Jump to content

malware


Recommended Posts

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 
 
 
 
 
HijackThis is not the preferred initial scanning tool in this forum. With today's malware, a more comprehensive set of logs is required to determine the presence of malware.
 
 
 
 
Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)
 
  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.


 
 
 
 
 Scan with aswMBR

Please download aswMBR ( 4.5MB ) to your desktop.

  • Double click the aswMBR.exe icon, and click Run.
  • There will be a short delay before the next dialog box comes up. Please just wait a minute or two.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Typically this is about a 100MB download so depending on your connection speed it can take a short while to download and become ready.
  • Click the Scan button to start the scan once the update has finished downloading
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.


Note: There will also be a file on your desktop named MBR.dat do not delete this for now. It is an actual backup of the MBR (master boot record).

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-08-2014

Ran by Kendrick Sun (administrator) on GEORGESUN-PC on 07-08-2014 12:00:15

Running from C:\Users\Kendrick Sun\Downloads

Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 11

Boot Mode: Normal

 

The only official download link for FRST:



Download link from any site other than Bleeping Computer is unpermitted or outdated.


 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe

(iolo technologies, LLC) C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe

(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe

() C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe

() C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTHIDMonitor.exe

(Logitech Inc.) C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe

() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe

(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE

(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVCM.EXE

(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe

(Cypress Semiconductor Corporation) C:\Program Files\Cypress\TrackPad\CyCpIo.exe

(Cypress Semiconductor, Inc.) C:\Program Files\Cypress\TrackPad\CyHidWin.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Hewlett-Packard Company) C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe

(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE

(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe

() C:\ProgramData\Supersoftware App\SO_Booster\SO_Booster.exe

(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe

(Hewlett-Packard Company) C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe

(iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic\ioloGovernor64.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe

(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe

(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.117.0\SeaPort.EXE

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe

(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe

() C:\Program Files (x86)\Steam\SteamApps\common\Blackguards\Blackguards.exe

(Valve Corporation) C:\Program Files (x86)\Steam\GameOverlayUI.exe

(iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic\SMTrayNotify.exe

() C:\Users\Kendrick Sun\Downloads\install.exe

() C:\Users\Kendrick Sun\AppData\Local\Temp\sd.exe

() C:\Users\Kendrick Sun\AppData\Roaming\VOPackage\VOPackage.exe

() C:\Users\Kendrick Sun\AppData\Roaming\VOPackage\VOsrv.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [CyCpIo] => C:\Program Files\Cypress\TrackPad\CyCpIo.exe [2429440 2012-05-02] (Cypress Semiconductor Corporation)

HKLM\...\Run: [CyHidWin] => C:\Program Files\Cypress\TrackPad\CyHidWin.exe [2371584 2012-05-02] (Cypress Semiconductor, Inc.)

HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [4358816 2012-03-28] (Dell Inc.)

HKLM\...\Run: [bLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [178960 2012-03-15] (Intel Corporation)

HKLM\...\Run: [bTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp

HKLM\...\Run: [HP LaserJet Professional CM1410 Series Fax] => C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe [3706424 2010-08-24] (Hewlett-Packard Company)

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch

HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)

HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)

HKLM-x32\...\Run: [ToolboxFX] => C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe [58936 2010-10-25] (Hewlett-Packard Company)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)

HKU\S-1-5-21-1152022502-1335729656-3061835487-1005\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation)

HKU\S-1-5-21-1152022502-1335729656-3061835487-1005\...\MountPoints2: {4e40b6c0-7b50-11e2-a177-00dbdf1990f5} - D:\setup.exe -a

AppInit_DLLs: C:\PROGRA~2\SO_BOO~1\ASSIST~2.DLL => C:\Program Files (x86)\SO_Booster\Assistant_x64.dll [4210176 2014-06-10] ()

AppInit_DLLs:  C:\PROGRA~3\FASTAN~1\FASTAN~2.DLL => C:\ProgramData\Fast And Safe\FastAndSafe_x64.dll [4302848 2014-06-30] ()

AppInit_DLLs-x32: c:\progra~2\so_boo~1\assist~1.dll => c:\Program Files (x86)\SO_Booster\Assistant.dll [4296192 2014-06-10] ()

AppInit_DLLs-x32:  c:\progra~3\fastan~1\fastan~1.dll => c:\ProgramData\Fast And Safe\FastAndSafe.dll [4125696 2014-06-30] ()

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)

Startup: C:\Users\spare\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Uninstall LastPass RunOnce.lnk

ShortcutTarget: Uninstall LastPass RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)

SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)

SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)

ShellIconOverlayIdentifiers: EldosIconOverlay -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)

ShellIconOverlayIdentifiers-x32: EldosIconOverlay -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)

BootExecute: autocheck autochk /p \??\D:autocheck autochk * 

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

ProxyServer: http=127.0.0.1:8080

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.calcitapp.info/

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x79689958C285CF01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.calcitapp.info/

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://websearch.calcitapp.info/


SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 


SearchScopes: HKLM-x32 - DefaultScope value is missing.

SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 

SearchScopes: HKCU - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = 

BHO: tpperfEctcouPoNi -> {583AD586-34D9-76EF-F2C2-F525AFE49A11} -> C:\ProgramData\tpperfEctcouPoNi\VDjGJrFM8_.x64.dll ()

BHO: Virtual Storage Mount Notification -> {5FF49FE8-B332-4CB9-B102-FB6951629E55} -> C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)

BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO: save on -> {8A59BAD9-8FF3-6EA6-F70E-A79FF613E544} -> C:\Program Files (x86)\save on\jc6sgdqmrW.x64.dll ()

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)

BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)

BHO: AllSaveR -> {B2296B24-B02E-FD9C-BB64-06B18CEF551E} -> C:\ProgramData\AllSaveR\Gn2FF.x64.dll ()

BHO: TaakeTheCouuppOni -> {B2B7268F-E843-2EB4-9DC1-EC0113B5BD06} -> C:\ProgramData\TaakeTheCouuppOni\O7PE.x64.dll ()

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO: lEss2paay -> {BAD6EA03-BEB2-0778-2DF3-D02943FA3BA4} -> C:\ProgramData\lEss2paay\RX.x64.dll ()

BHO: saavE on -> {C1D466EA-2844-BD8F-0D95-899E7AA9B0A6} -> C:\Program Files (x86)\saavE on\THG1kTI.x64.dll ()

BHO: DisCountLocaatorr -> {D17BC6D7-E41F-DF96-665F-EBCE903BB970} -> C:\ProgramData\DisCountLocaatorr\7yYDY9n2SG.x64.dll ()

BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.117.0\amd64\BingExt.dll (Microsoft Corporation.)

BHO: YoutubeAdblocker -> {F9620E8B-90EA-0B56-4E00-9EB8566899AE} -> C:\Program Files (x86)\YoutubeAdblocker\A.x64.dll ()

BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File

BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)

BHO-x32: tpperfEctcouPoNi -> {583AD586-34D9-76EF-F2C2-F525AFE49A11} -> C:\ProgramData\tpperfEctcouPoNi\VDjGJrFM8_.dll ()

BHO-x32: Virtual Storage Mount Notification -> {5FF49FE8-B332-4CB9-B102-FB6951629E55} -> C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)

BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: save on -> {8A59BAD9-8FF3-6EA6-F70E-A79FF613E544} -> C:\Program Files (x86)\save on\jc6sgdqmrW.dll ()

BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)

BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)

BHO-x32: AllSaveR -> {B2296B24-B02E-FD9C-BB64-06B18CEF551E} -> C:\ProgramData\AllSaveR\Gn2FF.dll ()

BHO-x32: TaakeTheCouuppOni -> {B2B7268F-E843-2EB4-9DC1-EC0113B5BD06} -> C:\ProgramData\TaakeTheCouuppOni\O7PE.dll ()

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: lEss2paay -> {BAD6EA03-BEB2-0778-2DF3-D02943FA3BA4} -> C:\ProgramData\lEss2paay\RX.dll ()

BHO-x32: saavE on -> {C1D466EA-2844-BD8F-0D95-899E7AA9B0A6} -> C:\Program Files (x86)\saavE on\THG1kTI.dll ()

BHO-x32: DisCountLocaatorr -> {D17BC6D7-E41F-DF96-665F-EBCE903BB970} -> C:\ProgramData\DisCountLocaatorr\7yYDY9n2SG.dll ()

BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.117.0\BingExt.dll (Microsoft Corporation.)

BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: ChromeFrame BHO -> {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} -> C:\Program Files (x86)\Google\Chrome Frame\Application\31.0.1650.63\npchrome_frame.dll (Google Inc.)

BHO-x32: YoutubeAdblocker -> {F9620E8B-90EA-0B56-4E00-9EB8566899AE} -> C:\Program Files (x86)\YoutubeAdblocker\A.dll ()

Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.117.0\amd64\BingExt.dll (Microsoft Corporation.)

Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.117.0\BingExt.dll (Microsoft Corporation.)

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)

Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

 

FireFox:

========

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=1.2.22 -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt

FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-12-06]

 

Chrome: 

=======

CHR HomePage: hxxp://websearch.calcitapp.info/

CHR StartupUrls: "hxxp://websearch.calcitapp.info/"

CHR Extension: (Fun2SaavE) - C:\Users\Kendrick Sun\AppData\Local\Google\Chrome\User Data\Default\Extensions\amahmdmoiajhbplhafebidnppjmlikne [2014-06-17]

CHR Extension: (Google Docs) - C:\Users\Kendrick Sun\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-23]

CHR Extension: (Google Drive) - C:\Users\Kendrick Sun\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-23]

CHR Extension: (Batch Image Downloader ZIG Lite) - C:\Users\Kendrick Sun\AppData\Local\Google\Chrome\User Data\Default\Extensions\bedbigoemkinkepgmcmgnapjcahnedmn [2014-06-30]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Kendrick Sun\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-25]

CHR Extension: (YouTube) - C:\Users\Kendrick Sun\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-23]

CHR Extension: (Google Search) - C:\Users\Kendrick Sun\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-23]

CHR Extension: (ssave On) - C:\Users\Kendrick Sun\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbmdapejfcdkdjdcnicfhagkoogfodch [2014-06-10]

CHR Extension: (Related Content by Zemanta) - C:\Users\Kendrick Sun\AppData\Local\Google\Chrome\User Data\Default\Extensions\fejeknoakjeblidffkajbioncodnmhge [2014-06-19]

CHR Extension: (Jailbreak the Patriarchy) - C:\Users\Kendrick Sun\AppData\Local\Google\Chrome\User Data\Default\Extensions\fiidcfoaaciclafodoficaofidfencgd [2014-07-14]

CHR Extension: (CSSViewer) - C:\Users\Kendrick Sun\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggfgijbpiheegefliciemofobhmofgce [2014-06-10]

CHR Extension: (Extrabux) - C:\Users\Kendrick Sun\AppData\Local\Google\Chrome\User Data\Default\Extensions\infdegpbaoaebllngceboapplllecfpc [2014-08-01]

CHR Extension: (GreaatSSave44Uo) - C:\Users\Kendrick Sun\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjahgakjdhndiaoiggklnlidknddpkml [2014-06-24]

CHR Extension: (YoutubeAdblocker) - C:\Users\Kendrick Sun\AppData\Local\Google\Chrome\User Data\Default\Extensions\knaokjlfifegclfpncopdjoalajheppf [2014-06-10]

CHR Extension: (saavE on) - C:\Users\Kendrick Sun\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfgojaamadamfmohchkkknefmgojcenn [2014-06-10]

CHR Extension: (Skype Click to Call) - C:\Users\Kendrick Sun\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-04-23]

CHR Extension: (SndLatr Beta for Gmail) - C:\Users\Kendrick Sun\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfddgbpdnaeliohhkbdbcmenpnkepkgn [2014-07-20]

CHR Extension: (Mavenlink Project Manager) - C:\Users\Kendrick Sun\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkpcjfgdlfelfjldoebklcimbekfeami [2014-06-30]

CHR Extension: (Google Wallet) - C:\Users\Kendrick Sun\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-23]

CHR Extension: (Gmail) - C:\Users\Kendrick Sun\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-23]

CHR Extension: (saavE on) - C:\Users\Kendrick Sun\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfgojaamadamfmohchkkknefmgojcenn\2.14 [2014-06-10]

CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 29850aa3; c:\Program Files (x86)\SO_Booster\AssistantSvc.dll [174928 2014-06-10] () [File not signed]

R2 64af91bf; c:\ProgramData\Fast And Safe\FastAndSafeSvc.dll [186192 2014-06-30] () [File not signed]

S4 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [151656 2012-03-30] (Microsoft Corp.)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)

R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)

S2 DellDigitalDelivery; c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [166912 2012-04-10] (Dell Products, LP.) [File not signed]

R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [145920 2010-10-25] (HP) [File not signed]

R2 ioloSystemService; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [4492776 2014-04-07] (iolo technologies, LLC)

R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [184320 2011-07-06] (Intel Corporation) [File not signed]

R2 ISCTAgent; c:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [121856 2011-11-10] ()

S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)

R2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [214896 2012-02-06] ()

R2 msoidsvc; C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2079520 2012-05-17] (Microsoft Corp.)

S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-02-26] ()

S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]

S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]

R2 VOsrv; C:\Users\Kendrick Sun\AppData\Roaming\VOPackage\VOsrv.exe [353792 2014-02-25] () [File not signed]

R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2669840 2012-02-26] (Intel® Corporation)

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R1 cbfs3; C:\Windows\system32\drivers\cbfs3.sys [321424 2010-11-30] (EldoS Corporation)

R3 cyhid; C:\Windows\System32\DRIVERS\cyhid.sys [125440 2012-05-04] (Cypress Semiconductor, Inc.)

R3 cykbfltrService; C:\Windows\System32\DRIVERS\cykbfltr.sys [14336 2012-05-04] (Cypress Semiconductor, Inc.)

R3 cymfltrService; C:\Windows\System32\DRIVERS\cymfltr.sys [88576 2012-05-04] (Cypress Semiconductor, Inc.)

R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [30752 2012-11-01] (EldoS Corporation)

R3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [65536 2012-03-02] (Fresco Logic)

R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [25024 2011-11-10] ()

R3 irstrtdv; C:\Windows\System32\DRIVERS\irstrtdv.sys [26504 2011-06-16] (Intel Corporation)

R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-01-19] ()

S3 LAN7500; C:\Windows\System32\DRIVERS\lan7500-x64-n620f.sys [88064 2011-09-30] (SMSC)

R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()

S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()

S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-20] (Malwarebytes Corporation)

S3 MOSUMAC; C:\Windows\System32\DRIVERS\USBMAC64.SYS [55296 2009-12-07] (--)

S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-04-20] ()

S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-08-07 12:00 - 2014-08-07 12:00 - 00028681 _____ () C:\Users\Kendrick Sun\Downloads\FRST.txt

2014-08-07 11:59 - 2014-08-07 12:00 - 00000000 ____D () C:\FRST

2014-08-07 11:58 - 2014-08-07 11:59 - 02094080 _____ (Farbar) C:\Users\Kendrick Sun\Downloads\FRST64.exe

2014-08-07 11:55 - 2014-08-07 11:55 - 00301608 _____ (VuuPC Limited) C:\Users\Kendrick Sun\AppData\Local\nszBBBD.tmp

2014-08-07 11:55 - 2014-08-07 11:55 - 00000875 _____ () C:\Users\Kendrick Sun\Desktop\Continue VuuPC Installation.lnk

2014-08-07 11:55 - 2014-08-07 11:55 - 00000000 ____D () C:\Users\Kendrick Sun\AppData\Roaming\VOPackage

2014-08-07 11:54 - 2014-08-07 11:54 - 00000000 ____D () C:\Program Files\Common Files\Goobzo

2014-08-07 11:53 - 2014-08-07 11:53 - 00632201 _____ () C:\Users\Kendrick Sun\Downloads\install.exe

2014-08-02 11:23 - 2014-05-14 11:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll

2014-08-02 11:23 - 2014-05-14 11:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe

2014-08-02 11:23 - 2014-05-14 11:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll

2014-08-02 11:23 - 2014-05-14 11:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll

2014-08-02 11:23 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll

2014-08-02 11:23 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll

2014-08-02 11:23 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe

2014-08-02 11:23 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe

2014-08-01 19:37 - 2014-08-01 19:37 - 00000000 ____D () C:\ProgramData\Package Cache

2014-08-01 10:21 - 2014-08-01 10:22 - 00000000 ____D () C:\ProgramData\DisCountLocaatorr

2014-08-01 10:07 - 2014-08-01 10:07 - 00000000 ____D () C:\Users\Kendrick Sun\AppData\Local\Daedalic Entertainment GmbH

2014-07-31 19:27 - 2014-07-31 19:27 - 00009375 _____ () C:\Users\Kendrick Sun\Documents\Spreadsheet 1.xlsx

2014-07-24 16:33 - 2014-07-24 18:14 - 00000000 ____D () C:\Users\Kendrick Sun\AppData\Local\Two Worlds II

2014-07-22 17:08 - 2014-07-24 16:33 - 00118615 _____ () C:\Windows\DirectX.log

2014-07-20 18:44 - 2014-07-20 18:44 - 04279688 _____ (Black Tree Gaming ) C:\Users\Kendrick Sun\Downloads\Nexus Mod Manager-0.51.0.exe

2014-07-20 18:44 - 2014-07-20 18:44 - 00000892 _____ () C:\Users\Public\Desktop\Nexus Mod Manager.lnk

2014-07-20 18:44 - 2014-07-20 18:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager

2014-07-20 18:44 - 2014-07-20 18:44 - 00000000 ____D () C:\Program Files\Nexus Mod Manager

2014-07-20 18:42 - 2014-07-20 18:42 - 00000641 _____ () C:\Users\Kendrick Sun\Downloads\download (7)

2014-07-20 18:42 - 2014-07-20 18:42 - 00000641 _____ () C:\Users\Kendrick Sun\Downloads\download (6)

2014-07-20 15:05 - 2014-07-20 15:05 - 00000000 ____D () C:\ProgramData\AllSaveR

2014-07-19 14:16 - 2014-07-19 14:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus

2014-07-19 14:16 - 2014-07-19 14:16 - 00000000 ____D () C:\Program Files\McAfee Security Scan

2014-07-19 08:43 - 2014-07-19 08:43 - 00000000 ____D () C:\Users\Kendrick Sun\AppData\Local\Gas Powered Games

2014-07-18 15:46 - 2014-07-18 15:46 - 00000000 ____D () C:\Users\Kendrick Sun\AppData\Local\CrashRpt

2014-07-18 15:43 - 2014-07-18 15:46 - 00000000 ____D () C:\Users\Kendrick Sun\AppData\Local\wf-launcher

2014-07-18 15:43 - 2014-07-18 15:43 - 00000000 ____D () C:\ProgramData\GFACE

2014-07-16 18:04 - 2014-08-06 11:51 - 00001474 _____ () C:\Windows\PFRO.log

2014-07-16 18:04 - 2014-08-06 11:51 - 00000952 _____ () C:\Windows\setupact.log

2014-07-16 18:04 - 2014-07-16 18:04 - 00000000 _____ () C:\Windows\setuperr.log

2014-07-16 18:02 - 2014-07-16 18:02 - 00002786 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC

2014-07-16 18:02 - 2014-07-16 18:02 - 00000824 _____ () C:\Users\Public\Desktop\CCleaner.lnk

2014-07-16 18:02 - 2014-07-16 18:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner

2014-07-16 18:02 - 2014-07-16 18:02 - 00000000 ____D () C:\Program Files\CCleaner

2014-07-16 18:01 - 2014-07-16 18:02 - 04812672 _____ (Piriform Ltd) C:\Users\Kendrick Sun\Downloads\ccsetup415.exe

2014-07-16 17:45 - 2014-07-16 17:46 - 100271992 _____ (Microsoft Corporation) C:\Users\Kendrick Sun\Downloads\directx_Jun2010_redist.exe

2014-07-16 17:08 - 2014-07-16 18:11 - 00000000 ____D () C:\Users\Kendrick Sun\AppData\Local\Warframe

2014-07-16 15:29 - 2014-07-16 15:29 - 00005103 _____ () C:\Users\Kendrick Sun\Downloads\StarDrive.CT

2014-07-16 15:19 - 2014-07-16 15:19 - 00000000 ____D () C:\Users\Kendrick Sun\AppData\Roaming\StarDrive

2014-07-16 15:19 - 2014-07-16 15:19 - 00000000 ____D () C:\Program Files (x86)\Microsoft XNA

2014-07-14 23:11 - 2014-07-14 23:11 - 00000000 ____D () C:\ProgramData\tpperfEctcouPoNi

2014-07-12 13:05 - 2014-07-19 14:16 - 00001933 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk

2014-07-12 13:05 - 2014-07-19 14:16 - 00000000 ____D () C:\ProgramData\McAfee Security Scan

2014-07-09 17:56 - 2014-06-20 15:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-07-09 17:56 - 2014-06-20 14:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-07-09 17:56 - 2014-06-18 20:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-07-09 17:56 - 2014-06-18 20:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-07-09 17:56 - 2014-06-18 20:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-07-09 17:56 - 2014-06-18 19:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-07-09 17:56 - 2014-06-18 19:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-07-09 17:56 - 2014-06-18 19:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-07-09 17:56 - 2014-06-18 19:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-07-09 17:56 - 2014-06-18 19:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-07-09 17:56 - 2014-06-18 19:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-07-09 17:56 - 2014-06-18 19:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-07-09 17:56 - 2014-06-18 19:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-07-09 17:56 - 2014-06-18 19:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-07-09 17:56 - 2014-06-18 19:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-07-09 17:56 - 2014-06-18 19:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-07-09 17:56 - 2014-06-18 19:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-07-09 17:56 - 2014-06-18 19:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-07-09 17:56 - 2014-06-18 19:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-07-09 17:56 - 2014-06-18 18:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-07-09 17:56 - 2014-06-18 18:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-07-09 17:56 - 2014-06-18 18:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-07-09 17:56 - 2014-06-18 18:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-07-09 17:56 - 2014-06-18 18:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-07-09 17:56 - 2014-06-18 18:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-07-09 17:56 - 2014-06-18 18:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-07-09 17:56 - 2014-06-18 18:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-07-09 17:56 - 2014-06-18 18:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-07-09 17:56 - 2014-06-18 18:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-07-09 17:56 - 2014-06-18 18:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2014-07-09 17:56 - 2014-06-18 18:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-07-09 17:56 - 2014-06-18 18:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-07-09 17:56 - 2014-06-18 18:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-07-09 17:56 - 2014-06-18 18:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-07-09 17:56 - 2014-06-18 18:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-07-09 17:56 - 2014-06-18 18:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-07-09 17:56 - 2014-06-18 18:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-07-09 17:56 - 2014-06-18 18:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-07-09 17:56 - 2014-06-18 18:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-07-09 17:56 - 2014-06-18 18:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-07-09 17:56 - 2014-06-18 18:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-07-09 17:56 - 2014-06-18 18:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-07-09 17:56 - 2014-06-18 17:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-07-09 17:56 - 2014-06-18 17:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-07-09 17:56 - 2014-06-18 17:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-07-09 17:56 - 2014-06-18 17:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-07-09 17:56 - 2014-06-18 17:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-07-09 17:56 - 2014-06-18 17:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-07-09 17:56 - 2014-06-18 17:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2014-07-09 17:56 - 2014-06-18 17:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-07-09 17:56 - 2014-06-18 17:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-07-09 17:56 - 2014-06-18 17:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-07-09 17:56 - 2014-06-18 17:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-07-09 17:56 - 2014-06-18 17:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-07-09 17:56 - 2014-06-18 17:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-07-09 17:56 - 2014-06-18 17:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-07-09 17:09 - 2014-06-17 21:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe

2014-07-09 17:09 - 2014-06-17 20:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe

2014-07-09 17:09 - 2014-06-17 20:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-07-09 17:02 - 2014-06-06 05:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll

2014-07-09 17:02 - 2014-06-06 04:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll

2014-07-09 17:02 - 2014-05-30 03:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2014-07-09 17:02 - 2014-05-30 03:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2014-07-09 17:02 - 2014-05-30 03:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll

2014-07-09 17:02 - 2014-05-30 03:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll

2014-07-09 17:02 - 2014-05-30 03:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll

2014-07-09 17:02 - 2014-05-30 03:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll

2014-07-09 17:02 - 2014-05-30 03:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll

2014-07-09 17:02 - 2014-05-30 02:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

2014-07-09 17:02 - 2014-05-30 02:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll

2014-07-09 17:02 - 2014-05-30 02:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2014-07-09 17:02 - 2014-05-30 02:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2014-07-09 17:02 - 2014-05-30 02:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll

2014-07-09 17:02 - 2014-05-30 02:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll

2014-07-09 17:02 - 2014-05-30 02:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll

2014-07-09 17:02 - 2014-05-30 01:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys

2014-07-09 16:55 - 2014-06-05 09:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2014-07-09 16:55 - 2014-06-05 09:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2014-07-09 16:55 - 2014-06-05 09:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-08-07 12:00 - 2014-08-07 12:00 - 00028681 _____ () C:\Users\Kendrick Sun\Downloads\FRST.txt

2014-08-07 12:00 - 2014-08-07 11:59 - 00000000 ____D () C:\FRST

2014-08-07 11:59 - 2014-08-07 11:58 - 02094080 _____ (Farbar) C:\Users\Kendrick Sun\Downloads\FRST64.exe

2014-08-07 11:58 - 2012-09-03 19:04 - 01203723 _____ () C:\Windows\WindowsUpdate.log

2014-08-07 11:56 - 2009-07-13 23:45 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-08-07 11:56 - 2009-07-13 23:45 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-08-07 11:55 - 2014-08-07 11:55 - 00301608 _____ (VuuPC Limited) C:\Users\Kendrick Sun\AppData\Local\nszBBBD.tmp

2014-08-07 11:55 - 2014-08-07 11:55 - 00000875 _____ () C:\Users\Kendrick Sun\Desktop\Continue VuuPC Installation.lnk

2014-08-07 11:55 - 2014-08-07 11:55 - 00000000 ____D () C:\Users\Kendrick Sun\AppData\Roaming\VOPackage

2014-08-07 11:54 - 2014-08-07 11:54 - 00000000 ____D () C:\Program Files\Common Files\Goobzo

2014-08-07 11:53 - 2014-08-07 11:53 - 00632201 _____ () C:\Users\Kendrick Sun\Downloads\install.exe

2014-08-07 11:47 - 2014-01-24 22:39 - 00000948 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1152022502-1335729656-3061835487-1001UA.job

2014-08-07 11:47 - 2012-11-28 12:10 - 00000928 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1152022502-1335729656-3061835487-1001UA.job

2014-08-07 11:47 - 2012-11-09 20:05 - 00000906 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-08-07 11:47 - 2012-09-03 19:05 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-08-06 21:57 - 2014-01-24 22:39 - 00000926 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1152022502-1335729656-3061835487-1001Core.job

2014-08-06 17:02 - 2012-11-09 20:05 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-08-06 16:43 - 2013-12-09 17:58 - 00000000 ____D () C:\Program Files (x86)\Steam

2014-08-06 16:34 - 2012-11-28 12:10 - 00000876 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1152022502-1335729656-3061835487-1001Core.job

2014-08-06 11:55 - 2009-07-14 00:13 - 00786622 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-08-06 11:51 - 2014-07-16 18:04 - 00001474 _____ () C:\Windows\PFRO.log

2014-08-06 11:51 - 2014-07-16 18:04 - 00000952 _____ () C:\Windows\setupact.log

2014-08-06 11:51 - 2014-06-10 13:21 - 00000494 ____H () C:\Windows\Tasks\SO_Booster-S-5428256321.job

2014-08-06 11:51 - 2012-09-03 19:23 - 00000000 ____D () C:\Temp

2014-08-06 11:51 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-08-01 19:38 - 2014-04-23 18:27 - 00000000 ____D () C:\Users\Kendrick Sun\Documents\My Games

2014-08-01 19:37 - 2014-08-01 19:37 - 00000000 ____D () C:\ProgramData\Package Cache

2014-08-01 10:22 - 2014-08-01 10:21 - 00000000 ____D () C:\ProgramData\DisCountLocaatorr

2014-08-01 10:22 - 2014-06-10 13:19 - 00000000 ____D () C:\ProgramData\def5ac9fa204dd9b

2014-08-01 10:07 - 2014-08-01 10:07 - 00000000 ____D () C:\Users\Kendrick Sun\AppData\Local\Daedalic Entertainment GmbH

2014-07-31 19:27 - 2014-07-31 19:27 - 00009375 _____ () C:\Users\Kendrick Sun\Documents\Spreadsheet 1.xlsx

2014-07-28 18:38 - 2014-05-01 17:54 - 00000000 ____D () C:\Users\Kendrick Sun\AppData\Local\CrashDumps

2014-07-24 18:14 - 2014-07-24 16:33 - 00000000 ____D () C:\Users\Kendrick Sun\AppData\Local\Two Worlds II

2014-07-24 16:33 - 2014-07-22 17:08 - 00118615 _____ () C:\Windows\DirectX.log

2014-07-22 16:48 - 2009-07-14 00:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games

2014-07-20 18:45 - 2014-04-23 18:27 - 00000000 ____D () C:\Users\Kendrick Sun\AppData\Local\Skyrim

2014-07-20 18:44 - 2014-07-20 18:44 - 04279688 _____ (Black Tree Gaming ) C:\Users\Kendrick Sun\Downloads\Nexus Mod Manager-0.51.0.exe

2014-07-20 18:44 - 2014-07-20 18:44 - 00000892 _____ () C:\Users\Public\Desktop\Nexus Mod Manager.lnk

2014-07-20 18:44 - 2014-07-20 18:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager

2014-07-20 18:44 - 2014-07-20 18:44 - 00000000 ____D () C:\Program Files\Nexus Mod Manager

2014-07-20 18:44 - 2014-04-27 19:26 - 00000000 ____D () C:\Users\Kendrick Sun\AppData\Local\Black_Tree_Gaming

2014-07-20 18:42 - 2014-07-20 18:42 - 00000641 _____ () C:\Users\Kendrick Sun\Downloads\download (7)

2014-07-20 18:42 - 2014-07-20 18:42 - 00000641 _____ () C:\Users\Kendrick Sun\Downloads\download (6)

2014-07-20 18:24 - 2014-05-12 21:05 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-07-20 18:23 - 2014-05-12 21:05 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-07-20 18:23 - 2014-05-12 21:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-07-20 18:23 - 2014-05-12 21:05 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-07-20 18:09 - 2014-04-27 19:26 - 00000000 ____D () C:\Users\Kendrick Sun\Documents\Nexus Mod Manager

2014-07-20 15:05 - 2014-07-20 15:05 - 00000000 ____D () C:\ProgramData\AllSaveR

2014-07-19 14:16 - 2014-07-19 14:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus

2014-07-19 14:16 - 2014-07-19 14:16 - 00000000 ____D () C:\Program Files\McAfee Security Scan

2014-07-19 14:16 - 2014-07-12 13:05 - 00001933 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk

2014-07-19 14:16 - 2014-07-12 13:05 - 00000000 ____D () C:\ProgramData\McAfee Security Scan

2014-07-19 08:43 - 2014-07-19 08:43 - 00000000 ____D () C:\Users\Kendrick Sun\AppData\Local\Gas Powered Games

2014-07-18 15:46 - 2014-07-18 15:46 - 00000000 ____D () C:\Users\Kendrick Sun\AppData\Local\CrashRpt

2014-07-18 15:46 - 2014-07-18 15:43 - 00000000 ____D () C:\Users\Kendrick Sun\AppData\Local\wf-launcher

2014-07-18 15:43 - 2014-07-18 15:43 - 00000000 ____D () C:\ProgramData\GFACE

2014-07-16 18:11 - 2014-07-16 17:08 - 00000000 ____D () C:\Users\Kendrick Sun\AppData\Local\Warframe

2014-07-16 18:04 - 2014-07-16 18:04 - 00000000 _____ () C:\Windows\setuperr.log

2014-07-16 18:02 - 2014-07-16 18:02 - 00002786 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC

2014-07-16 18:02 - 2014-07-16 18:02 - 00000824 _____ () C:\Users\Public\Desktop\CCleaner.lnk

2014-07-16 18:02 - 2014-07-16 18:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner

2014-07-16 18:02 - 2014-07-16 18:02 - 00000000 ____D () C:\Program Files\CCleaner

2014-07-16 18:02 - 2014-07-16 18:01 - 04812672 _____ (Piriform Ltd) C:\Users\Kendrick Sun\Downloads\ccsetup415.exe

2014-07-16 18:02 - 2011-02-10 09:25 - 00000000 ____D () C:\Windows\panther

2014-07-16 17:46 - 2014-07-16 17:45 - 100271992 _____ (Microsoft Corporation) C:\Users\Kendrick Sun\Downloads\directx_Jun2010_redist.exe

2014-07-16 17:31 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Registration

2014-07-16 15:29 - 2014-07-16 15:29 - 00005103 _____ () C:\Users\Kendrick Sun\Downloads\StarDrive.CT

2014-07-16 15:19 - 2014-07-16 15:19 - 00000000 ____D () C:\Users\Kendrick Sun\AppData\Roaming\StarDrive

2014-07-16 15:19 - 2014-07-16 15:19 - 00000000 ____D () C:\Program Files (x86)\Microsoft XNA

2014-07-14 23:11 - 2014-07-14 23:11 - 00000000 ____D () C:\ProgramData\tpperfEctcouPoNi

2014-07-12 13:06 - 2012-09-03 19:05 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-07-12 13:06 - 2012-09-03 19:05 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-07-12 13:06 - 2012-09-03 19:05 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-07-10 03:46 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache

2014-07-10 03:21 - 2010-11-21 02:17 - 00000000 ____D () C:\Program Files\Windows Journal

2014-07-10 03:21 - 2009-07-13 23:45 - 00411568 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-07-10 03:21 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism

2014-07-10 03:21 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Dism

2014-07-10 03:05 - 2012-10-09 13:49 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-07-10 03:04 - 2013-08-23 03:00 - 00000000 ____D () C:\Windows\system32\MRT

2014-07-10 03:02 - 2012-11-07 17:36 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

 

Some content of TEMP:

====================

C:\Users\George Sun\AppData\Local\Temp\BRSVC_1037983_hlp.exe

C:\Users\Kendrick Sun\AppData\Local\Temp\cabex.dll

C:\Users\Kendrick Sun\AppData\Local\Temp\Reporter.exe

C:\Users\Kendrick Sun\AppData\Local\Temp\sd.exe

C:\Users\Kendrick Sun\AppData\Local\Temp\unelevate.exe

C:\Users\spare\AppData\Local\Temp\ose00000.exe

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2014-08-01 19:19

 

==================== End Of Log ============================

Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-08-2014

Ran by Kendrick Sun at 2014-08-07 12:00:51

Running from C:\Users\Kendrick Sun\Downloads

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

64 Bit HP CIO Components Installer (Version: 7.2.4 - Hewlett-Packard) Hidden

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )

Accidental Damage Services Agreement (HKLM-x32\...\{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}) (Version: 2.0.0 - Dell Inc.)

Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)

Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)

AllSaveR (HKLM-x32\...\{F5853CDF-2C63-6D1D-B286-CBB1CD5DFD62}) (Version:  - AAllSaVer) <==== ATTENTION

Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Banctec Service Agreement (HKLM-x32\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.)

Bing Bar (HKLM-x32\...\{49977584-B20E-46AB-818F-845815378904}) (Version: 7.3.117.0 - Microsoft Corporation)

Bing Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.0.45.0 - Microsoft Corporation)

bjnplugin (HKLM-x32\...\{2F712FBE-BD02-4806-AB5F-D63EE017A298}) (Version: 1.1.0.658 - Blue Jeans)

Blackguards (HKLM-x32\...\Steam App 249650) (Version:  - Daedalic Entertainment)

CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)

Complete Care Business Service Agreement (HKLM-x32\...\{0ECFCB07-9BFE-4970-ACA1-D568D982760B}) (Version: 2.0.0 - Dell Inc.)

Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)

Cypress TrackPad (HKLM\...\{7F2F6CC5-434B-4311-9DE2-60C7CAF50B73}_is1) (Version: 2.3.6.34 - Cypress Semiconductor, Inc.)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

DefianceRuntimes (HKLM-x32\...\{79B1FF35-9EA8-48ED-98D6-19ABE004BE89}) (Version: 1.0.2 - Trion Worlds, Inc.)

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5C78021E-3C8E-4EDF-97EA-E9B8D808FD6D}) (Version:  - Microsoft)

Dell 2155cdn Corporate Package (HKLM-x32\...\{E27B64A6-814B-44E6-83A4-10022A3BC1D0}) (Version: 2.3.0.0 - Dell Inc.)

Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.67 - Dell Inc.)

Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.67 - Dell Inc.)

Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell)

Dell Digital Delivery (HKLM-x32\...\{9DDFE322-6BA0-4F90-8689-D98382492371}) (Version: 2.1.1002.0 - Dell Products, LP)

Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)

Dell Home Systems Service Agreement (HKLM-x32\...\{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}) (Version: 2.0.0 - Dell Inc.)

Dell Support Center (HKLM\...\Dell Support Center) (Version: 3.1.5907.16 - Dell Inc.)

Dell Support Center (Version: 3.1.5907.16 - PC-Doctor, Inc.) Hidden

Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.01.15 - Creative Technology Ltd)

DisCountLocaatorr (HKLM-x32\...\{194FED75-9C74-BDB7-53F8-8CFFEF1AFEC9}) (Version:  - DisacountLocaTaoR)

eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden

Facebook Video Calling 2.0.0.447 (HKLM-x32\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited)

Fallout Mod Manager 0.13.21 (HKLM-x32\...\Generic Mod Manager_is1) (Version:  - Q, Timeslip)

Fast And Safe (HKLM-x32\...\{5F189DF5-2D05-472B-9091-84D9848AE48B}{64af91bf}) (Version:  - GTgroup) <==== ATTENTION

Free Audio Recorder 1.0 (HKLM-x32\...\Free Audio Recorder_is1) (Version:  - Deepcom.com)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)

Google Chrome Frame (HKLM-x32\...\Google Chrome Frame) (Version: 31.0.1650.63 - Google Inc.)

Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)

Google Talk Plugin (HKLM-x32\...\{2A83AD05-56E6-3FBD-8752-B4143162EF59}) (Version: 4.9.1.16010 - Google)

Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden

HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)

HP FWUpdateEDO3 (HKLM-x32\...\{A82D0C46-EBDF-4B27-A731-D06EF2056E81}) (Version: 1.0.0.0 - Hewlett-Packard Company)

HP LaserJet Professional CM1410 Series (HKLM-x32\...\{0EF0EA0D-F945-4958-85CC-60FF1E86D216}) (Version:  - Hewlett-Packard)

HP LJ CM1410 MFP Series HP Scan (HKLM-x32\...\{21749F4E-02A1-4828-9A1E-BBDF5929C5D0}) (Version: 1.0.302.0 - Hewlett-Packard Co.)

HP Unified IO (Version: 1.0.1.95 - HP) Hidden

HP Unified IO (x32 Version: 1.0.1.95 - HP) Hidden

HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)

HPLaserJetHelp_LearnCenter (HKLM-x32\...\{22FE3793-5961-4ADE-AE66-69D9291C22B1}) (Version: 1.03.0000 - Hewlett-Packard)

HPLJUT (x32 Version: 1.00.0012 - HP) Hidden

hppCM1410LaserJetService (x32 Version: 001.008.00477 - Hewlett-Packard) Hidden

hppFaxDrvCM1410 (x32 Version: 003.000.00001 - Hewlett-Packard) Hidden

hppFaxUtilityCM1410 (x32 Version: 000.002.00001 - Hewlett-Packard) Hidden

hppLaserJetService (x32 Version: 002.015.00599 - Hewlett-Packard) Hidden

hppSendFaxCM1410 (x32 Version: 003.000.00001 - Hewlett-Packard) Hidden

hppTLBXFXCM1410 (x32 Version: 001.012.00948 - Hewlett-Packard) Hidden

hpzTLBXFX (x32 Version: 006.015.01163 - Hewlett-Packard) Hidden

I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)

Intel PROSet Wireless (Version:  - ) Hidden

Intel® Identity Protection Technology 1.2.22.0 (HKLM-x32\...\{387B63A5-5016-1015-B06B-A9A1030E3125}) (Version: 1.2.22.0 - Intel Corporation)

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2455 - Intel Corporation)

Intel® PROSet/Wireless for Bluetooth® + High Speed (HKLM\...\{37EC048A-81A2-452A-8D1F-3BE2018E767D}) (Version: 15.1.0.0096 - Intel Corporation)

Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{3015F546-6C3E-4E6A-B564-BCDF88C0BA2A}) (Version: 2.1.1.0153 - Intel Corporation)

Intel® Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 1.0.0.1008 - Intel Corporation)

Intel® Smart Connect Technology 2.0 x64 (HKLM\...\{39D1D2EA-6F53-4268-B5E8-F78B22049A41}) (Version: 2.0.871.0 - Intel)

Intel® WiDi (HKLM-x32\...\{E1B934BB-6AFA-429F-98E4-76F9CBC72BF6}) (Version: 2.2.14.0 - Intel Corporation)

Intel® WiDi Widget (HKLM-x32\...\{CF84827D-6048-435B-80CD-4F6CAF5F99CF}) (Version: 1.2.0.0 - Intel Corporation)

Intel® PROSet/Wireless WiFi Software (HKLM\...\{E97F409F-9E1C-42A0-B72D-765A78DF3696}) (Version: 15.01.0000.0830 - Intel Corporation)

iolo technologies' System Mechanic (HKLM-x32\...\{55FD1D5A-7AEF-4DA3-8FAF-A71B2A52FFC7}_is1) (Version: 12.7.0 - iolo technologies, LLC)

iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)

iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)

Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle)

Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden

Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

lEss2paay (HKLM-x32\...\{82B558C7-2A69-D3D5-B65A-DCAB3B65AD02}) (Version:  - lesso2pay) <==== ATTENTION

Logitech SetPoint 6.61 (HKLM\...\sp6) (Version: 6.61.15 - Logitech)

Logitech Webcam Software (HKLM\...\{987FE247-4E69-4A2E-A961-D14F901FDBF6}) (Version: 12.10.1113 - Logitech Inc.)

Logitech Webcam Software Driver Package (HKLM\...\lvdrivers_12.10) (Version: 12.10.1110 - Logitech Inc.)

Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)

Marketsplash Shortcuts (HKLM-x32\...\{FB0C267C-8B4F-4867-8161-A6A3B66D42C1}) (Version: 1.0.0.9 - Hewlett-Packard)

McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)

MegaTrainer eXperience V1.2.4.2 (HKLM-x32\...\MegaTrainer eXperience_is1) (Version:  - )

Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden

Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)

Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)

Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Office 2010 Primary Interop Assemblies (HKLM-x32\...\{90140000-1105-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1024 - Microsoft Corporation)

Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)

Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Online Services Sign-in Assistant (HKLM\...\{46E637E2-AC34-4B45-B5DF-D20903A3DB61}) (Version: 7.250.4303.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)

Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)

Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden

Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50325 - Microsoft Corporation)

Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.50330 - Microsoft Corporation) Hidden

Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)

Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)

MotoHelper 2.1.41 Driver 5.5.0 (HKLM-x32\...\MotoHelper) (Version: 2.1.41 - Motorola)

MotoHelper MergeModules (x32 Version: 1.2.0 - Motorola) Hidden

Motorola Mobile Drivers Installation 5.5.0 (Version: 5.5.0 - Motorola Inc.) Hidden

MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden

MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.51.0 - Black Tree Gaming)

NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)

PL-2303 USB-to-Serial (HKLM-x32\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.00.000 - Prolific Technology INC)

Premium Service Agreement (HKLM-x32\...\{C33AA6D6-F5EC-48F3-AFDC-8141345D473A}) (Version: 2.0.0 - Dell Inc.)

QualxServ Service Agreement (HKLM-x32\...\{903679E8-44C8-4C07-9600-05C92654FC50}) (Version: 2.0.0 - Dell Inc.)

Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.19 - Dell Inc.)

QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)

saavE on (HKLM-x32\...\{993EA8F6-6E55-7E4E-39DE-5796E3226DB9}) (Version: 1.0.0.1142 - save on) <==== ATTENTION

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden

Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.2.15747.10003 - Microsoft Corporation)

Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)

SO_Booster (HKLM-x32\...\S-5428256321) (Version: 1.0.0.1424 - PremiumSoft) <==== ATTENTION

SO_Sustainer 1.80 (HKLM-x32\...\{5F189DF5-2D05-472B-9091-84D9848AE48B}{29850aa3}) (Version:  - Certified Publisher) <==== ATTENTION

Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)

TaakeTheCouuppOni (HKLM-x32\...\{53B21E29-3967-C332-57EB-C02631658584}) (Version:  - TTAkeThECouppon) <==== ATTENTION

The Divinity Engine (HKLM-x32\...\Steam App 307400) (Version:  - )

tpperfEctcouPoNi (HKLM-x32\...\{23B82977-C816-92D2-66E7-BE67DD1E7786}) (Version:  - tperfectcoupon) <==== ATTENTION

Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)

Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)

Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4ACD847E-547D-493F-9A86-F73EAE1B5174}) (Version:  - Microsoft)

Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)

Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)

Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)

Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{C0BDC1DE-C35E-422B-8CBD-C1D555468720}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version:  - Microsoft)

Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)

Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)

Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)

Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)

Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)

Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)

Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)

Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)

Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)

Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)

Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)

Updater (HKLM-x32\...\{D54E3D9F-FEB8-4D2D-A138-B69A5C80080B}) (Version: 2.6.53 - Creative Island Media, LLC) <==== ATTENTION

Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)

VO Package (HKLM-x32\...\VOPackage) (Version: 1.0.0.0 - ) <==== ATTENTION

Wasteland 2 (HKLM-x32\...\Steam App 240760) (Version:  - inXile Entertainment)

Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)

Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden

Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

WinZip 17.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240D7}) (Version: 17.0.10283 - WinZip Computing, S.L. )

XCom Long War EW Mod version Beta 9a (HKLM-x32\...\{860C3266-65B9-4BF2-937A-1778483046B5}_is1) (Version: Beta 9a - JohnnyLump)

YoutubeAdblocker (HKLM-x32\...\{4820778D-AB0D-6D18-C316-52A6A0E1D507}) (Version: 1.0.0.1142 - YoutubeAdblocker) <==== ATTENTION

 

==================== Custom CLSID (selected items): ==========================

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

 

==================== Restore Points  =========================

 

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

 

==================== Scheduled Tasks (whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

 

Task: {077486FF-C047-4057-B7CF-2064075E3B04} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\MpCmdRun.exe

Task: {2A4084B0-67CC-4744-A975-25B9CCBAB441} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-12] (Adobe Systems Incorporated)

Task: {3673948E-57EE-45B0-89C5-117CEBF8CFE7} - System32\Tasks\HPLJCustParticipation => C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe [2010-09-22] (Hewlett Packard)

Task: {412A7CEC-40AF-47A8-9A71-406F04E4B360} - System32\Tasks\iolo Process Governor => C:\Program Files (x86)\iolo\System Mechanic\iologovernor64.exe [2014-04-07] (iolo technologies, LLC)

Task: {434DF673-5FC2-4D84-9EC7-9C019157F2FB} - System32\Tasks\SO_Booster-S-5428256321 => c:\programdata\supersoftware app\so_booster\SO_Booster.exe [2014-06-10] () <==== ATTENTION

Task: {4951305F-DC46-48F2-B765-4A901219F3C3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {53A30975-CC54-4B6D-8CDB-24B0AF751E09} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1152022502-1335729656-3061835487-1001Core => C:\Users\George Sun\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-09] (Google Inc.)

Task: {6E4A1595-9EF2-49C9-BB5C-D37A69FFAC09} - System32\Tasks\MotoHelper Routing => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2012-02-06] ()

Task: {761C09CE-67A4-4511-A6AC-E6315341D064} - System32\Tasks\{E9AB3701-729B-4AC2-BF5A-DDB46C703D9D} => Iexplore.exe http://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603

Task: {884F8025-5343-4EDB-904C-02F236153D0B} - System32\Tasks\MotoHelper Initial Update => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2012-02-06] ()

Task: {8B39F911-AD71-4BAC-A692-F56930CA29BC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: {8D7C2B28-204F-4C0D-82FA-DCE88BBC3BCD} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup

Task: {954E1A7C-C053-4205-84CE-C9E59D1A23ED} - System32\Tasks\MotoHelper Update => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2012-02-06] ()

Task: {A9838770-7881-4A22-8203-1E35DFD9AD3C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1152022502-1335729656-3061835487-1001UA => C:\Users\George Sun\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-09] (Google Inc.)

Task: {BC1C9681-C69F-457F-A634-556CEC9631ED} - System32\Tasks\TidyNetwork Update => C:\Users\George Sun\AppData\Local\TidyNetwork\petnupdate.exe

Task: {D946EF54-BD35-42EC-BB6A-C794BA31164A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: {DCD2A1A3-C25D-4B6F-8A3E-859C9C19EE14} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1152022502-1335729656-3061835487-1001UA => C:\Users\George Sun\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-01-24] (Facebook Inc.)

Task: {DCFC4B8A-094B-4CAF-8241-F47E440ADCF5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd)

Task: {EAB3A506-E9D2-4DE8-8F6F-487F0A8C552E} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1152022502-1335729656-3061835487-1001Core => C:\Users\George Sun\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-01-24] (Facebook Inc.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1152022502-1335729656-3061835487-1001Core.job => C:\Users\George Sun\AppData\Local\Facebook\Update\FacebookUpdate.exe

Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1152022502-1335729656-3061835487-1001UA.job => C:\Users\George Sun\AppData\Local\Facebook\Update\FacebookUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1152022502-1335729656-3061835487-1001Core.job => C:\Users\George Sun\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1152022502-1335729656-3061835487-1001UA.job => C:\Users\George Sun\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\SO_Booster-S-5428256321.job => c:\programdata\supersoftware app\so_booster\SO_Booster.exe <==== ATTENTION

 

==================== Loaded Modules (whitelisted) =============

 

2014-06-10 13:21 - 2014-06-10 13:21 - 04210176 _____ () C:\Program Files (x86)\SO_Booster\Assistant_x64.dll

2014-06-30 19:18 - 2014-06-30 19:18 - 04302848 _____ () C:\ProgramData\Fast And Safe\FastAndSafe_x64.dll

2011-11-10 12:15 - 2011-11-10 12:15 - 00121856 _____ () c:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe

2011-11-10 12:15 - 2011-11-10 12:15 - 00043520 _____ () c:\Program Files\Intel\Intel® Smart Connect Technology Agent\NetworkHeuristic.dll

2011-11-10 12:15 - 2011-11-10 12:15 - 00029696 _____ () c:\Program Files\Intel\Intel® Smart Connect Technology Agent\ISCTNetDetect.dll

2011-11-10 12:15 - 2011-11-10 12:15 - 00030208 _____ () c:\Program Files\Intel\Intel® Smart Connect Technology Agent\ISCTHidMonitor.exe

2012-02-06 12:17 - 2012-02-06 12:17 - 00214896 _____ () C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe

2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF

2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll

2012-02-06 12:17 - 2012-02-06 12:17 - 00784240 _____ () C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe

2012-09-03 20:41 - 2011-07-19 18:04 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll

2014-06-10 13:21 - 2014-06-10 13:21 - 00729600 _____ () c:\programdata\supersoftware app\so_booster\SO_Booster.exe

2014-08-03 14:15 - 2014-08-03 14:15 - 09735168 _____ () C:\Program Files (x86)\Steam\steamapps\common\Blackguards\Blackguards.exe

2014-08-07 11:53 - 2014-08-07 11:53 - 00632201 _____ () C:\Users\Kendrick Sun\Downloads\install.exe

2014-08-07 11:54 - 2014-08-07 17:20 - 00815488 _____ () C:\Users\Kendrick Sun\AppData\Local\Temp\sd.exe

2014-08-07 11:55 - 2014-08-07 11:54 - 00392973 _____ () C:\Users\Kendrick Sun\AppData\Roaming\VOPackage\VOPackage.exe

2014-02-25 01:29 - 2014-02-25 01:29 - 00353792 _____ () C:\Users\Kendrick Sun\AppData\Roaming\VOPackage\VOsrv.exe

2014-06-10 13:21 - 2014-06-10 13:21 - 04296192 _____ () c:\Program Files (x86)\SO_Booster\Assistant.dll

2014-06-30 19:18 - 2014-06-30 19:18 - 04125696 _____ () c:\ProgramData\Fast And Safe\FastAndSafe.dll

2014-06-10 13:21 - 2014-06-10 13:21 - 00174928 _____ () c:\Program Files (x86)\SO_Booster\AssistantSvc.dll

2014-06-30 19:18 - 2014-06-30 19:18 - 00186192 _____ () c:\ProgramData\Fast And Safe\FastAndSafeSvc.dll

2011-09-27 07:23 - 2011-09-27 07:23 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2011-09-27 07:22 - 2011-09-27 07:22 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2010-10-25 15:36 - 2010-10-25 15:36 - 00119864 _____ () C:\Program Files (x86)\HP\ToolboxFX\bin\nativeutils.dll

2014-05-21 17:02 - 2014-07-11 19:53 - 01116672 _____ () C:\Program Files (x86)\Steam\libavcodec-55.dll

2014-04-23 18:17 - 2014-07-11 19:53 - 00438784 _____ () C:\Program Files (x86)\Steam\libavutil-53.dll

2014-05-21 17:02 - 2014-07-11 19:53 - 00399360 _____ () C:\Program Files (x86)\Steam\libavformat-55.dll

2014-02-08 12:04 - 2014-07-11 19:53 - 00331264 _____ () C:\Program Files (x86)\Steam\libavresample-1.dll

2013-12-09 17:59 - 2014-06-26 17:40 - 00764416 _____ () C:\Program Files (x86)\Steam\SDL2.dll

2014-05-21 17:02 - 2014-07-15 21:28 - 02139328 _____ () C:\Program Files (x86)\Steam\video.dll

2014-05-21 17:02 - 2014-04-28 19:37 - 00519168 _____ () C:\Program Files (x86)\Steam\libswscale-2.dll

2013-12-09 17:59 - 2014-07-15 21:28 - 01116864 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL

2013-12-09 17:59 - 2014-05-01 18:35 - 20628160 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll

2014-07-12 13:05 - 2014-07-12 13:06 - 17029808 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll

2014-08-03 14:15 - 2014-08-03 14:47 - 02086912 _____ () C:\Program Files (x86)\Steam\steamapps\common\Blackguards\Blackguards_Data\Mono\mono.dll

2014-08-03 14:49 - 2014-08-03 14:49 - 00054784 _____ () C:\Program Files (x86)\Steam\steamapps\common\Blackguards\Daedalic.Ecosystems.Steam.External.dll

2013-12-09 17:59 - 2014-07-15 21:28 - 00359104 _____ () C:\Program Files (x86)\Steam\steam.dll

2014-08-03 14:15 - 2014-08-03 14:30 - 00548352 _____ () C:\Program Files (x86)\Steam\steamapps\common\Blackguards\Blackguards_Data\Plugins\XaitPlugin.dll

2014-08-03 14:15 - 2014-08-03 14:52 - 01282560 _____ () C:\Program Files (x86)\Steam\steamapps\common\Blackguards\xaitcommon-win32S-vc100shared.dll

2014-08-03 14:15 - 2014-08-03 14:51 - 00616448 _____ () C:\Program Files (x86)\Steam\steamapps\common\Blackguards\xaitcontrol-win32S-vc100shared.dll

2014-08-07 11:55 - 2014-08-07 11:55 - 00117248 _____ () C:\Users\Kendrick Sun\AppData\Local\Temp\nsj337A.tmp\IpConfig.dll

2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll

2014-05-24 21:03 - 2014-05-13 18:40 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\libglesv2.dll

2014-05-24 21:03 - 2014-05-13 18:40 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\libegl.dll

2014-05-24 21:03 - 2014-05-13 18:40 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll

2014-05-24 21:03 - 2014-05-13 18:40 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll

2014-05-24 21:03 - 2014-05-13 18:40 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ffmpegsumo.dll

2014-07-16 15:32 - 2014-07-08 08:18 - 14663856 _____ () C:\Users\Kendrick Sun\AppData\Local\Google\Chrome\User Data\PepperFlash\14.0.0.145\pepflashplayer.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

 

==================== Safe Mode (whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ioloSystemService => ""="Service"

 

==================== EXE Association (whitelisted) =============

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

 

==================== MSCONFIG/TASK MANAGER disabled items =========

 

(Currently there is no automatic fix for this section.)

 

MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (08/06/2014 01:06:35 PM) (Source: MsiInstaller) (EventID: 11706) (User: GEORGESUN-PC)

Description: Product: HiJackThis -- Error 1706. An installation package for the product HiJackThis cannot be found. Try the installation again using a valid copy of the installation package 'HijackThis.msi'.

 

Error: (08/06/2014 11:51:13 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (08/06/2014 11:51:11 AM) (Source: ISCT Agent) (EventID: 1003) (User: )

Description: RegInit   OEM default registry path does not exist.

 

Error: (08/03/2014 07:00:00 PM) (Source: Windows Backup) (EventID: 4103) (User: )

Description: The backup did not complete because of an error writing to the backup location D:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

 

Error: (08/01/2014 07:19:09 PM) (Source: SideBySide) (EventID: 9) (User: )

Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.

The manifest file root element must be assembly.

 

Error: (08/01/2014 00:12:48 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (08/01/2014 00:12:45 PM) (Source: ISCT Agent) (EventID: 1003) (User: )

Description: RegInit   OEM default registry path does not exist.

 

Error: (07/31/2014 07:25:50 PM) (Source: Windows Backup) (EventID: 4103) (User: )

Description: The backup did not complete because of an error writing to the backup location D:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

 

Error: (07/25/2014 02:05:58 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: TwoWorlds2.exe, version: 1.3.5.0, time stamp: 0x4f1db4e0

Faulting module name: TwoWorlds2.exe, version: 1.3.5.0, time stamp: 0x4f1db4e0

Exception code: 0xc0000005

Fault offset: 0x00717f7a

Faulting process id: 0x1b78

Faulting application start time: 0xTwoWorlds2.exe0

Faulting application path: TwoWorlds2.exe1

Faulting module path: TwoWorlds2.exe2

Report Id: TwoWorlds2.exe3

 

Error: (07/25/2014 01:11:22 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: TwoWorlds2.exe, version: 1.3.5.0, time stamp: 0x4f1db4e0

Faulting module name: TwoWorlds2.exe, version: 1.3.5.0, time stamp: 0x4f1db4e0

Exception code: 0xc0000005

Fault offset: 0x00717f7a

Faulting process id: 0x1034

Faulting application start time: 0xTwoWorlds2.exe0

Faulting application path: TwoWorlds2.exe1

Faulting module path: TwoWorlds2.exe2

Report Id: TwoWorlds2.exe3

 

 

System errors:

=============

Error: (08/06/2014 11:53:20 AM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The Dell Digital Delivery Service service terminated unexpectedly.  It has done this 1 time(s).

 

Error: (08/06/2014 11:53:15 AM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Intel® Management and Security Application User Notification Service service depends on the Intel® Management and Security Application Local Management Service service which failed to start because of the following error: 

%%1058

 

Error: (08/06/2014 11:51:13 AM) (Source: Service Control Manager) (EventID: 7026) (User: )

Description: The following boot-start or system-start driver(s) failed to load: 

cdrom

 

Error: (08/06/2014 11:51:06 AM) (Source: EventLog) (EventID: 6008) (User: )

Description: The previous system shutdown at 8:08:01 PM on ‎8/‎5/‎2014 was unexpected.

 

Error: (08/01/2014 00:14:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The Dell Digital Delivery Service service terminated unexpectedly.  It has done this 1 time(s).

 

Error: (08/01/2014 00:14:49 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Intel® Management and Security Application User Notification Service service depends on the Intel® Management and Security Application Local Management Service service which failed to start because of the following error: 

%%1058

 

Error: (08/01/2014 00:12:47 PM) (Source: Service Control Manager) (EventID: 7026) (User: )

Description: The following boot-start or system-start driver(s) failed to load: 

cdrom

 

Error: (08/01/2014 00:12:41 PM) (Source: EventLog) (EventID: 6008) (User: )

Description: The previous system shutdown at 12:04:02 PM on ‎8/‎1/‎2014 was unexpected.

 

Error: (08/01/2014 09:08:50 AM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.

 

Error: (07/25/2014 01:11:20 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

 

 

Microsoft Office Sessions:

=========================

Error: (08/06/2014 01:06:35 PM) (Source: MsiInstaller) (EventID: 11706) (User: GEORGESUN-PC)

Description: Product: HiJackThis -- Error 1706. An installation package for the product HiJackThis cannot be found. Try the installation again using a valid copy of the installation package 'HijackThis.msi'.(NULL)(NULL)(NULL)(NULL)(NULL)

 

Error: (08/06/2014 11:51:13 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (08/06/2014 11:51:11 AM) (Source: ISCT Agent) (EventID: 1003) (User: )

Description: RegInit   OEM default registry path does not exist.

 

Error: (08/03/2014 07:00:00 PM) (Source: Windows Backup) (EventID: 4103) (User: )

Description: D:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)

 

Error: (08/01/2014 07:19:09 PM) (Source: SideBySide) (EventID: 9) (User: )

Description: C:\Program Files\WinZip\adxloader.dll.ManifestC:\Program Files\WinZip\adxloader.dll.Manifest2

 

Error: (08/01/2014 00:12:48 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (08/01/2014 00:12:45 PM) (Source: ISCT Agent) (EventID: 1003) (User: )

Description: RegInit   OEM default registry path does not exist.

 

Error: (07/31/2014 07:25:50 PM) (Source: Windows Backup) (EventID: 4103) (User: )

Description: D:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)

 

Error: (07/25/2014 02:05:58 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: TwoWorlds2.exe1.3.5.04f1db4e0TwoWorlds2.exe1.3.5.04f1db4e0c000000500717f7a1b7801cfa833dca42205C:\Program Files (x86)\Steam\steamapps\common\Two Worlds II\TwoWorlds2.exeC:\Program Files (x86)\Steam\steamapps\common\Two Worlds II\TwoWorlds2.exeb584c0ea-142e-11e4-9af0-00dbdf1990f5

 

Error: (07/25/2014 01:11:22 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: TwoWorlds2.exe1.3.5.04f1db4e0TwoWorlds2.exe1.3.5.04f1db4e0c000000500717f7a103401cfa796f7d46224C:\Program Files (x86)\Steam\steamapps\common\Two Worlds II\TwoWorlds2.exeC:\Program Files (x86)\Steam\steamapps\common\Two Worlds II\TwoWorlds2.exe14b6a22e-1427-11e4-9af0-00dbdf1990f5

 

 

==================== Memory info =========================== 

 

Percentage of memory in use: 85%

Total physical RAM: 3406.59 MB

Available physical RAM: 483.35 MB

Total Pagefile: 6811.37 MB

Available Pagefile: 2060.59 MB

Total Virtual: 8192 MB

Available Virtual: 8191.84 MB

 

==================== Drives ================================

 

Drive c: (OS) (Fixed) (Total:98.95 GB) (Free:17.11 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 119 GB) (Disk ID: 41B95BF8)

Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)

Partition 2: (Active) - (Size=12 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=99 GB) - (Type=07 NTFS)

Partition 4: (Not Active) - (Size=8 GB) - (Type=84)

 

==================== End Of Log ============================

Link to post
Share on other sites

aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software

Run date: 2014-08-07 12:04:35

-----------------------------

12:04:35.478    OS Version: Windows x64 6.1.7601 Service Pack 1

12:04:35.478    Number of processors: 4 586 0x2A07

12:04:35.479    ComputerName: GEORGESUN-PC  UserName: Kendrick Sun

12:04:35.592    Initialize success

12:04:35.606    VM: initialized successfully

12:04:35.610    VM: Intel CPU supported 

12:04:40.200    VM: supported disk I/O iaStor.sys

12:06:28.520    AVAST engine defs: 14080700

12:06:45.056    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0

12:06:45.066    Disk 0 Vendor: LITEONIT VYDB Size: 122104MB BusType: 3

12:06:45.080    VM: Disk 0 MBR read successfully

12:06:45.090    Disk 0 MBR scan

12:06:45.098    Disk 0 Windows VISTA default MBR code

12:06:45.103    Disk 0 Partition 1 00     DE Dell Utility DELL 4.1       39 MB offset 63

12:06:45.110    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS        12542 MB offset 81920

12:06:45.116    Disk 0 Boot: NTFS     code=1

12:06:45.122    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       101329 MB offset 25767936

12:06:45.130    Disk 0 Partition 4 00     84 OS/2 hidden C:              8192 MB offset 233289728

12:06:45.150    Disk 0 scanning C:\Windows\system32\drivers

12:06:51.378    Service scanning

12:07:06.788    Modules scanning

12:07:06.796    Disk 0 trace - called modules:

12:07:06.804    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 

12:07:06.810    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800611b060]

12:07:06.821    3 CLASSPNP.SYS[fffff880015d143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa8004f1f050]

12:07:07.122    AVAST engine scan C:\Windows

12:07:07.778    AVAST engine scan C:\Windows\system32

12:09:18.393    AVAST engine scan C:\Windows\system32\drivers

12:09:23.022    AVAST engine scan C:\Users\Kendrick Sun

12:09:28.794    File: C:\Users\Kendrick Sun\AppData\Local\Google\Chrome\User Data\Default\Preferences  **SUSPICIOUS**

12:09:44.254    File: C:\Users\Kendrick Sun\Desktop\Impire+7 trainer.gundamdxhk.EXE  **INFECTED** Win32:Malware-gen

12:09:44.807    File: C:\Users\Kendrick Sun\Desktop\InstallerX\2014-06-10\131851\addons\usetup.exe  **INFECTED** Win32:Agent-ASOC [Adw]

12:10:20.192    File: C:\Users\Kendrick Sun\Downloads\Setup.exe  **INFECTED** Win32:Adware-gen [Adw]

12:10:28.459    File: C:\Users\Kendrick Sun\AppData\Local\Temp\nst8928.tmp\ExecCmd.dll **HIDDEN**

12:10:28.609    AVAST engine scan C:\ProgramData

12:10:29.356    File: C:\ProgramData\AllSaveR\Gn2FF.dll  **INFECTED** Win32:Dropper-gen [Drp]

12:10:29.433    File: C:\ProgramData\AllSaveR\Gn2FF.exe  **INFECTED** Win32:Dropper-gen [Drp]

12:10:29.510    File: C:\ProgramData\AllSaveR\Gn2FF.x64.dll  **INFECTED** Win32:Malware-gen

12:10:29.852    File: C:\ProgramData\DisCountLocaatorr\7yYDY9n2SG.exe  **INFECTED** Win32:Malware-gen

12:10:30.335    File: C:\ProgramData\Fast And Safe\FastAndSafe.dll  **INFECTED** Win32:Trojan-gen

12:10:30.380    File: C:\ProgramData\Fast And Safe\FastAndSafeSvc.dll  **INFECTED** Win32:Adware-gen [Adw]

12:10:31.512    File: C:\ProgramData\lEss2paay\RX.dll  **INFECTED** Win32:Dropper-gen [Drp]

12:10:48.106    File: C:\ProgramData\Supersoftware App\SO_Booster\SO_Booster.exe  **INFECTED** Win32:Agent-ASOC [Adw]

12:10:48.648    File: C:\ProgramData\tpperfEctcouPoNi\VDjGJrFM8_.dll  **INFECTED** Win32:Dropper-gen [Drp]

12:10:50.021    Scan finished successfully

12:11:31.881    Disk 0 MBR has been saved successfully to "C:\Users\Kendrick Sun\Desktop\MBR.dat"

12:11:31.888    The log file has been saved successfully to "C:\Users\Kendrick Sun\Desktop\aswMBR.txt"
Link to post
Share on other sites

We need to remove some programs with Revo Uninstaller Free:


Note: Revo Uninstaller is more thorough in deleting programs on your computer than using the Add/Remove option in Windows. Since it is a more powerful tool, please be sure to follow the instructions carefully.
Note: If the program you want to uninstall is not listed by Revo, let me know and we will try an altenate method of removal.

  • Please download and install Revo Uninstaller Free
    note: there is no need to click anything on that page, the download will start automatically
  • Double click Revo Uninstaller to run it
  • From the list of programs double click on the listed program(s), or anything similar, to remove it:
    YoutubeAdblockerUpdaterVO PackagetpperfEctcouPoNiTaakeTheCouuppOniSO_Sustainer 1.80SO_BoostersaavE onlEss2paayFast And SafeAllSaveR
  • When prompted if you want to uninstall click Yes
  • Be sure the Moderate option is selected then click Next
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next
  • Check the items in bold only on the list then click Delete
    note: you may have to expand some folders by clicking the "+" mark
  • When prompted click on Yes and then on Next
  • Put a check on any folders that are found and select Delete
  • When prompted select Yes then Next
  • Once done click Finish

 

 

 

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe



When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.

Link to post
Share on other sites

Combofix scripting

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt and save it to the location where Combofix is saved to.


CFScriptB-4.gif


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

 

 

 

 

Full System Scan with Malwarebytes Antimalware
 

  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

CFScript.txt

Link to post
Share on other sites

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 8/8/2014

Scan Time: 11:16:33 AM

Logfile: 

Administrator: Yes

 

Version: 2.00.2.1012

Malware Database: v2014.08.08.04

Rootkit Database: v2014.08.04.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled

 

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: Kendrick Sun

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 485058

Time Elapsed: 7 min, 34 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 25

PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\APPID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}, Quarantined, [9b89fdc7aad1c571fe008b1339c9649c], 

PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}, Quarantined, [9b89fdc7aad1c571fe008b1339c9649c], 

PUP.Optional.QuickShare.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}, Quarantined, [42e26c587605b185334f287691714cb4], 

PUP.Optional.QuickShare.A, HKLM\SOFTWARE\CLASSES\IESmartBar.BHO, Quarantined, [42e26c587605b185334f287691714cb4], 

PUP.Optional.QuickShare.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}, Quarantined, [42e26c587605b185334f287691714cb4], 

PUP.Optional.QuickShare.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\IESmartBar.BHO, Quarantined, [42e26c587605b185334f287691714cb4], 

PUP.Optional.Snapdo.T, HKU\S-1-5-21-1152022502-1335729656-3061835487-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006ee092-9658-4fd6-bd8e-a21a348e59f5}, Quarantined, [a3818044a1da44f281ebedb55da53ec2], 

PUP.Optional.Snapdo.T, HKU\S-1-5-21-1152022502-1335729656-3061835487-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006EE092-9658-4FD6-BD8E-A21A348E59F5}, Quarantined, [a3818044a1da44f281ebedb55da53ec2], 

PUP.Optional.Snapdo.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006EE092-9658-4FD6-BD8E-A21A348E59F5}, Quarantined, [a3818044a1da44f281ebedb55da53ec2], 

PUP.Optional.SearchProtect.A, HKU\S-1-5-21-1152022502-1335729656-3061835487-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, Quarantined, [5cc8d7ed88f33105139c491cd62ca759], 

PUP.Optional.MySearchDial.A, HKU\S-1-5-21-1152022502-1335729656-3061835487-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}, Quarantined, [9292d5ef522940f68c24e77e1be78779], 

PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}, Quarantined, [9292d5ef522940f68c24e77e1be78779], 

Adware.EoRezo, HKLM\SOFTWARE\WOW6432NODE\FREESOFTTODAY, Quarantined, [9193d5ef0f6c37ff0394d748ff05aa56], 

PUP.Optional.WeCare, HKU\S-1-5-21-1152022502-1335729656-3061835487-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\wecarereminder, Quarantined, [a18307bd1269ec4a3c1a9f3a24dee719], 

PUP.Optional.MultiIE.A, HKU\S-1-5-21-1152022502-1335729656-3061835487-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\DynConIE, Quarantined, [f4306e565a211e1851d60e29669e0ff1], 

PUP.Optional.SuperFish.A, HKU\S-1-5-21-1152022502-1335729656-3061835487-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com, Quarantined, [f62e952f344791a54581934cdb275fa1], 

PUP.Optional.WeCare, HKU\S-1-5-21-1152022502-1335729656-3061835487-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\EXTENSIONS\{6ED0A312-78F5-493C-A90C-5DAF321D0BF8}, Quarantined, [5cc8e2e2166557df72ed8455ea18f50b], 

PUP.Optional.FreeSoftToday.A, HKU\S-1-5-21-1152022502-1335729656-3061835487-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\freesofttoday, Quarantined, [a77d6262116a1a1c2ca55fdc09fb8b75], 

PUP.Optional.Groovorio.A, HKU\S-1-5-21-1152022502-1335729656-3061835487-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\groovorio, Quarantined, [d3517b4912696cca870f6575c33f4fb1], 

PUP.Optional.MySearchDial.A, HKU\S-1-5-21-1152022502-1335729656-3061835487-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\mysearchdial, Quarantined, [ee36d3f16912a4920c91e436b84c659b], 

PUP.Optional.SmartBar, HKU\S-1-5-21-1152022502-1335729656-3061835487-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SmartbarBackup, Quarantined, [fd27c8fca1dafa3c12d7fd345da720e0], 

PUP.Optional.SmartBar, HKU\S-1-5-21-1152022502-1335729656-3061835487-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SmartbarLog, Quarantined, [d54f4c78017abc7ae206bd744bb98a76], 

PUP.Optional.InstallCore.A, HKU\S-1-5-21-1152022502-1335729656-3061835487-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, Quarantined, [80a416ae4734989ea5dd7093e023b34d], 

PUP.Optional.InstallCore.A, HKU\S-1-5-21-1152022502-1335729656-3061835487-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, Quarantined, [42e2f7cd0b70d264e0bd849559abaf51], 

PUP.Optional.Groovorio, HKU\S-1-5-21-1152022502-1335729656-3061835487-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{CC865B26-C31D-4D23-B17B-96548EEF03F6}, Quarantined, [5dc7fec680fbc472404284b7768e738d], 

 

Registry Values: 3

PUP.Optional.Snapdo.T, HKU\S-1-5-21-1152022502-1335729656-3061835487-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {006ee092-9658-4fd6-bd8e-a21a348e59f5}, Quarantined, [0420fcc8fb805adc07e8fae1c93909f7]

PUP.Optional.InstallCore.A, HKU\S-1-5-21-1152022502-1335729656-3061835487-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0E2X2Y0E, Quarantined, [42e2f7cd0b70d264e0bd849559abaf51]

PUP.Optional.Snapdo.T, HKU\S-1-5-21-1152022502-1335729656-3061835487-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {006ee092-9658-4fd6-bd8e-a21a348e59f5}, Quarantined, [a67e1da789f2c76f00efda0113eff709]

 

Registry Data: 5

PUP.Optional.CalcIt.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://websearch.calcitapp.info/, Good: (www.google.com), Bad: (http://websearch.calcitapp.info/),Replaced,[2df7ecd81c5fe84ea832f5c79d679b65]





 

Folders: 5

PUP.Optional.MySearchDial.A, C:\Program Files (x86)\Mysearchdial, Quarantined, [42e2be06235850e676231f9456ac8f71], 

PUP.Optional.MySearchDial.A, C:\Program Files (x86)\Mysearchdial\1.8.29.0, Quarantined, [42e2be06235850e676231f9456ac8f71], 

PUP.Optional.MySearchDial.A, C:\Program Files (x86)\Mysearchdial\1.8.29.0\bh, Quarantined, [42e2be06235850e676231f9456ac8f71], 

PUP.Optional.YoutubeAdblocker.A, C:\ProgramData\YoutubeAdblocker, Quarantined, [ba6aa2220c6f74c2500e2195a0627a86], 

PUP.Optional.RelevantKnowledge.A, C:\Users\George Sun\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkndcbhcgphcfkkddanakjiepeknbgle, Quarantined, [da4aeed61566e551571f8740fb0725db], 

 

Files: 19

PUP.Optional.SuperSoftwareApp.A, C:\ProgramData\InstallMate\{70EDD0F0-67F3-4036-A2DD-2FD1AB0EF206}\Custom.dll, Quarantined, [d054e0e456256bcb645d024a40c00bf5], 

PUP.Optional.Downloader, C:\Users\Kendrick Sun\Downloads\Mod_Setup.exe, Quarantined, [c95b7c489be07fb797fcfac14db7966a], 

PUP.Optional.InstalleRex, C:\Users\Kendrick Sun\Downloads\IMPIRE.PLUS7TRN.GUNDAMDXHK.ZIP.exe, Quarantined, [8f9518ac52290333982c4b447889a759], 

PUP.Optional.OutBrowse, C:\Users\Kendrick Sun\Downloads\install.exe, Quarantined, [56ce8242483342f4e520a2079e63c937], 

PUP.Optional.OptimumInstaller.A, C:\Users\Kendrick Sun\Downloads\Setup.exe, Quarantined, [2ef65b69b2c91b1bf8294d0b5ca533cd], 

PUP.Optional.SnapDo.A, C:\Windows\Installer\534906b.msi, Quarantined, [7ea6883ce69572c4d04f127c38c914ec], 

PUP.Optional.CalcIt.A, C:\Users\Kendrick Sun\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_websearch.calcitapp.info_0.localstorage, Delete-on-Reboot, [e3414e76c8b3df57de326a75af532ad6], 

PUP.Optional.CalcIt.A, C:\Users\Kendrick Sun\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_websearch.calcitapp.info_0.localstorage-journal, Delete-on-Reboot, [db498e36e299db5b35dbda0508fa926e], 

PUP.Optional.TidyNetwork.A, C:\Windows\System32\Tasks\TidyNetwork Update, Quarantined, [4bd9b70df487a5910d910ad6d42e50b0], 

PUP.Optional.LiveLyrics.A, C:\Users\George Sun\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.livelyrics00.live-lyrics.com_0.localstorage, Quarantined, [a67e4e769fdc9a9c7bfd47a28e742ed2], 

PUP.Optional.LiveLyrics.A, C:\Users\George Sun\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.livelyrics00.live-lyrics.com_0.localstorage-journal, Quarantined, [6eb6863e2a51ba7cadcb69804eb49e62], 

PUP.Optional.LiveLyrics.A, C:\Users\Kendrick Sun\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.livelyrics00.live-lyrics.com_0.localstorage, Quarantined, [64c052725427da5c334534b5eb17b947], 

PUP.Optional.LiveLyrics.A, C:\Users\Kendrick Sun\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.livelyrics00.live-lyrics.com_0.localstorage-journal, Quarantined, [7fa57e4684f75ed8d8a0e10881811ee2], 

PUP.Optional.Superfish.A, C:\Users\Kendrick Sun\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage, Quarantined, [f72d42822f4c4de9c1baeb001fe321df], 

PUP.Optional.Superfish.A, C:\Users\Kendrick Sun\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal, Quarantined, [b86cd5ef3645e84e3546a6458c76d62a], 

PUP.Optional.MySearchDial.A, C:\Program Files (x86)\Mysearchdial\1.8.29.0\FavIcon.ico, Quarantined, [42e2be06235850e676231f9456ac8f71], 

PUP.Optional.MySearchDial.A, C:\Program Files (x86)\Mysearchdial\1.8.29.0\Sqlite3.dll, Quarantined, [42e2be06235850e676231f9456ac8f71], 

PUP.Optional.CalcIt.A, C:\Users\Kendrick Sun\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (      "startup_urls": [ "http://websearch.calcitapp.info/" ],), Replaced,[e93b08bcb1ca51e53b1cdc1ba361758b]

PUP.Optional.CalcIt.A, C:\Users\Kendrick Sun\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (   "homepage": "http://websearch.calcitapp.info/",), Replaced,[150fbf05e19a7fb75efae017659f4eb2]

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

Link to post
Share on other sites

ComboFix 14-08-06.02 - Kendrick Sun 08/08/2014  11:07:29.3.4 - x64

Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3407.1788 [GMT -5:00]

Running from: C:\ComboFix.exe

Command switches used :: C:\CFScript.txt

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 * Created a new restore point

.

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\AllSaveR

c:\program files (x86)\Groovorio

c:\program files (x86)\Groovorio\FavIcon.ico

c:\program files (x86)\Groovorio\Sqlite3.dll

c:\program files (x86)\lEss2paay

c:\program files (x86)\TaakeTheCouuppOni

c:\program files (x86)\tpperfEctcouPoNi

c:\program files\Common Files\Goobzo

c:\program files\Common Files\Goobzo\GBUpdate\resourceToolCommandLine.exe

c:\program files\Common Files\Goobzo\GBUpdate\sma.exe

c:\program files\Common Files\Goobzo\GBUpdate\smci64.dll

c:\program files\Common Files\Goobzo\GBUpdate\smei64.dll

c:\program files\Common Files\Goobzo\GBUpdate\smfi64.dll

c:\program files\Common Files\Goobzo\GBUpdate\smi64.exe

c:\program files\Common Files\Goobzo\GBUpdate\smoi64.dll

c:\program files\Common Files\Goobzo\GBUpdate\smri64.dll

c:\program files\Common Files\Goobzo\GBUpdate\smu.exe

c:\programdata\tpperfEctcouPoNi

.

.

(((((((((((((((((((((((((   Files Created from 2014-07-08 to 2014-08-08  )))))))))))))))))))))))))))))))

.

.

2014-08-08 16:11 . 2014-08-08 16:11 -------- d-----w- c:\users\spare\AppData\Local\temp

2014-08-08 16:11 . 2014-08-08 16:11 -------- d-----w- c:\users\KYS\AppData\Local\temp

2014-08-08 16:11 . 2014-08-08 16:11 -------- d-----w- c:\users\HomeGroupUser$\AppData\Local\temp

2014-08-08 16:11 . 2014-08-08 16:11 -------- d-----w- c:\users\hedev\AppData\Local\temp

2014-08-08 16:11 . 2014-08-08 16:11 -------- d-----w- c:\users\Guest\AppData\Local\temp

2014-08-08 16:11 . 2014-08-08 16:11 -------- d-----w- c:\users\George Sun\AppData\Local\temp

2014-08-08 16:11 . 2014-08-08 16:11 -------- d-----w- c:\users\Default\AppData\Local\temp

2014-08-08 16:11 . 2014-08-08 16:11 -------- d-----w- c:\users\Administrator\AppData\Local\temp

2014-08-08 14:24 . 2014-08-08 14:24 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{983DE9AB-6056-4878-A0CE-761DA748EF53}\offreg.dll

2014-08-08 13:38 . 2014-07-02 03:09 10924376 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{983DE9AB-6056-4878-A0CE-761DA748EF53}\mpengine.dll

2014-08-08 13:06 . 2014-08-08 13:06 -------- d-----w- c:\users\Kendrick Sun\AppData\Local\daedalic entertainment gmbh

2014-08-08 12:34 . 2014-08-08 12:34 -------- d-----w- c:\program files (x86)\predm

2014-08-08 12:34 . 2014-08-08 12:34 -------- d-----w- c:\users\Kendrick Sun\AppData\Local\Programs

2014-08-08 12:33 . 2014-08-08 12:33 -------- d-----w- c:\program files (x86)\DisCountLocaatorr

2014-08-08 12:33 . 2014-08-08 12:33 -------- d-----w- c:\users\Kendrick Sun\AppData\Local\VS Revo Group

2014-08-08 12:13 . 2014-08-08 12:13 -------- d-----w- c:\programdata\VS Revo Group

2014-08-08 12:13 . 2009-12-30 15:21 31800 ----a-w- c:\windows\system32\drivers\revoflt.sys

2014-08-08 12:13 . 2014-08-08 12:13 -------- d-----w- c:\program files\VS Revo Group

2014-08-07 16:59 . 2014-08-07 17:01 -------- d-----w- C:\FRST

2014-07-20 23:44 . 2014-07-20 23:44 -------- d-----w- c:\program files\Nexus Mod Manager

2014-07-19 19:16 . 2014-07-19 19:16 -------- d-----w- c:\program files\McAfee Security Scan

2014-07-18 20:43 . 2014-07-18 20:43 -------- d-----w- c:\programdata\GFACE

2014-07-16 23:02 . 2014-07-16 23:02 -------- d-----w- c:\program files\CCleaner

2014-07-16 20:19 . 2014-07-16 20:19 -------- d-----w- c:\program files (x86)\Microsoft XNA

2014-07-12 18:05 . 2014-07-19 19:16 -------- d-----w- c:\programdata\McAfee Security Scan

2014-07-09 22:36 . 2014-06-03 10:02 1719296 ----a-w- c:\program files\Windows Journal\NBDoc.DLL

2014-07-09 22:36 . 2014-06-03 10:02 1389568 ----a-w- c:\program files\Windows Journal\JNWDRV.dll

2014-07-09 22:36 . 2014-06-03 10:02 1380864 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll

2014-07-09 22:36 . 2014-06-03 10:02 1354240 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll

2014-07-09 22:36 . 2014-06-03 09:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll

2014-07-09 22:09 . 2014-06-18 02:19 1247232 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tipskins.dll

2014-07-09 22:09 . 2014-06-18 02:19 503296 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tiptsf.dll

2014-07-09 22:09 . 2014-06-18 02:19 449024 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tabskb.dll

2014-07-09 22:09 . 2014-06-18 02:19 110592 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\TipBand.dll

2014-07-09 22:09 . 2014-06-18 02:18 224768 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\TabTip.exe

2014-07-09 22:09 . 2014-06-18 02:18 692736 ----a-w- c:\windows\system32\osk.exe

2014-07-09 22:09 . 2014-06-18 02:17 544768 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\TipRes.dll

2014-07-09 22:09 . 2014-06-18 01:52 348672 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\tiptsf.dll

2014-07-09 22:09 . 2014-06-18 01:51 10240 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\TabTip32.exe

2014-07-09 22:09 . 2014-06-18 01:51 646144 ----a-w- c:\windows\SysWow64\osk.exe

2014-07-09 22:09 . 2014-06-18 01:10 3157504 ----a-w- c:\windows\system32\win32k.sys

2014-07-09 21:55 . 2014-06-05 14:45 1460736 ----a-w- c:\windows\system32\lsasrv.dll

2014-07-09 21:55 . 2014-06-05 14:26 22016 ----a-w- c:\windows\SysWow64\secur32.dll

2014-07-09 21:55 . 2014-06-05 14:25 96768 ----a-w- c:\windows\SysWow64\sspicli.dll

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2014-07-20 23:24 . 2014-05-13 02:05 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys

2014-07-12 18:06 . 2012-09-04 00:05 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2014-07-12 18:06 . 2012-09-04 00:05 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2014-07-10 08:02 . 2012-11-07 22:36 96441528 ----a-w- c:\windows\system32\MRT.exe

2014-05-12 12:26 . 2014-05-13 02:05 63704 ----a-w- c:\windows\system32\drivers\mwac.sys

2014-05-12 12:26 . 2014-05-13 02:05 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2014-05-12 12:25 . 2014-05-13 02:05 25816 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-04-12 12:37 . 2013-04-12 12:37 14794312 ----a-w- c:\program files (x86)\Common Files\lpuninstall.exe

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}]

2010-11-21 03:24 297808 ----a-w- c:\windows\System32\mscoree.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{8A59BAD9-8FF3-6EA6-F70E-A79FF613E544}]

c:\program files (x86)\save on\jc6sgdqmrW.dll [bU]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]

@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"

[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]

2010-11-30 16:03 155416 ----a-w- c:\windows\SysWOW64\CbFsMntNtf3.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2013-04-22 720064]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]

"ToolboxFX"="c:\program files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe" [2010-10-25 58936]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-14 59720]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-02 152392]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-12-21 959904]

.

c:\users\spare\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Uninstall LastPass RunOnce.lnk - c:\program files (x86)\Common Files\lpuninstall.exe -x -name=LastPass -ffuuid support@lastpass.com [2013-4-12 14794312]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.150\SSScheduler.exe [2014-4-9 332016]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ   autocheck autochk /p \??\D:\0autocheck autochk *

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ   kerberos msv1_0 schannel wdigest tspkg pku2u livessp msoidssp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.3.117.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.3.117.0\BBSvc.exe [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]

R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]

R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]

R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys;c:\windows\SYSNATIVE\DRIVERS\motfilt.sys [x]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]

R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]

R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x]

R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]

R3 LAN7500;LAN7500 USB 2.0 to Ethernet 10/100/1000 Adapter Service;c:\windows\system32\DRIVERS\lan7500-x64-n620f.sys;c:\windows\SYSNATIVE\DRIVERS\lan7500-x64-n620f.sys [x]

R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x]

R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe [x]

R3 MOSUMAC;USB-Ethernet Driver;c:\windows\system32\DRIVERS\USBMAC64.SYS;c:\windows\SYSNATIVE\DRIVERS\USBMAC64.SYS [x]

R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys;c:\windows\SYSNATIVE\DRIVERS\motccgp.sys [x]

R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys;c:\windows\SYSNATIVE\DRIVERS\motccgpfl.sys [x]

R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys;c:\windows\SYSNATIVE\DRIVERS\Motousbnet.sys [x]

R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys;c:\windows\SYSNATIVE\DRIVERS\motusbdevice.sys [x]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]

R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys;c:\windows\SYSNATIVE\DRIVERS\netvsc60.sys [x]

R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]

R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys;c:\windows\SYSNATIVE\DRIVERS\SWDUMon.sys [x]

R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys;c:\windows\SYSNATIVE\DRIVERS\VMBusVideoM.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

R4 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [x]

R4 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]

R4 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]

R4 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]

R4 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]

S1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys;c:\windows\SYSNATIVE\drivers\cbfs3.sys [x]

S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys;c:\windows\SYSNATIVE\drivers\ElRawDsk.sys [x]

S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]

S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]

S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]

S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]

S2 HP LaserJet Service;HP LaserJet Service;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [x]

S2 ioloSystemService;iolo System Service;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe [x]

S2 irstrtsv;Intel® Rapid Start Technology Service;c:\windows\SysWOW64\irstrtsv.exe;c:\windows\SysWOW64\irstrtsv.exe [x]

S2 ISCTAgent;ISCT Always Updated Agent;c:\program files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe;c:\program files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [x]

S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [x]

S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [x]

S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [x]

S2 msoidsvc;Microsoft Online Services Sign-in Assistant;c:\program files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE;c:\program files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [x]

S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\NLSSRV32.EXE;c:\windows\SysWOW64\NLSSRV32.EXE [x]

S2 PDFsFilter;PDFsFilter;c:\windows\system32\DRIVERS\PDFsFilter.sys;c:\windows\SYSNATIVE\DRIVERS\PDFsFilter.sys [x]

S2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]

S3 acpials;ALS Sensor Filter;c:\windows\system32\DRIVERS\acpials.sys;c:\windows\SYSNATIVE\DRIVERS\acpials.sys [x]

S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]

S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.3.117.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.3.117.0\SeaPort.exe [x]

S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]

S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]

S3 cyhid;Cypress Input Device;c:\windows\system32\DRIVERS\cyhid.sys;c:\windows\SYSNATIVE\DRIVERS\cyhid.sys [x]

S3 cykbfltrService;Cypress Keyboard Filter Driver;c:\windows\system32\DRIVERS\cykbfltr.sys;c:\windows\SYSNATIVE\DRIVERS\cykbfltr.sys [x]

S3 cymfltrService;Cypress Trackpad Filter Driver;c:\windows\system32\DRIVERS\cymfltr.sys;c:\windows\SYSNATIVE\DRIVERS\cymfltr.sys [x]

S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys;c:\windows\SYSNATIVE\DRIVERS\FLxHCIc.sys [x]

S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys;c:\windows\SYSNATIVE\DRIVERS\FLxHCIh.sys [x]

S3 ibtfltcoex;ibtfltcoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]

S3 ikbevent;Intel Upper keyboard Class Filter Driver;c:\windows\system32\DRIVERS\ikbevent.sys;c:\windows\SYSNATIVE\DRIVERS\ikbevent.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]

S3 irstrtdv;Intel® Rapid Start Technology Driver;c:\windows\system32\DRIVERS\irstrtdv.sys;c:\windows\SYSNATIVE\DRIVERS\irstrtdv.sys [x]

S3 ISCT;Intel® Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD64.sys;c:\windows\SYSNATIVE\DRIVERS\ISCTD64.sys [x]

S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]

S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys;c:\windows\SYSNATIVE\DRIVERS\LVPr2M64.sys [x]

S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\DRIVERS\LVUSBS64.sys;c:\windows\SYSNATIVE\DRIVERS\LVUSBS64.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2014-05-25 02:03 1091912 ----a-w- c:\program files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2014-08-08 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-04 18:06]

.

2014-08-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1152022502-1335729656-3061835487-1001Core.job

- c:\users\George Sun\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-01-25 03:39]

.

2014-08-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1152022502-1335729656-3061835487-1001UA.job

- c:\users\George Sun\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-01-25 03:39]

.

2014-08-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1152022502-1335729656-3061835487-1001Core.job

- c:\users\George Sun\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-28 01:05]

.

2014-08-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1152022502-1335729656-3061835487-1001UA.job

- c:\users\George Sun\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-28 01:05]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]

@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"

[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]

2010-11-30 16:03 188696 ----a-w- c:\windows\System32\CbFsMntNtf3.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CyCpIo"="c:\program files\Cypress\TrackPad\CyCpIo.exe" [2012-05-03 2429440]

"CyHidWin"="c:\program files\Cypress\TrackPad\CyHidWin.exe" [2012-05-03 2371584]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-27 167704]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-27 392472]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-27 416024]

"BLEServicesCtrl"="c:\program files (x86)\Intel\Bluetooth\BleServicesCtrl.exe" [2012-03-15 178960]

"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2012-03-27 11407120]

"HP LaserJet Professional CM1410 Series Fax"="c:\program files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe" [2010-08-24 3706424]

"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]

"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2013-07-31 3091224]

.

------- Supplementary Scan -------

.

mStart Page = hxxp://websearch.calcitapp.info/

uSearchAssistant = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9ho1IAoH5LYnFv7JaujK-yu-PYuJVx4YTue6DkiZYUTcLwlnfXYLeOnGvbW6lLLJjgY3mtxNH1-nz1d7628k_wUvPnw_gkVgSOCkkhoR83QmjEoTCuCxaM4cWi3hUseLb0yq7NG6Kut6X8gN9WoN7xV8ZAzUBkFmvezsw,,&q={searchTerms}

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.1.1

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

AddRemove-{860C3266-65B9-4BF2-937A-1778483046B5}_is1 - c:\program files (x86)\steam\steamapps\common\XCom-Enemy-Unknown\XEW\unins000.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.14"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2014-08-08  11:13:20

ComboFix-quarantined-files.txt  2014-08-08 16:13

ComboFix2.txt  2014-08-08 16:01

ComboFix3.txt  2014-08-08 12:57

.

Pre-Run: 8,794,390,528 bytes free

Post-Run: 8,700,551,168 bytes free

.

- - End Of File - - 5D02FBADFC944ACE942A69BC1003EC30

 

Link to post
Share on other sites

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology

[*]Click Scan[*]Wait for the scan to finish[*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.