Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

virus suspected, not found.

This is a discussion on virus suspected, not found. within the Resolved HJT Threads forums, part of the Tech Support Forum category. Hi, I have a SERIOUS problem. I can't start my windows 7 without multiple instances of /windows/sytem32/cmd.exe and mspaint.exe cascading


 
 
Thread Tools Search this Thread
Old 06-09-2015, 04:22 PM   #1
Registered Member
 
Join Date: Jan 2009
Location: Midwest
Posts: 12
OS: /Ubuntu Linux/Windows 7


Send a message via Yahoo to todd93

Hi, I have a SERIOUS problem. I can't start my windows 7 without multiple instances of /windows/sytem32/cmd.exe and mspaint.exe cascading accross my screen. my screen also fades in and out form solid red, back to normal, can't shut down, can't function. It does not do this in safe mode. I am typing this post in Ubuntu Linux, as I really have little need for Windows, but do need it for some things. I have run numerous virus scans, last one being a full system scan today by Avast, nothing was found. I have cleaned the malware, not sure what to do now, any and all help would be deeply appreciated.

Thanks

Todd
todd93 is offline  
Sponsored Links
Advertisement
 
Old 06-10-2015, 03:33 PM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Have you tried 'Repair your computer' > 'Startup Repair'?

From Safe Mode with Networking...

Please download AdwCleaner from here and save it to your desktop.
  • Do NOT click the green 'Download' button(if visible).
  • Click the blue 'Download now @bleepingcomputer' button.
  • Run AdwCleaner and select Scan
  • Once the Scan is done, select Cleaning
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[S#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.
If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 06-10-2015, 05:35 PM   #3
Registered Member
 
Join Date: Jan 2009
Location: Midwest
Posts: 12
OS: /Ubuntu Linux/Windows 7


Send a message via Yahoo to todd93

Okay, the results of adwcleaner[s0].txt:

# AdwCleaner v4.206 - Logfile created 11/06/2015 at 00:00:33
# Updated 01/06/2015 by Xplode
# Database : 2015-06-09.1 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x64)
# Username : Todd - FRANKENSTEIN-JR
# Running from : C:\Users\Todd\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****

[#] Service Deleted : BCUService
[#] Service Deleted : YahooAUService

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\blekko toolbars
Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\driver whiz
Folder Deleted : C:\ProgramData\Kromtech
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WeatherBug®
Folder Deleted : C:\Program Files (x86)\DeviceVM
Folder Deleted : C:\Program Files (x86)\Mobogenie
Folder Deleted : C:\Program Files (x86)\Optimizer Pro
Folder Deleted : C:\Program Files (x86)\Common Files\Software Update Utility
Folder Deleted : C:\Users\Todd\AppData\Local\Temp\AirInstaller
Folder Deleted : C:\Users\Todd\AppData\Local\Temp\AskSearch
Folder Deleted : C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\SearchProtect
Folder Deleted : C:\Program Files\Earth Networks
Folder Deleted : C:\Users\Todd\AppData\Local\apn
Folder Deleted : C:\Users\Todd\AppData\Local\genienext
Folder Deleted : C:\Users\Todd\AppData\Local\Mobogenie
Folder Deleted : C:\Users\Todd\AppData\Local\NativeMessaging
Folder Deleted : C:\Users\Todd\AppData\Local\Kromtech
Folder Deleted : C:\Users\Todd\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Todd\AppData\LocalLow\HPAppData
Folder Deleted : C:\Users\Todd\AppData\Roaming\ARecEngine
Folder Deleted : C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
Folder Deleted : C:\Users\Todd\Documents\Mobogenie
Folder Deleted : C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
File Deleted : C:\END
File Deleted : C:\Windows\Reimage.ini
File Deleted : C:\Users\Todd\AppData\Local\Temp\uninstaller.exe
File Deleted : C:\Users\Todd\daemonprocess.txt
File Deleted : C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Start Menu\WeatherBug®.lnk
File Deleted : C:\Users\Todd\Desktop\WeatherBug®.lnk
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\nsprotector.js
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.xpt
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.xpt
File Deleted : C:\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\1bezfscc.default\searchplugins\aol-web-search.xml
File Deleted : C:\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\1bezfscc.default\searchplugins\yahoo_ff.xml
File Deleted : C:\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\j890nl6f.Default User\searchplugins\yahoo_ff.xml
File Deleted : C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_lp.sweetim.com_0.localstorage
File Deleted : C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_lp.sweetim.com_0.localstorage-journal

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Classes\pokki
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\conduit.com
Key Deleted : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\Superfish - Visual Search and Image Recognition
Key Deleted : HKLM\SOFTWARE\Classes\AddressBarSearch.SearchHook
Key Deleted : HKLM\SOFTWARE\Classes\AddressBarSearch.SearchHook.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder
Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [BCU]
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ask.com
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1663C10B-0D55-438D-8496-19A3DBAEC0E4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{77AA6435-2488-4A94-9FE5-49519DD2ED9B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{31111111-1111-1111-1111-110111991162}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DeviceVM
Key Deleted : HKCU\Software\Headlight
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Myfree Codec
Key Deleted : HKCU\Software\SearchProtect
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\SpeedBit
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Freecause
Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainerV2
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\DeviceVM
Key Deleted : HKLM\SOFTWARE\Headlight
Key Deleted : HKLM\SOFTWARE\InfoAtoms
Key Deleted : HKLM\SOFTWARE\Myfree Codec
Key Deleted : HKLM\SOFTWARE\PIP
Key Deleted : HKLM\SOFTWARE\SpeedBit
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5B363E1D-8C36-4458-BAE4-D5081999E094}
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17801

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v23.0.1 (en-US)

[1bezfscc.default\prefs.js] - Line Deleted : user_pref("aol_toolbar.surf.date", "503");
[1bezfscc.default\prefs.js] - Line Deleted : user_pref("aol_toolbar.surf.lastDate", "10");
[1bezfscc.default\prefs.js] - Line Deleted : user_pref("aol_toolbar.surf.lastMonth", "1");
[1bezfscc.default\prefs.js] - Line Deleted : user_pref("aol_toolbar.surf.lastYear", "2013");
[1bezfscc.default\prefs.js] - Line Deleted : user_pref("aol_toolbar.surf.month", "2383");
[1bezfscc.default\prefs.js] - Line Deleted : user_pref("aol_toolbar.surf.prevMonth", "425");
[1bezfscc.default\prefs.js] - Line Deleted : user_pref("aol_toolbar.surf.total", "23533");
[1bezfscc.default\prefs.js] - Line Deleted : user_pref("aol_toolbar.surf.week", "503");
[1bezfscc.default\prefs.js] - Line Deleted : user_pref("aol_toolbar.surf.year", "2807");
[1bezfscc.default\prefs.js] - Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"I[...]
[1bezfscc.default\prefs.js] - Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");
[1bezfscc.default\prefs.js] - Line Deleted : user_pref("extentions.y2layers.installId", "cc7014ca-16f1-462a-ac58-7a1a4d6a08bb");
[1bezfscc.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaulturl", "hxxp://search.winamp.com/search/search?query={searchTerms}&invocationType=winamp-ff&s_qt=sb&tb_uuid=20120525100905472&tb_oid=25-05-2012[...]
[1bezfscc.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&s_qt=ab&s_it=winamp-ff&tb_uuid=20120525100905472&tb_oid=25-05-2012&tb_mrud=16-01-20[...]
[j890nl6f.Default User\prefs.js] - Line Deleted : user_pref("browser.startup.homepage", "hxxps://search.yahoo.com/?type=926458&fr=spigot-yhp-ff");

-\\ Google Chrome v

[C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN15003589231286823&ctid=CT3309656&UM=2
[C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [12483 bytes] - [10/06/2015 23:57:52]
AdwCleaner[S0].txt - [12340 bytes] - [11/06/2015 00:00:33]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [12400 bytes] ##########
todd93 is offline  
Sponsored Links
Advertisement
 
Old 06-10-2015, 05:37 PM   #4
Registered Member
 
Join Date: Jan 2009
Location: Midwest
Posts: 12
OS: /Ubuntu Linux/Windows 7


Send a message via Yahoo to todd93

Now addition.txt:

Additional scan result of Farbar Recovery Scan Tool (x64) Version:08-06-2015
Ran by Todd at 2015-06-11 00:32:31
Running from C:\Users\Todd\Desktop
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2657733958-4276116067-3132349266-500 - Administrator - Disabled)
Colleen (S-1-5-21-2657733958-4276116067-3132349266-1004 - Administrator - Enabled) => C:\Users\Colleen
Guest (S-1-5-21-2657733958-4276116067-3132349266-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2657733958-4276116067-3132349266-1006 - Limited - Enabled)
Todd (S-1-5-21-2657733958-4276116067-3132349266-1000 - Administrator - Enabled) => C:\Users\Todd

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

@BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.08 - GIGABYTE)
1600 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
1600_Help (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden
1600Trb (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden
18 Wheels of Steel Big City Rigs (HKLM-x32\...\{16695BBA-E0BE-4590-A7D7-C5C8D6279A28}) (Version: 1.00.0000 - Valusoft)
18 WoS Extreme Trucker (HKLM-x32\...\{E406717D-FDE3-477D-972F-6A162F512E1C}) (Version: 1.00.0000 - Valusoft)
360GamesPatcher (Client setup) (HKU\S-1-5-21-2657733958-4276116067-3132349266-1000\...\360GAMESPATCHERCLT) (Version: - )
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
6500_E709_eDocs (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
abgx360 v1.0.6 (HKLM-x32\...\abgx360) (Version: - )
AC3Filter (remove only) (HKLM-x32\...\AC3Filter) (Version: - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)
Adobe Creative Suite 5 Design Premium (HKLM-x32\...\{A1BC7068-C1BA-410F-8B9A-DB807C803DE2}) (Version: 5.0 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.6.606 - Adobe Systems, Inc.)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 2.0 Build 230 - Adobe Systems Incorporated.)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
AIO_CDB_ProductContext (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_CDB_Software (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_Scan (x32 Version: 130.0.421.000 - Hewlett-Packard) Hidden
AMD Catalyst Install Manager (HKLM\...\{F02E145C-56BD-9AED-7816-9067D84A8D28}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}) (Version: 2.1.7 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}) (Version: 5.1.1.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.)
Argente Utilities 1.0.4.0 (HKLM-x32\...\Argente Utilities_is1) (Version: 1.0.4.0 - Argente Software)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.11 Beta2 - Michael Tippach)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.3.0 - Asmedia Technology)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.3.4.000 - Asmedia Technology)
ATI AVIVO64 Codecs (Version: 10.7.0.40702 - ATI Technologies Inc.) Hidden
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Audiokinetic Wwise v2010.3.3 build 3773 (HKLM-x32\...\{AB2AF914-D497-48C6-A093-7AF11FFAEC7A}) (Version: 2010.3.3 - Audiokinetic Inc.)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2018 - Avast Software)
AVIcodec (remove only) (HKLM-x32\...\AVIcodec) (Version: - )
Big Fish Games Client (HKLM-x32\...\BFGC) (Version: 1.2.5.17 - )
Bing Bar (HKLM-x32\...\{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}) (Version: 7.1.361.0 - Microsoft Corporation)
Bluefish 2.2.4 (HKLM-x32\...\Bluefish) (Version: 2.2.4 - The Bluefish Developers)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
Bridge Builder (HKLM-x32\...\Bridge Builder) (Version: - )
Bridge Construction Set Demo 1.39 (HKLM-x32\...\Bridge Construction Set Demo_is1) (Version: - Chronic Logic LLC)
Bridge It 1.2.1 (HKLM-x32\...\Bridge It_is1) (Version: - Chronic Logic LLC)
Bridge It Demo 1.2 (HKLM-x32\...\Bridge It Demo_is1) (Version: - Chronic Logic LLC)
BUFFALO AirStation 300Mbps Mode Setting (Uninstallation) (HKLM-x32\...\UN900120) (Version: - )
BUFFALO Client Manager V (HKLM-x32\...\UN900119) (Version: - )
BufferChm (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
BurnAware Free 3.1.1 (HKLM-x32\...\BurnAware Free_is1) (Version: - Burnaware Technologies)
Cabela's Trophy Bucks (HKLM-x32\...\{D17C4B85-A12C-442F-81A6-21EAB64F014A}) (Version: 1.00.0000 - Activision Value)
CANON iMAGE GATEWAY MyCamera Download Plugin (HKLM-x32\...\MyCamera Download Plugin) (Version: 3.1.1.2 - Canon Inc.)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM-x32\...\CANON iMAGE GATEWAY Task) (Version: 1.9.0.9 - Canon Inc.)
Canon MOV Decoder (HKLM-x32\...\Canon MOV Decoder) (Version: 1.8.0.7 - Canon Inc.)
Canon MOV Encoder (HKLM-x32\...\Canon MOV Encoder) (Version: 1.6.0.1 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.7.0.4 - Canon Inc.)
Canon Utilities Digital Photo Professional 3.10 (HKLM-x32\...\DPP) (Version: 3.10.2.0 - Canon Inc.)
Canon Utilities EOS Sample Music (HKLM-x32\...\EOS Sample Music) (Version: 1.0.0.204 - Canon Inc.)
Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 2.10.2.0 - Canon Inc.)
Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX (HKLM-x32\...\EOS Video Snapshot Task) (Version: 1.0.0.10 - Canon Inc.)
Canon Utilities Movie Uploader for YouTube (HKLM-x32\...\MovieUploaderForYouTube) (Version: 1.2.0.7 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.9.0.0 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.7.0.24 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.5.0.9 - Canon Inc.)
ccc-core-static (x32 Version: 2009.0702.1239.20840 - ATI) Hidden
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.3.8.2568 - CDBurnerXP)
Cooking Quest (HKLM-x32\...\Cooking Quest) (Version: 1.0 - Game Mill Entertainment)
Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
DocMgr (x32 Version: 130.0.000.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 140.0.100.000 - Hewlett-Packard) Hidden
Download Accelerator Plus (DAP) (HKLM-x32\...\Download Accelerator Plus (DAP)) (Version: 9305 (Build 1062) - Speedbit Ltd.)
Dropbox (HKU\S-1-5-21-2657733958-4276116067-3132349266-1000\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
DVDFab 8.0.7.3 (29/01/2011) (HKLM-x32\...\DVDFab 8_is1) (Version: - Fengtao Software Inc.)
DVDFab 8.1.7.5 (07/04/2012) Qt (HKLM-x32\...\DVDFab 8 Qt_is1) (Version: - Fengtao Software Inc.)
DVDx 2 (HKLM-x32\...\{4EC8B911-98AB-4819-B5EE-D32E8A0A8AAA}_is1) (Version: 2.20 - labDV®)
EasySaver B9.0904.1 (HKLM-x32\...\{07300F01-89CA-4CF8-92BD-2A605EB83C95}) (Version: 1.00.0000 - Gigabyte)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
e-Sword (HKLM-x32\...\{9B7BB2DA-EF1A-45EF-9101-093C06C6AB2D}) (Version: 9.09.0000 - Rick Meyers)
Ext2Fsd 0.53 (HKLM\...\Ext2Fsd_is1) (Version: 0.53 - Matt Wu)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Fax (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
ffdshow v1.1.3771 [2011-03-07] (HKLM-x32\...\ffdshow_is1) (Version: 1.1.3771.0 - )
FileZilla Client 3.6.0.2 (HKLM-x32\...\FileZilla Client) (Version: 3.6.0.2 - FileZilla Project)
Free Easy Burner V 4.4.1 (HKLM-x32\...\Free Easy Burner_is1) (Version: 4.4.1.0 - Koyote soft)
Free Window Registry Repair (HKLM-x32\...\Free Window Registry Repair) (Version: - )
Gamer HUD Lite (HKLM-x32\...\{8FE4D086-63BD-44EB-882C-C7EA5A1EF016}) (Version: 1.00.0000 B0900812 - GIGABYTE)
GetRight (HKLM-x32\...\GetRight_is1) (Version: - Headlight Software, Inc.)
Gigabyte Raid Cinfigurer (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.00.0001 - GIGABYTE Technologies, Inc.)
Google Chrome (HKU\S-1-5-21-2657733958-4276116067-3132349266-1000\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)
Google Chrome Extension Updater 1.12.02 (HKLM\...\{68F250EA-9638-4DCF-96C4-D68CC340EC48}) (Version: 1.12.02 - Alactro LLC) <==== ATTENTION
Google Drive (HKLM-x32\...\{CBC9F5FD-5CFA-4A33-81CD-369EAB77E3A6}) (Version: 1.22.9403.0223 - Google, Inc.)
Google Earth (HKLM-x32\...\{4286E640-B5FB-11DF-AC4B-005056C00008}) (Version: 5.2.1.1588 - Google)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
HandBrake 0.9.5 (HKLM-x32\...\HandBrake) (Version: 0.9.5 - )
Hauppauge WinTV 7 (HKLM-x32\...\Hauppauge WinTV 7) (Version: 7.0.28130 - Hauppauge Computer Works)
Hewlett-Packard ACLM.NET v1.1.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
Hidden Mysteries Buckingham Palace (HKLM-x32\...\Hidden Mysteries Buckingham Palace) (Version: 1.0 - Game Mill Entertainment)
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Officejet 6500 E709 Series (HKLM\...\{58D79E62-CFC8-4331-8469-3A1B16E1769C}) (Version: 14.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B (HKLM\...\{B61ED343-0B14-4241-999C-490CB1A20DA4}) (Version: 13.0 - HP)
HP Product Detection (HKLM-x32\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Support Solutions Framework (HKLM-x32\...\{FC3C2B77-6800-48C6-A15D-9D1031130C16}) (Version: 11.51.0049 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Hunting Unlimited 2010 (HKLM-x32\...\Hunting Unlimited 2010_is1) (Version: - Games Of The Month)
HydraVision (x32 Version: 4.2.108.0 - ATI Technologies Inc.) Hidden
IceChat 7.63 (Build 20080417) (HKLM-x32\...\IceChat_is1) (Version: 7.63 - IceChat Networks)
IconMan_R (HKLM-x32\...\{200B7FEE-D7A7-44B0-B0C5-56346B3CDB62}) (Version: 1.20 - Realtek Semiconductor Corp.)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Instant CD & DVD Burner (HKLM-x32\...\Instant CD & DVD Burner_is1) (Version: - )
Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation)
Java SE Development Kit 8 Update 11 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180110}) (Version: 8.0.110 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KODAK Share Button App (HKLM-x32\...\{C3F0CF4C-0A8C-42F1-A585-2EF7886D6039}) (Version: 4.03.0000.0000 - Eastman Kodak Company)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
LibreOffice 4.2.5.2 (HKLM-x32\...\{93AD8CBD-C32E-4318-90BB-A294BE2D712C}) (Version: 4.2.5.2 - The Document Foundation)
LightScribe System Software (HKLM-x32\...\{705B639E-FAAF-40D7-AD58-C445321C7C3F}) (Version: 1.18.18.1 - LightScribe)
Logitech SetPoint 6.65 (HKLM\...\SP6) (Version: 6.65.62 - Logitech)
Malwarebytes' Anti-Malware (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: - Malwarebytes Corporation)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Marine Sharpshooter (HKLM-x32\...\Marine Sharpshooter) (Version: 1.0 - Groove Games)
MarketResearch (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden
Menu Templates - Pack 1 (x32 Version: 9.6.0.0 - Nero AG) Hidden
Menu Templates - Starter Kit (x32 Version: 9.6.0.0 - Nero AG) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM-x32\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
MiniTool Partition Wizard Home Edition 8.1.1 (HKLM-x32\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: - MiniTool Solution Ltd.)
MorphVOX Junior (HKLM-x32\...\{F1191B7E-84BF-4325-9FFD-80BD8996ED4B}) (Version: 2.7.5 - Screaming Bee)
Movie Templates - Starter Kit (x32 Version: 9.6.0.0 - Nero AG) Hidden
Mozilla Firefox 23.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 23.0.1 (x86 en-US)) (Version: 23.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0.2 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 en-US)) (Version: 24.6.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-2657733958-4276116067-3132349266-1000\...\MyFreeCodec) (Version: - )
Mystery Case Files: Return to Ravenhearst ™ (HKLM-x32\...\BFG-Mystery Case Files - Return to Ravenhearst) (Version: - )
NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.14.0 - NEC Electronics Corporation)
NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.14.0 - NEC Electronics Corporation) Hidden
Nero 9 Essentials (HKLM-x32\...\{671f2918-21a8-4d87-abcb-c3177a82c5f2}) (Version: - Nero AG)
Network Utility (HKLM-x32\...\{DC0A7892-EC36-4530-8CE8-AC66618B14C3}) (Version: 2.00.205 - PIXELA)
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Opera 12.17 (HKLM-x32\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
Paint.NET Toli Effects (HKLM-x32\...\{DD8CC325-BC7E-4424-8934-3BB451ABFEF3}) (Version: 2.0.0 - Toli Cuturicu)
Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}) (Version: 3.60.0 - dotPDN LLC)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
PhotoScape (HKLM-x32\...\PhotoScape) (Version: - )
PhotoTools 2.5 (HKLM-x32\...\{163A486D-BE65-487E-98D9-F5298F3D5E15}) (Version: 2.5 - onOne Software)
Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.9 - )
Primo (x32 Version: 1.00.0000 - Your Company Name) Hidden
QuickTime (HKLM-x32\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
RarZilla Free Unrar (HKLM-x32\...\RarZilla Free Unrar) (Version: 3.33 - Philipp Winterberg)
Realtek Ethernet Controller Driver For Windows Vista and Later (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0009 - Realtek)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.5897 - Realtek Semiconductor Corp.)
Rocksmith 2014 (HKLM-x32\...\Steam App 221680) (Version: - Ubisoft - San Francisco)
Runtime (x32 Version: 1.00.0000 - Your Company Name) Hidden
Rush 24-7 Media Center (HKLM-x32\...\Rush 24-7 Media Center) (Version: - )
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.1.13105_7 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.1.13105_7 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15041.2 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.15041.2 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden
Sony Picture Utility (HKLM-x32\...\{D5068583-D569-468B-9755-5FBF5848F46F}) (Version: 4.2.00.15030 - Sony Corporation)
Status (x32 Version: 140.0.256.000 - Hewlett-Packard) Hidden
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
The Extractor (HKLM-x32\...\The Extractor1.4.2.2) (Version: - )
The Extractor (HKLM-x32\...\The Extractor1.4.3) (Version: 1.4.3 - N00bsoft)
The Extractor (HKLM-x32\...\The Extractor1.4.3.1) (Version: 1.4.3.1 - N00bsoft)
The Extractor (HKLM-x32\...\The Extractor1.4.3.2) (Version: 1.4.3.2 - N00bsoft)
The Price Is Right 2010 1.0.4 (HKLM-x32\...\The Price Is Right 2010) (Version: - )
TomTom HOME (HKLM-x32\...\{BB05590A-6602-43F3-A400-77EA0976BC0A}) (Version: 2.9.8 - TomTom)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
Ulead DVD MovieFactory 5 (HKLM-x32\...\{B01CC90F-C153-468A-BC33-7BE8A9B8A3D0}) (Version: 5.7 - Corel Corporation)
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
Uplay (HKLM-x32\...\Uplay) (Version: 3.2 - Ubisoft)
VideoBrowser (HKLM-x32\...\{D79DC615-EC9F-4EFA-9482-5911168D8F32}) (Version: 2.00.204 - PIXELA)
Waterfox 38.0 (x64 en-US) (HKLM\...\Waterfox 38.0 (x64 en-US)) (Version: 38.0 - Mozilla)
WeatherBug® (HKLM-x32\...\WeatherBug®) (Version: 10.0.7.4 - Earth Networks, Inc.)
WebReg (x32 Version: 140.0.213.017 - Hewlett-Packard) Hidden
Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-2657733958-4276116067-3132349266-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Driver Package - Eastman Kodak KODAK Digital Camera (01/29/2010 1.4.1.0) (HKLM\...\3D970B9F930E7AAE23C06D39A1AC98548C90B442) (Version: 01/29/2010 1.4.1.0 - Eastman Kodak)
Windows Driver Package - XBCD Project HID (16/05/2008 1.1.0) (HKLM\...\C6DCA6D8EFAB374E8F91A705567555FF4DAF025D) (Version: 16/05/2008 1.1.0 - XBCD Project)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)
Wondershare Video Converter Free(Build 6.5.1.0) (HKLM-x32\...\Wondershare Video Converter Free_is1) (Version: 6.5.1.0 - Wondershare Software)
XBCD 1.07 (HKLM-x32\...\XBCD) (Version: 1.07 - Redcl0ud)
XBCD Uninstaller (HKLM\...\{04054166-0801-48A9-89E0-BC4B53FE7A81}_is1) (Version: 0.2.7 - XBCD Project)
Xvid 1.2.2 final uninstall (HKLM-x32\...\Xvid_is1) (Version: 1.2 - Xvid team (Koepi))
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2657733958-4276116067-3132349266-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Todd\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2657733958-4276116067-3132349266-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Todd\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2657733958-4276116067-3132349266-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Todd\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2657733958-4276116067-3132349266-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Todd\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2657733958-4276116067-3132349266-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Todd\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2657733958-4276116067-3132349266-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Todd\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2657733958-4276116067-3132349266-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Todd\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2657733958-4276116067-3132349266-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Todd\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2657733958-4276116067-3132349266-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Todd\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2657733958-4276116067-3132349266-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Todd\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2657733958-4276116067-3132349266-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Todd\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2657733958-4276116067-3132349266-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Todd\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points =========================

06-06-2015 18:05:58 Scheduled Checkpoint

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2010-10-16 16:21 - 00000860 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0EC268EE-BC0D-490E-A8B7-66F7D5FC8646} - System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe => c:\Program Files\Microsoft Device Center\devicecenter.exe
Task: {15983445-C61C-47F3-A5FC-0F67BE928982} - System32\Tasks\AdobeAAMUpdater-1.0-Frankenstein-JR-Todd => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {1919C5DE-653C-48AD-8091-705BB8DA5B0F} - System32\Tasks\{26FB8C93-6099-4077-9C2E-BE85AB0C9260} => pcalua.exe -a D:\HoyleCardGames2009.exe -d D:\
Task: {1D174622-25D5-4DE1-A7D0-37B7FAE7672A} - System32\Tasks\{F63EC1C2-4378-496A-9FA2-82A37775BC2F} => pcalua.exe -a C:\Temp\Rush_24-7_Media_Center.exe -d C:\Temp
Task: {20CE66B9-E250-48B0-AAB8-E23259FABC8D} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {294AAA0A-7E63-4BC4-8C68-5B096F248EEB} - System32\Tasks\{10EF5062-FADE-4238-95E4-4EA61663B88F}-Kodak Share Button App Camera detect => C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe [2012-06-26] (Eastman Kodak Company)
Task: {2AF0161A-C814-4807-9F24-1731DC909B7D} - System32\Tasks\{4A0262F6-8833-4608-BEF0-A0F5C08A246A} => pcalua.exe -a C:\Users\Todd\Downloads\PXAV100U\PlexDriver.exe -d C:\Users\Todd\Downloads\PXAV100U
Task: {30001CAB-B2D1-4D78-A9F9-DE9BF45A6506} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {34DF5B78-B64C-41C3-BD39-DEACB9815782} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {387ABF2A-984A-4972-8A14-FAB3073F63BA} - System32\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A} => C:\Users\Todd\AppData\Local\Temp\Lfx.exe <==== ATTENTION
Task: {3FAC59E2-0450-47DE-9131-22FB9CCC8A9C} - System32\Tasks\{F3505B97-BEAE-4383-BF5F-1B74006DD811} => pcalua.exe -a C:\Users\Todd\Documents\VirtualDub-1.9.11\auxsetup.exe -d C:\Users\Todd\Documents\VirtualDub-1.9.11
Task: {40013554-CF3B-4E53-AFE1-D7973D4B057B} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-07] (Microsoft Corporation)
Task: {4836200C-1BD2-4A44-A112-9C370C531A93} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {493C9D75-FF33-4E05-A388-B2EF2735CCAE} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {56E950C6-5E21-474A-8C7C-C7B9CF9467B3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-29] (Adobe Systems Incorporated)
Task: {5C592B22-16D5-451A-8777-84B14333DBA8} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2657733958-4276116067-3132349266-1000Core => C:\Users\Todd\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {5D8E0A3D-7702-46F8-A3C2-B596F53C0F9F} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {666F052E-C297-4047-887A-57C90897E1DA} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattel\DiagTrackRunner.exe [2015-03-16] (Microsoft Corporation)
Task: {67F6479E-31E5-40D1-90D3-BBBCCD0E85DA} - System32\Tasks\{099AE139-A4E2-4D58-AEA0-E89C2382C62D} => pcalua.exe -a C:\Users\Todd\AppData\Local\Temp\Temp1_SmartPackSetup1.22.0.zip\SmartPackSetup1.22.0.exe
Task: {6C395652-A80A-4E9D-8F16-9243EE9CFD81} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-03] (Google Inc.)
Task: {707FCCA4-3F75-4C78-A5F0-B961BF77645C} - System32\Tasks\{18F3FCD1-B4D1-4FF5-8623-48DE3AC93249} => pcalua.exe -a C:\Users\Todd\Downloads\airc_setup.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {7AAD236D-0562-4202-BC39-EB45D0ECC9D3} - System32\Tasks\{B34F60A8-1F7C-4476-AA30-A0BC602412B1} => pcalua.exe -a C:\Users\Todd\Downloads\jxpiinstall(1).exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {826148C6-56BE-410B-BEA8-36A26F63D099} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-03] (Google Inc.)
Task: {86E5D38D-938A-44C4-8C2D-366447C18879} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2010-03-27] (Microsoft Corporation)
Task: {92FED955-C1D4-4ED8-B538-6CD30AEBFD7F} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2657733958-4276116067-3132349266-1000UA => C:\Users\Todd\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11] (Facebook Inc.)
Task: {AAE857C7-AE3C-453A-8E38-A3CA59ACA80E} - System32\Tasks\{E521E734-3960-4768-ACB2-6752C2C77319} => pcalua.exe -a C:\Users\Todd\Downloads\Setup.exe -d C:\Users\Todd\Downloads
Task: {B2DA3C02-3F75-4D34-B1BA-AF87CA7BE4EF} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-06-08] (AVAST Software)
Task: {B7B935F6-49DB-46C2-9379-511803D1F65D} - System32\Tasks\Microsoft_Hardware_Launch_rundll32_exe => Rundll32.exe url.dll,OpenURL Product Registration | Microsoft Hardware
Task: {BC49321E-A30C-4EC3-810F-2A922FBA42B5} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {BF49B845-EB36-43A5-BA67-CA136320A0C1} - System32\Tasks\{57B61263-53DB-40EF-A7CE-54E8D7FB6C3B} => pcalua.exe -a E:\setup.exe -d E:\
Task: {C200CB04-9B07-434F-8BE1-D80019F92F86} - System32\Tasks\NetworkUtility起動 => C:\Program Files (x86)\PIXELA\Network Utility\NWLaunch.bat [2011-07-22] ()
Task: {C424368D-72DC-4310-8B6C-DFDF2799A75C} - System32\Tasks\Update\Windows => C:\Users\Todd\AppData\Local\Temp\Update.exe [2015-06-11] (Microsoft Corporation) <==== ATTENTION
Task: {CE02792C-24BC-4862-A0D2-03E2C7D663F8} - System32\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A} => C:\Windows\Lhyqaa.exe
Task: {D59A5650-84C9-4AAC-8CCA-78A545EE32BF} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {D7E9A83A-20D9-4DAC-840A-CA405C8A062B} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2657733958-4276116067-3132349266-1000Core => C:\Users\Todd\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11] (Facebook Inc.)
Task: {E0139AFC-D2A8-407F-AEE0-86357590E681} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2657733958-4276116067-3132349266-1000UA => C:\Users\Todd\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {ED58F947-B4A8-4578-981D-F38BA14346CA} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {FCAB79E2-44CD-43C0-B54E-AE64A4C91C20} - System32\Tasks\{A837BD11-C346-467A-8E41-1E5AD44E8401} => pcalua.exe -a C:\Users\Todd\Downloads\vpsupd.exe -d C:\Users\Todd\Downloads
Task: {FFC63B96-0D34-4EED-B261-8825719D26F8} - System32\Tasks\0 => Chrome.exe <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2657733958-4276116067-3132349266-1000Core.job => C:\Users\Todd\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2657733958-4276116067-3132349266-1000UA.job => C:\Users\Todd\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2657733958-4276116067-3132349266-1000Core.job => C:\Users\Todd\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2657733958-4276116067-3132349266-1000UA.job => C:\Users\Todd\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\NetworkUtility起動.job => C:\Program Files (x86)\PIXELA\Network Utility\NWLaunch.bat

==================== Loaded Modules (Whitelisted) ==============

2010-01-02 09:42 - 2010-01-02 09:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2015-05-29 05:33 - 2015-05-29 05:33 - 23063216 _____ () C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\ProgramData\TEMP:A8ADE5D8
AlternateDataStreams: C:\ProgramData\TEMP:C22674B6
AlternateDataStreams: C:\ProgramData\TEMP:D74B6CF5
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2
AlternateDataStreams: C:\Users\Todd\Desktop\AdwCleaner.exe:xdg.origin.url
AlternateDataStreams: C:\Users\Todd\Desktop\AdwCleaner.exe:xdg.referrer.url
AlternateDataStreams: C:\Users\Todd\Desktop\FRST64.exe:xdg.origin.url
AlternateDataStreams: C:\Users\Todd\Desktop\FRST64.exe:xdg.referrer.url
AlternateDataStreams: C:\Users\Todd\Desktop\mbam-setup-2.1.6.1022.exe:xdg.origin.url
AlternateDataStreams: C:\Users\Todd\Desktop\mbam-setup-2.1.6.1022.exe:xdg.referrer.url

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-2657733958-4276116067-3132349266-1000\Software\Classes\.exe: exefile => <===== ATTENTION!

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2657733958-4276116067-3132349266-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.11.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: KGShareApp => C:\Program Files (x86)\Kodak\KODAK Share Button App\KGShare_App.exe
MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
MSCONFIG\startupreg: PCKeeper2 => "C:\Program Files\Kromtech\PCKeeper\PCKeeper.exe" /autorun
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RegistryQuick.exe => C:\Program Files (x86)\RegQuick\RegistryQuick.exe
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{64DA26FB-4E11-4D8C-94D1-95E93EE60AB2}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{C32C5C78-20F3-48CD-B5AB-A032C2A84D89}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [TCP Query User{3D6F6505-D3F9-4A92-B264-B0C4C8616967}C:\program files (x86)\dap\dap.exe] => (Allow) C:\program files (x86)\dap\dap.exe
FirewallRules: [UDP Query User{DF88951A-9A84-42CB-A2D3-CBAC64339A75}C:\program files (x86)\dap\dap.exe] => (Allow) C:\program files (x86)\dap\dap.exe
FirewallRules: [{D4B2D485-8FCF-4883-886F-9E4D97FBB8E5}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{A4649E07-7745-407B-B022-ECB06495A491}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{E30AC161-ADE4-4501-8920-FFFF8BCAF2A6}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{24880DE3-A0E6-4F43-85FC-89ADA525474E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{D6659DC5-7995-479F-A19D-B9B897FD735B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{B44C734A-FB83-44A7-AFBC-9DF120793D23}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{F3E887E6-2A14-4CCA-B150-79F4EB000BEE}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{A10A7EB2-D2FF-4506-B8CB-F22270E41B86}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{A6A21792-C647-469E-B819-0E1CC268511C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{6DA87C72-6074-4FB5-A445-4C7BAEF771D6}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{EBC06A3E-1CDC-4F9C-A8F8-1D10F16001A9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqnrs08.exe
FirewallRules: [{4B32E5BA-2EB5-490F-ACB5-68AD83958B02}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{43CAE8CB-5384-4557-9E88-2A842E2626F0}] => (Allow) C:\Program Files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe
FirewallRules: [{A68A87D7-6D3A-4471-AD74-6083891EC90F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsudi.exe
FirewallRules: [{617A012F-13E5-4294-8CE6-75FA1D462830}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpsapp.exe
FirewallRules: [{7C0C8B36-38FD-4AC8-972C-9CA1E343C171}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{7A576E3B-4F27-41F4-A699-4FF89786F013}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{22C480C4-1C61-48BE-9349-82AC7D7164F7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpse.exe
FirewallRules: [{EB51701E-F2EA-4DC9-9D41-DC9E64242F49}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{A7D6319E-A1AE-4F5E-855F-F87D626D3E7F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{2F90AE0C-B7C9-484F-8EE2-F9DAB871B489}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{CCAF9A43-6FE1-4DA0-97A9-34CBDA364707}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{81E040E2-6387-41B9-9F03-892D842B3A3A}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{3DDF5977-88F8-41D5-BEBA-6FD0BD24AA61}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [TCP Query User{E43FBC1C-CDEA-49B4-A189-1DF60B63C5B8}C:\games\hoyle\hoyle card games.exe] => (Allow) C:\games\hoyle\hoyle card games.exe
FirewallRules: [UDP Query User{74468509-D3EE-41D2-8B53-FA4920D05205}C:\games\hoyle\hoyle card games.exe] => (Allow) C:\games\hoyle\hoyle card games.exe
FirewallRules: [TCP Query User{08C271D1-D072-4A58-A2AF-4F3898514D6B}C:\program files (x86)\gigabyte\@bios\gwflash.exe] => (Block) C:\program files (x86)\gigabyte\@bios\gwflash.exe
FirewallRules: [UDP Query User{39B64443-18E1-4BF9-9673-07746CFA03C4}C:\program files (x86)\gigabyte\@bios\gwflash.exe] => (Block) C:\program files (x86)\gigabyte\@bios\gwflash.exe
FirewallRules: [TCP Query User{BB956B9E-E109-4E44-B5AA-B61466109547}C:\program files (x86)\icechat7\icechat7.exe] => (Allow) C:\program files (x86)\icechat7\icechat7.exe
FirewallRules: [UDP Query User{F552BE75-621A-4763-B1E3-AD0648E2073F}C:\program files (x86)\icechat7\icechat7.exe] => (Allow) C:\program files (x86)\icechat7\icechat7.exe
FirewallRules: [TCP Query User{ADD46384-E0FC-48D1-BBEB-77E0B7BFD73B}C:\program files (x86)\google\google earth\client\googleearth.exe] => (Allow) C:\program files (x86)\google\google earth\client\googleearth.exe
FirewallRules: [UDP Query User{92C71E59-99F0-467C-800F-36B8D676A7C5}C:\program files (x86)\google\google earth\client\googleearth.exe] => (Allow) C:\program files (x86)\google\google earth\client\googleearth.exe
FirewallRules: [TCP Query User{013843C5-2082-40A3-B461-89AE56486FC0}C:\users\todd\appdata\roaming\ocrit\ritao.exe] => (Block) C:\users\todd\appdata\roaming\ocrit\ritao.exe
FirewallRules: [UDP Query User{1D7FBFB7-1258-4414-8DB6-F5F35D50BC6B}C:\users\todd\appdata\roaming\ocrit\ritao.exe] => (Block) C:\users\todd\appdata\roaming\ocrit\ritao.exe
FirewallRules: [TCP Query User{D7840FAD-5C05-4F56-9C08-1465FE3ECFF2}C:\program files (x86)\utherverse digital inc\utherverse vww client\utherverse.exe] => (Allow) C:\program files (x86)\utherverse digital inc\utherverse vww client\utherverse.exe
FirewallRules: [UDP Query User{997CE367-A7E3-4FF0-B784-4D2804D859EA}C:\program files (x86)\utherverse digital inc\utherverse vww client\utherverse.exe] => (Allow) C:\program files (x86)\utherverse digital inc\utherverse vww client\utherverse.exe
FirewallRules: [TCP Query User{90999798-9376-466B-89B5-45FD9FAD52D3}C:\program files (x86)\xchat\xchat.exe] => (Allow) C:\program files (x86)\xchat\xchat.exe
FirewallRules: [UDP Query User{94B0F129-4A05-45E9-9D93-AAA9BB09A870}C:\program files (x86)\xchat\xchat.exe] => (Allow) C:\program files (x86)\xchat\xchat.exe
FirewallRules: [{7616425C-12E7-4679-9BA3-C7E8B3829FF6}] => (Allow) E:\setup\hpznui40.exe
FirewallRules: [{0EE7CBC9-44B5-4508-A5F0-30D57B9EF0C6}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{946E8D37-2606-4A2B-BA83-01A3574C625A}] => (Allow) LPort=2869
FirewallRules: [{4B322A31-2F46-44D6-B00E-0ADA94545A42}] => (Allow) LPort=1900
FirewallRules: [{08BB8E75-4FEA-4D79-A1EC-8913FB3EE291}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{970C34B3-296F-4D94-8F2E-5557DED9DC89}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [TCP Query User{4EB71BC9-6A70-4DEF-8F99-783F4F70B472}C:\users\todd\downloads\auto_xbins_2008\auto_xbins_2008.exe] => (Allow) C:\users\todd\downloads\auto_xbins_2008\auto_xbins_2008.exe
FirewallRules: [UDP Query User{8BF6CD3E-5A10-4E31-873C-EE6220489B4F}C:\users\todd\downloads\auto_xbins_2008\auto_xbins_2008.exe] => (Allow) C:\users\todd\downloads\auto_xbins_2008\auto_xbins_2008.exe
FirewallRules: [{AA4135CA-6341-4C8F-881A-625FE5263C2F}] => (Allow) C:\Program Files (x86)\Opera\opera.exe
FirewallRules: [{541F3BDE-F756-43ED-B794-7420A821FE73}] => (Allow) C:\Program Files (x86)\Opera\opera.exe
FirewallRules: [TCP Query User{59B61426-A9DE-452D-8288-A1AAD8BCC8C9}C:\users\todd\appdata\local\temp\temp2_auto_xbins_2008.zip\auto_xbins_2008.exe] => (Allow) C:\users\todd\appdata\local\temp\temp2_auto_xbins_2008.zip\auto_xbins_2008.exe
FirewallRules: [UDP Query User{635C8B52-E8B6-448E-AE59-5C4A424FF801}C:\users\todd\appdata\local\temp\temp2_auto_xbins_2008.zip\auto_xbins_2008.exe] => (Allow) C:\users\todd\appdata\local\temp\temp2_auto_xbins_2008.zip\auto_xbins_2008.exe
FirewallRules: [{55E12C33-90F3-4746-A610-5B870FF9FFA1}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [TCP Query User{AAF15ECB-A6AF-443C-8764-3F54C2B30902}C:\program files (x86)\java\jre6\bin\java.exe] => (Allow) C:\program files (x86)\java\jre6\bin\java.exe
FirewallRules: [UDP Query User{759C7426-2739-4819-8802-2753DB01C407}C:\program files (x86)\java\jre6\bin\java.exe] => (Allow) C:\program files (x86)\java\jre6\bin\java.exe
FirewallRules: [{89CD98F3-8396-448C-A284-A64B10237854}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8498473C-F0AE-4B6B-A973-6374BC668F12}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1CEFBA30-59A4-4C43-AE87-CDE3E6697A7E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E78B80AD-557C-4106-A84A-82DC3D3A8CAB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{EA398280-743F-450F-AE18-04FF182B609F}] => (Allow) LPort=5353
FirewallRules: [{59A24F85-3D4F-4BF7-8511-48FE0EBB2D75}] => (Allow) C:\Program Files (x86)\PIXELA\Network Utility\PxDMSService.exe
FirewallRules: [TCP Query User{BB9FE13F-FC26-46E4-9B3B-934406ADB1E6}C:\program files (x86)\adobe\adobe dreamweaver cs5\dreamweaver.exe] => (Allow) C:\program files (x86)\adobe\adobe dreamweaver cs5\dreamweaver.exe
FirewallRules: [UDP Query User{29F909A4-C5BE-4155-8128-22475DC58EC1}C:\program files (x86)\adobe\adobe dreamweaver cs5\dreamweaver.exe] => (Allow) C:\program files (x86)\adobe\adobe dreamweaver cs5\dreamweaver.exe
FirewallRules: [{17A14F5D-7829-41DF-A6AA-21CD99ED489F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{0AD82024-8928-46E4-8EAB-99855EA69107}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{7533B971-E260-40B2-BD62-8FB196BE7001}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Rocksmith2014\Rocksmith2014.exe
FirewallRules: [{AB076A75-70B9-4D36-9C9D-10EB0C3225E9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Rocksmith2014\Rocksmith2014.exe
FirewallRules: [{6F2054B4-2F1A-4100-BBF4-9250A29145B6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Rocksmith2014\Rocksmith2014.exe
FirewallRules: [{0EC58CA0-C87A-4689-A88F-061CC7149C11}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Rocksmith2014\Rocksmith2014.exe
FirewallRules: [{E6876A8F-1A09-4387-B8F8-15E7F47BDDD5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Rocksmith2014\Rocksmith2014.exe
FirewallRules: [{E3833FC1-FF5E-465D-B92E-C73E664E7D72}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Rocksmith2014\Rocksmith2014.exe
FirewallRules: [{26E0B5FE-8EA7-49FC-A150-96AB8A693647}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{59B24458-A138-469F-9AD9-691FB4D54563}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{1B885C33-5464-4729-A522-62ADA5F13B47}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Rocksmith2014\Rocksmith2014.exe
FirewallRules: [{5E34EF3A-A740-4BE0-A8CE-B42438CC805F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Rocksmith2014\Rocksmith2014.exe
FirewallRules: [{959124FE-7FC3-4B4D-A7C6-6A4D2F805E8B}] => (Allow) C:\Users\Todd\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{919FD70C-CA46-4D04-AB76-8EF82B017F13}] => (Allow) C:\Users\Todd\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{1507FDE2-BCCD-470D-A040-AE73D58385F0}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{9A639FC4-0D05-4F6F-B74A-8AD06A27038E}] => (Allow) C:\Users\Todd\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{F5214A0D-E519-4837-9F79-934F1A55E338}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{BFFF6DD2-A304-4CFA-AB72-806C07BC8A5A}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{3EF6C9DE-85B3-4740-834D-9C259562B1DC}C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2launcher.exe] => (Allow) C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2launcher.exe
FirewallRules: [UDP Query User{B0394E04-10E0-4D15-B0DD-93CE0F381D80}C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2launcher.exe] => (Allow) C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2launcher.exe
FirewallRules: [{A03B73E8-34DE-4A06-9953-7FDB42A34871}] => (Allow) C:\Program Files\Waterfox\waterfox.exe
FirewallRules: [{6FDE5444-9C31-4BF3-A03E-37C0DBFC6E27}] => (Allow) C:\Program Files\Waterfox\waterfox.exe
FirewallRules: [{EEB5DCFF-B566-42B3-AA2F-6088F68B8058}] => (Allow) C:\Users\Todd\AppData\Local\Google\Chrome\Application\chrome.exe
FirewallRules: [{FA7C7C51-7355-465E-858B-EDDC89A6390A}] => (Allow) C:\Users\Todd\AppData\Local\Temp\nseFC4A.tmp\CnetInstaller-75219350.exe
FirewallRules: [{D06AD279-B1A3-446A-9C2F-46C4B52BA41D}] => (Allow) C:\Users\Todd\AppData\Local\Temp\nseFC4A.tmp\CnetInstaller-75219350.exe

==================== Faulty Device Manager Devices =============

Name: Officejet 6500 E709n
Description: Officejet 6500 E709n
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Ethernet Controller
Description: Ethernet Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: aswRvrt
Description: aswRvrt
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: aswRvrt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: aswVmm
Description: aswVmm
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: aswVmm
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/11/2015 00:04:11 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.


Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (06/11/2015 00:04:11 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application


Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (06/11/2015 00:04:11 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (06/11/2015 00:04:11 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
Element not found. (HRESULT : 0x80070490) (0x80070490)

Error: (06/11/2015 00:04:07 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (06/11/2015 00:04:07 AM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: The Windows Search Service cannot load the property store information.

Context: Windows Application, SystemIndex Catalog


Details:
The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800)

Error: (06/11/2015 00:04:07 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.


Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (06/11/2015 00:04:07 AM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index.


Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (06/11/2015 00:04:07 AM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description: The Windows Search Service cannot open the Jet property store.


Details:
0x%08x (0xc0041800 - The content index database is corrupt. (HRESULT : 0xc0041800))

Error: (06/11/2015 00:04:06 AM) (Source: ESENT) (EventID: 454) (User: )
Description: Windows (4388) Windows: Database recovery/restore failed with unexpected error -543.


System errors:
=============
Error: (06/11/2015 00:30:12 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (06/11/2015 00:30:12 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (06/11/2015 00:30:12 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (06/11/2015 00:30:11 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error:
%%1068

Error: (06/11/2015 00:29:01 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
%%1068

Error: (06/11/2015 00:29:00 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (06/11/2015 00:29:00 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (06/11/2015 00:29:00 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (06/11/2015 00:29:00 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (06/11/2015 00:29:00 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068


Microsoft Office:
=========================
Error: (06/11/2015 00:04:11 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description:
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (06/11/2015 00:04:11 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Context: Windows Application


Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (06/11/2015 00:04:11 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (06/11/2015 00:04:11 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
Element not found. (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer

Error: (06/11/2015 00:04:07 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore

Error: (06/11/2015 00:04:07 AM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800)

Error: (06/11/2015 00:04:07 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description:
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt

Error: (06/11/2015 00:04:07 AM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description:
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
4700

Error: (06/11/2015 00:04:07 AM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description:
Details:
0x%08x (0xc0041800 - The content index database is corrupt. (HRESULT : 0xc0041800))

Error: (06/11/2015 00:04:06 AM) (Source: ESENT) (EventID: 454) (User: )
Description: Windows4388Windows: -543


CodeIntegrity Errors:
===================================
Date: 2011-12-26 07:49:09.131
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Users\Todd\AppData\Local\Temp\PIO859B.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2011-12-26 07:49:09.080
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Users\Todd\AppData\Local\Temp\PIO859B.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2011-10-29 16:19:55.447
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Users\Todd\AppData\Local\Temp\PIO6E5F.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2011-10-29 16:19:55.403
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Users\Todd\AppData\Local\Temp\PIO6E5F.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2011-10-29 16:18:07.862
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Users\Todd\AppData\Local\Temp\PIOCA15.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2011-10-29 16:18:07.818
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Users\Todd\AppData\Local\Temp\PIOCA15.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2011-07-28 12:49:53.762
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Users\Todd\AppData\Local\Temp\PIOE72B.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2011-07-28 12:49:53.726
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Users\Todd\AppData\Local\Temp\PIOE72B.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2010-10-30 15:55:55.129
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\jungle\JungleFlasher v0.1.75 Beta (152)\portio64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2010-10-30 15:55:55.129
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\jungle\JungleFlasher v0.1.75 Beta (152)\portio64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: AMD Phenom(tm) II X4 965 Processor
Percentage of memory in use: 29%
Total physical RAM: 4039.09 MB
Available physical RAM: 2835.98 MB
Total Pagefile: 8076.39 MB
Available Pagefile: 6948.02 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:443.64 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: A08B42F3)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End of log ============================
todd93 is offline  
Old 06-10-2015, 09:00 PM   #5
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



And the first FRST log, FRST.txt, and the answer to my question?
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 06-11-2015, 02:31 AM   #6
Registered Member
 
Join Date: Jan 2009
Location: Midwest
Posts: 12
OS: /Ubuntu Linux/Windows 7


Send a message via Yahoo to todd93

Oh, sorry, I must have overlooked your first question, the answer to that is no, I haven't done that, when I do it, I will have to re-install my GRUB boot manager, which is no big deal, but still sort of a pain.

FRST.txt:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:08-06-2015
Ran by Todd (administrator) on FRANKENSTEIN-JR on 11-06-2015 00:30:42
Running from C:\Users\Todd\Desktop
Loaded Profiles: Todd (Available Profiles: Todd & Colleen)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser path: "C:\Program Files\Waterfox\waterfox.exe" -osint -url "%1")
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\HelpPane.exe
(Waterfox) C:\Program Files\Waterfox\waterfox.exe
(Mozilla Corporation) C:\Program Files\Waterfox\plugin-container.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [36864 2007-03-20] ()
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2009-09-25] (NEC Electronics Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-07-02] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-07-25] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Ext2 Volume Manager] => C:\Program Files\Ext2Fsd\Ext2Mgr.exe [1217176 2014-08-26] (Ext2Fsd Group (Ext2Fsd Project))
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-08-08] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BrowserPlugInHelper] => C:\Program Files (x86)\Wondershare\VideoConverterFree\BrowserPlugInHelper.exe [1969440 2013-06-18] ()
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-2657733958-4276116067-3132349266-1000\...\Run: [Google Update] => C:\Users\Todd\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-18] (Google Inc.)
HKU\S-1-5-21-2657733958-4276116067-3132349266-1000\...\Run: [Facebook Update] => C:\Users\Todd\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-11] (Facebook Inc.)
HKU\S-1-5-21-2657733958-4276116067-3132349266-1000\...\Run: [WeatherBug] => C:\Program Files\Earth Networks\WeatherBug\WeatherBug.exe /fromrunkey
HKU\S-1-5-21-2657733958-4276116067-3132349266-1000\...\Run: [Sysinternals Desktops] => C:\Desktops\Desktops.exe [116824 2014-11-27] (Sysinternals - www.sysinternals.com)
HKU\S-1-5-21-2657733958-4276116067-3132349266-1000\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248176 2014-12-19] (TomTom)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ClientManagerV.lnk [2010-04-30]
ShortcutTarget: ClientManagerV.lnk -> C:\Program Files (x86)\BUFFALO\clientmgrv\bin\cmvMain.exe (BUFFALO INC.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2010-03-18]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Network Utility.lnk [2012-12-02]
ShortcutTarget: Network Utility.lnk -> C:\Program Files (x86)\PIXELA\Network Utility\NetworkUtility.exe (PIXELA CORPORATION)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VideoBrowser Camera Monitor.lnk [2012-12-02]
ShortcutTarget: VideoBrowser Camera Monitor.lnk -> C:\Program Files (x86)\PIXELA\VideoBrowser\CameraMonitor.exe (PIXELA CORPORATION)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinTV Recording Status..lnk [2011-08-01]
ShortcutTarget: WinTV Recording Status..lnk -> C:\Program Files (x86)\WinTV\WinTV7\WinTVTray.exe (Hauppauge Computer Works, Inc.)
Startup: C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GIGABYTE Gamer HUD Lite.lnk [2010-01-29]
ShortcutTarget: GIGABYTE Gamer HUD Lite.lnk -> C:\Program Files (x86)\Gigabyte\Gamer HUD Lite\HUD.exe ()
Startup: C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PMB Media Check Tool.lnk [2011-01-23]
ShortcutTarget: PMB Media Check Tool.lnk -> C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2014-06-08] (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Todd\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Todd\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Todd\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Todd\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Todd\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Todd\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Todd\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Todd\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-2657733958-4276116067-3132349266-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2657733958-4276116067-3132349266-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-2657733958-4276116067-3132349266-1000\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-2657733958-4276116067-3132349266-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = Hotmail, Outlook, Skype, Bing, Latest News, Photos & Videos – MSN.com
HKU\S-1-5-21-2657733958-4276116067-3132349266-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.com?fr=hp-avast&type=avastbcl
HKU\S-1-5-21-2657733958-4276116067-3132349266-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://www.yahoo.com?fr=hp-avast&type=avastbcl
URLSearchHook: HKU\S-1-5-21-2657733958-4276116067-3132349266-1000 - Default Value = {CFBFAE00-17A6-11D0-99CB-00C04FD64497}
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2657733958-4276116067-3132349266-1000 -> {8252255C-52A8-4406-86B3-E4689DA4A357} URL = https://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=1975384696&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=en&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2657733958-4276116067-3132349266-1000 -> {BBFFB999-4993-4ece-A449-95A97C2690AE} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=926458&p={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-05-17] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-06-08] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-17] (Oracle Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22] (Hewlett-Packard Co.)
BHO-x32: Wondershare Video Converter Ultimate -> {65DEE40A-3E93-4cae-9F98-B8E06DCEE2BF} -> C:\Program Files (x86)\Wondershare\VideoConverterFree\SVRIEPlugin.dll [2013-06-18] (Wondershare Software Co., Ltd.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-06-08] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-11-10] (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll [2012-02-10] (Microsoft Corporation.)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22] (Hewlett-Packard Co.)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll [2012-02-10] (Microsoft Corporation.)
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} https://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.11.1

FireFox:
========
FF ProfilePath: C:\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\1bezfscc.default
FF DefaultSearchUrl:
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-05-29] ()
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-17] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-17] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2010-03-27] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-29] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll [2008-10-15] (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2010-06-01] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2010-03-27] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll [2013-12-12] (Nullsoft, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2657733958-4276116067-3132349266-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Todd\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-2657733958-4276116067-3132349266-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Todd\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-2657733958-4276116067-3132349266-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Todd\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPGetRt.dll [2006-06-06] (Headlight Software, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2011-11-19] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2011-11-19] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2011-11-19] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2011-11-19] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2011-11-19] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2011-11-19] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2011-11-19] (Apple Inc.)
FF SearchPlugin: C:\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\1bezfscc.default\searchplugins\aol-search.xml [2013-01-16]
FF SearchPlugin: C:\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\1bezfscc.default\searchplugins\yahoo-avast.xml [2014-06-17]
FF Extension: Logitech Device Detection - C:\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\1bezfscc.default\Extensions\[email protected] [2011-08-14]
FF Extension: Flash and Video Download - C:\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\1bezfscc.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2015-05-29]
FF Extension: English (US) Language Pack - C:\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\1bezfscc.default\Extensions\[email protected] [2014-09-13]
FF Extension: Unhide Passwords - C:\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\1bezfscc.default\Extensions\{2e17e2b2-b8d4-4a67-8d7b-fafa6cc9d1d0}.xpi [2011-05-08]
FF Extension: Page Title Eraser - C:\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\1bezfscc.default\Extensions\{791DB184-BFBA-11DA-9C61-0638DF403F48}.xpi [2011-09-24]
FF Extension: Password Exporter - C:\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\1bezfscc.default\Extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi [2014-10-19]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013-08-18]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013-08-18]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2013-08-18]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-05-01]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-03-18]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-06-08]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-09-06]
FF HKLM-x32\...\Firefox\Extensions: [{8D150B8F-EFE8-45a3-A4A3-053020F48FAC}] - C:\Program Files (x86)\Wondershare\VideoConverterFree\SVRFirefoxExt
FF Extension: Wondershare Video Converter Ultimate - C:\Program Files (x86)\Wondershare\VideoConverterFree\SVRFirefoxExt [2015-05-29]
FF HKU\S-1-5-21-2657733958-4276116067-3132349266-1000\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKU\S-1-5-21-2657733958-4276116067-3132349266-1000\...\Firefox\Extensions: [{8D150B8F-EFE8-45a3-A4A3-053020F48FAC}] - C:\Program Files (x86)\Wondershare\VideoConverterFree\SVRFirefoxExt

Chrome:
=======
CHR Profile: C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Wondershare Video Converter Ultimate) - C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\chgdeabpmphfhkoemjjglmilajldekbp [2015-05-29]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2014-09-06]
CHR Extension: (No Name) - C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihogoofdaifgdkdilopkeahfcnifkajn [2014-06-05]
CHR Extension: (FlashControl) - C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe [2015-05-29]
CHR Extension: (Google Wallet) - C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-03]
CHR HKLM-x32\...\Chrome\Extension: [chgdeabpmphfhkoemjjglmilajldekbp] - C:\Program Files (x86)\Wondershare\VideoConverterFree\SVRChromePlugin.crx [2015-05-29]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-06-08]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]
StartMenuInternet: Google Chrome - C:\Users\Todd\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-06-08] (AVAST Software)
S2 BWH32S; C:\Program Files (x86)\BUFFALO\clientmgrv\bin\BWH32S.exe [57912 2007-04-17] (BUFFALO INC.)
S2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
S2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
S2 ES lite Service; C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE [68136 2009-08-24] ()
S2 HauppaugeTVServer; C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe [602624 2010-03-29] (Hauppauge Computer Works) [File not signed]
S2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
S2 IconMan_R; C:\Program Files (x86)\Realtek\IconMan_R\RIconMan.exe [1815552 2010-12-29] (Realsil Microelectronics Inc.) [File not signed]
S2 JMB36X; C:\Windows\SysWOW64\XSrvSetup.exe [65536 2009-08-06] () [File not signed]
S2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-08-16] (Hewlett-Packard Company) [File not signed]
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S2 nlscc; C:\Windows\system32\nlsInterface.exe [72192 2010-11-01] (Nalpeiron Ltd.) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S3 PxDMSService; C:\Program Files (x86)\PIXELA\Network Utility\PxDMSService.exe [179576 2011-10-26] (PIXELA CORPORATION)
S2 SetupARService; C:\Program Files (x86)\Realtek\Audio\SetupAfterRebootService.exe [24576 2013-01-15] (Realtek Semiconductor.) [File not signed]
S2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-13] (Microsoft Corporation)
R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2012-01-06] (Asmedia Technology)
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-06-08] ()
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-06-08] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-06-08] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-06-08] ()
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-06-08] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-06-08] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-06-08] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-06-08] ()
R1 Ext2Fsd; C:\Windows\System32\Drivers\Ext2Fsd.sys [771224 2014-08-26] (Ext2Fsd Project)
S3 hcw10bda; C:\Windows\System32\drivers\hcw10bda.sys [593664 2010-05-07] (Hauppauge Computer Works, Inc.)
S2 hcw10cir; C:\Windows\System32\drivers\hcw10cir.sys [46080 2010-05-07] (Hauppauge Computer Works, Inc.)
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [16896 2011-11-14] (libusb-win32 / Wiki / Home)
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [44928 2012-10-10] (ManyCam LLC)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-06-11] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\SysWOW64\drivers\MBAMSwissArmy.sys [38224 2010-04-29] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [29696 2012-10-10] (ManyCam LLC)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
R3 RTL8023x64; C:\Windows\System32\DRIVERS\Rtnic64.sys [60416 2008-07-22] (Realtek Semiconductor Corporation )
S3 XBCD; C:\Windows\System32\DRIVERS\XBCD.sys [27608 2011-10-08] (XBCD Project)
S3 XBCD; C:\Windows\SysWOW64\DRIVERS\XBCD.sys [19212 2005-05-13] (Redcl0ud) [File not signed]
S3 cpuz132; \??\C:\Users\Todd\AppData\Local\Temp\cpuz132\cpuz132_x64.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 esgiguard; \??\C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S0 vsmraid; system32\DRIVERS\vsmraid.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-11 00:30 - 2015-06-11 00:31 - 00029122 _____ C:\Users\Todd\Desktop\FRST.txt
2015-06-11 00:29 - 2015-06-11 00:30 - 00000000 ____D C:\FRST
2015-06-10 23:57 - 2015-06-11 00:00 - 00000000 ____D C:\AdwCleaner
2015-06-10 19:26 - 2015-06-10 19:24 - 02108928 _____ (Farbar) C:\Users\Todd\Desktop\FRST64.exe
2015-06-10 18:54 - 2015-06-10 18:52 - 02231296 _____ C:\Users\Todd\Desktop\AdwCleaner.exe
2015-06-09 10:23 - 2015-06-09 10:32 - 00000000 ____D C:\Program Files (x86)\Argente Utilities
2015-06-09 10:23 - 2015-06-09 10:23 - 00000997 _____ C:\Users\Public\Desktop\Argente Utilities.lnk
2015-06-09 10:23 - 2015-06-09 10:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Argente Utilities
2015-06-09 10:22 - 2015-06-09 10:23 - 06879357 _____ (Argente Software ) C:\Users\Todd\Downloads\Argente%20Utilities.exe
2015-06-09 10:22 - 2015-06-09 10:22 - 00232176 _____ C:\Users\Todd\Downloads\Argente%20Utilities-43186374.exe
2015-06-08 22:34 - 2015-06-11 00:04 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-08 22:34 - 2015-06-08 22:34 - 00001066 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-08 22:34 - 2015-06-08 22:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-08 22:34 - 2015-06-08 22:34 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-06-08 22:34 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-08 22:34 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-08 17:31 - 2015-06-08 17:29 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Todd\Desktop\mbam-setup-2.1.6.1022.exe
2015-06-06 07:58 - 2015-06-11 00:05 - 00000056 _____ C:\Users\Todd\AppData\Roaming\a.bat
2015-06-06 07:58 - 2015-06-06 07:58 - 00000000 ____D C:\Windows\System32\Tasks\Update
2015-06-06 07:41 - 2015-06-06 09:15 - 00000000 ____D C:\Users\Todd\AppData\Roaming\12C3977D-7DA7-40FF-9209-CA444309FE30
2015-06-05 23:22 - 2015-05-25 13:19 - 01255424 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-06-05 23:22 - 2015-05-25 13:19 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-06-05 23:22 - 2015-05-25 13:19 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-06-05 23:21 - 2015-05-25 13:24 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-06-05 23:21 - 2015-05-25 13:23 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-06-05 23:21 - 2015-05-25 13:23 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-06-05 23:21 - 2015-05-25 13:21 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-06-05 23:21 - 2015-05-25 13:19 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-06-05 23:21 - 2015-05-25 13:19 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-06-05 23:21 - 2015-05-25 13:19 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-06-05 23:21 - 2015-05-25 13:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-06-05 23:21 - 2015-05-25 13:19 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-06-05 23:21 - 2015-05-25 13:19 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-06-05 23:21 - 2015-05-25 13:19 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-06-05 23:21 - 2015-05-25 13:19 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-06-05 23:21 - 2015-05-25 13:19 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-06-05 23:21 - 2015-05-25 13:19 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-06-05 23:21 - 2015-05-25 13:19 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-06-05 23:21 - 2015-05-25 13:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-06-05 23:21 - 2015-05-25 13:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-06-05 23:21 - 2015-05-25 13:19 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-06-05 23:21 - 2015-05-25 13:19 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-06-05 23:21 - 2015-05-25 13:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-06-05 23:21 - 2015-05-25 13:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-06-05 23:21 - 2015-05-25 13:19 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-06-05 23:21 - 2015-05-25 13:19 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-06-05 23:21 - 2015-05-25 13:18 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-06-05 23:21 - 2015-05-25 13:18 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-06-05 23:21 - 2015-05-25 13:18 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-06-05 23:21 - 2015-05-25 13:18 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-06-05 23:21 - 2015-05-25 13:18 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-06-05 23:21 - 2015-05-25 13:18 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-06-05 23:21 - 2015-05-25 13:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-06-05 23:21 - 2015-05-25 13:18 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-06-05 23:21 - 2015-05-25 13:18 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-06-05 23:21 - 2015-05-25 13:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-06-05 23:21 - 2015-05-25 13:18 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-06-05 23:21 - 2015-05-25 13:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-06-05 23:21 - 2015-05-25 13:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-06-05 23:21 - 2015-05-25 13:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-06-05 23:21 - 2015-05-25 13:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-06-05 23:21 - 2015-05-25 13:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-06-05 23:21 - 2015-05-25 13:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-06-05 23:21 - 2015-05-25 13:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-06-05 23:21 - 2015-05-25 13:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-06-05 23:21 - 2015-05-25 13:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-05 23:21 - 2015-05-25 13:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-05 23:21 - 2015-05-25 13:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-05 23:21 - 2015-05-25 13:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-06-05 23:21 - 2015-05-25 13:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-05 23:21 - 2015-05-25 13:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-06-05 23:21 - 2015-05-25 13:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-05 23:21 - 2015-05-25 13:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-05 23:21 - 2015-05-25 13:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-05 23:21 - 2015-05-25 13:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-06-05 23:21 - 2015-05-25 13:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-06-05 23:21 - 2015-05-25 13:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-05 23:21 - 2015-05-25 13:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-06-05 23:21 - 2015-05-25 13:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-06-05 23:21 - 2015-05-25 13:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-06-05 23:21 - 2015-05-25 13:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-06-05 23:21 - 2015-05-25 13:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-06-05 23:21 - 2015-05-25 13:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-06-05 23:21 - 2015-05-25 13:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-05 23:21 - 2015-05-25 13:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-06-05 23:21 - 2015-05-25 13:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-06-05 23:21 - 2015-05-25 13:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-05 23:21 - 2015-05-25 13:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-06-05 23:21 - 2015-05-25 13:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-06-05 23:21 - 2015-05-25 13:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-06-05 23:21 - 2015-05-25 13:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-06-05 23:21 - 2015-05-25 13:07 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-06-05 23:21 - 2015-05-25 13:07 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-06-05 23:21 - 2015-05-25 13:04 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-06-05 23:21 - 2015-05-25 13:01 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-06-05 23:21 - 2015-05-25 13:01 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-06-05 23:21 - 2015-05-25 13:01 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-06-05 23:21 - 2015-05-25 13:01 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-06-05 23:21 - 2015-05-25 13:01 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-06-05 23:21 - 2015-05-25 13:01 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-06-05 23:21 - 2015-05-25 13:01 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-06-05 23:21 - 2015-05-25 13:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-06-05 23:21 - 2015-05-25 13:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-06-05 23:21 - 2015-05-25 13:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-06-05 23:21 - 2015-05-25 13:01 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-06-05 23:21 - 2015-05-25 13:01 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-06-05 23:21 - 2015-05-25 13:01 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-06-05 23:21 - 2015-05-25 13:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-06-05 23:21 - 2015-05-25 13:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-06-05 23:21 - 2015-05-25 13:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-06-05 23:21 - 2015-05-25 13:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-06-05 23:21 - 2015-05-25 13:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-06-05 23:21 - 2015-05-25 13:00 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-06-05 23:21 - 2015-05-25 13:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-06-05 23:21 - 2015-05-25 12:59 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-06-05 23:21 - 2015-05-25 12:59 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-06-05 23:21 - 2015-05-25 12:59 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-06-05 23:21 - 2015-05-25 12:59 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-06-05 23:21 - 2015-05-25 12:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-06-05 23:21 - 2015-05-25 12:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-06-05 23:21 - 2015-05-25 12:55 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-06-05 23:21 - 2015-05-25 12:55 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-06-05 23:21 - 2015-05-25 12:55 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-06-05 23:21 - 2015-05-25 12:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-05 23:21 - 2015-05-25 12:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-05 23:21 - 2015-05-25 12:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-06-05 23:21 - 2015-05-25 12:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-06-05 23:21 - 2015-05-25 12:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-05 23:21 - 2015-05-25 12:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-06-05 23:21 - 2015-05-25 12:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-05 23:21 - 2015-05-25 12:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-05 23:21 - 2015-05-25 12:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-06-05 23:21 - 2015-05-25 12:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-05 23:21 - 2015-05-25 12:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-05 23:21 - 2015-05-25 12:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-06-05 23:21 - 2015-05-25 12:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-06-05 23:21 - 2015-05-25 12:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-05 23:21 - 2015-05-25 12:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-06-05 23:21 - 2015-05-25 12:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-06-05 23:21 - 2015-05-25 12:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-06-05 23:21 - 2015-05-25 12:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-06-05 23:21 - 2015-05-25 12:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-05 23:21 - 2015-05-25 12:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-06-05 23:21 - 2015-05-25 12:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-06-05 23:21 - 2015-05-25 12:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-06-05 23:21 - 2015-05-25 12:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-06-05 23:21 - 2015-05-25 12:00 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-06-05 23:21 - 2015-05-25 11:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-06-05 23:21 - 2015-05-25 11:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-06-05 23:21 - 2015-05-25 11:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-06-05 23:21 - 2015-05-25 11:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-05 23:21 - 2015-05-25 11:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-06-05 23:21 - 2015-05-25 11:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-06-05 23:21 - 2015-05-22 13:18 - 01021440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-06-05 23:21 - 2015-05-22 13:18 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-06-05 23:21 - 2015-05-22 13:18 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-06-05 23:21 - 2015-05-22 13:18 - 00423424 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-06-05 23:21 - 2015-05-22 13:18 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-06-05 23:21 - 2015-05-22 13:18 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-06-05 23:21 - 2015-05-22 13:13 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-06-05 23:21 - 2015-05-21 08:19 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-06-05 23:21 - 2015-05-08 22:27 - 03147776 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-06-05 23:21 - 2015-05-08 22:27 - 02589184 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-06-05 23:21 - 2015-05-08 22:27 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-06-05 23:21 - 2015-05-08 22:27 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-06-05 23:21 - 2015-05-08 22:27 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-06-05 23:21 - 2015-05-08 22:27 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-06-05 23:21 - 2015-05-08 22:27 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-06-05 23:21 - 2015-05-08 22:26 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-06-05 23:21 - 2015-05-08 22:26 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-06-05 23:21 - 2015-05-08 22:26 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-06-05 23:21 - 2015-05-08 22:26 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-06-05 23:21 - 2015-05-08 22:14 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-06-05 23:21 - 2015-05-08 22:14 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-06-05 23:21 - 2015-05-08 22:14 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-06-05 23:21 - 2015-05-08 22:14 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-06-05 23:21 - 2015-05-08 22:13 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-06-04 04:36 - 2015-06-04 04:36 - 00058780 _____ C:\Users\Todd\Desktop\HP Installation Error - Windows 7.hta
2015-06-04 04:19 - 2015-06-04 04:19 - 00000000 ____D C:\Windows\SysWOW64\spool
2015-06-04 04:18 - 2015-06-04 04:18 - 00001318 _____ C:\Users\Public\Desktop\HP Solution Center.lnk
2015-06-04 04:18 - 2015-06-04 04:18 - 00000000 ____D C:\ProgramData\HP Product Assistant
2015-06-04 04:17 - 2010-05-14 15:04 - 00138752 _____ (Hewlett-Packard Company) C:\Windows\system32\hpf3l02t.dll
2015-06-04 04:14 - 2010-05-13 05:29 - 00553472 _____ (Hewlett Packard) C:\Windows\system32\hppldcoi.dll
2015-06-04 04:14 - 2010-05-13 05:25 - 01422848 _____ (Hewlett-Packard Co.) C:\Windows\system32\hpwtiop4.dll
2015-06-04 04:14 - 2010-05-13 05:25 - 00906240 _____ (Hewlett-Packard) C:\Windows\system32\hpwwiax5.dll
2015-06-04 04:14 - 2010-04-26 03:52 - 00644456 _____ (Hewlett-Packard) C:\Windows\system32\hpzids40.dll
2015-06-03 20:41 - 2015-06-03 20:47 - 29851432 _____ C:\Users\Todd\Downloads\CPE_SCAN_DESTINATION_UPDATE_hpcom_001_003.exe
2015-06-03 20:41 - 2015-06-03 20:43 - 11762000 _____ C:\Users\Todd\Downloads\CPE_SLP_NETWORKMSI_hpcom_000_006.exe
2015-06-03 20:40 - 2015-06-03 21:09 - 193840696 _____ C:\Users\Todd\Downloads\OJ6500vE709_Basic_14.exe
2015-06-03 20:39 - 2015-06-03 21:12 - 288661376 _____ C:\Users\Todd\Downloads\OJ6500vE709_Full_14.exe
2015-06-03 20:35 - 2015-06-03 20:35 - 05197824 _____ C:\Users\Todd\Downloads\HPSupportSolutionsFramework-11.51.0049.msi
2015-06-02 22:04 - 2015-06-02 22:04 - 00000000 ____D C:\Users\Todd\AppData\Local\GWX
2015-05-29 10:38 - 2015-05-29 10:38 - 00000000 ____D C:\ProgramData\xml_param
2015-05-29 10:37 - 2015-05-29 10:38 - 00000000 ____D C:\Users\Todd\Documents\Wondershare Video Converter Free
2015-05-29 10:37 - 2015-05-29 10:37 - 00001405 _____ C:\Users\Public\Desktop\Wondershare Video Converter Free.lnk
2015-05-29 10:37 - 2015-05-29 10:37 - 00000000 ____D C:\Users\Todd\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A}
2015-05-29 10:37 - 2015-05-29 10:37 - 00000000 ____D C:\Users\Todd\AppData\Local\Wondershare
2015-05-29 10:37 - 2015-05-29 10:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2015-05-29 10:37 - 2015-05-29 10:37 - 00000000 ____D C:\Program Files\Common Files\Wondershare
2015-05-29 10:36 - 2015-05-29 10:37 - 00000000 ____D C:\ProgramData\Wondershare Video Converter Free
2015-05-29 10:36 - 2015-05-29 10:36 - 00000000 ____D C:\Program Files (x86)\Wondershare
2015-05-29 10:36 - 2013-03-25 10:57 - 00727952 _____ () C:\Windows\SysWOW64\WSCM64.dll
2015-05-29 10:36 - 2013-03-25 10:57 - 00153088 _____ () C:\Windows\SysWOW64\WSCM32.dll
2015-05-29 10:34 - 2015-05-29 10:36 - 00000000 ____D C:\Users\Public\Documents\Wondershare
2015-05-29 10:34 - 2015-05-29 10:34 - 00800840 _____ C:\Users\Todd\Downloads\video-converter-free_setup_full1129.exe
2015-05-29 10:16 - 2015-05-29 10:16 - 00049152 ___SH C:\Users\Todd\Thumbs.db
2015-05-29 10:03 - 2015-05-29 10:03 - 00527423 _____ ( ) C:\Users\Todd\Downloads\Lame_v3.99.3_for_Windows.exe
2015-05-29 10:03 - 2015-05-29 10:03 - 00000000 ____D C:\Program Files (x86)\Lame For Audacity
2015-05-20 04:31 - 2015-04-10 22:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2015-05-17 10:29 - 2015-05-17 10:29 - 00000000 _____ C:\Windows\SysWOW64\RENF609.tmp
2015-05-17 10:19 - 2015-05-17 10:27 - 43189344 _____ (Oracle Corporation) C:\Users\Todd\Downloads\jre-8u45-windows-x64.exe
2015-05-17 06:23 - 2015-05-17 06:26 - 66267584 _____ C:\Users\Todd\Downloads\Waterfox 38.0 Setup.exe
2015-05-13 21:14 - 2015-05-01 08:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 21:14 - 2015-05-01 08:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 21:12 - 2015-04-21 21:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-13 21:12 - 2015-04-21 20:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-13 21:12 - 2015-04-21 12:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-13 21:12 - 2015-04-21 12:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-13 21:12 - 2015-04-21 11:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-13 21:12 - 2015-04-21 11:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-13 21:12 - 2015-04-21 11:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-13 21:12 - 2015-04-21 11:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-13 21:12 - 2015-04-21 11:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-13 21:12 - 2015-04-21 11:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-13 21:12 - 2015-04-21 11:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-13 21:12 - 2015-04-21 11:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-13 21:12 - 2015-04-21 11:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-13 21:12 - 2015-04-21 11:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-13 21:12 - 2015-04-21 11:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-13 21:12 - 2015-04-21 11:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-13 21:12 - 2015-04-21 11:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-13 21:12 - 2015-04-21 11:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-13 21:12 - 2015-04-21 11:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-13 21:12 - 2015-04-21 11:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-13 21:12 - 2015-04-21 11:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-13 21:12 - 2015-04-21 11:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-13 21:12 - 2015-04-21 11:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-13 21:12 - 2015-04-21 11:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-13 21:12 - 2015-04-21 11:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-13 21:12 - 2015-04-21 11:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-13 21:12 - 2015-04-21 11:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-13 21:12 - 2015-04-21 11:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-13 21:12 - 2015-04-21 11:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-13 21:12 - 2015-04-21 11:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-13 21:12 - 2015-04-21 11:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-13 21:12 - 2015-04-21 11:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-13 21:12 - 2015-04-21 10:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-13 21:12 - 2015-04-21 10:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-13 21:12 - 2015-04-21 10:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-13 21:12 - 2015-04-21 10:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-13 21:12 - 2015-04-21 10:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-13 21:12 - 2015-04-21 10:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-13 21:12 - 2015-04-21 10:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-13 21:12 - 2015-04-21 10:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-13 21:12 - 2015-04-21 10:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-13 21:12 - 2015-04-21 10:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-13 21:12 - 2015-04-21 10:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-13 21:12 - 2015-04-21 10:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-13 21:12 - 2015-04-21 10:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-13 21:12 - 2015-04-21 10:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-13 21:12 - 2015-04-21 10:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-13 21:12 - 2015-04-21 10:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-13 21:12 - 2015-04-21 10:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-13 21:12 - 2015-04-21 10:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-13 21:12 - 2015-04-21 10:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-13 21:12 - 2015-04-21 10:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-13 21:12 - 2015-04-21 10:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-13 21:12 - 2015-04-21 10:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-13 21:12 - 2015-04-21 09:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-13 21:12 - 2015-04-21 09:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-13 21:11 - 2015-04-21 12:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-13 21:11 - 2015-04-21 11:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-13 21:11 - 2015-04-21 11:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-13 21:11 - 2015-04-21 11:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-13 21:00 - 2015-04-19 22:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-13 21:00 - 2015-04-19 22:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-13 21:00 - 2015-04-19 21:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-13 21:00 - 2015-04-19 21:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-13 21:00 - 2015-04-17 22:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-13 21:00 - 2015-04-17 21:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-13 21:00 - 2015-04-12 22:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-13 21:00 - 2015-04-07 22:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-13 21:00 - 2015-04-07 22:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-13 21:00 - 2015-04-07 22:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-11 00:12 - 2009-07-13 23:45 - 00015008 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-11 00:12 - 2009-07-13 23:45 - 00015008 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-11 00:10 - 2010-01-29 13:38 - 01191073 _____ C:\Windows\WindowsUpdate.log
2015-06-11 00:06 - 2011-02-25 13:50 - 00003950 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{42D5FC56-CA78-4617-BD45-9EB851A301A3}
2015-06-11 00:04 - 2012-12-02 09:08 - 00000270 _____ C:\Windows\Tasks\NetworkUtility起動.job
2015-06-11 00:03 - 2010-10-16 14:53 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-11 00:03 - 2010-01-29 12:11 - 00000000 ____D C:\Users\Todd\Documents\temp
2015-06-11 00:03 - 2010-01-29 11:51 - 00000073 _____ C:\service.log
2015-06-11 00:02 - 2010-01-29 12:02 - 00025640 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
2015-06-11 00:02 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-11 00:02 - 2009-07-13 23:51 - 00467805 _____ C:\Windows\setupact.log
2015-06-11 00:00 - 2010-01-29 11:43 - 00000000 ____D C:\Users\Todd
2015-06-09 20:00 - 2010-01-30 12:42 - 00901888 _____ C:\Windows\PFRO.log
2015-06-08 23:00 - 2014-06-08 08:20 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-06-08 23:00 - 2013-12-11 17:42 - 00000000 ____D C:\Program Files (x86)\Steam
2015-06-08 22:59 - 2012-09-27 20:33 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-08 22:34 - 2010-10-17 07:57 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-06-06 22:42 - 2013-06-18 15:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-06-06 22:35 - 2011-06-11 05:49 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2657733958-4276116067-3132349266-1000UA.job
2015-06-06 22:35 - 2010-10-16 14:53 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-06 21:29 - 2011-08-22 21:19 - 00000924 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2657733958-4276116067-3132349266-1000UA.job
2015-06-06 18:29 - 2011-08-22 21:19 - 00000902 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2657733958-4276116067-3132349266-1000Core.job
2015-06-06 18:06 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2015-06-06 08:09 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2015-06-06 06:13 - 2009-07-14 00:13 - 00782578 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-06 06:03 - 2015-04-09 17:06 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-06 06:03 - 2014-05-23 05:13 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-06-06 06:03 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-06 02:08 - 2010-01-29 12:08 - 00090528 _____ C:\Users\Todd\AppData\Local\GDIPFONTCACHEV1.DAT
2015-06-06 02:07 - 2009-07-13 23:45 - 04927760 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-04 04:36 - 2010-03-18 15:02 - 00007555 _____ C:\ProgramData\hpzinstall.log
2015-06-04 04:21 - 2010-11-27 11:11 - 00228919 _____ C:\Windows\hpwins23.dat
2015-06-04 04:19 - 2010-03-18 15:06 - 00001288 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
2015-06-04 04:19 - 2010-03-18 15:02 - 00000000 ____D C:\ProgramData\HP
2015-06-04 04:18 - 2010-03-18 15:06 - 00001324 _____ C:\ProgramData\Microsoft\Windows\Start Menu\HP Solution Center.lnk
2015-06-04 04:18 - 2010-03-18 15:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-06-04 04:18 - 2010-03-18 15:04 - 00000000 ____D C:\Program Files (x86)\HP
2015-06-04 04:17 - 2012-03-31 10:18 - 00051002 _____ C:\Windows\DPINST.LOG
2015-06-03 16:35 - 2011-06-11 05:49 - 00000852 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2657733958-4276116067-3132349266-1000Core.job
2015-06-03 06:24 - 2013-12-15 16:32 - 00000000 ____D C:\Users\Todd\AppData\Roaming\GetRight
2015-06-03 06:22 - 2011-06-11 05:44 - 00000000 ____D C:\Program Files (x86)\Opera
2015-05-29 18:33 - 2011-10-11 11:43 - 00000000 ____D C:\Users\Todd\AppData\Roaming\Skype
2015-05-29 10:43 - 2010-12-12 11:38 - 00000000 ____D C:\Users\Todd\AppData\Local\WMTools Downloaded Files
2015-05-29 10:16 - 2010-12-12 18:22 - 00009216 _____ C:\Users\Todd\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-05-29 10:08 - 2013-12-28 13:21 - 00000000 ____D C:\Users\Todd\AppData\Roaming\Audacity
2015-05-29 10:03 - 2013-02-01 17:28 - 00000000 ____D C:\nwa_ccw
2015-05-29 05:33 - 2014-08-29 02:00 - 00000000 ____D C:\Users\Todd\AppData\Local\Adobe
2015-05-29 05:33 - 2012-09-27 20:33 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-05-29 05:33 - 2012-09-27 20:33 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-05-29 05:33 - 2012-07-22 06:56 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-29 05:27 - 2009-07-14 00:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-05-27 00:06 - 2014-06-16 09:35 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-05-23 06:55 - 2009-07-13 23:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-05-17 21:30 - 2010-10-16 14:53 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-17 21:30 - 2010-10-16 14:53 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-17 10:30 - 2011-10-08 09:22 - 00000000 ____D C:\Program Files\Java
2015-05-17 10:29 - 2011-04-23 12:51 - 00000000 ____D C:\Program Files (x86)\Java
2015-05-17 10:27 - 2014-07-27 06:14 - 00110688 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-05-17 09:38 - 2011-10-11 11:43 - 00000000 ____D C:\ProgramData\Skype
2015-05-17 06:29 - 2014-09-13 05:54 - 00000937 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Waterfox.lnk
2015-05-17 06:29 - 2013-09-02 06:39 - 00000000 ____D C:\Program Files\Waterfox
2015-05-15 16:30 - 2011-06-11 05:49 - 00003876 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2657733958-4276116067-3132349266-1000UA
2015-05-15 16:30 - 2011-06-11 05:49 - 00003480 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2657733958-4276116067-3132349266-1000Core
2015-05-14 18:44 - 2015-04-09 17:06 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-05-14 18:44 - 2015-04-09 17:06 - 00000000 ___SD C:\Windows\system32\GWX
2015-05-14 04:30 - 2012-05-12 10:06 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-05-14 04:30 - 2012-05-12 10:06 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-05-14 00:12 - 2014-10-19 20:24 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-13 21:28 - 2013-08-14 09:45 - 00000000 ____D C:\Windows\system32\MRT
2015-05-13 21:28 - 2009-07-14 02:46 - 00000000 ____D C:\Program Files\Windows Journal
2015-05-13 21:20 - 2010-01-29 12:48 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-13 21:14 - 2012-05-12 10:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

==================== Files in the root of some directories =======

2010-10-16 15:54 - 2010-10-16 15:54 - 0000171 _____ () C:\Users\Todd\AppData\Roaming\19652.bat
2010-10-16 15:54 - 2010-10-16 15:54 - 0000170 _____ () C:\Users\Todd\AppData\Roaming\3357.bat
2015-06-06 07:58 - 2015-06-11 00:05 - 0000056 _____ () C:\Users\Todd\AppData\Roaming\a.bat
2011-01-23 09:05 - 2011-06-06 20:08 - 0000281 _____ () C:\Users\Todd\AppData\Roaming\burnaware.ini
2012-03-26 10:12 - 2013-12-27 10:09 - 0000128 _____ () C:\Users\Todd\AppData\Roaming\default.rss
2012-03-26 10:12 - 2012-03-26 10:12 - 0000000 _____ () C:\Users\Todd\AppData\Roaming\downloads.m3u
2010-10-16 15:57 - 2010-10-16 15:57 - 0000010 _____ () C:\Users\Todd\AppData\Roaming\install
2010-10-16 16:03 - 2010-10-16 16:03 - 0000006 _____ () C:\Users\Todd\AppData\Roaming\start
2010-12-12 18:22 - 2015-05-29 10:16 - 0009216 _____ () C:\Users\Todd\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-05-21 06:05 - 2012-05-24 00:15 - 0000600 _____ () C:\Users\Todd\AppData\Local\PUTTY.RND
2013-02-22 21:40 - 2013-02-22 21:40 - 0000703 _____ () C:\Users\Todd\AppData\Local\recently-used.xbel
2010-03-18 15:02 - 2015-06-04 04:36 - 0007555 _____ () C:\ProgramData\hpzinstall.log

Some files in TEMP:
====================
C:\Users\Todd\AppData\Local\Temp\1E29.exe
C:\Users\Todd\AppData\Local\Temp\7za.exe
C:\Users\Todd\AppData\Local\Temp\8C05_fdminst.exe
C:\Users\Todd\AppData\Local\Temp\air4FE4.exe
C:\Users\Todd\AppData\Local\Temp\air51C.exe
C:\Users\Todd\AppData\Local\Temp\air8C06.exe
C:\Users\Todd\AppData\Local\Temp\CB4.exe
C:\Users\Todd\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpt7zt7b.dll
C:\Users\Todd\AppData\Local\Temp\Execute2App.exe
C:\Users\Todd\AppData\Local\Temp\GenericUninstall.exe
C:\Users\Todd\AppData\Local\Temp\hcwclear.exe
C:\Users\Todd\AppData\Local\Temp\hsbing_717_active.exe
C:\Users\Todd\AppData\Local\Temp\InstallAX.exe
C:\Users\Todd\AppData\Local\Temp\installChecker.exe
C:\Users\Todd\AppData\Local\Temp\InstallManager_DC1_DC1.exe
C:\Users\Todd\AppData\Local\Temp\InstallPlugin.exe
C:\Users\Todd\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\Todd\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\Todd\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Todd\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\Todd\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\Todd\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Todd\AppData\Local\Temp\jre-6u39-windows-i586-iftw.exe
C:\Users\Todd\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Todd\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Todd\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Todd\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Todd\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Todd\AppData\Local\Temp\jre-8u20-windows-au.exe
C:\Users\Todd\AppData\Local\Temp\jre-8u40-windows-au.exe
C:\Users\Todd\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
C:\Users\Todd\AppData\Local\Temp\MSN2E26.exe
C:\Users\Todd\AppData\Local\Temp\msvcp90.dll
C:\Users\Todd\AppData\Local\Temp\msvcr90.dll
C:\Users\Todd\AppData\Local\Temp\ochelper.exe
C:\Users\Todd\AppData\Local\Temp\pidgin-2.10.9.exe
C:\Users\Todd\AppData\Local\Temp\Quarantine.exe
C:\Users\Todd\AppData\Local\Temp\setup.exe
C:\Users\Todd\AppData\Local\Temp\sqlite3.dll
C:\Users\Todd\AppData\Local\Temp\Update.exe
C:\Users\Todd\AppData\Local\Temp\WSSetup.exe
C:\Users\Todd\AppData\Local\Temp\YontooIEClient.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-03 03:04

==================== End of log ============================
todd93 is offline  
Old 06-11-2015, 03:13 PM   #7
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello Todd. Why do you only have 1 system restore point?

Quote:
the answer to that is no, I haven't done that, when I do it, I will have to re-install my GRUB boot manager, which is no big deal, but still sort of a pain
Startup repair would be the best first step to fix your problem.

------------------------------------------------------

Did you set this value to 2?

Quote:
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

Emergency Backup Procedure - Tech Support Forum

Also, if you haven't done so already, create a system repair disc. It's really easy and quick.

Create a system repair disc

------------------------------------------------------

Free Window Registry Repair

We do not recommend the use of registry cleaners. Our colleague miekiemoes has an excellent writeup here

We suggest uninstalling them via Programs and Features in your Control Panel.

------------------------------------------------------

I see you have Weatherbug installed on your system. This application is not spyware but is ad-supported, containing both banner and pop-up ads. Please read here

Although this is entirely up to you, we recommend uninstalling it and downloading an ad-free alternative from here

------------------------------------------------------
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST64.exe

    NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    createrestorepoint:
    CustomCLSID: HKU\S-1-5-21-2657733958-4276116067-3132349266-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Todd\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-2657733958-4276116067-3132349266-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Todd\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-2657733958-4276116067-3132349266-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Todd\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-2657733958-4276116067-3132349266-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Todd\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-2657733958-4276116067-3132349266-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Todd\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
    Task: {1D174622-25D5-4DE1-A7D0-37B7FAE7672A} - System32\Tasks\{F63EC1C2-4378-496A-9FA2-82A37775BC2F} => pcalua.exe -a C:\Temp\Rush_24-7_Media_Center.exe -d C:\Temp
    Task: {387ABF2A-984A-4972-8A14-FAB3073F63BA} - System32\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A} => C:\Users\Todd\AppData\Local\Temp\Lfx.exe <==== ATTENTION
    Task: {67F6479E-31E5-40D1-90D3-BBBCCD0E85DA} - System32\Tasks\{099AE139-A4E2-4D58-AEA0-E89C2382C62D} => pcalua.exe -a C:\Users\Todd\AppData\Local\Temp\Temp1_SmartPackSetup1.22.0.zip\SmartPackSetup1.22.0.exe
    Task: {C424368D-72DC-4310-8B6C-DFDF2799A75C} - System32\Tasks\Update\Windows => C:\Users\Todd\AppData\Local\Temp\Update.exe [2015-06-11] (Microsoft Corporation) <==== ATTENTION
    Task: {CE02792C-24BC-4862-A0D2-03E2C7D663F8} - System32\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A} => C:\Windows\Lhyqaa.exe
    C:\Windows\Lhyqaa.exe
    Task: {FFC63B96-0D34-4EED-B261-8825719D26F8} - System32\Tasks\0 => Chrome.exe <==== ATTENTION
    lternateDataStreams: C:\Windows:nlsPreferences
    AlternateDataStreams: C:\ProgramData\TEMP:A8ADE5D8
    AlternateDataStreams: C:\ProgramData\TEMP:C22674B6
    AlternateDataStreams: C:\ProgramData\TEMP:D74B6CF5
    AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2
    AlternateDataStreams: C:\Users\Todd\Desktop\AdwCleaner.exe:xdg.origin.url
    AlternateDataStreams: C:\Users\Todd\Desktop\AdwCleaner.exe:xdg.referrer.url
    AlternateDataStreams: C:\Users\Todd\Desktop\FRST64.exe:xdg.origin.url
    AlternateDataStreams: C:\Users\Todd\Desktop\FRST64.exe:xdg.referrer.url
    AlternateDataStreams: C:\Users\Todd\Desktop\mbam-setup-2.1.6.1022.exe:xdg.origin.url
    AlternateDataStreams: C:\Users\Todd\Desktop\mbam-setup-2.1.6.1022.exe:xdg.referrer.url
    HKU\S-1-5-21-2657733958-4276116067-3132349266-1000\Software\Classes\.exe: exefile => <===== ATTENTION!
    Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PCKeeper2" /f
    Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RegistryQuick.exe" /f
    C:\Program Files\Kromtech
    C:\Program Files (x86)\RegQuick
    FirewallRules: [TCP Query User{013843C5-2082-40A3-B461-89AE56486FC0}C:\users\todd\appdata\roaming\ocrit\ritao.exe] => (Block) C:\users\todd\appdata\roaming\ocrit\ritao.exe
    FirewallRules: [UDP Query User{1D7FBFB7-1258-4414-8DB6-F5F35D50BC6B}C:\users\todd\appdata\roaming\ocrit\ritao.exe] => (Block) C:\users\todd\appdata\roaming\ocrit\ritao.exe
    C:\users\todd\appdata\roaming\ocrit
    FirewallRules: [TCP Query User{59B61426-A9DE-452D-8288-A1AAD8BCC8C9}C:\users\todd\appdata\local\temp\temp2_auto_xbins_2008.zip\auto_xbins_2008.exe] => (Allow) C:\users\todd\appdata\local\temp\temp2_auto_xbins_2008.zip\auto_xbins_2008.exe
    FirewallRules: [UDP Query User{635C8B52-E8B6-448E-AE59-5C4A424FF801}C:\users\todd\appdata\local\temp\temp2_auto_xbins_2008.zip\auto_xbins_2008.exe] => (Allow) C:\users\todd\appdata\local\temp\temp2_auto_xbins_2008.zip\auto_xbins_2008.exe
    FirewallRules: [{59A24F85-3D4F-4BF7-8511-48FE0EBB2D75}] => (Allow) C:\Program Files (x86)\PIXELA\Network Utility\PxDMSService.exe
    FirewallRules: [{FA7C7C51-7355-465E-858B-EDDC89A6390A}] => (Allow) C:\Users\Todd\AppData\Local\Temp\nseFC4A.tmp\CnetInstaller-75219350.exe
    FirewallRules: [{D06AD279-B1A3-446A-9C2F-46C4B52BA41D}] => (Allow) C:\Users\Todd\AppData\Local\Temp\nseFC4A.tmp\CnetInstaller-75219350.exe
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    CHR HKU\S-1-5-21-2657733958-4276116067-3132349266-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-2657733958-4276116067-3132349266-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
    CHR Extension: (No Name) - C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihogoofdaifgdkdilopkeahfcnifkajn [2014-06-05]
    S3 cpuz132; \??\C:\Users\Todd\AppData\Local\Temp\cpuz132\cpuz132_x64.sys [X]
    S3 esgiguard; \??\C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [X]
    C:\Program Files (x86)\Enigma Software Group
    EmptyTemp:
    end
  • Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 06-12-2015, 08:16 AM   #8
Registered Member
 
Join Date: Jan 2009
Location: Midwest
Posts: 12
OS: /Ubuntu Linux/Windows 7


Send a message via Yahoo to todd93

Quote:
Hello Todd. Why do you only have 1 system restore point?
Well, simply because I'm not in windows much at all, I spend most of my time in far superior Linux distributions. I only need to be in windows to do a few things, and not very often.

Quote:
Startup repair would be the best first step to fix your problem.
Ran startup repair, it did not find a problem.

Quote:
Did you set this value to 2?

Quote:
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
No, that was not my doing.

I will do the things you prescribed, and reply with the resluts.

Thanks for the help, it's deeply appreciated!!
todd93 is offline  
Old 06-12-2015, 08:47 AM   #9
Registered Member
 
Join Date: Jan 2009
Location: Midwest
Posts: 12
OS: /Ubuntu Linux/Windows 7


Send a message via Yahoo to todd93

okay, completed that successfully, followed by a chkdsk which did find some errors. I'm in normal windows right now, nothing coming up yet, but I do not want to say "solved" until certain.

The output of fixlog.txt:
Fix result of Farbar Recovery Scan Tool (x64) Version:08-06-2015
Ran by Todd at 2015-06-12 15:27:17 Run:1
Running from C:\Users\Todd\Desktop
Loaded Profiles: Todd (Available Profiles: Todd & Colleen)
Boot Mode: Safe Mode (with Networking)
==============================================

fixlist content:
*****************
start
createrestorepoint:
CustomCLSID: HKU\S-1-5-21-2657733958-4276116067-3132349266-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Todd\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2657733958-4276116067-3132349266-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Todd\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2657733958-4276116067-3132349266-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Todd\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2657733958-4276116067-3132349266-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Todd\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2657733958-4276116067-3132349266-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Todd\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
Task: {1D174622-25D5-4DE1-A7D0-37B7FAE7672A} - System32\Tasks\{F63EC1C2-4378-496A-9FA2-82A37775BC2F} => pcalua.exe -a C:\Temp\Rush_24-7_Media_Center.exe -d C:\Temp
Task: {387ABF2A-984A-4972-8A14-FAB3073F63BA} - System32\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A} => C:\Users\Todd\AppData\Local\Temp\Lfx.exe <==== ATTENTION
Task: {67F6479E-31E5-40D1-90D3-BBBCCD0E85DA} - System32\Tasks\{099AE139-A4E2-4D58-AEA0-E89C2382C62D} => pcalua.exe -a C:\Users\Todd\AppData\Local\Temp\Temp1_SmartPackSetup1.22.0.zip\SmartPackSetup1.22.0.exe
Task: {C424368D-72DC-4310-8B6C-DFDF2799A75C} - System32\Tasks\Update\Windows => C:\Users\Todd\AppData\Local\Temp\Update.exe [2015-06-11] (Microsoft Corporation) <==== ATTENTION
Task: {CE02792C-24BC-4862-A0D2-03E2C7D663F8} - System32\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A} => C:\Windows\Lhyqaa.exe
C:\Windows\Lhyqaa.exe
Task: {FFC63B96-0D34-4EED-B261-8825719D26F8} - System32\Tasks\0 => Chrome.exe <==== ATTENTION
lternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\ProgramData\TEMP:A8ADE5D8
AlternateDataStreams: C:\ProgramData\TEMP:C22674B6
AlternateDataStreams: C:\ProgramData\TEMP:D74B6CF5
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2
AlternateDataStreams: C:\Users\Todd\Desktop\AdwCleaner.exe:xdg.origin.url
AlternateDataStreams: C:\Users\Todd\Desktop\AdwCleaner.exe:xdg.referrer.url
AlternateDataStreams: C:\Users\Todd\Desktop\FRST64.exe:xdg.origin.url
AlternateDataStreams: C:\Users\Todd\Desktop\FRST64.exe:xdg.referrer.url
AlternateDataStreams: C:\Users\Todd\Desktop\mbam-setup-2.1.6.1022.exe:xdg.origin.url
AlternateDataStreams: C:\Users\Todd\Desktop\mbam-setup-2.1.6.1022.exe:xdg.referrer.url
HKU\S-1-5-21-2657733958-4276116067-3132349266-1000\Software\Classes\.exe: exefile => <===== ATTENTION!
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PCKeeper2" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RegistryQuick.exe" /f
C:\Program Files\Kromtech
C:\Program Files (x86)\RegQuick
FirewallRules: [TCP Query User{013843C5-2082-40A3-B461-89AE56486FC0}C:\users\todd\appdata\roaming\ocrit\ritao.exe] => (Block) C:\users\todd\appdata\roaming\ocrit\ritao.exe
FirewallRules: [UDP Query User{1D7FBFB7-1258-4414-8DB6-F5F35D50BC6B}C:\users\todd\appdata\roaming\ocrit\ritao.exe] => (Block) C:\users\todd\appdata\roaming\ocrit\ritao.exe
C:\users\todd\appdata\roaming\ocrit
FirewallRules: [TCP Query User{59B61426-A9DE-452D-8288-A1AAD8BCC8C9}C:\users\todd\appdata\local\temp\temp2_auto_xbins_2008.zip\auto_xbins_2008.exe] => (Allow) C:\users\todd\appdata\local\temp\temp2_auto_xbins_2008.zip\auto_xbins_2008.exe
FirewallRules: [UDP Query User{635C8B52-E8B6-448E-AE59-5C4A424FF801}C:\users\todd\appdata\local\temp\temp2_auto_xbins_2008.zip\auto_xbins_2008.exe] => (Allow) C:\users\todd\appdata\local\temp\temp2_auto_xbins_2008.zip\auto_xbins_2008.exe
FirewallRules: [{59A24F85-3D4F-4BF7-8511-48FE0EBB2D75}] => (Allow) C:\Program Files (x86)\PIXELA\Network Utility\PxDMSService.exe
FirewallRules: [{FA7C7C51-7355-465E-858B-EDDC89A6390A}] => (Allow) C:\Users\Todd\AppData\Local\Temp\nseFC4A.tmp\CnetInstaller-75219350.exe
FirewallRules: [{D06AD279-B1A3-446A-9C2F-46C4B52BA41D}] => (Allow) C:\Users\Todd\AppData\Local\Temp\nseFC4A.tmp\CnetInstaller-75219350.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-2657733958-4276116067-3132349266-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2657733958-4276116067-3132349266-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Extension: (No Name) - C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihogoofdaifgdkdilopkeahfcnifkajn [2014-06-05]
S3 cpuz132; \??\C:\Users\Todd\AppData\Local\Temp\cpuz132\cpuz132_x64.sys [X]
S3 esgiguard; \??\C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [X]
C:\Program Files (x86)\Enigma Software Group
EmptyTemp:
end

*****************

Error: Restore point can only be created in normal mode.
"HKU\S-1-5-21-2657733958-4276116067-3132349266-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => key removed successfully
"HKU\S-1-5-21-2657733958-4276116067-3132349266-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => key removed successfully
"HKU\S-1-5-21-2657733958-4276116067-3132349266-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}" => key removed successfully
"HKU\S-1-5-21-2657733958-4276116067-3132349266-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}" => key removed successfully
"HKU\S-1-5-21-2657733958-4276116067-3132349266-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1D174622-25D5-4DE1-A7D0-37B7FAE7672A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1D174622-25D5-4DE1-A7D0-37B7FAE7672A}" => key removed successfully
C:\Windows\System32\Tasks\{F63EC1C2-4378-496A-9FA2-82A37775BC2F} => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F63EC1C2-4378-496A-9FA2-82A37775BC2F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{387ABF2A-984A-4972-8A14-FAB3073F63BA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{387ABF2A-984A-4972-8A14-FAB3073F63BA}" => key removed successfully
C:\Windows\System32\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A} => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{67F6479E-31E5-40D1-90D3-BBBCCD0E85DA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{67F6479E-31E5-40D1-90D3-BBBCCD0E85DA}" => key removed successfully
C:\Windows\System32\Tasks\{099AE139-A4E2-4D58-AEA0-E89C2382C62D} => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{099AE139-A4E2-4D58-AEA0-E89C2382C62D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C424368D-72DC-4310-8B6C-DFDF2799A75C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C424368D-72DC-4310-8B6C-DFDF2799A75C}" => key removed successfully
C:\Windows\System32\Tasks\Update\Windows => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Update\Windows" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CE02792C-24BC-4862-A0D2-03E2C7D663F8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CE02792C-24BC-4862-A0D2-03E2C7D663F8}" => key removed successfully
C:\Windows\System32\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A} => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}" => key removed successfully
"C:\Windows\Lhyqaa.exe" => File/Folder not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FFC63B96-0D34-4EED-B261-8825719D26F8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FFC63B96-0D34-4EED-B261-8825719D26F8}" => key removed successfully
C:\Windows\System32\Tasks\0 => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0" => key removed successfully
lternateDataStreams: C:\Windows:nlsPreferences => Error: No automatic fix found for this entry.
C:\ProgramData\TEMP => ":A8ADE5D8" ADS removed successfully.
C:\ProgramData\TEMP => ":C22674B6" ADS removed successfully.
C:\ProgramData\TEMP => ":D74B6CF5" ADS removed successfully.
C:\ProgramData\TEMP => ":DFC5A2B2" ADS removed successfully.
C:\Users\Todd\Desktop\AdwCleaner.exe => ":xdg.origin.url" ADS removed successfully.
C:\Users\Todd\Desktop\AdwCleaner.exe => ":xdg.referrer.url" ADS removed successfully.
C:\Users\Todd\Desktop\FRST64.exe => ":xdg.origin.url" ADS removed successfully.
C:\Users\Todd\Desktop\FRST64.exe => ":xdg.referrer.url" ADS removed successfully.
C:\Users\Todd\Desktop\mbam-setup-2.1.6.1022.exe => ":xdg.origin.url" ADS removed successfully.
C:\Users\Todd\Desktop\mbam-setup-2.1.6.1022.exe => ":xdg.referrer.url" ADS removed successfully.
"HKU\S-1-5-21-2657733958-4276116067-3132349266-1000\Software\Classes\.exe" => key removed successfully

========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PCKeeper2" /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RegistryQuick.exe" /f =========

The operation completed successfully.



========= End of Reg: =========

"C:\Program Files\Kromtech" => File/Folder not found.
C:\Program Files (x86)\RegQuick => moved successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{013843C5-2082-40A3-B461-89AE56486FC0}C:\users\todd\appdata\roaming\ocrit\ritao.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{1D7FBFB7-1258-4414-8DB6-F5F35D50BC6B}C:\users\todd\appdata\roaming\ocrit\ritao.exe => value removed successfully
C:\users\todd\appdata\roaming\ocrit => moved successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{59B61426-A9DE-452D-8288-A1AAD8BCC8C9}C:\users\todd\appdata\local\temp\temp2_auto_xbins_2008.zip\auto_xbins_2008.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{635C8B52-E8B6-448E-AE59-5C4A424FF801}C:\users\todd\appdata\local\temp\temp2_auto_xbins_2008.zip\auto_xbins_2008.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{59A24F85-3D4F-4BF7-8511-48FE0EBB2D75} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FA7C7C51-7355-465E-858B-EDDC89A6390A} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D06AD279-B1A3-446A-9C2F-46C4B52BA41D} => value removed successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKU\S-1-5-21-2657733958-4276116067-3132349266-1000\SOFTWARE\Policies\Google" => key removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-2657733958-4276116067-3132349266-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Local Page => value restored successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer" => key removed successfully
C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihogoofdaifgdkdilopkeahfcnifkajn => moved successfully.
cpuz132 => Service removed successfully
esgiguard => Service removed successfully
C:\Program Files (x86)\Enigma Software Group => moved successfully.
EmptyTemp: => 12.2 GB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 15:31:08 ====
todd93 is offline  
Old 06-12-2015, 04:47 PM   #10
Registered Member
 
Join Date: Jan 2009
Location: Midwest
Posts: 12
OS: /Ubuntu Linux/Windows 7


Send a message via Yahoo to todd93

I would like to say that I'm still in Windows, no issues or problems as of yet, it has been eight hours now, everything running smooth!
todd93 is offline  
Old 06-13-2015, 10:06 AM   #11
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Todd. You're very welcome. Glad to hear it.

------------------------------------------------------

Please uninstall the following via Start->(or Computer)->Control Panel->(Programs)->Programs and Features if it still exists:

Google Chrome Extension Updater<<Please read this

------------------------------------------------------
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST64.exe

    NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    Reg: reg query "HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option" /s
    end
  • Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 06-14-2015, 04:30 AM   #12
Registered Member
 
Join Date: Jan 2009
Location: Midwest
Posts: 12
OS: /Ubuntu Linux/Windows 7


Send a message via Yahoo to todd93

Quote:
Originally Posted by chemist View Post
Hello again, Todd. You're very welcome. Glad to hear it.

------------------------------------------------------

Please uninstall the following via Start->(or Computer)->Control Panel->(Programs)->Programs and Features if it still exists:

Google Chrome Extension Updater<<Please read this
Thanks again so much, the Google Chrome Extension Updater was no longer in existence on my machine. Still running smooth here, unless there are any other actions I need to take, I would like to call this one solved. One question I do have, since you all here were so kind to look through the lines of code on these scans, what exactly did I have that made this happen? I know it was more than one thing, because I know you guys saw a lot of issues. The only reason I would like to know is simply because I like to educate myself as much as possible, plus it's really fascinating to me!

Thanks again!!

Todd
todd93 is offline  
Old 06-14-2015, 11:51 AM   #13
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Todd. You're very welcome. Actually, I believe it was the checkdisk that fixed your problem, which appears to not be malware related.

I still need to see the Fixlog.txt as per the previous instructions.

We also haven't run an online scan to check for remnants. Absence of symptoms does not mean you are clean.

Have you rebooted your machine? If so, does it startup normally in Normal Mode?

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 06-14-2015, 02:23 PM   #14
Registered Member
 
Join Date: Jan 2009
Location: Midwest
Posts: 12
OS: /Ubuntu Linux/Windows 7


Send a message via Yahoo to todd93

Oh, I'm terribly sorry, I must have missed that part of the post. To answer your question, yes, I'm booted up into normal mode, and have since rebooted once into normal mode, no issues! The contents of Fixlog.txt:

Code:
Fix result of Farbar Recovery Scan Tool (x64) Version:08-06-2015
Ran by Todd at 2015-06-12 15:27:17 Run:1
Running from C:\Users\Todd\Desktop
Loaded Profiles: Todd (Available Profiles: Todd & Colleen)
Boot Mode: Safe Mode (with Networking)
==============================================

fixlist content:
*****************
start
createrestorepoint:
CustomCLSID: HKU\S-1-5-21-2657733958-4276116067-3132349266-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Todd\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2657733958-4276116067-3132349266-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Todd\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2657733958-4276116067-3132349266-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Todd\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2657733958-4276116067-3132349266-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Todd\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2657733958-4276116067-3132349266-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Todd\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
Task: {1D174622-25D5-4DE1-A7D0-37B7FAE7672A} - System32\Tasks\{F63EC1C2-4378-496A-9FA2-82A37775BC2F} => pcalua.exe -a C:\Temp\Rush_24-7_Media_Center.exe -d C:\Temp
Task: {387ABF2A-984A-4972-8A14-FAB3073F63BA} - System32\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A} => C:\Users\Todd\AppData\Local\Temp\Lfx.exe <==== ATTENTION
Task: {67F6479E-31E5-40D1-90D3-BBBCCD0E85DA} - System32\Tasks\{099AE139-A4E2-4D58-AEA0-E89C2382C62D} => pcalua.exe -a C:\Users\Todd\AppData\Local\Temp\Temp1_SmartPackSetup1.22.0.zip\SmartPackSetup1.22.0.exe
Task: {C424368D-72DC-4310-8B6C-DFDF2799A75C} - System32\Tasks\Update\Windows => C:\Users\Todd\AppData\Local\Temp\Update.exe [2015-06-11] (Microsoft Corporation) <==== ATTENTION
Task: {CE02792C-24BC-4862-A0D2-03E2C7D663F8} - System32\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A} => C:\Windows\Lhyqaa.exe
C:\Windows\Lhyqaa.exe
Task: {FFC63B96-0D34-4EED-B261-8825719D26F8} - System32\Tasks\0 => Chrome.exe <==== ATTENTION
lternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\ProgramData\TEMP:A8ADE5D8
AlternateDataStreams: C:\ProgramData\TEMP:C22674B6
AlternateDataStreams: C:\ProgramData\TEMP:D74B6CF5
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2
AlternateDataStreams: C:\Users\Todd\Desktop\AdwCleaner.exe:xdg.origin.url
AlternateDataStreams: C:\Users\Todd\Desktop\AdwCleaner.exe:xdg.referrer.url
AlternateDataStreams: C:\Users\Todd\Desktop\FRST64.exe:xdg.origin.url
AlternateDataStreams: C:\Users\Todd\Desktop\FRST64.exe:xdg.referrer.url
AlternateDataStreams: C:\Users\Todd\Desktop\mbam-setup-2.1.6.1022.exe:xdg.origin.url
AlternateDataStreams: C:\Users\Todd\Desktop\mbam-setup-2.1.6.1022.exe:xdg.referrer.url
HKU\S-1-5-21-2657733958-4276116067-3132349266-1000\Software\Classes\.exe: exefile => <===== ATTENTION!
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PCKeeper2" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RegistryQuick.exe" /f
C:\Program Files\Kromtech
C:\Program Files (x86)\RegQuick
FirewallRules: [TCP Query User{013843C5-2082-40A3-B461-89AE56486FC0}C:\users\todd\appdata\roaming\ocrit\ritao.exe] => (Block) C:\users\todd\appdata\roaming\ocrit\ritao.exe
FirewallRules: [UDP Query User{1D7FBFB7-1258-4414-8DB6-F5F35D50BC6B}C:\users\todd\appdata\roaming\ocrit\ritao.exe] => (Block) C:\users\todd\appdata\roaming\ocrit\ritao.exe
C:\users\todd\appdata\roaming\ocrit
FirewallRules: [TCP Query User{59B61426-A9DE-452D-8288-A1AAD8BCC8C9}C:\users\todd\appdata\local\temp\temp2_auto_xbins_2008.zip\auto_xbins_2008.exe] => (Allow) C:\users\todd\appdata\local\temp\temp2_auto_xbins_2008.zip\auto_xbins_2008.exe
FirewallRules: [UDP Query User{635C8B52-E8B6-448E-AE59-5C4A424FF801}C:\users\todd\appdata\local\temp\temp2_auto_xbins_2008.zip\auto_xbins_2008.exe] => (Allow) C:\users\todd\appdata\local\temp\temp2_auto_xbins_2008.zip\auto_xbins_2008.exe
FirewallRules: [{59A24F85-3D4F-4BF7-8511-48FE0EBB2D75}] => (Allow) C:\Program Files (x86)\PIXELA\Network Utility\PxDMSService.exe
FirewallRules: [{FA7C7C51-7355-465E-858B-EDDC89A6390A}] => (Allow) C:\Users\Todd\AppData\Local\Temp\nseFC4A.tmp\CnetInstaller-75219350.exe
FirewallRules: [{D06AD279-B1A3-446A-9C2F-46C4B52BA41D}] => (Allow) C:\Users\Todd\AppData\Local\Temp\nseFC4A.tmp\CnetInstaller-75219350.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-2657733958-4276116067-3132349266-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2657733958-4276116067-3132349266-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Extension: (No Name) - C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihogoofdaifgdkdilopkeahfcnifkajn [2014-06-05]
S3 cpuz132; \??\C:\Users\Todd\AppData\Local\Temp\cpuz132\cpuz132_x64.sys [X]
S3 esgiguard; \??\C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [X]
C:\Program Files (x86)\Enigma Software Group
EmptyTemp:
end

*****************

Error: Restore point can only be created in normal mode.
"HKU\S-1-5-21-2657733958-4276116067-3132349266-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => key removed successfully
"HKU\S-1-5-21-2657733958-4276116067-3132349266-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => key removed successfully
"HKU\S-1-5-21-2657733958-4276116067-3132349266-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}" => key removed successfully
"HKU\S-1-5-21-2657733958-4276116067-3132349266-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}" => key removed successfully
"HKU\S-1-5-21-2657733958-4276116067-3132349266-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1D174622-25D5-4DE1-A7D0-37B7FAE7672A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1D174622-25D5-4DE1-A7D0-37B7FAE7672A}" => key removed successfully
C:\Windows\System32\Tasks\{F63EC1C2-4378-496A-9FA2-82A37775BC2F} => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F63EC1C2-4378-496A-9FA2-82A37775BC2F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{387ABF2A-984A-4972-8A14-FAB3073F63BA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{387ABF2A-984A-4972-8A14-FAB3073F63BA}" => key removed successfully
C:\Windows\System32\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A} => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{67F6479E-31E5-40D1-90D3-BBBCCD0E85DA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{67F6479E-31E5-40D1-90D3-BBBCCD0E85DA}" => key removed successfully
C:\Windows\System32\Tasks\{099AE139-A4E2-4D58-AEA0-E89C2382C62D} => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{099AE139-A4E2-4D58-AEA0-E89C2382C62D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C424368D-72DC-4310-8B6C-DFDF2799A75C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C424368D-72DC-4310-8B6C-DFDF2799A75C}" => key removed successfully
C:\Windows\System32\Tasks\Update\Windows => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Update\Windows" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CE02792C-24BC-4862-A0D2-03E2C7D663F8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CE02792C-24BC-4862-A0D2-03E2C7D663F8}" => key removed successfully
C:\Windows\System32\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A} => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}" => key removed successfully
"C:\Windows\Lhyqaa.exe" => File/Folder not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FFC63B96-0D34-4EED-B261-8825719D26F8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FFC63B96-0D34-4EED-B261-8825719D26F8}" => key removed successfully
C:\Windows\System32\Tasks\0 => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0" => key removed successfully
lternateDataStreams: C:\Windows:nlsPreferences => Error: No automatic fix found for this entry.
C:\ProgramData\TEMP => ":A8ADE5D8" ADS removed successfully.
C:\ProgramData\TEMP => ":C22674B6" ADS removed successfully.
C:\ProgramData\TEMP => ":D74B6CF5" ADS removed successfully.
C:\ProgramData\TEMP => ":DFC5A2B2" ADS removed successfully.
C:\Users\Todd\Desktop\AdwCleaner.exe => ":xdg.origin.url" ADS removed successfully.
C:\Users\Todd\Desktop\AdwCleaner.exe => ":xdg.referrer.url" ADS removed successfully.
C:\Users\Todd\Desktop\FRST64.exe => ":xdg.origin.url" ADS removed successfully.
C:\Users\Todd\Desktop\FRST64.exe => ":xdg.referrer.url" ADS removed successfully.
C:\Users\Todd\Desktop\mbam-setup-2.1.6.1022.exe => ":xdg.origin.url" ADS removed successfully.
C:\Users\Todd\Desktop\mbam-setup-2.1.6.1022.exe => ":xdg.referrer.url" ADS removed successfully.
"HKU\S-1-5-21-2657733958-4276116067-3132349266-1000\Software\Classes\.exe" => key removed successfully

========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PCKeeper2" /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RegistryQuick.exe" /f =========

The operation completed successfully.



========= End of Reg: =========

"C:\Program Files\Kromtech" => File/Folder not found.
C:\Program Files (x86)\RegQuick => moved successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{013843C5-2082-40A3-B461-89AE56486FC0}C:\users\todd\appdata\roaming\ocrit\ritao.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{1D7FBFB7-1258-4414-8DB6-F5F35D50BC6B}C:\users\todd\appdata\roaming\ocrit\ritao.exe => value removed successfully
C:\users\todd\appdata\roaming\ocrit => moved successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{59B61426-A9DE-452D-8288-A1AAD8BCC8C9}C:\users\todd\appdata\local\temp\temp2_auto_xbins_2008.zip\auto_xbins_2008.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{635C8B52-E8B6-448E-AE59-5C4A424FF801}C:\users\todd\appdata\local\temp\temp2_auto_xbins_2008.zip\auto_xbins_2008.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{59A24F85-3D4F-4BF7-8511-48FE0EBB2D75} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FA7C7C51-7355-465E-858B-EDDC89A6390A} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D06AD279-B1A3-446A-9C2F-46C4B52BA41D} => value removed successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKU\S-1-5-21-2657733958-4276116067-3132349266-1000\SOFTWARE\Policies\Google" => key removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-2657733958-4276116067-3132349266-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Local Page => value restored successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer" => key removed successfully
C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihogoofdaifgdkdilopkeahfcnifkajn => moved successfully.
cpuz132 => Service removed successfully
esgiguard => Service removed successfully
C:\Program Files (x86)\Enigma Software Group => moved successfully.
EmptyTemp: => 12.2 GB temporary data Removed.


The system needed a reboot.. 

==== End of Fixlog 15:31:08 ====
todd93 is offline  
Old 06-15-2015, 12:29 PM   #15
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Todd. You already posted that Fixlog.txt.

I needed you to run another fix, as instructed in post #11 above.

I'll repeat those instructions again:
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST64.exe

    NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    Reg: reg query "HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option" /s
    end
  • Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 06-16-2015, 04:46 PM   #16
Registered Member
 
Join Date: Jan 2009
Location: Midwest
Posts: 12
OS: /Ubuntu Linux/Windows 7


Send a message via Yahoo to todd93

Quote:
Originally Posted by chemist View Post
Hello again, Todd. You already posted that Fixlog.txt.

I needed you to run another fix, as instructed in post #11 above.

I'll repeat those instructions again:
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST64.exe

    NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    Reg: reg query "HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option" /s
    end
  • Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------
Oh, please forgive me, I got confused lol. Here is the new Fixlog.txt:

Code:
Fix result of Farbar Recovery Scan Tool (x64) Version:13-06-2015
Ran by Todd at 2015-06-16 18:44:44 Run:2
Running from C:\Users\Todd\Desktop
Loaded Profiles: Todd (Available Profiles: Todd & Colleen)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
Reg: reg query "HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option" /s
end
*****************


========= reg query "HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option" /s =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


==== End of Fixlog 18:44:45 ====
todd93 is offline  
Old 06-17-2015, 09:51 AM   #17
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Todd. Almost done. How is the machine behaving? Still back to normal?

------------------------------------------------------
  • Launch Malwarebytes' Anti-Malware
  • On the Dashboard, click the Scan Now button.
  • A check for database updates will be performed.
  • After the update check completes, a Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Remove Selected to allow MBAM to clean what was detected.
  • In most cases, a restart will be required and a prompt will be shown.
  • Wait for the prompt to restart the computer to appear, then click on Yes
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs
  • Double-click on the scan log which shows the Date and Time of the scan just performed.
  • Click Export
  • Click Text file (*.txt)
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named File Saved should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.
------------------------------------------------------

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

In Microsoft Windows Vista/Win7, you must open the Web browser via a right-click using the Run as administrator command.

Go here and click 'Run ESET Online Scanner'.
  • If you are not using Internet Explorer, double-click esetsmartinstaller_enu.exe to install it, then click 'Run'.
  • Turn off the real-time scanner of any existing antivirus program while performing the online scan. Here's how
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • If using Internet Explorer, allow the ActiveX control to install when asked.
  • Once the components have downloaded, tick the option Enable detection of potentially unwanted applications
  • Click on Advanced Settings
  • Make sure that the option Remove found threats is unticked.
  • Ensure these options are ticked:
    • Scan Archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Next to 'Current scan targets: Operating memory, Local drives', click the Change... button.
  • Tick all the boxes that correspond to your external/inserted drives.
  • Click Start
  • Wait for the scan to finish.
  • When the scan is done, if it shows a screen that says "Threats found!", click "List of found threats", and then click "Export to text file..."
  • Save that text file to your desktop, and then copy/paste the contents in your next reply.
------------------------------------------------------

Please post the following in your next reply:

MBAM log
ESET report
report on system behavior
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 06-19-2015, 02:33 AM   #18
Registered Member
 
Join Date: Jan 2009
Location: Midwest
Posts: 12
OS: /Ubuntu Linux/Windows 7


Send a message via Yahoo to todd93

Yes, everything seems to be normal. Here is the information you requested:

Malwarebytes:

Malwarebytes Anti-Malware
Malwarebytes | Free Anti-Malware & Internet Security Software

Scan Date: 6/18/2015
Scan Time: 7:04:53 PM
Logfile: malware.txt
Administrator: Yes

Version: 2.01.6.1022
Malware Database: v2015.06.18.06
Rootkit Database: v2015.06.15.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Todd

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 427746
Time Elapsed: 19 min, 23 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

ESET log:

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mozilla Firefox\browser\nsprotector.js.vir Win32/Conduit.SearchProtect.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{68F250EA-9638-4DCF-96C4-D68CC340EC48}\_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application
C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application
C:\AdwCleaner\Quarantine\C\Windows\SysWOW64\config\systemprofile\AppData\Roaming\SearchProtect\ffprotect\application.js.vir Win32/Conduit.SearchProtect.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Windows\SysWOW64\config\systemprofile\AppData\Roaming\SearchProtect\ffprotect\nsprotector.js.vir Win32/Conduit.SearchProtect.A potentially unwanted application
C:\AI_RecycleBin\{0DC38050-A16E-4B29-80CF-57222DC778F9}\3\Strongvault\StrongVaultApp.exe a variant of MSIL/Adware.StrongVault.A application
C:\Program Files\AVAST Software\Avast\aswRec.dll a variant of Win32/OpenCandy.C potentially unsafe application
C:\root_1.1\1-Click Transformer Root_1.1\1-Click Transformer Root_1.1\Source\Process.exe Win32/PrcView potentially unsafe application
C:\Temp\WeatherBugSetup.msi a variant of Win32/Bundled.Toolbar.Ask.A potentially unsafe application
C:\Users\Todd\Downloads\1-Click-Transformer-Root_1.1.zip Win32/PrcView potentially unsafe application
C:\Users\Todd\Downloads\burnaware_free.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Users\Todd\Downloads\cbsidlm-cbsi145-MD5_Checker-SEO-10410639.exe a variant of Win32/CNETInstaller.B potentially unwanted application
C:\Users\Todd\Downloads\cbsidlm-tr1_7-Free_Window_Registry_Repair-ORG2-10606555.exe Win32/DownloadAdmin.D potentially unwanted application
C:\Users\Todd\Downloads\cnet2_InstallRarZilla_exe.exe a variant of Win32/InstallCore.D potentially unwanted application
C:\Users\Todd\Downloads\cnet_bbdemo_exe.exe a variant of Win32/InstallCore.D potentially unwanted application
C:\Users\Todd\Downloads\cnet_SetupBridgeItDemo_exe.exe a variant of Win32/InstallCore.D potentially unwanted application
C:\Users\Todd\Downloads\DVDx_2_20_setup.zip a variant of Win32/Bundled.Toolbar.Ask.A potentially unsafe application
C:\Users\Todd\Downloads\GoogleChromeExtensionUpdate_m5.exe multiple threats
C:\Users\Todd\Downloads\InstallRarZilla.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Users\Todd\Downloads\SetupImgBurn_2.5.1.0.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Users\Todd\Downloads\SetupImgBurn_2.5.2.0.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Users\Todd\Downloads\SetupImgBurn_2.5.5.0.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Users\Todd\Downloads\SetupImgBurn_2.5.6.0.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\Users\Todd\Downloads\SetupImgBurn_2.5.7.0.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\Users\Todd\Downloads\vpsetup.exe a variant of Win32/Toolbar.Conduit.K potentially unwanted application
C:\Users\Todd\Downloads\WeatherBugSetup.msi a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
todd93 is offline  
Old 06-19-2015, 01:18 PM   #19
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Todd. The first few finds by ESET have already been quarantined by AdwCleaner. They will get deleted when we uninstall AdwCleaner.

Open Notepad and copy/paste the entire contents of the codebox below into Notepad:

Code:
@echo off
if exist "%temp%\log.txt" del "%temp%\log.txt"

for %%g in (

"C:\Program Files\AVAST Software\Avast\aswRec.dll"
"C:\root_1.1\1-Click Transformer Root_1.1\1-Click Transformer Root_1.1\Source\Process.exe"
"C:\Temp\WeatherBugSetup.msi"
"C:\Users\Todd\Downloads\1-Click-Transformer-Root_1.1.zip"
"C:\Users\Todd\Downloads\burnaware_free.exe"
"C:\Users\Todd\Downloads\cbsidlm-cbsi145-MD5_Checker-SEO-10410639.exe"
"C:\Users\Todd\Downloads\cbsidlm-tr1_7-Free_Window_Registry_Repair-ORG2-10606555.exe"
"C:\Users\Todd\Downloads\cnet2_InstallRarZilla_exe.exe"
"C:\Users\Todd\Downloads\cnet_bbdemo_exe.exe"
"C:\Users\Todd\Downloads\cnet_SetupBridgeItDemo_exe.exe"
"C:\Users\Todd\Downloads\DVDx_2_20_setup.zip"
"C:\Users\Todd\Downloads\GoogleChromeExtensionUpdate_m5.exe"
"C:\Users\Todd\Downloads\InstallRarZilla.exe"
"C:\Users\Todd\Downloads\SetupImgBurn_2.5.1.0.exe"
"C:\Users\Todd\Downloads\SetupImgBurn_2.5.2.0.exe"
"C:\Users\Todd\Downloads\SetupImgBurn_2.5.5.0.exe"
"C:\Users\Todd\Downloads\SetupImgBurn_2.5.6.0.exe"
"C:\Users\Todd\Downloads\SetupImgBurn_2.5.7.0.exe"
"C:\Users\Todd\Downloads\vpsetup.exe"
"C:\Users\Todd\Downloads\WeatherBugSetup.msi"

) do (
del /a/f/q %%g >nul 2>&1
if exist %%g echo.%%~g>>"%temp%\log.txt"
)

for %%g in (

"C:\AI_RecycleBin\{0DC38050-A16E-4B29-80CF-57222DC778F9}\3\Strongvault"

) do (
rd /s/q %%g >nul 2>&1
if exist %%g echo.%%~g>>"%temp%\log.txt"
)

if exist "%temp%\log.txt" ( start notepad "%temp%\log.txt"
) else echo.Deleted Successfully !!

pause
del %0
Save this Notepad file as fix.bat and choose to Save as type: - All Files to your desktop then close the Notepad file.
It should look like this:

Right-click on fix.bat and choose 'Run as administrator' to allow it to run.

Tell me what it says in your next reply. Press any key to continue.

------------------------------------------------------

Congratulations. Well done! Your logs appear clean. You should be good to go.
  • Go to Computer > System properties > System protection > Configure.
  • Check 'Turn off system protection' > Apply > Yes > OK.
  • Now turn it back on > Configure
  • Check 'Restore system settings and previous versions of files'.
  • Click Apply > OK > OK.
This will flush out older possibly infected System Restore Points and create one fresh, clean System Restore Point.

------------------------------------------------------

Please re-enable your antivirus program and any other antispyware programs disabled earlier if you haven't already.
  • Run AdwCleaner and select Uninstall
  • Confirm by clicking Yes
------------------------------------------------------

Press the Windows "logo" key and "R" key then copy/paste the following single-line command into the Run box and click OK:

cmd /c rd /s /q "C:\FRST"

A DOS window will open and close again, this is normal.

------------------------------------------------------

You can safely delete any tools downloaded or any logs, files, and any shortcuts on your desktop that were created during this fix.

Keep MBAM, update and run a Quick Scan weekly.

Empty your Recycle Bin if it does not do so automatically.

------------------------------------------------------

MICROSOFT UPDATES
It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft and download all the critical updates to help prevent possible re-infection.

------------------------------------------------------

Important

Due to continued exploits of zero-day vulnerabilities in Oracle's Java application, it is the recommendation of many security experts, as well as the TSF Security Team, that you disable Java in your web browsers.

Java

US-CERT Alert TA13-010A - Oracle Java 7 Security Manager Bypass Vulnerability

We recommend disabling Java in your browsers, and enabling it only when needed by certain websites.

Please disable Java in your browser(s) by following these instructions:

How do I disable Java in my web browser?

------------------------------------------------------

Make sure you backup your system, so possible reformatting in the future isn't necessary:

Backup and Restore - Microsoft Windows

------------------------------------------------------

SPYWARE PREVENTION
In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read this well written article: To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware, or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an add-on available for IE, Firefox, and Chrome.
  • MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is the IP of your local computer. See guide here and for Windows 7 here
Keep your antivirus program and antispyware programs updated and scan with them on a regular basis.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 06-19-2015, 03:26 PM   #20
Registered Member
 
Join Date: Jan 2009
Location: Midwest
Posts: 12
OS: /Ubuntu Linux/Windows 7


Send a message via Yahoo to todd93

it said: Deleted Successfully!!
Press any key to continue

Thank you so much for your kind help!! I would like to thank everyone here who had input. It was very odd, I do not spend that much time in Windows, and when I do, this happened lol!! I deeply appreciate it!

Todd
todd93 is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
w32.shadesrat & dark comet RAT removal help
first off sorry about my grammar and i could not upload ark.txt and attach.txt in a compressed zip folder winrar kept packing it as a rar zip archive but about the virus a few days ago i was down loading some things off the internet and came across w32.shadesrat norton said blocked w32.shadesrat...
eatabagel Inactive Malware Help Topics 14 11-06-2013 08:33 AM
[SOLVED] Malware pest
dds and attach as requested I see dds.txt is showing sidekick DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16464 BrowserJavaVersion: 10.13.2 Run by norman at 14:12:17 on 2013-02-22 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3838.2410 . AV:...
norman1 Resolved HJT Threads 20 02-27-2013 02:38 PM
Google Rediriect
My google searches do not produce results, another google page comes up with a "Goooooooooogle" type banner but still no search results. I ran malwarebytes, spybot, avira, and superantispyware and the problem still exists. I have Microsoft XP Home edition Service Pack 3, i do have a...
rickv123 Resolved HJT Threads 36 09-06-2012 05:33 AM
Window Recovery Virus
I have control of my computer now but I have lost access to a lot of files. I can't find any system tools, such as system restore in my start menu. They all seem to be hidden. This shows up in my MSCONFIG start Menu "oVlLshwOTG" and I'm sure it is a process stopped by RKill. I have run spybot...
amsron Virus/Trojan/Spyware Help 46 06-04-2011 09:24 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 10:45 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts