Jump to content

Recommended Posts

Thanks in advance for your help.

I am also getting Malwarebytes blocked access to 46.165.228.246 but this one is not as often as the address in the topic title.

I have Malwarebytes Anti-Malware Pro and I have updated and performed a quick scan which did not find anything.

Here are the logs from DDS and Attach.txt:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16518  BrowserJavaVersion: 10.45.2
Run by Tom at 23:21:20 on 2014-03-18
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8067.4932 [GMT -4:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\SAMSUNG\Samsung Link\utils\Samsung Link Launcher.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files\Elantech\ETDGesture.exe
c:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files\Box Sync\BoxSyncHelper.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Samsung\AllShare Framework DMS\1.3.07\AllShareFrameworkManagerDMS.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe
C:\Program Files\Samsung\AllShare Framework DMS\1.3.07\AllShareFrameworkDMS.exe
C:\Program Files\Conexant\SA3\SmartAudio3.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
C:\Program Files (x86)\TechSmith\Snagit 11\Snagit32.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Program Files\Conexant\SA3\CxUtilSvc.exe
C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Fitbit\fitbit.exe
C:\Program Files (x86)\TechSmith\Snagit 11\SnagPriv.exe
C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Samsung\Samsung Link\Samsung Link Service.exe
C:\Program Files\Samsung\Samsung Link\Samsung Link Service.exe
c:\program files (x86)\dell datasafe local backup\sftservice.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
c:\program files (x86)\dell datasafe local backup\TOASTER.EXE
c:\program files (x86)\dell datasafe local backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\igfxsrvc.exe
C:\Windows\explorer.exe
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\vds.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\explorer.exe
C:\Windows\explorer.exe
C:\Windows\explorer.exe
C:\Windows\explorer.exe
C:\Windows\explorer.exe
C:\Windows\explorer.exe
C:\Windows\explorer.exe
C:\Windows\explorer.exe
C:\Windows\explorer.exe
C:\Windows\explorer.exe
C:\Windows\explorer.exe
C:\Windows\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\explorer.exe
C:\Windows\explorer.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\explorer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uWindow Title = Internet Explorer, enhanced for Bing and MSN
mURLSearchHooks: {cef81415-2059-4dd5-9829-1aef3cf27f4f} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: Freemake.YoutubeButton: {e9e8eb35-ff77-455d-b677-91e5e4fc06c2} - 
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [CAHeadless] C:\Program Files (x86)\Adobe\Elements 11 Organizer\CAHeadless\ElementsAutoAnalyzer.exe
uRun: [Copy] "C:\Users\Tom\AppData\Roaming\Copy\CopyAgent.exe"
uRun: [Google Update] "C:\Users\Tom\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload
mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\Tom\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Tom\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Tom\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\VERIZO~1.LNK - C:\Users\Tom\AppData\Roaming\VERIZON\UA_ar\UA.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AMAZON~1.LNK - C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAGIT~1.LNK - C:\Program Files (x86)\TechSmith\Snagit 11\Snagit32.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoThumbnailCache = dword:1
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
Trusted Zone: ancestry.com
Trusted Zone: dell.com
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{130D0F81-610A-4023-A7F0-450BFBD817F1} : NameServer = 192.168.1.1
TCP: Interfaces\{130D0F81-610A-4023-A7F0-450BFBD817F1} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{130D0F81-610A-4023-A7F0-450BFBD817F1}\243433833373833323 : NameServer = 192.168.1.1
TCP: Interfaces\{130D0F81-610A-4023-A7F0-450BFBD817F1}\243433833373833323 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{130D0F81-610A-4023-A7F0-450BFBD817F1}\25254303 : NameServer = 192.168.1.1
TCP: Interfaces\{130D0F81-610A-4023-A7F0-450BFBD817F1}\25254303 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{130D0F81-610A-4023-A7F0-450BFBD817F1}\65562796A7F6E602D494649443531303C4022473139302355636572756 : NameServer = 192.168.1.1
TCP: Interfaces\{130D0F81-610A-4023-A7F0-450BFBD817F1}\65562796A7F6E602D494649443531303C4022473139302355636572756 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{130D0F81-610A-4023-A7F0-450BFBD817F1}\D4364596659616 : NameServer = 192.168.1.1
TCP: Interfaces\{130D0F81-610A-4023-A7F0-450BFBD817F1}\D4364596659616 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{6050093C-37FF-4E7C-98C9-CA7736A84354} : DHCPNameServer = 8.8.8.8 8.8.4.4
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: SNT: {3FFCF459-6108-833F-CEEE-51DDF037319B} - 
x64-BHO: waebusave: {657EFD5E-AAA2-6233-1460-8BC865B414CE} - C:\Program Files (x86)\waebusave\i.x64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: YoutubeAdblocker: {F36C7886-9146-7688-FB49-24443F3BF167} - 
x64-Run: [stage Remote] C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe -Quiet
x64-Run: [QuickSet] c:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [intelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
x64-Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe
x64-Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup
x64-Run: [bTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [samsung Link] C:\Program Files\Samsung\Samsung Link\utils\Samsung Link Launcher.exe
x64-Run: [smartAudio] C:\Program Files\CONEXANT\SA3\SACpl.exe /sa3 /nv:3.0+ /dne /s
x64-Run: [boxSyncHelper] "C:\Program Files\Box Sync\BoxSyncHelper.exe"
x64-Run: [igfxTray] "C:\Windows\System32\igfxtray.exe"
x64-Run: [HotKeysCmds] "C:\Windows\System32\hkcmd.exe"
x64-Run: [Persistence] "C:\Windows\System32\igfxpers.exe"
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 76.96.40.158 mail.comcast.net
Hosts: 76.96.40.158 mail.comcast.net
Hosts: 68.87.26.155 smtp.comcast.net
Hosts: 74.125.142.108 pop.gmail.com
Hosts: 74.125.142.109 pop.gmail.com
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\ev7ql2f1.default-1366675402418\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.5.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\Samsung\Samsung Link\utils\npSamsungLinkPCPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 EUBAKUP;EUBAKUP;C:\Windows\System32\drivers\eubakup.sys [2012-8-5 58952]
R0 EUBKMON;EUBKMON;C:\Windows\System32\drivers\EUBKMON.sys [2012-8-5 48200]
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-6-2 16152]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-6-2 56336]
R0 rtcrfilt64;Realtek Turbo Mode Filter Driver;C:\Windows\System32\drivers\rtcrfilt64.sys [2013-8-2 19600]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-8-26 46368]
R1 EUDSKACS;EUDSKACS;C:\Windows\System32\drivers\eudskacs.sys [2012-8-5 18504]
R1 EUFDDISK;EUFDDISK;C:\Windows\System32\drivers\EuFdDisk.sys [2012-8-5 189000]
R2 AdobeActiveFileMonitor11.0;Adobe Active File Monitor V11;C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [2012-9-23 171600]
R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-9-30 169408]
R2 AllShare Framework DMS;AllShare Framework DMS;C:\Program Files\SAMSUNG\AllShare Framework DMS\1.3.07\AllShareFrameworkManagerDMS.exe [2013-4-16 405896]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2013-4-11 772064]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-12-19 1014096]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-9-12 135984]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 CxUtilSvc;CxUtilSvc;C:\Program Files\CONEXANT\SA3\CxUtilSvc.exe [2012-6-2 109184]
R2 EaseUS Agent;EaseUS Agent Service;C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [2012-9-23 69192]
R2 Fitbit;Fitbit Data Uploader;C:\Program Files (x86)\Fitbit\fitbit.exe [2013-1-2 770080]
R2 FreemakeVideoCapture;FreemakeVideoCapture;C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [2012-9-9 9216]
R2 Guard Agent;Guard Agent Service;C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe [2012-9-23 23624]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-6-2 13592]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-7-27 636952]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-8-2 166720]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-2-23 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-2-23 701512]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
R2 Samsung Link Service;Samsung Link Service;C:\Program Files\SAMSUNG\Samsung Link\Samsung Link Service.exe [2013-4-27 605768]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2012-6-2 1695040]
R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2013-8-27 93072]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-11-29 16120]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-6-2 365376]
R2 WDBackup;WD Backup;C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [2012-6-14 1151424]
R2 WDDriveService;WD Drive Manager;C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [2012-6-14 248248]
R2 WDRulesService;WD Rules;C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [2012-6-14 1177536]
R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2013-4-18 3388144]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2013-4-11 164832]
R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-12-19 1304912]
R3 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-12-19 1104208]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2013-9-1 176000]
R3 DrmRAudio;DrmRAudio;C:\Windows\System32\drivers\DrmRAudio.sys [2012-11-18 34088]
R3 easytether;easytether;C:\Windows\System32\drivers\easytthr.sys [2014-1-20 21704]
R3 ETD;Dell Touchpad;C:\Windows\System32\drivers\ETD.sys [2012-6-2 202024]
R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2013-8-2 169752]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2013-12-29 449496]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-6-2 356120]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-6-2 787736]
R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2012-1-26 25496]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-2-23 25928]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUVStor.sys [2012-6-2 316560]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-6-2 646248]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
S2 1a34a8e0;WS.Sustainer;C:\Windows\System32\rundll32.exe [2009-7-13 45568]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 Freemake Improver;Freemake Improver;C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [2013-2-23 101888]
S2 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2013-12-4 5316448]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2013-4-11 164832]
S3 btmaudio;Intel Bluetooth Audio Service;C:\Windows\System32\drivers\btmaud.sys [2011-12-13 51712]
S3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\drivers\btmaux.sys [2011-12-13 94720]
S3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2011-12-13 747008]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2014-1-22 108800]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2014-2-18 57840]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2013-2-5 1512448]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 GSService;GSService;C:\Windows\SysWOW64\GSService.exe [2012-11-18 252928]
S3 ibtfltcoex;ibtfltcoex;C:\Windows\System32\drivers\iBtFltCoex.sys [2011-12-14 60416]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-2-13 111616]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2012-1-26 34200]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [2014-1-15 289256]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2013-4-18 273136]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 134944]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-10-13 19456]
S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2013-10-19 31800]
S3 SIUSBXP;SIUSBXP;C:\Windows\System32\drivers\SiUSBXp.sys [2013-1-2 26856]
S3 SMServer;SMServer;C:\Windows\SysWOW64\snmvtsvc.exe [2012-11-18 260608]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2014-1-22 206080]
S3 SWDUMon;SWDUMon;C:\Windows\System32\drivers\SWDUMon.sys [2013-8-2 16152]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-10-13 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-10-13 30208]
S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-8-1 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2012-8-7 14464]
.
=============== File Associations ===============
.
FileExt: .js: JSFile="C:\Program Files (x86)\Macromedia\Dreamweaver UltraDev\UltraDev.exe" %1
.
=============== Created Last 30 ================
.
2014-03-19 03:18:39 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5792E5C9-B54B-4F8E-AD96-774AE2B3755F}\offreg.dll
2014-03-18 10:03:06 10521840 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5792E5C9-B54B-4F8E-AD96-774AE2B3755F}\mpengine.dll
2014-03-18 04:30:14 10521840 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-03-14 23:44:03 1031560 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A6DB1651-4395-4C21-B948-6147DD1D88A9}\gapaengine.dll
2014-03-12 19:54:31 5777288 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2014-03-11 23:31:45 -------- d-----w- C:\AdwCleaner
2014-03-11 21:43:22 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-11 21:42:19 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-03-08 01:47:21 1031560 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8A5D3042-BCB6-49E4-BF96-4A7B7ADA74D8}\gapaengine.dll
2014-03-07 01:15:58 736952 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2014-03-07 01:15:56 2876528 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2014-03-07 01:15:53 539984 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2014-03-07 01:15:53 42168 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2014-03-04 01:17:40 -------- d-----w- C:\Program Files (x86)\Amazon.com
2014-02-28 19:25:37 -------- d-----w- C:\ProgramData\regid.1995-08.com.techsmith
2014-02-28 18:53:02 -------- d-----w- C:\Windows\Migration
2014-02-28 02:40:50 -------- d-----w- C:\ProgramData\SafeSoft
2014-02-28 02:40:46 4383232 ----a-w- C:\Program Files (x86)\WS_x64.Booster
2014-02-28 02:40:16 -------- d-----w- C:\Users\Tom\AppData\Local\Packages
2014-02-28 02:40:16 -------- d-----w- C:\ProgramData\waebusave
2014-02-28 02:40:15 -------- d-----w- C:\Program Files (x86)\waebusave
2014-02-28 02:40:07 -------- d-----w- C:\Users\Tom\AppData\Local\Comodo
2014-02-28 02:40:07 -------- d-----w- C:\ProgramData\c6fdf422a29db75a
2014-02-28 02:38:09 -------- d-----w- C:\ProgramData\InstallMate
2014-02-28 01:54:45 -------- d-----w- C:\Users\Tom\AppData\Local\calibre-cache
2014-02-22 03:57:03 -------- d-----w- C:\Users\Tom\.Kindle Fire
2014-02-22 03:27:47 -------- d-----w- C:\KFFirstAide 4.1.100
2014-02-20 21:48:29 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2014-02-20 21:48:29 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2014-02-20 21:48:28 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2014-02-20 21:48:28 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2014-02-19 01:15:36 -------- d-----w- C:\Windows\en
2014-02-19 01:12:45 57840 ----a-w- C:\Windows\System32\drivers\fssfltr.sys
2014-02-19 01:08:16 5659096 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\eb59b3ee1cf2d0e07\skydrivesetup.exe
2014-02-19 01:08:16 -------- d-----w- C:\Program Files (x86)\Microsoft SkyDrive
2014-02-19 01:08:16 -------- d-----r- C:\Users\Tom\SkyDrive
2014-02-19 01:08:07 -------- d-----w- C:\ProgramData\Microsoft SkyDrive
2014-02-19 01:07:05 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e49e6de21cf2d0e05\DSETUP.dll
2014-02-19 01:07:05 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e49e6de21cf2d0e05\DXSETUP.exe
2014-02-19 01:07:05 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e49e6de21cf2d0e05\dsetup32.dll
2014-02-19 01:06:48 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\dd221ef31cf2d0e02\DSETUP.dll
2014-02-19 01:06:48 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\dd221ef31cf2d0e02\DXSETUP.exe
2014-02-19 01:06:48 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\dd221ef31cf2d0e02\dsetup32.dll
2014-02-19 01:06:47 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\dbdc53be1cf2d0e01\DSETUP.dll
2014-02-19 01:06:47 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\dbdc53be1cf2d0e01\DXSETUP.exe
2014-02-19 01:06:47 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\dbdc53be1cf2d0e01\dsetup32.dll
2014-02-19 01:06:38 -------- d-----w- C:\Users\Tom\AppData\Local\Windows Live
2014-02-19 00:59:58 -------- d-----w- C:\Users\Tom\AppData\Local\{06916D1B-0E62-4ED0-83F5-66D042C52905}
.
==================== Find3M  ====================
.
2014-03-14 17:56:04 16152 ----a-w- C:\Windows\System32\drivers\SWDUMon.sys
2014-03-12 19:54:40 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-12 19:54:40 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-02-06 11:30:46 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-02-06 11:30:12 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-02-06 11:07:39 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-02-06 11:06:47 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-02-06 10:49:03 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-02-06 10:48:45 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-02-06 10:48:11 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-02-06 10:20:26 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-02-06 10:11:37 5768704 ----a-w- C:\Windows\System32\jscript9.dll
2014-02-06 10:01:36 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-02-06 10:00:46 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-02-06 09:50:32 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-02-06 09:47:22 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-02-06 09:46:27 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-02-06 09:25:36 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-02-06 09:24:52 2334208 ----a-w- C:\Windows\System32\wininet.dll
2014-02-06 09:09:30 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-02-06 08:41:35 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-01-22 13:52:10 206080 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys
2014-01-22 13:52:10 108800 ----a-w- C:\Windows\System32\drivers\ssudbus.sys
2014-01-19 07:33:29 270496 ------w- C:\Windows\System32\MpSigStub.exe
2013-12-24 23:09:41 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2013-12-24 22:48:32 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2013-12-21 09:53:45 548864 ----a-w- C:\Windows\System32\vbscript.dll
2013-12-21 08:56:47 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
.
============= FINISH: 23:22:15.56 ===============
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume2
Install Date: 7/30/2012 12:13:34 AM
System Uptime: 3/16/2014 7:07:24 AM (64 hours ago)
.
Motherboard: Dell Inc. |  | 04G65K
Processor: Intel® Core i5-3210M CPU @ 2.50GHz | U3E1 | 1175/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 912 GiB total, 712.308 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: NetGroup Packet Filter Driver
Device ID: ROOT\LEGACY_NPF\0000
Manufacturer: 
Name: NetGroup Packet Filter Driver
PNP Device ID: ROOT\LEGACY_NPF\0000
Service: npf
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: Photosmart C4700 series
Device ID: ROOT\IMAGE\0000
Manufacturer: HP
Name: Photosmart C4700 series
PNP Device ID: ROOT\IMAGE\0000
Service: StillCam
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart C4700 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart C4700 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service: 
.
==== System Restore Points ===================
.
RP370: 3/13/2014 4:26:59 PM - Windows Update
RP371: 3/16/2014 11:50:08 PM - Windows Update
.
==== Hosts File Hijack ======================
.
Hosts: 76.96.40.158 mail.comcast.net
Hosts: 76.96.40.158 mail.comcast.net
Hosts: 68.87.26.155 smtp.comcast.net
Hosts: 74.125.142.108 pop.gmail.com
Hosts: 74.125.142.109 pop.gmail.com
Hosts: 74.125.142.108 smtp.gmail.com
Hosts: 74.125.142.109 smtp.gmail.com
.
==== Installed Programs ======================
.
64 Bit HP CIO Components Installer
Adobe Flash Player 12 ActiveX
Adobe Flash Player 12 Plugin
Adobe Premiere Elements 11
Adobe Reader XI (11.0.06)
AllShare Framework DMS
Amazon Kindle
Amazon Unbox Video
Amazon.com Kindle Fire
Apple Application Support
Apple Mobile Device Support
Bonjour
Box Sync (64 bit)
calibre
ChromecastApp
Compatibility Pack for the 2007 Office system
Copy
CryptoPrevent v4.1.0
Data Lifeguard Diagnostic for Windows 1.24
Dell Custom Help
Dell Edoc Viewer
Dell System Detect
Dell Touchpad
Desktop Restore
Dropbox
EasyTether
EasyTether ADB USB driver
GhostBuster
GIMP 2.8.4
Google Chrome
Google Drive
Google Talk Plugin
Google Update Helper
HP Photosmart C4700 All-in-One Driver 14.0 Rel. 6
Intel® Processor Graphics
Intel® PROSet/Wireless for Bluetooth® + High Speed
Intel® PROSet/Wireless Software for Bluetooth® Technology
Intel® PROSet/Wireless WiFi Software Driver
Intel® Turbo Boost Technology Monitor 2.0
Intel® Wireless Display
Intel® PROSet/Wireless WiFi Software
Intel® Trusted Connect Service Client
iTunes
Java Auto Updater
Junk Mail filter update
KeePass Password Safe 2.24
McAfee Security Scan Plus
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Office Click-to-Run 2010
Microsoft Office Outlook Connector
Microsoft Office Visio Professional 2003
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SkyDrive
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Movie Maker
MSVCRT110
MSVCRT110_amd64
My Dell
Network64
Nokia Maps 3D browser plugin for Internet Explorer (5.10.3.0)
Notepad++
Password Spectator
Photo Common
Photo Gallery
PlayReady PC Runtime amd64
Quickset64
QuickTime
Revo Uninstaller Pro 3.0.7
Samsung Link 1.5.0.1304231405
SAMSUNG USB Driver for Mobile Phones
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Skype™ 6.10
SlingPlayer for Web
Snagit 11
Special Uninstaller version 2.0
SUABnR
TeamViewer 9
TomTom HOME
TomTom HOME Visual Studio Merge Modules
TreeSize
US - Custom
Verizon Wireless Software Upgrade Assistant - Samsung(ar)
Verizon Wireless Software Utility Application for Android - Samsung
WD SmartWare
WinDirStat 1.1.2
Windows Driver Package - Amazon.com (WinUSB) KindleFireUsbDeviceClass  (08/20/2012 1.0.0000.00000)
Windows Driver Package - Amazon.com (WinUSB) KindleFireUsbDeviceClass  (12/03/2012 1.2.0000.00000)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WS.Sustainer 1.80
.
==== Event Viewer Messages From Past Week ========
.
3/14/2014 1:56:17 PM, Error: VDS Basic Provider [1]  - Unexpected failure. Error code: D@01010004
3/14/2014 1:56:13 PM, Error: Service Control Manager [7000]  - The WinPcap Packet Driver (NPF) service failed to start due to the following error:  The system cannot find the file specified.
3/14/2014 1:55:16 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the TeamViewer 9 service to connect.
3/14/2014 1:55:16 PM, Error: Service Control Manager [7000]  - The TeamViewer 9 service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
3/14/2014 1:54:15 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Freemake Improver service to connect.
3/14/2014 1:54:15 PM, Error: Service Control Manager [7000]  - The Freemake Improver service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
3/14/2014 1:52:19 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the WS.Sustainer service to connect.
3/11/2014 7:45:14 PM, Error: Service Control Manager [7023]  - The Windows Update service terminated with the following error:  %%-2147467243
.
==== End Of File ===========================
 

 

Link to post
Share on other sites

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

   

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Run Malwarebytes,  Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick scan

Make sure that everything is checked, and click Remove Selected on any found items.

 

Post the produced log

 

Next,

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Post those logs in your next reply...

 

Kevin

Link to post
Share on other sites

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.03.19.05
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
Tom :: TJW [administrator]
 
Protection: Enabled
 
3/19/2014 11:08:52 AM
mbam-log-2014-03-19 (11-08-52).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 253050
Time elapsed: 9 minute(s), 53 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Tom (administrator) on TJW on 19-03-2014 11:25:00
Running from C:\Users\Tom\Desktop\Cleanup
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link for 32-Bit version:
Download link for 64-Bit Version:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
() C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Samsung Electronics) C:\Program Files\SAMSUNG\Samsung Link\utils\Samsung Link Launcher.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDGesture.exe
(Adobe Systems Incorporated) c:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
(Box, Inc.) C:\Program Files\Box Sync\BoxSyncHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.07\AllShareFrameworkManagerDMS.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe
(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.07\AllShareFrameworkDMS.exe
(Conexant Systems, Inc.) C:\Program Files\Conexant\SA3\SmartAudio3.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
() C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 11\Snagit32.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Conexant Systems, Inc.) C:\Program Files\Conexant\SA3\CxUtilSvc.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit\fitbit.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 11\SnagPriv.exe
(Ellora Assets Corp.) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link Service.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link Service.exe
(SoftThinks SAS) c:\program files (x86)\dell datasafe local backup\sftservice.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(SoftThinks - Dell) c:\program files (x86)\dell datasafe local backup\TOASTER.EXE
() c:\program files (x86)\dell datasafe local backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Western Digital) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Western Digital ) C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Amazon.com) C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Western Digital ) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MpCmdRun.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [stage Remote] - C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe [2022976 2011-06-27] ()
HKLM\...\Run: [QuickSet] - c:\Program Files\Dell\QuickSet\QuickSet.exe [5729648 2012-02-07] (Dell Inc.)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [intelTBRunOnce] - wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2895656 2012-01-17] (ELAN Microelectronics Corp.)
HKLM\...\Run: [DellStage] - C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2195824 2012-02-01] ()
HKLM\...\Run: [bTMTrayAgent] - C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [11406608 2011-12-19] (Intel Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [samsung Link] - C:\Program Files\Samsung\Samsung Link\utils\Samsung Link Launcher.exe [407384 2013-04-23] (Samsung Electronics)
HKLM\...\Run: [smartAudio] - C:\Program Files\CONEXANT\SA3\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [boxSyncHelper] - C:\Program Files\Box Sync\BoxSyncHelper.exe [393216 2013-06-07] (Box, Inc.)
HKLM-x32\...\Run: [uSB3MON] - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-17] (Intel Corporation)
HKLM-x32\...\Run: [KeePass 2 PreLoad] - C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2065408 2013-11-03] (Dominik Reichl)
HKLM-x32\...\Run: [iAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [Dell DataSafe Online] - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Dell Webcam Central] - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [577536 2013-01-08] (Creative Technology Ltd)
HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-06] (Apple Inc.)
HKLM Group Policy restriction on software: *.rar.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.com <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png.pif <====== ATTENTION
HKLM Group Policy restriction on software: *‮* <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\fixcleaner\wuasetup.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\copy\copycmd.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\copy\copyagent.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\copy\copyconsole.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\copy\copyagent.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\fixcleaner\wuasetup.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\fixcleaner\wuasetup.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\copy\copyagent.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\copy\copyconsole.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\copy\copycmd.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\copy\copycmd.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\copy\copyconsole.exe <====== ATTENTION
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1138514443-2710031489-4037345017-1000\...\Run: [GoogleDriveSync] - C:\Program Files (x86)\Google\Drive\googledrivesync.exe [21822128 2014-01-30] (Google)
HKU\S-1-5-21-1138514443-2710031489-4037345017-1000\...\Run: [CAHeadless] - C:\Program Files (x86)\Adobe\Elements 11 Organizer\CAHeadless\ElementsAutoAnalyzer.exe [840784 2012-09-23] (Adobe Systems Incorporated)
HKU\S-1-5-21-1138514443-2710031489-4037345017-1000\...\Run: [Copy] - C:\Users\Tom\AppData\Roaming\Copy\CopyAgent.exe [15501968 2014-02-10] (Barracuda Networks, Inc.)
HKU\S-1-5-21-1138514443-2710031489-4037345017-1000\...\Run: [Google Update] - C:\Users\Tom\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-11-09] (Google Inc.)
HKU\S-1-5-21-1138514443-2710031489-4037345017-1000\...\Run: [skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20548256 2013-10-21] (Skype Technologies S.A.)
HKU\S-1-5-21-1138514443-2710031489-4037345017-1000\...\Policies\Explorer: [NoThumbnailCache] 1
AppInit_DLLs: C:\PROGRA~2\WS_X64~1.BOO => C:\Program Files (x86)\WS_x64.Booster [4383232 2014-02-27] ()
Startup: C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Tom\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verizon Wireless Software Utility Application for Android – Samsung.lnk
ShortcutTarget: Verizon Wireless Software Utility Application for Android – Samsung.lnk -> C:\Users\Tom\AppData\Roaming\VERIZON\UA_ar\UA.exe (SAMSUNG Electornics Co., Ltd.)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
URLSearchHook: HKLM-x32 - (No Name) - {cef81415-2059-4dd5-9829-1aef3cf27f4f} - No File
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - DefaultScope {C5B34F2D-2C5C-4E1E-873B-3F6E4533DA56} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {1AB65B36-14B5-4F4D-9CFE-3F73147FC114} URL = 
SearchScopes: HKCU - {8F5D2EB4-9F95-4183-BC88-40196F0F44CF} URL = 
SearchScopes: HKCU - {C5B34F2D-2C5C-4E1E-873B-3F6E4533DA56} URL = https://www.google.com/search?q={searchTerms}
BHO: SNT - {3FFCF459-6108-833F-CEEE-51DDF037319B} - C:\Program Files (x86)\SNT\P5.x64.dll No File
BHO: waebusave - {657EFD5E-AAA2-6233-1460-8BC865B414CE} - C:\Program Files (x86)\waebusave\i.x64.dll ()
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: YoutubeAdblocker - {F36C7886-9146-7688-FB49-24443F3BF167} - C:\Program Files (x86)\YoutubeAdblocker\J2nooKCT1Q.x64.dll No File
BHO-x32: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Freemake.YoutubeButton - {e9e8eb35-ff77-455d-b677-91e5e4fc06c2} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM - No Name - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} -  No File
Toolbar: HKCU - No Name - {CEF81415-2059-4DD5-9829-1AEF3CF27F4F} -  No File
DPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{130D0F81-610A-4023-A7F0-450BFBD817F1}: [NameServer]192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\ev7ql2f1.default-1366675402418
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @java.com/DTPlugin,version=10.11.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Tom\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Tom\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Tom\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Tom\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: samsung.com/SamsungLinkPCPlugin - C:\Program Files\Samsung\Samsung Link\utils\npSamsungLinkPCPlugin.dll (Samsung)
FF Plugin ProgramFiles/Appdata: C:\Users\Tom\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Tom\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: No Name - C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\ev7ql2f1.default-1366675402418\Extensions\staged [2014-02-27]
FF Extension: TopArcadeHits - C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\ev7ql2f1.default-1366675402418\Extensions\{0113D088-8ED1-468C-B225-585A9C53B5E3} [2013-05-15]
FF Extension: New Tab Homepage - C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\ev7ql2f1.default-1366675402418\Extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi [2013-04-22]
FF HKLM-x32\...\Firefox\Extensions: [fmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com\
FF Extension: Freemake Video Downloader Plugin - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com\ []
FF HKLM-x32\...\Firefox\Extensions: [ytfmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com\
FF Extension: Freemake Youtube Download Button - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com\ []
FF HKLM-x32\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\
FF Extension: Freemake Video Converter Plugin - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ []
 
Chrome: 
=======
CHR Extension: (Angry Birds) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2013-10-11]
CHR Extension: (Ad Block Express) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\ankoaclbfmdocnmjbokdkohpehjjinen [2013-10-11]
CHR Extension: (Google Docs) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-29]
CHR Extension: (Google Drive) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-29]
CHR Extension: (YouTube) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-29]
CHR Extension: (Freemake Video Downloader) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf [2013-08-29]
CHR Extension: (Google Search) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-29]
CHR Extension: (Springpad Clipper) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\eclcnlepmfepnccogfjdafhhlgcfdmnj [2014-02-27]
CHR Extension: (Freemake Youtube Download Button) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh [2013-08-29]
CHR Extension: (Freemake Video Converter) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj [2013-08-29]
CHR Extension: (YoutubeAdblocker) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\jionldoafhmepfobloniakbhgcifogib [2014-02-27]
CHR Extension: (websauve) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfcdnmnnofjpjjgceofemffjhmmggdgj [2014-02-27]
CHR Extension: (Chrome In-App Payments service) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-29]
CHR Extension: (SNT) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\npalinodlalmippmknhgfdhcaoklpeop [2014-02-27]
CHR Extension: (Password Security Test) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\oaffjlajmhhcemopadjngnbbogmjopgj [2013-10-11]
CHR Extension: (Gmail) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-29]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Tom\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-05-06]
CHR HKLM-x32\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2012-09-09]
CHR HKLM-x32\...\Chrome\Extension: [ehgldbbpchgpcfagfpfjgoomddhccfgh] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\ChromeYoutubePlugin.crx [2013-02-23]
CHR HKLM-x32\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2013-03-27]
 
==================== Services (Whitelisted) =================
 
R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-23] (Adobe Systems Incorporated)
R2 ADVService; C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe [25704 2011-11-23] (Amazon.com)
R2 AllShare Framework DMS; C:\Program Files\Samsung\AllShare Framework DMS\1.3.07\AllShareFrameworkManagerDMS.exe [405896 2013-04-16] (Samsung)
R2 CxUtilSvc; C:\Program Files\Conexant\SA3\CxUtilSvc.exe [109184 2013-08-02] (Conexant Systems, Inc.)
R2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [69192 2012-08-03] (CHENGDU YIWO Tech Development Co., Ltd)
S2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [101888 2013-03-27] (Freemake)
R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2013-02-07] (Ellora Assets Corp.)
S3 GSService; C:\Windows\SysWOW64\GSService.exe [252928 2012-05-31] ()
R2 Guard Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe [23624 2012-08-03] (CHENGDU YIWO Tech Development Co., Ltd)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 1999-12-31] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-15] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-04-18] ()
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
R2 Samsung Link Service; C:\Program Files\Samsung\Samsung Link\Samsung Link Service.exe [605768 2013-04-23] (Copyright 2013 SAMSUNG)
S3 SMServer; C:\Windows\SysWOW64\snmvtsvc.exe [260608 2012-06-01] (SMServer)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1151424 2012-06-14] (Western Digital )
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [248248 2012-06-14] (Western Digital)
R2 WDRulesService; C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [1177536 2012-06-14] (Western Digital )
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3388144 2013-04-18] (Intel® Corporation)
S2 1a34a8e0; "C:\Windows\system32\rundll32.exe" "c:\progra~2\WSSvc.dll",service
 
==================== Drivers (Whitelisted) ====================
 
S3 ALSysIO; No ImagePath
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-10-01] (AVG Technologies)
R3 DrmRAudio; C:\Windows\System32\drivers\DrmRAudio.sys [34088 2012-06-05] (Windows ® Win 7 DDK provider)
R3 easytether; C:\Windows\System32\DRIVERS\easytthr.sys [21704 2013-03-11] (Mobile Stream)
R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [48200 2012-08-20] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
S3 MREMP50; No ImagePath
S3 MREMP50a64; No ImagePath
S3 MREMPR5; No ImagePath
S3 MRENDIS5; No ImagePath
S3 MRESP50; No ImagePath
S3 MRESP50a64; No ImagePath
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
S3 NPF; No ImagePath
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-10] (Corel Corporation)
R0 rtcrfilt64; C:\Windows\System32\DRIVERS\rtcrfilt64.sys [19600 1999-12-31] (Realtek Semiconductor Corp.)
S3 SANDRA; No ImagePath
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-03-14] ()
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-03-19 11:24 - 2014-03-19 11:25 - 00000000 ____D () C:\FRST
2014-03-18 23:05 - 2014-03-18 23:13 - 00000000 ____D () C:\Users\Tom\Desktop\RK_Quarantine
2014-03-18 23:02 - 2014-03-19 11:25 - 00000000 ____D () C:\Users\Tom\Desktop\Cleanup
2014-03-17 15:27 - 2014-03-17 15:27 - 00001203 _____ () C:\Users\Tom\Desktop\Chromecast.lnk
2014-03-17 15:27 - 2014-03-17 15:27 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromecast
2014-03-12 15:54 - 2014-03-12 15:54 - 05777288 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-03-11 19:31 - 2014-03-11 19:44 - 00000000 ____D () C:\AdwCleaner
2014-03-11 17:43 - 2014-03-11 19:17 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-11 17:42 - 2014-03-11 17:42 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-09 12:16 - 2014-03-09 12:16 - 00003230 _____ () C:\Windows\System32\Tasks\SidebarExecute
2014-03-07 00:01 - 2014-03-07 00:01 - 00000987 _____ () C:\Users\Tom\Documents\Security.lnk
2014-03-03 21:17 - 2014-03-03 21:17 - 00000000 ____D () C:\Program Files (x86)\Amazon.com
2014-03-01 21:11 - 2014-03-01 21:11 - 00001114 _____ () C:\Users\Tom\Desktop\xda.txt
2014-03-01 15:05 - 2014-03-01 15:32 - 00055362 _____ () C:\Users\Tom\Documents\SnagItDebug.log
2014-02-28 15:25 - 2014-02-28 15:25 - 00000000 ____D () C:\Users\Tom\Documents\Snagit Stamps
2014-02-28 15:25 - 2014-02-28 15:25 - 00000000 ____D () C:\ProgramData\regid.1995-08.com.techsmith
2014-02-27 23:32 - 2014-03-06 11:02 - 00000000 ____D () C:\Users\Tom\Documents\My Kindle NoDRM
2014-02-27 23:28 - 2014-03-10 23:59 - 00000000 ____D () C:\Users\Tom\Documents\My Kindle Content
2014-02-27 22:40 - 2014-03-14 13:51 - 00000440 ____H () C:\Windows\Tasks\WS.Booster-S-1431105474.job
2014-02-27 22:40 - 2014-02-28 15:38 - 00000000 ____D () C:\ProgramData\waebusave
2014-02-27 22:40 - 2014-02-28 15:38 - 00000000 ____D () C:\Program Files (x86)\waebusave
2014-02-27 22:40 - 2014-02-27 22:41 - 00000000 ____D () C:\ProgramData\SafeSoft
2014-02-27 22:40 - 2014-02-27 22:41 - 00000000 ____D () C:\ProgramData\c6fdf422a29db75a
2014-02-27 22:40 - 2014-02-27 22:40 - 04383232 _____ () C:\Program Files (x86)\WS_x64.Booster
2014-02-27 22:40 - 2014-02-27 22:40 - 00002686 _____ () C:\Windows\System32\Tasks\WS.Booster-S-1431105474
2014-02-27 22:40 - 2014-02-27 22:40 - 00000000 ____D () C:\Users\Tom\AppData\Local\Packages
2014-02-27 22:40 - 2014-02-27 22:40 - 00000000 ____D () C:\Users\Tom\AppData\Local\Comodo
2014-02-27 22:40 - 2014-02-27 22:40 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch
2014-02-27 22:40 - 2014-02-27 22:40 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-02-27 22:40 - 2014-02-27 22:40 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-02-27 22:40 - 2014-02-27 22:40 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-02-27 22:40 - 2014-02-27 22:40 - 00000000 ____D () C:\Users\Guest\AppData\Local\Torch
2014-02-27 22:40 - 2014-02-27 22:40 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-02-27 22:40 - 2014-02-27 22:40 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-02-27 22:40 - 2014-02-27 22:40 - 00000000 ____D () C:\Users\Guest
2014-02-27 22:40 - 2014-02-27 22:40 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-02-27 22:40 - 2014-02-27 22:40 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-02-27 22:40 - 2014-02-27 22:40 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-02-27 22:40 - 2014-02-27 22:40 - 00000000 ____D () C:\Users\Administrator
2014-02-27 22:38 - 2014-02-27 22:41 - 00000000 ____D () C:\ProgramData\InstallMate
2014-02-27 21:54 - 2014-02-27 21:56 - 00000000 ____D () C:\Users\Tom\AppData\Local\calibre-cache
2014-02-27 21:47 - 2014-03-06 11:03 - 00000000 ____D () C:\Users\Tom\Documents\Calibre Library
2014-02-25 15:01 - 2014-02-25 15:01 - 00000207 _____ () C:\Users\Tom\Desktop\Do Your Own Taxes for More Control Over Your Financial Future.url
2014-02-24 20:47 - 2014-02-24 20:47 - 00000000 ___SD () C:\Users\Tom\Documents\My Data Sources
2014-02-24 01:26 - 2014-03-14 13:41 - 00000000 ____D () C:\Users\Tom\Desktop\Rick - ALmix
2014-02-23 11:59 - 2014-02-23 12:00 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\Notepad++
2014-02-23 11:59 - 2014-02-23 11:59 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-02-23 11:59 - 2014-02-23 11:59 - 00000000 ____D () C:\Program Files (x86)\Notepad++
2014-02-22 22:20 - 2014-02-22 22:21 - 00000063 _____ () C:\Users\Tom\Desktop\Songs for 50th.txt
2014-02-22 03:23 - 2014-02-22 16:17 - 00000238 _____ () C:\Users\Tom\Desktop\ToDo Items.txt
2014-02-22 00:32 - 2014-02-22 00:32 - 00000000 ____D () C:\Users\Tom\Downloads\Kindle Fire Tools
2014-02-21 23:57 - 2014-02-21 23:58 - 00000000 ____D () C:\Users\Tom\.Kindle Fire
2014-02-21 23:27 - 2014-02-22 17:04 - 00000000 ____D () C:\KFFirstAide 4.1.100
2014-02-21 22:35 - 2014-03-10 21:37 - 00000000 ____D () C:\Users\Tom\Desktop\Kindle Fire
2014-02-21 17:42 - 2014-03-13 22:20 - 00000000 ____D () C:\Users\Tom\Desktop\Dr Fuhrman
2014-02-20 17:48 - 2013-05-10 01:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-02-20 17:48 - 2013-05-10 01:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-02-20 17:48 - 2013-05-10 00:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-02-20 17:48 - 2013-05-10 00:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-02-19 15:56 - 2014-02-19 15:56 - 00000000 _____ () C:\Users\Tom\Desktop\Doc Martin.txt
2014-02-18 21:37 - 2013-12-31 19:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-18 21:37 - 2013-12-31 19:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-18 21:37 - 2013-12-03 22:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-18 21:37 - 2013-12-03 22:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-18 21:37 - 2013-12-03 22:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-18 21:37 - 2013-12-03 22:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-18 21:37 - 2013-12-03 22:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-18 21:37 - 2013-12-03 22:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-18 21:37 - 2013-12-03 22:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-18 21:37 - 2013-12-03 22:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-18 21:37 - 2013-12-03 22:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-18 21:37 - 2013-12-03 22:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-18 21:37 - 2013-12-03 22:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-18 21:37 - 2013-12-03 22:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-18 21:37 - 2013-12-03 22:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-18 21:37 - 2013-12-03 22:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-18 21:37 - 2013-12-03 21:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-18 21:37 - 2013-12-03 21:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-18 21:37 - 2013-12-03 21:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-18 21:37 - 2013-12-03 21:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-18 21:37 - 2013-11-26 07:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-02-18 21:37 - 2013-11-23 14:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2014-02-18 21:37 - 2013-11-23 13:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-02-18 21:37 - 2013-10-29 22:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2014-02-18 21:37 - 2013-10-29 22:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2014-02-18 21:37 - 2013-10-03 22:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2014-02-18 21:37 - 2013-10-03 22:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2014-02-18 21:37 - 2013-10-03 22:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-02-18 21:37 - 2013-10-03 21:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2014-02-18 21:37 - 2013-10-03 21:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-02-18 21:37 - 2013-10-03 21:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2014-02-18 21:15 - 2014-02-18 21:15 - 00000000 ____D () C:\Windows\en
2014-02-18 21:12 - 2014-02-18 21:12 - 00000000 ____D () C:\Program Files\Windows Live
2014-02-18 21:12 - 2013-02-05 23:06 - 00057840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fssfltr.sys
2014-02-18 21:08 - 2014-02-18 21:08 - 00002153 _____ () C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2014-02-18 21:08 - 2014-02-18 21:08 - 00002066 _____ () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2014-02-18 21:08 - 2014-02-18 21:08 - 00002066 _____ () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2014-02-18 21:08 - 2014-02-18 21:08 - 00000358 _____ () C:\Windows\DirectX.log
2014-02-18 21:08 - 2014-02-18 21:08 - 00000000 ___RD () C:\Users\Tom\SkyDrive
2014-02-18 21:08 - 2014-02-18 21:08 - 00000000 ____D () C:\ProgramData\Microsoft SkyDrive
2014-02-18 21:08 - 2014-02-18 21:08 - 00000000 ____D () C:\Program Files (x86)\Microsoft SkyDrive
2014-02-18 21:06 - 2014-03-02 22:33 - 00000000 ____D () C:\Users\Tom\AppData\Local\Windows Live
2014-02-18 20:59 - 2014-02-18 21:00 - 00000000 ____D () C:\Users\Tom\AppData\Local\{06916D1B-0E62-4ED0-83F5-66D042C52905}
2014-02-18 19:32 - 2014-02-18 19:32 - 00001645 _____ () C:\Users\Tom\Desktop\1964 Tom and Jean Wedding Pictures.lnk
 
==================== One Month Modified Files and Folders =======
 
2014-03-19 11:25 - 2014-03-19 11:24 - 00000000 ____D () C:\FRST
2014-03-19 11:25 - 2014-03-18 23:02 - 00000000 ____D () C:\Users\Tom\Desktop\Cleanup
2014-03-19 11:17 - 2012-06-02 06:48 - 01428978 _____ () C:\Windows\WindowsUpdate.log
2014-03-19 11:01 - 2013-11-09 14:12 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1138514443-2710031489-4037345017-1000UA.job
2014-03-19 11:01 - 2013-11-09 14:12 - 00000848 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1138514443-2710031489-4037345017-1000Core.job
2014-03-19 11:01 - 2013-10-01 22:33 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-19 11:01 - 2012-08-16 16:23 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-19 09:08 - 2013-02-09 14:53 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\Mozilla
2014-03-19 09:07 - 2012-07-30 12:18 - 00000000 ____D () C:\Users\Tom\AppData\Local\Adobe
2014-03-18 23:26 - 2013-10-13 21:29 - 00080109 _____ () C:\Windows\setupact.log
2014-03-18 23:13 - 2014-03-18 23:05 - 00000000 ____D () C:\Users\Tom\Desktop\RK_Quarantine
2014-03-18 23:04 - 2012-07-30 20:07 - 00000000 ___RD () C:\Users\Tom\Dropbox
2014-03-18 21:20 - 2012-07-30 20:02 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\Dropbox
2014-03-18 21:01 - 2013-11-10 11:38 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\Skype
2014-03-18 21:01 - 2013-05-18 13:47 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\Copy
2014-03-18 21:01 - 2012-07-31 08:42 - 00000000 ____D () C:\Program Files (x86)\KeePass Password Safe 2
2014-03-18 20:48 - 2012-08-16 16:23 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-18 19:28 - 2014-01-09 11:49 - 00000000 ____D () C:\Users\Tom\AppData\Local\CrashDumps
2014-03-18 14:00 - 2013-05-21 15:29 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-03-17 15:27 - 2014-03-17 15:27 - 00001203 _____ () C:\Users\Tom\Desktop\Chromecast.lnk
2014-03-17 15:27 - 2014-03-17 15:27 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromecast
2014-03-17 15:27 - 2012-08-16 16:22 - 00000000 ____D () C:\Users\Tom\AppData\Local\Google
2014-03-17 00:59 - 2009-07-14 00:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-17 00:59 - 2009-07-14 00:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-15 14:25 - 2012-08-17 11:25 - 00000000 ____D () C:\Program Files (x86)\Paint Shop Pro 6
2014-03-14 14:01 - 2009-07-14 01:13 - 00787576 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-14 13:57 - 2013-08-02 13:50 - 00000414 _____ () C:\Windows\Tasks\DriverUpdate Startup.job
2014-03-14 13:56 - 2013-08-02 13:50 - 00016152 _____ () C:\Windows\system32\Drivers\SWDUMon.sys
2014-03-14 13:55 - 2013-04-14 16:52 - 00000000 ____D () C:\Samsung Link
2014-03-14 13:55 - 2012-08-16 16:24 - 00000000 ___RD () C:\Users\Tom\Google Drive
2014-03-14 13:55 - 2012-06-02 05:21 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-03-14 13:55 - 2012-06-02 05:21 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-03-14 13:55 - 2012-06-02 05:17 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-03-14 13:51 - 2014-02-27 22:40 - 00000440 ____H () C:\Windows\Tasks\WS.Booster-S-1431105474.job
2014-03-14 13:51 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-14 13:41 - 2014-02-24 01:26 - 00000000 ____D () C:\Users\Tom\Desktop\Rick - ALmix
2014-03-14 13:34 - 2014-02-07 14:14 - 00002174 ____H () C:\Users\Tom\Documents\Default.rdp
2014-03-14 13:17 - 2009-07-14 01:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-03-13 22:22 - 2014-02-06 20:49 - 00000000 ___RD () C:\Users\Tom\Documents\Loose Files
2014-03-13 22:20 - 2014-02-21 17:42 - 00000000 ____D () C:\Users\Tom\Desktop\Dr Fuhrman
2014-03-12 15:54 - 2014-03-12 15:54 - 05777288 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-03-12 15:54 - 2013-10-01 22:33 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-12 15:54 - 2012-06-02 04:54 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 15:54 - 2012-06-02 04:54 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-11 19:51 - 2013-08-02 13:50 - 00002836 _____ () C:\Windows\System32\Tasks\DriverUpdate Startup
2014-03-11 19:44 - 2014-03-11 19:31 - 00000000 ____D () C:\AdwCleaner
2014-03-11 19:17 - 2014-03-11 17:43 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-11 17:42 - 2014-03-11 17:42 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-10 23:59 - 2014-02-27 23:28 - 00000000 ____D () C:\Users\Tom\Documents\My Kindle Content
2014-03-10 21:42 - 2012-07-30 20:11 - 00000000 ____D () C:\kfu
2014-03-10 21:37 - 2014-02-21 22:35 - 00000000 ____D () C:\Users\Tom\Desktop\Kindle Fire
2014-03-10 21:15 - 2014-01-23 23:45 - 00000000 ____D () C:\KFFirstAide
2014-03-09 12:16 - 2014-03-09 12:16 - 00003230 _____ () C:\Windows\System32\Tasks\SidebarExecute
2014-03-07 00:01 - 2014-03-07 00:01 - 00000987 _____ () C:\Users\Tom\Documents\Security.lnk
2014-03-06 21:15 - 2010-11-21 03:16 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-03-06 11:03 - 2014-02-27 21:47 - 00000000 ____D () C:\Users\Tom\Documents\Calibre Library
2014-03-06 11:02 - 2014-02-27 23:32 - 00000000 ____D () C:\Users\Tom\Documents\My Kindle NoDRM
2014-03-04 18:28 - 2012-09-20 21:29 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\TeamViewer
2014-03-04 17:56 - 2013-09-24 09:26 - 00000000 ___DC () C:\Users\Tom\AppData\Local\MigWiz
2014-03-03 21:19 - 2013-11-13 20:08 - 00102808 _____ () C:\Windows\DPINST.LOG
2014-03-03 21:17 - 2014-03-03 21:17 - 00000000 ____D () C:\Program Files (x86)\Amazon.com
2014-03-02 22:33 - 2014-02-18 21:06 - 00000000 ____D () C:\Users\Tom\AppData\Local\Windows Live
2014-03-02 22:13 - 2011-02-10 12:10 - 00780190 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-03-02 22:10 - 2013-02-05 12:16 - 00007606 _____ () C:\Users\Tom\AppData\Local\Resmon.ResmonCfg
2014-03-02 00:35 - 2013-06-10 21:39 - 00001349 _____ () C:\Users\Tom\Desktop\Hearing Aids.lnk
2014-03-02 00:25 - 2013-12-05 15:23 - 00000000 ____D () C:\Users\Tom\Desktop\Dropcam Photos
2014-03-01 21:11 - 2014-03-01 21:11 - 00001114 _____ () C:\Users\Tom\Desktop\xda.txt
2014-03-01 15:32 - 2014-03-01 15:05 - 00055362 _____ () C:\Users\Tom\Documents\SnagItDebug.log
2014-02-28 15:41 - 2013-10-13 21:27 - 25194014 _____ () C:\Windows\PFRO.log
2014-02-28 15:38 - 2014-02-27 22:40 - 00000000 ____D () C:\ProgramData\waebusave
2014-02-28 15:38 - 2014-02-27 22:40 - 00000000 ____D () C:\Program Files (x86)\waebusave
2014-02-28 15:25 - 2014-02-28 15:25 - 00000000 ____D () C:\Users\Tom\Documents\Snagit Stamps
2014-02-28 15:25 - 2014-02-28 15:25 - 00000000 ____D () C:\ProgramData\regid.1995-08.com.techsmith
2014-02-27 22:41 - 2014-02-27 22:40 - 00000000 ____D () C:\ProgramData\SafeSoft
2014-02-27 22:41 - 2014-02-27 22:40 - 00000000 ____D () C:\ProgramData\c6fdf422a29db75a
2014-02-27 22:41 - 2014-02-27 22:38 - 00000000 ____D () C:\ProgramData\InstallMate
2014-02-27 22:40 - 2014-02-27 22:40 - 04383232 _____ () C:\Program Files (x86)\WS_x64.Booster
2014-02-27 22:40 - 2014-02-27 22:40 - 00002686 _____ () C:\Windows\System32\Tasks\WS.Booster-S-1431105474
2014-02-27 22:40 - 2014-02-27 22:40 - 00000000 ____D () C:\Users\Tom\AppData\Local\Packages
2014-02-27 22:40 - 2014-02-27 22:40 - 00000000 ____D () C:\Users\Tom\AppData\Local\Comodo
2014-02-27 22:40 - 2014-02-27 22:40 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch
2014-02-27 22:40 - 2014-02-27 22:40 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-02-27 22:40 - 2014-02-27 22:40 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-02-27 22:40 - 2014-02-27 22:40 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-02-27 22:40 - 2014-02-27 22:40 - 00000000 ____D () C:\Users\Guest\AppData\Local\Torch
2014-02-27 22:40 - 2014-02-27 22:40 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-02-27 22:40 - 2014-02-27 22:40 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-02-27 22:40 - 2014-02-27 22:40 - 00000000 ____D () C:\Users\Guest
2014-02-27 22:40 - 2014-02-27 22:40 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-02-27 22:40 - 2014-02-27 22:40 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-02-27 22:40 - 2014-02-27 22:40 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-02-27 22:40 - 2014-02-27 22:40 - 00000000 ____D () C:\Users\Administrator
2014-02-27 21:56 - 2014-02-27 21:54 - 00000000 ____D () C:\Users\Tom\AppData\Local\calibre-cache
2014-02-25 15:01 - 2014-02-25 15:01 - 00000207 _____ () C:\Users\Tom\Desktop\Do Your Own Taxes for More Control Over Your Financial Future.url
2014-02-24 20:47 - 2014-02-24 20:47 - 00000000 ___SD () C:\Users\Tom\Documents\My Data Sources
2014-02-23 12:00 - 2014-02-23 11:59 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\Notepad++
2014-02-23 12:00 - 2012-07-30 19:49 - 00000000 ____D () C:\Applications
2014-02-23 11:59 - 2014-02-23 11:59 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-02-23 11:59 - 2014-02-23 11:59 - 00000000 ____D () C:\Program Files (x86)\Notepad++
2014-02-23 11:58 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-02-22 22:21 - 2014-02-22 22:20 - 00000063 _____ () C:\Users\Tom\Desktop\Songs for 50th.txt
2014-02-22 21:40 - 2009-07-14 01:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-02-22 17:04 - 2014-02-21 23:27 - 00000000 ____D () C:\KFFirstAide 4.1.100
2014-02-22 16:17 - 2014-02-22 03:23 - 00000238 _____ () C:\Users\Tom\Desktop\ToDo Items.txt
2014-02-22 00:32 - 2014-02-22 00:32 - 00000000 ____D () C:\Users\Tom\Downloads\Kindle Fire Tools
2014-02-21 23:58 - 2014-02-21 23:57 - 00000000 ____D () C:\Users\Tom\.Kindle Fire
2014-02-21 23:58 - 2012-07-30 00:13 - 00000000 ____D () C:\Users\Tom
2014-02-21 16:56 - 2012-08-23 17:51 - 00000000 ____D () C:\Users\Tom\AppData\Local\McTiVia
2014-02-20 19:08 - 2012-08-10 15:08 - 00000000 ____D () C:\Program Files\Java
2014-02-20 19:06 - 2009-07-13 23:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-02-20 17:58 - 2013-04-15 11:41 - 00000000 ____D () C:\Users\Tom\Desktop\Information
2014-02-20 17:57 - 2013-04-15 11:38 - 00000000 ___RD () C:\Users\Tom\Desktop\Applications
2014-02-20 17:48 - 2013-08-01 19:19 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-20 17:46 - 2012-08-01 12:13 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-20 17:45 - 2012-07-30 16:15 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-02-20 17:45 - 2012-07-30 16:15 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-02-20 17:45 - 2012-07-30 16:15 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-02-20 17:43 - 2013-03-14 03:02 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-02-20 17:43 - 2013-03-14 03:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-02-20 16:32 - 2013-05-21 15:28 - 00000000 ____D () C:\Program Files\My Dell
2014-02-20 16:32 - 2012-07-31 09:00 - 00000000 ____D () C:\ProgramData\PCDr
2014-02-19 17:48 - 2013-10-15 17:05 - 00000000 ____D () C:\KFHD_SRT_v2.1 for KF8.9
2014-02-19 15:56 - 2014-02-19 15:56 - 00000000 _____ () C:\Users\Tom\Desktop\Doc Martin.txt
2014-02-18 21:15 - 2014-02-18 21:15 - 00000000 ____D () C:\Windows\en
2014-02-18 21:12 - 2014-02-18 21:12 - 00000000 ____D () C:\Program Files\Windows Live
2014-02-18 21:12 - 2012-06-02 05:30 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-02-18 21:12 - 2009-07-13 23:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-02-18 21:08 - 2014-02-18 21:08 - 00002153 _____ () C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2014-02-18 21:08 - 2014-02-18 21:08 - 00002066 _____ () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2014-02-18 21:08 - 2014-02-18 21:08 - 00002066 _____ () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2014-02-18 21:08 - 2014-02-18 21:08 - 00000358 _____ () C:\Windows\DirectX.log
2014-02-18 21:08 - 2014-02-18 21:08 - 00000000 ___RD () C:\Users\Tom\SkyDrive
2014-02-18 21:08 - 2014-02-18 21:08 - 00000000 ____D () C:\ProgramData\Microsoft SkyDrive
2014-02-18 21:08 - 2014-02-18 21:08 - 00000000 ____D () C:\Program Files (x86)\Microsoft SkyDrive
2014-02-18 21:00 - 2014-02-18 20:59 - 00000000 ____D () C:\Users\Tom\AppData\Local\{06916D1B-0E62-4ED0-83F5-66D042C52905}
2014-02-18 19:32 - 2014-02-18 19:32 - 00001645 _____ () C:\Users\Tom\Desktop\1964 Tom and Jean Wedding Pictures.lnk
2014-02-18 13:45 - 2012-08-03 17:17 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\PrimoPDF
 
Some content of TEMP:
====================
C:\Users\Tom\AppData\Local\Temp\6_Offer_17.exe
C:\Users\Tom\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Tom\AppData\Local\Temp\ntdll_dump.dll
C:\Users\Tom\AppData\Local\Temp\oi_{41A0C3BC-4164-4936-8334-6E5382D2025F}.exe
C:\Users\Tom\AppData\Local\Temp\Quarantine.exe
C:\Users\Tom\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Tom\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
C:\Users\Tom\AppData\Local\Temp\vlc-2.0.8-win32.exe
C:\Users\Tom\AppData\Local\Temp\WINSSUDDRV_001.005.022.000.exe
C:\Users\Tom\AppData\Local\Temp\xmlUpdater.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-03-10 00:53
 
==================== End Of Log ============================

 

Addition.txt

Link to post
Share on other sites

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

Download AdwCleaner by Xplode from here: http://www.bleepingcomputer.com/download/adwcleaner/ and save to your Desktop.

 


Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
When it's done you'll see: Pending: Uncheck any elements you don't want removed.
Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
Look over the log especially under Files/Folders for any program you want to save.
If there's a program you want to save, just uncheck it from AdwCleaner.
If you're not sure, post the log for review.
If you're ready to clean it all up.....click the Clean button.
After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
Copy and paste the contents of that logfile in your next reply.
A copy of that logfile will also be saved in the C:\AdwCleaner folder.
Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
To restore an item that has been deleted (if necessary):
Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

 

Next,

 

thisisujrt.gif Please download Junkware Removal Tool to your desktop.


Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

 

Next,

 

Run Malwarebytes,  Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick scan

Make sure that everything is checked, and click Remove Selected on any found items.

 

Post the produced log

 

Next,

 

Download and install CCleaner from here:

 

] Ensure to select Slim version. (No Toolbar)


Run the installer to install the application.
Run CCleaner. default settings are fine
Select > Cleaner > Run Cleaner > all temp files and caches will be deleted/emptied
Close CCleaner and Re-Boot your system

 

Post the logs in next reply, let me know what issues or concerns remain...

 

Kevin

 

 

 

fixlist.txt

Link to post
Share on other sites

First of all, your link for CCleaner needs to be updated. Also, I didn't see a Slim version. There are three choices to download, Free, Professional (free trial), and Professional Plus (free trial). I chose Professional but it was a little confusing.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by Tom at 2014-03-19 18:24:40 Run:1
Running from C:\Users\Tom\Desktop\Cleanup
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
Start
HKLM Group Policy restriction on software: *.rar.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.com <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png.pif <====== ATTENTION
HKLM Group Policy restriction on software: *?* <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\fixcleaner\wuasetup.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\copy\copycmd.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\copy\copyagent.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\copy\copyconsole.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\copy\copyagent.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\fixcleaner\wuasetup.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\fixcleaner\wuasetup.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\copy\copyagent.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\copy\copyconsole.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\copy\copycmd.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\copy\copycmd.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\copy\copyconsole.exe <====== ATTENTION
AppInit_DLLs: C:\PROGRA~2\WS_X64~1.BOO => C:\Program Files (x86)\WS_x64.Booster [4383232 2014-02-27] ()
C:\Program Files (x86)\WS_x64.Booster
S2 1a34a8e0; "C:\Windows\system32\rundll32.exe" "c:\progra~2\WSSvc.dll",service
c:\progra~2\WSSvc.dll
S3 ALSysIO; No ImagePath
S3 MREMP50; No ImagePath
S3 MREMP50a64; No ImagePath
S3 MREMPR5; No ImagePath
S3 MRENDIS5; No ImagePath
S3 MRESP50; No ImagePath
S3 MRESP50a64; No ImagePath
S3 NPF; No ImagePath
S3 SANDRA; No ImagePath
C:\Users\Tom\AppData\Local\Temp\6_Offer_17.exe
C:\Users\Tom\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Tom\AppData\Local\Temp\ntdll_dump.dll
C:\Users\Tom\AppData\Local\Temp\oi_{41A0C3BC-4164-4936-8334-6E5382D2025F}.exe
C:\Users\Tom\AppData\Local\Temp\Quarantine.exe
C:\Users\Tom\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Tom\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
C:\Users\Tom\AppData\Local\Temp\vlc-2.0.8-win32.exe
C:\Users\Tom\AppData\Local\Temp\WINSSUDDRV_001.005.022.000.exe
C:\Users\Tom\AppData\Local\Temp\xmlUpdater.exe
2009-07-13 22:34 - 2013-12-10 20:09 - 00001194 ____A C:\Windows\system32\Drivers\etc\hosts
76.96.40.158 mail.comcast.net
76.96.40.158 mail.comcast.net
68.87.26.155 smtp.comcast.net
74.125.142.108 pop.gmail.com
74.125.142.109 pop.gmail.com
74.125.142.108 smtp.gmail.com
74.125.142.109 smtp.gmail.com
Task: {6B816DCB-67B7-4225-806D-AF7D2C215625} - System32\Tasks\WS.Booster-S-1431105474 => c:\programdata\safesoft\ws.booster\WS.Booster.exe
Task: C:\Windows\Tasks\WS.Booster-S-1431105474.job => c:\programdata\safesoft\ws.booster\WS.Booster.exe
End
*****************
 
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
"C:\\PROGRA~2\\WS_X64~1.BOO" => Value Data removed successfully.
C:\Program Files (x86)\WS_x64.Booster => Moved successfully.
1a34a8e0 => Service deleted successfully.
"c:\progra~2\WSSvc.dll" => File/Directory not found.
ALSysIO => Service deleted successfully.
MREMP50 => Service deleted successfully.
MREMP50a64 => Service deleted successfully.
MREMPR5 => Service deleted successfully.
MRENDIS5 => Service deleted successfully.
MRESP50 => Service deleted successfully.
MRESP50a64 => Service deleted successfully.
NPF => Service deleted successfully.
SANDRA => Service deleted successfully.
C:\Users\Tom\AppData\Local\Temp\6_Offer_17.exe => Moved successfully.
C:\Users\Tom\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe => Moved successfully.
C:\Users\Tom\AppData\Local\Temp\ntdll_dump.dll => Moved successfully.
C:\Users\Tom\AppData\Local\Temp\oi_{41A0C3BC-4164-4936-8334-6E5382D2025F}.exe => Moved successfully.
C:\Users\Tom\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Tom\AppData\Local\Temp\SkypeSetup.exe => Moved successfully.
C:\Users\Tom\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll => Moved successfully.
C:\Users\Tom\AppData\Local\Temp\vlc-2.0.8-win32.exe => Moved successfully.
C:\Users\Tom\AppData\Local\Temp\WINSSUDDRV_001.005.022.000.exe => Moved successfully.
C:\Users\Tom\AppData\Local\Temp\xmlUpdater.exe => Moved successfully.
C:\Windows\system32\Drivers\etc\hosts => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6B816DCB-67B7-4225-806D-AF7D2C215625} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6B816DCB-67B7-4225-806D-AF7D2C215625} => Key deleted successfully.
C:\Windows\System32\Tasks\WS.Booster-S-1431105474 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WS.Booster-S-1431105474 => Key deleted successfully.
C:\Windows\Tasks\WS.Booster-S-1431105474.job => Moved successfully.
 
==== End of Fixlog ====
 
# AdwCleaner v3.022 - Report created 19/03/2014 at 18:57:54
# Updated 13/03/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Tom - TJW
# Running from : C:\Users\Tom\Desktop\Cleanup\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16518
 
 
-\\ Mozilla Firefox v21.0 (en-US)
 
[ File : C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\ev7ql2f1.default-1366675402418\prefs.js ]
 
 
-\\ Google Chrome v33.0.1750.154
 
[ File : C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [17757 octets] - [11/03/2014 19:31:52]
AdwCleaner[R1].txt - [1308 octets] - [11/03/2014 19:41:16]
AdwCleaner[R2].txt - [1225 octets] - [19/03/2014 18:29:56]
AdwCleaner[s0].txt - [17101 octets] - [11/03/2014 19:34:29]
AdwCleaner[s1].txt - [1377 octets] - [11/03/2014 19:44:55]
AdwCleaner[s2].txt - [1149 octets] - [19/03/2014 18:57:54]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s2].txt - [1209 octets] ##########
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Home Premium x64
Ran by Tom on Wed 03/19/2014 at 19:19:49.81
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{2830488C-079B-45C2-88B6-AFE4EAA2DF85}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\fixcleaner
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\fixcleaner
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\strongvaultapp_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\strongvaultapp_rasmancs
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{55555555-5555-5555-5555-550055445593}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660066446693}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{55555555-5555-5555-5555-550055445593}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660066446693}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\aol_pricecheck_ie_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\aol_pricecheck_ie_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{657EFD5E-AAA2-6233-1460-8BC865B414CE}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{657EFD5E-AAA2-6233-1460-8BC865B414CE}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{657EFD5E-AAA2-6233-1460-8BC865B414CE}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F36C7886-9146-7688-FB49-24443F3BF167}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{F36C7886-9146-7688-FB49-24443F3BF167}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F36C7886-9146-7688-FB49-24443F3BF167}
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\Windows\Tasks\driverupdate startup.job"
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Users\Tom\AppData\Roaming\fixcleaner"
Successfully deleted: [Folder] "C:\Users\Tom\appdata\local\cre"
Successfully deleted: [Folder] "C:\Program Files (x86)\fixcleaner"
Successfully deleted: [Empty Folder] C:\Users\Tom\appdata\local\{01A647DE-F374-4AE2-9336-13AB86AC9098}
Successfully deleted: [Empty Folder] C:\Users\Tom\appdata\local\{06916D1B-0E62-4ED0-83F5-66D042C52905}
Successfully deleted: [Empty Folder] C:\Users\Tom\appdata\local\{0B6C75AD-32F6-4635-B442-7529B90384AA}
Successfully deleted: [Empty Folder] C:\Users\Tom\appdata\local\{306F4081-7AC4-4CCA-BD2A-9A01EE3044C6}
Successfully deleted: [Empty Folder] C:\Users\Tom\appdata\local\{567B2B3F-C80D-4FE3-88D2-9D2F2BF36016}
Successfully deleted: [Empty Folder] C:\Users\Tom\appdata\local\{7CFDC8B6-D1D6-45A2-9D8D-0BCB96AEDF6C}
Successfully deleted: [Empty Folder] C:\Users\Tom\appdata\local\{9B72052E-C86E-4358-9B9F-8AC256953700}
Successfully deleted: [Empty Folder] C:\Users\Tom\appdata\local\{9CDFBAD0-1C91-4509-8820-A7967126F503}
Successfully deleted: [Empty Folder] C:\Users\Tom\appdata\local\{D1508D9D-5DB7-42C6-96A7-855E7CF25A04}
Successfully deleted: [Empty Folder] C:\Users\Tom\appdata\local\{E2B11065-E8C2-47EA-9C96-A8F75D63EA43}
Successfully deleted: [Empty Folder] C:\Users\Tom\appdata\local\{F22DFC1D-3D6B-4B0F-B8E9-D74DD7FC2759}
Successfully deleted: [Empty Folder] C:\Users\Tom\appdata\local\{FC5CD874-1E59-4FAD-8D9B-6E3DF2DD872F}
 
 
 
~~~ FireFox
 
Successfully deleted: [Folder] C:\Users\Tom\AppData\Roaming\mozilla\firefox\profiles\ev7ql2f1.default-1366675402418\extensions\staged
Failed to delete: [Folder] C:\Users\Tom\AppData\Roaming\mozilla\firefox\profiles\ev7ql2f1.default-1366675402418\extensions\{0113d088-8ed1-468c-b225-585a9c53b5e3}
Emptied folder: C:\Users\Tom\AppData\Roaming\mozilla\firefox\profiles\ev7ql2f1.default-1366675402418\minidumps [7 files]
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 03/19/2014 at 19:26:30.10
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.03.19.10
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
Tom :: TJW [administrator]
 
Protection: Enabled
 
3/19/2014 7:35:34 PM
mbam-log-2014-03-19 (19-35-34).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 254389
Time elapsed: 7 minute(s), 2 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 
 
I didn't see any way to get a log from CCleaner. Maybe because it's a trial version???
 
Is there any way to know if my original problem was identified and/or fixed???
 
Thanks again for your help.
Link to post
Share on other sites

Try this link for CCleaner: http://www.piriform.com/ccleaner/builds it should give three versions, Standard installer, Portable version and Slim version (no toolbar). At that link on the right hand side you should see a list that will give all the information needed to find out how to use it to your advantage.As far as i`m aware it does not produce a log per se, but it does list what it removed on completion..

 

Your original issue was related to blocked blocked IP addresses, it is not easy to find what is making or trying to make those connections, whether they are inbound or outbound should show in your MB logs. The majority will probably be outbound...

 

I give you a set of scans to run so we get a good overall view of your system, from the produced logs we remove what is seen as a direct threat, possible threat or malicious/infected/patched entries. When have removed those found entries we then run a set of trusted cleaners to empty/flush caches, temp folders etc. Also clear out any unwanted adware/bloatware.

 

So to say whether the original issue is fixed is hard to pinpoint to an exact problem, You should know if we have made good progress by Malwarebytes, have the alerts stopped?

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.