Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help

User Tag List

Suspected malware after Minecraft mods - dds.scr won't run.

This is a discussion on Suspected malware after Minecraft mods - dds.scr won't run. within the Virus/Trojan/Spyware Help forums, part of the Tech Support Forum category. Hi, My son downloaded and installed Minecraft mods including unwittingly some other nasties. I have uninstalled what I could find


Closed Thread
 
Thread Tools Search this Thread
Old 07-19-2015, 11:14 AM   #1
Registered Member
 
Join Date: Jun 2008
Location: South Africa
Posts: 125
OS: Windows 10 Pro



Hi,

My son downloaded and installed Minecraft mods including unwittingly some other nasties. I have uninstalled what I could find but I now suspect malware.
I downloaded dds.scr but it opens in Notepad. I don't know what a script blocker is. Please advise.

Thanks.
happydaze29 is offline  
Sponsored Links
Advertisement
 
Old 07-19-2015, 07:58 PM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Check for additional security risks:
  • Please download CKScanner by askey127 and save it to your desktop.
  • Double-click on CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File. You will be prompted, just click OK.
  • Post the contents of ckfiles.txt in your next reply. It is located on your desktop.
------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Do NOT click the green 'Download' button(if visible).
  • Click the blue 'Download now @bleepingcomputer' button.
  • Run AdwCleaner and select Scan
  • Once the Scan is done, select Cleaning
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[S#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.
If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 07-19-2015, 10:31 PM   #3
Registered Member
 
Join Date: Jun 2008
Location: South Africa
Posts: 125
OS: Windows 10 Pro



Hi,

Downloaded CKScanner.exe, clicked on 'search for files' but after 10 minutes of hourglass when I click on it, I get 'not responding'.

Tried 3 times, even after a restart.

Downloaded and ran ADWcleaner:

# AdwCleaner v4.208 - Logfile created 20/07/2015 at 06:58:15
# Updated 09/07/2015 by Xplode
# Database : 2015-07-15.1 [Server]
# Operating system : Windows 8.1 Pro (x64)
# Username : Windows7 - RAKA
# Running from : C:\Users\Windows7\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\AskPartnerNetwork
Folder Deleted : C:\ProgramData\WindowsMangerProtect
Folder Deleted : C:\ProgramData\Fighters
Folder Deleted : C:\Program Files (x86)\AskPartnerNetwork
Folder Deleted : C:\Program Files (x86)\MediaPlayerLite
Folder Deleted : C:\Program Files\PCDApp
Folder Deleted : C:\WINDOWS\System32\Store
Folder Deleted : C:\Users\Windows7\AppData\Local\Linkey
Folder Deleted : C:\Users\Windows7\AppData\Roaming\istartsurf
Folder Deleted : C:\Users\Windows7\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\Windows7\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Windows7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaPlayerLite
Folder Deleted : C:\Users\Windows7\Documents\Tutorials
Folder Deleted : C:\Users\Windows7\Documents\Updater
Folder Deleted : C:\Users\Windows7\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh
File Deleted : C:\WINDOWS\SysWOW64\SafeAppLM.ocx
File Deleted : C:\WINDOWS\System32\roboot64.exe

***** [ Scheduled tasks ] *****

Task Deleted : LaunchPreSignup

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\fpmeembnagmagppkgghhfjfdfajdfcah
Key Deleted : HKCU\Software\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh
Key Deleted : HKLM\SOFTWARE\Classes\AppID\iedll.dll
Key Deleted : HKLM\System\CurrentControlSet\Services\Eventlog\Application\registry helper service
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6A7CD9EC-D8BD-4340-BCD0-77C09A282921}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4613B1C1-FBC0-43C3-A4B9-B1D6CD360BB3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{726E90BE-DC22-4965-B215-E0784DC26F47}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2335267C-DBBA-4DD5-A9D0-C4DB8E6A75A4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{54739D49-AC03-4C57-9264-C5195596B3A1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{87934C42-161D-45BC-8CEF-EF18ABE2A30C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4613B1C1-FBC0-43C3-A4B9-B1D6CD360BB3}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}
Key Deleted : HKCU\Software\Myfree Codec
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Linkey
Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp
Key Deleted : HKLM\SOFTWARE\Myfree Codec
Key Deleted : HKLM\SOFTWARE\SmdmF
Key Deleted : HKLM\SOFTWARE\Linkey
Key Deleted : HKU\.DEFAULT\Software\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00B2-0409-0000-0000000FF1CE}
Key Deleted : [x64] HKLM\SOFTWARE\Linkey
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17840

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v


-\\ Google Chrome v


-\\ Opera v0.0.0.0


*************************

AdwCleaner[R2].txt - [6831 bytes] - [20/07/2015 06:54:44]
AdwCleaner[S2].txt - [6273 bytes] - [20/07/2015 06:58:15]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [6332 bytes] ##########
happydaze29 is offline  
Sponsored Links
Advertisement
 
Old 07-19-2015, 10:32 PM   #4
Registered Member
 
Join Date: Jun 2008
Location: South Africa
Posts: 125
OS: Windows 10 Pro



After this I tried CKScanner again, no luck, just hangs on 'not responding'.

Running Farbar now.
happydaze29 is offline  
Old 07-19-2015, 10:57 PM   #5
Registered Member
 
Join Date: Jun 2008
Location: South Africa
Posts: 125
OS: Windows 10 Pro



Farbar results:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-07-2015 01
Ran by Windows7 (administrator) on RAKA on 20-07-2015 07:34:02
Running from C:\Users\Windows7\Desktop
Loaded Profiles: Windows7 (Available Profiles: Windows7 & Kiran & Guest)
Platform: Windows 7 Ultimate (X64) OS Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(HP) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Autodesk Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files (x86)\reaConverter 7 Standard\rc_service.exe
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avpui.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Firetrust) C:\Program Files (x86)\Firetrust\MailWasher\MailWasherPro.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
(Google Inc.) C:\Users\Windows7\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Windows7\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Windows7\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Windows7\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\plugin-nm-server.exe
(Google Inc.) C:\Users\Windows7\AppData\Local\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-03-11] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-13] (Intel Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [UCam_Menu] => C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Mirror Tray icon] => C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe [162912 2009-06-11] (CyberLink Corp.)
HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [1734144 2013-05-29] (AimerSoft)
HKLM-x32\...\Run: [CorelDRAW Graphics Suite 11b] => C:\Program Files (x86)\Corel\Corel Graphics 12\Languages\EN\Programs\registration.exe /title="CorelDRAW Graphics Suite 12" /date=040513 serial=DR12WTX-9999998-YSP lang=EN
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-07-25] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BrowserPlugInHelper] => C:\Program Files (x86)\Aimersoft\Video Converter Ultimate\BrowserPlugInHelper.exe
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [Acrobat Assistant 7.0] => C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [483328 2004-12-14] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe [477064 2013-12-22] (Autodesk Inc.)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1273448 2012-04-03] (CANON INC.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2367110212-2466544879-1827172648-1000\...\Run: [Google Update] => C:\Users\Windows7\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-19] (Google Inc.)
HKU\S-1-5-21-2367110212-2466544879-1827172648-1000\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2289664 2008-01-24] (Hewlett-Packard Company)
HKU\S-1-5-21-2367110212-2466544879-1827172648-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1562264 2014-07-25] (Samsung)
HKU\S-1-5-21-2367110212-2466544879-1827172648-1000\...\Run: [GomTray] => C:\Program Files (x86)\GRETECH\GOMTray\GomTray.exe [2384472 2013-07-04] (GRETECH)
HKU\S-1-5-21-2367110212-2466544879-1827172648-1000\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845120 2014-07-25] (Samsung)
HKU\S-1-5-21-2367110212-2466544879-1827172648-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2367110212-2466544879-1827172648-1000\...\Run: [KiesPDLR.exe] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845120 2014-07-25] (Samsung)
HKU\S-1-5-21-2367110212-2466544879-1827172648-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22012688 2015-06-20] (Google)
HKU\S-1-5-21-2367110212-2466544879-1827172648-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-2367110212-2466544879-1827172648-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-2367110212-2466544879-1827172648-1000\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3632472 2015-04-27] (Electronic Arts)
HKU\S-1-5-21-2367110212-2466544879-1827172648-1000\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1193352 2014-02-08] (Autodesk, Inc.)
HKU\S-1-5-21-2367110212-2466544879-1827172648-1000\...\Run: [d6_9469] => C:\Program Files (x86)\D6 Technology\d6_9469\d6\d6_9469.exe [1358040 2015-05-19] (D6 Technology)
HKU\S-1-5-18\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1193352 2014-02-08] (Autodesk, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk [2015-05-22]
ShortcutTarget: Adobe Acrobat Speed Launcher.lnk -> C:\Windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk [2012-03-27]
ShortcutTarget: AutoCAD Startup Accelerator.lnk -> C:\Program Files (x86)\Common Files\Autodesk Shared\acstart17.exe (Autodesk, Inc)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodeMeter Control Center.lnk [2012-09-05]
ShortcutTarget: CodeMeter Control Center.lnk -> C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe (WIBU-SYSTEMS AG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk [2012-12-15]
ShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files (x86)\WinZip\WZQKPICK.EXE (WinZip Computing LP)
Startup: C:\Users\Windows7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CodeMeter Control Center.lnk [2012-02-23]
ShortcutTarget: CodeMeter Control Center.lnk -> C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe (WIBU-SYSTEMS AG)
Startup: C:\Users\Windows7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012-06-26]
ShortcutTarget: Dropbox.lnk -> C:\Users\Windows7\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Windows7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MailWasherPro.lnk [2015-06-15]
ShortcutTarget: MailWasherPro.lnk -> C:\Program Files (x86)\Firetrust\MailWasher\MailWasherPro.exe (Firetrust)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Windows7\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Windows7\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Windows7\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Windows7\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Windows7\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Windows7\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Windows7\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Windows7\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll [2014-02-07] (Autodesk, Inc.)
ShellIconOverlayIdentifiers-x32: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\SysWOW64\AcSignIcon.dll [2006-03-05] (Autodesk)
GroupPolicyScripts: Group Policy detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2367110212-2466544879-1827172648-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN South Africa | Hotmail, Outlook, Skype, News and Video
HKU\S-1-5-21-2367110212-2466544879-1827172648-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = Upgrade to Google Chrome
HKU\S-1-5-21-2367110212-2466544879-1827172648-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Upgrade to Google Chrome
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll [2011-03-17] (HP)
BHO: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: No Name -> {206E52E0-D52E-11D4-AD54-0000E86C26F6} -> C:\PROGRA~2\FRESHD~1\FRESHD~1\fdcatch.dll No File
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO-x32: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-12-07] (Oracle Corporation)
BHO-x32: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll [2011-03-17] (HP)
BHO-x32: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: VIPRE Search Guard Helper -> {963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} -> C:\Program Files (x86)\VIPRE\VSGN.dll No File
BHO-x32: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: AcroIEToolbarHelper Class -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14] (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-12-07] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: GretechBHO Class -> {F0181C6E-9218-4792-9F3C-E8DF52B2F1AC} -> C:\Program Files (x86)\GRETECH\GomPicker\GomPickerBHO.dll [2013-04-03] (Gretech Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKLM-x32 - VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - No File
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKU\S-1-5-21-2367110212-2466544879-1827172648-1000 -> No Name - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - No File
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} https://download.eset.com/special/eos/OnlineScanner.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Handler: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - C:\Program Files (x86)\VIPRE\VSGN.dll No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.0.0.2
Tcpip\..\Interfaces\{214F87B9-3CEF-4C51-B6FD-5953011A0709}: [DhcpNameServer] 10.0.0.2
Tcpip\..\Interfaces\{65D36FA1-E38C-47B4-A48C-76F9E81C3AF7}: [DhcpNameServer] 10.0.0.2
Tcpip\..\Interfaces\{EE6A65EE-5272-4940-BE58-9A92B64F1987}: [DhcpNameServer] 192.168.42.129

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-02-13] (Google, Inc.)
FF Plugin-x32: @graphisoft.com/GDL Web Plug-in -> C:\Program Files (x86)\GRAPHISOFT\GDLWebControl\npGDLMozilla.dll [2012-06-13] (Graphisoft SE)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\WINDOWS\SysWOW64\npdeployJava1.dll [2014-12-07] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-07] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-07] (Oracle Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker_663BE84DBCC949E88C7600F63CA7F098 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\[email protected] [2015-05-06] ()
FF Plugin-x32: @kaspersky.com/online_banking_08806E753BE44495B44E90AA2513BDC5 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\[email protected] [2015-05-06] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard_07402848C2F6470194F131B0F3DE025E -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\[email protected] [2015-05-06] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2367110212-2466544879-1827172648-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Windows7\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-2367110212-2466544879-1827172648-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Windows7\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\[email protected]
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\[email protected] [2015-05-06]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\[email protected]
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\[email protected] [2015-05-06]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\[email protected]
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\[email protected] [2015-05-06]

Chrome:
=======
CHR Profile: C:\Users\Windows7\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Windows7\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-13]
CHR Extension: (Google Docs) - C:\Users\Windows7\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-13]
CHR Extension: (Google Drive) - C:\Users\Windows7\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-24]
CHR Extension: (Rapport) - C:\Users\Windows7\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2015-06-15]
CHR Extension: (YouTube) - C:\Users\Windows7\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-04]
CHR Extension: (Google Search) - C:\Users\Windows7\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-28]
CHR Extension: (Kaspersky Protection) - C:\Users\Windows7\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2015-05-06]
CHR Extension: (Google Sheets) - C:\Users\Windows7\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-13]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Windows7\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-12]
CHR Extension: (Google Wallet) - C:\Users\Windows7\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-02]
CHR Extension: (Website Logon) - C:\Users\Windows7\AppData\Local\Google\Chrome\User Data\Default\Extensions\omemdhjdbcbfldfeehbenogbhbhabifj [2015-07-13]
CHR Extension: (Gmail) - C:\Users\Windows7\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-04]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/d...jmlmojhbllhbho
CHR HKU\S-1-5-21-2367110212-2466544879-1827172648-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/d...jmlmojhbllhbho
CHR HKLM-x32\...\Chrome\Extension: [omemdhjdbcbfldfeehbenogbhbhabifj] - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx [2011-03-14]
StartMenuInternet: Google Chrome - C:\Users\Windows7\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [576904 2013-12-22] (Autodesk Inc.)
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2012-04-01] (Adobe Systems) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [31192 2014-02-07] (Autodesk, Inc.)
S3 Autodesk Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [77944 2012-03-27] (Autodesk)
R2 AVP15.0.2; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe [194000 2015-06-22] (Kaspersky Lab ZAO)
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2255064 2013-10-28] (Broadcom Corporation.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
S3 ExpressInvoiceService; C:\Program Files (x86)\NCH Software\ExpressInvoice\expressinvoice.exe [2634320 2014-12-25] (NCH Software)
S3 GSService; C:\WINDOWS\SysWOW64\GSService.exe [450272 2013-03-28] ()
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2008-01-24] (Hewlett-Packard Company) [File not signed]
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1931632 2015-04-27] (Electronic Arts)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2222360 2015-06-02] (IBM Corp.)
R2 reaConverter_service; C:\Program Files (x86)\reaConverter 7 Standard\rc_service.exe [2129408 2015-05-31] () [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 VmbService; C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [9216 2011-04-19] (Vodafone) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
S3 NMIndexingService; "C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2013-12-13] (Advanced Micro Devices, Inc.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-11-11] (AVG Technologies)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-10-28] (Broadcom Corporation.)
R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [132608 2015-01-30] (Microsoft Corporation)
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [247016 2015-06-22] (Kaspersky Lab UK Ltd)
S3 DrmCAudio; C:\Windows\system32\drivers\DrmCAudio.sys [34528 2013-03-28] (Windows (R) Win 7 DDK provider)
S3 FlashUSB; C:\Windows\System32\drivers\FlashUSB.sys [19968 2014-06-16] (Intel Mobile Communications)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-06-22] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [64368 2015-06-22] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2012-07-27] (Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [159960 2015-06-22] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [226480 2015-06-29] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [831664 2015-06-22] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [39792 2015-06-22] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [40304 2015-06-22] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [39792 2015-06-22] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [24944 2015-06-22] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [77680 2015-06-22] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [85360 2015-06-22] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [190648 2015-06-22] (Kaspersky Lab ZAO)
R1 RapportCerberus_1412112; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1412112.sys [917112 2015-06-25] (IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [485368 2015-06-02] (IBM Corp.)
R0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [121432 2015-06-02] (IBM Corp.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [376184 2015-06-02] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [480440 2015-06-02] (IBM Corp.)
S3 ssudserd; C:\Windows\system32\DRIVERS\ssudserd.sys [206080 2014-06-16] (DEVGURU Co., LTD.(데브구루 | 데브구루에 오*것을 환영합니다.))
S3 usbrndis6; C:\Windows\System32\drivers\usb80236.sys [20992 2015-04-25] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
S3 WsAudio_Device(1); C:\Windows\system32\drivers\VirtualAudio1.sys [31080 2013-01-25] (Wondershare)
U3 idsvc; No ImagePath
S3 MFE_RR; \??\C:\Users\Windows7\AppData\Local\Temp\mfe_rr.sys [X]
S2 NEWDRIVER; \??\C:\Windows\SysWow64\WinVDEdrv6.sys [X]
S3 pccsmcfd; \SystemRoot\system32\DRIVERS\pccsmcfdx64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-20 07:34 - 2015-07-20 07:35 - 00034069 _____ C:\Users\Windows7\Desktop\FRST.txt
2015-07-20 07:33 - 2015-07-20 07:34 - 00000000 ____D C:\FRST
2015-07-20 07:26 - 2015-07-20 07:26 - 02134528 _____ (Farbar) C:\Users\Windows7\Desktop\FRST64.exe
2015-07-20 07:05 - 2015-07-20 07:05 - 00006484 _____ C:\Users\Windows7\Desktop\AdwCleaner[S2].txt
2015-07-20 07:00 - 2015-07-20 07:00 - 00000000 ____H C:\ProgramData\cm-lock
2015-07-20 06:54 - 2015-07-20 06:58 - 00000000 ____D C:\AdwCleaner
2015-07-20 06:37 - 2015-07-20 06:37 - 02248704 _____ C:\Users\Windows7\Desktop\AdwCleaner.exe
2015-07-20 06:36 - 2015-07-20 06:36 - 00468480 _____ () C:\Users\Windows7\Desktop\CKScanner.exe
2015-07-20 05:13 - 2015-07-02 23:21 - 19877376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-07-20 05:13 - 2015-07-02 22:50 - 02279424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-07-20 05:13 - 2015-07-02 22:49 - 25193984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-07-20 05:13 - 2015-07-02 22:23 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-07-20 05:13 - 2015-07-02 22:19 - 12855296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-07-20 05:13 - 2015-07-02 21:55 - 01310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-07-20 05:13 - 2015-07-02 21:20 - 14453248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-07-20 05:13 - 2015-07-02 20:59 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-07-20 05:13 - 2015-05-30 23:18 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-07-20 05:13 - 2015-05-30 21:36 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-07-20 05:13 - 2015-05-30 21:35 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-07-20 05:11 - 2015-06-16 00:39 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-07-20 05:11 - 2015-06-16 00:38 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-07-20 05:11 - 2015-06-16 00:26 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-07-20 05:11 - 2015-06-16 00:24 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-07-20 05:11 - 2015-06-16 00:02 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2015-07-20 05:11 - 2015-06-15 23:58 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2015-07-20 05:11 - 2015-06-15 23:57 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-07-20 05:11 - 2015-06-15 23:56 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-07-20 05:11 - 2015-06-15 23:55 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-07-20 05:11 - 2015-06-15 23:49 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-07-20 05:11 - 2015-06-15 23:41 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-07-20 05:11 - 2015-06-15 23:38 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-07-20 05:11 - 2015-06-15 23:36 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-07-20 05:11 - 2015-06-15 23:17 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-07-20 05:11 - 2015-06-15 23:16 - 02427392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-07-20 05:11 - 2015-06-15 23:15 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-07-20 05:11 - 2015-06-15 23:13 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-07-20 05:11 - 2015-06-15 23:04 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-07-20 05:11 - 2015-06-15 23:03 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-07-20 05:11 - 2015-06-15 22:52 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-07-20 05:11 - 2015-06-15 22:47 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2015-07-20 05:11 - 2015-06-15 22:44 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2015-07-20 05:11 - 2015-06-15 22:43 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-07-20 05:11 - 2015-06-15 22:42 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-07-20 05:11 - 2015-06-15 22:41 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-07-20 05:11 - 2015-06-15 22:37 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-07-20 05:11 - 2015-06-15 22:32 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-07-20 05:11 - 2015-06-15 22:31 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-07-20 05:11 - 2015-06-15 22:30 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-07-20 05:11 - 2015-06-15 22:30 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-07-20 05:11 - 2015-06-15 22:17 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-07-20 05:11 - 2015-06-15 22:07 - 01951232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-07-20 05:11 - 2015-06-15 22:02 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-07-20 05:10 - 2015-07-09 21:51 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-07-20 05:10 - 2015-07-09 20:40 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2015-07-20 05:10 - 2015-07-09 18:03 - 03701760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-07-20 05:10 - 2015-07-09 17:54 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-07-20 05:10 - 2015-07-09 17:53 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-07-20 05:10 - 2015-07-09 17:50 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-07-20 05:10 - 2015-07-09 17:50 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-07-20 05:10 - 2015-07-09 17:48 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-07-20 05:10 - 2015-07-09 17:46 - 02229248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-07-20 05:10 - 2015-07-09 17:38 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-07-20 05:10 - 2015-07-09 17:37 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-07-20 05:10 - 2015-07-09 17:35 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-07-20 05:10 - 2015-07-09 17:34 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-07-20 05:10 - 2015-06-28 07:07 - 00442712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2015-07-20 05:10 - 2015-06-28 07:07 - 00178008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-07-20 05:10 - 2015-06-28 07:06 - 01311960 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2015-07-20 05:10 - 2015-06-28 07:06 - 00332120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2015-07-20 05:10 - 2015-06-27 18:42 - 00747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2015-07-20 05:10 - 2015-06-27 05:13 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2015-07-20 05:10 - 2015-06-27 05:12 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2015-07-20 05:10 - 2015-06-27 05:12 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2015-07-20 05:10 - 2015-06-27 05:08 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-07-20 05:10 - 2015-06-27 05:08 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-07-20 05:10 - 2015-06-27 04:40 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-07-20 05:10 - 2015-06-27 04:14 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2015-07-20 05:10 - 2015-06-27 04:05 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-07-20 05:10 - 2015-06-27 04:00 - 00989184 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-07-20 05:10 - 2015-06-27 03:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-07-20 05:10 - 2015-06-27 03:26 - 00802816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-07-20 05:10 - 2015-05-07 19:50 - 22292672 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-07-20 05:09 - 2015-06-16 00:41 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
2015-07-20 05:09 - 2015-06-16 00:24 - 03320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2015-07-20 05:09 - 2015-06-15 23:16 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msiexec.exe
2015-07-20 05:09 - 2015-06-15 23:09 - 03607552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2015-07-20 05:09 - 2015-06-15 22:50 - 02774528 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-07-20 05:09 - 2015-06-15 21:57 - 02460160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-07-20 05:09 - 2015-05-11 20:17 - 01201664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2015-07-20 05:09 - 2015-05-07 19:00 - 03109376 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2015-07-20 05:09 - 2015-05-07 18:53 - 19734960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-07-20 05:09 - 2015-05-07 18:12 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2015-07-20 05:08 - 2015-07-03 15:52 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-07-20 05:08 - 2015-07-03 15:52 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-07-20 05:08 - 2015-07-03 15:50 - 00301056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-07-20 05:08 - 2015-07-03 15:50 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-07-20 05:08 - 2015-06-25 04:31 - 04177920 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-07-20 05:08 - 2015-05-07 17:21 - 00522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\GeofenceMonitorService.dll
2015-07-20 05:08 - 2015-05-07 17:05 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GeofenceMonitorService.dll
2015-07-20 05:08 - 2015-05-03 02:39 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-07-20 05:08 - 2015-04-30 01:22 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2015-07-20 05:08 - 2015-04-25 04:25 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usb80236.sys
2015-07-20 05:08 - 2015-04-25 04:25 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usb8023.sys
2015-07-20 05:08 - 2015-04-23 19:01 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rndismp6.sys
2015-07-20 05:06 - 2015-07-02 00:08 - 05923840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-07-20 05:06 - 2015-07-01 23:14 - 04520448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-07-20 05:06 - 2015-06-30 00:43 - 00026288 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-07-20 05:06 - 2015-06-29 17:07 - 01145856 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-07-20 05:06 - 2015-06-29 17:07 - 01084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-07-20 05:06 - 2015-06-29 17:07 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-07-20 05:06 - 2015-06-29 17:07 - 00433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-07-20 05:06 - 2015-06-29 17:07 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-07-20 05:06 - 2015-06-27 01:21 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-07-20 05:06 - 2015-06-27 01:21 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-07-20 05:06 - 2015-06-11 05:49 - 01380600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-07-20 05:06 - 2015-06-10 18:13 - 01097216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-07-20 05:06 - 2015-05-11 18:34 - 00332800 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcpl.dll
2015-07-20 05:06 - 2015-05-03 17:09 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-07-20 05:06 - 2015-05-03 17:07 - 07784448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2015-07-20 05:06 - 2015-05-03 16:58 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-07-20 05:06 - 2015-05-03 16:57 - 05264384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2015-07-20 05:06 - 2015-05-03 16:55 - 00971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2015-07-20 05:06 - 2015-05-03 16:49 - 00811008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2015-07-20 05:06 - 2015-04-28 15:13 - 00513480 _____ C:\WINDOWS\SysWOW64\locale.nls
2015-07-20 05:06 - 2015-04-28 15:13 - 00513480 _____ C:\WINDOWS\system32\locale.nls
2015-07-20 05:06 - 2015-04-23 17:47 - 03084288 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-07-20 05:06 - 2015-04-23 17:16 - 02471424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-07-20 05:06 - 2015-03-09 04:02 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storvsp.sys
2015-07-19 22:00 - 2015-05-12 15:19 - 00294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2015-07-19 22:00 - 2015-05-07 18:47 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\apphelp.dll
2015-07-19 21:59 - 2015-06-16 07:36 - 01661576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2015-07-19 21:59 - 2015-06-16 07:36 - 01212248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2015-07-19 21:59 - 2015-05-02 01:33 - 00410739 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-07-19 21:03 - 2015-07-19 21:03 - 00000000 ____D C:\Users\Windows7\Downloads\HP repair video
2015-07-19 20:48 - 2015-07-19 20:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-07-18 10:15 - 2015-07-19 20:54 - 00000000 ____D C:\Users\Windows7\Desktop\New folder
2015-07-15 12:33 - 2015-07-15 12:33 - 00000000 ____D C:\Users\Windows7\Downloads\AC18 MAC
2015-07-13 13:51 - 2015-07-13 13:51 - 00958221 _____ C:\Users\Windows7\Downloads\Mutant_Creatures_v1.3.6_mc1.6.2 (1).zip
2015-07-13 13:50 - 2015-07-13 13:50 - 00958221 _____ C:\Users\Windows7\Downloads\Mutant_Creatures_v1.3.6_mc1.6.2.zip
2015-07-13 12:54 - 2015-07-13 12:54 - 02373296 _____ C:\Users\Windows7\Downloads\BBF0.tmp
2015-07-13 11:47 - 2015-07-12 15:31 - 00000626 _____ C:\launcher_profiles.json
2015-07-13 11:46 - 2015-07-13 11:46 - 00000000 ____D C:\versions
2015-07-13 11:46 - 2015-07-13 11:46 - 00000000 ____D C:\saves
2015-07-13 11:46 - 2015-07-13 11:46 - 00000000 ____D C:\libraries
2015-07-13 11:46 - 2015-07-13 11:46 - 00000000 ____D C:\how to find folder
2015-07-13 11:46 - 2015-07-13 11:46 - 00000000 ____D C:\assets
2015-07-13 11:46 - 2015-07-02 14:09 - 00000000 ____D C:\server-resource-packs
2015-07-13 11:46 - 2015-07-02 14:09 - 00000000 ____D C:\resourcepacks
2015-07-10 11:34 - 2015-07-10 11:34 - 00000476 _____ C:\Users\Windows7\Downloads\AB53.tmp
2015-07-08 06:32 - 2015-07-08 06:32 - 00288168 _____ C:\WINDOWS\Minidump\070815-30750-01.dmp
2015-07-08 06:29 - 2015-07-08 06:29 - 00000000 _____ C:\Users\Windows7\AppData\Local\{00321255-E2BD-4A82-88F5-9F232A546975}
2015-07-06 17:15 - 2015-07-06 17:15 - 00000000 ____D C:\Users\Windows7\Downloads\HP
2015-07-06 13:50 - 2015-07-06 13:50 - 00001252 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Invoice Invoicing Software.lnk
2015-07-06 13:50 - 2015-07-06 13:50 - 00001240 _____ C:\Users\Public\Desktop\Express Invoice Invoicing Software.lnk
2015-07-06 13:50 - 2015-07-06 13:50 - 00000000 ____D C:\Program Files (x86)\NCH Software
2015-06-30 11:17 - 2015-07-07 06:58 - 00000000 ____D C:\WINDOWS\System32\Tasks\NCH Software
2015-06-30 11:17 - 2015-07-06 13:48 - 00000000 ____D C:\Users\Windows7\Downloads\invoice
2015-06-30 11:17 - 2015-06-30 11:29 - 00000000 ____D C:\ProgramData\NCH Software
2015-06-26 07:43 - 2015-06-26 07:43 - 00288168 _____ C:\WINDOWS\Minidump\062615-32593-01.dmp
2015-06-26 07:31 - 2015-06-26 07:31 - 00288168 _____ C:\WINDOWS\Minidump\062615-26578-01.dmp
2015-06-26 07:17 - 2015-06-26 07:17 - 00288168 _____ C:\WINDOWS\Minidump\062615-29906-01.dmp
2015-06-24 17:26 - 2015-06-24 17:26 - 00000000 ___HD C:\ProgramData\CanonIJQuickMenu
2015-06-24 17:24 - 2015-06-24 17:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon iP7200 series User Registration
2015-06-24 17:16 - 2015-06-24 17:24 - 00000000 ____D C:\Program Files\Canon
2015-06-24 17:15 - 2015-06-24 17:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon iP7200 series Manual
2015-06-24 17:14 - 2015-06-24 17:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon iP7200 series
2015-06-24 17:13 - 2015-06-24 17:13 - 00000000 ____D C:\WINDOWS\system32\STRING
2015-06-24 17:13 - 2012-03-28 19:01 - 00039424 _____ (CANON INC.) C:\WINDOWS\system32\CNMN6UI.DLL
2015-06-24 17:13 - 2012-03-28 19:00 - 00366592 _____ (CANON INC.) C:\WINDOWS\SysWOW64\CNMNPPM.DLL
2015-06-24 17:13 - 2012-03-28 19:00 - 00359936 _____ (CANON INC.) C:\WINDOWS\system32\CNMN6PPM.DLL
2015-06-24 17:12 - 2012-04-16 05:00 - 00389120 _____ (CANON INC.) C:\WINDOWS\system32\CNMLMBA.DLL
2015-06-24 17:11 - 2015-06-24 17:11 - 00000000 ___HD C:\ProgramData\CanonIJETV

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-20 07:38 - 2015-02-28 10:35 - 00003174 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForWindows7
2015-07-20 07:38 - 2015-02-28 10:35 - 00000354 _____ C:\WINDOWS\Tasks\HPCeeScheduleForWindows7.job
2015-07-20 07:38 - 2013-12-27 08:01 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-07-20 07:23 - 2013-09-30 06:12 - 00005632 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-07-20 07:23 - 2012-02-24 05:44 - 00000930 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2367110212-2466544879-1827172648-1000UA.job
2015-07-20 07:21 - 2013-11-30 10:43 - 01168504 _____ C:\WINDOWS\WindowsUpdate.log
2015-07-20 07:21 - 2012-11-13 05:37 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2367110212-2466544879-1827172648-1000
2015-07-20 07:20 - 2013-08-22 16:46 - 00593398 _____ C:\WINDOWS\setupact.log
2015-07-20 07:04 - 2012-02-21 14:57 - 00000912 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-20 06:59 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-07-20 06:55 - 2012-10-04 12:29 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-07-20 06:39 - 2013-08-22 15:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-07-20 06:32 - 2014-11-08 16:48 - 00000000 ____D C:\Users\Windows7\AppData\Local\5BF94DE1-C6DE-4FB1-BA89-403819198622.aplzod
2015-07-20 06:08 - 2015-05-30 17:20 - 00000000 ___RD C:\Users\Windows7\SkyDrive
2015-07-20 06:08 - 2012-02-21 14:57 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-20 06:04 - 2013-08-22 16:44 - 05274672 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-07-20 06:00 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-07-20 05:59 - 2013-08-22 17:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-07-20 05:59 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\WinStore
2015-07-20 05:59 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\en-GB
2015-07-20 05:59 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-07-20 05:37 - 2012-07-26 09:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-07-20 05:35 - 2012-02-11 06:28 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-07-20 05:34 - 2015-05-31 09:19 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-07-20 05:34 - 2015-05-31 09:19 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-07-20 05:33 - 2013-10-20 10:18 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-07-20 05:17 - 2015-05-31 15:57 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2015-07-20 05:17 - 2015-05-31 15:57 - 00000000 ___SD C:\WINDOWS\system32\GWX
2015-07-20 05:12 - 2014-07-28 07:26 - 00000000 ____D C:\Users\Windows7\AppData\Local\Adobe
2015-07-20 05:10 - 2013-12-02 12:42 - 00003922 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{42F86FFD-62DD-45F6-B294-3E5E8B7AD459}
2015-07-19 20:51 - 2013-11-14 19:05 - 00000000 ____D C:\Program Files (x86)\Nikon
2015-07-19 20:48 - 2014-12-19 17:24 - 00000000 ____D C:\Program Files (x86)\Origin Games
2015-07-19 20:45 - 2013-08-22 17:36 - 00000000 __RHD C:\Users\Public\Libraries
2015-07-18 09:46 - 2013-12-18 10:04 - 00000052 _____ C:\WINDOWS\SysWOW64\DOErrors.log
2015-07-17 13:23 - 2012-02-23 16:31 - 00000000 ____D C:\Users\Windows7\Graphisoft
2015-07-17 13:14 - 2013-11-24 20:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-07-17 12:25 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-07-17 11:53 - 2013-03-19 09:27 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-07-17 08:23 - 2012-02-24 05:44 - 00000878 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2367110212-2466544879-1827172648-1000Core.job
2015-07-17 08:13 - 2013-06-02 13:31 - 00000000 ____D C:\Users\Windows7\Documents\BIMx
2015-07-16 16:17 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2015-07-16 12:20 - 2015-06-02 17:36 - 00000000 ____D C:\Users\Windows7\AppData\Roaming\Azureus
2015-07-16 12:07 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2015-07-16 09:03 - 2012-02-21 14:57 - 00003888 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-16 09:03 - 2012-02-21 14:57 - 00003652 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-16 08:18 - 2012-02-24 05:44 - 00003886 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2367110212-2466544879-1827172648-1000UA
2015-07-16 08:18 - 2012-02-24 05:44 - 00003506 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2367110212-2466544879-1827172648-1000Core
2015-07-15 15:16 - 2014-05-09 16:07 - 00033832 _____ C:\Users\Windows7\AppData\Roaming\ContactSheetII.log
2015-07-15 15:10 - 2014-05-09 16:07 - 00000694 _____ C:\Users\Windows7\AppData\Roaming\Contact Sheet II.xml
2015-07-15 12:49 - 2015-06-02 17:37 - 00001810 _____ C:\Users\Public\Desktop\Vuze.lnk
2015-07-15 12:49 - 2015-06-02 17:37 - 00001810 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk
2015-07-15 12:49 - 2015-06-02 17:36 - 00000000 ____D C:\Program Files\Vuze
2015-07-15 12:34 - 2015-06-02 19:05 - 00000000 ____D C:\Users\Windows7\Downloads\AutoCAD
2015-07-14 13:16 - 2012-02-23 17:15 - 00000000 ____D C:\Users\Windows7\Documents\_draughting9
2015-07-14 10:30 - 2014-12-29 07:51 - 00003886 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-07-14 10:29 - 2012-11-12 19:36 - 00000000 ____D C:\Users\Windows7\AppData\Local\Packages
2015-07-14 10:14 - 2013-09-29 22:03 - 00031660 _____ C:\WINDOWS\PFRO.log
2015-07-14 08:13 - 2014-12-07 11:20 - 00000000 ____D C:\Users\Windows7\AppData\Roaming\.minecraft
2015-07-13 23:10 - 2013-12-03 12:30 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-07-13 23:10 - 2013-12-03 12:30 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-13 13:38 - 2014-10-12 15:36 - 00000000 ____D C:\Users\Windows7\AppData\Roaming\.aether
2015-07-13 13:16 - 2014-08-03 10:18 - 00000000 ____D C:\Users\Windows7\Downloads\java
2015-07-13 06:55 - 2015-04-20 16:38 - 00000000 ____D C:\Users\Windows7\Documents\A-star
2015-07-09 17:09 - 2015-05-16 07:48 - 00000000 ____D C:\Users\Windows7\Documents\_construction projects
2015-07-09 16:28 - 2014-12-24 11:02 - 00000000 ____D C:\Users\Windows7\Documents\_outlander
2015-07-08 07:27 - 2012-02-11 06:51 - 00185392 _____ C:\Users\Windows7\AppData\Local\GDIPFONTCACHEV1.DAT
2015-07-08 06:32 - 2015-06-19 18:20 - 682655330 _____ C:\WINDOWS\MEMORY.DMP
2015-07-08 06:32 - 2013-12-07 08:32 - 00000000 ____D C:\WINDOWS\Minidump
2015-07-08 06:32 - 2013-11-30 10:22 - 00000000 ____D C:\Users\Windows7
2015-07-08 06:23 - 2012-05-23 08:45 - 00000000 ___RD C:\Users\Windows7\Documents\__Henry DO NOT USE
2015-07-06 17:26 - 2015-06-07 15:40 - 00000000 ____D C:\Users\Windows7\Downloads\HP 500 driver
2015-07-06 10:21 - 2013-12-13 18:27 - 00000000 ____D C:\Users\Windows7\AppData\Local\CrashDumps
2015-07-03 14:34 - 2014-04-18 10:56 - 00000132 _____ C:\Users\Windows7\AppData\Roaming\Adobe BMP Format CS6 Prefs
2015-07-03 08:43 - 2012-03-06 05:06 - 130333168 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-07-01 10:38 - 2014-01-26 15:28 - 00000000 ____D C:\ProgramData\CanonIJPLM
2015-06-29 11:25 - 2014-10-22 21:13 - 00226480 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klhk.sys
2015-06-25 15:52 - 2013-08-24 08:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2015-06-25 11:19 - 2012-02-23 17:14 - 00000000 ____D C:\Users\Windows7\Documents\__Paladin
2015-06-24 17:26 - 2014-01-26 15:30 - 00000000 ____D C:\Users\Windows7\AppData\Roaming\Canon
2015-06-24 17:24 - 2014-01-26 15:26 - 00000000 ____D C:\Program Files (x86)\Canon
2015-06-24 17:21 - 2014-01-26 15:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2015-06-24 17:21 - 2014-01-26 15:28 - 00000000 ____D C:\ProgramData\CanonIJWSpt
2015-06-24 17:14 - 2014-01-21 11:44 - 00000000 ___HD C:\WINDOWS\system32\CanonIJ Uninstaller Information
2015-06-24 12:54 - 2012-02-23 16:31 - 00000000 ____D C:\Users\Windows7\AppData\Roaming\Graphisoft
2015-06-22 16:45 - 2014-11-10 17:48 - 00190648 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\kneps.sys
2015-06-22 16:44 - 2014-12-13 18:21 - 00831664 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klif.sys
2015-06-22 16:44 - 2014-11-28 18:19 - 00159960 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klflt.sys
2015-06-22 16:44 - 2014-11-22 14:12 - 00085360 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klwtp.sys
2015-06-22 16:44 - 2014-11-20 13:39 - 00077680 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klwfp.sys
2015-06-22 16:44 - 2014-10-30 04:22 - 00040304 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klkbdflt.sys
2015-06-22 16:44 - 2014-10-10 17:02 - 00039792 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klim6.sys
2015-06-22 16:44 - 2014-08-19 12:31 - 00064368 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\kldisk.sys
2015-06-22 16:44 - 2014-03-31 10:47 - 00478392 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\kl1.sys
2015-06-22 16:44 - 2013-08-08 16:11 - 00039792 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klmouflt.sys
2015-06-22 16:44 - 2013-04-12 14:34 - 00024944 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klpd.sys
2015-06-22 16:43 - 2013-01-14 20:10 - 00247016 _____ (Kaspersky Lab UK Ltd) C:\WINDOWS\system32\Drivers\cm_km_w.sys

==================== Files in the root of some directories =======

2014-04-18 10:56 - 2015-07-03 14:34 - 0000132 _____ () C:\Users\Windows7\AppData\Roaming\Adobe BMP Format CS6 Prefs
2014-03-12 05:05 - 2014-03-12 05:05 - 0000132 _____ () C:\Users\Windows7\AppData\Roaming\Adobe IllExport Filter CS6 Prefs
2014-11-23 15:34 - 2015-03-04 05:46 - 0000132 _____ () C:\Users\Windows7\AppData\Roaming\Adobe PNG Format CS6 Prefs
2013-11-14 19:05 - 2013-11-14 19:05 - 0000268 ___RH () C:\Users\Windows7\AppData\Roaming\Application Support
2013-11-14 19:05 - 2013-11-14 19:05 - 0000268 ___RH () C:\Users\Windows7\AppData\Roaming\Applications
2013-11-14 19:05 - 2013-11-14 19:05 - 0000268 ___RH () C:\Users\Windows7\AppData\Roaming\Audio
2015-04-16 16:48 - 2015-04-16 16:48 - 0037870 _____ () C:\Users\Windows7\AppData\Roaming\Comma Separated Values (DOS).ADR
2014-05-09 16:07 - 2015-07-15 15:10 - 0000694 _____ () C:\Users\Windows7\AppData\Roaming\Contact Sheet II.xml
2014-05-09 16:07 - 2015-07-15 15:16 - 0033832 _____ () C:\Users\Windows7\AppData\Roaming\ContactSheetII.log
2012-02-23 15:39 - 2014-05-26 18:27 - 0007168 _____ () C:\Users\Windows7\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-10-22 18:14 - 2013-05-31 03:28 - 0007608 _____ () C:\Users\Windows7\AppData\Local\Resmon.ResmonCfg
2012-07-28 12:25 - 2012-09-05 05:41 - 0000700 ___SH () C:\Users\Windows7\AppData\Local\systemFL7.dat
2015-07-08 06:29 - 2015-07-08 06:29 - 0000000 _____ () C:\Users\Windows7\AppData\Local\{00321255-E2BD-4A82-88F5-9F232A546975}
2015-06-12 08:02 - 2015-06-12 08:02 - 0000000 _____ () C:\Users\Windows7\AppData\Local\{053C88C2-AAB1-4ED2-8123-A1FE6D958E08}
2015-06-10 08:02 - 2015-06-10 08:02 - 0000000 _____ () C:\Users\Windows7\AppData\Local\{25E3AE54-426F-439C-AC81-AE426CCBC576}
2013-11-14 19:05 - 2013-11-14 19:05 - 0000268 ____R () C:\ProgramData\Audio Units
2013-11-14 19:05 - 2013-11-14 19:05 - 0000268 ____R () C:\ProgramData\Authentication
2013-11-14 19:05 - 2013-11-14 19:05 - 0000268 ____R () C:\ProgramData\Automatic Filter
2015-07-20 07:00 - 2015-07-20 07:00 - 0000000 ____H () C:\ProgramData\cm-lock
2015-06-03 08:15 - 2015-06-03 08:15 - 0000153 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2013-11-14 19:05 - 2013-11-14 19:05 - 0000020 _____ () C:\ProgramData\PKP_DLes.DAT
2013-11-14 19:05 - 2015-05-13 18:03 - 0000020 ____H () C:\ProgramData\PKP_DLet.DAT
2013-11-14 19:05 - 2013-11-14 19:05 - 0000020 _____ () C:\ProgramData\PKP_DLev.DAT
2013-12-13 05:39 - 2013-12-13 05:39 - 0008548 _____ () C:\ProgramData\SMRResults410.dat

Files to move or delete:
====================
C:\ProgramData\SMRResults410.dat


Some files in TEMP:
====================
C:\Users\Windows7\AppData\Local\Temp\Quarantine.exe
C:\Users\Windows7\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe IS MISSING <==== ATTENTION!.
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-20 07:41

==================== End of log ============================
Attached Files
File Type: txt Addition.txt (67.3 KB, 42 views)
happydaze29 is offline  
Old 07-20-2015, 01:46 AM   #6
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello happydaze29.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

Emergency Backup Procedure - Tech Support Forum

https://windows.microsoft.com/en-us/w...-backup-restor

------------------------------------------------------

I see you have P2P software ( Vuze ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

A reference for the risk of these programs is here

I would strongly recommend that you uninstall it. You can do so via Control Panel >> Programs and Features.

------------------------------------------------------

It appears you have remnants of AVG on your machine still.

Please download AVG Remover and Save it to your Desktop.
  • Close all programs and double-click avg_remover_stf_x64_2012_1796.exe then click Run
  • In Vista/Win7, right-click and choose 'Run as administrator'.
  • Follow the on-screen instructions.
  • Reboot your computer if not prompted already.
  • Then delete avg_remover_stf_x64_2012_1796.exe and the avgremover.log from your desktop.
------------------------------------------------------
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST64.exe
  • If asked to change 'Encoding:' to 'Unicode:', please agree and save it.

    NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    createrestorepoint:
    Task: {61D6A818-8121-4895-BDCC-7C3CD9DF15D7} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
    C:\Program Files (x86)\Lavasoft
    Task: {C2EC087B-630F-4989-BCA1-ABC8AD9D6942} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\PROGRA~2\AD-AWA~1\AdAwareLauncher.exe
    C:\PROGRA~2\AD-AWA~1
    Kaspersky Internet Security (x32 Version: 15.0.2.361 - Kaspersky Lab) Hidden
    FirewallRules: [{436DA1A4-74A0-4DD5-9421-E246E1A950BA}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
    FirewallRules: [{D6F6B23F-DE44-41BF-B328-7B8DFF058BAE}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
    FirewallRules: [{055328E7-38FC-4549-B193-07D6538378A6}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
    FirewallRules: [{3C63CE9D-2D01-4FFB-BC6F-5F6461E16A52}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
    FirewallRules: [{6F9398C5-9130-425A-821C-34F3CF5E4ADE}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe
    FirewallRules: [{0288E798-B5F4-47F2-899D-EC64D4594038}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe
    FirewallRules: [{6E7E766D-4A2F-46D5-BE9C-624F76FE19B5}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
    FirewallRules: [{EBD04EA2-C31C-4B17-A18A-07341E6782C9}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
    FirewallRules: [{5E03EF05-032F-439D-8B00-DCC84EDEB61D}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
    FirewallRules: [{C5E5DE80-D640-444C-802A-319E5D49DD8F}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
    FirewallRules: [{6B788731-F25D-4875-B0A7-205AA8FC3824}] => (Allow) C:\Program Files\BitComet\BitComet.exe
    FirewallRules: [{00A252AC-93D1-4C3C-B3BA-EF862950939A}] => (Allow) C:\Program Files\BitComet\BitComet.exe
    FirewallRules: [UDP Query User{E7E501D6-9CFA-48E7-BE87-FD15A260764B}C:\program files (x86)\flashget network\flashget 3\flashget3.exe] => (Allow) C:\program files (x86)\flashget network\flashget 3\flashget3.exe
    FirewallRules: [TCP Query User{6CE82F03-5787-4B70-9045-2F7871720543}C:\program files (x86)\flashget network\flashget 3\flashget3.exe] => (Allow) C:\program files (x86)\flashget network\flashget 3\flashget3.exe
    FirewallRules: [{68F4B53D-9D3E-4D33-A855-1734EFA08DBE}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
    FirewallRules: [{01746686-B003-4724-A5E1-5E3C98AC96D5}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
    FirewallRules: [{8B9B8A81-78B4-4531-8E2C-DDD380E69403}] => (Allow) C:\Program Files (x86)\adawaretb\dtUser.exe
    FirewallRules: [{2E89193F-57DD-49F2-862C-52A8DBCB74B3}] => (Allow) C:\Program Files (x86)\adawaretb\dtUser.exe
    FirewallRules: [{A890A3D8-F19F-4896-B8E3-6E0D85CC3C70}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe
    FirewallRules: [{F73DE853-45A0-4BF2-822B-33C4942C4332}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe
    FirewallRules: [{60923980-30E9-4088-9A0E-F11E6C69B263}] => (Allow) C:\Program Files (x86)\adawaretb\dtUser.exe
    FirewallRules: [{60F2A048-BCE9-4414-AD2E-C5A80AD58371}] => (Allow) C:\Program Files (x86)\adawaretb\dtUser.exe
    FirewallRules: [{4C087F9A-A8ED-4A7C-AA91-01EB8D172B53}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
    FirewallRules: [{F6C4B66A-5523-4503-B326-AEAAA91D638A}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
    FirewallRules: [{91ECF308-94E1-4BE4-BA3A-A78A8DFE5B3C}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe
    FirewallRules: [{1A01CBAC-EFD0-4677-AAC8-E7FA379F5D63}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe
    FirewallRules: [{B68724DF-989C-401B-B0A8-93833F02B79B}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
    FirewallRules: [{ECAAE88A-D4A5-4234-995F-0A8814151EEE}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
    FirewallRules: [TCP Query User{4CD6799C-9894-41E1-A5F9-22FA15EB643B}C:\program files (x86)\flashget network\flashget 3\flashget3.exe] => (Allow) C:\program files (x86)\flashget network\flashget 3\flashget3.exe
    FirewallRules: [UDP Query User{80FE39D0-7C01-4B9B-B62A-C18354D14A85}C:\program files (x86)\flashget network\flashget 3\flashget3.exe] => (Allow) C:\program files (x86)\flashget network\flashget 3\flashget3.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe] => Enabled:Flashget3
    FirewallRules: [UDP Query User{2CEDD802-26E2-477A-884C-6E7BAFD55DC6}C:\program files (x86)\keedom smart sync\mobmng.exe] => (Allow) C:\program files (x86)\keedom smart sync\mobmng.exe
    FirewallRules: [TCP Query User{7EB8F6AF-6C74-4BB2-BF33-1F4640A9F03E}C:\program files (x86)\keedom smart sync\mobmng.exe] => (Allow) C:\program files (x86)\keedom smart sync\mobmng.exe
    C:\Program Files (x86)\AVG
    C:\Program Files\BitComet
    C:\program files (x86)\flashget network
    C:\Program Files (x86)\adawaretb
    C:\program files (x86)\keedom smart sync
    HKLM-x32\...\Run: [] => [X]
    HKU\S-1-5-21-2367110212-2466544879-1827172648-1000\...\Run: [AdobeBridge] => [X]
    GroupPolicyScripts: Group Policy detected <======= ATTENTION
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    BHO-x32: No Name -> {206E52E0-D52E-11D4-AD54-0000E86C26F6} -> C:\PROGRA~2\FRESHD~1\FRESHD~1\fdcatch.dll No File
    C:\PROGRA~2\FRESHD~1
    Toolbar: HKLM-x32 - VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - No File
    Toolbar: HKU\S-1-5-21-2367110212-2466544879-1827172648-1000 -> No Name - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - No File
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
    Handler: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - C:\Program Files (x86)\VIPRE\VSGN.dll No File
    C:\Program Files (x86)\VIPRE
    R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-11-11] (AVG Technologies)
    C:\Windows\system32\drivers\avgtpx64.sys
    U3 idsvc; No ImagePath
    S3 MFE_RR; \??\C:\Users\Windows7\AppData\Local\Temp\mfe_rr.sys [X]
    S2 NEWDRIVER; \??\C:\Windows\SysWow64\WinVDEdrv6.sys [X]
    C:\ProgramData\SMRResults410.dat
    Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Ad-Aware Antivirus" /f
    Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Ad-Aware Browsing Protection" /f
    Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v AdAwareTray /f
    Reg: reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 /v AVG_UI /f
    Reg: reg delete HHKU\S-1-5-21-2367110212-2466544879-1827172648-1000\...\StartupApproved\Run /v "" /f
    EmptyTemp:
    end
  • Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 07-20-2015, 04:53 AM   #7
Registered Member
 
Join Date: Jun 2008
Location: South Africa
Posts: 125
OS: Windows 10 Pro



Fix result of Farbar Recovery Scan Tool (x64) Version:18-07-2015 01
Ran by Windows7 at 2015-07-20 13:39:57 Run:1
Running from C:\Users\Windows7\Desktop\Farbar
Loaded Profiles: Windows7 (Available Profiles: Windows7 & Kiran & Guest)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
createrestorepoint:
Task: {61D6A818-8121-4895-BDCC-7C3CD9DF15D7} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
C:\Program Files (x86)\Lavasoft
Task: {C2EC087B-630F-4989-BCA1-ABC8AD9D6942} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\PROGRA~2\AD-AWA~1\AdAwareLauncher.exe
C:\PROGRA~2\AD-AWA~1
Kaspersky Internet Security (x32 Version: 15.0.2.361 - Kaspersky Lab) Hidden
FirewallRules: [{436DA1A4-74A0-4DD5-9421-E246E1A950BA}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{D6F6B23F-DE44-41BF-B328-7B8DFF058BAE}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{055328E7-38FC-4549-B193-07D6538378A6}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{3C63CE9D-2D01-4FFB-BC6F-5F6461E16A52}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{6F9398C5-9130-425A-821C-34F3CF5E4ADE}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe
FirewallRules: [{0288E798-B5F4-47F2-899D-EC64D4594038}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe
FirewallRules: [{6E7E766D-4A2F-46D5-BE9C-624F76FE19B5}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
FirewallRules: [{EBD04EA2-C31C-4B17-A18A-07341E6782C9}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
FirewallRules: [{5E03EF05-032F-439D-8B00-DCC84EDEB61D}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{C5E5DE80-D640-444C-802A-319E5D49DD8F}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{6B788731-F25D-4875-B0A7-205AA8FC3824}] => (Allow) C:\Program Files\BitComet\BitComet.exe
FirewallRules: [{00A252AC-93D1-4C3C-B3BA-EF862950939A}] => (Allow) C:\Program Files\BitComet\BitComet.exe
FirewallRules: [UDP Query User{E7E501D6-9CFA-48E7-BE87-FD15A260764B}C:\program files (x86)\flashget network\flashget 3\flashget3.exe] => (Allow) C:\program files (x86)\flashget network\flashget 3\flashget3.exe
FirewallRules: [TCP Query User{6CE82F03-5787-4B70-9045-2F7871720543}C:\program files (x86)\flashget network\flashget 3\flashget3.exe] => (Allow) C:\program files (x86)\flashget network\flashget 3\flashget3.exe
FirewallRules: [{68F4B53D-9D3E-4D33-A855-1734EFA08DBE}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{01746686-B003-4724-A5E1-5E3C98AC96D5}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{8B9B8A81-78B4-4531-8E2C-DDD380E69403}] => (Allow) C:\Program Files (x86)\adawaretb\dtUser.exe
FirewallRules: [{2E89193F-57DD-49F2-862C-52A8DBCB74B3}] => (Allow) C:\Program Files (x86)\adawaretb\dtUser.exe
FirewallRules: [{A890A3D8-F19F-4896-B8E3-6E0D85CC3C70}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe
FirewallRules: [{F73DE853-45A0-4BF2-822B-33C4942C4332}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe
FirewallRules: [{60923980-30E9-4088-9A0E-F11E6C69B263}] => (Allow) C:\Program Files (x86)\adawaretb\dtUser.exe
FirewallRules: [{60F2A048-BCE9-4414-AD2E-C5A80AD58371}] => (Allow) C:\Program Files (x86)\adawaretb\dtUser.exe
FirewallRules: [{4C087F9A-A8ED-4A7C-AA91-01EB8D172B53}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
FirewallRules: [{F6C4B66A-5523-4503-B326-AEAAA91D638A}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
FirewallRules: [{91ECF308-94E1-4BE4-BA3A-A78A8DFE5B3C}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe
FirewallRules: [{1A01CBAC-EFD0-4677-AAC8-E7FA379F5D63}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe
FirewallRules: [{B68724DF-989C-401B-B0A8-93833F02B79B}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
FirewallRules: [{ECAAE88A-D4A5-4234-995F-0A8814151EEE}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
FirewallRules: [TCP Query User{4CD6799C-9894-41E1-A5F9-22FA15EB643B}C:\program files (x86)\flashget network\flashget 3\flashget3.exe] => (Allow) C:\program files (x86)\flashget network\flashget 3\flashget3.exe
FirewallRules: [UDP Query User{80FE39D0-7C01-4B9B-B62A-C18354D14A85}C:\program files (x86)\flashget network\flashget 3\flashget3.exe] => (Allow) C:\program files (x86)\flashget network\flashget 3\flashget3.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe] => Enabled:Flashget3
FirewallRules: [UDP Query User{2CEDD802-26E2-477A-884C-6E7BAFD55DC6}C:\program files (x86)\keedom smart sync\mobmng.exe] => (Allow) C:\program files (x86)\keedom smart sync\mobmng.exe
FirewallRules: [TCP Query User{7EB8F6AF-6C74-4BB2-BF33-1F4640A9F03E}C:\program files (x86)\keedom smart sync\mobmng.exe] => (Allow) C:\program files (x86)\keedom smart sync\mobmng.exe
C:\Program Files (x86)\AVG
C:\Program Files\BitComet
C:\program files (x86)\flashget network
C:\Program Files (x86)\adawaretb
C:\program files (x86)\keedom smart sync
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2367110212-2466544879-1827172648-1000\...\Run: [AdobeBridge] => [X]
GroupPolicyScripts: Group Policy detected <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: No Name -> {206E52E0-D52E-11D4-AD54-0000E86C26F6} -> C:\PROGRA~2\FRESHD~1\FRESHD~1\fdcatch.dll No File
C:\PROGRA~2\FRESHD~1
Toolbar: HKLM-x32 - VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - No File
Toolbar: HKU\S-1-5-21-2367110212-2466544879-1827172648-1000 -> No Name - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Handler: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - C:\Program Files (x86)\VIPRE\VSGN.dll No File
C:\Program Files (x86)\VIPRE
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-11-11] (AVG Technologies)
C:\Windows\system32\drivers\avgtpx64.sys
U3 idsvc; No ImagePath
S3 MFE_RR; \??\C:\Users\Windows7\AppData\Local\Temp\mfe_rr.sys [X]
S2 NEWDRIVER; \??\C:\Windows\SysWow64\WinVDEdrv6.sys [X]
C:\ProgramData\SMRResults410.dat
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Ad-Aware Antivirus" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Ad-Aware Browsing Protection" /f
Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v AdAwareTray /f
Reg: reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 /v AVG_UI /f
Reg: reg delete HHKU\S-1-5-21-2367110212-2466544879-1827172648-1000\...\StartupApproved\Run /v "" /f
EmptyTemp:
end
*****************

Restore point was successfully created.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{61D6A818-8121-4895-BDCC-7C3CD9DF15D7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{61D6A818-8121-4895-BDCC-7C3CD9DF15D7}" => key removed successfully
C:\Windows\System32\Tasks\Ad-Aware Update (Weekly) => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Ad-Aware Update (Weekly)" => key removed successfully
C:\Program Files (x86)\Lavasoft => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C2EC087B-630F-4989-BCA1-ABC8AD9D6942}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C2EC087B-630F-4989-BCA1-ABC8AD9D6942}" => key removed successfully
C:\Windows\System32\Tasks\Ad-Aware Antivirus Scheduled Scan => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Ad-Aware Antivirus Scheduled Scan" => key removed successfully
C:\PROGRA~2\AD-AWA~1 => moved successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\InstallWIX_{02FECEE0-16B2-43DB-BC3B-C844477FC142}\\SystemComponent => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{436DA1A4-74A0-4DD5-9421-E246E1A950BA} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D6F6B23F-DE44-41BF-B328-7B8DFF058BAE} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{055328E7-38FC-4549-B193-07D6538378A6} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3C63CE9D-2D01-4FFB-BC6F-5F6461E16A52} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6F9398C5-9130-425A-821C-34F3CF5E4ADE} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0288E798-B5F4-47F2-899D-EC64D4594038} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6E7E766D-4A2F-46D5-BE9C-624F76FE19B5} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EBD04EA2-C31C-4B17-A18A-07341E6782C9} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5E03EF05-032F-439D-8B00-DCC84EDEB61D} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C5E5DE80-D640-444C-802A-319E5D49DD8F} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6B788731-F25D-4875-B0A7-205AA8FC3824} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{00A252AC-93D1-4C3C-B3BA-EF862950939A} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{E7E501D6-9CFA-48E7-BE87-FD15A260764B}C:\program files (x86)\flashget network\flashget 3\flashget3.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{6CE82F03-5787-4B70-9045-2F7871720543}C:\program files (x86)\flashget network\flashget 3\flashget3.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{68F4B53D-9D3E-4D33-A855-1734EFA08DBE} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{01746686-B003-4724-A5E1-5E3C98AC96D5} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8B9B8A81-78B4-4531-8E2C-DDD380E69403} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2E89193F-57DD-49F2-862C-52A8DBCB74B3} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A890A3D8-F19F-4896-B8E3-6E0D85CC3C70} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F73DE853-45A0-4BF2-822B-33C4942C4332} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{60923980-30E9-4088-9A0E-F11E6C69B263} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{60F2A048-BCE9-4414-AD2E-C5A80AD58371} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4C087F9A-A8ED-4A7C-AA91-01EB8D172B53} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F6C4B66A-5523-4503-B326-AEAAA91D638A} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{91ECF308-94E1-4BE4-BA3A-A78A8DFE5B3C} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1A01CBAC-EFD0-4677-AAC8-E7FA379F5D63} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B68724DF-989C-401B-B0A8-93833F02B79B} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{ECAAE88A-D4A5-4234-995F-0A8814151EEE} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{4CD6799C-9894-41E1-A5F9-22FA15EB643B}C:\program files (x86)\flashget network\flashget 3\flashget3.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{80FE39D0-7C01-4B9B-B62A-C18354D14A85}C:\program files (x86)\flashget network\flashget 3\flashget3.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{2CEDD802-26E2-477A-884C-6E7BAFD55DC6}C:\program files (x86)\keedom smart sync\mobmng.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{7EB8F6AF-6C74-4BB2-BF33-1F4640A9F03E}C:\program files (x86)\keedom smart sync\mobmng.exe => value removed successfully
"C:\Program Files (x86)\AVG" => File/Folder not found.
"C:\Program Files\BitComet" => File/Folder not found.
C:\program files (x86)\flashget network => moved successfully.
"C:\Program Files (x86)\adawaretb" => File/Folder not found.
C:\program files (x86)\keedom smart sync => moved successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKU\S-1-5-21-2367110212-2466544879-1827172648-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value removed successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully.
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully.
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{206E52E0-D52E-11D4-AD54-0000E86C26F6}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{206E52E0-D52E-11D4-AD54-0000E86C26F6}" => key removed successfully
C:\PROGRA~2\FRESHD~1 => moved successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{A924C17A-5E94-4E02-BED5-49720BA6F7FA} => value removed successfully
"HKCR\Wow6432Node\CLSID\{A924C17A-5E94-4E02-BED5-49720BA6F7FA}" => key removed successfully
HKU\S-1-5-21-2367110212-2466544879-1827172648-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A924C17A-5E94-4E02-BED5-49720BA6F7FA} => value removed successfully
HKCR\CLSID\{A924C17A-5E94-4E02-BED5-49720BA6F7FA} => key not found.
HKCR\PROTOCOLS\Handler\linkscanner => key not found.
HKCR\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} => key not found.
"HKCR\PROTOCOLS\Handler\vipresg" => key removed successfully
HKCR\CLSID\{47BE2E5B-703B-444F-ABD3-05717D2191C6} => key not found.
C:\Program Files (x86)\VIPRE => moved successfully.
avgtp => Unable to stop service.
avgtp => Service removed successfully
C:\Windows\system32\drivers\avgtpx64.sys => moved successfully.
idsvc => Service removed successfully
MFE_RR => Service removed successfully
NEWDRIVER => Service removed successfully
C:\ProgramData\SMRResults410.dat => moved successfully.

========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Ad-Aware Antivirus" /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Ad-Aware Browsing Protection" /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v AdAwareTray /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 /v AVG_UI /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg delete HHKU\S-1-5-21-2367110212-2466544879-1827172648-1000\...\StartupApproved\Run /v "" /f =========

ERROR: Invalid key name.
Type "REG DELETE /?" for usage.


========= End of Reg: =========

EmptyTemp: => 1.1 GB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 13:42:41 ====
happydaze29 is offline  
Old 07-20-2015, 12:18 PM   #8
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, happydaze29. How is the machine behaving? Any noticeable symptoms?

------------------------------------------------------

Did you install Kaspersky because you had problems with Windows Defender?

I noticed errors reported concerning Windows Defender in your Event logs.

------------------------------------------------------

Run FRST64 again, but instead of scan, copy/paste the following filename into the Search window and click 'Search Files':

wininit.exe

Once done, a log will pop open. Please copy/paste the contents of the log here in your next reply.

The log, Search.txt, will also be saved at the same location that FRST64.exe is located.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 07-21-2015, 03:45 AM   #9
Registered Member
 
Join Date: Jun 2008
Location: South Africa
Posts: 125
OS: Windows 10 Pro



Hi, thank you for all your trouble so far. Everything seems ok, the only thing is it takes up to 1 minute from clicking on 'restart' until Win 8 login. Then another 2-4 minutes after login until my machine is fully functional. I only have a few things in Startup. I know it is dependent on a lot of factors.

I bought Kaspersky after AVGfree failed and I had a virus. Defender is turned off, I presume because of Kaspersky.

Farbar Recovery Scan Tool (x64) Version:20-07-2015
Ran by Windows7 at 2015-07-21 08:24:02
Running from C:\Users\Windows7\Desktop\Farbar
Boot Mode: Normal

================== Search Files: "wininit.exe" =============

C:\Windows\WinSxS\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.3.9600.17415_none_21fdb3b5d80e199e\wininit.exe
[2015-05-31 10:24][2014-10-29 03:25] 0145920 ____A (Microsoft Corporation) A570A64292214C43E0BA50E6A72A6380 [File is signed]

C:\Windows\WinSxS\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.3.9600.16384_none_21b118d9d847ad16\wininit.exe
[2013-08-22 11:58][2015-06-10 11:21] 0026215 ____A () DCF5C72FC1D8BE1165975F1339DC92DA

C:\Windows\System32\wininit.exe
[2015-05-31 10:24][2014-10-29 03:25] 0145920 ____A (Microsoft Corporation) A570A64292214C43E0BA50E6A72A6380 [File is signed]

====== End of Search ======
happydaze29 is offline  
Old 07-21-2015, 09:26 PM   #10
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, happydaze29. Do you have access to another machine with 8.1 (64-bit)?

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 07-21-2015, 10:33 PM   #11
Registered Member
 
Join Date: Jun 2008
Location: South Africa
Posts: 125
OS: Windows 10 Pro



Yes I do.
happydaze29 is offline  
Old 07-22-2015, 09:30 PM   #12
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, happydaze29. On the other machine, navigate to C:\Windows\SysWOW64\wininit.exe, right-click the file > copy and paste it to USB drive.

Connect the USB drive to the affected machine, navigate to the wininit.exe file, right-click the file > copy

Navigate to your C:\Windows\SysWOW64 folder, then paste the file into that folder.

When you have accomplished that...

Run FRST64 again. Copy/paste the following bolded text into the Search window and click 'Search Files':

wininit.exe

Once done, a log will pop open. Please copy/paste the contents of the log here in your next reply.

The log, Search.txt, will also be saved at the same location that FRST.exe is located.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 07-23-2015, 02:13 AM   #13
Registered Member
 
Join Date: Jun 2008
Location: South Africa
Posts: 125
OS: Windows 10 Pro



Hi, I couldn't find wininit.exe in the specified folder so I did a search. I have included a screenshot of the results. There is a wininit.exe.mui in the SysWOW64 folder.
Attached Thumbnails
Click image for larger version

Name:	wininit.jpg
Views:	131
Size:	211.6 KB
ID:	245154  
happydaze29 is offline  
Old 07-23-2015, 03:00 AM   #14
Registered Member
 
Join Date: Jun 2008
Location: South Africa
Posts: 125
OS: Windows 10 Pro



Just to be sure, this screenshot is from the other machine running Win8.1.
happydaze29 is offline  
Old 07-23-2015, 01:56 PM   #15
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, happydaze29. Forget about the other machine for now.

On your machine...

Run FRST64 again. Copy/paste the following bolded text into the Search window and click 'Search Registry':

wininit.exe

Once done, a log will pop open. Please copy/paste the contents of the log here in your next reply.

The log, Search.txt, will also be saved at the same location that FRST64.exe is located.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 07-24-2015, 04:04 AM   #16
Registered Member
 
Join Date: Jun 2008
Location: South Africa
Posts: 125
OS: Windows 10 Pro



Farbar Recovery Scan Tool (x64) Version:20-07-2015
Ran by Windows7 at 2015-07-24 13:03:56
Running from C:\Users\Windows7\Desktop\Farbar
Boot Mode: Normal

================== Search Registry: "wininit.exe" ===========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FTH]
"ExclusionList"="smss.exe
csrss.exe
wininit.exe
services.exe
lsass.exe
lsm.exe
svchost.exe
winlogon.exe
SLsvc.exe
spoolsv.exe
taskhost.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Diagnostics\Performance\Resolvers]
"SystemBinariesList"="win32k.sys:winlogon.exe:EXPLORER.EXE:CSRSS.Exe:dwm.exe:logon.scr:logonui.exe:lsass.exe:lsm.exe:ntkrpamp.exe:ntoskrnl.exe:RUNDLL32.EXE:services.exe:sppsvc.exe:smss.exe:spoolsv.exe:svchost.exe:taskeng.exe:WinInit.exe:WISPTIS.EXE:dllhost.exe:dllhst3g.exe:cscript.exe:mmc.exe:msiexec.exe:upnpcont.exe:wscript.exe:WUDFHost.exe:dfsvc.exe:dfsvc.exe:fdbs.exe:ntfsbs.exe:memdiag.exe:NETFXSBS10.exe:applaunch.exe:aspnet_compiler.exe:aspnet_regbrowsers.exe:aspnet_regiis.exe:aspnet_regsql.exe:aspnet_state.exe:aspnet_wp.exe:caspol.exe:csc.exe:CVTRES.EXE:dfsvc.exe:dw20.exe:IEExec.exe:ilasm.exe:InstallUtil.exe:jsc.exe:MSBuild.exe:mscorsvw.exe:ngen.exe:RegAsm.exe::RegSvcs.exe:vbc.exe:TrustedInstaller.exe:Aurora.scr:AutoChk.Exe:AUTOFMT.EXE:CHKDSK.EXE:CHKNTFS.EXE:consent.exe:PnPUnattend.exe:PnPutil.exe:RacAgent.exe:fsquirt.exe:Uninst.exe:updateWmc.exe:wmdc.exe:wmdsync.exe:mofcomp.exe:ScrCons.exe:smi2smir.exe:unsecapp.exe:wbemtest.exe:winmgmt.exe:wmic.exe:bfsvc.exe:Twunk_16.exe:Twunk_32.exe:wuauclt.exe:wsqmcons.exe:sapisvr.exe:WinSAT.exe:p2phost.exe:SearchProtocolHost.exe:WerFault.exe:drvinst.exe:ehshell.exe:UI0Detect.exe:ehtray.exe:HelpPane.exe:mrt.exe:SearchFilterHost.exe:mobsync.exe:Narrator.exe:SLUI.exe:taskmgr.exe:PresentationSettings.exe:vds.exe:sdclt.exe:irftp.exe:DFDWiz.exe:SndVol.exe:makecab.exe:msfeedssync.exe:unregmp2.exe:DeviceProperties.exe:rstrui.exe:MdRes.exe:netsh.exe:printui.exe:mcupdate.exe:4mmdat.sys:61883.sys:ACPI.sys:amdk7.sys:amdk8.sys:ASYNCMAC.SYS:atapi.sys:AVC.SYS:cdfs.sys:cdrom.sys:circlass.sys:cmbatt.sys:crusoe.sys:CSC.Sys:dc21x4vm.sys:disk.sys:dot4.sys:dot4usb.sys:drmkaud.sys:ecache.sys:fdc.sys:floppy.sys:hdaudbus.sys:HDAudio.sys:HIDBTH.SYS:HIDIR.SYS:i8042prt.sys:intelppm.sys:irenum.SYS:IRSIR.SYS:kbdclass.sys:kbdhid.sys:LOOP.SYS:mf.sys:monitor.sys:mouclass.sys:mouhid.sys:msisadrv.sys:msiscsi.sys:NDISWAN.SYS:nsiproxy.sys:ohci1394.sys:pci.sys:pciide.sys:powerfil.sys:processr.sys:rasl2tp.sys:raspppoe.sys:RASPPTP.SYS:RDPCDD.SYS:rfcomm.sys:sbp2port.sys:sdbus.sys:serenum.sys:serial.sys:sermouse.sys:sffdisk.sys:sffp_mmc.sys:smbios.sys:swenum.sys:tdx.sys:termdd.sys:tpm.sys:tunmp.sys:tunnel.sys:umbus.sys:update.sys:usb8023.sys:USBAudio.sys:USBCCGP.SYS:usbcir.sys:USBEHCI.sys:usbhub.sys:USBOHCI.sys:usbprint.sys:USBUHCI.sys:viac7.sys:wacompen.sys:wceusbsh.sys:winusb.sys:ws2ifsl.sys:xnacc.sys"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{206f6dea-d3c5-4d10-bc72-989f03c8b84b}]
"ResourceFileName"="%SystemRoot%\system32\wininit.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{206f6dea-d3c5-4d10-bc72-989f03c8b84b}]
"MessageFileName"="%SystemRoot%\system32\wininit.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\FTH]
"ExclusionList"="smss.exe
csrss.exe
wininit.exe
services.exe
lsass.exe
lsm.exe
svchost.exe
winlogon.exe
SLsvc.exe
spoolsv.exe
taskhost.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Application\Wininit]
"EventMessageFile"="%SystemRoot%\System32\wininit.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System\Microsoft-Windows-Wininit]
"EventMessageFile"="%SystemRoot%\system32\wininit.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"Wininit-Shutdown-In-Rule-TCP-RPC"="v2.22|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC|App=%systemroot%\system32\wininit.exe|[email protected],-36753|[email protected],-36754|[email protected],-36751|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"Wininit-Shutdown-In-Rule-TCP-RPC-EPMapper"="v2.22|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC-EPMap|App=%systemroot%\system32\wininit.exe|[email protected],-36755|[email protected],-36756|[email protected],-36751|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"Wininit-Shutdown-In-Rule-TCP-RPC"="v2.22|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC|App=%systemroot%\system32\wininit.exe|[email protected],-36753|[email protected],-36754|[email protected],-36751|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"Wininit-Shutdown-In-Rule-TCP-RPC-EPMapper"="v2.22|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC-EPMap|App=%systemroot%\system32\wininit.exe|[email protected],-36755|[email protected],-36756|[email protected],-36751|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\AppId_Catalog\06EBDCB1]
"AppFullPath"="C:\Windows\System32\wininit.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Wininit]
"EventMessageFile"="%SystemRoot%\System32\wininit.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-Wininit]
"EventMessageFile"="%SystemRoot%\system32\wininit.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"Wininit-Shutdown-In-Rule-TCP-RPC"="v2.22|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC|App=%systemroot%\system32\wininit.exe|[email protected],-36753|[email protected],-36754|[email protected],-36751|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"Wininit-Shutdown-In-Rule-TCP-RPC-EPMapper"="v2.22|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC-EPMap|App=%systemroot%\system32\wininit.exe|[email protected],-36755|[email protected],-36756|[email protected],-36751|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"Wininit-Shutdown-In-Rule-TCP-RPC"="v2.22|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC|App=%systemroot%\system32\wininit.exe|[email protected],-36753|[email protected],-36754|[email protected],-36751|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"Wininit-Shutdown-In-Rule-TCP-RPC-EPMapper"="v2.22|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC-EPMap|App=%systemroot%\system32\wininit.exe|[email protected],-36755|[email protected],-36756|[email protected],-36751|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\AppId_Catalog\06EBDCB1]
"AppFullPath"="C:\Windows\System32\wininit.exe"

====== End of Search ======
happydaze29 is offline  
Old 07-24-2015, 08:35 PM   #17
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, happydaze29.

I just noticed something that may be the cause of why I can't make sense of some your log results.

From your AdwCleaner log:

Quote:
# Operating system : Windows 8.1 Pro (x64)
From your FRST log:

Quote:
Platform: Windows 7 Ultimate (X64) OS Language: English (United Kingdom)
Quote:
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 339E61AA)
Please explain this discrepancy. Am I fixing a Win7 or Win8.1 machine?

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 07-25-2015, 12:11 AM   #18
Registered Member
 
Join Date: Jun 2008
Location: South Africa
Posts: 125
OS: Windows 10 Pro



I bought the machine with Windows 7 but then bought Win 8 when it first came out and upgraded via a web download (2012?), I have since upgraded and updated constantly and am waiting for Windows 10. See screenshot of my system.

So in a nutshell: I have no idea!
Attached Thumbnails
Click image for larger version

Name:	Untitled.jpg
Views:	151
Size:	109.2 KB
ID:	245434  
happydaze29 is offline  
Old 07-25-2015, 02:45 PM   #19
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, happydaze29. Is the other Win8.1 machine also Pro?

On the other Win8.1 machine...

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook_x64.exe to run it. (Vista/Win7/Win8 users, right-click > Run as administrator)
  • Copy/paste the contents of the following codebox into the main textfield:
    Code:
    :filefind
    wininit.exe
    
    :regfind
    wininit.exe
  • Click the Look button to start the scan.
  • Please be patient, as it may take a while.
  • When finished, a Notepad file will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 07-26-2015, 10:38 PM   #20
Registered Member
 
Join Date: Jun 2008
Location: South Africa
Posts: 125
OS: Windows 10 Pro



Morning,

This machine I bought second hand with Win 8. I then upgraded it to Win8.1. I see it is not Pro.

Thanks.

SystemLook 30.07.11 by jpshortstuff
Log created at 06:19 on 27/07/2015 by Henry
Administrator - Elevation successful

========== filefind ==========

Searching for "wininit.exe"
C:\Windows\System32\wininit.exe --a---- 145920 bytes [05:14 21/11/2014] [05:14 21/11/2014] A570A64292214C43E0BA50E6A72A6380
C:\Windows\WinSxS\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.3.9600.17415_none_21fdb3b5d80e199e\wininit.exe --a---- 145920 bytes [05:14 21/11/2014] [05:14 21/11/2014] A570A64292214C43E0BA50E6A72A6380

========== regfind ==========

Searching for "wininit.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FTH]
"ExclusionList"="smss.exe csrss.exe wininit.exe services.exe lsass.exe lsm.exe svchost.exe winlogon.exe SLsvc.exe spoolsv.exe taskhost.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Diagnostics\Performance\Resolvers]
"SystemBinariesList"="win32k.sys:winlogon.exe:EXPLORER.EXE:CSRSS.Exe:dwm.exe:logon.scr:logonui.exe:lsass.exe:lsm.exe:ntkrpamp.exe:ntoskrnl.exe:RUNDLL32.EXE:services.exe:sppsvc.exe:smss.exe:spoolsv.exe:svchost.exe:taskeng.exe:WinInit.exe:WISPTIS.EXE:dllhost.exe:dllhst3g.exe:cscript.exe:mmc.exe:msiexec.exe:upnpcont.exe:wscript.exe:WUDFHost.exe:dfsvc.exe:dfsvc.exe:fdbs.exe:ntfsbs.exe:memdiag.exe:NETFXSBS10.exe:applaunch.exe:aspnet_compiler.exe:aspnet_regbrowsers.exe:aspnet_regiis.exe:aspnet_regsql.exe:aspnet_state.exe:aspnet_wp.exe:caspol.exe:csc.exe:CVTRES.EXE:dfsvc.exe:dw20.exe:IEExec.exe:ilasm.exe:InstallUtil.exe:jsc.exe:MSBuild.exe:mscorsvw.exe:ngen.exe:RegAsm.exe::RegSvcs.exe:vbc.exe:TrustedInstaller.exe:Aurora.scr:AutoChk.Exe:AUTOFMT.EXE:CHKDSK.EXE:CHKNTFS.EXE:consent.exe:PnPUnattend.exe:PnPutil.exe:RacAgent.exe:fsquirt.exe:Uninst.exe:updateWmc.exe:wmdc.exe:wmdsync.exe:mofcomp.exe:ScrCons.exe:smi2smir.exe:unse
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{206f6dea-d3c5-4d10-bc72-989f03c8b84b}]
"ResourceFileName"="%SystemRoot%\system32\wininit.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{206f6dea-d3c5-4d10-bc72-989f03c8b84b}]
"MessageFileName"="%SystemRoot%\system32\wininit.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Application\Wininit]
"EventMessageFile"="%SystemRoot%\System32\wininit.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System\Microsoft-Windows-Wininit]
"EventMessageFile"="%SystemRoot%\system32\wininit.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"Wininit-Shutdown-In-Rule-TCP-RPC"="v2.22|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC|App=%systemroot%\system32\wininit.exe|[email protected],-36753|[email protected],-36754|[email protected],-36751|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"Wininit-Shutdown-In-Rule-TCP-RPC-EPMapper"="v2.22|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC-EPMap|App=%systemroot%\system32\wininit.exe|[email protected],-36755|[email protected],-36756|[email protected],-36751|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"Wininit-Shutdown-In-Rule-TCP-RPC"="v2.22|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC|App=%systemroot%\system32\wininit.exe|[email protected],-36753|[email protected],-36754|[email protected],-36751|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"Wininit-Shutdown-In-Rule-TCP-RPC-EPMapper"="v2.22|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC-EPMap|App=%systemroot%\system32\wininit.exe|[email protected],-36755|[email protected],-36756|[email protected],-36751|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\AppId_Catalog\06EBDCB1]
"AppFullPath"="C:\Windows\System32\wininit.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Wininit]
"EventMessageFile"="%SystemRoot%\System32\wininit.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-Wininit]
"EventMessageFile"="%SystemRoot%\system32\wininit.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"Wininit-Shutdown-In-Rule-TCP-RPC"="v2.22|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC|App=%systemroot%\system32\wininit.exe|[email protected],-36753|[email protected],-36754|[email protected],-36751|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"Wininit-Shutdown-In-Rule-TCP-RPC-EPMapper"="v2.22|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC-EPMap|App=%systemroot%\system32\wininit.exe|[email protected],-36755|[email protected],-36756|[email protected],-36751|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"Wininit-Shutdown-In-Rule-TCP-RPC"="v2.22|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC|App=%systemroot%\system32\wininit.exe|[email protected],-36753|[email protected],-36754|[email protected],-36751|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"Wininit-Shutdown-In-Rule-TCP-RPC-EPMapper"="v2.22|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC-EPMap|App=%systemroot%\system32\wininit.exe|[email protected],-36755|[email protected],-36756|[email protected],-36751|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\AppId_Catalog\06EBDCB1]
"AppFullPath"="C:\Windows\System32\wininit.exe"

-= EOF =-
Attached Thumbnails
Click image for larger version

Name:	Other machine system.png
Views:	87
Size:	35.0 KB
ID:	245682  
happydaze29 is offline  
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Urgent help needed to remove multiple virus :win64/patched.A and Trojan.
Dear tech guru, I got hit by the FBI virus a day and a half ago and later more viruses came in unexpected. Here are the details of my computer and the viruses. I have already backed up my system, and ran the tdsskiller and otl. I would like to completely get rid of the viruses. Your help is...
deesw8 Resolved HJT Threads 52 11-05-2012 09:56 AM
OTL Tutorial
Written by emeraldnzl and reposted here with permission and thanks. Introduction Regularly check your canned. Make sure it is up to date with changes (this tool is updated frequently) and that you have the correct download link. The correct ones for the latest version at time of writing are...
tetonbob The Annex 4 06-07-2010 08:29 AM
Practice Log #14
This is the fourth difficult log posted in this forum. Work your way through it carefully. You are required to post your replies as if you are replying to a user in the forum. This log requires more than one reply. Post both or several replies in the same thread and head each with Post 1, Post 2...
tetonbob Practice Logs And Questionnaires 0 04-28-2006 04:05 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 12:31 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts