Jump to content

Search the Community

Showing results for tags 'Redirects'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 21 results

  1. The other night I tried to visit a site, but Panda Dome would not let it display and reported it as a virus because of a redirect (see attached items). Now I am getting the issues on other pages. I thought it might be malware and have used all the apps, but am unable to find anything on my system. Do you know what could be causing this issue? Blocked Items.txt
  2. Searchmine has changed my preferences so that it redirects my homepage to their site. It has greyed out the homepage option in settings and won't let my set any page as a new homepage. Malwarebytes does not recognise this as a PUP. I am Malwarebytes premium user, any suggestions?
  3. Hey everyone, Every time I am on yahoo (usually my email) I get a timed redirect to another page. The redirect runs thru' 2-3 URLS but always starts with a beginads.com url, example: https://tracking.beginads.com/nlp/index.php?pid=27&sid=4444444&kw=buy&f=click&bu=http%3A%2F%2Fxml.plaimedia.com%2Fclick.php%3Fkey%3D1vjsyz705lnokxftylxc%26t1%3D4444444%26t2%3Dbacktrafffromxml&url=https://feed.myadsbro.com/ Its driving me nuts! LOL I have enclosed my FARBAR files and a recent Malwarebytes scan. Appreciate any help! best regards Julio Addition.txt FRST.txt malware bytes scan log Jan 3 2018.txt
  4. I have the same problem indicated here, When I run ` find . -name "$1" 2>&1 | grep -v 'Permission denied' ` in the terminal it seem to keep getting hits in this folder: " Library/Application Support/Firefox/profiles". I attached the files from this directory. Redirect domain was hitcpm.com. Searching that on the net gets you references to hitcpm.com/watch?key virus. Anyone have any experience with this on mac? I attached Thank you. pkcs11.txt LICENSE.txt revocations.txt SiteSecurityServiceState.txt pkcs11.txt LICENSE.txt revocations.txt SiteSecurityServiceState.txt
  5. Need help in removing the malware on my computer. I ran malwarebytes but I still get pop ups, redirects, etc….
  6. Hi, A while back I was getting CloudScout pop-ups and ads in Chrome (no other browser). I did everything I could to remove them, even posting on BleepingComputer, but I just gave up in the end because they were intermittent and eventually disappeared entirely on their own. Now I have the same pop-ups and ads but this time they're marked "Ads by DNSUnlocker". My brother's computer gets the ads at exactly the same time as I do, every time. We're on the same network. Sometimes using Chrome's reset settings feature removes the ads for a few days, but sometimes it does nothing. I've run a fully updated Malwarebytes several times and it has found nothing. Your DNSUnlocker Removal Guide, as with every single other guide on the internet, is completely pointless and just annoying. I have never once seen any virus actually show up as an installed program. That just never happens, which is why I get annoyed at all of those copy-cat, nonsense guides that say to look for the virus in Programs and Features or Task Manager. Our internet setup is a bit unusual because of where we live. We have satellite internet, but it's too delayed (600ms to 2s of ping) for online gaming, so my brother and I have our own separate internet connection using a Samsung Galaxy S3 with a patch lead going to an external antenna. We enable the portable hotspot on the phone and connect that way. It's possible the phone is infected, but I don't know how to find out on Android. Maybe it could be the router - I guess I can test that by not bridging my network at all today (and therefore relying on the separate wifi network from the phone) and seeing if the ads appear. Whatever happens, I can't reinstall Windows. Not until I go to Windows 10, anyway. I have hundreds of programs installed and set up and it would take weeks to get it all back up and running again. Reinstalling Windows is always a nightmare. The following are the FRST logs. In the logs there are a few programs that I know seem suspicious; SoundSwitch, XboxStat, ClipX, Win7 Taskbar Tweaker, DisplayFusion and the shell extension that allows me to remove the shortcut arrows on some symbolic links are all genuine programs - but I can't vouch that they are virus-free. I used to use Acronis TrueImage 2014, but I will admit I illegally pirated it. I no longer use it and it's now removed, but it still has traces on the computer so it's possible it was the cause of the virus because it was pirated. I paid (quite a lot!) for a much better (and not illegal) backup solution (Bvckup 2). At the time of making the logs my network connection was bridged in such a way as to allow me to connect to the 3G internet but still access our home network and 20TB NAS for file sharing. Well, great. The ads have all disappeared. That's annoying. I wish they'd just be consistent. Oh well, here's the FRST logs anyway (hmm, was told the post was too long to post, so Addition.txt is now attached): Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-09-2015 Ran by David (administrator) on HAROLD (06-09-2015 12:36:56) Running from C:\Users\David\Desktop Loaded Profiles: David (Available Profiles: David) Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe (Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Samsung Electronics Co., Ltd.) C:\Windows\System32\RAPID\SamsungRapidSvc.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe () C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe (Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (RaMMicHaeL) C:\Users\David\AppData\Roaming\7+ Taskbar Tweaker\7+ Taskbar Tweaker.exe (Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe (Spotify Ltd) C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe (Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Corsair Components, Inc.) C:\Program Files (x86)\Corsair\Corsair Headset Software\HeadsetControlPanel.exe (Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe () C:\Program Files (x86)\ClipX\clipx.exe (Codeusa Software) C:\Program Files (x86)\Borderless Gaming\BorderlessGaming.exe (Pipemetrics SA) C:\Program Files\Bvckup 2\bvckup2.exe (Almico Software (www.almico.com)) C:\Program Files (x86)\SpeedFan\speedfan.exe (Jeroen Pelgrims) C:\Users\David\AppData\Local\Apps\2.0\4G2TEA0W.YEX\HJK8QHO4.E2X\soun..tion_0000000000000000_0002.0004_f839aedc2aa2d7a7\SoundSwitch.exe (Samsung Electronics.) C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe (Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6064.exe (Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6032.exe () C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe () C:\Program Files (x86)\RivaTuner Statistics Server\EncoderServer.exe () C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooksLoader64.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Intel® Corporation) C:\Program Files\Intel\NCS2\WMIProv\ncs2prov.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation) HKLM\...\Run: [shadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [samsungRapidApp] => C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe [281312 2014-05-19] (Samsung Electronics Co., Ltd.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13513288 2013-03-29] (Realtek Semiconductor) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-06-24] (NVIDIA Corporation) HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [518424 2013-07-18] (Acronis) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-05-26] (Adobe Systems Incorporated) HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [7805888 2014-08-19] (Acronis) HKLM-x32\...\Run: [Corsair Headset Software] => C:\Program Files (x86)\Corsair\Corsair Headset Software\HeadsetControlPanel.exe [3167544 2014-02-12] (Corsair Components, Inc.) HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1102192 2013-10-10] (Acronis International GmbH) HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2620728 2015-07-22] (Malwarebytes Corporation) HKLM-x32\...\Run: [ClipX] => C:\Program Files (x86)\ClipX\clipx.exe [68608 2005-12-01] () HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKU\S-1-5-21-715575704-4020683070-549173419-1000\...\Run: [7 Taskbar Tweaker] => C:\Users\David\AppData\Roaming\7+ Taskbar Tweaker\7+ Taskbar Tweaker.exe [382976 2015-04-08] (RaMMicHaeL) HKU\S-1-5-21-715575704-4020683070-549173419-1000\...\Run: [DisplayFusion] => C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe [6886752 2015-01-07] (Binary Fortress Software) HKU\S-1-5-21-715575704-4020683070-549173419-1000\...\Run: [spotify Web Helper] => C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2018360 2015-08-31] (Spotify Ltd) ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-06-03] () ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-06-03] () ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-06-03] () ShellIconOverlayIdentifiers: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net) ShellIconOverlayIdentifiers: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net) ShellIconOverlayIdentifiers: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net) ShellIconOverlayIdentifiers: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net) ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net) ShellIconOverlayIdentifiers: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net) ShellIconOverlayIdentifiers: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net) ShellIconOverlayIdentifiers: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net) ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net) ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] () ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] () ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] () ShellIconOverlayIdentifiers: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2014-06-04] (Hermann Schinagl) ShellIconOverlayIdentifiers: [iconOverlayHardLink] -> {0A479751-02BC-11d3-A855-0004AC2568DD} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2014-06-04] (Hermann Schinagl) ShellIconOverlayIdentifiers: [iconOverlaySymbolicLink] -> {0A479751-02BC-11d3-A855-0004AC2568EE} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2014-06-04] (Hermann Schinagl) ShellIconOverlayIdentifiers-x32: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\32\HardlinkShellExt.dll [2014-06-04] (Hermann Schinagl) ShellIconOverlayIdentifiers-x32: [iconOverlayHardLink] -> {0A479751-02BC-11d3-A855-0004AC2568DD} => C:\Program Files\LinkShellExtension\32\HardlinkShellExt.dll [2014-06-04] (Hermann Schinagl) ShellIconOverlayIdentifiers-x32: [iconOverlaySymbolicLink] -> {0A479751-02BC-11d3-A855-0004AC2568EE} => C:\Program Files\LinkShellExtension\32\HardlinkShellExt.dll [2014-06-04] (Hermann Schinagl) Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Borderless Gaming.lnk [2015-08-01] ShortcutTarget: Borderless Gaming.lnk -> C:\Program Files (x86)\Borderless Gaming\BorderlessGaming.exe (Codeusa Software) Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bvckup2.lnk [2015-07-12] ShortcutTarget: Bvckup2.lnk -> C:\Program Files\Bvckup 2\bvckup2.exe (Pipemetrics SA) Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Magician.lnk [2015-03-09] ShortcutTarget: Samsung Magician.lnk -> C:\Windows\System32\schtasks.exe (Microsoft Corporation) Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SoundSwitch.appref-ms [2015-03-09] () Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpeedFan.lnk [2015-03-09] ShortcutTarget: SpeedFan.lnk -> C:\Program Files (x86)\SpeedFan\speedfan.exe (Almico Software (www.almico.com)) BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Winsock: Catalog5 07 C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [26512 2013-05-11] (National Instruments Corporation) Winsock: Catalog5-x64 07 C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [28560 2013-05-11] (National Instruments Corporation) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.0.11 Tcpip\..\Interfaces\{4F3C7CA5-7803-41F3-86CC-3327492FE7E6}: [DhcpNameServer] 192.168.0.11 Tcpip\..\Interfaces\{7B1CEF77-DDB6-42E8-B017-8F1562B1DF55}: [DhcpNameServer] 192.168.42.129 Tcpip\..\Interfaces\{B597B79E-1A3E-4CB1-8674-E3D4E441BBA8}: [NameServer] 8.8.8.8,8.8.4.4 Tcpip\..\Interfaces\{BBFF37E3-B1E9-4A3F-800F-8FDAE3F72FEE}: [DhcpNameServer] 192.168.43.1 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-715575704-4020683070-549173419-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-715575704-4020683070-549173419-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-05-16] (Oracle Corporation) BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2014-11-11] (LastPass) BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-16] (Oracle Corporation) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-16] (Oracle Corporation) BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2014-11-11] (LastPass) BHO-x32: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> C:\Program Files (x86)\Free Download Manager\iefdm2.dll [2013-09-13] (FreeDownloadManager.ORG) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-16] (Oracle Corporation) Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2014-11-11] (LastPass) Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2014-11-11] (LastPass) FireFox: ======== FF ProfilePath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\prz90v4y.default FF Plugin: @esn/npbattlelog,version=2.7.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.0\npbattlelogx64.dll [2015-04-23] (EA Digital Illusions CE AB) FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB) FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-16] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-16] (Oracle Corporation) FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2014-11-11] (LastPass) FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-26] (Wacom) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-06-09] (Adobe Systems) FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-26] (Wacom) FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1212152.dll [2014-05-30] (Adobe Systems, Inc.) FF Plugin-x32: @esn/npbattlelog,version=2.7.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.0\npbattlelog.dll [2015-04-23] (EA Digital Illusions CE AB) FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-08] (Google) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-03-12] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-03-12] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-16] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-16] (Oracle Corporation) FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2014-11-11] (LastPass) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-04-09] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-04-09] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-29] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-29] (Google Inc.) FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-26] (Wacom) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-06-09] (Adobe Systems) FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-26] (Wacom) FF Plugin HKU\S-1-5-21-715575704-4020683070-549173419-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\David\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-08-22] (Unity Technologies ApS) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nplv2012win32.dll [2013-05-29] (National Instruments) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nplv2013win32.dll [2013-06-20] (National Instruments) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-06-29] (Adobe Systems Inc.) FF Extension: LastPass - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\prz90v4y.default\Extensions\support@lastpass.com [2014-11-11] FF Extension: Classic Theme Restorer (Customize UI) - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\prz90v4y.default\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2015-07-03] FF Extension: Omnibar - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\prz90v4y.default\Extensions\omnibar@ajitk.com.xpi [2015-07-03] FF Extension: FXChrome - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\prz90v4y.default\Extensions\{c0c588b6-b11d-4898-af00-079fed05aa32}.xpi [2015-07-03] FF Extension: Adblock Plus - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\prz90v4y.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-07-03] Chrome: ======= CHR HomePage: Default -> hxxp://google.com/ CHR StartupUrls: Default -> "hxxp://google.com/" CHR DefaultSearchKeyword: Default -> lp CHR Profile: C:\Users\David\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-07] CHR Extension: (Google Docs) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-07] CHR Extension: (Google Drive) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-07] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-03-07] CHR Extension: (YouTube) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-07] CHR Extension: (Adblock Plus) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-03-07] CHR Extension: (Google Search) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-07] CHR Extension: (Backtick) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\daiejhinmmfgincamkeeobmpffhdljim [2015-03-07] CHR Extension: (Session Buddy) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2015-03-07] CHR Extension: (Google Sheets) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-07] CHR Extension: (Google Docs Offline) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-04] CHR Extension: (LastPass: Free Password Manager) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-03-07] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-07] CHR Extension: (Better YouTube Watch History) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\lleajdkalfbohpinoaekajagdefaeckd [2015-03-09] CHR Extension: (Chrome Web Store Payments) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-07] CHR Extension: (Google Tone) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnckehldicaciogcbchegobnafnjkcne [2015-05-28] CHR Extension: (Gmail) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-07] CHR Extension: (RSS Feed Reader) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnjaodmkngahhkoihejjehlcdlnohgmp [2015-03-07] CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - http://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - http://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [680112 2015-06-09] (Adobe Systems Incorporated) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1060352 2015-06-19] () S4 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [File not signed] R2 DisplayFusionService; C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [3169648 2015-01-07] (Binary Fortress Software) S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [238376 2015-07-14] (EasyAntiCheat Ltd) S2 Foundry FLEXlm Server; C:\Program Files (x86)\The Foundry\\LicensingTools7.0\bin\FLEXlm\lmgrd.foundry.exe [1392016 2012-10-30] (Acresso Software Inc.) S4 Foundry License Server; C:\Program Files (x86)\The Foundry\\LicensingTools7.0\bin\RLM\rlm.foundry.exe [1474560 2014-04-04] (Reprise Software Inc.) [File not signed] R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-06-24] (NVIDIA Corporation) S4 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel® Corporation) [File not signed] S4 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation) S4 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-03-12] (Intel Corporation) S4 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [174368 2014-02-28] () S4 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation) S4 LkCitadelServer; C:\Windows\SysWOW64\lkcitdl.exe [695136 2010-10-27] (National Instruments, Inc.) S4 lkClassAds; C:\Windows\SysWOW64\lkads.exe [53544 2013-06-12] (National Instruments Corporation) S4 lkTimeSync; C:\Windows\SysWOW64\lktsrv.exe [63792 2013-06-12] (National Instruments Corporation) R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [713016 2015-07-22] (Malwarebytes Corporation) S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4737024 2008-07-29] (Microsoft Corporation) S4 NIApplicationWebServer; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [57696 2013-06-08] (National Instruments Corporation) S4 NIApplicationWebServer64; C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [81248 2013-06-08] (National Instruments Corporation) S4 NIDomainService; C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe [380720 2013-06-12] (National Instruments Corporation) S4 NILM License Manager; C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe [1427688 2010-08-02] (Macrovision Corporation) S4 nimDNSResponder; C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [260976 2013-05-11] (National Instruments Corporation) S4 NiSvcLoc; C:\Program Files (x86)\National Instruments\Shared\niSvcLoc\nisvcloc.exe [90440 2013-06-07] (National Instruments Corporation) S4 NISystemWebServer; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe [57680 2013-06-08] (National Instruments Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1868432 2015-06-24] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23007376 2015-06-24] (NVIDIA Corporation) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1997168 2015-06-02] (Electronic Arts) S4 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed] R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2015-06-02] () R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2015-06-03] () S4 RadeonPro Support Service; C:\Program Files (x86)\RadeonPro\RadeonProSupport.exe [20608 2013-11-04] (Mr. John aka japamd) [File not signed] R2 SamsungRapidSvc; C:\Windows\System32\RAPID\SamsungRapidSvc.exe [27872 2014-05-19] (Samsung Electronics Co., Ltd.) S4 SVLAdminServiceX64; C:\Program Files (x86)\Software Verification\SVL Service x64\svlService_x64.exe [21792 2014-06-03] () S4 SVLAdminServiceX86; C:\Program Files (x86)\Software Verification\SVL Service x86\svlService.exe [24928 2014-05-23] () S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] S3 VsEtwService120; C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [87728 2013-10-04] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [672024 2015-02-27] (Wacom Technology, Corp.) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) S3 BioNTDrv; C:\Program Files (x86)\Paragon Software\Migrate OS to SSD\program\BioNTDrv.SYS [19024 2011-03-01] (Paragon Software GmbH) R3 CorsairAudioFilter; C:\Windows\System32\DRIVERS\corsveng2kamd64.sys [109912 2014-02-03] (Corsair Components, Inc.) R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [496400 2013-02-26] (Intel Corporation) S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-11] (Broadcom Corporation) R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2015-07-22] () R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-01-19] () R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-31] (Logitech Inc.) S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [43456 2012-07-26] (http://libusb-win32.sourceforge.net) S3 libusbK; C:\Windows\System32\DRIVERS\libusbK.sys [47200 2014-07-08] (http://libusb-win32.sourceforge.net) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-06-24] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [46768 2015-05-19] (NVIDIA Corporation) S3 RivaTuner64; C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [12288 2009-08-23] () [File not signed] S3 rspLLL; C:\Windows\System32\DRIVERS\rspLLL64.sys [25504 2013-10-21] (Resplendence Software Projects Sp.) R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13480 2014-06-10] () R3 RTL8192cu; C:\Windows\System32\DRIVERS\rtwlanu.sys [986728 2012-02-10] (Realtek Semiconductor Corporation ) R0 SamsungRapidDiskFltr; C:\Windows\System32\DRIVERS\SamsungRapidDiskFltr.sys [265952 2014-05-19] (Samsung Electronics Co., Ltd.) R0 SamsungRapidFSFltr; C:\Windows\System32\DRIVERS\SamsungRapidFSFltr.sys [111328 2014-05-19] (Samsung Electronics Co., Ltd.) R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2015-02-10] (Acronis International GmbH) R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [198432 2015-02-10] (Acronis International GmbH) R3 TotRec8; C:\Windows\system32\drivers\TotRec8.sys [125640 2014-04-30] (High Criteria inc.) U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-05-01] () R3 VBAudioVACMME; C:\Windows\System32\DRIVERS\vbaudio_cable64_win7.sys [41192 2013-07-11] (Windows ® Win 7 DDK provider) S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [116296 2014-09-09] (Oracle Corporation) R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2015-02-10] (Acronis International GmbH) R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 moufiltr; system32\DRIVERS\moufiltr.sys [X] S3 vhidmini; system32\DRIVERS\walvhid.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-09-06 12:36 - 2015-09-06 12:37 - 00035976 _____ C:\Users\David\Desktop\FRST.txt 2015-09-06 12:11 - 2015-09-06 12:12 - 02188800 _____ (Farbar) C:\Users\David\Desktop\FRST64.exe 2015-09-03 10:56 - 2015-09-03 10:57 - 12455424 _____ (Frontier Developments ) C:\Users\David\Desktop\EliteDangerous-Client-Installer.exe 2015-08-31 17:22 - 2015-08-31 17:47 - 255525815 _____ (Fleet Operations Development Team ) C:\Users\David\Desktop\FOSetup327.exe 2015-08-31 17:22 - 2015-08-31 17:28 - 54894709 _____ ( ) C:\Users\David\Desktop\FleetOpsMultimedia3.exe 2015-08-31 17:16 - 2015-08-31 17:17 - 00895868 _____ C:\Users\David\Desktop\3danalyzer-v236.zip 2015-08-30 11:51 - 2015-08-30 11:51 - 00154956 _____ C:\Users\David\Desktop\d l4d2.aup 2015-08-30 11:51 - 2015-08-30 11:51 - 00000000 ____D C:\Users\David\Desktop\d l4d2_data 2015-08-29 16:55 - 2015-08-29 16:55 - 00001679 _____ C:\Users\David\Desktop\left4gore.exe - Shortcut.lnk 2015-08-29 16:55 - 2015-08-29 16:55 - 00001099 _____ C:\Users\David\Desktop\left4dead2.exe - Shortcut.lnk 2015-08-29 15:21 - 2015-08-29 15:21 - 00000785 _____ C:\Users\David\Desktop\Star Citizen Launcher.lnk 2015-08-29 15:21 - 2015-08-29 15:21 - 00000000 ____D C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Star Citizen Launcher 2015-08-29 15:21 - 2015-08-29 15:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Star Citizen Launcher 2015-08-23 18:14 - 2015-08-23 18:48 - 00000000 ____D C:\Users\David\Desktop\DSTwo 2015-08-22 13:26 - 2015-08-31 21:22 - 00000000 ____D C:\Users\David\AppData\Local\Spotify 2015-08-22 13:26 - 2015-08-22 13:26 - 00001793 _____ C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk 2015-08-22 13:22 - 2015-08-31 21:22 - 00000000 ____D C:\Users\David\AppData\Roaming\Spotify 2015-08-22 11:47 - 2015-08-22 11:47 - 00077373 _____ C:\Users\David\Desktop\d_rocketleague_3.aup 2015-08-22 11:47 - 2015-08-22 11:47 - 00000000 ____D C:\Users\David\Desktop\d_rocketleague_3_data 2015-08-15 11:33 - 2015-08-15 11:33 - 00078360 _____ C:\Users\David\Desktop\d_minecraft_pp_1.aup 2015-08-15 11:33 - 2015-08-15 11:33 - 00000000 ____D C:\Users\David\Desktop\d_minecraft_pp_1_data 2015-08-07 22:38 - 2015-08-07 22:38 - 00000000 ____D C:\Users\David\Documents\PCSX2 2015-08-07 22:38 - 2015-08-07 22:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCSX2 2015-08-07 21:59 - 2015-08-07 21:59 - 00866384 _____ C:\Users\David\Desktop\OpenPS2Loader 0.9.2.zip 2015-08-07 21:55 - 2015-08-07 21:55 - 00100490 _____ C:\Users\David\Desktop\ESRDiscPatcher.zip 2015-08-07 21:55 - 2015-08-07 21:55 - 00028642 _____ C:\Users\David\Desktop\ESR.zip 2015-08-07 14:55 - 2015-08-07 14:55 - 00000000 ____D C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PS2 Save Builder 0.8 2015-08-07 14:54 - 2015-08-07 14:54 - 00000000 ____D C:\Program Files (x86)\PS2 Save Builder 0.8 2015-08-07 14:37 - 2015-08-07 14:38 - 00000000 ____D C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyMC 2015-08-07 14:36 - 2015-08-07 14:36 - 00000000 ____D C:\Program Files (x86)\MyMC 2015-08-07 14:24 - 2015-08-07 14:24 - 04710029 _____ C:\Users\David\Desktop\mymc-alpha-2.6.zip 2015-08-07 13:57 - 2015-08-07 13:58 - 05116874 _____ C:\Users\David\Desktop\[140629]FMCB-0194-bin.7z 2015-08-07 13:54 - 2015-08-07 14:12 - 00000000 ____D C:\Users\David\Desktop\PS2 Saves ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-09-06 12:36 - 2015-03-11 11:11 - 00000000 ____D C:\FRST 2015-09-06 12:35 - 2014-02-28 11:35 - 01150434 _____ C:\Windows\WindowsUpdate.log 2015-09-06 12:21 - 2015-03-07 14:45 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-09-06 12:06 - 2009-07-14 14:45 - 00022784 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-09-06 12:06 - 2009-07-14 14:45 - 00022784 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-09-06 12:05 - 2009-07-14 15:13 - 00801230 _____ C:\Windows\system32\PerfStringBackup.INI 2015-09-06 12:02 - 2014-06-23 14:56 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-09-06 11:59 - 2015-07-12 21:28 - 00000000 ____D C:\Users\David\AppData\Local\Bvckup2 2015-09-06 11:59 - 2015-03-13 13:04 - 00017430 _____ C:\Windows\setupact.log 2015-09-06 11:59 - 2015-03-07 14:45 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-09-06 11:59 - 2015-01-10 12:41 - 00003018 _____ C:\Windows\System32\Tasks\MSIAfterburner 2015-09-06 11:59 - 2015-01-09 22:44 - 00000000 ____D C:\Program Files (x86)\SpeedFan 2015-09-06 11:59 - 2014-10-04 10:02 - 00000000 ____D C:\ProgramData\VMware 2015-09-06 11:59 - 2014-06-23 16:53 - 00000000 ____D C:\ProgramData\NVIDIA 2015-09-06 11:59 - 2014-03-01 08:43 - 01192302 _____ C:\Windows\PFRO.log 2015-09-06 11:59 - 2013-09-26 16:39 - 00000000 ____D C:\Users\David\AppData\Local\Deployment 2015-09-06 11:59 - 2009-07-14 15:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-09-06 00:37 - 2013-10-01 12:36 - 00000000 ____D C:\Program Files (x86)\MSI Afterburner 2015-09-05 23:15 - 2014-11-20 16:21 - 00000000 ____D C:\Program Files (x86)\Steam 2015-09-05 12:43 - 2014-02-28 23:06 - 00000000 ____D C:\ProgramData\Unity 2015-09-04 16:47 - 2015-03-12 08:37 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit 2015-09-04 14:42 - 2015-06-21 21:03 - 00000000 ____D C:\Users\David\Desktop\Keygen-CRD 2015-09-04 14:42 - 2009-07-14 15:32 - 00000000 ____D C:\Windows\Performance 2015-09-04 09:18 - 2014-02-13 12:45 - 00000000 ____D C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2015-08-30 21:38 - 2014-11-22 12:00 - 00000000 ____D C:\Users\David\Desktop\Stiff to Sort 2015-08-30 12:05 - 2014-08-07 16:56 - 00000000 ____D C:\Users\David\AppData\Roaming\Audacity 2015-08-30 11:57 - 2014-03-03 11:07 - 00000000 ____D C:\Users\David\AppData\Roaming\HandBrake 2015-08-30 11:53 - 2013-10-06 10:26 - 00000000 ____D C:\Users\David\AppData\Roaming\Mumble 2015-08-29 16:16 - 2015-03-07 14:45 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-08-29 16:16 - 2015-03-07 14:45 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-08-26 09:26 - 2009-07-14 15:08 - 00032656 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2015-08-24 14:41 - 2013-12-25 23:19 - 00000000 ____D C:\Users\David\AppData\Roaming\.minecraft 2015-08-24 11:34 - 2015-05-24 16:31 - 00000080 _____ C:\Users\David\AppData\Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦 2015-08-24 07:15 - 2015-03-12 08:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit 2015-08-24 07:15 - 2015-03-12 08:37 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit 2015-08-23 15:07 - 2015-04-12 09:56 - 00000000 ____D C:\Program Files (x86)\Rockstar Games 2015-08-23 15:07 - 2015-04-12 09:55 - 00000000 ____D C:\Program Files\Rockstar Games 2015-08-22 14:06 - 2013-10-26 23:09 - 00000000 ____D C:\Users\David\AppData\Roaming\Unity 2015-08-22 13:21 - 2013-10-05 10:17 - 00000000 ____D C:\Users\David\AppData\Roaming\vlc 2015-08-22 09:48 - 2015-06-28 11:35 - 00000328 _____ C:\Users\David\Desktop\costs.txt 2015-08-16 16:42 - 2015-03-16 12:26 - 00000000 ____D C:\Users\David\AppData\Local\CrashDumps 2015-08-09 13:42 - 2013-11-09 13:20 - 00007631 _____ C:\Users\David\AppData\Local\Resmon.ResmonCfg 2015-08-07 22:38 - 2014-03-11 09:16 - 00000000 ____D C:\Windows\SysWOW64\directx ==================== Files in the root of some directories ======= 2014-11-11 19:55 - 2014-11-11 19:55 - 14147584 _____ () C:\Program Files (x86)\Common Files\lpuninstall.exe 2015-05-23 00:40 - 2015-05-23 00:43 - 0000132 _____ () C:\Users\David\AppData\Roaming\Adobe PNG Format CS6 Prefs 2013-12-31 22:52 - 2013-12-31 23:02 - 0065617 _____ () C:\Users\David\AppData\Roaming\Camdata.ini 2013-12-31 22:52 - 2013-12-31 23:02 - 0000408 _____ () C:\Users\David\AppData\Roaming\CamLayout.ini 2013-12-31 22:52 - 2013-12-31 23:02 - 0000408 _____ () C:\Users\David\AppData\Roaming\CamShapes.ini 2013-12-31 22:52 - 2013-12-31 23:02 - 0004548 _____ () C:\Users\David\AppData\Roaming\CamStudio.cfg 2015-01-17 13:22 - 2015-01-18 12:18 - 0000699 _____ () C:\Users\David\AppData\Roaming\DriveCalculator Preferences 2014-12-28 09:08 - 2014-12-28 21:57 - 0003982 _____ () C:\Users\David\AppData\Roaming\LTspiceIV.ini 2014-02-07 08:30 - 2014-05-14 17:22 - 0000813 _____ () C:\Users\David\AppData\Roaming\MPQEditor.ini 2013-12-31 22:51 - 2013-12-31 22:52 - 0000096 _____ () C:\Users\David\AppData\Roaming\version2.xml 2014-04-05 14:22 - 2014-04-18 17:18 - 0003584 _____ () C:\Users\David\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-08-14 16:28 - 2014-08-14 16:28 - 1065984 _____ () C:\Users\David\AppData\Local\file__0.localstorage 2013-10-24 10:05 - 2013-10-24 10:05 - 0000093 _____ () C:\Users\David\AppData\Local\fusioncache.dat 2013-10-25 13:19 - 2013-10-25 13:19 - 0000000 ___SH () C:\Users\David\AppData\Local\LumaEmu 2015-07-26 14:16 - 2015-07-26 14:16 - 0006667 _____ () C:\Users\David\AppData\Local\recently-used.xbel 2013-11-09 13:20 - 2015-08-09 13:42 - 0007631 _____ () C:\Users\David\AppData\Local\Resmon.ResmonCfg 2015-02-22 19:52 - 2015-02-22 19:52 - 0000080 _____ () C:\Users\David\AppData\Local\X-Plane Installer.prf 2015-02-22 19:27 - 2015-02-22 19:27 - 0000036 _____ () C:\Users\David\AppData\Local\x-plane_install_10.txt 2014-08-31 11:26 - 2014-08-31 11:26 - 0000044 _____ () C:\ProgramData\.SimImages 2015-04-09 12:49 - 2015-04-09 12:49 - 0000153 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc Some files in TEMP: ==================== C:\Users\David\AppData\Local\Temp\bzfclean.exe C:\Users\David\AppData\Local\Temp\installerdll783592140.dll C:\Users\David\AppData\Local\Temp\jre-8u60-windows-au.exe C:\Users\David\AppData\Local\Temp\sfamcc00001.dll C:\Users\David\AppData\Local\Temp\sfareca00001.dll ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-09-01 00:31 ==================== End of FRST.txt ============================ Addition.txt
  7. Have been plagued by multiple adware popups from DNSUnlocker and n1.smartyads. I continually get redirected to the point that I spend more time blocking the redirects than browsing. I'm not sure if the redirects are related to these adware items or not. Have used MBAM and other adware/malware programs to no avail. Standard removal guides for these malware items are not effective. Any help you could provide would be appreciated. FRST txt file is pasted below, addition.txt file is attached due to size Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:12-09-2015 Ran by Gods family (administrator) on GODSFAMILY-HP (12-09-2015 23:21:19) Running from C:\Users\Gods family\Downloads Loaded Profiles: Gods family (Available Profiles: Gods family) Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (AMD) C:\Windows\System32\atieclxx.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe (SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.6.1008.0\McCSPServiceHost.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Easybits) C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_18_0_0_232_ActiveX.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2538280 2010-12-22] (Synaptics Incorporated) HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-02-15] (IDT, Inc.) HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5595848 2015-07-08] (ESET) HKLM-x32\...\Run: [HPConnectionManager] => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [94264 2011-02-15] (Hewlett-Packard Development Company L.P.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421736 2011-11-13] (Apple Inc.) HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [Magic Desktop for HP notification] => C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe [1258504 2013-12-27] (Easybits) HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2011-10-31] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2015-05-01] (Adobe Systems Incorporated) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.) HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1 HKLM\...\Policies\Explorer: [NoFolderOptions] 0 HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-18\...\RunOnce: [KodakHomeCenter] => "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" GroupPolicy: Restriction - Chrome <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 Tcpip\..\Interfaces\{195B3174-F1C4-40F9-A657-9F8C1F4BF288}: [DhcpNameServer] 69.170.120.194 216.114.44.34 Tcpip\..\Interfaces\{DA0C7320-AFE8-42E0-813F-D903862434E4}: [DhcpNameServer] 192.168.1.254 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKU\S-1-5-21-3153944161-608105611-1829901464-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp URLSearchHook: HKLM-x32 -> Default = {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D} SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox SearchScopes: HKLM -> {21A09A26-3F3C-4786-97CB-7495A1C6C36A} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} SearchScopes: HKU\S-1-5-21-3153944161-608105611-1829901464-1001 -> DefaultScope {6852DF0A-6942-41DF-876B-7CB905831405} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US0D20150607&p={searchTerms} SearchScopes: HKU\S-1-5-21-3153944161-608105611-1829901464-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3153944161-608105611-1829901464-1001 -> {6852DF0A-6942-41DF-876B-7CB905831405} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US0D20150607&p={searchTerms} SearchScopes: HKU\S-1-5-21-3153944161-608105611-1829901464-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKU\S-1-5-21-3153944161-608105611-1829901464-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = BHO: ProShaopper -> {6CC0F2D1-3A18-4321-B14A-72CEAB98F17E} -> C:\Program Files (x86)\ProShaopper\eU3FtIMn7SbptZ.x64.dll No File BHO: PrroShopper -> {7A15F800-26EA-442B-B07E-C1EF84DCF9CB} -> C:\Program Files (x86)\PrroShopper\6EgZJ2D8FWsLzJ.x64.dll No File Toolbar: HKU\S-1-5-21-3153944161-608105611-1829901464-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Toolbar: HKU\S-1-5-21-3153944161-608105611-1829901464-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://vpnb-hdc.kroger.com/dana-cached/sc/JuniperSetupClient.cab Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-09-10] (McAfee, Inc.) Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-09-10] (McAfee, Inc.) Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-09-10] (McAfee, Inc.) Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-09-10] (McAfee, Inc.) Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2015-08-11] (McAfee, Inc.) Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2015-08-11] (McAfee, Inc.) FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-22] () FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-08-11] () FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-22] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File] FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2011-10-05] () FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-10-03] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-10-03] (Oracle Corporation) FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-08-11] () FF Plugin-x32: @mcafee.com/MVT -> C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll [2015-08-18] (McAfee, Inc.) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-12-07] () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.) FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2015-06-07] FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor Chrome: ======= CHR dev: Chrome dev build detected! <======= ATTENTION CHR Profile: C:\Users\Gods family\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (No Name) - C:\Users\Gods family\AppData\Local\Google\Chrome\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp [2015-04-12] CHR Extension: (SiteAdvisor) - C:\Users\Gods family\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-07-31] CHR Extension: (No Name) - C:\Users\Gods family\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21] CHR Extension: (No Name) - C:\Users\Gods family\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojonjicgjpbngchmepoeahpfpkehenef [2015-05-31] CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-09-11] CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-09-11] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-04-02] (Advanced Micro Devices, Inc.) [File not signed] R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1353720 2015-07-08] (ESET) R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed] S2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation) R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.) R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2375168 2011-03-07] (Realsil Microelectronics Inc.) [File not signed] R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation) R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [157928 2015-09-10] (McAfee, Inc.) R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [782608 2015-08-11] (McAfee, Inc.) R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.6.1008.0\McCSPServiceHost.exe [1694152 2015-07-23] (McAfee, Inc.) R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.) R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.) S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [639456 2015-07-17] (McAfee, Inc.) R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.) R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.) R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-06-29] (McAfee, Inc.) R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [373704 2015-07-06] (McAfee, Inc.) R2 mfevtp; C:\Windows\system32\mfevtps.exe [254792 2015-06-29] (McAfee, Inc.) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X] S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X] ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [77536 2015-07-02] (McAfee, Inc.) S3 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [255240 2015-07-13] (ESET) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [251632 2015-07-13] (ESET) R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [178520 2015-07-13] (ESET) R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [168208 2015-07-13] (ESET) S3 FlyUsb; C:\Windows\System32\DRIVERS\FlyUsb.sys [24576 2011-11-12] (LeapFrog) S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207208 2015-05-19] (McAfee, Inc.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-09-12] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation) R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [412440 2015-07-02] (McAfee, Inc.) R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [347800 2015-07-02] (McAfee, Inc.) R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [496888 2015-07-02] (McAfee, Inc.) R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [875928 2015-07-02] (McAfee, Inc.) R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [529080 2015-06-28] (McAfee, Inc.) S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109728 2015-06-28] (McAfee, Inc.) R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [37960 2015-09-10] (McAfee, Inc.) R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344704 2015-07-02] (McAfee, Inc.) S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited) S3 clwvd; system32\DRIVERS\clwvd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-09-12 22:34 - 2015-09-12 22:36 - 00049728 _____ C:\Users\Gods family\Downloads\Addition.txt 2015-09-12 22:33 - 2015-09-12 23:21 - 00020585 _____ C:\Users\Gods family\Downloads\FRST.txt 2015-09-12 22:32 - 2015-09-12 23:21 - 00000000 ____D C:\FRST 2015-09-12 22:25 - 2015-09-12 22:25 - 00001173 _____ C:\Users\Gods family\Desktop\FRST64.exe - Shortcut.lnk 2015-09-12 22:24 - 2015-09-12 22:25 - 02190848 _____ (Farbar) C:\Users\Gods family\Downloads\FRST64.exe 2015-09-12 11:42 - 2015-09-12 11:42 - 00375736 _____ C:\Windows\Minidump\091215-46815-01.dmp 2015-09-12 11:08 - 2015-09-12 11:08 - 00000882 _____ C:\Users\Gods family\Desktop\ESET scan 2.xml 2015-09-12 11:07 - 2015-09-12 11:07 - 00000882 _____ C:\Users\Gods family\Desktop\ESET scan.xml 2015-09-12 11:06 - 2015-09-12 11:06 - 00284083 _____ C:\Users\Gods family\Desktop\ESET scan 1.xml 2015-09-12 00:09 - 2015-09-12 00:09 - 00000000 ____D C:\Users\Gods family\AppData\Local\ESET 2015-09-11 23:29 - 2015-09-11 23:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET 2015-09-11 23:29 - 2015-09-11 23:29 - 00000000 ____D C:\ProgramData\ESET 2015-09-11 23:29 - 2015-09-11 23:29 - 00000000 ____D C:\Program Files\ESET 2015-09-11 22:16 - 2015-09-11 22:22 - 00000000 ____D C:\AdwCleaner 2015-09-11 22:09 - 2015-09-11 22:09 - 01660416 _____ C:\Users\Gods family\Desktop\adwcleaner_5.007.exe 2015-09-11 21:36 - 2015-09-11 21:36 - 00375808 _____ C:\Windows\Minidump\091115-38454-01.dmp 2015-09-11 21:17 - 2015-09-11 21:17 - 00027333 _____ C:\Users\Gods family\Desktop\JRT.txt 2015-09-11 21:07 - 2015-09-11 21:07 - 00001142 _____ C:\Users\Gods family\Desktop\JRT.exe - Shortcut.lnk 2015-09-11 21:02 - 2015-09-11 21:02 - 01101640 _____ (Bleeping Computer, LLC) C:\Users\Gods family\Desktop\rkill64.exe 2015-09-11 20:59 - 2015-09-11 20:59 - 01800104 _____ (Malwarebytes Corporation) C:\Users\Gods family\Downloads\JRT.exe 2015-09-11 20:43 - 2015-09-11 20:43 - 00375768 _____ C:\Windows\Minidump\091115-36956-01.dmp 2015-09-11 20:22 - 2015-09-11 20:22 - 01702992 _____ C:\Windows\Minidump\091115-31122-01.dmp 2015-09-11 18:49 - 2015-09-11 18:49 - 00000000 ____D C:\Windows\ERDNT 2015-09-11 18:46 - 2015-09-11 18:46 - 00000924 _____ C:\Users\Gods family\Desktop\NTREGOPT.lnk 2015-09-11 18:46 - 2015-09-11 18:46 - 00000905 _____ C:\Users\Gods family\Desktop\ERUNT.lnk 2015-09-11 18:46 - 2015-09-11 18:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT 2015-09-11 18:46 - 2015-09-11 18:46 - 00000000 ____D C:\Program Files (x86)\ERUNT 2015-09-11 18:41 - 2015-09-11 18:41 - 00791393 _____ (Lars Hederer ) C:\Users\Gods family\Downloads\erunt-setup.exe 2015-09-11 18:30 - 2015-09-12 22:03 - 00001666 _____ C:\Users\Gods family\Desktop\Rkill.txt 2015-09-11 18:16 - 2015-09-11 18:16 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\Gods family\Desktop\rkill.exe 2015-09-11 18:15 - 2015-09-11 23:07 - 00000000 ____D C:\Users\Gods family\Documents\Virus Removal stuff 2015-09-11 18:09 - 2015-09-11 18:09 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\Gods family\Downloads\rkill.exe 2015-09-08 23:07 - 2015-09-08 23:07 - 00509976 _____ C:\Windows\Minidump\090815-31730-01.dmp 2015-09-08 22:43 - 2015-09-08 22:43 - 01702992 _____ C:\Windows\Minidump\090815-30435-01.dmp 2015-09-08 17:25 - 2015-08-17 20:42 - 00393304 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-09-08 17:25 - 2015-08-17 20:14 - 00344168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-09-08 17:25 - 2015-08-15 01:48 - 25190400 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-09-08 17:25 - 2015-08-15 01:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-09-08 17:25 - 2015-08-15 01:33 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-09-08 17:25 - 2015-08-15 01:18 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-09-08 17:25 - 2015-08-15 01:18 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-09-08 17:25 - 2015-08-15 01:17 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-09-08 17:25 - 2015-08-15 01:17 - 00585216 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-09-08 17:25 - 2015-08-15 01:17 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-09-08 17:25 - 2015-08-15 01:17 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-09-08 17:25 - 2015-08-15 01:10 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-09-08 17:25 - 2015-08-15 01:09 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-09-08 17:25 - 2015-08-15 01:06 - 19856896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-09-08 17:25 - 2015-08-15 01:06 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-09-08 17:25 - 2015-08-15 01:04 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-09-08 17:25 - 2015-08-15 01:04 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-09-08 17:25 - 2015-08-15 01:04 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-09-08 17:25 - 2015-08-15 01:04 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-09-08 17:25 - 2015-08-15 01:00 - 05923328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-09-08 17:25 - 2015-08-15 00:57 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-09-08 17:25 - 2015-08-15 00:53 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-09-08 17:25 - 2015-08-15 00:53 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-09-08 17:25 - 2015-08-15 00:46 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-09-08 17:25 - 2015-08-15 00:42 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-09-08 17:25 - 2015-08-15 00:41 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-09-08 17:25 - 2015-08-15 00:40 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-09-08 17:25 - 2015-08-15 00:40 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-09-08 17:25 - 2015-08-15 00:39 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2015-09-08 17:25 - 2015-08-15 00:39 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-09-08 17:25 - 2015-08-15 00:39 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2015-09-08 17:25 - 2015-08-15 00:38 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-09-08 17:25 - 2015-08-15 00:35 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-09-08 17:25 - 2015-08-15 00:33 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-09-08 17:25 - 2015-08-15 00:32 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-09-08 17:25 - 2015-08-15 00:30 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-09-08 17:25 - 2015-08-15 00:29 - 00665600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-09-08 17:25 - 2015-08-15 00:29 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2015-09-08 17:25 - 2015-08-15 00:29 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2015-09-08 17:25 - 2015-08-15 00:24 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-09-08 17:25 - 2015-08-15 00:23 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-09-08 17:25 - 2015-08-15 00:22 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-09-08 17:25 - 2015-08-15 00:22 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-09-08 17:25 - 2015-08-15 00:21 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-09-08 17:25 - 2015-08-15 00:16 - 14451712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-09-08 17:25 - 2015-08-15 00:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-09-08 17:25 - 2015-08-15 00:14 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-09-08 17:25 - 2015-08-15 00:12 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-09-08 17:25 - 2015-08-15 00:11 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-09-08 17:25 - 2015-08-15 00:10 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-09-08 17:25 - 2015-08-15 00:07 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-09-08 17:25 - 2015-08-15 00:04 - 12857344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-09-08 17:25 - 2015-08-15 00:02 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-09-08 17:25 - 2015-08-15 00:01 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-09-08 17:25 - 2015-08-15 00:01 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2015-09-08 17:25 - 2015-08-14 23:55 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-09-08 17:25 - 2015-08-14 23:43 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-09-08 17:25 - 2015-08-14 23:43 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-09-08 17:25 - 2015-08-14 23:39 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-09-08 17:25 - 2015-08-14 23:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-09-08 17:25 - 2015-08-05 12:56 - 01110016 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll 2015-09-08 17:25 - 2015-08-05 12:56 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll 2015-09-08 17:25 - 2015-08-05 12:40 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll 2015-09-08 17:25 - 2015-07-22 19:06 - 05568960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-09-08 17:25 - 2015-07-22 19:03 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-09-08 17:25 - 2015-07-22 19:02 - 01390592 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll 2015-09-08 17:25 - 2015-07-22 19:02 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2015-09-08 17:25 - 2015-07-22 19:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll 2015-09-08 17:25 - 2015-07-22 12:57 - 03934656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-09-08 17:25 - 2015-07-22 11:48 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll 2015-09-08 17:25 - 2015-07-14 22:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2015-09-08 17:25 - 2015-07-14 21:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2015-09-08 17:25 - 2015-07-09 12:58 - 01632256 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll 2015-09-08 17:25 - 2015-07-09 12:58 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll 2015-09-08 17:25 - 2015-07-09 12:42 - 01372160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll 2015-09-08 17:25 - 2015-07-09 12:42 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll 2015-09-08 17:25 - 2015-06-25 05:06 - 00115136 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe 2015-09-08 17:25 - 2015-06-25 05:01 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2015-09-08 17:25 - 2015-06-25 05:01 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll 2015-09-08 17:25 - 2015-06-25 04:44 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2015-09-08 17:24 - 2015-07-22 19:06 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-09-08 17:24 - 2015-07-22 19:06 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-09-08 17:24 - 2015-07-22 19:03 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2015-09-08 17:24 - 2015-07-22 19:03 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2015-09-08 17:24 - 2015-07-22 19:03 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2015-09-08 17:24 - 2015-07-22 19:03 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2015-09-08 17:24 - 2015-07-22 19:02 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-09-08 17:24 - 2015-07-22 19:02 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2015-09-08 17:24 - 2015-07-22 19:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2015-09-08 17:24 - 2015-07-22 19:02 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-09-08 17:24 - 2015-07-22 19:02 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-09-08 17:24 - 2015-07-22 19:02 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2015-09-08 17:24 - 2015-07-22 19:02 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-09-08 17:24 - 2015-07-22 19:02 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-09-08 17:24 - 2015-07-22 19:02 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-09-08 17:24 - 2015-07-22 19:02 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-09-08 17:24 - 2015-07-22 19:02 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-09-08 17:24 - 2015-07-22 19:02 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-09-08 17:24 - 2015-07-22 19:02 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-09-08 17:24 - 2015-07-22 19:02 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-09-08 17:24 - 2015-07-22 19:02 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-09-08 17:24 - 2015-07-22 19:02 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2015-09-08 17:24 - 2015-07-22 19:02 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-09-08 17:24 - 2015-07-22 19:02 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-09-08 17:24 - 2015-07-22 19:02 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-09-08 17:24 - 2015-07-22 19:02 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-09-08 17:24 - 2015-07-22 19:02 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2015-09-08 17:24 - 2015-07-22 19:01 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2015-09-08 17:24 - 2015-07-22 19:01 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-09-08 17:24 - 2015-07-22 19:01 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-09-08 17:24 - 2015-07-22 18:58 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-09-08 17:24 - 2015-07-22 18:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-09-08 17:24 - 2015-07-22 18:52 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2015-09-08 17:24 - 2015-07-22 18:52 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2015-09-08 17:24 - 2015-07-22 18:52 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2015-09-08 17:24 - 2015-07-22 18:52 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2015-09-08 17:24 - 2015-07-22 18:52 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2015-09-08 17:24 - 2015-07-22 18:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2015-09-08 17:24 - 2015-07-22 18:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2015-09-08 17:24 - 2015-07-22 18:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2015-09-08 17:24 - 2015-07-22 18:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2015-09-08 17:24 - 2015-07-22 18:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-09-08 17:24 - 2015-07-22 18:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2015-09-08 17:24 - 2015-07-22 18:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2015-09-08 17:24 - 2015-07-22 18:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2015-09-08 17:24 - 2015-07-22 18:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2015-09-08 17:24 - 2015-07-22 18:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2015-09-08 17:24 - 2015-07-22 18:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2015-09-08 17:24 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2015-09-08 17:24 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2015-09-08 17:24 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2015-09-08 17:24 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2015-09-08 17:24 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2015-09-08 17:24 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2015-09-08 17:24 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2015-09-08 17:24 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2015-09-08 17:24 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2015-09-08 17:24 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2015-09-08 17:24 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2015-09-08 17:24 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2015-09-08 17:24 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2015-09-08 17:24 - 2015-07-22 18:51 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-09-08 17:24 - 2015-07-22 12:57 - 03989952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-09-08 17:24 - 2015-07-22 12:54 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2015-09-08 17:24 - 2015-07-22 12:53 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2015-09-08 17:24 - 2015-07-22 12:53 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll 2015-09-08 17:24 - 2015-07-22 12:53 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-09-08 17:24 - 2015-07-22 12:53 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2015-09-08 17:24 - 2015-07-22 12:53 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-09-08 17:24 - 2015-07-22 12:53 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2015-09-08 17:24 - 2015-07-22 12:53 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2015-09-08 17:24 - 2015-07-22 12:53 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2015-09-08 17:24 - 2015-07-22 12:53 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-09-08 17:24 - 2015-07-22 12:53 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll 2015-09-08 17:24 - 2015-07-22 12:53 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2015-09-08 17:24 - 2015-07-22 12:53 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2015-09-08 17:24 - 2015-07-22 12:53 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2015-09-08 17:24 - 2015-07-22 12:52 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2015-09-08 17:24 - 2015-07-22 12:52 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2015-09-08 17:24 - 2015-07-22 12:52 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2015-09-08 17:24 - 2015-07-22 12:52 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2015-09-08 17:24 - 2015-07-22 12:52 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2015-09-08 17:24 - 2015-07-22 12:52 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2015-09-08 17:24 - 2015-07-22 12:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2015-09-08 17:24 - 2015-07-22 12:47 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2015-09-08 17:24 - 2015-07-22 12:46 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-09-08 17:24 - 2015-07-22 12:42 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-09-08 17:24 - 2015-07-22 12:42 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2015-09-08 17:24 - 2015-07-22 12:42 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2015-09-08 17:24 - 2015-07-22 12:42 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2015-09-08 17:24 - 2015-07-22 12:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2015-09-08 17:24 - 2015-07-22 12:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2015-09-08 17:24 - 2015-07-22 12:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2015-09-08 17:24 - 2015-07-22 12:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2015-09-08 17:24 - 2015-07-22 12:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2015-09-08 17:24 - 2015-07-22 12:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2015-09-08 17:24 - 2015-07-22 12:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2015-09-08 17:24 - 2015-07-22 12:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2015-09-08 17:24 - 2015-07-22 12:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2015-09-08 17:24 - 2015-07-22 12:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2015-09-08 17:24 - 2015-07-22 12:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2015-09-08 17:24 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2015-09-08 17:24 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-09-08 17:24 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2015-09-08 17:24 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2015-09-08 17:24 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2015-09-08 17:24 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2015-09-08 17:24 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2015-09-08 17:24 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2015-09-08 17:24 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2015-09-08 17:24 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2015-09-08 17:24 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2015-09-08 17:24 - 2015-07-22 11:45 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2015-09-08 17:24 - 2015-07-22 11:44 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2015-09-08 17:24 - 2015-07-22 11:44 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2015-09-08 17:24 - 2015-07-22 11:34 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2015-09-08 17:24 - 2015-07-22 11:34 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2015-09-08 17:24 - 2015-07-22 11:31 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2015-09-08 17:24 - 2015-07-22 11:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2015-09-08 17:24 - 2015-07-22 11:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2015-09-08 17:24 - 2015-07-22 11:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2015-09-08 17:23 - 2015-08-27 13:18 - 02004480 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2015-09-08 17:23 - 2015-08-27 13:18 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2015-09-08 17:23 - 2015-08-27 13:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll 2015-09-08 17:23 - 2015-08-27 13:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2015-09-08 17:23 - 2015-08-27 12:58 - 01391104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2015-09-08 17:23 - 2015-08-27 12:58 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2015-09-08 17:23 - 2015-08-27 12:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll 2015-09-08 17:23 - 2015-08-27 12:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2015-09-08 17:23 - 2015-08-04 13:03 - 00692672 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2015-09-08 17:23 - 2015-08-04 13:00 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2015-09-08 17:23 - 2015-08-04 12:56 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2015-09-08 17:23 - 2015-08-04 12:56 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2015-09-08 17:23 - 2015-08-04 12:56 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2015-09-08 17:23 - 2015-08-04 12:55 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2015-09-08 17:23 - 2015-08-04 12:55 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2015-09-08 17:23 - 2015-08-04 12:47 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll 2015-09-08 17:23 - 2015-08-04 11:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2015-09-08 17:22 - 2015-09-01 22:04 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2015-09-08 17:22 - 2015-09-01 22:04 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2015-09-08 17:22 - 2015-09-01 22:04 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2015-09-08 17:22 - 2015-09-01 22:04 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2015-09-08 17:22 - 2015-09-01 21:48 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll 2015-09-08 17:22 - 2015-09-01 21:48 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2015-09-08 17:22 - 2015-09-01 21:48 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll 2015-09-08 17:22 - 2015-09-01 21:47 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll 2015-09-08 17:22 - 2015-09-01 20:51 - 03209216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-09-08 17:22 - 2015-09-01 20:47 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2015-09-08 17:22 - 2015-09-01 20:33 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2015-09-08 17:22 - 2015-08-26 13:07 - 03165696 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2015-09-08 17:22 - 2015-08-26 13:07 - 02606080 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2015-09-08 17:22 - 2015-08-26 13:07 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2015-09-08 17:22 - 2015-08-26 13:07 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2015-09-08 17:22 - 2015-08-26 13:07 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2015-09-08 17:22 - 2015-08-26 13:07 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2015-09-08 17:22 - 2015-08-26 13:07 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2015-09-08 17:22 - 2015-08-26 13:06 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2015-09-08 17:22 - 2015-08-26 13:06 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll 2015-09-08 17:22 - 2015-08-26 13:06 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2015-09-08 17:22 - 2015-08-26 13:06 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll 2015-09-08 17:22 - 2015-08-26 12:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2015-09-08 17:22 - 2015-08-26 12:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2015-09-08 17:22 - 2015-08-26 12:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2015-09-08 17:22 - 2015-08-26 12:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2015-09-08 17:22 - 2015-08-26 12:55 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2015-08-30 17:38 - 2015-08-30 17:38 - 00002429 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2015-08-30 16:51 - 2015-09-12 21:14 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-08-30 16:50 - 2015-08-30 17:37 - 00001096 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-08-30 16:50 - 2015-08-30 16:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-08-30 16:50 - 2015-08-30 16:50 - 00000000 ____D C:\ProgramData\Malwarebytes 2015-08-30 16:50 - 2015-08-30 16:50 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-08-30 16:50 - 2015-06-18 09:38 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-08-30 16:50 - 2015-06-18 09:38 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-08-30 16:50 - 2015-06-18 09:38 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-08-30 15:44 - 2015-08-30 15:44 - 00000000 ____D C:\Users\Gods family\AppData\Roaming\McAfee 2015-08-23 09:43 - 2015-07-30 08:13 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2015-08-23 09:43 - 2015-07-30 08:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2015-08-21 18:01 - 2015-08-21 22:22 - 00000356 _____ C:\Windows\Tasks\HPCeeScheduleForGods family.job 2015-08-21 18:01 - 2015-08-21 18:01 - 00003222 _____ C:\Windows\System32\Tasks\HPCeeScheduleForGods family 2015-08-16 14:45 - 2015-07-28 15:09 - 00017344 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe 2015-08-16 14:45 - 2015-07-28 15:05 - 01116672 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-08-16 14:45 - 2015-07-28 15:05 - 00774656 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-08-16 14:45 - 2015-07-28 15:05 - 00743424 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-08-16 14:45 - 2015-07-28 15:05 - 00437760 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-08-16 14:45 - 2015-07-28 15:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2015-08-16 14:45 - 2015-07-28 15:05 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2015-08-16 14:45 - 2015-07-28 14:55 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-08-16 14:45 - 2015-07-15 13:15 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys 2015-08-16 14:45 - 2015-07-15 13:10 - 01743360 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll 2015-08-16 14:45 - 2015-07-15 13:10 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll 2015-08-16 14:44 - 2015-07-10 12:51 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2015-08-16 14:44 - 2015-07-10 12:51 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll 2015-08-16 14:44 - 2015-07-10 12:51 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll 2015-08-16 14:44 - 2015-07-10 12:34 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2015-08-16 14:44 - 2015-07-10 12:34 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll 2015-08-16 14:44 - 2015-07-10 12:33 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll 2015-08-16 14:43 - 2015-07-14 22:19 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll 2015-08-16 14:40 - 2015-07-30 13:06 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2015-08-16 14:40 - 2015-07-30 13:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2015-08-16 14:40 - 2015-07-30 13:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2015-08-16 14:40 - 2015-07-30 12:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll 2015-08-16 14:40 - 2015-07-30 12:57 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2015-08-16 14:40 - 2015-07-09 12:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe 2015-08-16 14:40 - 2015-07-09 12:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\notepad.exe 2015-08-16 14:40 - 2015-07-09 12:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe 2015-08-16 14:40 - 2015-07-01 15:49 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll 2015-08-16 14:40 - 2015-07-01 15:48 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll 2015-08-16 14:40 - 2015-07-01 15:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll 2015-08-16 14:40 - 2015-07-01 15:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll 2015-08-16 14:39 - 2015-07-10 12:51 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2015-08-16 14:39 - 2015-07-10 12:34 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-09-12 23:10 - 2011-08-24 18:05 - 00000000 ____D C:\Users\Gods family\AppData\Local\CrashDumps 2015-09-12 23:08 - 2015-04-27 05:36 - 00001028 _____ C:\Windows\Tasks\3awInI4mXB1OZnoR.job 2015-09-12 22:32 - 2013-01-27 20:00 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-09-12 21:33 - 2009-07-13 23:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-09-12 21:33 - 2009-07-13 23:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-09-12 21:15 - 2011-07-11 18:09 - 00003970 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{5A98DA96-D311-4286-82A0-74355D954CFC} 2015-09-12 21:14 - 2015-06-19 07:34 - 00000332 _____ C:\Windows\Tasks\PhraseAnalyzer.job 2015-09-12 11:58 - 2011-06-20 16:39 - 01766550 _____ C:\Windows\WindowsUpdate.log 2015-09-12 11:42 - 2011-12-28 18:48 - 451807167 _____ C:\Windows\MEMORY.DMP 2015-09-12 11:42 - 2011-12-28 18:48 - 00000000 ____D C:\Windows\Minidump 2015-09-12 11:42 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-09-12 11:42 - 2009-07-13 23:51 - 00095875 _____ C:\Windows\setupact.log 2015-09-11 22:24 - 2010-11-20 22:47 - 01019088 _____ C:\Windows\PFRO.log 2015-09-11 22:22 - 2014-02-02 11:01 - 00000000 ____D C:\Program Files (x86)\Yahoo! 2015-09-11 22:22 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\System 2015-09-11 18:10 - 2012-01-22 22:07 - 00026112 ___SH C:\Users\Gods family\Documents\Thumbs.db 2015-09-10 19:53 - 2009-07-14 00:13 - 00783464 _____ C:\Windows\system32\PerfStringBackup.INI 2015-09-10 19:44 - 2009-07-13 23:45 - 00286112 _____ C:\Windows\system32\FNTCACHE.DAT 2015-09-10 19:41 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\PolicyDefinitions 2015-09-10 19:35 - 2011-07-13 15:53 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log 2015-09-10 19:20 - 2013-07-16 06:17 - 00000000 ____D C:\Windows\system32\MRT 2015-09-08 21:25 - 2014-08-17 09:39 - 00000000 ____D C:\Windows\pss 2015-09-08 19:58 - 2011-07-21 17:45 - 00000000 ____D C:\Users\Gods family\AppData\Roaming\SoftGrid Client 2015-08-30 17:40 - 2015-07-24 13:24 - 00000000 ____D C:\Program Files (x86)\Little Group 2015-08-30 17:40 - 2015-07-07 22:06 - 00000000 ____D C:\Program Files (x86)\Convoluted Editor 2015-08-30 17:39 - 2011-07-11 18:09 - 00001389 _____ C:\Users\Gods family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-08-30 17:38 - 2011-09-04 12:11 - 00002507 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk 2015-08-30 17:38 - 2011-07-11 18:05 - 00002092 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Download Store.lnk 2015-08-30 17:38 - 2011-07-11 18:05 - 00002062 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Trials for QuickBooks, Quicken and TurboTax.lnk 2015-08-30 17:38 - 2011-06-20 16:36 - 00001333 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk 2015-08-30 17:38 - 2011-06-20 16:36 - 00001314 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk 2015-08-30 17:38 - 2011-05-17 15:10 - 00001362 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk 2015-08-30 17:38 - 2011-05-17 15:10 - 00001293 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk 2015-08-30 17:38 - 2011-05-17 15:09 - 00002474 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk 2015-08-30 17:38 - 2011-05-17 15:09 - 00001446 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk 2015-08-30 17:38 - 2011-05-17 15:06 - 00002423 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2010.lnk 2015-08-30 17:38 - 2009-07-13 23:57 - 00001511 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2015-08-30 17:38 - 2009-07-13 23:57 - 00001340 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk 2015-08-30 17:38 - 2009-07-13 23:57 - 00001292 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk 2015-08-30 17:38 - 2009-07-13 23:57 - 00001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk 2015-08-30 17:38 - 2009-07-13 23:54 - 00001198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk 2015-08-30 17:37 - 2015-06-07 16:47 - 00001868 _____ C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk 2015-08-30 17:37 - 2015-04-24 11:06 - 00001839 _____ C:\Users\Public\Desktop\QuickTime Player.lnk 2015-08-30 17:37 - 2014-12-13 12:16 - 00002013 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk 2015-08-30 17:37 - 2014-08-06 19:49 - 00001740 _____ C:\Users\Gods family\Desktop\istation - Shortcut.lnk 2015-08-30 17:37 - 2014-08-06 19:32 - 00001001 _____ C:\Users\Public\Desktop\The Imagination Station LF972113.lnk 2015-08-30 17:37 - 2014-02-15 17:49 - 00001212 _____ C:\Users\Gods family\Desktop\Calculator.lnk 2015-08-30 17:37 - 2014-01-26 14:58 - 00002052 _____ C:\Users\Public\Desktop\EPSON XP-400 User's Guide.lnk 2015-08-30 17:37 - 2014-01-26 14:29 - 00000924 _____ C:\Users\Public\Desktop\EPSON Scan.lnk 2015-08-30 17:37 - 2013-12-19 18:54 - 00002217 _____ C:\Users\Gods family\Desktop\HP Support Assistant.lnk 2015-08-30 17:37 - 2013-07-11 16:41 - 00002162 _____ C:\Users\Public\Desktop\education.com website.lnk 2015-08-30 17:37 - 2013-07-11 16:41 - 00002105 _____ C:\Users\Public\Desktop\JumpStart Typing.lnk 2015-08-30 17:37 - 2012-03-11 15:23 - 00001111 _____ C:\Users\Public\Desktop\Nitto 1320 Legends.lnk 2015-08-30 17:37 - 2011-11-18 21:24 - 00001777 _____ C:\Users\Public\Desktop\iTunes.lnk 2015-08-30 17:37 - 2011-08-10 14:11 - 00002159 _____ C:\Users\Public\Desktop\Pencil-Pal Preschool.lnk 2015-08-30 17:37 - 2011-07-21 16:53 - 00001134 _____ C:\Users\Public\Desktop\OpenOffice.org 3.1.lnk 2015-08-30 17:37 - 2011-05-17 14:58 - 00002388 _____ C:\Users\Public\Desktop\WildTangent Games App - hp.lnk 2015-08-30 17:37 - 2009-07-14 00:01 - 00001218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk 2015-08-30 17:37 - 2009-07-13 23:49 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk 2015-08-30 15:44 - 2015-06-07 19:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee 2015-08-30 15:44 - 2015-06-07 16:45 - 00000000 ____D C:\Program Files (x86)\McAfee 2015-08-30 15:44 - 2011-11-02 19:35 - 00000000 ____D C:\ProgramData\McAfee 2015-08-29 14:38 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\system32\FxsTmp 2015-08-26 18:37 - 2011-11-08 09:07 - 134753440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-08-23 14:28 - 2011-10-14 17:19 - 00000000 ____D C:\Program Files (x86)\iTunes 2015-08-23 13:50 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache 2015-08-23 10:24 - 2012-05-14 05:51 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2015-08-23 10:24 - 2012-05-14 05:51 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2015-08-23 10:20 - 2014-12-14 04:27 - 00000000 ____D C:\Windows\system32\appraiser 2015-08-23 10:20 - 2014-05-06 09:45 - 00000000 ___SD C:\Windows\system32\CompatTel 2015-08-23 10:14 - 2015-06-07 18:19 - 00007597 _____ C:\Users\Gods family\AppData\Local\Resmon.ResmonCfg 2015-08-23 10:12 - 2015-04-19 07:20 - 00000626 _____ C:\Users\Gods family\AppData\Roaming\3awInI4mXB1OZnoR 2015-08-23 09:42 - 2012-05-14 05:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-08-22 18:10 - 2013-01-27 20:00 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-08-22 18:10 - 2013-01-27 20:00 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-08-22 18:10 - 2011-07-17 12:23 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-08-22 15:33 - 2007-01-01 20:25 - 00000000 ____D C:\Windows\Panther 2015-08-22 15:29 - 2015-07-10 08:39 - 00000000 ___HD C:\$Windows.~BT 2015-08-22 14:46 - 2015-06-07 16:06 - 00000000 ____D C:\Program Files\Common Files\McAfee 2015-08-22 14:45 - 2015-06-28 17:56 - 00003064 _____ C:\Windows\System32\Tasks\McAfeeLogon 2015-08-21 17:54 - 2015-07-15 20:18 - 00003344 _____ C:\Windows\System32\Tasks\McAfee Remediation (Prepare) 2015-08-16 13:58 - 2011-07-11 18:03 - 00000000 ____D C:\Users\Gods family ==================== Files in the root of some directories ======= 2015-04-19 07:20 - 2015-08-23 10:12 - 0000626 _____ () C:\Users\Gods family\AppData\Roaming\3awInI4mXB1OZnoR 2011-07-11 22:26 - 2011-07-11 22:26 - 0000236 _____ () C:\Users\Gods family\AppData\Local\LaunchHomeCenter.log 2015-06-07 18:19 - 2015-08-23 10:14 - 0007597 _____ () C:\Users\Gods family\AppData\Local\Resmon.ResmonCfg 2015-04-19 14:01 - 2015-04-19 20:12 - 0011778 _____ () C:\Users\Gods family\AppData\Local\Temp-log.txt 2015-06-05 16:46 - 2015-06-05 16:46 - 0000000 _____ () C:\Users\Gods family\AppData\Local\Temp.dat 2015-02-26 23:05 - 2015-02-26 23:05 - 0001623 _____ () C:\ProgramData\tempimage.bmp Some files in TEMP: ==================== C:\Users\Gods family\AppData\Local\Temp\InstHelper.exe C:\Users\Gods family\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-09-01 20:08 ==================== End of FRST.txt ============================ Addition.txt
  8. Ran FarBar, and attached the files. Also, ran malwarebytes and restarted computer. Still getting popups and such. Kaspersky isn't showing anything either. Super frustrated with these redirects, please help! Ty in advance! Addition.txt FRST.txt
  9. Hello, I've recently been fighting some nasty malware that has creeped into my computer that I built a little over a year ago and was working flawlessly up until last month. It started when I noticed some intrusive ads in my Google searches and an extension in my Chrome browser that I didn't recognize nor installed myself. Since then I've done a series of uninstalls and removals on the unwanted programs and extensions using several programs (Mostly Spybot Search & Destroy and Malwarebytes Anti-Malware). At first it looked like I got rid of everything unwanted but I noticed that every so many days the ads and malware kept returning, so I slowly but surely chipped away at finding the source of the problem and I seem to have gotten rid of the bulk of it presently but there's at least one malware that I just can't find and eliminate. It's something that causes my Chrome browser to redirect to an undesired web page when I open a new window in Chrome. It doesn't happen frequently; only once every hour or so. In the meantime, I can open dozens of new windows and tabs without any problems. For the most part, my browsing experience is pleasurable and I simply end the task on the Chrome window that occasionally gets redirected. Other than that, my computer's running fine, so I would simply like help trying to track down this piece of malware that's causing my Chrome to redirect please. Attached are the FRST.txt and Addition.txt files generated from Farbar's Recovery Scan Tool. The two security softwares I'm presently using are Microsoft Security Essentials and Spybot Search & Destroy. I've ran several threat scans in Malwarebytes Anti-Malware and it never detects any threats. Please let me know if there's any other additional system or setup information you guys need and I will be happy to provide it. FRST.txt Addition.txt
  10. I'm having difficulty removing a web redirect from within Chrome and IE. I swept the PC with Hitman pro which got a couple of infections (zero access being one of them). Still no joy, I've removed Chrome too and reinstalled creating a new default profile for it, which didn't cure it so I have left Chrome off for the moment but would like it back on at some stage. If I have scripts off within IE I seem to be Ok but as soon as they are on I seem to get the issue. Here's my FRS Log and additions Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015Ran by Mark (administrator) on MARK-HP6470B on 23-03-2015 19:44:47Running from C:\Users\Mark\DownloadsLoaded Profiles: Mark (Available profiles: Mark)Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)Internet Explorer Version 11 (Default browser: IE)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE(Microsoft Corporation) C:\Windows\System32\wlanext.exe(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\BCMWLTRY.EXE(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe(Foolish IT LLC) C:\D7\d7.exe(Reed Business Information Limited) C:\Program Files (x86)\Farmade\GateKeeper\Farmade.GateKeeper.Services.Admin.exe(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\818\g2ax_service.exe(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe(Intel Corporation) C:\Windows\System32\igfxtray.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE(Hewlett-Packard Company) C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\818\g2ax_comm_customer.exe(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\818\g2ax_system_customer.exe(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\818\g2ax_user_customer.exe(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe(Hewlett-Packard Company) C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.GATEKEEPER\MSSQL\Binn\sqlservr.exe(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\Bluetooth Headset Helper.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe(Microsoft Corporation) C:\Windows\System32\mobsync.exe(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe(Portrait Displays, Inc) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSDKHelperx64.exe(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe(Intel Corporation) C:\Windows\System32\igfxext.exe(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\outlook.exe(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\818\g2ax_host_service.exe(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\818\g2ax_user_high_customer.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2887440 2012-03-09] (Synaptics Incorporated)HKLM\...\Run: [HPPowerAssistant] => C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [3488640 2012-03-14] (Hewlett-Packard Company)HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-11-12] (IDT, Inc.)HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)HKLM\...\Run: [broadcom Wireless Manager UI] => C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.exe [8628224 2014-07-09] (Broadcom Corporation)HKLM\...\Run: [HP LaserJet 200 color MFP M276 Series Fax] => C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe [3706424 2011-10-09] (Hewlett-Packard Company)HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2012-03-01] (Intel Corporation)HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-02-22] (Intel Corporation)HKLM-x32\...\Run: [YouCam Mirage] => c:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [139792 2012-10-24] (CyberLink)HKLM-x32\...\Run: [YouCam Tray] => c:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe [168464 2012-10-24] (CyberLink Corp.)HKLM-x32\...\Run: [RemoteControl10] => c:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)HKLM-x32\...\Run: [HPConnectionManager] => c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [185144 2013-04-23] (Hewlett-Packard Development Company, L.P.)HKLM-x32\...\Run: [CLMLServer_For_P2G8] => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111136 2012-11-21] (CyberLink)HKLM-x32\...\Run: [CLVirtualDrive] => c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [493088 2012-11-21] (CyberLink Corp.)HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [336672 2014-02-10] (Hewlett-Packard Company)HKLM-x32\...\Run: [statusAlerts] => C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe [313248 2012-07-18] (Hewlett-Packard Company)HKLM-x32\...\Run: [] => [X]Winlogon\Notify\GoToAssist Express Customer: C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\818\g2ax_winlogonx64.dll (Citrix Systems, Inc.)Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)HKU\S-1-5-21-3401713764-703818692-136102152-1001\...\Run: [GoToAssist Remote Support Expert] => C:\Users\Mark\AppData\Local\Citrix\GoToAssist Remote Support Expert\545\g2ax_start.exe [610376 2013-09-10] (Citrix Online, a division of Citrix Systems, Inc.)HKU\S-1-5-21-3401713764-703818692-136102152-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-11-21] (Apple Inc.)HKU\S-1-5-21-3401713764-703818692-136102152-1001\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31087200 2015-01-23] (Skype Technologies S.A.)HKU\S-1-5-21-3401713764-703818692-136102152-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\scrnsave.scr [11264 2009-07-14] (Microsoft Corporation)Lsa: [Notification Packages] scecli c:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dllStartup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnkShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONHKU\S-1-5-21-3401713764-703818692-136102152-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.ProxyServer: [.DEFAULT] => http=127.0.0.1:54296;https=127.0.0.1:54296HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhomeHKU\S-1-5-21-3401713764-703818692-136102152-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/HKU\S-1-5-21-3401713764-703818692-136102152-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchSearchScopes: HKU\S-1-5-21-3401713764-703818692-136102152-1001 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}&src=IE-SearchBoxSearchScopes: HKU\S-1-5-21-3401713764-703818692-136102152-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3401713764-703818692-136102152-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}&src=IE-SearchBoxBHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-07-01] (Oracle Corporation)BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2014-02-16] (LastPass)BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-02-10] (Microsoft Corporation)BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation)BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-07-01] (Oracle Corporation)BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-07-01] (Oracle Corporation)BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2014-02-16] (LastPass)BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-02-10] (Microsoft Corporation)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-07-01] (Oracle Corporation)Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2014-02-16] (LastPass)Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2014-02-16] (LastPass)Toolbar: HKU\S-1-5-21-3401713764-703818692-136102152-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No FileHandler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)Winsock: Catalog5 01 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"Winsock: Catalog5-x64 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"Tcpip\Parameters: [DhcpNameServer] 192.168.1.1Tcpip\..\Interfaces\{C4B3703A-8575-4A50-ACEE-2DC221FC0DA8}: [NameServer] 208.67.222.222 FireFox:========FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-01] (Oracle Corporation)FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-07-01] (Oracle Corporation)FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2014-02-16] (LastPass)FF Plugin: @microsoft.com/GENUINE -> disabled No FileFF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-01] (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-07-01] (Oracle Corporation)FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass.dll [2014-02-16] (LastPass)FF Plugin-x32: @microsoft.com/GENUINE -> disabled No FileFF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-08-16] (Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll [2015-03-11] (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll [2015-03-11] (Google Inc.)FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) Chrome: =======CHR StartupUrls: Profile 2 -> "https://www.google.co.uk/"CHR Profile: C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Profile 2CHR Extension: (Google Slides) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-23]CHR Extension: (Google Docs) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-23]CHR Extension: (Google Drive) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-23]CHR Extension: (YouTube) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-23]CHR Extension: (Google Search) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-23]CHR Extension: (Google Sheets) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-23]CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-23]CHR Extension: (Google Wallet) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-23]CHR Extension: (Gmail) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-23]CHR HKU\S-1-5-21-3401713764-703818692-136102152-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - https://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2714800 2015-02-10] (Microsoft Corporation)R2 D7Service; C:\D7\d7.exe [7884120 2014-04-02] (Foolish IT LLC) [File not signed]R2 GateKeeperStandaloneAdmin; C:\Program Files (x86)\Farmade\GateKeeper\Farmade.GateKeeper.Services.Admin.exe [48128 2015-02-09] (Reed Business Information Limited) [File not signed]R2 GoToAssist Remote Support Customer; C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\818\g2ax_service.exe [610888 2015-03-09] (Citrix Systems, Inc.)S3 HP DS Service; C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [13824 2011-10-17] (Hewlett-Packard Company) [File not signed]R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [164864 2012-05-02] (HP) [File not signed]R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [683296 2014-02-10] (Hewlett-Packard Company)R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-03-28] ()R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165144 2012-03-28] (Intel Corporation)R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)R2 MSSQL$GATEKEEPER; C:\Program Files\Microsoft SQL Server\MSSQL10_50.GATEKEEPER\MSSQL\Binn\sqlservr.exe [61913952 2010-04-03] (Microsoft Corporation)S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1919256 2015-02-12] (IBM Corp.)S4 RemoteAccess; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)S4 RemoteAccess; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)S4 SQLAgent$GATEKEEPER; C:\Program Files\Microsoft SQL Server\MSSQL10_50.GATEKEEPER\MSSQL\Binn\SQLAGENT.EXE [428384 2010-04-03] (Microsoft Corporation)R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [327680 2012-11-12] (IDT, Inc.) [File not signed]S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe [5878272 2014-07-09] (Broadcom Corporation) [File not signed]S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [X]S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [165688 2012-09-25] (Broadcom Corporation.)S3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2012-02-02] (Broadcom Corporation.)R1 CLVirtualDrive; C:\Windows\System32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)R3 johci; C:\Windows\System32\DRIVERS\johci.sys [26208 2012-08-24] (JMicron Technology Corp.)R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)R1 RapportCerberus_80128; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_80128.sys [844440 2015-02-24] (IBM Corp.)R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [445816 2015-02-12] (IBM Corp.)R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [535576 2015-02-12] (IBM Corp.)R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [558872 2015-02-12] (IBM Corp.)R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1866080 2012-11-20] ()S3 catchme; \??\C:\cf8675309\catchme.sys [X]S3 garirpzj; garirpzj.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-23 19:44 - 2015-03-23 19:45 - 00025311 _____ () C:\Users\Mark\Downloads\FRST.txt2015-03-23 19:44 - 2015-03-23 19:44 - 02095616 _____ (Farbar) C:\Users\Mark\Downloads\FRST64.exe2015-03-23 19:44 - 2015-03-23 19:44 - 00000000 ____D () C:\FRST2015-03-23 11:31 - 2015-03-23 11:31 - 00000000 _____ () C:\windows\setuperr.log2015-03-23 11:30 - 2015-03-23 11:33 - 00002018 ____H () C:\Users\Mark\Documents\Default.rdp2015-03-23 11:11 - 2015-03-23 11:11 - 00000000 ____D () C:\windows\Panther2015-03-23 11:08 - 2015-03-23 11:38 - 00000000 ____D () C:\cf86753092015-03-23 10:41 - 2015-03-23 18:41 - 00000508 _____ () C:\windows\Tasks\SUPERAntiSpyware Scheduled Task 7c6ef70c-5164-4549-9278-3fb510ee2bd4.job2015-03-23 10:41 - 2015-03-23 14:02 - 00000508 _____ () C:\windows\Tasks\SUPERAntiSpyware Scheduled Task 0d3b9597-4cdc-4821-aed7-a86d414e9a75.job2015-03-23 10:41 - 2015-03-23 10:41 - 00003592 _____ () C:\windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 0d3b9597-4cdc-4821-aed7-a86d414e9a752015-03-23 10:41 - 2015-03-23 10:41 - 00003518 _____ () C:\windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 7c6ef70c-5164-4549-9278-3fb510ee2bd42015-03-23 10:40 - 2015-03-23 10:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware2015-03-23 10:40 - 2015-03-23 10:40 - 00001808 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk2015-03-23 10:40 - 2015-03-23 10:40 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\SUPERAntiSpyware.com2015-03-23 10:40 - 2015-03-23 10:40 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com2015-03-23 10:40 - 2015-03-23 10:40 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware2015-03-23 10:38 - 2015-03-23 10:38 - 00006590 _____ () C:\windows\SysWOW64\PerfStringBackup.TMP2015-03-23 10:30 - 2015-03-23 10:30 - 00021708 _____ () C:\Users\Mark\Documents\Copy of 63381 Richardson 07500763065 Feb unbilled.xlsx2015-03-21 12:28 - 2015-03-21 12:28 - 00024582 _____ () C:\Users\Mark\Desktop\Lion from Lyon.htm2015-03-19 21:35 - 2015-03-19 21:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro2015-03-19 21:35 - 2015-03-19 21:35 - 00000000 ____D () C:\Program Files\HitmanPro2015-03-17 22:36 - 2015-03-17 22:36 - 00000000 ____D () C:\Users\Mark\AppData\OICE_15_974FA576_32C1D314_1D5A2015-03-15 23:28 - 2015-03-15 23:28 - 00000421 _____ () C:\Users\Mark\Documents\Pms1 (mark-hp) (X) - Shortcut.lnk2015-03-12 10:00 - 2015-03-12 10:00 - 00001102 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk2015-03-12 10:00 - 2015-03-12 10:00 - 00001090 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk2015-03-11 09:08 - 2015-03-11 09:07 - 00305664 _____ (Secure By Design Inc.) C:\Users\Mark\Downloads\Ninite Chrome Installer.exe2015-03-11 07:20 - 2015-03-11 07:21 - 00098323 _____ () C:\Users\Mark\Desktop\Seed Calculator.xlsx2015-03-09 09:40 - 2015-03-09 09:40 - 00001504 _____ () C:\Users\Mark\Desktop\GoToAssist Customer.lnk2015-03-09 09:40 - 2015-03-09 09:39 - 00166984 _____ (Citrix Online) C:\windows\system32\g2ax_credential_provider64_818.dll2015-03-08 21:01 - 2014-05-14 16:23 - 02477536 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll2015-03-08 21:01 - 2014-05-14 16:23 - 00700384 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll2015-03-08 21:01 - 2014-05-14 16:23 - 00581600 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll2015-03-08 21:01 - 2014-05-14 16:23 - 00058336 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe2015-03-08 21:01 - 2014-05-14 16:23 - 00044512 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll2015-03-08 21:01 - 2014-05-14 16:23 - 00038880 _____ (Microsoft Corporation) C:\windows\system32\wups.dll2015-03-08 21:01 - 2014-05-14 16:23 - 00036320 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll2015-03-08 21:01 - 2014-05-14 16:21 - 02620928 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll2015-03-08 21:01 - 2014-05-14 16:20 - 00097792 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll2015-03-08 21:01 - 2014-05-14 16:17 - 00092672 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll2015-03-08 21:01 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll2015-03-08 21:01 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll2015-03-08 21:01 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe2015-03-08 21:01 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe2015-03-08 20:09 - 2015-03-08 20:09 - 00003704 _____ () C:\windows\System32\Tasks\Java Platform SE Auto Updater2015-03-08 20:00 - 2015-03-08 20:00 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\AVG2015-03-08 19:59 - 2015-03-08 19:59 - 00000000 ____D () C:\Users\Mark\AppData\Local\Avg2015-03-08 19:58 - 2015-03-08 20:01 - 00000000 ____D () C:\ProgramData\AVG2015-03-08 19:54 - 2015-03-08 19:58 - 113398072 _____ (AVG Technologies) C:\Users\Mark\Downloads\avg_tuh_stf_all_2015_403_24c4.exe2015-03-06 22:32 - 2015-03-06 22:32 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\AVG20152015-03-06 22:31 - 2015-03-10 07:22 - 00000000 ____D () C:\ProgramData\AVG20152015-03-06 22:31 - 2015-03-10 00:08 - 00000000 ____D () C:\$AVG2015-03-06 22:30 - 2015-03-10 07:22 - 00000000 ____D () C:\Program Files (x86)\AVG2015-03-06 22:26 - 2015-03-10 07:22 - 00000000 ____D () C:\ProgramData\MFAData2015-03-06 22:26 - 2015-03-07 10:37 - 00000000 ____D () C:\Users\Mark\AppData\Local\Avg20152015-03-06 22:26 - 2015-03-06 22:26 - 00000000 ____D () C:\Users\Mark\AppData\Local\MFAData2015-03-06 22:25 - 2015-03-06 22:26 - 04800928 _____ (AVG Technologies) C:\Users\Mark\Downloads\avg_isc_stb_all_2015_ltst_206.exe2015-03-04 22:41 - 2015-03-04 22:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud2015-03-03 22:18 - 2015-03-03 22:19 - 01660616 _____ (ESET) C:\Users\Mark\Downloads\eset_smart_security_live_installer_.exe2015-03-03 13:58 - 2015-03-03 13:58 - 00003945 _____ () C:\Users\Mark\Downloads\NatWest-download-20150303 (2).csv2015-03-03 13:56 - 2015-03-03 13:56 - 00003945 _____ () C:\Users\Mark\Downloads\NatWest-download-20150303 (1).csv2015-03-03 13:55 - 2015-03-03 13:55 - 00001118 _____ () C:\Users\Mark\Downloads\NatWest-download-20150303.csv2015-03-02 10:48 - 2015-03-02 10:48 - 00018825 _____ () C:\Users\Mark\Downloads\Acc_Stmt_02-03-15_10-48-54.csv2015-02-24 22:18 - 2015-02-24 22:18 - 00005862 _____ () C:\Users\Mark\Desktop\Bankline - Expanded transaction narrative details.htm2015-02-22 22:04 - 2015-02-22 22:04 - 00221292 _____ () C:\Users\Mark\Downloads\project_783_files (6).zip ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-23 19:33 - 2014-07-20 21:23 - 00004986 _____ () C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Mark-HP6470b-Mark Mark-HP6470b2015-03-23 19:19 - 2014-06-30 13:21 - 01399923 _____ () C:\windows\WindowsUpdate.log2015-03-23 19:15 - 2013-09-10 09:31 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job2015-03-23 18:53 - 2014-05-09 08:06 - 00000000 ____D () C:\Users\Mark\AppData\Local\9FD8D8DF-D3AE-47B2-81CC-110765192990.aplzod2015-03-23 16:53 - 2013-08-15 08:39 - 00000000 ____D () C:\Users\Mark\Documents\Outlook Files2015-03-23 14:14 - 2013-10-24 21:59 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\Skype2015-03-23 14:12 - 2014-07-01 09:38 - 00006208 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02015-03-23 14:12 - 2014-07-01 09:38 - 00006208 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02015-03-23 14:11 - 2009-07-14 03:20 - 00000000 ____D () C:\windows\system32\NDF2015-03-23 14:02 - 2014-07-01 09:00 - 00000000 ____D () C:\D72015-03-23 14:02 - 2013-09-10 09:31 - 00000890 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job2015-03-23 14:02 - 2009-07-14 05:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT2015-03-23 14:01 - 2014-07-01 09:28 - 00025941 _____ () C:\windows\setupact.log2015-03-23 14:01 - 2014-07-01 09:13 - 00067222 _____ () C:\windows\PFRO.log2015-03-23 11:31 - 2009-07-14 05:32 - 00000000 ____D () C:\windows\system32\FxsTmp2015-03-23 11:30 - 2013-08-12 08:50 - 00003938 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{CBDEFD36-EDC5-4E1A-963A-8B522DC13FE7}2015-03-23 10:39 - 2013-09-10 09:31 - 00000000 ____D () C:\Program Files (x86)\Google2015-03-23 10:32 - 2014-06-30 13:10 - 00032107 _____ () C:\windows\system32\zerobyte_files_deleted.txt2015-03-23 10:32 - 2014-06-30 13:10 - 00000600 _____ () C:\windows\zerobyte_files_deleted.txt2015-03-19 21:33 - 2013-09-10 09:31 - 00000000 ____D () C:\Users\Mark\AppData\Local\Google2015-03-19 20:59 - 2014-09-25 16:46 - 10995632 _____ (SurfRight B.V.) C:\Users\Mark\Downloads\HitmanPro_x64.exe2015-03-19 20:17 - 2009-07-14 03:20 - 00000000 __RHD () C:\Users\Default2015-03-19 19:56 - 2014-05-08 08:56 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys2015-03-17 08:28 - 2013-08-15 08:07 - 00000000 ____D () C:\Program Files\Microsoft Office 152015-03-13 10:16 - 2013-08-15 08:24 - 00000000 ____D () C:\Fbm32015-03-11 09:10 - 2013-09-10 09:31 - 00003890 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA2015-03-11 09:10 - 2013-09-10 09:31 - 00003638 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore2015-03-09 11:55 - 2009-07-14 03:20 - 00000000 ____D () C:\windows\rescache2015-03-09 09:40 - 2013-09-10 10:00 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Citrix2015-03-08 20:51 - 2013-08-12 08:47 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\hpqLog2015-03-08 20:09 - 2013-11-20 22:04 - 00000000 ____D () C:\Users\Mark\AppData\Local\Microsoft Help2015-03-08 20:09 - 2013-09-10 09:02 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\HpUpdate2015-03-08 20:09 - 2013-06-24 04:33 - 00000000 ____D () C:\ProgramData\Temp2015-03-08 20:08 - 2014-06-26 17:54 - 00000000 ____D () C:\windows\Minidump2015-03-05 12:13 - 2014-05-09 07:50 - 00000000 ____D () C:\Users\Mark\AppData\Local\Apple2015-03-04 22:39 - 2013-06-24 04:36 - 00000000 ____D () C:\ProgramData\Apple2015-03-03 13:17 - 2014-07-01 09:59 - 00295552 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe2015-02-26 15:02 - 2013-11-08 12:19 - 00000000 ____D () C:\Users\Mark\Documents\Fred Butcher2015-02-25 09:56 - 2013-10-24 21:58 - 00000000 ___RD () C:\Program Files (x86)\Skype2015-02-25 09:56 - 2013-06-24 04:50 - 00000000 ____D () C:\ProgramData\Skype2015-02-24 22:18 - 2015-01-12 21:35 - 00000000 ____D () C:\Users\Mark\Desktop\Bankline - Expanded transaction narrative details_files2015-02-24 08:10 - 2014-09-25 12:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection ==================== Files in the root of some directories ======= 2014-02-16 23:31 - 2014-02-16 23:31 - 13024768 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe2014-07-02 13:44 - 2014-07-02 13:44 - 0007619 _____ () C:\Users\Mark\AppData\Local\Resmon.ResmonCfg2014-06-24 21:55 - 2014-06-24 21:55 - 0068609 _____ () C:\Users\Mark\AppData\Local\vivkpvoeZeroAccess:C:\Program Files (x86)\Google\Desktop\Install ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-03-15 00:20 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015Ran by Mark at 2015-03-23 19:45:54Running from C:\Users\Mark\DownloadsBoot Mode: Normal========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 64 Bit HP CIO Components Installer (Version: 8.2.4 - Hewlett-Packard) Hidden7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.83 - Adobe Systems Incorporated)Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)Alcor Micro Smart Card Reader Driver (HKLM-x32\...\SZCCID) (Version: 1.7.28.0 - Alcor Micro Corp.)Alcor Micro Smart Card Reader Driver (x32 Version: 1.7.28.0 - Alcor Micro Corp.) HiddenAMD Catalyst Install Manager (HKLM\...\{426B43EC-284B-8DAB-5419-D8418C7C3D26}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)BBC iPlayer Desktop (HKLM-x32\...\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1) (Version: 3.2.15 - British Broadcasting Corp.)BBC iPlayer Desktop (x32 Version: 3.2.15 - British Broadcasting Corp.) HiddenBonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 6.30.223.181 - Broadcom Corporation)Broadcom Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.3700 - Broadcom Corporation)Broadcom Wireless Utility (HKLM\...\{4CDA59B9-7AD3-4283-9F5C-BC469FF975B6}) (Version: 6.30.223.181 - Broadcom Corporation)Broadcom Wireless Utility (HKLM\...\Broadcom Wireless Utility) (Version: - Broadcom Corporation)Business Manager (HKLM-x32\...\{A5A0F142-80F1-432B-86A5-4AD8CF2A0031}) (Version: 3.35.0676 - Farmplan Computer Systems )Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) HiddenCisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) HiddenCisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) HiddenCyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.2106 - CyberLink Corp.)CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3317 - CyberLink Corp.)CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.2.2321 - CyberLink Corp.)CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.2.2531 - CyberLink Corp.)CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.5101 - CyberLink Corp.)CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.1.3423 - CyberLink Corp.)Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)GateKeeper (HKLM-x32\...\{C0212FA4-E6D0-4A3E-A965-05C0811E06AB}) (Version: 3.0.0 - Farmade Management Systems Ltd)Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) HiddenGoToAssist Customer 2.3.0.818 (HKLM-x32\...\GoToAssist Express Customer) (Version: 2.3.0.818 - Citrix Online)GoToAssist Expert 1.6.0.545 (HKU\S-1-5-21-3401713764-703818692-136102152-1001\...\GoToAssist Remote Support Expert) (Version: 1.6.0.545 - Citrix Online)Hewlett-Packard ACLM.NET v1.1.2.0 (x32 Version: 1.00.0000 - Hewlett-Packard) HiddenHitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.238 - SurfRight B.V.)HP 3D DriveGuard (HKLM\...\{C0C9A493-51CB-4F3F-A296-5B5E410C338E}) (Version: 5.0.9.0 - Hewlett-Packard Company)HP Connection Manager (HKLM-x32\...\{EC8D12E4-A73C-4C27-B1C7-E9683052E556}) (Version: 4.5.25.1 - Hewlett-Packard Company)HP Documentation (HKLM-x32\...\{3E26BB6F-F8EE-492F-923F-B0130D9D4646}) (Version: 1.1.1.0 - Hewlett-Packard)HP ESU for Microsoft Windows 7 (HKLM-x32\...\{840021F2-FFC0-467A-BF85-29B8B7803717}) (Version: 2.0.8.1 - Hewlett-Packard Company)HP HD Webcam Driver (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 6.0.1113.1_WHQL - Sonix)HP Hotkey Support (HKLM-x32\...\{53C48A27-4079-49EB-8E73-76BA85D2BF6F}) (Version: 5.0.24.1 - Hewlett-Packard Company)HP LaserJet 200 color MFP M276 (HKLM-x32\...\{CC38C23C-7824-4DBB-AC73-997CD0BBFEC7}) (Version: 5.0.14057.1503 - Hewlett-Packard)HP Photosmart Prem C410 All-In-One Driver 14.0 Rel. 7 (HKLM\...\{C1164ED0-EF08-4B0B-8084-3BDAEAAEFD8D}) (Version: 14.0 - HP)HP Power Assistant (HKLM\...\{84642787-58C0-44AE-8B26-E2F544E380A1}) (Version: 2.5.0.16 - Hewlett-Packard Company)HP Setup (HKLM-x32\...\{438363A8-F486-4C37-834C-4955773CB3D3}) (Version: 9.1.15453.4066 - Hewlett-Packard Company)HP SoftPaq Download Manager (HKLM-x32\...\{223AE3E8-4445-410F-8EDA-13EC137E3BDB}) (Version: 3.4.3.0 - Hewlett-Packard Company)HP Software Framework (HKLM-x32\...\{675D093B-815D-47FD-AB2C-192EC751E8E2}) (Version: 4.6.10.1 - Hewlett-Packard Company)HP Software Setup (HKLM-x32\...\{658A8756-7B1E-44FD-A434-D777DD906232}) (Version: 8.5.2.1 - Hewlett-Packard Company)HP Support Assistant (HKLM-x32\...\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}) (Version: 6.1.12.1 - Hewlett-Packard Company)HP System Default Settings (HKLM-x32\...\{C4E9E8A4-EEC4-4F9E-B140-520A8B75F430}) (Version: 2.4.1.2 - Hewlett-Packard Company)HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)HP Wallpaper (HKLM-x32\...\{11C9A461-DD9D-4C71-85A4-6DCE7F99CC44}) (Version: 3.0.0.1 - Hewlett-Packard Company)hpbDSService (x32 Version: 002.002.07399 - Hewlett-Packard) HiddenhpbM276DSService (x32 Version: 001.001.05874 - Hewlett-Packard) HiddenHPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) HiddenHPDXP (x32 Version: 3.0.26.8 - HP) HiddenHPLaserJet200color-MFPM276_HelpLearnCenter_SI (HKLM-x32\...\{0F044C7A-6EE1-4F03-90AC-329AAF2FCF12}) (Version: 1.01.0000 - Hewlett-Packard)HPLJDXPHelper (x32 Version: 020.021.004 - HP) HiddenHPLJUTCore (x32 Version: 004.005.0001 - HP) HiddenHPLJUTM276 (x32 Version: 3.00.0003 - HP) HiddenhppFaxDrvM276 (x32 Version: 003.000.00002 - Hewlett-Packard) HiddenhppLaserJetService (x32 Version: 009.027.00856 - Hewlett-Packard) HiddenhppM276LaserJetService (x32 Version: 001.019.00639 - Hewlett-Packard) HiddenhppSendFaxM276 (x32 Version: 003.000.00002 - Hewlett-Packard) HiddenhpStatusAlerts (x32 Version: 050.037.00142 - Hewlett Packard) HiddenhpStatusAlertsM276 (x32 Version: 050.034.00131 - Hewlett-Packard) HiddeniCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6435.0 - IDT)Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.10.1464 - Intel Corporation)Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3006 - Intel Corporation)Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.60174 - Intel Corporation)Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.8.251 - Intel Corporation)Java 7 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417060FF}) (Version: 7.0.600 - Oracle)Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)Java 6 Update 39 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216039FF}) (Version: 6.0.390 - Oracle)JMicron 1394 Filter Driver (HKLM-x32\...\{13C96625-28E4-4c58-ADE0-CDAFC64752EB}) (Version: 1.00.25.03 - JMicron Technology Corp.)JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.76.1 - JMicron Technology Corp.)LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version: - LastPass)LJDXPHelperUI (x32 Version: 020.021.004 - HP) HiddenMalwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)Microsoft Office Home and Business 2013 - en-us (HKLM\...\HomeBusinessRetail - en-us) (Version: 15.0.4701.1002 - Microsoft Corporation)Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)Microsoft SkyDrive (HKU\S-1-5-21-3401713764-703818692-136102152-1001\...\SkyDriveSetup.exe) (Version: 16.4.6012.0828 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft SQL Server 2008 R2 (64-bit) (HKLM\...\Microsoft SQL Server 2008 R2) (Version: - Microsoft Corporation)Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{2180B33F-3225-423E-BBC1-7798CFD3CD1F}) (Version: 10.50.1600.1 - Microsoft Corporation)Microsoft SQL Server 2008 R2 Setup (English) (HKLM\...\{6D10FB2C-82A9-40F2-91D0-7BE64CF0DAF2}) (Version: 10.50.1600.1 - Microsoft Corporation)Microsoft SQL Server 2008 Setup Support Files (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)Microsoft SQL Server Browser (HKLM-x32\...\{BF9BF038-FE03-429D-9B26-2FA0FD756052}) (Version: 10.50.1600.1 - Microsoft Corporation)Microsoft SQL Server VSS Writer (HKLM\...\{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}) (Version: 10.50.1600.1 - Microsoft Corporation)Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)Network64 (Version: 140.0.215.000 - Hewlett-Packard) HiddenNetwork64 (Version: 140.0.221.000 - Hewlett-Packard) HiddenOffice 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4623.1003 - Microsoft Corporation) HiddenOffice 15 Click-to-Run Licensing Component (Version: 15.0.4701.1002 - Microsoft Corporation) HiddenOffice 15 Click-to-Run Localization Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hiddenopensource (x32 Version: 1.0.14960.3876 - Your Company Name) HiddenPrimoPDF -- brought to you by Nitro PDF Software (x32 Version: 5 - Nitro PDF Software) HiddenProperty Manager (HKLM-x32\...\{45C8E076-576F-40B9-96DB-BEC176188B92}) (Version: 1.38.0527 - Farmplan Computer Systems )PS_AIO_07_C410_SW_Min (x32 Version: 140.0.273.000 - Hewlett-Packard) HiddenRapport (x32 Version: 3.5.1404.75 - Trusteer) HiddenScan (x32 Version: 140.0.80.000 - Hewlett-Packard) HiddenSDK (x32 Version: 2.30.042 - Portrait Displays, Inc.) HiddenSkype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)Skype™ 7.1 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)SQL Server 2008 R2 Common Files (Version: 10.50.1600.1 - Microsoft Corporation) HiddenSQL Server 2008 R2 Database Engine Services (Version: 10.50.1600.1 - Microsoft Corporation) HiddenSQL Server 2008 R2 Database Engine Shared (Version: 10.50.1600.1 - Microsoft Corporation) HiddenSql Server Customer Experience Improvement Program (Version: 10.50.1600.1 - Microsoft Corporation) HiddenSUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1170 - SUPERAntiSpyware.com)Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.0.3.0 - Synaptics Incorporated)TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.38846 - TeamViewer)Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) HiddenTrusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1404.75 - Trusteer)Validity Fingerprint Sensor Driver (HKLM\...\{93581599-ECF1-4DCD-BE36-BD969A6C8DB5}) (Version: 4.4.213.0 - Validity Sensors, Inc.)Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)WinZip 15.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240CF}) (Version: 15.0.10039 - WinZip Computing, S.L. ) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-3401713764-703818692-136102152-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Mark\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\SkyDriveShell64.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3401713764-703818692-136102152-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Mark\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\SkyDriveShell64.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3401713764-703818692-136102152-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Mark\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\SkyDriveShell64.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3401713764-703818692-136102152-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Mark\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\FileSyncApi64.dll (Microsoft Corporation) ==================== Restore Points ========================= 11-03-2015 09:15:12 Removed AVG PC TuneUp 201511-03-2015 09:16:24 Removed AVG PC TuneUp 2015 (en-GB)13-03-2015 20:20:45 Windows Update16-03-2015 21:24:30 Windows Update19-03-2015 21:15:54 Checkpoint by HitmanPro19-03-2015 21:33:05 Checkpoint by HitmanPro20-03-2015 19:11:58 Windows Update23-03-2015 10:39:13 Removed Google Chrome23-03-2015 19:15:53 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 02:34 - 2015-03-23 11:35 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {1CBB7A4F-F346-4F78-8545-DB625B7F9B76} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)Task: {1D804DA0-0E82-4D4F-AFDE-D29BA07B0E2C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-10] (Google Inc.)Task: {208380F0-83DB-4F7E-8032-13FAA1098371} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)Task: {3FE4B093-F0D7-44AD-85B5-DCBFCE92A9C7} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-05-07] (Oracle Corporation)Task: {47A3A9CE-B299-4557-AA3A-D628DD51B393} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)Task: {5684DE2B-3E69-41BE-9820-7B29C727E385} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)Task: {661A82F4-8162-4F3A-96CF-7C50C6E6BB70} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)Task: {86A1205D-EE6A-49FC-A5CF-438EA9CC1B54} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)Task: {8EECA5A7-AABA-4093-82CB-3A1CB01F4938} - System32\Tasks\SUPERAntiSpyware Scheduled Task 0d3b9597-4cdc-4821-aed7-a86d414e9a75 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)Task: {974F00C2-F606-4819-8506-BBEC83C4F1D3} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)Task: {A253098C-F102-4B7A-ACDB-B00386022586} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Mark-HP6470b-Mark Mark-HP6470b => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-02-10] (Microsoft Corporation)Task: {A549B303-DD2B-4EBD-A928-FB5F9BD25F00} - System32\Tasks\SUPERAntiSpyware Scheduled Task 7c6ef70c-5164-4549-9278-3fb510ee2bd4 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)Task: {B62F971B-BE9A-456D-B480-AF8C7A7D7166} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)Task: {E50347AF-56E0-4BC1-B582-AC56F039E7F5} - System32\Tasks\HPLJCustParticipation => C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe [2012-06-14] (Hewlett Packard)Task: {E7E7512D-BF0B-484A-A8EF-F1F39AF99CBC} - System32\Tasks\Shutdown => C:\Windows\System32\shutdown.exe [2009-07-14] (Microsoft Corporation)Task: {EAD4A61C-5065-49CA-AF7C-CFEC63C56B98} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-10] (Google Inc.)Task: {F4591DE9-60C8-411A-B39C-B0DDF34BDA97} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)Task: {F63DD0FC-A9F1-44C7-AD2B-0969107353C0} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvcTask: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\windows\Tasks\SUPERAntiSpyware Scheduled Task 0d3b9597-4cdc-4821-aed7-a86d414e9a75.job => C:\Program Files\SUPERAntiSpyware\SASTask.exedC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeTask: C:\windows\Tasks\SUPERAntiSpyware Scheduled Task 7c6ef70c-5164-4549-9278-3fb510ee2bd4.job => C:\Program Files\SUPERAntiSpyware\SASTask.exedC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe ==================== Loaded Modules (whitelisted) ============== 2014-03-17 13:58 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll2015-03-17 08:27 - 2015-01-27 15:29 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll2013-01-17 17:25 - 2013-01-17 17:25 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll2012-10-30 19:05 - 2012-10-30 19:05 - 00607744 _____ () C:\windows\system32\spool\DRIVERS\x64\3\JobCapsA.DLL2012-02-10 21:26 - 2012-02-10 21:26 - 01083392 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\System.Data.SQLite.dll2013-06-24 04:22 - 2012-03-28 17:38 - 00128280 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe2014-03-23 16:04 - 2014-03-23 16:04 - 00557056 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll2014-07-31 12:16 - 2014-07-31 12:16 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll2013-06-24 04:48 - 2012-06-08 03:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll2012-06-08 18:34 - 2012-06-08 18:34 - 00016400 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll2013-04-08 17:16 - 2013-04-08 17:16 - 00514570 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\sqlite3.dll2014-02-13 03:43 - 2014-02-13 03:43 - 00172032 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\a11394cd9878628fccbfea4915f0c801\IsdiInterop.ni.dll2013-05-03 01:40 - 2012-02-02 01:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll2013-06-24 04:22 - 2012-03-28 17:18 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll2014-11-19 08:30 - 2014-11-19 08:30 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\Office15\AppVIsvStream32.dll2015-03-17 08:27 - 2015-02-10 09:59 - 01032352 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\ADDINS\UmOutlookAddin.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist Remote Support Customer => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver" ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3401713764-703818692-136102152-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpgDNS Servers: 208.67.222.222 - 192.168.1.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: Broadcom Wireless Manager UI => C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.exeMSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey ==================== Accounts: ============================= Administrator (S-1-5-21-3401713764-703818692-136102152-500 - Administrator - Disabled)Guest (S-1-5-21-3401713764-703818692-136102152-501 - Limited - Disabled)Mark (S-1-5-21-3401713764-703818692-136102152-1001 - Administrator - Enabled) => C:\Users\Mark ==================== Faulty Device Manager Devices ============= Name: Photosmart Prem C410 seriesDescription: Photosmart Prem C410 seriesClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: HPService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: HP LaserJet 200 colorMFP M276nwDescription: HP LaserJet 200 colorMFP M276nwClass Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28)Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: HP LaserJet 200 colorMFP M276nwDescription: HP LaserJet 200 colorMFP M276nwClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: Hewlett-PackardService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Photosmart Prem C410 seriesDescription: Photosmart Prem C410 seriesClass Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}Manufacturer: HPService: StillCamProblem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors:==================Error: (03/23/2015 02:04:05 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/23/2015 10:38:08 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: Mark-HP6470b)Description: Unable to read the performance counter strings defined for the 009 language ID. The first DWORD in the Data section contains the Win32 error code. System errors:=============Error: (03/23/2015 02:06:09 PM) (Source: Service Control Manager) (EventID: 7009) (User: )Description: A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X64 service to connect. Error: (03/23/2015 02:03:48 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (03/23/2015 02:03:38 PM) (Source: Service Control Manager) (EventID: 7023) (User: )Description: The Pml Driver HPZ12 service terminated with the following error: %%126 Error: (03/23/2015 02:03:38 PM) (Source: Service Control Manager) (EventID: 7023) (User: )Description: The Net Driver HPZ12 service terminated with the following error: %%126 Error: (03/23/2015 02:02:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The Validity VCS Fingerprint Service service failed to start due to the following error: %%2 Error: (03/23/2015 01:13:35 PM) (Source: DCOM) (EventID: 10010) (User: )Description: {995C996E-D918-4A8C-A302-45719A6F4EA7} Error: (03/23/2015 11:35:28 AM) (Source: Service Control Manager) (EventID: 7030) (User: )Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (03/23/2015 11:34:04 AM) (Source: Application Popup) (EventID: 1060) (User: )Description: \??\C:\cf8675309\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error: (03/23/2015 11:34:04 AM) (Source: Application Popup) (EventID: 1060) (User: )Description: \??\C:\cf8675309\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error: (03/23/2015 11:23:09 AM) (Source: Service Control Manager) (EventID: 7030) (User: )Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Microsoft Office Sessions:=========================Error: (03/23/2015 02:04:05 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/23/2015 10:38:08 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: Mark-HP6470b)Description: 0098020000002D010000 CodeIntegrity Errors:=================================== Date: 2015-03-23 11:34:04.257 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\cf8675309\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-03-23 11:34:04.147 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\cf8675309\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-03-23 11:34:04.007 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\cf8675309\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-03-23 11:34:03.913 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\cf8675309\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: Intel® Core i3-3120M CPU @ 2.50GHzPercentage of memory in use: 52%Total physical RAM: 3975.55 MBAvailable physical RAM: 1907.3 MBTotal Pagefile: 7949.28 MBAvailable Pagefile: 4857.78 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.83 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:276.09 GB) (Free:192.49 GB) NTFS ==>[system with boot components (obtained from reading drive)]Drive e: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.97 GB) FAT32Drive f: (110708_1602) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFSDrive g: (HP_RECOVERY) (Fixed) (Total:19.7 GB) (Free:2.97 GB) NTFS ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: E6E0C5DF)Partition 1: (Active) - (Size=300 MB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=276.1 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=19.7 GB) - (Type=07 NTFS)Partition 4: (Not Active) - (Size=2 GB) - (Type=0C) ==================== End Of Log ============================ I do see mention of Zero Access in the log and a catchme.sys but am unsure the way forward having run the Basic tools I knew about. Thanks Dave
  11. I tried to use my sons computer and can't because of all of the pop ups and redirects. I went to download farbar but it wouldn't let me. Would someone please help me clean this up.
  12. Hi I have a form of a redirect infection. I did run Malwarebytes. Adw amd Hitman pro. I also cleaned up the brousers and search providers etc. Its not going away. I don't find that much on the internet about this that is very helpful. I need some help Paul Rabenold Here are the results of Farbar (FRST.txt and Addition.txt) FRST.txt Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015 Ran by McKeil-2 (administrator) on MCKEIL-2-PC on 23-01-2015 21:01:38 Running from C:\Users\McKeil-2\Desktop Loaded Profiles: McKeil-2 (Available profiles: McKeil-2) Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe (IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d550fa1f2cf8996d\stacsv64.exe (Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Dell Inc.) C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE (Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe (Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d550fa1f2cf8996d\AESTSr64.exe (AOMEI Tech Co., Ltd.) C:\Program Files (x86)\AOMEI Backupper Standard Edition 2.0.2\ABService.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe (GFI Software Ltd.) C:\Program Files (x86)\GFI\GFI Backup 2009 - Home Edition\GFIHInst.exe (Software 2000 Limited) C:\Windows\System32\spool\drivers\x64\3\HP1006MC.EXE (GFI Software Ltd.) C:\Program Files (x86)\GFI\GFI Backup 2009 - Home Edition\GFIHSched.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Microsoft Corporation) C:\Windows\System32\msiexec.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.SHELBY\MSSQL\Binn\sqlservr.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe () C:\Program Files\Everything\Everything.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe (Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtWatchDog.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSRS10_50.SHELBY\Reporting Services\ReportServer\bin\ReportingServicesService.exe (Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\Integrator.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe () C:\Windows\SysWOW64\srvany.exe (Shelby Systems, Inc.) C:\Windows\SysWOW64\ShelbyServices.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe () C:\Program Files (x86)\Brother\BRAgent\BRAgtSrv.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.SHELBY\MSSQL\Binn\fdlauncher.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.SHELBY\MSSQL\Binn\fdhost.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe (Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1894696 2010-01-07] (Synaptics Incorporated) HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [4119920 2010-01-15] (Dell Inc.) HKLM\...\Run: [broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [5712896 2010-11-19] (Dell Inc.) HKLM\...\Run: [intelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2327952 2010-07-21] (Microsoft Corporation) HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [246304 2014-07-20] (Trend Micro Inc.) HKLM\...\Run: [Platinum] => C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe [1266224 2014-07-20] (Trend Micro Inc.) HKLM\...\Run: [Everything] => C:\Program Files\Everything\Everything.exe [1441792 2014-08-05] () HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-09-06] (Brother Industries, Ltd.) HKLM-x32\...\Run: [brStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.) HKLM-x32\...\Run: [Carbonite Backup] => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1055952 2014-09-29] (Carbonite, Inc.) HKLM-x32\...\Run: [sDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.) Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist Corporate\1055\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKU\S-1-5-21-12934214-2758422551-2789243025-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd) HKU\S-1-5-21-12934214-2758422551-2789243025-1001\...\MountPoints2: {29a92962-06c9-11e0-9cfb-f04da2a8c034} - "G:\WD SmartWare.exe" autoplay=true HKU\S-1-5-18\...\RunOnce: [sPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-12-17] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.) ShellIconOverlayIdentifiers: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.) ShellIconOverlayIdentifiers: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.) ShellIconOverlayIdentifiers-x32: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.) ShellIconOverlayIdentifiers-x32: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.) ShellIconOverlayIdentifiers-x32: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.) BootExecute: autocheck autochk * sdnclean64.exesicalDrive2-鈀⟸Ǫ!Ȁ ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-12934214-2758422551-2789243025-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp SearchScopes: HKLM -> DefaultScope {6671AFB8-8912-42B7-BC2A-4A863A3061B3} URL = http://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox SearchScopes: HKLM -> {6671AFB8-8912-42B7-BC2A-4A863A3061B3} URL = http://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox SearchScopes: HKLM-x32 -> DefaultScope {6671AFB8-8912-42B7-BC2A-4A863A3061B3} URL = http://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox SearchScopes: HKLM-x32 -> {6671AFB8-8912-42B7-BC2A-4A863A3061B3} URL = http://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-12934214-2758422551-2789243025-1001 -> {6671AFB8-8912-42B7-BC2A-4A863A3061B3} URL = BHO: No Name -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> No File BHO: Trend Micro Security Toolbar Helper -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll (Trend Micro Inc.) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: TmIEPlugInBHO Class -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> C:\Program Files\Trend Micro\AMSP\module\20013\3.5.1186\2.0.1039\TmopIEPlg.dll (Trend Micro Inc.) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\9.0.1069\9.0.1069\TmBpIe64.dll (Trend Micro Inc.) BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) BHO-x32: Trend Micro Security Toolbar Helper -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: TmIEPlugInBHO Class -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> C:\Program Files\Trend Micro\AMSP\module\20013\3.5.1186\2.0.1039\TmopIEPlg32.dll (Trend Micro Inc.) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\9.0.1069\9.0.1069\TmBpIe32.dll (Trend Micro Inc.) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc) BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) Toolbar: HKLM - Trend Micro Security Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll (Trend Micro Inc.) Toolbar: HKLM-x32 - Trend Micro Security Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.) Toolbar: HKU\S-1-5-21-12934214-2758422551-2789243025-1001 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\9.0.1069\9.0.1069\TmBpIe64.dll (Trend Micro Inc.) Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\9.0.1069\9.0.1069\TmBpIe32.dll (Trend Micro Inc.) Handler: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\3.5.1186\2.0.1039\TmopIEPlg.dll (Trend Micro Inc.) Handler-x32: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\3.5.1186\2.0.1039\TmopIEPlg32.dll (Trend Micro Inc.) Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - No File Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll (Trend Micro Inc.) Handler-x32: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.) Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.) Handler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.) Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 FireFox: ======== FF ProfilePath: C:\Users\McKeil-2\AppData\Roaming\Mozilla\Firefox\Profiles\iikcgkzu.default FF NetworkProxy: "type", 0 FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-12934214-2758422551-2789243025-1001: @citrixonline.com/appdetectorplugin -> C:\Users\McKeil-2\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online) FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14] FF HKLM\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\9.0.1069\9.0.1069\firefoxextension FF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20002\9.0.1069\9.0.1069\firefoxextension [2015-01-15] FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1077\firefoxextension FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-09-26] FF HKLM-x32\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\9.0.1069\9.0.1069\firefoxextension FF HKLM-x32\...\Firefox\Extensions: [{BBB77B49-9FF4-4d5c-8FE2-92B1D6CD696C}] - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension FF Extension: Trend Micro Osprey Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension [2015-01-15] FF HKLM-x32\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension FF Extension: Trend Micro Toolbar - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2015-01-15] FF HKU\S-1-5-21-12934214-2758422551-2789243025-1001\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla Firefox\firefox.exe Chrome: ======= CHR Profile: C:\Users\McKeil-2\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\McKeil-2\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-27] CHR Extension: (Google Wallet) - C:\Users\McKeil-2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-01] CHR Extension: (Trend Micro Toolbar) - C:\Users\McKeil-2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohhcpmplhhiiaoiddkfboafbhiknefdf [2015-01-15] CHR HKLM-x32\...\Chrome\Extension: [ohhcpmplhhiiaoiddkfboafbhiknefdf] - No Path ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com) R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d550fa1f2cf8996d\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation) R2 Backupper Service; C:\Program Files (x86)\AOMEI Backupper Standard Edition 2.0.2\ABService.exe [29912 2014-08-21] (AOMEI Tech Co., Ltd.) R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed] R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) R2 GFIBckHAtt; C:\Program Files (x86)\GFI\GFI Backup 2009 - Home Edition\GFIHInst.exe [858480 2010-07-30] (GFI Software Ltd.) R2 GFIBckHSched; C:\Program Files (x86)\GFI\GFI Backup 2009 - Home Edition\GFIHSched.exe [2324848 2010-07-30] (GFI Software Ltd.) S3 GoToAssist; C:\Program Files (x86)\Citrix\GoToAssist Corporate\1055\G2AC_Service.exe [309568 2015-01-19] (Citrix Online, a division of Citrix Systems, Inc.) R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed] R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed] R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed] R2 MSSQL$SHELBY; c:\Program Files\Microsoft SQL Server\MSSQL10_50.SHELBY\MSSQL\Binn\sqlservr.exe [62379184 2014-07-10] (Microsoft Corporation) R3 MSSQLFDLauncher$SHELBY; c:\Program Files\Microsoft SQL Server\MSSQL10_50.SHELBY\MSSQL\Binn\fdlauncher.exe [42160 2014-07-10] (Microsoft Corporation) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed] R2 Platinum Host Service; C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe [1187376 2014-07-20] (Trend Micro Inc.) R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed] R2 ReportServer$SHELBY; c:\Program Files\Microsoft SQL Server\MSRS10_50.SHELBY\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2194088 2014-07-10] (Microsoft Corporation) S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.) R2 ShelbyServices; C:\Windows\SysWOW64\SRVANY.exe [8192 2003-04-18] () [File not signed] R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1025920 2015-01-19] (Enigma Software Group USA, LLC.) S4 SQLAgent$SHELBY; c:\Program Files\Microsoft SQL Server\MSSQL10_50.SHELBY\MSSQL\Binn\SQLAGENT.EXE [442536 2014-07-10] (Microsoft Corporation) R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d550fa1f2cf8996d\STacSV64.exe [247808 2010-04-07] (IDT, Inc.) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH) R2 WBA_Agent_Client; C:\Program Files (x86)\Brother\BRAgent\BRAgtSrv.exe [86016 2009-01-27] () [File not signed] S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [5088256 2010-11-19] (Dell Inc.) [File not signed] R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad -bt=0 [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 A2DDA; C:\EEK\BIN\a2ddax64.sys [26176 2015-01-22] (Emsisoft GmbH) R0 ambakdrv; C:\Windows\System32\ambakdrv.sys [30648 2014-08-19] () [File not signed] R2 ammntdrv; C:\Windows\system32\ammntdrv.sys [151480 2014-08-19] () [File not signed] R2 amwrtdrv; C:\Windows\system32\amwrtdrv.sys [17848 2014-08-19] () [File not signed] S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2015-01-22] (Emsisoft GmbH) S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2015-01-19] (Enigma Software Group USA, LLC.) S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-01-19] () R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2015-01-15] (Glarysoft Ltd) R3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2015-01-23] () S4 RsFx0153; C:\Windows\System32\DRIVERS\RsFx0153.sys [322736 2014-07-10] (Microsoft Corporation) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [121944 2014-07-14] (Trend Micro Inc.) R0 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [305832 2014-07-14] (Trend Micro Inc.) R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC64.sys [50976 2014-07-09] (Trend Micro Inc.) R3 tmeevw; C:\Windows\System32\DRIVERS\tmeevw.sys [106296 2014-07-09] (Trend Micro Inc.) R1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [93664 2014-07-14] (Trend Micro Inc.) R3 tmnciesc; C:\Windows\System32\DRIVERS\tmnciesc.sys [407864 2014-07-09] (Trend Micro Inc.) R2 tmusa; C:\Windows\System32\DRIVERS\tmusa.sys [106296 2014-06-30] (Trend Micro Inc.) U2 TMAgent; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-23 21:01 - 2015-01-23 21:02 - 00027043 _____ () C:\Users\McKeil-2\Desktop\FRST.txt 2015-01-23 21:01 - 2015-01-23 21:01 - 00000000 ____D () C:\FRST 2015-01-23 20:59 - 2015-01-23 20:59 - 02126848 _____ (Farbar) C:\Users\McKeil-2\Desktop\FRST64.exe 2015-01-23 20:51 - 2015-01-23 20:51 - 00043664 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys 2015-01-23 20:11 - 2015-01-23 20:41 - 00000000 ____D () C:\Users\McKeil-2\Desktop\mbar 2015-01-23 20:11 - 2015-01-23 20:41 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2015-01-23 20:03 - 2015-01-23 20:03 - 00000745 _____ () C:\Users\McKeil-2\Desktop\Start Emsisoft Emergency Kit.lnk 2015-01-23 20:02 - 2015-01-23 20:03 - 00000000 ____D () C:\EEK 2015-01-23 19:44 - 2014-12-28 03:01 - 01707939 _____ (Thisisu) C:\Users\McKeil-2\Desktop\JRT_NEW.exe 2015-01-23 17:27 - 2015-01-23 20:50 - 00000000 ____D () C:\Users\McKeil-2\AppData\Roaming\Everything 2015-01-23 17:27 - 2015-01-23 17:27 - 00001027 _____ () C:\Users\McKeil-2\Desktop\Search Everything.lnk 2015-01-23 17:27 - 2015-01-23 17:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Everything 2015-01-23 17:27 - 2015-01-23 17:27 - 00000000 ____D () C:\Program Files\Everything 2015-01-23 16:50 - 2015-01-23 16:51 - 346037874 _____ () C:\Users\McKeil-2\Desktop\bkup 01232015_reg.reg 2015-01-23 16:35 - 2015-01-23 16:35 - 00000286 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{678FC7F5-E7A1-4C80-B784-BD0DA4D27B1B}.job 2015-01-23 16:31 - 2015-01-23 16:31 - 00000092 _____ () C:\Users\McKeil-2\Desktop\Metrocast email shortcut.txt 2015-01-23 16:00 - 2015-01-23 16:00 - 00001144 _____ () C:\Windows\PFRO.log 2015-01-23 06:19 - 2015-01-23 06:19 - 00003288 ____N () C:\bootsqm.dat 2015-01-23 06:17 - 2015-01-23 06:17 - 00000000 __SHD () C:\found.000 2015-01-22 13:03 - 2015-01-22 13:03 - 00000000 ____D () C:\Users\McKeil-2\Documents\Visual Studio 2005 2015-01-22 10:57 - 2015-01-22 10:57 - 723369977 _____ () C:\Windows\MEMORY.DMP 2015-01-22 10:57 - 2015-01-22 10:57 - 00279824 _____ () C:\Windows\Minidump\012215-30014-01.dmp 2015-01-22 10:57 - 2015-01-22 10:57 - 00000000 ____D () C:\Windows\Minidump 2015-01-22 10:32 - 2015-01-22 10:32 - 00001237 _____ () C:\Windows\system32\Belarc Advisor - Free Personal PC Audit, for software, hardware and security configuration information on your computer_ Software license management, IT asset management, cyber security audits,.htm.lnk 2015-01-20 11:41 - 2015-01-20 11:41 - 00011017 _____ () C:\Users\McKeil-2\Documents\DANDDDRAWINGS_2014.xlsx 2015-01-19 16:59 - 2015-01-19 17:00 - 00406780 _____ () C:\Users\McKeil-2\Desktop\ESETPoweliksCleaner.exe_20150119.165957.8820.log 2015-01-19 14:36 - 2015-01-19 14:36 - 498242522 _____ () C:\Users\McKeil-2\Desktop\bkupreg.reg 2015-01-19 14:25 - 2015-01-23 20:51 - 00001709 _____ () C:\Windows\setupact.log 2015-01-19 14:25 - 2015-01-19 14:25 - 00000000 _____ () C:\Windows\setuperr.log 2015-01-19 14:15 - 2015-01-23 20:59 - 00516744 _____ () C:\Windows\WindowsUpdate.log 2015-01-19 14:08 - 2015-01-19 14:08 - 00016576 _____ () C:\Users\McKeil-2\Documents\cc_20150119_140853.reg 2015-01-19 13:42 - 2015-01-19 13:42 - 00000569 _____ () C:\Windows\Tasks\RegCure Pro_sch_EF54FF63-A00A-11E4-91C6-F04DA2A8C034.job 2015-01-19 13:41 - 2015-01-19 13:41 - 00000338 _____ () C:\Windows\system32\.crusader 2015-01-19 13:35 - 2015-01-19 13:41 - 00000000 ____D () C:\ProgramData\HitmanPro 2015-01-19 13:06 - 2015-01-20 17:56 - 00001323 _____ () C:\Users\McKeil-2\Desktop\SpyHunter.lnk 2015-01-19 13:06 - 2015-01-19 13:06 - 00000000 ____D () C:\Users\McKeil-2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter 2015-01-19 13:06 - 2015-01-19 13:06 - 00000000 ____D () C:\Users\McKeil-2\AppData\Roaming\Enigma Software Group 2015-01-19 13:06 - 2015-01-19 13:06 - 00000000 ____D () C:\sh4ldr 2015-01-19 13:06 - 2015-01-19 13:06 - 00000000 _____ () C:\autoexec.bat 2015-01-19 13:05 - 2015-01-19 13:05 - 00022704 _____ () C:\Windows\system32\Drivers\EsgScanner.sys 2015-01-19 13:05 - 2015-01-19 13:05 - 00000000 ____D () C:\Program Files\Enigma Software Group 2015-01-19 11:57 - 2015-01-19 11:57 - 00037928 _____ () C:\Users\McKeil-2\Documents\cc_20150119_115731.reg 2015-01-19 09:32 - 2015-01-19 09:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shelby Systems, Inc 2015-01-18 21:41 - 2015-01-23 15:59 - 00000000 ____D () C:\AdwCleaner 2015-01-18 20:25 - 2015-01-18 20:25 - 00001353 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk 2015-01-18 20:25 - 2015-01-18 20:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 2015-01-18 20:25 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe 2015-01-18 19:32 - 2015-01-18 19:34 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware 2015-01-18 19:32 - 2015-01-18 19:32 - 00000000 ____D () C:\Users\McKeil-2\AppData\Roaming\SUPERAntiSpyware.com 2015-01-18 19:32 - 2015-01-18 19:32 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com 2015-01-18 19:32 - 2015-01-18 19:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware 2015-01-16 20:04 - 2015-01-16 20:04 - 00017016 _____ () C:\Users\McKeil-2\Documents\MONTHLY DRAW_2015.xlsx 2015-01-15 12:20 - 2015-01-15 12:20 - 00001005 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk 2015-01-15 12:20 - 2015-01-15 12:20 - 00000993 _____ () C:\Users\Public\Desktop\TeamViewer 10.lnk 2015-01-15 12:18 - 2015-01-18 19:28 - 00000000 ____D () C:\Program Files (x86)\TeamViewer 2015-01-15 12:13 - 2015-01-15 12:11 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2015-01-15 12:13 - 2015-01-15 12:11 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2015-01-15 12:13 - 2015-01-15 12:11 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2015-01-15 11:51 - 2015-01-15 11:51 - 00002531 _____ () C:\Users\Public\Desktop\TurboTax 2014.lnk 2015-01-15 11:51 - 2015-01-15 11:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TurboTax 2014 2015-01-15 11:35 - 2015-01-23 07:25 - 00000010 _____ () C:\Users\McKeil-2\AppData\Local\sponge.last.runtime.cache 2015-01-15 11:34 - 2015-01-15 13:28 - 00000234 _____ () C:\Users\McKeil-2\Desktop\Shelby Systems Support.url 2015-01-15 11:33 - 2015-01-18 19:22 - 00000254 _____ () C:\Users\McKeil-2\Desktop\Shelby Community Forum.url 2015-01-15 10:38 - 2015-01-15 10:38 - 00002036 _____ () C:\Users\McKeil-2\Desktop\NEW LIFE CHRISTIAN CHURCH - Shortcut.lnk 2015-01-15 10:37 - 2015-01-23 20:53 - 00000338 _____ () C:\Windows\Tasks\GlaryInitialize 5.job 2015-01-15 10:37 - 2015-01-15 10:37 - 00002984 _____ () C:\Windows\System32\Tasks\GU5SkipUAC 2015-01-15 10:37 - 2015-01-15 10:37 - 00002646 _____ () C:\Windows\System32\Tasks\GlaryInitialize 5 2015-01-15 10:37 - 2015-01-15 10:37 - 00001054 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk 2015-01-15 10:37 - 2015-01-15 10:37 - 00001042 _____ () C:\Users\Public\Desktop\Glary Utilities 5.lnk 2015-01-15 10:37 - 2015-01-15 10:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5 2015-01-15 10:36 - 2015-01-23 20:53 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 5 2015-01-15 10:36 - 2015-01-15 10:36 - 00020160 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\GUBootStartup.sys 2015-01-15 10:36 - 2015-01-15 10:36 - 00000000 ____D () C:\Users\McKeil-2\AppData\Roaming\GlarySoft 2015-01-15 10:36 - 2015-01-15 10:36 - 00000000 ____D () C:\Users\McKeil-2\AppData\Roaming\DiskDefrag 2015-01-15 10:30 - 2015-01-15 10:30 - 00000000 ___HD () C:\TMRescueDisk 2015-01-15 10:26 - 2015-01-15 10:26 - 00001443 _____ () C:\Users\McKeil-2\Desktop\Trend Micro Internet Security.lnk 2015-01-15 10:26 - 2015-01-15 10:26 - 00000000 ____D () C:\Users\McKeil-2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Internet Security 2015-01-15 10:25 - 2015-01-15 10:26 - 00003326 _____ () C:\Windows\System32\Tasks\Trend Micro Inspect of Platinum 2015-01-15 10:25 - 2014-07-14 02:39 - 00305832 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys 2015-01-15 10:25 - 2014-07-14 02:39 - 00121944 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmactmon.sys 2015-01-15 10:25 - 2014-07-14 02:39 - 00093664 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmevtmgr.sys 2015-01-15 10:25 - 2014-07-09 11:03 - 00407864 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmnciesc.sys 2015-01-15 10:25 - 2014-07-09 11:02 - 00106296 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmeevw.sys 2015-01-15 10:25 - 2014-07-09 11:02 - 00050976 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\TMEBC64.sys 2015-01-15 10:25 - 2014-06-30 06:06 - 00106296 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmusa.sys 2015-01-15 10:23 - 2015-01-15 10:23 - 00000059 _____ () C:\Windows\system32\SupportTool.exe.bat 2015-01-15 10:22 - 2015-01-15 10:22 - 00000000 ____D () C:\Program Files\Trend Micro 2015-01-15 10:18 - 2015-01-15 10:18 - 00000036 _____ () C:\Users\McKeil-2\AppData\Local\housecall.guid.cache 2015-01-15 10:11 - 2015-01-15 10:26 - 00000000 ____D () C:\Users\McKeil-2\AppData\Local\Trend Micro 2015-01-15 09:54 - 2015-01-18 21:35 - 00002443 _____ () C:\Windows\wininit.ini 2015-01-15 09:45 - 2015-01-15 09:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2015-01-14 11:11 - 2014-12-18 22:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2015-01-14 11:11 - 2014-12-18 20:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2015-01-14 11:11 - 2014-12-12 00:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-01-14 11:11 - 2014-12-12 00:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-01-14 11:11 - 2014-12-12 00:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-01-14 11:11 - 2014-12-12 00:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-01-14 11:11 - 2014-12-12 00:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-01-14 11:11 - 2014-12-12 00:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-01-14 11:11 - 2014-12-12 00:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-01-14 11:11 - 2014-12-11 12:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2015-01-14 11:11 - 2014-12-05 23:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll 2015-01-14 11:11 - 2014-12-05 22:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll 2015-01-14 11:11 - 2014-12-05 22:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll 2014-12-30 19:35 - 2014-12-30 19:35 - 00000000 ____D () C:\Users\McKeil-2\Documents\New folder 2014-12-25 11:34 - 2014-12-25 11:34 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-23 21:01 - 2009-07-14 00:13 - 00917342 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-01-23 21:01 - 2009-07-13 23:45 - 00025424 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-01-23 21:01 - 2009-07-13 23:45 - 00025424 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-01-23 20:53 - 2014-01-24 10:03 - 00000086 _____ () C:\Windows\SysWOW64\BRAgent.dat 2015-01-23 20:52 - 2012-09-25 07:57 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-01-23 20:51 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-01-23 20:18 - 2013-03-27 10:25 - 00000000 ____D () C:\Users\McKeil-2\Documents\TurboTax 2015-01-23 20:11 - 2014-09-06 10:24 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-01-23 20:11 - 2014-09-06 10:23 - 00097496 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-01-23 17:27 - 2011-08-25 16:21 - 00000000 ____D () C:\Program Files (x86)\Everything 2015-01-23 16:38 - 2012-04-25 10:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-01-23 14:37 - 2011-06-14 10:06 - 00000000 ____D () C:\Users\McKeil-2\AppData\Roaming\Skype 2015-01-23 14:23 - 2012-09-25 07:57 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-01-23 13:54 - 2012-07-29 09:18 - 00000000 ____D () C:\Users\McKeil-2\Documents\Outlook Files 2015-01-23 13:24 - 2010-12-03 13:01 - 00000000 ____D () C:\Users\McKeil-2\Documents\LTI 2015-01-23 08:59 - 2012-04-23 08:07 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-01-23 07:01 - 2011-05-30 10:04 - 00003950 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{678FC7F5-E7A1-4C80-B784-BD0DA4D27B1B} 2015-01-22 17:24 - 2014-02-01 07:42 - 00002145 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-01-22 17:05 - 2013-01-22 10:14 - 00000000 ____D () C:\Users\McKeil-2\Documents\Donor Receipt 12 month Letter 2015-01-22 16:32 - 2013-02-19 09:44 - 00000000 ____D () C:\Users\McKeil-2\Documents\Donor Receipt Excel Data file 2015-01-22 16:02 - 2010-12-03 13:02 - 00000000 ____D () C:\Users\McKeil-2\Documents\PERSONAL 2015-01-22 13:03 - 2014-10-28 11:05 - 00000000 ____D () C:\Users\McKeil-2\Documents\SQL Server Management Studio 2015-01-22 10:26 - 2013-10-24 09:33 - 00002094 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belarc Advisor.lnk 2015-01-22 10:26 - 2013-10-24 09:33 - 00002082 _____ () C:\Users\Public\Desktop\Belarc Advisor.lnk 2015-01-20 16:38 - 2014-06-03 16:39 - 00000270 _____ () C:\Windows\SysWOW64\debug.log 2015-01-19 14:22 - 2014-10-28 11:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shelby v5 2015-01-19 14:22 - 2011-05-20 16:07 - 00000000 ____D () C:\Users\McKeil-2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-01-19 11:55 - 2010-11-19 22:39 - 00000000 ____D () C:\Windows\Panther 2015-01-19 09:28 - 2014-10-28 11:21 - 00001604 _____ () C:\Users\Public\Desktop\ShelbyEZ-VIEW.lnk 2015-01-19 09:28 - 2014-10-28 11:20 - 00000059 _____ () C:\Windows\SysWOW64\SSV5DATE.INI 2015-01-19 09:28 - 2014-10-28 11:20 - 00000000 ____D () C:\Program Files (x86)\Shelby Systems 2015-01-19 09:28 - 2014-10-28 11:14 - 00000109 _____ () C:\Windows\SysWOW64\ShelbyServices.ini 2015-01-19 09:28 - 2010-12-02 10:13 - 00001291 _____ () C:\Windows\Formset.ini 2015-01-19 09:05 - 2012-07-30 14:24 - 00000000 ____D () C:\Program Files (x86)\Citrix 2015-01-19 09:02 - 2010-12-13 08:59 - 00000000 ____D () C:\Users\McKeil-2\AppData\Local\Citrix 2015-01-18 21:35 - 2014-06-03 16:59 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2015-01-18 20:30 - 2014-06-03 16:59 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2 2015-01-17 19:59 - 2014-10-04 12:03 - 00000000 ____D () C:\Users\McKeil-2\Documents\BIBLESTUDYNOTES 2015-01-15 16:57 - 2010-12-03 13:01 - 00000000 ____D () C:\Users\McKeil-2\Documents\INTEGRITY 2015-01-15 14:33 - 2010-11-25 18:49 - 00000000 ____D () C:\Users\McKeil-2\AppData\Local\VirtualStore 2015-01-15 14:32 - 2012-10-25 16:38 - 00000000 ____D () C:\Users\McKeil-2\AppData\Roaming\TeamViewer 2015-01-15 14:14 - 2014-09-06 10:23 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-01-15 14:14 - 2009-07-13 23:45 - 00437448 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-01-15 14:13 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\security 2015-01-15 13:27 - 2010-12-01 20:47 - 00122888 _____ () C:\Users\McKeil-2\AppData\Local\GDIPFONTCACHEV1.DAT 2015-01-15 12:15 - 2014-06-03 17:00 - 00000000 ____D () C:\Windows\pss 2015-01-15 12:14 - 2014-04-16 08:43 - 00000000 ____D () C:\ProgramData\Oracle 2015-01-15 12:13 - 2014-04-16 08:42 - 00000000 ____D () C:\Program Files (x86)\Java 2015-01-15 12:11 - 2014-04-16 08:43 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2015-01-15 11:53 - 2012-10-04 09:21 - 00001545 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc 2015-01-15 11:50 - 2011-04-03 16:22 - 00000000 ____D () C:\Program Files (x86)\TurboTax 2015-01-15 10:38 - 2011-05-02 09:11 - 00247808 ___SH () C:\Users\McKeil-2\Documents\Thumbs.db 2015-01-15 10:34 - 2014-09-06 10:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-01-15 10:34 - 2013-10-24 10:28 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-01-15 10:31 - 2012-03-15 09:36 - 00000000 ____D () C:\ProgramData\Trend Micro 2015-01-15 10:15 - 2011-05-20 16:09 - 00000000 ___RD () C:\Users\McKeil-2\Dropbox 2015-01-15 10:15 - 2011-05-20 16:06 - 00000000 ____D () C:\Users\McKeil-2\AppData\Roaming\Dropbox 2015-01-15 09:46 - 2011-06-14 10:05 - 00000000 ___RD () C:\Program Files (x86)\Skype 2015-01-15 09:46 - 2011-06-14 10:05 - 00000000 ____D () C:\ProgramData\Skype 2015-01-15 09:45 - 2014-09-06 08:49 - 00002697 _____ () C:\Users\Public\Desktop\Skype.lnk 2015-01-15 09:42 - 2009-07-14 00:08 - 00032534 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-01-14 12:04 - 2014-08-21 09:08 - 00000000 ____D () C:\Users\McKeil-2\Documents\NEW LIFE CHRISTIAN CHURCH 2015-01-13 05:30 - 2012-09-25 07:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive 2015-01-09 10:07 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-12-31 12:50 - 2014-12-12 13:37 - 00004717 _____ () C:\ThankYou.txt 2014-12-31 12:50 - 2014-11-06 16:49 - 00005865 _____ () C:\GiftRec.txt 2014-12-28 14:56 - 2014-10-28 11:21 - 01568768 _____ (Shelby Systems, Inc.) C:\Windows\SysWOW64\ssv5axtax.dll 2014-12-28 14:56 - 2014-10-28 11:21 - 00921600 _____ (Shelby Systems Inc.) C:\Windows\SysWOW64\ssv5axgn.dll ==================== Files in the root of some directories ======= 2015-01-15 10:18 - 2015-01-15 10:18 - 0000036 _____ () C:\Users\McKeil-2\AppData\Local\housecall.guid.cache 2014-06-03 17:07 - 2014-06-03 17:07 - 0000017 _____ () C:\Users\McKeil-2\AppData\Local\resmon.resmoncfg 2015-01-15 11:35 - 2015-01-23 07:25 - 0000010 _____ () C:\Users\McKeil-2\AppData\Local\sponge.last.runtime.cache 2011-06-14 10:16 - 2011-06-14 10:16 - 0000056 ____H () C:\ProgramData\ezsidmv.dat 2012-09-26 13:40 - 2014-06-17 18:04 - 0004921 _____ () C:\ProgramData\hpzinstall.log 2012-10-04 09:21 - 2015-01-15 11:53 - 0001545 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc Some content of TEMP: ==================== C:\Users\McKeil-2\AppData\Local\Temp\Quarantine.exe C:\Users\McKeil-2\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed Addition.txt Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-01-2015 Ran by McKeil-2 at 2015-01-23 21:04:24 Running from C:\Users\McKeil-2\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Trend Micro Internet Security (Enabled - Up to date) {F2F88E6A-3C7A-545F-268A-5D0BDD38EE06} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Spybot - Search and Destroy (Disabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} AS: Trend Micro Internet Security (Enabled - Up to date) {49996F8E-1A40-5BD1-1C3A-6679A6BFA4BB} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden AccelerometerP11 (HKLM-x32\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 2.00.10.11 - STMicroelectronics) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.) Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd) AOMEI Backupper Standard Edition 2.0.2 (HKLM-x32\...\{A83692F5-3E9B-4E95-9E7E-B5DF5536CE9D}_is1) (Version: - AOMEI Technology Co., Ltd.) B209a-m (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden Belarc Advisor 8.4 (HKLM-x32\...\Belarc Advisor) (Version: 8.4.0.0 - Belarc Inc.) Brother BRAgent 1.34.0001 (HKLM-x32\...\{9390DEE7-32CF-4A2E-A47B-30270D624AA1}) (Version: 1.34.0001 - Brother) Brother MFL-Pro Suite MFC-7360N (HKLM-x32\...\{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}) (Version: 1.1.3.0 - Brother Industries, Ltd.) BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden Carbonite (HKLM-x32\...\Carbonite Backup) (Version: 5.7.0 build 4390 (Sep-29-2014) - Carbonite) CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform) Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.) Citrix Online Launcher (HKLM-x32\...\{AFB80939-4486-49D8-A04E-2B05C0F2DE39}) (Version: 1.0.252 - Citrix) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc) Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 15.0.2.0 - Synaptics Incorporated) Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.00.35 - Creative Technology Ltd) Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden DeviceDiscovery (x32 Version: 130.0.372.000 - Hewlett-Packard) Hidden Dropbox (HKU\S-1-5-21-12934214-2758422551-2789243025-1001\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.) DW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 5.60.48.35 - Dell Inc.) Everything 1.3.4.686 (x64) (HKLM\...\Everything) (Version: - ) GDR 4033 for SQL Server 2008 R2 (KB2977320) (64-bit) (HKLM\...\KB2977320) (Version: 10.52.4033.0 - Microsoft Corporation) Glary Utilities 5.16 (HKLM-x32\...\Glary Utilities 5) (Version: 5.16.0.29 - Glarysoft Ltd) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.91 - Google Inc.) Google Drive (HKLM-x32\...\{240D2B48-E06E-446F-A806-01CF36882EB7}) (Version: 1.19.8268.4572 - Google, Inc.) Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.) Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden GoToAssist Corporate (HKLM-x32\...\GoToAssist) (Version: 11.1.0.1055 - Citrix Online, a division of Citrix Systems, Inc.) GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP) HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP) HP LaserJet P1000 series (HKLM-x32\...\HP LaserJet P1000 series) (Version: - ) HP Photosmart Plus B209a-m All-In-One Driver Software 13.0 Rel .6 (HKLM\...\{9FEF1A18-8F26-4F49-A5A4-956C12210624}) (Version: 13.0 - HP) HP Print Projects 1.0 (HKLM\...\HP Print Projects) (Version: 1.0 - HP) HP Product Detection (HKLM-x32\...\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}) (Version: 10.7.9.0 - Hewlett-Packard Company) HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP) HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP) HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard) HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden hppMSRedist (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden hpPrintProjects (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden hppusgP1000 (x32 Version: 1.1.0.1 - Hewlett-Packard) Hidden HPSSupply (HKLM-x32\...\{7902E313-FF0F-4493-ACB1-A8147B78DCD0}) (Version: 2.1.1.0000 - Hewlett Packard Development Company L.P.) hpWLPGInstaller (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2141 - Intel Corporation) Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation) Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation) Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft IntelliPoint 8.0 (HKLM\...\{563F041C-DFDB-437B-A1E8-E141E0906076}) (Version: 8.0.225.0 - Microsoft) Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.6213.1000 - Microsoft Corporation) Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Office Live Meeting 2007 (HKLM-x32\...\{E30E7561-A466-4393-B8BF-FD93E733EF3C}) (Version: 8.0.6362.202 - Microsoft Corporation) Microsoft Report Viewer Redistributable 2008 SP1 (HKLM-x32\...\Microsoft Report Viewer Redistributable 2008 (KB971119)) (Version: - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft SQL Server 2008 R2 (64-bit) (HKLM\...\Microsoft SQL Server 2008 R2) (Version: - Microsoft Corporation) Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{E8F7904A-4780-4F3F-B153-21BE32857120}) (Version: 10.52.4033.0 - Microsoft Corporation) Microsoft SQL Server 2008 R2 Policies (HKLM-x32\...\{D21BC5B2-CBAC-48FA-A701-B5A63C1CA7B8}) (Version: 10.50.1600.1 - Microsoft Corporation) Microsoft SQL Server 2008 R2 Setup (English) (HKLM\...\{1D4A3734-9328-440F-960C-42B4CE481EB4}) (Version: 10.52.4033.0 - Microsoft Corporation) Microsoft SQL Server 2008 Setup Support Files (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation) Microsoft SQL Server Browser (HKLM-x32\...\{BF9BF038-FE03-429D-9B26-2FA0FD756052}) (Version: 10.52.4000.0 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU (HKLM-x32\...\{DDFD8348-058C-4F4B-85E5-6D740D4AB3FE}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft SQL Server VSS Writer (HKLM\...\{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}) (Version: 10.52.4000.0 - Microsoft Corporation) Microsoft Sync Framework Runtime v1.0 (x64) (HKLM\...\{53D7A054-4598-4947-A159-E8FCC77720AB}) (Version: 1.0.1215.0 - Microsoft Corporation) Microsoft Sync Services for ADO.NET v2.0 (x64) (HKLM\...\{817BCC2B-76A8-4C8B-8B55-FD916C6969CC}) (Version: 2.0.1215.0 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual Studio 2008 Shell (integrated mode) - ENU (HKLM-x32\...\{BA0C9AAF-1327-3F06-B49C-349B4BE8F740}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{4ECF4BDC-8387-329A-ABE9-CF5798F84BB2}) (Version: 9.0.35191 - Microsoft Corporation) Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla) MrvlUsgTracking (HKLM-x32\...\{A82D052A-0806-42DF-80CD-1730A1AC0ED3}) (Version: 1.0.7 - Marvell) MrvlUsgTracking64 (HKLM\...\{42F0FD29-7EB3-4CAA-AF10-BC2619B96D80}) (Version: 1.0.1 - Marvell Semiconductor Pvt Ltd) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MyTomTom 3.1.0.530 (HKLM-x32\...\MyTomTom) (Version: 3.1.0.530 - TomTom) Network64 (Version: 130.0.572.000 - Hewlett-Packard) Hidden Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.) PS_AIO_06_B209a-m_SW_Min (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 1.3.3 - Dell Inc.) Rapport (Version: 3.5.1205.20 - Trusteer) Hidden Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group) Roxio Creator DE 10.3 (HKLM-x32\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.3 - Roxio) Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Service Pack 2 for SQL Server 2008 R2 (KB2630458) (64-bit) (HKLM\...\KB2630458) (Version: 10.52.4000.0 - Microsoft Corporation) Shelby SOAP Install (HKLM-x32\...\{19E65209-31B3-41B1-B4B9-ACF9ACBF2594}) (Version: 1.00.0000 - Shelby Systems) Shelby v5 Server Setup (HKLM-x32\...\{F4BCB5DB-7713-4A76-9EFF-82EA130241A9}) (Version: 5.14.2000 - Shelby Systems, Inc.) Shelby v5 Workstation Setup (HKLM-x32\...\{131E485E-1FBF-44D0-A6BA-8960EA316968}) (Version: 5.14.2000 - Shelby Systems, Inc.) Shelby v5 Workstation Setup (x32 Version: 5.10.2000 - Shelby Systems, Inc.) Hidden Shelby v5 Workstation Setup (x32 Version: 5.11.3000 - Shelby Systems, Inc.) Hidden Shelby v5 Workstation Setup (x32 Version: 5.11.6000 - Shelby Systems, Inc.) Hidden Shelby v5 Workstation Setup (x32 Version: 5.13.2350 - Shelby Systems, Inc.) Hidden Shelby v5 Workstation Setup (x32 Version: 5.14.1001 - Shelby Systems, Inc.) Hidden Shelby v5 Workstation Setup (x32 Version: 5.14.2000 - Shelby Systems, Inc.) Hidden ShelbyIntelMail (HKLM-x32\...\{39AEF0C7-099C-421B-A2D3-BFA9D744BD32}) (Version: 1.0.0.0 - Shelby Systems) Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation) Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.) SmartWebPrinting (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.) SQL Server 2008 R2 Reporting Services (Version: 10.50.1600.1 - Microsoft Corporation) Hidden SQL Server 2008 R2 SP2 BI Development Studio (Version: 10.52.4000.0 - Microsoft Corporation) Hidden SQL Server 2008 R2 SP2 Common Files (Version: 10.52.4000.0 - Microsoft Corporation) Hidden SQL Server 2008 R2 SP2 Database Engine Services (Version: 10.52.4000.0 - Microsoft Corporation) Hidden SQL Server 2008 R2 SP2 Database Engine Shared (Version: 10.52.4000.0 - Microsoft Corporation) Hidden SQL Server 2008 R2 SP2 Full text search (Version: 10.52.4000.0 - Microsoft Corporation) Hidden SQL Server 2008 R2 SP2 Management Studio (Version: 10.52.4000.0 - Microsoft Corporation) Hidden SQL Server 2008 R2 SP2 Reporting Services (Version: 10.52.4000.0 - Microsoft Corporation) Hidden Sql Server Customer Experience Improvement Program (Version: 10.50.1600.1 - Microsoft Corporation) Hidden Status (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1168 - SUPERAntiSpyware.com) TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.36897 - TeamViewer) Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden TrayApp (x32 Version: 130.0.376.000 - Hewlett-Packard) Hidden Trend Micro Internet Security (HKLM\...\{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}) (Version: 8.0 - Trend Micro Inc.) Trend Micro Titanium (Version: 8.0 - Trend Micro Inc.) Hidden TurboTax 2010 (HKLM-x32\...\TurboTax 2010) (Version: - Intuit, Inc) TurboTax 2011 (HKLM-x32\...\TurboTax 2011) (Version: - Intuit, Inc) TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc) TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc) TurboTax 2014 (HKLM-x32\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc) v511constantcontact (HKLM-x32\...\{3C762D9D-D904-4D60-8BB6-169B7AC81447}) (Version: 1.0.0.0 - Shelby Systems) v513constantcontact (HKLM-x32\...\{A8B04D04-ED73-40AE-8DC5-5DE53D1A708D}) (Version: 1.0.0.4 - Shelby Systems) v5constantcontact (HKLM-x32\...\{82CF54D4-C8B3-4532-AFC8-F2B59DC45CB9}) (Version: 1.0.0.0 - Shelby Systems) Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.) WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.900 - Broadcom Corporation) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation) Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-12934214-2758422551-2789243025-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\McKeil-2\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-12934214-2758422551-2789243025-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\McKeil-2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-12934214-2758422551-2789243025-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\McKeil-2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-12934214-2758422551-2789243025-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\McKeil-2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-12934214-2758422551-2789243025-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\McKeil-2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-12934214-2758422551-2789243025-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\McKeil-2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-12934214-2758422551-2789243025-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\McKeil-2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-12934214-2758422551-2789243025-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\McKeil-2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-12934214-2758422551-2789243025-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\McKeil-2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ==================== Restore Points ========================= 17-01-2015 06:45:08 Windows Backup 18-01-2015 14:07:52 Windows Backup 18-01-2015 23:00:27 Windows Backup 19-01-2015 09:19:45 Configured Shelby v5 Server Setup 19-01-2015 12:37:36 Removed Rapport 19-01-2015 12:56:06 beore rdsrv removal 22-01-2015 11:20:40 Restore Operation ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {07FBE726-77E5-4782-9F52-58867FCF4B34} - System32\Tasks\{8F175A02-97AE-40CE-A817-D0AD87D26C31} => Chrome.exe http://ui.skype.com/ui/0/6.14.0.104/en/abandoninstall?page=tsMain Task: {18C6A7A9-2054-474F-A127-4CF347030F89} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd) Task: {3240CC61-44F8-496C-B290-DB29E71E19B4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-25] (Google Inc.) Task: {3F6EC6F5-E227-4FCF-BA6F-3C8C59002D6F} - System32\Tasks\{4DFBD16B-C084-45CA-8CF2-B8755F9FF5AB} => Chrome.exe http://ui.skype.com/ui/0/6.14.0.104/en/abandoninstall?page=tsMain Task: {44B5AC95-7FC7-4233-9D60-3910A9F8AB58} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-25] (Google Inc.) Task: {5A66AC11-17EE-485F-ACA3-FD58B5E1B263} - System32\Tasks\{A6B06C0F-E2C8-4932-AF95-52B66030821D} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.) Task: {5B5D97F1-9AA3-402C-ACF0-277B51897DA2} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe Task: {5ED52BDE-FC44-4EC7-8F24-2844DA7F5553} - System32\Tasks\Trend Micro Inspect of Platinum => C:\Program Files\Trend Micro\Titanium\plugin\Pt\win32\Inspect\Inspect.exe [2014-07-20] (Trend Micro Inc.) Task: {6D854A5C-325A-4D4E-869C-A433F1AB6687} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2010-07-21] (Microsoft Corporation) Task: {7CEF366F-5439-48A2-A5BC-8FA3C78A611D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: {8D5C86A9-C765-4BDC-B476-E0D227F63533} - System32\Tasks\{46E47F0A-E32C-443A-A910-DBD36ABCA6BE} => pcalua.exe -a C:\Windows\GFIBCK~1.EXE -c "C:\Windows\GFIBckHInstall.LOG" Task: {93B251E6-B450-42B7-9278-2B0AF5036FA8} - System32\Tasks\{7BFDBE5D-93F9-4242-AE90-2888A4C66791} => pcalua.exe -a C:\Windows\GFIBCK~1.EXE -c "C:\Windows\GFIBckHInstall.LOG" Task: {B26E55E6-BED5-441F-87D0-C77ED09D039F} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2015-01-05] (Glarysoft Ltd) Task: {B498AABE-360E-4E38-8C8B-B7094A626B35} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: {C4DB429F-1ADE-4C7C-97FF-787B7987A06A} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [2015-01-05] (Glarysoft Ltd) Task: {D99DF314-07DC-42B2-8D7B-93B076F2F029} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe Task: {E15BC032-73D4-4E37-B98D-171C3A198412} - System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} => C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe Task: {E39BC32E-A55E-4AC9-BC92-A76A310A28F5} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe Task: {FC2FC414-C9B6-4818-8F85-D4ABD19F3977} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GlaryInitialize 5.job => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\RegCure Pro_sch_EF54FF63-A00A-11E4-91C6-F04DA2A8C034.job => C:\Program Files (x86)\ParetoLogic\RegCure Pro\RegCurePro.exe <==== ATTENTION Task: C:\Windows\Tasks\User_Feed_Synchronization-{678FC7F5-E7A1-4C80-B784-BD0DA4D27B1B}.job => C:\Windows\system32\msfeedssync.exe
  13. Hi: I've recently been experiencing redirects on both of my browsers (Internet Explorer and Chrome). When I click on a normal website, it first goes to a site with a URL like "...find-all-you-want.com..." which then redirects again to some random ad-like site. This happens randomly on many different websites (even this forum). I've cleared the history, caches and temporary files on my browsers which didn't help. I've also performed multiple scans with my antivirus software, ZoneAlarm, and found nothing. I fear that it's a malware or virus on my laptop because ever since I've been seeing the redirects I've also had several times where ZoneAlarm had to restart my computer because it said my computer has been infected with malware (and the restarting doesn't help - the redirects still keep coming back). Please, any help regarding the removal of it would be much appreciated. Thank you.
  14. After months of suspicious redirects on Google search results (dailyaucklandnews...) and having to type safe addresses directly into the address bar, last week my internet explorer settings started changing by themselves. Sometimes I wouldn't be allowed to download safe files, other times my home page would disappear. I called my tech support and was introduced to Malwarebytes which ran scans and came back w/ over 21 items. It continually scans and sometimes shuts down my computer without warning, yet some of the problems persist intermittently. I want/need to see these issues completely resolved. As an editor with deadlines, time and efficiency are precious. I'd greatly appreciate any assistance from someone well-versed in these malware areas. Also--though I back up select files, were I to back up many on my computer, would they be infected? Should I do this after the 'treatment' or should I do this now before removal software could conflict with something and erase desired files? Thank you for your attention in this matter.
  15. Hi, i hope you can help me. i have a laptop that seems to be very badly infected with malware, viruses etc. I have tried to run DDS but it gets stuck at about 3/4 done and then the laptop shuts down suddenly and restarts with windows recovered from an unexpected shutdown message, i am not on it at the moment as web pages shut suddenly and redirect to random sites whle surfing. So no logs im afraid to show you. I did run a program called rkill to stop malware running but it took ages and DDS still didnt complete afterwards. I was intending to reformat and start again but dont know if any malware is hidden in my documents if i were to back them up. Regards Jeff
  16. attach.txtdds.txt Happy Saturday! I know I don't look happy because I am frustrated with this trojan, which I believe laptop is being accessed remotely as well. We thought we did a clean reinstall of Windows 7...but either we didn't get rid of the malware or somehow it came back. I believe spotify is infected and and many suspicious and unknown files. Per ESET......they found more malware 3 different ones... Win32 variants. I actually am learning to remove malware myself and checking into taking classes or some type of certification. So any help you can give me to clean this computer would be greatly appreciated. I am attaching the DDS logs as was requested. Thanks so much for your time. Vicky
  17. I recently got a new computer with Window 7 on it. Ever since I first turned it on, I have been inundated with pop ups, constant redirects, ads pasted over ads, ads pasted over text I am trying to read. I use Mozilla Firefox, and my preferences for home page and new tab will not save for longer than a day at most, before being changed to something else. I have tried everything I can think of to fix this problem. I bought the Pro Version of Malwarebytes, I have tried the steps from Remove Pop-up Ads from Internet Explorer, Firefox and ChromeWhich was from the Malwarebytes Forum and it worked for barely a day before the ads and redirects took over again. Adwcleaner will not work on my computer, it chokes up and goes non responsive. I have downloaded add ons for Firefox, they do not help. I run Kapersky Anti-Virus every single day. Very few if any problems show up on Kapersky or Malwarebytes, since I run them several times a day, trying to find SOMETHING that is causing this. I am very close to wiping this computer and installing XP. I cannot get any work done, I am simply at my wits end. Can anyone help me? Is there something else I can do to handle this problem? Thank you, Tracey
  18. Hello folks. I am getting lots of browser redirects when I'm using Chrome or IE. I'm using Malwarebytes Pro. I'm including the requested logs and the log from Malwarebytes. A full scan disclosed only a pup which I have deleted. Thanks! Mike attach.txt dds.txt protection-log-2013-04-16.txt
  19. Hi Gringo, We have been having what seems to be a very similar problem recently on our computer. Redirects to the same ad websites as mentioned earlier in a thread by haysee5. I have been following your responses in order but still no luck. I have run SecurityCheck, adwcleaner, RogueKiller, ComboFix, tdsskiller, aswMBR, OTL, Malwarebytes Anti-Malware, and HijackThis, and saved all the logs from each program. Do you think you might be able to help us? Thank you, Doug
  20. Hi there, I recently had an infection which was sucessfully removed using a combination of AVG 2012 and Malwarebytes. However, in the past week some of my Google search results have been redirecting to websites of no relation to the link I originally clicked on. The webpages redirected to so far have just been advertising for various products. All of the recent scans I have carried out via AVG 2012 and Malwarebytes for any remnants have come back negative everytime. I have also monitored my resources using Task Manager and nothing seems to be out of the ordinary. I would be really greatful if somebody could take a quick look at my DDS and Attach logs for me and see if they can find anything I may have missed previously. Many thanks Richard DDS.txt Attach.txt
  21. I'm getting redirects. Win XP machine. Any help would be greatly appreciated! Here are the logs: attach.txt . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 3/24/2009 2:32:28 PM System Uptime: 3/22/2012 3:46:50 PM (1 hours ago) . Motherboard: Dell Inc. | | 0G866N Processor: Intel Pentium III Xeon processor | Microprocessor | 2259/266mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 75 GiB total, 23.058 GiB free. D: is CDROM () H: is NetworkDisk (NTFS) - 1855 GiB total, 145.705 GiB free. . ==== Disabled Device Manager Items ============= . Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: Cisco Systems VPN Adapter Device ID: ROOT\NET\0000 Manufacturer: Cisco Systems Name: Cisco Systems VPN Adapter PNP Device ID: ROOT\NET\0000 Service: CVirtA . ==== System Restore Points =================== . RP1009: 2/8/2012 8:42:52 AM - Installed Microsoft Office Professional Plus 2007 RP1010: 2/8/2012 8:45:14 AM - Printer Driver Microsoft Office Document Image Writer Installed RP1011: 2/8/2012 8:47:14 AM - Printer Driver Microsoft Office Document Image Writer Installed RP1012: 2/9/2012 9:45:49 AM - System Checkpoint RP1013: 2/10/2012 9:49:27 AM - System Checkpoint RP1014: 2/11/2012 3:07:03 AM - Installed Windows XP KB2585542. RP1015: 2/11/2012 3:07:25 AM - Installed Windows XP KB2646524. RP1016: 2/11/2012 3:07:39 AM - Installed Windows XP KB2584146. RP1017: 2/11/2012 3:07:55 AM - Installed Windows XP KB2603381. RP1018: 2/11/2012 3:08:10 AM - Installed Windows XP KB2631813. RP1019: 2/11/2012 3:08:26 AM - Installed Windows XP KB2598479. RP1020: 2/12/2012 3:49:49 AM - System Checkpoint RP1021: 2/13/2012 4:49:48 AM - System Checkpoint RP1022: 2/14/2012 5:49:49 AM - System Checkpoint RP1023: 2/15/2012 6:49:49 AM - System Checkpoint RP1024: 2/16/2012 9:39:00 AM - System Checkpoint RP1025: 2/17/2012 11:22:46 AM - System Checkpoint RP1026: 2/18/2012 11:49:54 AM - System Checkpoint RP1027: 2/19/2012 12:49:53 PM - System Checkpoint RP1028: 2/20/2012 1:52:17 PM - System Checkpoint RP1029: 2/21/2012 3:33:31 PM - System Checkpoint RP1030: 2/22/2012 3:04:42 AM - Installed Windows XP KB2647516. RP1031: 2/22/2012 3:05:16 AM - Installed Windows XP KB2660465. RP1032: 2/22/2012 3:06:17 AM - Installed Windows XP KB2661637. RP1033: 2/23/2012 3:04:26 AM - Installed Windows XP KB2633952. RP1034: 2/27/2012 11:51:04 AM - System Checkpoint RP1035: 2/28/2012 11:51:20 AM - System Checkpoint RP1036: 2/29/2012 2:32:00 PM - System Checkpoint RP1037: 3/1/2012 4:18:14 PM - System Checkpoint RP1038: 3/2/2012 4:49:46 PM - System Checkpoint RP1039: 3/3/2012 4:49:53 PM - System Checkpoint RP1040: 3/5/2012 2:13:31 PM - System Checkpoint RP1041: 3/6/2012 2:49:20 PM - System Checkpoint RP1042: 3/7/2012 3:32:12 PM - System Checkpoint RP1043: 3/8/2012 4:09:28 PM - System Checkpoint RP1044: 3/9/2012 4:11:42 PM - System Checkpoint RP1045: 3/12/2012 9:52:02 AM - System Checkpoint RP1046: 3/13/2012 10:00:49 PM - System Checkpoint RP1047: 3/15/2012 10:01:59 PM - System Checkpoint RP1048: 3/19/2012 7:23:00 AM - Installed RICHTX32 RP1049: 3/19/2012 7:23:37 AM - Installed ReportView RP1050: 3/19/2012 7:23:52 AM - Installed NetwiseUtl003 RP1051: 3/19/2012 7:24:05 AM - Installed PlannedTransfer RP1052: 3/19/2012 7:24:17 AM - Installed Group Maintenance RP1053: 3/19/2012 7:24:27 AM - InstalleProduct Group Maintenance RP1054: 3/19/2012 7:24:39 AM - Installed NetwiseSMA301 RP1055: 3/19/2012 7:24:50 AM - Installed PlantDropDown RP1056: 3/19/2012 7:25:04 AM - Installed ProductionDelay RP1057: 3/19/2012 7:25:18 AM - Installed Profile RP1058: 3/19/2012 7:25:30 AM - Installed GroupsInquire RP1059: 3/19/2012 7:25:39 AM - Installed Common 1 RP1060: 3/19/2012 7:26:02 AM - Installed Common 2 RP1061: 3/19/2012 7:26:52 AM - Installed Data Display Controls RP1062: 3/19/2012 7:27:18 AM - Installed NetwisePas301 RP1063: 3/19/2012 7:27:29 AM - Installed CRSRawMaterialSpec RP1064: 3/19/2012 7:27:41 AM - Installed Netwise Error Handler RP1065: 3/19/2012 7:27:52 AM - Installed AgeSchedRange RP1066: 3/19/2012 7:28:02 AM - Installed ChangeOrder RP1067: 3/19/2012 7:28:11 AM - Installed CustContact RP1068: 3/19/2012 7:28:18 AM - Installed DatePick RP1069: 3/19/2012 7:28:24 AM - Installed IncExcProducts RP1070: 3/19/2012 7:28:31 AM - Installed InitiateMainFrameReports RP1071: 3/19/2012 7:28:37 AM - Installed LoadAhead RP1072: 3/19/2012 7:28:43 AM - Installed PlannedTransferShells RP1073: 3/19/2012 7:28:49 AM - Installed ProductInq RP1074: 3/19/2012 7:28:54 AM - Installed ViewEPA RP1075: 3/19/2012 7:28:59 AM - Installed PBDataConnection RP1076: 3/19/2012 7:29:06 AM - Installed NetwiseCfm201 RP1077: 3/19/2012 7:29:19 AM - Installed NetwiseORP301 RP1078: 3/19/2012 7:29:26 AM - Installed RESCPYWK RP1079: 3/21/2012 4:12:28 PM - ComboFix created restore point RP1080: 3/22/2012 3:05:04 AM - Installed Windows XP KB2621440. RP1081: 3/22/2012 3:05:27 AM - Installed Windows XP KB2641653. . ==== Installed Programs ====================== . . 2007 Microsoft Office Suite Service Pack 2 (SP2) 32 Bit HP CIO Components Installer Adobe Acrobat X Pro - English, Français, Deutsch Adobe Flash Player 10 ActiveX Adobe Reader 8.3.1 Altiris Application Metering Agent Altiris Inventory Agent Cisco Systems VPN Client 5.0.04.0300 Compatibility Pack for the 2007 Office system Conexant HDA D330 MDC V.92 Modem Critical Update for Windows Media Player 11 (KB959772) DameWare Mini Remote Control Dell Touchpad Dell Wireless WLAN Card Utility Documentum Content Services for SAP Client Google Earth Google Update Helper High Definition Audio Driver Package - KB835221 Hitachi ID Password Manager Local SKA Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB2158563) Hotfix for Windows XP (KB2633952) Hotfix for Windows XP (KB942288-v3) Hotfix for Windows XP (KB944043-v3) Hotfix for Windows XP (KB945436) Hotfix for Windows XP (KB949764) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) IDT Audio Intel® Graphics Media Accelerator Driver Intel® PRO Network Connections Drivers Java 6 Update 13 Juniper Networks Secure Application Manager Malwarebytes' Anti-Malware (tech) Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2656353) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 Microsoft National Language Support Downlevel APIs Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2007 Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Communicator 2007 R2 Microsoft Office Excel MUI (English) 2007 Microsoft Office Excel MUI (English) 2010 Microsoft Office Groove MUI (English) 2010 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office Live Meeting 2007 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2007 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional Plus 2007 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2007 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2007 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2007 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Visio Viewer 2007 Microsoft Office Word MUI (English) 2007 Microsoft Office Word MUI (English) 2010 Microsoft redistributable runtime DLLs VS2005 SP1(x86) Microsoft redistributable runtime DLLs VS2008 SP1(x86) Microsoft Silverlight Microsoft Software Update for Web Folders (English) 12 Microsoft Software Update for Web Folders (English) 14 Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 Redistributable MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 6.0 Parser (KB925673) MSXML4.0 redistributable Net Library 10.0.3 Open Client 10.0.3 Patch Management Agent Power Scheme Plug-in Setup PowerDVD RICHTX32 RICOH R5C83x/84x Media Driver Ver.3.53.02 Roxio Activation Module Roxio Creator Audio Roxio Creator BDAV Plugin Roxio Creator Copy Roxio Creator Data Roxio Creator DE Roxio Creator Tools Roxio Express Labeler 3 SafeNet iKey Driver v4.1.0.8 SAP Business Explorer SAP GUI for Windows 7.20 SAP JNet Scotiabank USB Token Software Security Update for 2007 Microsoft Office System (KB2553089) Security Update for 2007 Microsoft Office System (KB969559) Security Update for 2007 Microsoft Office System (KB969679) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB969682) Security Update for Microsoft Office PowerPoint 2007 (KB957789) Security Update for Microsoft Office Publisher 2007 (KB969693) Security Update for Microsoft Office system 2007 (KB969613) Security Update for Microsoft Office Word 2007 (KB969604) Security Update for Microsoft SharePoint Workspace 2010 (KB2566445) Security Update for Microsoft Windows (KB2564958) Security Update for Windows Internet Explorer 7 (KB2183461) Security Update for Windows Internet Explorer 7 (KB2360131) Security Update for Windows Internet Explorer 7 (KB2416400) Security Update for Windows Internet Explorer 7 (KB2482017) Security Update for Windows Internet Explorer 7 (KB2497640) Security Update for Windows Internet Explorer 7 (KB2530548) Security Update for Windows Internet Explorer 7 (KB2544521) Security Update for Windows Internet Explorer 7 (KB2559049) Security Update for Windows Internet Explorer 7 (KB2586448) Security Update for Windows Internet Explorer 7 (KB2618444) Security Update for Windows Internet Explorer 7 (KB2647516) Security Update for Windows Internet Explorer 7 (KB938127-v2) Security Update for Windows Internet Explorer 7 (KB950759) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Internet Explorer 7 (KB963027) Security Update for Windows Internet Explorer 7 (KB969897) Security Update for Windows Internet Explorer 7 (KB972260) Security Update for Windows Internet Explorer 7 (KB974455) Security Update for Windows Internet Explorer 7 (KB976325) Security Update for Windows Internet Explorer 7 (KB978207) Security Update for Windows Internet Explorer 7 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2160329) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2279986) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2436673) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479628) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485376) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2503658) Security Update for Windows XP (KB2503665) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2506223) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2510581) Security Update for Windows XP (KB2511455) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2536276) Security Update for Windows XP (KB2544893) Security Update for Windows XP (KB2555917) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2567053) Security Update for Windows XP (KB2567680) Security Update for Windows XP (KB2570222) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2584146) Security Update for Windows XP (KB2585542) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB2598479) Security Update for Windows XP (KB2603381) Security Update for Windows XP (KB2618451) Security Update for Windows XP (KB2619339) Security Update for Windows XP (KB2620712) Security Update for Windows XP (KB2621440) Security Update for Windows XP (KB2624667) Security Update for Windows XP (KB2631813) Security Update for Windows XP (KB2633171) Security Update for Windows XP (KB2639417) Security Update for Windows XP (KB2641653) Security Update for Windows XP (KB2646524) Security Update for Windows XP (KB2660465) Security Update for Windows XP (KB2661637) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923789) Security Update for Windows XP (KB938464-v2) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950759) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB971961) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977165) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978251) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981349) Security Update for Windows XP (KB981852) Security Update for Windows XP (KB981957) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982665) Security Update for Windows XP (KB982802) Software Management Solution Plugin Symantec Enterprise Vault HTTP-only Outlook Add-In Symantec pcAnywhere Symantec_pcAnywhere_plugin_installer Trend Micro OfficeScan Client Tyson PBDataConnection Update for 2007 Microsoft Office System (KB967642) Update for Microsoft Office Outlook 2007 (KB969907) Update for Windows Internet Explorer 7 (KB976749) Update for Windows Internet Explorer 7 (KB980182) Update for Windows XP (KB898461) Update for Windows XP (KB943729) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB955839) Update for Windows XP (KB967715) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) User Profile Hive Cleanup Service vcredist_x86 WebEx WebFldrs XP Windows Internet Explorer 7 Windows Media Format 11 runtime Windows Media Player 11 Windows Media Player Enterprise Deployment Windows Presentation Foundation Windows Rights Management Client Backwards Compatibility SP2 Windows Rights Management Client with Service Pack 2 XML Paper Specification Shared Components Pack 1.0 . ==== Event Viewer Messages From Past Week ======== . 3/22/2012 9:26:28 AM, error: Dhcp [1002] - The IP address lease 10.1.142.114 for the Network Card with network address 002170EF07A6 has been denied by the DHCP server 10.6.40.20 (The DHCP Server sent a DHCPNACK message). 3/22/2012 9:00:17 AM, error: Service Control Manager [7000] - The OfficeScan NT Proxy Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 3/22/2012 9:00:16 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the OfficeScan NT Proxy Service service to connect. 3/22/2012 3:32:09 PM, error: NETLOGON [5719] - No Domain Controller is available for domain XXX due to the following: The RPC server is unavailable. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator. 3/21/2012 4:19:46 PM, error: Service Control Manager [7034] - The Dell Wireless WLAN Tray Service service terminated unexpectedly. It has done this 1 time(s). 3/15/2012 2:55:47 PM, error: SCardSvr [610] - Smart Card Reader 'Broadcom Corp Contacted SmartCard 0' rejected IOCTL GET_STATE: The device has been removed. 3/15/2012 2:00:37 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56} 3/15/2012 1:57:28 PM, error: NETLOGON [5719] - No Domain Controller is available for domain XXX due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator. . ==== End Of File =========================== dds.txt . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 7.0.5730.13 Run by xxx at 16:23:25 on 2012-03-22 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3536.2943 [GMT -5:00] . AV: Trend Micro OfficeScan Antivirus *Enabled/Updated* {4CA5B9AB-4295-4D4C-9664-0EBE85AE0525} . ============== Running Processes =============== . C:\WINDOWS\system32\svchost.exe -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\idt\dellxpm09b_6087v035\wdm\stacsv.exe svchost.exe C:\Program Files\Altiris\AClient\AClient.exe C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe C:\Program Files\Symantec\pcAnywhere\awhost32.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\WINDOWS\system32\dklog.exe C:\WINDOWS\system32\dkvcm.exe C:\WINDOWS\SYSTEM32\DWRCS.EXE C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 c:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\System32\snmp.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\UPHClean\uphclean.exe C:\WINDOWS\system32\dkcktkn.exe c:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe c:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe c:\Program Files\Trend Micro\BM\TMBMSRV.exe c:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\Altiris\Altiris Agent\AeXAgentUIHost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\IDT\WDM\sttray.exe C:\WINDOWS\system32\AESTFltr.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\WLTRAY.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files\Altiris\AClient\AClntUsr.EXE C:\Program Files\Scotiabank\BSecClient\axmonitor.exe C:\Program Files\Scotiabank\BSecClient\DkAutoReg.exe C:\Program Files\Microsoft Office Communicator\communicator.exe C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe C:\WINDOWS\system32\ctfmon.exe . ============== Pseudo HJT Report =============== . uStart Page = about:blank mStart Page = about:blank uInternet Settings,ProxyServer = uInternet Settings,ProxyOverride = *.xxx.com;*.xxx.com;*.xxx.com;*.xxx.com;*.xxx.com;*.xxx.com.mx;<local> BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe mRun: [OfficeScanNT Monitor] "c:\program files\trend micro\officescan client\pccntmon.exe" -HideWindow mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe" mRun: [AClntUsr] c:\program files\altiris\aclient\AClntUsr.EXE mRun: [DkStartup] c:\program files\scotiabank\bsecclient\dkstartup.exe mRun: [AxMonitor] c:\program files\scotiabank\bsecclient\axmonitor.exe mRun: [DkAutoReg] c:\program files\scotiabank\bsecclient\DkAutoReg.exe mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [Communicator] "c:\program files\microsoft office communicator\communicator.exe" /fromrunkey mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe" mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe" mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{51fb15f4-ad27-43bc-ad4b-dd0354fb6bbd}\Icon3E5562ED7.ico uPolicies-explorer: ForceStartMenuLogOff = 1 (0x1) mPolicies-explorer: NoWelcomeScreen = 1 (0x1) mPolicies-explorer: NoAutorun = 1 (0x1) IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll Trusted Zone: xxx Trusted Zone: xxx Trusted Zone: xxx Trusted Zone: xxx Trusted Zone: xxx Trusted Zone: xxx DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1205216394640 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {C3CBFE35-9BE8-11D1-B31B-006008948294} - hxxp://xxx.xxx.com/comphris/Pages/Org%20Charts/OrgPubX.cab DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://van.webex.com/client/wbs27-vzbprodcn/webex/ieatgpc.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://xxx DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://xxx DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} - hxxp://www.xxx TCP: DhcpNameServer = 10.16.1.25 10.18.1.25 10.6.40.25 172.18.253.25 TCP: Interfaces\{66D4C69E-572E-45CC-974D-1ECE99D118BB} : DhcpNameServer = 10.16.1.25 10.18.1.25 10.6.40.25 172.18.253.25 TCP: Interfaces\{E6092258-42A6-4DAD-819E-8135E88315C6} : DhcpNameServer = 10.16.1.25 10.18.1.25 10.6.40.25 172.18.253.25 Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\sapgui\SAPHTMLP.DLL Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\sapgui\SAPHTMLP.DLL Notify: DkWLNP - DkWLNP.dll Notify: igfxcui - igfxdev.dll Notify: PCANotify - PCANotify.dll AppInit_DLLs: c:\windows\system32\AMInit32.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL mASetup: {EEBF9CA6-567B-41cd-B5F6-EF2C7FEF37B5} - rundll32.exe advpack.dll,LaunchINFSectionEx c:\windows\inf\wmactedp.inf,PerUserStub,,4 . ============= SERVICES / DRIVERS =============== . R1 AW_HOST;AW_HOST;c:\windows\system32\drivers\AW_HOST5.sys [2007-3-30 18232] R1 NEOFLTR_650_15255;Juniper Networks TDI Filter Driver (NEOFLTR_650_15255);c:\windows\system32\drivers\NEOFLTR_650_15255.SYS [2010-3-25 85360] R2 awhost32;Symantec pcAnywhere Host Service;c:\program files\symantec\pcanywhere\awhost32.exe [2011-1-6 142224] R2 DkVcm;Scotiabank Virtual Channel Monitor;c:\windows\system32\dkvcm.exe [2009-3-30 122880] R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2009-11-5 58448] R2 TmFilter;Trend Micro Filter;c:\program files\trend micro\officescan client\TmXpflt.sys [2008-6-24 262416] R2 TmPreFilter;Trend Micro PreFilter;c:\program files\trend micro\officescan client\TmPreflt.sys [2008-6-24 36624] R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2009-3-21 112128] R3 cvusbdrv;Broadcom USH CV;c:\windows\system32\drivers\cvusbdrv.sys [2009-3-21 32808] R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2009-3-21 244368] R3 iKeyEnum;Rainbow iKey Enumerator;c:\windows\system32\drivers\IKEYENUM.SYS [2009-10-15 12240] R3 iKeyIFD;Rainbow iKey Virtual Reader;c:\windows\system32\drivers\IKEYIFD.SYS [2009-10-15 18704] R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2009-3-21 110080] R3 TmProxy;OfficeScan NT Proxy Service;c:\program files\trend micro\officescan client\TmProxy.exe [2008-6-24 689416] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-5-3 136176] S3 AltirisAgentProvider;AltirisAgentProvider;c:\program files\altiris\altiris agent\agents\wmiprovideragent\AltirisAgentProvider.exe [2010-10-27 408408] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-5-3 136176] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880] S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000] S3 RnbToken;Rainbow iKey Token Service;c:\windows\system32\drivers\RNBTOKEN.SYS [2009-10-15 22096] S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2007-11-14 394952] . =============== Created Last 30 ================ . 2012-03-22 20:11:26 -------- d-----w- C:\ComboFix 2012-03-22 17:01:10 102400 ----a-w- c:\windows\RegBootClean.exe 2012-03-22 16:48:29 -------- d-----w- c:\documents and settings\xxx\application data\Malwarebytes 2012-03-22 16:48:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2012-03-22 16:48:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware (tech) 2012-03-22 16:48:23 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes 2012-03-22 08:04:32 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-03-21 21:16:10 -------- d-sha-r- C:\cmdcons 2012-03-21 21:12:07 98816 ----a-w- c:\windows\sed.exe 2012-03-21 21:12:07 518144 ----a-w- c:\windows\SWREG.exe 2012-03-21 21:12:07 256000 ----a-w- c:\windows\PEV.exe 2012-03-21 21:12:07 208896 ----a-w- c:\windows\MBR.exe 2012-03-21 21:02:11 -------- d-----w- c:\documents and settings\xxx\local settings\application data\Google 2012-03-19 12:29:31 -------- d-----w- C:\PB32 2012-03-19 12:21:27 -------- d-----w- c:\program files\xxx 2012-03-12 16:11:57 -------- d-----w- C:\PCT 2012-02-22 09:06:00 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll 2012-02-22 09:06:00 3072 ------w- c:\windows\system32\iacenc.dll . ==================== Find3M ==================== . 2012-03-22 20:47:33 2401 ----a-w- c:\windows\system32\drivers\AlKernel.sys 2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys 2012-01-09 16:20:25 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-01-03 13:10:50 47512 ----a-w- c:\windows\system32\AdobePDF.dll 2012-01-03 13:10:48 22936 ----a-w- c:\windows\system32\AdobePDFUI.dll . ============= FINISH: 16:24:58.25 ===============
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.