Jump to content

bucfanmike

Members
 View Profile  See their activity

  • Posts

    1

  • Joined

  • Last visited

Reputation

0 Neutral
  1. bucfanmike
    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-12-2014 Ran by MIKE (administrator) on RICHARDSHP on 31-12-2014 17:49:28 Running from C:\Users\MIKE\Desktop Loaded Profiles: MIKE & harto_000 & (Available profiles: MIKE & harto_000) Platform: Windows 8.1 (X64) OS Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) () C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe (Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe (AMD) C:\Windows\System32\atiesrxx.exe (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe (AMD) C:\Windows\System32\atieclxx.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\backgroundTaskHost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7573208 2014-09-22] (Realtek Semiconductor) HKLM\...\Run: [simplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2758200 2013-10-14] (Hewlett-Packard) HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [155704 2013-10-14] (Hewlett-Packard) HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [155704 2013-10-14] (Hewlett-Packard) HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2818800 2014-09-22] (Synaptics Incorporated) HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-11] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [iSUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [2068856 2011-10-13] (Flexera Software LLC.) HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [126240 2014-02-13] (Hewlett-Packard Company) HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [475448 2014-03-26] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.) HKLM-x32\...\Run: [sDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.) HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-12-16] (Hewlett-Packard) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKLM\...\Policies\Explorer: [NoFolderOptions] 0 HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-21-1701199303-4255432910-2207620121-1002\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd) HKU\S-1-5-21-1701199303-4255432910-2207620121-1002\...\Run: [spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.) HKU\S-1-5-21-1701199303-4255432910-2207620121-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd) HKU\S-1-5-21-1701199303-4255432910-2207620121-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.) HKU\S-1-5-21-1701199303-4255432910-2207620121-1005\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd) HKU\S-1-5-21-1701199303-4255432910-2207620121-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL No File ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL No File ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL No File BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/ HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT14/1 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-1701199303-4255432910-2207620121-1005\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-1701199303-4255432910-2207620121-1005\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT14/1 HKU\S-1-5-21-1701199303-4255432910-2207620121-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-1701199303-4255432910-2207620121-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT14/1 SearchScopes: HKLM -> {6737F8D5-7614-4EF7-84F2-6435C16F0580} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} SearchScopes: HKLM-x32 -> {6737F8D5-7614-4EF7-84F2-6435C16F0580} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} SearchScopes: HKU\S-1-5-21-1701199303-4255432910-2207620121-1002 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = SearchScopes: HKU\S-1-5-21-1701199303-4255432910-2207620121-1002 -> {6737F8D5-7614-4EF7-84F2-6435C16F0580} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKU\S-1-5-21-1701199303-4255432910-2207620121-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} SearchScopes: HKU\S-1-5-21-1701199303-4255432910-2207620121-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = SearchScopes: HKU\S-1-5-21-1701199303-4255432910-2207620121-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {6737F8D5-7614-4EF7-84F2-6435C16F0580} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKU\S-1-5-21-1701199303-4255432910-2207620121-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} SearchScopes: HKU\S-1-5-21-1701199303-4255432910-2207620121-1005 -> {6737F8D5-7614-4EF7-84F2-6435C16F0580} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKU\S-1-5-21-1701199303-4255432910-2207620121-1005 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} SearchScopes: HKU\S-1-5-21-1701199303-4255432910-2207620121-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {6737F8D5-7614-4EF7-84F2-6435C16F0580} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKU\S-1-5-21-1701199303-4255432910-2207620121-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\MIKE\AppData\Roaming\Mozilla\Firefox\Profiles\xsjwrfx3.default FF NewTab: FF DefaultSearchEngine: Google FF SelectedSearchEngine: FF Homepage: hxxp://www.msn.com/ FF Keyword.URL: hxxp://www-searching.com/search.aspx?s=ECUzamodk07628,e3ec97ed-2ed5-4bd6-85b2-5e6e69da72ac,&q= FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll () FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF Plugin-x32: nuance.com/DragonRIAPlugin -> C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\npDgnRia.dll (Nuance Communications Inc.) FF user.js: detected! => C:\Users\MIKE\AppData\Roaming\Mozilla\Firefox\Profiles\xsjwrfx3.default\user.js FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Extension: Garmin Communicator - C:\Users\MIKE\AppData\Roaming\Mozilla\Firefox\Profiles\xsjwrfx3.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2014-08-31] FF Extension: All-in-One Gestures - C:\Users\MIKE\AppData\Roaming\Mozilla\Firefox\Profiles\xsjwrfx3.default\Extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055} [2014-11-02] FF Extension: Adblock Plus Pop-up Addon - C:\Users\MIKE\AppData\Roaming\Mozilla\Firefox\Profiles\xsjwrfx3.default\Extensions\adblockpopups@jessehakanen.net.xpi [2014-08-31] FF Extension: Add to Amazon Wish List Button - C:\Users\MIKE\AppData\Roaming\Mozilla\Firefox\Profiles\xsjwrfx3.default\Extensions\amznUWL2@amazon.com.xpi [2014-08-31] FF Extension: FireGestures - C:\Users\MIKE\AppData\Roaming\Mozilla\Firefox\Profiles\xsjwrfx3.default\Extensions\firegestures@xuldev.org.xpi [2014-08-31] FF Extension: Coupons at Checkout - C:\Users\MIKE\AppData\Roaming\Mozilla\Firefox\Profiles\xsjwrfx3.default\Extensions\jid0-5R3LLpyrG0a1kPDXAA8ZKmM0bgM@jetpack.xpi [2014-08-31] FF Extension: Tab Kit - Mouse Gestures - C:\Users\MIKE\AppData\Roaming\Mozilla\Firefox\Profiles\xsjwrfx3.default\Extensions\tabkit.mouse-gestures@pikachuexe.amateur.hk.xpi [2014-11-02] FF Extension: X-notifier - C:\Users\MIKE\AppData\Roaming\Mozilla\Firefox\Profiles\xsjwrfx3.default\Extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi [2014-08-31] FF Extension: StumbleUpon - C:\Users\MIKE\AppData\Roaming\Mozilla\Firefox\Profiles\xsjwrfx3.default\Extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}.xpi [2014-08-31] FF Extension: Adblock Plus - C:\Users\MIKE\AppData\Roaming\Mozilla\Firefox\Profiles\xsjwrfx3.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-08-31] FF Extension: Download Statusbar - C:\Users\MIKE\AppData\Roaming\Mozilla\Firefox\Profiles\xsjwrfx3.default\Extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi [2014-08-31] FF HKLM-x32\...\Firefox\Extensions: [jid0-lmZNVK7a82O8cufhdfB9dUDfA2w@jetpack] - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi FF Extension: No Name - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi [2012-07-18] Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [mikhcaiakabeeokmenglcdebplfdjicn] - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\chromeShim.crx [2012-07-18] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-11] (Advanced Micro Devices, Inc.) [File not signed] R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [318592 2013-12-24] (Windows ® Win 7 DDK provider) R2 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-10-14] () [File not signed] R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-12-16] (Hewlett-Packard Company) [File not signed] R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [78088 2014-08-26] (Hewlett-Packard Company) R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [469304 2014-03-26] (Hewlett-Packard Development Company, L.P.) R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-10-14] (Softex Inc.) [File not signed] R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor) R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.) R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [191728 2014-09-22] (Synaptics Incorporated) S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-08-26] (Microsoft Corporation) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-20] (Advanced Micro Devices) R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3880448 2013-11-13] (Qualcomm Atheros Communications, Inc.) R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2013-09-25] (Advanced Micro Devices) R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation) R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-09-05] (Disc Soft Ltd) U0 kjxaoo; C:\Windows\System32\drivers\wbwinbpd.sys [79064 2014-12-30] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-31] (Malwarebytes Corporation) R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [291032 2013-12-16] (Realtek Semiconductor Corp.) R3 SmbDrv; C:\Windows\system32\DRIVERS\Smb_driver_AMDASF.sys [30448 2014-09-22] (Synaptics Incorporated) S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [31472 2014-01-07] (Synaptics Incorporated) R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation) R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-31 17:49 - 2014-12-31 17:49 - 00021786 _____ () C:\Users\MIKE\Desktop\FRST.txt 2014-12-31 17:46 - 2014-12-31 17:49 - 00000000 ____D () C:\FRST 2014-12-31 17:45 - 2014-12-31 17:45 - 02123264 _____ (Farbar) C:\Users\MIKE\Desktop\FRST64.exe 2014-12-31 17:01 - 2014-12-31 17:01 - 00000000 __SHD () C:\Users\MIKE\AppData\Local\EmieUserList 2014-12-31 17:01 - 2014-12-31 17:01 - 00000000 __SHD () C:\Users\MIKE\AppData\Local\EmieSiteList 2014-12-31 17:01 - 2014-12-31 17:01 - 00000000 __SHD () C:\Users\MIKE\AppData\Local\EmieBrowserModeList 2014-12-31 16:51 - 2014-12-31 16:51 - 00009358 _____ () C:\Users\MIKE\Desktop\hijackthis.log 2014-12-31 16:49 - 2014-12-31 16:49 - 00001449 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk 2014-12-31 16:49 - 2014-12-31 16:49 - 00001437 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk 2014-12-31 16:49 - 2014-12-31 16:49 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking 2014-12-31 16:49 - 2014-12-31 16:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 2014-12-31 16:49 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe 2014-12-31 16:48 - 2014-12-31 17:27 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-12-31 16:48 - 2014-12-31 16:51 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2 2014-12-31 16:47 - 2014-12-31 16:48 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\MIKE\Desktop\spybot-2.4.exe 2014-12-31 16:36 - 2014-12-31 16:36 - 00000000 ____D () C:\Users\MIKE\Desktop\backups 2014-12-31 12:24 - 2014-12-31 12:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-12-30 19:47 - 2014-12-30 19:47 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\wbwinbpd.sys 2014-12-30 18:33 - 2014-12-31 17:28 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-12-30 18:33 - 2014-12-30 18:33 - 00001160 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-12-30 18:33 - 2014-12-30 18:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-12-30 18:33 - 2014-12-30 18:33 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-12-30 18:33 - 2014-12-30 18:33 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-12-30 18:33 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-12-30 18:33 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-12-30 18:33 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-12-30 18:32 - 2014-12-30 18:32 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\MIKE\Desktop\mbam-setup-2.0.4.1028.exe 2014-12-30 18:17 - 2014-12-30 18:17 - 00388608 _____ (Trend Micro Inc.) C:\Users\MIKE\Desktop\HijackThis.exe 2014-12-30 17:56 - 2014-12-30 18:16 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP1.job 2014-12-30 17:56 - 2014-12-30 18:02 - 00000376 _____ () C:\Windows\Tasks\APSnotifierPP3.job 2014-12-30 17:56 - 2014-12-30 18:02 - 00000376 _____ () C:\Windows\Tasks\APSnotifierPP2.job 2014-12-30 17:56 - 2014-12-30 17:56 - 00002806 _____ () C:\Windows\System32\Tasks\APSnotifierPP1 2014-12-30 17:56 - 2014-12-30 17:56 - 00002804 _____ () C:\Windows\System32\Tasks\APSnotifierPP3 2014-12-30 17:56 - 2014-12-30 17:56 - 00002804 _____ () C:\Windows\System32\Tasks\APSnotifierPP2 2014-12-30 17:55 - 2014-12-30 17:55 - 00613057 _____ (CMI Limited) C:\Users\MIKE\AppData\Local\nsgF48F.tmp 2014-12-30 17:51 - 2014-12-30 17:51 - 00000000 ____D () C:\Program Files (x86)\predm 2014-12-30 17:49 - 2014-12-30 18:07 - 00001437 _____ () C:\ProgramData\tempimage.bmp 2014-12-30 17:49 - 2014-12-30 17:49 - 00003094 _____ () C:\Windows\System32\Tasks\{D18A4893-63F5-4026-AF88-1FB649D068C0} 2014-12-30 17:42 - 2014-12-30 17:42 - 00613057 _____ (CMI Limited) C:\Users\MIKE\AppData\Local\nsy5305.tmp 2014-12-30 17:42 - 2014-12-30 17:42 - 00000000 __SHD () C:\Users\MIKE\AppData\Roaming\AnyProtectEx 2014-12-30 17:40 - 2014-12-30 17:45 - 00002428 _____ () C:\Windows\patsearch.bin 2014-12-30 17:39 - 2014-12-30 17:47 - 00002648 _____ () C:\Windows\System32\Tasks\Voo Update 2014-12-30 17:39 - 2014-12-30 17:47 - 00000310 _____ () C:\Windows\Tasks\Voo Update.job 2014-12-30 17:39 - 2014-12-30 17:39 - 00000000 ____D () C:\Users\MIKE\AppData\Roaming\VooUpdate 2014-12-30 17:31 - 2014-12-30 17:31 - 00003514 _____ () C:\Windows\System32\Tasks\PastaLeads 2014-12-30 17:30 - 2014-12-30 18:07 - 00000000 ____D () C:\Program Files (x86)\Search Extensions 2014-12-30 17:30 - 2014-12-30 17:30 - 00000000 ____D () C:\Program Files (x86)\pre_installer_us 2014-12-30 17:26 - 2014-12-30 17:26 - 00003724 _____ () C:\Windows\System32\Tasks\SMupdate1 2014-12-30 17:26 - 2014-12-30 17:26 - 00003584 _____ () C:\Windows\System32\Tasks\YTDownloader 2014-12-30 17:26 - 2014-12-30 17:26 - 00000000 ____D () C:\Users\MIKE\AppData\Local\CrashRpt 2014-12-30 17:26 - 2014-12-30 17:26 - 00000000 ____D () C:\ProgramData\SearchModulePlus 2014-12-19 13:15 - 2014-10-30 16:37 - 00129536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe 2014-12-19 13:15 - 2014-10-30 16:34 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe 2014-12-13 07:50 - 2014-11-09 20:29 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\DeviceSetupStatusProvider.dll 2014-12-13 07:50 - 2014-11-09 19:51 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DeviceSetupStatusProvider.dll 2014-12-13 07:50 - 2014-10-30 17:39 - 01970432 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2014-12-13 07:50 - 2014-10-30 17:38 - 01612992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2014-12-13 07:48 - 2014-11-21 21:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-12-13 07:48 - 2014-11-21 20:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-12-13 07:48 - 2014-11-21 20:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-12-13 07:48 - 2014-11-21 20:49 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2014-12-13 07:48 - 2014-11-21 20:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-12-13 07:48 - 2014-11-21 20:35 - 00812544 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-12-13 07:48 - 2014-11-21 20:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-12-13 07:48 - 2014-11-21 20:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-12-13 07:48 - 2014-11-21 20:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-12-13 07:48 - 2014-11-21 20:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-12-13 07:48 - 2014-11-21 20:06 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2014-12-13 07:48 - 2014-11-21 20:06 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2014-12-13 07:48 - 2014-11-21 20:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-12-13 07:48 - 2014-11-21 20:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-12-13 07:48 - 2014-11-21 20:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-12-13 07:48 - 2014-11-21 19:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2014-12-13 07:48 - 2014-11-21 19:55 - 00661504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2014-12-13 07:48 - 2014-11-21 19:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2014-12-13 07:48 - 2014-11-21 19:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-12-13 07:48 - 2014-11-21 19:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-12-13 07:48 - 2014-11-21 19:49 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-12-13 07:48 - 2014-11-21 19:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-12-13 07:48 - 2014-11-21 19:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-12-13 07:48 - 2014-11-21 19:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-12-13 07:48 - 2014-11-21 19:34 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2014-12-13 07:48 - 2014-11-21 19:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-12-13 07:48 - 2014-11-21 19:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-12-13 07:48 - 2014-11-21 19:29 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2014-12-13 07:48 - 2014-11-21 19:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-12-13 07:48 - 2014-11-21 19:25 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2014-12-13 07:48 - 2014-11-21 19:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-12-13 07:48 - 2014-11-21 19:23 - 00326656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-12-13 07:48 - 2014-11-21 19:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-12-13 07:48 - 2014-11-21 19:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-12-13 07:48 - 2014-11-21 19:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-12-13 07:48 - 2014-11-21 19:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-12-13 07:48 - 2014-11-21 19:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-12-13 07:48 - 2014-11-21 18:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-12-13 07:48 - 2014-11-21 18:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-12-13 07:47 - 2014-11-06 22:16 - 01762840 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-12-13 07:47 - 2014-11-06 21:26 - 01489072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-12-13 07:47 - 2014-10-31 17:57 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll 2014-12-13 07:47 - 2014-10-31 17:47 - 00790528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll 2014-12-13 07:47 - 2014-10-12 20:43 - 00238912 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys 2014-12-13 07:47 - 2014-10-12 20:43 - 00153920 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys 2014-12-13 07:47 - 2014-10-12 20:43 - 00086336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys 2014-12-13 07:47 - 2014-10-12 20:43 - 00039744 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\intelpep.sys 2014-12-10 06:03 - 2014-12-10 06:03 - 03981488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2014-12-08 20:31 - 2014-12-08 20:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-31 17:36 - 2014-08-30 14:38 - 02075931 _____ () C:\Windows\WindowsUpdate.log 2014-12-31 17:26 - 2014-08-06 12:23 - 00013167 _____ () C:\Windows\wininit.ini 2014-12-31 17:03 - 2014-08-31 09:00 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-12-31 17:00 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\system32\sru 2014-12-31 16:54 - 2014-08-30 14:48 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1701199303-4255432910-2207620121-1002 2014-12-31 16:40 - 2014-08-30 14:46 - 00000000 ____D () C:\Users\MIKE\Documents\Youcam 2014-12-31 16:39 - 2014-08-30 14:46 - 00000000 __RDO () C:\Users\MIKE\SkyDrive 2014-12-31 12:41 - 2014-08-30 14:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-12-31 12:40 - 2014-08-31 07:36 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1701199303-4255432910-2207620121-1005 2014-12-31 09:57 - 2014-08-31 07:33 - 00000000 ___DO () C:\Users\harto_000\SkyDrive 2014-12-31 09:57 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\AppReadiness 2014-12-30 18:17 - 2014-08-30 14:43 - 00000000 ____D () C:\Users\MIKE\AppData\Local\VirtualStore 2014-12-30 18:08 - 2014-09-10 10:04 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log 2014-12-30 18:08 - 2014-09-10 10:03 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt 2014-12-30 18:07 - 2013-08-26 00:09 - 00956476 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-12-30 18:02 - 2013-08-26 00:01 - 00031306 _____ () C:\Windows\PFRO.log 2014-12-30 18:02 - 2013-08-22 08:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-12-30 18:02 - 2013-08-22 07:25 - 01310720 ___SH () C:\Windows\system32\config\BBI 2014-12-30 17:40 - 2013-08-22 08:46 - 00023902 _____ () C:\Windows\setupact.log 2014-12-30 17:26 - 2014-08-30 14:58 - 00001366 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-12-30 17:26 - 2014-08-30 14:58 - 00001354 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-12-30 17:26 - 2014-08-30 14:43 - 00001637 _____ () C:\Users\MIKE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-12-30 17:26 - 2013-08-22 09:36 - 00000000 ____D () C:\Program Files\Common Files\System 2014-12-30 05:02 - 2014-09-29 15:30 - 00003162 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForMIKE 2014-12-30 05:02 - 2014-09-29 15:30 - 00000350 _____ () C:\Windows\Tasks\HPCeeScheduleForMIKE.job 2014-12-29 08:59 - 2014-08-31 07:30 - 00000000 ____D () C:\Users\harto_000\Documents\Youcam 2014-12-28 15:45 - 2014-09-05 10:40 - 00000000 ____D () C:\Windows\AutoKMS 2014-12-28 12:50 - 2014-11-11 09:55 - 00000000 ____D () C:\Users\MIKE\AppData\Local\Adobe 2014-12-28 12:50 - 2014-08-31 09:00 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-12-27 01:17 - 2014-08-06 12:25 - 00000000 ____D () C:\ProgramData\TEMP 2014-12-20 05:17 - 2013-08-22 09:20 - 00000000 ____D () C:\Windows\CbsTemp 2014-12-17 22:36 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\rescache 2014-12-16 16:58 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-RS 2014-12-16 16:58 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-CS 2014-12-16 16:58 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-12-14 10:25 - 2014-09-05 11:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2014-12-14 10:24 - 2014-09-05 11:28 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-12-13 08:16 - 2014-09-01 09:22 - 00000000 ____D () C:\Windows\system32\MRT 2014-12-13 08:00 - 2014-09-01 09:22 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe Some content of TEMP: ==================== C:\Users\MIKE\AppData\Local\Temp\Extract.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-12-26 16:03 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-12-2014 Ran by MIKE at 2014-12-31 17:50:31 Running from C:\Users\MIKE\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated) Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.) Airport Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden AMD Catalyst Install Manager (HKLM\...\{A3B31167-C1B8-416E-35E6-8966F355418C}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.) Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Azkend 2: The World Beneath (x32 Version: 2.2.0.98 - WildTangent) Hidden Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden Build-a-lot (x32 Version: 2.2.0.98 - WildTangent) Hidden calibre (HKLM-x32\...\{69402281-8050-417B-93D8-9C2DB46C9DDC}) (Version: 2.1.0 - Kovid Goyal) Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden Curse at Twilight (x32 Version: 3.0.2.32 - WildTangent) Hidden Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.4.4824 - CyberLink Corp.) CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.5.3304 - CyberLink Corp.) CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.2.3618 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd) Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden Dragon NaturallySpeaking 12 (HKLM-x32\...\{D5D422B9-6976-4E98-8DDF-9632CB515D7E}) (Version: 12.00.100 - Nuance Communications Inc.) Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company) Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden Fishdom 3: Collector's Edition (x32 Version: 3.0.2.38 - WildTangent) Hidden Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden House of 1000 Doors: Family Secrets (x32 Version: 2.2.0.98 - WildTangent) Hidden HP 3D DriveGuard (HKLM-x32\...\{F90A86C9-7779-47DD-AC06-8EE832C55F55}) (Version: 6.0.18.1 - Hewlett-Packard Company) HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd) HP Connected Music (Meridian - player) (HKU\S-1-5-21-1701199303-4255432910-2207620121-1002\...\HPConnectedMusic) (Version: 1.1 (build 126) hp - Meridian Audio Ltd) HP Connected Music (Meridian - player) (HKU\S-1-5-21-1701199303-4255432910-2207620121-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\HPConnectedMusic) (Version: 1.1 (build 126) hp - Meridian Audio Ltd) HP Connected Music (Meridian - player) (HKU\S-1-5-21-1701199303-4255432910-2207620121-1005\...\HPConnectedMusic) (Version: 1.1 (build 126) hp - Meridian Audio Ltd) HP Connected Music (Meridian - player) (HKU\S-1-5-21-1701199303-4255432910-2207620121-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\HPConnectedMusic) (Version: 1.1 (build 126) hp - Meridian Audio Ltd) HP Control Zone (HKLM\...\SynTPDeinstKey) (Version: 18.1.7.8 - Synaptics Incorporated) HP CoolSense (HKLM-x32\...\{E2C8D0C2-1C97-4C05-939A-5B13A0FE655C}) (Version: 2.20.31 - Hewlett-Packard Company) HP Documentation (HKLM-x32\...\{0F475378-05E5-453D-99B3-CFB58218D5E9}) (Version: 1.1.0.0 - Hewlett-Packard) HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7372.4698 - Hewlett-Packard) HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.00.57 - Hewlett-Packard) HP Support Assistant (HKLM-x32\...\{2C395A31-8A70-4C2E-893F-25CBF37394CC}) (Version: 7.4.50.10 - Hewlett-Packard Company) HP Support Solutions Framework (HKLM-x32\...\{348A1F5B-07B3-4436-9A47-FFE44EFE856E}) (Version: 11.51.0004 - Hewlett-Packard Company) HP System Event Utility (HKLM-x32\...\{DEF23826-DB71-4654-BC00-D5D6C20802EA}) (Version: 1.1.4 - Hewlett-Packard Company) HP Utility Center (HKLM\...\{891A1782-8B20-4403-8383-458962525926}) (Version: 2.3.4 - Hewlett-Packard Company) HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company) iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.) Idle~_~Crawler (HKLM-x32\...\Idle~_~Crawler) (Version: 84.0.0.432 - web research foundation) <==== ATTENTION Inst5675 (Version: 8.00.57 - Softex Inc.) Hidden Inst5676 (Version: 8.00.57 - Softex Inc.) Hidden iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.) Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden King Oddball (x32 Version: 3.0.2.48 - WildTangent) Hidden Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden Mahjongg Dimensions Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Mozilla Firefox 35.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0 (x86 en-US)) (Version: 35.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0 - Mozilla) MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation) Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden OEM Application Profile (HKLM-x32\...\{70D5F822-F4C4-33D9-7EEC-2A4AF4EA7BDC}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden Pinger (HKLM-x32\...\Pinger 1.4.0.1) (Version: 1.4.0.1 - Pinger Inc.) Pinger (x32 Version: 1.4.0.1 - Pinger Inc.) Hidden Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.314 - Qualcomm Atheros) Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros) QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29074 - Realtek Semiconductor Corp.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.24.1218.2013 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7231 - Realtek Semiconductor Corp.) Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft) Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent) WildTangent Games App (HP Games) (x32 Version: 4.0.10.15 - WildTangent) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation) Youda Jewel Shop (x32 Version: 3.0.2.32 - WildTangent) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 08-12-2014 09:46:47 Scheduled Checkpoint 13-12-2014 07:49:23 Windows Update 18-12-2014 17:46:01 Windows Update 26-12-2014 18:24:09 Scheduled Checkpoint ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 07:25 - 2013-08-22 07:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {04C14E22-9B82-4E4C-889F-C507B9B7259F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation) Task: {09C8BD14-C36B-45E1-9C54-56EF4981D985} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2013-12-17] (CyberLink Corp.) Task: {0B03B3DC-C697-40A1-99D9-AAC3C2F5DCEE} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION Task: {0F1B0A4E-034D-46EE-80EE-95B59DDD4674} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe Task: {18BC80B2-BC22-41A5-A38B-FB2403FCFBE6} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe Task: {1EDD6EA6-F7CD-429C-A871-A09EC25AF431} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {36E61994-3059-4F1D-8B92-229866ECD485} - System32\Tasks\ProPCCleaner_Popup => C:\Program Files (x86)\Pro PC Cleaner\Splash.exe Task: {383AAC66-88EB-4C72-8DD2-FA6E44C90144} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-28] (Adobe Systems Incorporated) Task: {3B4D7540-1F16-401C-BDF3-0DCC4AF8FDD6} - \Idle~_~Crawler Runner No Task File <==== ATTENTION Task: {3D5234AA-213F-4A01-9855-23FE31CC144D} - System32\Tasks\Voo Update => C:\Users\MIKE\AppData\Roaming\VOOUPD~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION Task: {464838CA-8F9C-461F-B2FD-A87D777783AD} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-11-01] (Hewlett-Packard Development Company, L.P.) Task: {4995D822-6913-4CC4-B1B5-6ED0AEA8F614} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION Task: {4BF4FC30-D864-4E39-9170-59A293B9F6EE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company) Task: {55BF578A-BC5B-46D2-BF6E-8FC854CEA873} - System32\Tasks\{D18A4893-63F5-4026-AF88-1FB649D068C0} => pcalua.exe -a "C:\Program Files (x86)\pastaleads\uninstall.exe" Task: {5AEAB346-7E50-4DED-B340-6F541D050CDF} - System32\Tasks\PastaLeads => C:\Program Files (x86)\pastaleads\ScheduledTask.exe Task: {6050A504-E1FE-4E52-B054-34F4F7FE5D7F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe Task: {6211D50D-D7B3-490B-8741-C1D0866A6083} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard) Task: {6B4ECB5E-57E3-4058-AFA9-3AA4F289EAFB} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation) Task: {78436589-6D25-4ECC-830C-BF2B9097C13A} - System32\Tasks\Microsoft\Windows\Maintenance\Idle~_~Crawler Update => %LOCALAPPDATA%\Idle~_~Crawler\Idle~_~Crawler.exe <==== ATTENTION Task: {837EA5B8-AA8B-4365-B7A3-FD34E4C6DC1C} - System32\Tasks\SMupdate1 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update1 <==== ATTENTION Task: {87C783BC-98ED-404F-8AF0-E6EA37C91383} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-09-22] (Synaptics Incorporated) Task: {8847CCDC-7DBA-4FEA-941E-50EFD542DB86} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION Task: {8A9FA8A5-8C99-458A-B16E-6023C49911C3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-12-16] (Hewlett-Packard Company) Task: {A84B9BDB-8C08-4A1E-9F18-52E24CC490E1} - System32\Tasks\YTDownloader => C:\Program Files (x86)\YTDownloader\YTDownloader.exe <==== ATTENTION Task: {B1B0D40D-93B0-4ECF-BB67-8927FB375F42} - \AutoKMS No Task File <==== ATTENTION Task: {B7144EEE-8CAB-4AD7-8057-1FBFF1EC1413} - System32\Tasks\ProPCCleaner_Start => C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe Task: {BCD39441-69A8-4524-A07E-FBFAC5E32963} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-12-16] (Hewlett-Packard Company) Task: {CEE2F925-643B-460C-98AE-7E3E99209960} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation) Task: {D0AD90F4-2350-49EC-8BD3-35CF05A06054} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION Task: {EA40D39D-EA01-4FC7-A87E-71FC860C9F56} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION Task: {F717F411-5172-4D4F-A2FD-7C320C87D569} - System32\Tasks\HPCeeScheduleForMIKE => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION Task: C:\Windows\Tasks\HPCeeScheduleForMIKE.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe Task: C:\Windows\Tasks\Voo Update.job => C:\Users\MIKE\AppData\Roaming\VOOUPD~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION ==================== Loaded Modules (whitelisted) ============= 2013-10-14 13:23 - 2013-10-14 13:23 - 00109568 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe 2013-10-14 13:24 - 2013-10-14 13:24 - 00627200 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachedrv.dll 2013-10-14 13:25 - 2013-10-14 13:25 - 02541056 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll 2013-10-14 13:22 - 2013-10-14 13:22 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll 2013-10-14 13:22 - 2013-10-14 13:22 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll 2013-10-14 13:22 - 2013-10-14 13:22 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll 2013-10-14 13:35 - 2013-10-14 13:35 - 00306064 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll 2013-10-14 13:35 - 2013-10-14 13:35 - 01297296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll 2013-12-11 16:11 - 2013-12-11 16:11 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll 2014-10-14 23:27 - 2014-10-14 23:27 - 08897696 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2013-10-14 13:30 - 2013-10-14 13:30 - 00065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe 2014-12-22 04:56 - 2014-12-22 04:56 - 00499200 _____ () C:\Users\MIKE\AppData\Local\Packages\134D4F5B.Box_2qk4zy5s3qmee\AC\Microsoft\CLR_v4.0\NativeImages\Box.Agent.WinRT\4f646a8524d74ef9969b65cd0ff4225c\Box.Agent.WinRT.ni.dll 2014-10-17 20:31 - 2014-10-17 20:31 - 01782784 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.App640a3541#\3f4dc590466037f015f65bc07d1ea923\Windows.ApplicationModel.ni.dll 2014-10-17 20:32 - 2014-10-17 20:32 - 00146944 _____ () C:\Users\MIKE\AppData\Local\Packages\134D4F5B.Box_2qk4zy5s3qmee\AC\Microsoft\CLR_v4.0\NativeImages\nVentive.Um114fe9fe#\066a83309e4aeb8f308ed874087a646e\nVentive.Umbrella.Services.Contract.WinRT.ni.dll 2014-12-22 04:56 - 2014-12-22 04:56 - 00874496 _____ () C:\Users\MIKE\AppData\Local\Packages\134D4F5B.Box_2qk4zy5s3qmee\AC\Microsoft\CLR_v4.0\NativeImages\Box.V2\95f5addf5fea3c9c98315d17d91a3062\Box.V2.ni.dll 2014-10-17 20:31 - 2014-10-17 20:31 - 00207872 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.System\a4efa88b742703220e527956d8ab4e84\Windows.System.ni.dll 2014-10-17 20:32 - 2014-10-17 20:32 - 01287680 _____ () C:\Users\MIKE\AppData\Local\Packages\134D4F5B.Box_2qk4zy5s3qmee\AC\Microsoft\CLR_v4.0\NativeImages\nVentive.Um9106121c#\f32bc48cf84577178ce92119aa989125\nVentive.Umbrella.Web.WinRT.ni.dll 2014-10-17 20:31 - 2014-10-17 20:31 - 01278464 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.Storage\f9ac074d298db459c5eff6d3256861c8\Windows.Storage.ni.dll 2014-10-17 20:31 - 2014-10-17 20:31 - 00632320 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.Security\c7f6d022c5d5aec4891cb6b3b9934336\Windows.Security.ni.dll 2014-10-17 20:31 - 2014-10-17 20:31 - 00363520 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.Foundation\6382e6f5ad8b7a9db4f5cd4817e70319\Windows.Foundation.ni.dll 2014-07-31 11:16 - 2014-07-31 11:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2014-12-31 16:48 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl 2014-12-31 16:48 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl 2014-12-31 16:48 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl 2014-12-31 16:48 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll 2014-12-31 16:48 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll 2014-12-31 12:24 - 2014-12-31 12:24 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8 AlternateDataStreams: C:\Users\harto_000\SkyDrive:ms-properties AlternateDataStreams: C:\Users\MIKE\SkyDrive:ms-properties ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items =========
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.