key Not Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}
[-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[!] Key Not Deleted : HKU\S-1-5-21-1126028262-1166730891-630618919-1001\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
[!] Key Not Deleted : HKU\S-1-5-21-1126028262-1166730891-630618919-1001\Software\Microsoft\Internet Explorer\SearchScopes\{FBD9499A-91EC-C593-1D50-7512683B52A6}

***** [ Web browsers ] *****

[-] [C:\Users\NorrisFamily\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\NorrisFamily\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : bbjciahceamgodcoidkjpchnokgfpphh
[-] [C:\Users\NorrisFamily\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : cjpglkicenollcignonpgiafdgfeehoj
[-] [C:\Users\NorrisFamily\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : fcfenmboojpjinhpgggodefccipikbpd
[-] [C:\Users\NorrisFamily\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : jmbmildjdmppofnohldicmnkojfhggmb
[-] [C:\Users\NorrisFamily\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : niapdbllcanepiiimjjndipklodoedlc

*************************

:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [22226 bytes] ##########
Norr_62 is offline  
Sponsored Links
Advertisement
 
Old 09-07-2015, 06:56 PM   #4
Registered Member
 
Join Date: Sep 2015
Posts: 17
OS: Windows 7



Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-09-2015
Ran by NorrisFamily (administrator) on OURPC (07-09-2015 19:49:59)
Running from C:\Users\NorrisFamily\Downloads
Loaded Profiles: NorrisFamily (Available Profiles: UpdatusUser & NorrisFamily)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Program Files (x86)\DELL\DELLOSD\DellOSDService.exe
() C:\Program Files (x86)\DELL\DELLOSD\TestDispChangedEvent.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Dell, Inc.) C:\Program Files (x86)\DELL\Dell Datasafe Online\NOBuAgent.exe
(Chicony) C:\Program Files (x86)\DELL\Dell KM632 Wireless Keyboard Caps Lock Indicator\OSDSrv.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Radialpoint Inc.) C:\Program Files (x86)\TELUS\TELUS security advisor\ServicepointService.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Dell Inc.) C:\Program Files (x86)\DELL\SupportAssistAgent\bin\SupportAssistAgent.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
(Memeo) C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(TomTom) C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
() C:\Program Files (x86)\DELL\DELLOSD\FastUserSwitching.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
() C:\Program Files (x86)\DELL\Dell KM632 Wireless Keyboard Caps Lock Indicator\LaunchOSDSrv.exe
() C:\Program Files (x86)\DELL\DELLOSD\MediaButtons.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
() C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe
(TELUS) C:\Program Files (x86)\TELUS\TELUS security advisor\Tsa.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(DELL) C:\Program Files (x86)\DELL\Dell KM632 Wireless Keyboard Caps Lock Indicator\IndicatorOSD.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(DELL COMPUTER INC.) C:\Program Files (x86)\DELL\DELLOSD\DELLOSD.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe
(Western Digital) C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7214696 2011-05-25] (Realtek Semiconductor)
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-05-02] (Intel(R) Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "c:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [daugava] => C:\Program Files\daugava\Ejemidvlf.exe
HKLM\...\Run: [daugava64] => C:\Program Files\daugava\Ejemidvlf64.exe
HKLM-x32\...\Run: [DELLOSD] => C:\Program Files (x86)\DELL\DELLOSD\FastUserSwitching.exe [49152 2010-12-06] ()
HKLM-x32\...\Run: [Chicony_OSD] => C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\LaunchOSDSrv.exe [53248 2011-01-12] ()
HKLM-x32\...\Run: [StickyNotesWidget] => c:\Program Files (x86)\Dell Touch Software Suite\StickyNotes\notes_startup_widgets.exe [666344 2011-03-18] ()
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [503942 2011-04-13] (Creative Technology Ltd)
HKLM-x32\...\Run: [FAStartup] => [X]
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2015-06-26] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [NeroLauncher] => C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe [66872 2012-02-06] ()
HKLM-x32\...\Run: [Tsa.exe] => C:\Program Files (x86)\TELUS\TELUS security advisor\Tsa.exe [4318520 2010-12-15] (TELUS)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157968 2015-08-13] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1126028262-1166730891-630618919-1001\...\Run: [MyTomTomSA.exe] => C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe [434168 2012-05-18] (TomTom)
HKU\S-1-5-21-1126028262-1166730891-630618919-1001\...\Run: [Facebook Update] => C:\Users\NorrisFamily\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-01-04] (Facebook Inc.)
HKU\S-1-5-21-1126028262-1166730891-630618919-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3638256 2015-09-03] (Electronic Arts)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [247144 2012-10-25] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [202600 2012-10-25] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2012-03-26]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk [2012-07-06]
ShortcutTarget: WDDMStatus.lnk -> C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDSmartWare.lnk [2012-07-06]
ShortcutTarget: WDSmartWare.lnk -> C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 75.153.176.9
Tcpip\..\Interfaces\{5BF47A3D-314F-41DA-81BB-3E63CB9EC62E}: [DhcpNameServer] 192.168.1.254 75.153.176.9

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1126028262-1166730891-630618919-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=SKY2&ocid=SKY2DHP&osmkt=en-ca
SearchScopes: HKLM-x32 -> Backup.Old.DefaultScope {49606DC7-976D-4030-A74E-9FB5C842FA68}
SearchScopes: HKLM-x32 -> {013E84FE-C587-1904-B355-629F0EDC9F59} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1126028262-1166730891-630618919-1001 -> DefaultScope {013E84FE-C587-1904-B355-629F0EDC9F59} URL = hxxp://www.bing.com/search?FORM=SKY2DF&PC=SKY2&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1126028262-1166730891-630618919-1001 -> Backup.Old.DefaultScope {FBD9499A-91EC-C593-1D50-7512683B52A6}
SearchScopes: HKU\S-1-5-21-1126028262-1166730891-630618919-1001 -> {013E84FE-C587-1904-B355-629F0EDC9F59} URL = hxxp://www.bing.com/search?FORM=SKY2DF&PC=SKY2&q={searchTerms}&src=IE-SearchBox
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-25] (Oracle Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-25] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-25] (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Co.)
DPF: HKLM-x32 {63F5866B-A7C5-40B4-9A89-0CCA99726C8D} hxxps://secure.logmeinrescue.com/Customer/x86/RescueDownloader.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\NorrisFamily\AppData\Roaming\Mozilla\Profiles\15syqeiv.Default User
FF NewTab: hxxp://mysearch.sweetpacks.com/?barid=79890939703080431061329885315450452091&src=97&crg=3.5000006.10058&ppd=&did=10729&st=23
FF DefaultSearchEngine.US: Google
FF DefaultSearchUrl:
FF Homepage: hxxps://www.google.ca/
FF Keyword.URL: hxxp://mysearch.sweetpacks.com?src=6&barid=79890939703080431061329885315450452091&crg=3.5000006.10058&ppd=&did=10729&st=23&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-11] ()
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre1.8.0_40\bin\new_plugin\npjp2.dll [No File]
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-25] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files (x86)\Virtual Earth 3D\ [No File]
FF Plugin: @radialpoint.com/SPA,version=1 -> C:\Program Files (x86)\TELUS\TELUS security advisor\nprpspa.dll [2010-12-15] (TELUS)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-11] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-07-30] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @radialpoint.com/SPA,version=1 -> C:\Program Files (x86)\TELUS\TELUS security advisor\nprpspa.dll [2010-12-15] (TELUS)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-28] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\21\NP_wtapp.dll [2014-08-15] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-06-26] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1126028262-1166730891-630618919-1001: @nsroblox.roblox.com/launcher -> C:\Users\NorrisFamily\AppData\Local\Roblox\Versions\version-59f5d380c5e14856\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-1126028262-1166730891-630618919-1001: @nsroblox.roblox.com/launcher64 -> C:\Users\NorrisFamily\AppData\Local\Roblox\Versions\version-59f5d380c5e14856\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-1126028262-1166730891-630618919-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\NorrisFamily\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-1126028262-1166730891-630618919-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\NorrisFamily\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2013-08-21] (Unity Technologies ApS)
FF SearchPlugin: C:\Users\NorrisFamily\AppData\Roaming\Mozilla\Profiles\15syqeiv.Default User\searchplugins\my-web-search.xml [2013-06-16]
FF SearchPlugin: C:\Users\NorrisFamily\AppData\Roaming\Mozilla\Profiles\15syqeiv.Default User\searchplugins\sweetim.xml [2013-10-15]
FF SearchPlugin: C:\Users\NorrisFamily\AppData\Roaming\Mozilla\Profiles\15syqeiv.Default User\searchplugins\Sweetpacks Search.xml [2013-10-15]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2015-08-27]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-08-27]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-03-26]
FF HKU\S-1-5-21-1126028262-1166730891-630618919-1001\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\firefox.cfg [2015-08-27] <==== ATTENTION

Chrome:
=======
CHR HomePage: Default -> hxxp://mysearch.sweetpacks.com/?src=10&st=12&crg=3.5000006.10058&did=10729&barid=79890939703080431061329885315450452091
CHR StartupUrls: Default -> "https://www.google.ca/webhp?sourceid=chrome-instant&ion=1&espv=2&ie=UTF-8"
CHR Profile: C:\Users\NorrisFamily\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\NorrisFamily\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-25]
CHR Extension: (Google Search) - C:\Users\NorrisFamily\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-25]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\NorrisFamily\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Skype Click to Call) - C:\Users\NorrisFamily\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-03-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\NorrisFamily\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-22]
CHR Extension: (Gmail) - C:\Users\NorrisFamily\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-25]
CHR HKU\S-1-5-21-1126028262-1166730891-630618919-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R2 Dell WMI Service; C:\Program Files (x86)\DELL\DELLOSD\DellOSDService.exe [98304 2011-05-27] () [File not signed]
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2573520 2015-05-22] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201936 2015-05-22] (Dell Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-08-27] (Dell Inc.)
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [255040 2014-10-07] (WildTangent)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-05-02] ()
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2057736 2015-09-03] (Electronic Arts)
R2 OSDSvc; C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\OSDSrv.exe [176128 2010-12-01] (Chicony) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 ServicepointService; C:\Program Files (x86)\TELUS\TELUS security advisor\ServicepointService.exe [689464 2010-12-15] (Radialpoint Inc.)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [20648 2015-06-11] (Dell Inc.)
R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [129536 2009-11-13] (WDC) [File not signed]
R2 WDSmartWareBackgroundService; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [20480 2009-06-16] (Memeo) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AVer7231_x64; C:\Windows\System32\DRIVERS\AVer7231_x64.sys [1800064 2011-03-04] (AVerMedia TECHNOLOGIES, Inc.)
R3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [23760 2015-01-30] (Dell Computer Corporation)
R3 DellProf; C:\Windows\System32\drivers\DellProf.sys [24240 2015-05-22] (Dell Computer Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2012-06-20] ()
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-08-15] (Apple, Inc.) [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-07 19:49 - 2015-09-07 19:51 - 00027080 _____ C:\Users\NorrisFamily\Downloads\FRST.txt
2015-09-07 19:49 - 2015-09-07 19:50 - 00000000 ____D C:\FRST
2015-09-07 19:49 - 2015-09-07 19:49 - 02190336 _____ (Farbar) C:\Users\NorrisFamily\Downloads\FRST64.exe
2015-09-07 19:47 - 2015-09-07 19:47 - 00022538 _____ C:\Users\NorrisFamily\Desktop\AdwCleaner[C1].txt
2015-09-07 19:43 - 2015-09-07 19:44 - 00000000 ____D C:\AdwCleaner
2015-09-07 19:43 - 2015-09-07 19:43 - 01654784 _____ C:\Users\NorrisFamily\Downloads\AdwCleaner.exe
2015-09-06 20:05 - 2015-09-06 20:05 - 00033828 _____ C:\Users\NorrisFamily\Desktop\dds.txt
2015-09-06 20:05 - 2015-09-06 20:05 - 00014019 _____ C:\Users\NorrisFamily\Desktop\attach.txt
2015-09-06 20:04 - 2015-09-06 20:04 - 00688992 ____R (Swearware) C:\Users\NorrisFamily\Downloads\dds.scr
2015-09-05 14:29 - 2015-09-05 14:29 - 00003841 _____ C:\Users\NorrisFamily\Downloads\forge-1.8-11.14.3.1502-installer.jar.log
2015-09-05 14:28 - 2015-09-05 14:28 - 03719524 _____ C:\Users\NorrisFamily\Downloads\forge-1.8-11.14.3.1502-installer.jar
2015-09-05 14:24 - 2015-09-05 14:24 - 00675988 _____ C:\Users\NorrisFamily\Downloads\Minecraft.exe
2015-09-05 14:16 - 2015-09-05 14:20 - 00000000 ____D C:\Program Files (x86)\Minecraft
2015-09-05 14:16 - 2015-09-05 14:16 - 00000963 _____ C:\Users\Public\Desktop\Minecraft.lnk
2015-09-05 14:16 - 2015-09-05 14:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft
2015-09-05 14:14 - 2015-09-05 14:14 - 02314240 _____ C:\Users\NorrisFamily\Downloads\MinecraftInstaller.msi
2015-09-05 14:12 - 2015-09-05 14:12 - 10375504 _____ C:\Users\NorrisFamily\Downloads\minecraft_server.1.8.jar
2015-09-03 17:29 - 2015-09-03 17:30 - 00000000 ____D C:\ProgramData\Package Cache
2015-09-01 14:59 - 2015-09-01 14:59 - 00001785 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-09-01 14:59 - 2015-09-01 14:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-09-01 14:59 - 2015-09-01 14:59 - 00000000 ____D C:\Program Files\iTunes
2015-09-01 14:59 - 2015-09-01 14:59 - 00000000 ____D C:\Program Files\iPod
2015-09-01 14:59 - 2015-09-01 14:59 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-08-29 11:28 - 2015-08-29 11:28 - 00000000 ____D C:\Program Files (x86)\Dell Update
2015-08-27 15:15 - 2015-08-29 11:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-26 17:55 - 2015-08-26 17:55 - 00851016 _____ (Program soft ) C:\Users\NorrisFamily\Downloads\Skype_Setup.exe
2015-08-19 03:00 - 2015-08-10 19:20 - 25191936 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-08-19 03:00 - 2015-08-10 19:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-08-19 03:00 - 2015-08-10 18:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-08-19 03:00 - 2015-08-10 18:20 - 19871232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-08-12 03:24 - 2015-07-30 07:13 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 03:24 - 2015-07-30 07:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-11 14:26 - 2015-08-11 14:26 - 09284296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-08-11 14:25 - 2015-07-28 14:09 - 00017344 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-08-11 14:25 - 2015-07-28 14:05 - 01116672 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-08-11 14:25 - 2015-07-28 14:05 - 00774656 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-08-11 14:25 - 2015-07-28 14:05 - 00743424 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-08-11 14:25 - 2015-07-28 14:05 - 00437760 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-08-11 14:25 - 2015-07-28 14:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-08-11 14:25 - 2015-07-28 14:05 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-08-11 14:25 - 2015-07-28 13:55 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-08-11 14:25 - 2015-07-15 12:15 - 05568960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-11 14:25 - 2015-07-15 12:15 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-08-11 14:25 - 2015-07-15 12:15 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-08-11 14:25 - 2015-07-15 12:15 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-11 14:25 - 2015-07-15 12:12 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-11 14:25 - 2015-07-15 12:11 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-08-11 14:25 - 2015-07-15 12:11 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-08-11 14:25 - 2015-07-15 12:11 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-08-11 14:25 - 2015-07-15 12:11 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-08-11 14:25 - 2015-07-15 12:11 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-08-11 14:25 - 2015-07-15 12:10 - 01743360 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2015-08-11 14:25 - 2015-07-15 12:10 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-08-11 14:25 - 2015-07-15 12:10 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-08-11 14:25 - 2015-07-15 12:10 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-08-11 14:25 - 2015-07-15 12:10 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-08-11 14:25 - 2015-07-15 12:10 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-08-11 14:25 - 2015-07-15 12:10 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-08-11 14:25 - 2015-07-15 12:10 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-08-11 14:25 - 2015-07-15 12:10 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-08-11 14:25 - 2015-07-15 12:10 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-08-11 14:25 - 2015-07-15 12:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-08-11 14:25 - 2015-07-15 12:10 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-08-11 14:25 - 2015-07-15 12:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-08-11 14:25 - 2015-07-15 12:10 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-08-11 14:25 - 2015-07-15 12:10 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-08-11 14:25 - 2015-07-15 12:10 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-08-11 14:25 - 2015-07-15 12:10 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-08-11 14:25 - 2015-07-15 12:10 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-08-11 14:25 - 2015-07-15 12:10 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-08-11 14:25 - 2015-07-15 12:10 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-08-11 14:25 - 2015-07-15 12:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-08-11 14:25 - 2015-07-15 12:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-08-11 14:25 - 2015-07-15 12:10 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-08-11 14:25 - 2015-07-15 12:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-08-11 14:25 - 2015-07-15 12:09 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-08-11 14:25 - 2015-07-15 12:05 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-08-11 14:25 - 2015-07-15 12:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-08-11 14:25 - 2015-07-15 12:00 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-08-11 14:25 - 2015-07-15 12:00 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-08-11 14:25 - 2015-07-15 12:00 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-08-11 14:25 - 2015-07-15 12:00 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-08-11 14:25 - 2015-07-15 12:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-11 14:25 - 2015-07-15 12:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-11 14:25 - 2015-07-15 12:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-11 14:25 - 2015-07-15 12:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-08-11 14:25 - 2015-07-15 12:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-11 14:25 - 2015-07-15 12:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-08-11 14:25 - 2015-07-15 12:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-11 14:25 - 2015-07-15 12:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-11 14:25 - 2015-07-15 12:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-11 14:25 - 2015-07-15 12:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-08-11 14:25 - 2015-07-15 12:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-08-11 14:25 - 2015-07-15 12:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-11 14:25 - 2015-07-15 12:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-08-11 14:25 - 2015-07-15 12:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-08-11 14:25 - 2015-07-15 12:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-08-11 14:25 - 2015-07-15 12:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-08-11 14:25 - 2015-07-15 12:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-08-11 14:25 - 2015-07-15 12:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-08-11 14:25 - 2015-07-15 12:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-11 14:25 - 2015-07-15 12:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-08-11 14:25 - 2015-07-15 12:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-08-11 14:25 - 2015-07-15 12:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-11 14:25 - 2015-07-15 12:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-08-11 14:25 - 2015-07-15 12:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-08-11 14:25 - 2015-07-15 12:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-08-11 14:25 - 2015-07-15 12:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-08-11 14:25 - 2015-07-15 11:59 - 03989952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-08-11 14:25 - 2015-07-15 11:59 - 03934656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-08-11 14:25 - 2015-07-15 11:56 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-08-11 14:25 - 2015-07-15 11:55 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-08-11 14:25 - 2015-07-15 11:55 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-08-11 14:25 - 2015-07-15 11:55 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-08-11 14:25 - 2015-07-15 11:55 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-08-11 14:25 - 2015-07-15 11:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-08-11 14:25 - 2015-07-15 11:54 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-08-11 14:25 - 2015-07-15 11:54 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-08-11 14:25 - 2015-07-15 11:54 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-08-11 14:25 - 2015-07-15 11:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-08-11 14:25 - 2015-07-15 11:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-08-11 14:25 - 2015-07-15 11:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-08-11 14:25 - 2015-07-15 11:54 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-08-11 14:25 - 2015-07-15 11:53 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-08-11 14:25 - 2015-07-15 11:53 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-08-11 14:25 - 2015-07-15 11:53 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-08-11 14:25 - 2015-07-15 11:53 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-08-11 14:25 - 2015-07-15 11:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-08-11 14:25 - 2015-07-15 11:53 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-08-11 14:25 - 2015-07-15 11:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-08-11 14:25 - 2015-07-15 11:48 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-08-11 14:25 - 2015-07-15 11:44 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-08-11 14:25 - 2015-07-15 11:44 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-08-11 14:25 - 2015-07-15 11:44 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-08-11 14:25 - 2015-07-15 11:44 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-11 14:25 - 2015-07-15 11:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-11 14:25 - 2015-07-15 11:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-08-11 14:25 - 2015-07-15 11:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-08-11 14:25 - 2015-07-15 11:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-11 14:25 - 2015-07-15 11:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-08-11 14:25 - 2015-07-15 11:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-11 14:25 - 2015-07-15 11:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-11 14:25 - 2015-07-15 11:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-08-11 14:25 - 2015-07-15 11:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-11 14:25 - 2015-07-15 11:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-11 14:25 - 2015-07-15 11:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-08-11 14:25 - 2015-07-15 11:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-08-11 14:25 - 2015-07-15 11:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-11 14:25 - 2015-07-15 11:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-08-11 14:25 - 2015-07-15 11:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-08-11 14:25 - 2015-07-15 11:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-08-11 14:25 - 2015-07-15 11:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-08-11 14:25 - 2015-07-15 11:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-11 14:25 - 2015-07-15 11:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-08-11 14:25 - 2015-07-15 11:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-08-11 14:25 - 2015-07-15 11:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-08-11 14:25 - 2015-07-15 11:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-08-11 14:25 - 2015-07-15 10:46 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-08-11 14:25 - 2015-07-15 10:46 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-08-11 14:25 - 2015-07-15 10:46 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-08-11 14:25 - 2015-07-15 10:37 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-08-11 14:25 - 2015-07-15 10:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-08-11 14:25 - 2015-07-15 10:34 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-08-11 14:25 - 2015-07-15 10:34 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-11 14:25 - 2015-07-15 10:34 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-08-11 14:25 - 2015-07-15 10:34 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-08-11 14:25 - 2015-07-10 11:51 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-11 14:25 - 2015-07-10 11:51 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2015-08-11 14:25 - 2015-07-10 11:51 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-08-11 14:25 - 2015-07-10 11:34 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-08-11 14:25 - 2015-07-10 11:34 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-08-11 14:25 - 2015-07-10 11:33 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-08-11 14:22 - 2015-07-14 21:19 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-11 14:20 - 2015-07-20 18:39 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-08-11 14:20 - 2015-07-20 18:12 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-08-11 14:20 - 2015-07-16 14:54 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-08-11 14:20 - 2015-07-16 14:37 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-08-11 14:20 - 2015-07-16 14:36 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-08-11 14:20 - 2015-07-16 14:36 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-08-11 14:20 - 2015-07-16 14:36 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-08-11 14:20 - 2015-07-16 14:35 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-08-11 14:20 - 2015-07-16 14:35 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-08-11 14:20 - 2015-07-16 14:27 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-08-11 14:20 - 2015-07-16 14:26 - 05923328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-08-11 14:20 - 2015-07-16 14:26 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-08-11 14:20 - 2015-07-16 14:23 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-08-11 14:20 - 2015-07-16 14:21 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-08-11 14:20 - 2015-07-16 14:21 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-08-11 14:20 - 2015-07-16 14:21 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-08-11 14:20 - 2015-07-16 14:21 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-08-11 14:20 - 2015-07-16 14:12 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-08-11 14:20 - 2015-07-16 14:08 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-08-11 14:20 - 2015-07-16 14:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-08-11 14:20 - 2015-07-16 13:55 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-08-11 14:20 - 2015-07-16 13:54 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-08-11 14:20 - 2015-07-16 13:51 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-08-11 14:20 - 2015-07-16 13:51 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-08-11 14:20 - 2015-07-16 13:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-08-11 14:20 - 2015-07-16 13:50 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-08-11 14:20 - 2015-07-16 13:50 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-08-11 14:20 - 2015-07-16 13:49 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-08-11 14:20 - 2015-07-16 13:45 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-08-11 14:20 - 2015-07-16 13:43 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-08-11 14:20 - 2015-07-16 13:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-08-11 14:20 - 2015-07-16 13:41 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-08-11 14:20 - 2015-07-16 13:39 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-08-11 14:20 - 2015-07-16 13:39 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-08-11 14:20 - 2015-07-16 13:38 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-08-11 14:20 - 2015-07-16 13:36 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-08-11 14:20 - 2015-07-16 13:35 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-08-11 14:20 - 2015-07-16 13:34 - 14451200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-08-11 14:20 - 2015-07-16 13:33 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-08-11 14:20 - 2015-07-16 13:32 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-08-11 14:20 - 2015-07-16 13:29 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-08-11 14:20 - 2015-07-16 13:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-08-11 14:20 - 2015-07-16 13:20 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-08-11 14:20 - 2015-07-16 13:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-08-11 14:20 - 2015-07-16 13:17 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-08-11 14:20 - 2015-07-16 13:12 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-08-11 14:20 - 2015-07-16 13:12 - 02427904 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-08-11 14:20 - 2015-07-16 13:10 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-08-11 14:20 - 2015-07-16 13:06 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-08-11 14:20 - 2015-07-16 13:06 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-08-11 14:20 - 2015-07-16 13:05 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-08-11 14:20 - 2015-07-16 13:01 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-08-11 14:20 - 2015-07-16 12:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-08-11 14:20 - 2015-07-16 12:42 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-08-11 14:20 - 2015-07-16 12:38 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-08-11 14:20 - 2015-07-16 12:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-08-11 14:19 - 2015-07-30 12:06 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-08-11 14:19 - 2015-07-30 12:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-11 14:19 - 2015-07-30 12:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-11 14:19 - 2015-07-30 12:06 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-08-11 14:19 - 2015-07-30 12:06 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-11 14:19 - 2015-07-30 12:06 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-08-11 14:19 - 2015-07-30 12:06 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-08-11 14:19 - 2015-07-30 11:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-08-11 14:19 - 2015-07-30 11:57 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-08-11 14:19 - 2015-07-30 11:57 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-08-11 14:19 - 2015-07-30 11:57 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-08-11 14:19 - 2015-07-30 11:57 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-08-11 14:19 - 2015-07-30 11:55 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-08-11 14:19 - 2015-07-30 10:56 - 03208192 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-11 14:19 - 2015-07-30 10:52 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-11 14:19 - 2015-07-30 10:49 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-08-11 14:19 - 2015-07-20 12:12 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-08-11 14:19 - 2015-07-20 12:12 - 02606080 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-08-11 14:19 - 2015-07-20 12:12 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-08-11 14:19 - 2015-07-20 12:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-08-11 14:19 - 2015-07-20 12:12 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-08-11 14:19 - 2015-07-20 12:12 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-08-11 14:19 - 2015-07-20 12:12 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-08-11 14:19 - 2015-07-20 12:12 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-08-11 14:19 - 2015-07-20 12:12 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-08-11 14:19 - 2015-07-20 12:12 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-08-11 14:19 - 2015-07-20 12:12 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-08-11 14:19 - 2015-07-20 11:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-08-11 14:19 - 2015-07-20 11:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-08-11 14:19 - 2015-07-20 11:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-08-11 14:19 - 2015-07-20 11:56 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-08-11 14:19 - 2015-07-20 11:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-08-11 14:19 - 2015-07-14 21:19 - 02004992 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-08-11 14:19 - 2015-07-14 21:19 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-08-11 14:19 - 2015-07-14 21:14 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-08-11 14:19 - 2015-07-14 21:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-08-11 14:19 - 2015-07-14 20:55 - 01390592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-08-11 14:19 - 2015-07-14 20:55 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-08-11 14:19 - 2015-07-14 20:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-08-11 14:19 - 2015-07-14 20:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-08-11 14:19 - 2015-07-10 11:51 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-08-11 14:19 - 2015-07-10 11:34 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-08-11 14:19 - 2015-07-09 11:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-11 14:19 - 2015-07-09 11:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-11 14:19 - 2015-07-09 11:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2015-08-11 14:19 - 2015-07-01 14:49 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-11 14:19 - 2015-07-01 14:48 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-08-11 14:19 - 2015-07-01 14:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-08-11 14:19 - 2015-07-01 14:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2015-08-11 14:19 - 2015-05-09 12:26 - 00493504 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-07 19:50 - 2011-10-11 05:04 - 01612579 _____ C:\Windows\WindowsUpdate.log
2015-09-07 19:49 - 2009-07-13 23:13 - 00783424 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-07 19:47 - 2014-12-25 13:42 - 00000000 ____D C:\ProgramData\Origin
2015-09-07 19:45 - 2013-11-22 11:28 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-07 19:45 - 2011-10-11 05:40 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2015-09-07 19:45 - 2011-10-11 05:40 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2015-09-07 19:45 - 2011-10-11 05:29 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2015-09-07 19:45 - 2010-11-20 21:47 - 00277000 _____ C:\Windows\PFRO.log
2015-09-07 19:45 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-07 19:45 - 2009-07-13 22:51 - 00090295 _____ C:\Windows\setupact.log
2015-09-07 19:26 - 2012-08-09 15:41 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-09-07 19:19 - 2013-01-04 17:14 - 00000956 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1126028262-1166730891-630618919-1001UA.job
2015-09-07 19:03 - 2013-11-22 11:28 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-07 18:15 - 2011-12-01 00:48 - 00000000 ____D C:\Users\NorrisFamily\AppData\Local\Nero
2015-09-07 18:08 - 2009-07-13 22:45 - 00028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-07 18:08 - 2009-07-13 22:45 - 00028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-07 17:14 - 2015-06-22 19:13 - 00003484 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask
2015-09-07 16:19 - 2013-01-04 17:14 - 00000934 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1126028262-1166730891-630618919-1001Core.job
2015-09-06 10:26 - 2012-09-10 17:04 - 00000000 ____D C:\Users\NorrisFamily\AppData\Roaming\.minecraft
2015-09-05 14:25 - 2015-04-07 18:18 - 00000184 _____ C:\Users\NorrisFamily\Downloads\eula.txt
2015-09-05 09:53 - 2014-11-03 22:48 - 00001319 _____ C:\Users\NorrisFamily\Desktop\ROBLOX Player.lnk
2015-09-05 09:53 - 2013-08-14 20:30 - 00000000 ____D C:\Users\NorrisFamily\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2015-09-05 08:37 - 2014-06-26 11:16 - 00000000 ___RD C:\Users\NorrisFamily\Desktop\Boys
2015-09-04 09:39 - 2015-07-11 14:44 - 00000000 ____D C:\Users\NorrisFamily\Desktop\Quentins movie stuff
2015-09-03 17:30 - 2014-12-25 13:42 - 00000000 ____D C:\Program Files (x86)\Origin
2015-09-03 15:22 - 2013-11-22 11:29 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-09-01 19:39 - 2012-10-01 21:20 - 00028135 _____ C:\Users\NorrisFamily\Documents\Student lists.xlsx
2015-09-01 14:59 - 2015-02-16 23:14 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-08-29 11:28 - 2011-10-11 05:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2015-08-29 11:21 - 2015-04-07 18:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-08-28 10:58 - 2013-11-22 11:28 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-08-28 10:58 - 2013-11-22 11:28 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-08-26 17:57 - 2012-08-27 23:08 - 00000000 ____D C:\Users\NorrisFamily\AppData\Roaming\Skype
2015-08-12 15:36 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\rescache
2015-08-12 03:43 - 2009-07-13 22:45 - 00463160 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-12 03:42 - 2012-05-13 03:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-12 03:42 - 2012-05-13 03:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-08-12 03:40 - 2014-12-10 04:30 - 00000000 ____D C:\Windows\system32\appraiser
2015-08-12 03:40 - 2014-04-30 03:00 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-08-12 03:23 - 2012-05-13 03:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-12 03:20 - 2012-03-29 10:05 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-12 03:15 - 2009-07-13 20:34 - 00000545 _____ C:\Windows\win.ini
2015-08-12 03:14 - 2013-07-30 03:06 - 00000000 ____D C:\Windows\system32\MRT
2015-08-12 03:02 - 2012-02-17 21:42 - 132483416 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-08-11 14:27 - 2012-08-09 15:41 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-08-11 14:27 - 2012-06-30 23:33 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-08-11 14:27 - 2011-10-11 05:07 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2012-07-06 00:03 - 2014-07-17 17:24 - 0010752 _____ () C:\Users\NorrisFamily\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-12-13 14:49 - 2011-12-13 14:49 - 0000000 _____ () C:\ProgramData\4b64f1e4d9966fc0fc4f074fec89bcd4_c
2012-03-26 20:52 - 2012-03-26 20:57 - 0000831 _____ () C:\ProgramData\hpzinstall.log

Some files in TEMP:
====================
C:\Users\NorrisFamily\AppData\Local\Temp\ICReinstall_Skype_Setup.exe
C:\Users\NorrisFamily\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-09-01 10:34

==================== End of FRST.txt ============================
Attached Files
File Type: txt Addition.txt (46.6 KB, 22 views)
Norr_62 is offline  
Old 09-07-2015, 07:42 PM   #5
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello Norr_62. I hope you didn't think it was necessary to create 2 different accounts to have 2 machines cleaned from the same household.

------------------------------------------------------
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST64.exe
  • If asked to change 'Encoding:' to 'Unicode:', please agree and save it.

    NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    createrestorepoint:
    FirewallRules: [{F4F15355-E449-4CB1-8D17-63F18D33A551}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
    FirewallRules: [{A97ED4A1-2910-41C3-AB9A-0025AED6DEB7}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
    C:\Program Files\Common Files\mcafee
    FirewallRules: [{17DFCFFC-C298-43B7-A6FB-D452EE215233}] => (Allow) C:\Users\NorrisFamily\AppData\Local\Temp\7zS2A45\HPDiagnosticCoreUI.exe
    FirewallRules: [{979C83AE-F5D7-4C08-A25D-087870639E2B}] => (Allow) C:\Users\NorrisFamily\AppData\Local\Temp\7zS2A45\HPDiagnosticCoreUI.exe
    FirewallRules: [{4D004771-B3BB-4A3B-AFA9-E82F36DAC837}] => (Allow) C:\Users\NorrisFamily\AppData\Local\Temp\IMsetup.exe
    FirewallRules: [{B3BFE611-55B2-4108-9459-8A42B56F5FB3}] => (Allow) C:\Users\NorrisFamily\AppData\Local\Temp\IMsetup.exe
    HKLM\...\Run: [daugava] => C:\Program Files\daugava\Ejemidvlf.exe
    HKLM\...\Run: [daugava64] => C:\Program Files\daugava\Ejemidvlf64.exe
    C:\Program Files\daugava
    HKLM-x32\...\Run: [FAStartup] => [X]
    HKLM-x32\...\Run: [] => [X]
    FF NewTab: hxxp://mysearch.sweetpacks.com/?barid=79890939703080431061329885315450452091&src=97&crg=3.5000006.10058&ppd=&did=10729&st=23
    FF DefaultSearchUrl:
    FF Keyword.URL: hxxp://mysearch.sweetpacks.com?src=6&barid=79890939703080431061329885315450452091&crg=3.5000006.10058&ppd=&did=10729&st=23&q=
    FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre1.8.0_40\bin\new_plugin\npjp2.dll [No File]
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files (x86)\Virtual Earth 3D\ [No File]
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF SearchPlugin: C:\Users\NorrisFamily\AppData\Roaming\Mozilla\Profiles\15syqeiv.Default User\searchplugins\my-web-search.xml [2013-06-16]
    FF SearchPlugin: C:\Users\NorrisFamily\AppData\Roaming\Mozilla\Profiles\15syqeiv.Default User\searchplugins\sweetim.xml [2013-10-15]
    FF SearchPlugin: C:\Users\NorrisFamily\AppData\Roaming\Mozilla\Profiles\15syqeiv.Default User\searchplugins\Sweetpacks Search.xml [2013-10-15]
    FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\firefox.cfg [2015-08-27] <==== ATTENTION
    CHR HomePage: Default -> hxxp://mysearch.sweetpacks.com/?src=10&st=12&crg=3.5000006.10058&did=10729&barid=79890939703080431061329885315450452091
    CHR HKU\S-1-5-21-1126028262-1166730891-630618919-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - https://clients2.google.com/service/update2/crx
    EmptyTemp:
    end
  • Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 09-07-2015, 09:18 PM   #6
Registered Member
 
Join Date: Sep 2015
Posts: 17
OS: Windows 7



Thank you for your help. My wife thought we needed two accounts one for each computer, she is the one working on the laptop. I will tell her that so that tomorrow if anything is needed to be done she can come fix it too.


Fix result of Farbar Recovery Scan Tool (x64) Version:07-09-2015
Ran by NorrisFamily (2015-09-07 22:11:14) Run:1
Running from C:\Users\NorrisFamily\Downloads
Loaded Profiles: NorrisFamily (Available Profiles: UpdatusUser & NorrisFamily)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
createrestorepoint:
FirewallRules: [{F4F15355-E449-4CB1-8D17-63F18D33A551}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{A97ED4A1-2910-41C3-AB9A-0025AED6DEB7}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
C:\Program Files\Common Files\mcafee
FirewallRules: [{17DFCFFC-C298-43B7-A6FB-D452EE215233}] => (Allow) C:\Users\NorrisFamily\AppData\Local\Temp\7zS2A45\HPDiagnosticCoreUI.exe
FirewallRules: [{979C83AE-F5D7-4C08-A25D-087870639E2B}] => (Allow) C:\Users\NorrisFamily\AppData\Local\Temp\7zS2A45\HPDiagnosticCoreUI.exe
FirewallRules: [{4D004771-B3BB-4A3B-AFA9-E82F36DAC837}] => (Allow) C:\Users\NorrisFamily\AppData\Local\Temp\IMsetup.exe
FirewallRules: [{B3BFE611-55B2-4108-9459-8A42B56F5FB3}] => (Allow) C:\Users\NorrisFamily\AppData\Local\Temp\IMsetup.exe
HKLM\...\Run: [daugava] => C:\Program Files\daugava\Ejemidvlf.exe
HKLM\...\Run: [daugava64] => C:\Program Files\daugava\Ejemidvlf64.exe
C:\Program Files\daugava
HKLM-x32\...\Run: [FAStartup] => [X]
HKLM-x32\...\Run: [] => [X]
FF NewTab: hxxp://mysearch.sweetpacks.com/?barid=79890939703080431061329885315450452091&src=97&crg=3.5000006.10058&ppd=&did=10729&st=23
FF DefaultSearchUrl:
FF Keyword.URL: hxxp://mysearch.sweetpacks.com?src=6&barid=79890939703080431061329885315450452091&crg=3.5000006.10058&ppd=&did=10729&st=23&q=
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre1.8.0_40\bin\new_plugin\npjp2.dll [No File]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files (x86)\Virtual Earth 3D\ [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF SearchPlugin: C:\Users\NorrisFamily\AppData\Roaming\Mozilla\Profiles\15syqeiv.Default User\searchplugins\my-web-search.xml [2013-06-16]
FF SearchPlugin: C:\Users\NorrisFamily\AppData\Roaming\Mozilla\Profiles\15syqeiv.Default User\searchplugins\sweetim.xml [2013-10-15]
FF SearchPlugin: C:\Users\NorrisFamily\AppData\Roaming\Mozilla\Profiles\15syqeiv.Default User\searchplugins\Sweetpacks Search.xml [2013-10-15]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\firefox.cfg [2015-08-27] <==== ATTENTION
CHR HomePage: Default -> hxxp://mysearch.sweetpacks.com/?src=10&st=12&crg=3.5000006.10058&did=10729&barid=79890939703080431061329885315450452091
CHR HKU\S-1-5-21-1126028262-1166730891-630618919-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - https://clients2.google.com/service/update2/crx
EmptyTemp:
end
*****************

Restore point was successfully created.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F4F15355-E449-4CB1-8D17-63F18D33A551} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A97ED4A1-2910-41C3-AB9A-0025AED6DEB7} => value removed successfully
"C:\Program Files\Common Files\mcafee" => File/Folder not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{17DFCFFC-C298-43B7-A6FB-D452EE215233} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{979C83AE-F5D7-4C08-A25D-087870639E2B} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4D004771-B3BB-4A3B-AFA9-E82F36DAC837} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B3BFE611-55B2-4108-9459-8A42B56F5FB3} => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\daugava => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\daugava64 => value removed successfully
"C:\Program Files\daugava" => File/Folder not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\FAStartup => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
Firefox "newtab" removed successfully
Firefox DefaultSearchUrl removed successfully
Firefox "Keyword.URL" removed successfully
"HKLM\Software\MozillaPlugins\@java.com/JavaPlugin" => key removed successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
C:\Users\NorrisFamily\AppData\Roaming\Mozilla\Profiles\15syqeiv.Default User\searchplugins\my-web-search.xml => moved successfully
C:\Users\NorrisFamily\AppData\Roaming\Mozilla\Profiles\15syqeiv.Default User\searchplugins\sweetim.xml => moved successfully
C:\Users\NorrisFamily\AppData\Roaming\Mozilla\Profiles\15syqeiv.Default User\searchplugins\Sweetpacks Search.xml => moved successfully
C:\Program Files (x86)\mozilla firefox\firefox.cfg => moved successfully
Chrome HomePage removed successfully
"HKU\S-1-5-21-1126028262-1166730891-630618919-1001\SOFTWARE\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd" => key removed successfully
EmptyTemp: => 4.8 GB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 22:12:44 ====
Norr_62 is offline  
Old 09-08-2015, 03:31 AM   #7
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Norr_62. You're very welcome. How is the machine behaving now?

------------------------------------------------------

Please download ComboFix and Save it to your Desktop.

**Note: It is important that it is saved directly to your desktop**

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Get help here

Double-click ComboFix.exe and follow the prompts to run it.

Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

When finished, it shall produce a log for you. Please post that log, C:\ComboFix.txt, in your next reply.

Please re-enable your antivirus before posting the ComboFix.txt log.

Note: If you get an 'Illegal operation attempted on a Registry key which has been marked for deletion' error message, please open Task Manager and 'End Process' on explorer.exe

Next, go File > New Task(Run...) and type explorer then press 'Enter'.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 09-08-2015, 08:26 AM   #8
Registered Member
 
Join Date: Sep 2015
Posts: 17
OS: Windows 7



ComboFix 15-09-07.01 - NorrisFamily 08/09/2015 9:09.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8097.5381 [GMT -6:00]
Running from: c:\users\NorrisFamily\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Disabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\4b64f1e4d9966fc0fc4f074fec89bcd4_c
c:\programdata\PCDr\6664\AddOnDownloaded\06fda46e-43c1-481a-9eb2-9799f42e7f99.dll
c:\programdata\PCDr\6664\AddOnDownloaded\1eec01b0-8ca5-44d8-a311-9e7f96e586dd.dll
c:\programdata\PCDr\6664\AddOnDownloaded\41a30eb5-952e-4dbb-ae28-5f8aa6520aba.dll
c:\programdata\PCDr\6664\AddOnDownloaded\48b34bb5-ff90-4d9e-b894-efe9b9fb83df.dll
c:\programdata\PCDr\6664\AddOnDownloaded\7eb9d453-6936-472b-8a21-a9513eebbf65.dll
c:\programdata\PCDr\6664\AddOnDownloaded\9bd80958-c5f2-4f2f-aa6b-c45a01a4e97c.dll
c:\programdata\PCDr\6664\AddOnDownloaded\c27a8f9a-0718-4077-8610-9b1806d75bee.dll
c:\programdata\PCDr\6664\AddOnDownloaded\c502e200-e694-4725-9348-253ed2eac74c.dll
c:\programdata\Roaming
c:\users\NorrisFamily\AppData\Local\assembly\tmp
c:\users\NorrisFamily\g2mdlhlpx.exe
c:\windows\SysWow64\system
.
.
((((((((((((((((((((((((( Files Created from 2015-08-08 to 2015-09-08 )))))))))))))))))))))))))))))))
.
.
2015-09-08 15:15 . 2015-09-08 15:15 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2015-09-08 15:15 . 2015-09-08 15:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-09-08 01:49 . 2015-09-08 04:15 -------- d-----w- C:\FRST
2015-09-08 01:43 . 2015-09-08 01:44 -------- d-----w- C:\AdwCleaner
2015-09-07 22:28 . 2015-07-31 09:21 11745192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0AA92E40-B1BC-40DC-89A5-52999F3CB890}\mpengine.dll
2015-09-06 15:03 . 2015-07-31 09:21 11745192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-09-05 20:16 . 2015-09-05 20:20 -------- d-----w- c:\program files (x86)\Minecraft
2015-09-03 23:29 . 2015-09-03 23:30 -------- d-----w- c:\programdata\Package Cache
2015-09-03 21:31 . 2015-07-06 14:47 1190000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{741DB20D-061E-4898-98B9-9ABDC2A953F2}\gapaengine.dll
2015-09-01 20:59 . 2015-09-01 20:59 -------- d-----w- c:\program files\iPod
2015-09-01 20:59 . 2015-09-01 20:59 -------- d-----w- c:\program files\iTunes
2015-09-01 20:59 . 2015-09-01 20:59 -------- d-----w- c:\program files (x86)\iTunes
2015-08-29 17:28 . 2015-08-29 17:28 -------- d-----w- c:\program files (x86)\Dell Update
2015-08-19 09:00 . 2015-08-11 01:20 25191936 ----a-w- c:\windows\system32\mshtml.dll
2015-08-19 09:00 . 2015-08-11 01:14 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2015-08-19 09:00 . 2015-08-11 00:33 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2015-08-12 09:24 . 2015-07-30 13:13 103120 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 09:24 . 2015-07-30 13:13 124624 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-11 20:26 . 2015-08-11 20:26 9284296 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2015-08-11 20:22 . 2015-07-15 03:19 52736 ----a-w- c:\windows\system32\basesrv.dll
2015-08-11 20:19 . 2015-07-01 20:49 260096 ----a-w- c:\windows\system32\WebClnt.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-08-12 09:02 . 2012-02-18 03:42 132483416 ----a-w- c:\windows\system32\MRT.exe
2015-08-11 20:27 . 2012-07-01 05:33 778440 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-08-11 20:27 . 2011-10-11 11:07 142536 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-07-15 17:54 . 2015-08-11 20:25 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-07-06 14:47 . 2015-07-10 01:04 1190000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2015-07-05 10:08 . 2010-11-21 03:27 300704 ------w- c:\windows\system32\MpSigStub.exe
2015-07-04 18:07 . 2015-07-14 19:03 2087424 ----a-w- c:\windows\system32\ole32.dll
2015-07-04 17:48 . 2015-07-14 19:03 1414656 ----a-w- c:\windows\SysWow64\ole32.dll
2015-06-24 07:29 . 2015-06-24 07:29 1217192 ----a-w- c:\windows\SysWow64\FM20.DLL
2015-06-17 17:47 . 2015-07-14 19:06 404992 ----a-w- c:\windows\system32\gdi32.dll
2015-06-17 17:37 . 2015-07-14 19:06 312320 ----a-w- c:\windows\SysWow64\gdi32.dll
2015-06-15 21:50 . 2015-07-14 19:03 112064 ----a-w- c:\windows\system32\consent.exe
2015-06-15 21:45 . 2015-07-14 19:03 3242496 ----a-w- c:\windows\system32\msi.dll
2015-06-15 21:45 . 2015-07-14 19:03 504320 ----a-w- c:\windows\system32\msihnd.dll
2015-06-15 21:45 . 2015-07-14 19:03 1941504 ----a-w- c:\windows\system32\authui.dll
2015-06-15 21:45 . 2015-07-14 19:03 70656 ----a-w- c:\windows\system32\appinfo.dll
2015-06-15 21:44 . 2015-07-14 19:03 128000 ----a-w- c:\windows\system32\msiexec.exe
2015-06-15 21:43 . 2015-07-14 19:03 2364416 ----a-w- c:\windows\SysWow64\msi.dll
2015-06-15 21:43 . 2015-07-14 19:03 337408 ----a-w- c:\windows\SysWow64\msihnd.dll
2015-06-15 21:43 . 2015-07-14 19:03 1805824 ----a-w- c:\windows\SysWow64\authui.dll
2015-06-15 21:42 . 2015-07-14 19:03 73216 ----a-w- c:\windows\SysWow64\msiexec.exe
2015-06-15 21:42 . 2015-07-14 19:03 25088 ----a-w- c:\windows\system32\msimsg.dll
2015-06-15 21:37 . 2015-07-14 19:03 25088 ----a-w- c:\windows\SysWow64\msimsg.dll
2015-06-12 07:50 . 2015-07-03 15:22 12221144 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FC7200B9-5F12-4497-B9B1-40AEABA8CED9}\mpengine.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MyTomTomSA.exe"="c:\program files (x86)\MyTomTom 3\MyTomTomSA.exe" [2012-05-18 434168]
"EADM"="c:\program files (x86)\Origin\Origin.exe" [2015-09-03 3638256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"DELLOSD"="c:\program files (x86)\DELL\DELLOSD\FastUserSwitching.exe" [2010-12-06 49152]
"Chicony_OSD"="c:\program files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\LaunchOSDSrv.exe" [2011-01-13 53248]
"StickyNotesWidget"="c:\program files (x86)\Dell Touch Software Suite\StickyNotes\notes_startup_widgets.exe" [2011-03-18 666344]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2015-06-26 40336]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"NeroLauncher"="c:\program files (x86)\Nero\SyncUP\NeroLauncher.exe" [2012-02-07 66872]
"Tsa.exe"="c:\program files (x86)\TELUS\TELUS security advisor\Tsa.exe" [2010-12-16 4318520]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-23 150528]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2015-08-13 157968]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-11-13 2119488]
WDSmartWare.lnk - c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe View=show_in_tray [2009-11-13 9117504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Dell WMI Service;Dell WMI Service;c:\program files (x86)\DELL\DELLOSD\DellOSDService.exe;c:\program files (x86)\DELL\DELLOSD\DellOSDService.exe [x]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AMPPALP;Intel(R) Centrino(R) Bluetooth 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys;c:\windows\SYSNATIVE\DRIVERS\facap.sys [x]
R3 GamesAppIntegrationService;GamesAppIntegrationService;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]
R3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys;c:\windows\SYSNATIVE\drivers\pmxdrv.sys [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
S2 AMPPALR3;Intel® Centrino® Bluetooth 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 DellDataVault;Dell Data Vault;c:\program files\Dell\DellDataVault\DellDataVault.exe ;c:\program files\Dell\DellDataVault\DellDataVault.exe [x]
S2 DellDataVaultWiz;Dell Data Vault Wizard;c:\program files\Dell\DellDataVault\DellDataVaultWiz.exe;c:\program files\Dell\DellDataVault\DellDataVaultWiz.exe [x]
S2 DellUpdate;Dell Update Service;c:\program files (x86)\Dell Update\DellUpService.exe;c:\program files (x86)\Dell Update\DellUpService.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 OSDSvc;ChiconyOSDService;c:\program files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\OSDSrv.exe;c:\program files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\OSDSrv.exe [x]
S2 ServicepointService;ServicepointService;c:\program files (x86)\TELUS\TELUS security advisor\ServicepointService.exe;c:\program files (x86)\TELUS\TELUS security advisor\ServicepointService.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S2 SupportAssistAgent;Dell SupportAssist Agent;c:\program files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe;c:\program files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 WDDMService;WD SmartWare Drive Manager Service;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [x]
S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [x]
S3 AMPPAL;Intel(R) Centrino(R) Bluetooth 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 AVer7231_x64;AVerMedia 7231 capture service;c:\windows\system32\DRIVERS\AVer7231_x64.sys;c:\windows\SYSNATIVE\DRIVERS\AVer7231_x64.sys [x]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 DDDriver;DDDriver;c:\windows\system32\drivers\DDDriver64Dcsa.sys;c:\windows\SYSNATIVE\drivers\DDDriver64Dcsa.sys [x]
S3 DellProf;DellProf;c:\windows\system32\drivers\DellProf.sys;c:\windows\SYSNATIVE\drivers\DellProf.sys [x]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-09-03 21:20 997704 ----a-w- c:\program files (x86)\Google\Chrome\Application\45.0.2454.85\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-09-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-01 20:27]
.
2015-09-07 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1126028262-1166730891-630618919-1001Core.job
- c:\users\NorrisFamily\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-04 23:14]
.
2015-09-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1126028262-1166730891-630618919-1001UA.job
- c:\users\NorrisFamily\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-04 23:14]
.
2015-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-22 16:58]
.
2015-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-22 16:58]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-05-25 7214696]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-22 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-22 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-22 416024]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-05-02 1935120]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-03-30 10372368]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-04 1580368]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-04-30 1337000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254 75.153.176.9
FF - ProfilePath - c:\users\NorrisFamily\AppData\Roaming\Mozilla\Firefox\Profiles\tiqqnckt.default-1375305067190\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.startup.homepage -
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-09-08 09:16:19
ComboFix-quarantined-files.txt 2015-09-08 15:16
.
Pre-Run: 1,675,831,689,216 bytes free
Post-Run: 1,675,856,375,808 bytes free
.
- - End Of File - - F300FAFC002517D89C823C82044C58F4
Norr_62 is offline  
Old 09-08-2015, 09:26 AM   #9
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Norr_62. How is the machine behaving now? Let me know.

------------------------------------------------------

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Double-click mbam-setup-2.1.8.1057.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish
  • At the end of the installation, a database update will be performed.
  • Click on Scan Now
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Remove Selected to allow MBAM to clean what was detected.
  • In most cases, a restart will be required and a prompt will be shown.
  • Wait for the prompt to restart the computer to appear, then click on Yes
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double-click on the Scan Log which shows the Date and Time of the scan just performed.
  • Click Export
  • Click Text file (*.txt)
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named File Saved should appear stating "Your file has been successfully exported".
  • Click Ok
  • Post that saved log in your next reply.
------------------------------------------------------

Uninstall the following via the Programs and Features Panel (Start->(Settings)->Control Panel->Programs->Programs and Features):

Java 8 Update 40 (64-bit)

These are all outdated, and security risks by having them installed still. Reboot your computer once all those Java components are removed.

Going forward, Java will overwrite existing installs, so removing older versions should not be required after this.

In fact, you should be able to update your current Java, Java(TM) 8 Update 40, by going to Control Panel > Programs > Java (looks like a coffee cup). Click on the Update tab. On the lower right, click on Update Now. An update should begin. Allow the install of the new Java.

Make sure you untick the box next to whatever free program they prompt you to install, unless you want it.
  • After the install is complete, go back to your Control Panel and click the Java icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button.
    • There are two options checked in the window to clear the cache - Leave BOTH Checked
      • Cached Applications and Applets
      • Trace and Log Files
    • Click OK on Delete Temporary Files Window.
      Note: This deletes ALL the Downloaded Cached Applications and Applets from the CACHE
    • Click OK to leave the Temporary Files Window.
    • Click OK to leave the Java Control Panel.
------------------------------------------------------

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

In Microsoft Windows Vista/Win7, you must open the Web browser via a right-click using the Run as administrator command.

Go here and click 'Run ESET Online Scanner'.
  • If you are not using Internet Explorer, double-click esetsmartinstaller_enu.exe to install it, then click 'Run'.
  • Turn off the real-time scanner of any existing antivirus program while performing the online scan. Here's how
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • If using Internet Explorer, allow the ActiveX control to install when asked.
  • Once the components have downloaded, tick the option Enable detection of potentially unwanted applications
  • Click on Advanced Settings
  • Make sure that the option Remove found threats is unticked.
  • Ensure these options are ticked:
    • Scan Archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Next to 'Current scan targets: Operating memory, Local drives', click the Change... button.
  • Tick all the boxes that correspond to your external/inserted drives.
  • Click Start
  • Wait for the scan to finish.
  • When the scan is done, if it shows a screen that says "Threats found!", click "List of found threats", and then click "Export to text file..."
  • Save that text file to your desktop, and then copy/paste the contents in your next reply.
------------------------------------------------------

Please post the following in your next reply:

MBAM log
ESET report
report on system behavior
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 09-08-2015, 04:28 PM   #10
Registered Member
 
Join Date: Sep 2015
Posts: 17
OS: Windows 7



This seems to be working great the popup hell we were in is no longer happening


Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 08/09/2015
Scan Time: 2:48 PM
Logfile: mallog.txt
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.09.08.06
Rootkit Database: v2015.08.16.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: NorrisFamily

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 455215
Time Elapsed: 10 min, 44 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 3
PUP.Optional.Shopperz.BrwsrFlsh, HKLM\SOFTWARE\daugava, Quarantined, [2a4c05286823d95dc898730527ddd828],
PUP.Optional.Shopperz.BrwsrFlsh, HKLM\SOFTWARE\WOW6432NODE\daugava, Quarantined, [3244f7368a01e74ffa666018b94b04fc],
PUP.Optional.MindSpark, HKU\S-1-5-21-1126028262-1166730891-630618919-1000\SOFTWARE\APPDATALOW\SOFTWARE\VideoDownloadConverter_4z, Quarantined, [81f5f03d8803ed491cc6118dea1a53ad],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 4
PUP.Optional.RegCleanerPro, C:\Users\NorrisFamily\Downloads\rcpmmnew_mynew40945-20lptz366iAqqTTc3LFRsx1uOeFD000..exe, Quarantined, [a8ce9598b7d4ab8b5dd834ae6a96a55b],
PUP.Optional.InstallCore, C:\Users\NorrisFamily\Downloads\Skype_Setup.exe, Quarantined, [32442b028b009e98f111613a7392bb45],
PUP.Optional.SofTonic, C:\Users\NorrisFamily\Downloads\SoftonicDownloader_for_santa-countdown.exe, Quarantined, [d2a40924315a5fd727ff1aa539c8e917],
PUP.Optional.SweetIM, C:\Windows\Installer\1d73be.msi, Quarantined, [23539a93117a39fd942a91f94bbabe42],

Physical Sectors: 0
(No malicious items detected)


(end)

C:\AdwCleaner\Quarantine\C\Program Files\daugava\csrcc.exe.vir a variant of Win32/Toolbar.Perion.R potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\daugava\Dpfvedc.dll.vir a variant of Win32/Toolbar.Perion.M potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\daugava\Dpfvedc64.dll.vir a variant of Win64/Toolbar.Perion.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\daugava\Ejemidvlf.exe.vir a variant of Win32/Toolbar.Perion.N potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\daugava\Ejemidvlf64.exe.vir a variant of Win64/Toolbar.Perion.F potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\daugava\Eqxlolnp.dll.vir a variant of Win32/Toolbar.Perion.Q potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\daugava\Esrqqdf.dll.vir a variant of Win32/Toolbar.Perion.V potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\daugava\Esrqqdf64.dll.vir a variant of Win64/Toolbar.Perion.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\daugava\gcpum.dll.vir Win32/Fingprint.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\daugava\Tuugvuiog.dll.vir a variant of Win32/Toolbar.BitCocktail.C potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\daugava\Tuugvuiog64.dll.vir a variant of Win64/Toolbar.Perion.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\daugava\Upbgbeie.exe.vir a variant of Win32/Toolbar.Perion.V potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\daugava\Weekfqwb.exe.vir a variant of Win32/Toolbar.Perion.V potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\daugava\Wqzaon.dll.vir a variant of Win32/Toolbar.Perion.V potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\daugava\Wqzaon64.dll.vir a variant of Win64/Toolbar.Perion.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\daugava\Firefox\{f179b4aa-3249-4e0e-a45a-8519d6bcd424}.xpi.vir Win32/Toolbar.Perion.K potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\daugava\Firefox\chrome\content\main.js.vir Win32/Toolbar.Perion.K potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Updater By SweetPacks\Extension32.dll.vir a variant of Win32/Toolbar.Perion.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Updater By SweetPacks\Extension64.dll.vir a variant of Win64/Toolbar.Perion.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe.vir a variant of Win32/Toolbar.BitCocktail.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Updater By SweetPacks\InstallerHelper.dll.vir a variant of Win32/Toolbar.BitCocktail.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Updater By SweetPacks\Firefox\chrome\content\main.js.bak.vir Win32/Toolbar.Perion.K potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Updater By SweetPacks\Firefox\chrome\content\main.js.vir Win32/Toolbar.Perion.K potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\ClearHist.exe.vir a variant of Win32/SweetIM.L potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgcommon.dll.vir a variant of Win32/SweetIM.L potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgconfig.dll.vir a variant of Win32/SweetIM.L potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dll.vir a variant of Win32/SweetIM.L potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe.vir a variant of Win32/SweetIM.L potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mghooking.dll.vir a variant of Win32/SweetIM.L potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mglogger.dll.vir a variant of Win32/SweetIM.L potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgsimcommon.dll.vir a variant of Win32/SweetIM.L potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll.vir a variant of Win32/SweetIM.L potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll.vir a variant of Win32/SweetIM.L potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgxml_wrapper.dll.vir a variant of Win32/SweetIM.L potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Yontoo\OptChrome.exe.vir Win32/Adware.Yontoo.G application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Yontoo\YontooIEClient.dll.vir a variant of Win32/Adware.Yontoo.A application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Yontoo\YontooLayers.crx.vir multiple threats
C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application
C:\AdwCleaner\Quarantine\C\Users\NorrisFamily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.4_0\back.js.vir JS/Adware.Yontoo.B application
C:\AdwCleaner\Quarantine\C\Users\NorrisFamily\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.4_0\yl.js.vir JS/Adware.Yontoo.A application
C:\AdwCleaner\Quarantine\C\Windows\Sysnative\roboot64.exe.vir a variant of Win64/Systweak.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Windows\Sysnative\drivers\cherimoya.sys.vir a variant of Win64/NetFilter.A potentially unsafe application
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSS.exe a variant of Win32/Systweak.L potentially unwanted application
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSHelper.dll a variant of Win32/Systweak.N potentially unwanted application
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSPrivacyProtector.exe a variant of Win32/Systweak.L potentially unwanted application
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe a variant of Win32/Systweak potentially unwanted application
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegistryOptimizer.exe a variant of Win32/Systweak.L potentially unwanted application
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSSystemCleaner.exe a variant of Win32/Systweak.L potentially unwanted application
C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application
Norr_62 is offline  
Old 09-08-2015, 05:34 PM   #11
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Norr_62. Glad to hear it. Most of the ESET finds have already been quarantined by AdwCleaner. Those will get deleted later.

The Dell DataSafe finds are false positives by ESET.

------------------------------------------------------

We don't recommend using those reg cleaning utilities from WinZip.

Open Notepad and copy/paste the entire contents of the codebox below into Notepad:

Code:
@echo off
if exist "%temp%\log.txt" del "%temp%\log.txt"

for %%g in (

"C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSS.exe"
"C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSHelper.dll"
"C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSPrivacyProtector.exe"
"C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe"
"C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegistryOptimizer.exe"
"C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSSystemCleaner.exe"

) do (
del /a/f/q %%g >nul 2>&1
if exist %%g echo.%%~g>>"%temp%\log.txt"
)


if exist "%temp%\log.txt" ( start notepad "%temp%\log.txt"
) else echo.Deleted Successfully !!

pause
del %0
Save this Notepad file as fix.bat and choose to Save as type: - All Files then close the Notepad file.
It should look like this:

Right-click on fix.bat and choose 'Run as administrator' to allow it to run.

Tell me what it says in your next reply. Press any key to continue.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 09-08-2015, 08:04 PM   #12
Registered Member
 
Join Date: Sep 2015
Posts: 17
OS: Windows 7



Ok it did say run as admin
just opened to press any key and a log.txt opened with this

C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSS.exe
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSHelper.dll
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSPrivacyProtector.exe
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegistryOptimizer.exe
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSSystemCleaner.exe
Norr_62 is offline  
Old 09-09-2015, 03:02 AM   #13
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Norr_62.

Press the Windows "logo" key and "R" key then copy/paste the following single-line command into the Run box and click OK:

cmd /c rd /s /q "C:\Program Files\WinZip\Utils\WzSysScan"

A DOS window will open and close again, this is normal.

------------------------------------------------------

Navigate to this folder:

C:\Program Files\WinZip\Utils\WzSysScan

Does the folder still exist?

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 09-09-2015, 04:58 AM   #14
Registered Member
 
Join Date: Sep 2015
Posts: 17
OS: Windows 7



The dos window will not stay open for me to type anything it flashes and disappears
and if I type C:\Program Files\WinZip\Utils\WzSysScan into search there are no results but the file is there when I go to it
Norr_62 is offline  
Old 09-09-2015, 10:05 AM   #15
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Norr_62. You don't type(or paste) into the DOS window.

You paste the command into the Run box...

Press the Windows "logo" key and "R" key then copy/paste the following single-line command into the Run box and click OK:

cmd /c rd /s /q "C:\Program Files\WinZip\Utils\WzSysScan"

A DOS window will open and close again, this is normal.

------------------------------------------------------

Navigate to this folder:

C:\Program Files\WinZip\Utils\WzSysScan

Does the folder still exist? If so, right-click then delete it. Let me know if you were successful.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 09-09-2015, 10:46 AM   #16
Registered Member
 
Join Date: Sep 2015
Posts: 17
OS: Windows 7



Ok maybe a stupid question Do I just delete the WzsysScan file or the winzip part too?

I didnt type in the dos
Norr_62 is offline  
Old 09-09-2015, 12:52 PM   #17
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Please right-click the WzSysScan folder and delete it:

C:\Program Files\WinZip\Utils\WzSysScan

Let me know.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 09-09-2015, 01:07 PM   #18
Registered Member
 
Join Date: Sep 2015
Posts: 17
OS: Windows 7



Deleted
Norr_62 is offline  
Old 09-09-2015, 03:47 PM   #19
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Congratulations. Well done! Your logs appear clean. You should be good to go.

Please disable Security Essentials before uninstalling ComboFix and then re-enable it after doing so.

Press the Windows "logo" key and "R" key and Copy/Paste the following single-line command into the Run box and click OK:

combofix /uninstall

This will uninstall ComboFix and delete ComboFix's quarantine folder. It will also implement some cleanup procedures, remove old System Restore Points which contain previous infections, and create a fresh, clean System Restore Point.

Please re-enable your antivirus program and any other antispyware programs disabled earlier if you haven't already.
  • Run AdwCleaner and select Uninstall
  • Confirm by clicking Yes
------------------------------------------------------

Press the Windows "logo" key and "R" key then copy/paste the following single-line command into the Run box and click OK:

cmd /c rd /s /q "C:\FRST"

A DOS window will open and close again, this is normal.

------------------------------------------------------

You can safely delete any tools downloaded or any logs, files, and any shortcuts on your desktop that were created during this fix.

Keep MBAM, update and run a Quick Scan weekly.

Empty your Recycle Bin if it does not do so automatically.

------------------------------------------------------

MICROSOFT UPDATES
It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft and download all the critical updates to help prevent possible re-infection.

------------------------------------------------------

Make sure you backup your system, so possible reformatting in the future isn't necessary:

Support - Windows Help

------------------------------------------------------

SPYWARE PREVENTION
In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read this well written article: To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware, or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an add-on available for IE, Firefox, and Chrome.
  • MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is the IP of your local computer. See guide here and for Windows 7 here
Keep your antivirus program and antispyware programs updated and scan with them on a regular basis.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 09-09-2015, 06:37 PM   #20
Registered Member
 
Join Date: Sep 2015
Posts: 17
OS: Windows 7



  • MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is the IP of your local computer. See guide here and for Windows 7 here
It wont let me right click to run as admin to be able to put this part in
Norr_62 is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 03:14 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts