Jump to content

Com Surrogate running high at Immediate Startup


Crash254
 Share

Recommended Posts

Hi,  for the past three days my pc (windows 9 64 dell inspiron 537) has been running extremely slow at startup. Programs take forever to load and the mouse pointer runs in a circle (spiral) for long periods.  When i launch task manager i see that Com Surrogate is running high as well as Mircosoft Directplay8 Server yet i had not openned any programs.  When i launch firefox i get a lot of script messages (though i am on firefox the messages all say 'chrome://global/content/bingings/autocomplete.xml:289)

 

i have ran malware and nothing was discovered.

 

Please help.

 

Thank you

Link to post
Share on other sites

  • Staff

Hello Crash254, welcome to Malwarebytes' Malware Removal forum!
 
My username is LiquidTension, but you can call me Adam. I will be assisting you with your malware-related problems.
If you would allow me to call you by your first name I would prefer that. xsmile.png.pagespeed.ic.CwSpBGGvqN.png
 
General P2P/Piracy Notice: 
 

If you are using Peer to Peer (P2P) filesharing software such as uTorrent, BitTorrent or similar you must either fully uninstall or completely disable the programme(s) from running whilst receiving assistance at this forum. 
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
If you have illegal/cracked/keygen or similar software on the computer, please remove/uninstall the software now and read the policy on Piracy. Failure to do so will also result in your topic being closed.

 
======================================================
 
Please read through the points below to ensure this process moves as quickly and efficiently as possible.

  • Please ensure you read through my instructions thoroughly, and carry out each step in the order specified.
  • If you are unable to copy/paste your logs directly into your post, please attach the file. 
  • Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in ascertaining the current situation and providing the best set of instructions for you.
  • Please backup important files before proceeding with my instructions. Malware removal can be unpredictable.
  • If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before proceeding.
  • Topics are locked if no response is made after 4 days. Please inform me if you will require additional time to complete my instructions.
  • Ensure you are following this topic. Click xetYzdbu.png.pagespeed.ic.U7AjmRUewW.png at the top of the page. 
     

======================================================

STEP 1
GfiJrQ9.png Malwarebytes Anti-Malware (MBAM)

  • Open Malwarebytes Anti-Malware and click Update Now.
  • Once updated, click the Settings tab, followed by Detection and Protection and tick Scan for rootkits.
  • Click the Scan tab, ensure Threat Scan is checked and click Scan Now.
  • Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards. 
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • Click Copy to Clipboard and paste the log in your next reply. 
     

STEP 2
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

  • Please download Farbar Recovery Scan Tool (x32) or Farbar Recovery Scan Tool (x64) and save the file to your Desktop.
  • Note: Download and run the version compatible with your system (32 or 64-bit). Download both if you're unsure; only one will run.
  • Right-Click FRST.exe / FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Yes to the disclaimer.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply. 
     

STEP 3
YARWD1t.png.pagespeed.ce.nvhmVeYDe3.png TDSSKiller Scan

  • Please download TDSSKiller and save the file to your Desktop.
  • Right-Click TDSSKiller.exe and select xAVOiBNU.jpg.pagespeed.ic.H5HC6LkiJX.jpg Run as administrator to run the programme.
  • Click Change parameters. Place a checkmark next to Detect TDLFS file system and Verify file digital signatures.
  • ​Click Start Scan. Do not use the computer during the scan.
  • If objects are found, change the action to skip.
  • Click Continue and close the window.
  • A log will be created and saved to the root directory (usually C:\). Attach the file in your next reply.
     

======================================================
 
STEP 4
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • MBAM scan log
  • FRST.txt
  • Addition.txt
  • TDSSKiller log (attached!)
Link to post
Share on other sites

Good Afternoon Adam, thank you for taking the time to help me with my problem.  My name is Don :)

 

Here are the results of the three scans that you had recommended that I ran:

 

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 12/12/2014

Scan Time: 2:58:09 PM

Logfile:

Administrator: Yes

 

Version: 2.00.4.1028

Malware Database: v2014.12.12.07

Rootkit Database: v2014.12.08.03

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled

 

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: Don S

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 405572

Time Elapsed: 1 hr, 45 min, 58 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Warn

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-12-2014 01

Ran by Don S at 2014-12-15 10:41:12

Running from C:\Users\Don S\Desktop

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}

AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}

AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden

64 Bit HP CIO Components Installer (Version: 7.2.4 - Hewlett-Packard) Hidden

Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.3.0.0 - Adobe Systems Incorporated)

Acrobat.com (x32 Version: 2.3.0 - Adobe Systems Incorporated) Hidden

Actiontec Gateway (HKLM-x32\...\{9692FD03-6662-4E62-B08C-30DFF51651E1}) (Version:  - )

Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{C23EE7CE-C1A3-4F94-A8F0-9E0AC9C6DE6E}) (Version: 1.1 - Eyeo GmbH)

Adblock Plus for IE (HKLM-x32\...\{fd97d1e2-368a-4cd9-af63-8eeff938044a}) (Version: 1.1 - )

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.6.0.5970 - Adobe Systems Incorporated)

Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)

Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)

AIM 7 (HKLM-x32\...\AIM_7) (Version:  - )

Amaya (HKLM-x32\...\Amaya) (Version: 11.3 - )

Amazon Send to Kindle (HKLM-x32\...\SendToKindle) (Version: 1.0.1.239 - Amazon)

Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Applian FLV and Media Player 3.1.1.12 (HKLM-x32\...\Applian FLV and Media Player) (Version: 3.1.1.12 - Applian Technologies)

AutoHotkey 1.0.48.05 (HKLM-x32\...\AutoHotkey) (Version: 1.0.48.05 - Chris Mallett)

Backblaze (HKLM-x32\...\Backblaze) (Version:  - Backblaze, Inc)

Belarc Advisor 8.1 (HKLM-x32\...\Belarc Advisor) (Version:  - )

Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)

BlueStacks Notification Center (HKLM-x32\...\{8DCCC556-265B-478A-8B32-C12DA988BA74}) (Version: 0.9.4.4079 - BlueStack Systems, Inc.)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

calibre (HKLM-x32\...\{8511CE6E-F12F-4539-B19E-62B9C43B5B34}) (Version: 1.47.0 - Kovid Goyal)

CameraHelperMsi (x32 Version: 13.30.1395.0 - Logitech) Hidden

CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)

Chinese Simplified Fonts Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-2447-0000-900000000003}) (Version: 9.0.0 - Adobe Systems Incorporated)

Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 13.1.0.89 - Citrix Systems, Inc.)

Common Desktop Agent (Version: 1.53.0 - OEM) Hidden

ContentHD (x32 Version: 1.00.0002 - Corel Corporation) Hidden

Contents (x32 Version: 1.6.0.272 - Corel Corporation) Hidden

Corel VideoStudio Pro X3 (HKLM-x32\...\_{F072CA07-A781-45E4-9975-C033A73019CF}) (Version: 1.6.0.272 - Corel Corporation)

Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.1.2) (Version: 5.0.1.2 - Coupons.com Incorporated)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Dell System Detect (HKU\S-1-5-21-1237837275-29157359-2308031490-1000\...\73f463568823ebbe) (Version: 5.12.0.2 - Dell)

DeviceIO (x32 Version: 1.6.0.272 - Corel Corporation) Hidden

Dropbox (HKU\S-1-5-21-1237837275-29157359-2308031490-1000\...\Dropbox) (Version: 1.1.35 - Dropbox, Inc.)

erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden

Free PDF To PPT Converter (HKLM-x32\...\{F0712F9D-4B28-4AED-9AA5-BEE9B0B533D5}) (Version: 1.0.0 - Free PDF Solutions)

Free PDF to Word Converter 5.1.0.383 (HKLM\...\Free PDF to Word Converter_is1) (Version: 5.1.0.383 - Smart Soft)

Free Studio version 2014 (HKLM-x32\...\Free Studio_is1) (Version: 6.3.10.923 - DVDVideoSoft Ltd.)

Freecorder 6 (HKLM-x32\...\Freecorder 6) (Version: 2.1.10 - Applian Technologies Inc.)

Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)

Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

hppLaserJetService (x32 Version: 002.007.00397 - Hewlett-Packard) Hidden

ICA (x32 Version: 1.6.0.272 - Corel Corporation) Hidden

ieSpell (HKLM-x32\...\ieSpell) (Version: 2.6.4 (build 573) - Red Egg Software)

ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.5.0 - LIGHTNING UK!)

Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version:  - )

IPM_VS_Pro (x32 Version: 13.0 - Corel Corporation) Hidden

iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)

IZArc 4.1.6 (HKLM-x32\...\{97C82B44-D408-4F14-9252-47FC1636D23E}_is1) (Version: 4.1.6 - Ivan Zahariev)

Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)

join.me (HKU\S-1-5-21-1237837275-29157359-2308031490-1000\...\JoinMe) (Version: 1.2.1.374 - LogMeIn, Inc.)

Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Korean Fonts Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5670-0000-900000000003}) (Version: 9.0.0 - Adobe Systems Incorporated)

Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.30 - Logitech Inc.)

LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden

magicJack (HKU\S-1-5-21-1237837275-29157359-2308031490-1000\...\magicJack) (Version: 3.1.6970.4873 - magicJack L.P.)

Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)

Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft LifeCam (HKLM\...\{6965A8D2-465D-4F98-9FAA-0E9E2348F329}) (Version: 3.22.270.0 - Microsoft Corporation)

Microsoft MSN MoneyCentral Stock Quotes Add-In for Excel (HKLM-x32\...\{A99C1048-A569-4B65-A3DD-3584B0A4AA69}) (Version: 1.0.0.0322 - Microsoft Corporation)

Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)

Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)

Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)

Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

MLE (x32 Version: 1.0.0.18 - Corel Corporation) Hidden

Mozilla Firefox 34.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0 (x86 en-US)) (Version: 34.0 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

MySQL Workbench 5.2 CE (HKLM-x32\...\{E3DF0E76-825F-4377-9BB6-F8F1DC204287}) (Version: 5.2.40 - Oracle Corporation)

Nuance PDF Converter Professional 7 (HKLM\...\{FFAE98FC-4E1A-45BB-ADED-081160A2CBD7}) (Version: 7.20.6187 - Nuance Communications, Inc.)

Nuance PDF Converter Professional 7 (HKLM-x32\...\{FFAE98FC-4E1A-45BB-ADED-081160A2CBD7}) (Version: 7.20.6187 - Nuance Communications, Inc.)

Online Plug-in (x32 Version: 13.1.0.89 - Citrix Systems, Inc.) Hidden

PureHD (x32 Version: 1.6.0.272 - Corel Corporation) Hidden

QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)

Replay Media Catcher 4 (4.3.2) (HKLM-x32\...\Replay Media Catcher 4) (Version: 4.3.2 - Applian Technologies)

Samsung Easy Deployment Manager (HKLM-x32\...\Samsung Easy Deployment Manager) (Version: 1.00.26 - Samsung Electronics Co., Ltd.)

Samsung Easy Printer Manager (HKLM-x32\...\Samsung Easy Printer Manager) (Version: 1.01.16.00 - Samsung Electronics Co., Ltd.)

Samsung Network PC Fax (HKLM-x32\...\Samsung Network PC Fax) (Version: 1.05.23.04 - Samsung Electronics Co., Ltd.)

Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)

Samsung Scan Assistant (HKLM-x32\...\Samsung Scan Assistant) (Version: 1.05.07 (7/20/2012) - Samsung Electronics Co., Ltd.)

Samsung SCX-472x Series (HKLM-x32\...\Samsung SCX-472x Series) (Version:  - Samsung Electronics Co., Ltd.)

Scansoft PDF Professional (x32 Version:  - ) Hidden

Self-service Plug-in (x32 Version: 3.1.0.21744 - Citrix Systems, Inc.) Hidden

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)

Setup (x32 Version: 1.6.0.272 - Corel Corporation) Hidden

Share (x32 Version: 1.6.0.272 - Corel Corporation) Hidden

Share64 (Version: 1.6.0.272 - Corel Corporation) Hidden

Skype Web Plugin (HKLM-x32\...\{B51DD93B-3CB5-4D9D-BFF2-FD19DBBBFD9A}) (Version: 2.9.13008.18866 - Skype Technologies S.A.)

SmarThru Office (HKLM-x32\...\{9BC1E722-AE07-46A3-B7A6-556DBE18E22A}) (Version: 2.08.018 - Samsung Electronics Co., Ltd.)

SmartSound Common Data (HKLM-x32\...\InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}) (Version: 1.1.0 - SmartSound Software Inc.)

SmartSound Common Data (x32 Version: 1.1.0 - SmartSound Software Inc.) Hidden

SmartSound Quicktracks 5 (HKLM-x32\...\InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.5 - SmartSound Software Inc.)

SmartSound Quicktracks 5 (x32 Version: 5.1.5 - SmartSound Software Inc.) Hidden

Speckie (HKLM\...\{40E14C77-0EA0-4A67-A7CB-BE54ADEB697C}) (Version: 4.4.0 - Versoworks)

Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.3.37 - Safer-Networking Ltd.)

UltraISO Premium V9.62 (HKLM-x32\...\UltraISO_is1) (Version:  - )

ViiKii Desktop Plug-in (HKLM-x32\...\ViiKiiDesktopPlugin.5E22EA0FF243470AB5EDDF282C0A5B52E9909C36.1) (Version: 0.4 - Global Tongue Inc)

ViiKii Desktop Plug-in (x32 Version: 0.4 - Global Tongue Inc) Hidden

VIO (x32 Version: 1.6.0.272 - Corel Corporation) Hidden

VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)

VSClassic (x32 Version: 1.6.0.272 - Corel Corporation) Hidden

VSPro (x32 Version: 1.6.0.272 - Corel Corporation) Hidden

Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)

Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)

Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version:  - )

Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)

Windows Mobile Device Center (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)

Windows Phone app for desktop (HKLM-x32\...\{5F71448B-88EB-4357-9A98-8658D4C49C48}) (Version: 1.1.2726.0 - Microsoft Corporation)

WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)

Yahoo! Detect (HKLM-x32\...\YTdetect) (Version:  - )

Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)

Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )

Yahoo! Widgets (HKLM-x32\...\Yahoo! Widget Engine) (Version: 4.5.2.0 - Yahoo! Inc.)

Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation)

 

==================== Custom CLSID (selected items): ==========================

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

CustomCLSID: HKU\S-1-5-21-1237837275-29157359-2308031490-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 251 more characters). <==== Poweliks?

CustomCLSID: HKU\S-1-5-21-1237837275-29157359-2308031490-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Don S\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1237837275-29157359-2308031490-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Don S\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1237837275-29157359-2308031490-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Don S\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1237837275-29157359-2308031490-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Don S\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll (Dropbox, Inc.)

 

==================== Restore Points  =========================

 

 

==================== Scheduled Tasks (whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

 

Task: {0F36C13C-BF96-4424-8C5E-ADB0A941717F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-02-20] (Piriform Ltd)

Task: {38F9F8E3-D426-4589-9320-5E9372767791} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {6383FED2-78C3-4BF0-81D2-50DD37D3CDB0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-10] (Adobe Systems Incorporated)

Task: {6E2AD666-1AB5-4F70-8346-4EC99D548679} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)

Task: {7384777E-55CF-4DB4-A793-D84B759E4F4B} - System32\Tasks\{DE428C7C-C63B-470E-B597-ED59E678935C} => pcalua.exe -a D:\IB.exe -d D:\

Task: {7F237DF3-AD8C-45E0-9EEE-3F565EEC1199} - System32\Tasks\{E5F1BCD4-5029-4C9C-A8A2-AB46A8B537FB} => pcalua.exe -a "C:\Users\Don S\Downloads\MFC-7820N-inst-win7-A2.EXE" -d "C:\Program Files (x86)\Mozilla Firefox"

Task: {8105A9A2-622A-49E9-981F-AE42E955D8B5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)

Task: {82863534-27A0-4703-90AF-33C4C786B32D} - System32\Tasks\{B725467A-5455-4202-BACE-A51760E6105C} => pcalua.exe -a "C:\Users\Don S\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VA523OZJ\LJM1522-PCL6-pd-win32-ww[1].exe" -d "C:\Users\Don S\Desktop"

Task: {9300CCFB-59DF-430E-BEAD-D96DF6F157CA} - System32\Tasks\{6A695BCC-4E2E-4765-8C5A-FF02CA95B259} => pcalua.exe -a "C:\Users\Don S\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2GILZKBO\ffdshow[1].exe" -d "C:\Users\Don S\Desktop"

Task: {93D39D02-6644-429E-A6DE-0BA1424C903F} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION

Task: {95B7CCDE-C04C-4AA8-B113-282631CEB360} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc

Task: {A09BFEC3-169A-4A89-A0D3-DAC6ADB71AD6} - System32\Tasks\4664 => Wscript.exe C:\Users\DONS~1\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION

Task: {A65D603A-26F7-4F53-9946-F6C508E2EB27} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe

Task: {F858D7E0-D923-4EB8-AC02-128D055F2EB8} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe

Task: {FAB72F27-3816-4D04-B0DD-B94809F9624C} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (whitelisted) =============

 

2011-05-11 02:38 - 2011-05-11 02:38 - 00034304 _____ () C:\Windows\System32\ssa3mlm.dll

2014-02-18 11:13 - 2014-11-21 16:22 - 00234600 _____ () C:\Program Files (x86)\Backblaze\bzserv.exe

2012-01-10 15:27 - 2011-02-28 08:39 - 00211456 _____ () C:\Program Files (x86)\IZArc\IZArcCM64.dll

2010-12-17 17:13 - 2010-12-17 17:13 - 00438784 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe

2010-12-17 17:13 - 2010-12-17 17:13 - 00050688 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrvPS.dll

2014-02-18 11:13 - 2014-11-21 16:22 - 00493672 _____ () C:\Program Files (x86)\Backblaze\bzbui.exe

2014-02-18 11:13 - 2014-11-21 16:22 - 00303208 _____ () C:\Program Files (x86)\Backblaze\bzfilelist.exe

2014-02-18 11:13 - 2014-11-21 16:22 - 03111528 _____ () C:\Program Files (x86)\Backblaze\x64\bztransmit64.exe

2014-12-15 10:09 - 2014-12-12 09:40 - 01169480 ____N () C:\Users\DONS~1\AppData\Local\Temp\_iu14D2N.tmp

2014-10-11 12:06 - 2014-10-11 12:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2014-03-14 13:21 - 2012-08-23 08:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll

2014-03-14 13:21 - 2012-04-03 15:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll

2011-05-03 10:38 - 2011-05-03 10:38 - 00176128 _____ () C:\Program Files (x86)\AIM\nssckbi.dll

2008-01-08 17:50 - 2008-01-08 17:50 - 00349147 _____ () C:\Program Files (x86)\Yahoo!\Widgets\sqlite3.dll

2008-03-18 19:21 - 2008-03-18 19:21 - 00512000 _____ () C:\Program Files (x86)\Yahoo!\Widgets\js32.dll

2008-03-18 19:21 - 2008-03-18 19:21 - 00094208 _____ () C:\Program Files (x86)\Yahoo!\Widgets\jsd.dll

2013-11-08 09:33 - 2012-05-25 04:25 - 00921600 _____ () C:\Program Files (x86)\Yahoo!\Messenger\yui.dll

2014-12-01 22:34 - 2014-12-01 22:35 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

2011-12-19 11:27 - 2011-12-19 11:27 - 00011704 _____ () C:\Program Files (x86)\Citrix\SelfServicePlugin\ExtensionSDK.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

AlternateDataStreams: C:\ProgramData\TEMP:0574215C

AlternateDataStreams: C:\ProgramData\TEMP:D95ACC7D

 

==================== Safe Mode (whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"

 

==================== EXE Association (whitelisted) =============

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

HKU\S-1-5-21-1237837275-29157359-2308031490-1000\Software\Classes\.exe:  =>  <===== ATTENTION!

 

==================== MSCONFIG/TASK MANAGER disabled items =========

 

(Currently there is no automatic fix for this section.)

 

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup

MSCONFIG\startupfolder: C:^Users^Don S^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup

MSCONFIG\startupfolder: C:^Users^Don S^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ViiKiiDesktopPlugin.lnk => C:\Windows\pss\ViiKiiDesktopPlugin.lnk.Startup

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

MSCONFIG\startupreg: Aim => "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US

MSCONFIG\startupreg: ISUSPM => "C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe" -scheduler

MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

MSCONFIG\startupreg: LWS => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide

MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet

MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

MSCONFIG\startupreg: Nuance PDF Converter Professional 7-reminder => "C:\Program Files (x86)\Nuance\PDF Professional 7\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Converter Professional 7\Ereg\Ereg.ini"

MSCONFIG\startupreg: PDF7 Registry Controller => C:\Program Files (x86)\Nuance\PDF Professional 7\RegistryController.exe

MSCONFIG\startupreg: PDFProHook => C:\Program Files (x86)\Nuance\PDF Professional 7\pdfpro7hook.exe

MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

MSCONFIG\startupreg: Standby => "C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe" -START

MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

MSCONFIG\startupreg: Zune Launcher => "c:\Program Files\Zune\ZuneLauncher.exe"

 

========================= Accounts: ==========================

 

Admin (S-1-5-21-1237837275-29157359-2308031490-1003 - Administrator - Enabled) => C:\Users\Admin

Administrator (S-1-5-21-1237837275-29157359-2308031490-500 - Administrator - Disabled)

Don S (S-1-5-21-1237837275-29157359-2308031490-1000 - Administrator - Enabled) => C:\Users\Don S

Guest (S-1-5-21-1237837275-29157359-2308031490-501 - Limited - Enabled)

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (12/15/2014 09:57:12 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program DellSystemDetect.exe version 5.12.0.2 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

 

Process ID: 122c

 

Start Time: 01d0186f63fe52f4

 

Termination Time: 1889

 

Application Path: C:\Users\Don S\AppData\Local\Apps\2.0\9DDDYZMH.HXM\CQ1OTBA7.CQK\dell..tion_e30b47f5d4a30e9e_0005.000c_1df9a4888f2ef11e\DellSystemDetect.exe

 

Report Id:

 

Error: (12/15/2014 09:44:52 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program FRST64.exe version 14.12.2014.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

 

Process ID: 1da0

 

Start Time: 01d018748247b3b8

 

Termination Time: 113

 

Application Path: C:\Users\Don S\Downloads\FRST64.exe

 

Report Id:

 

Error: (12/15/2014 09:03:40 AM) (Source: MsiInstaller) (EventID: 1024) (User: DonS-PC)

Description: Product: Adobe Reader XI - Update '{AC76BA86-7AD7-0000-2550-7A8C40011010}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

 

Error: (12/15/2014 08:59:29 AM) (Source: System Restore) (EventID: 8211) (User: )

Description: The scheduled restore point could not be created.  Additional information: (0x81000101).

 

Error: (12/15/2014 08:59:29 AM) (Source: System Restore) (EventID: 8193) (User: )

Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x81000101).

 

Error: (12/13/2014 03:28:28 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )

Description: Service cannot be started. System.IO.FileNotFoundException: Could not find file 'C:\ProgramData\BlueStacks\Android\kernel.elf'.

File name: 'C:\ProgramData\BlueStacks\Android\kernel.elf'

   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)

   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

 

Error: (12/13/2014 01:13:23 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: iexplore.exe, version: 11.0.9600.17496, time stamp: 0x4a5bc6b7

Faulting module name: MSHTML.dll, version: 11.0.9600.17496, time stamp: 0x546ff2f9

Exception code: 0xc00000fd

Fault offset: 0x000a3d3c

Faulting process id: 0x48fc

Faulting application start time: 0xiexplore.exe0

Faulting application path: iexplore.exe1

Faulting module path: iexplore.exe2

Report Id: iexplore.exe3

 

Error: (12/12/2014 06:02:22 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: iexplore.exe, version: 11.0.9600.17496, time stamp: 0x4a5bc5e1

Faulting module name: MSHTML.dll, version: 11.0.9600.17496, time stamp: 0x546ff2f9

Exception code: 0xc00000fd

Fault offset: 0x000a3849

Faulting process id: 0x2f30

Faulting application start time: 0xiexplore.exe0

Faulting application path: iexplore.exe1

Faulting module path: iexplore.exe2

Report Id: iexplore.exe3

 

Error: (12/12/2014 04:22:24 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: iexplore.exe, version: 11.0.9600.17496, time stamp: 0x4ce7a46b

Faulting module name: MSHTML.dll, version: 11.0.9600.17496, time stamp: 0x546ff2f9

Exception code: 0xc00000fd

Fault offset: 0x0011fb5c

Faulting process id: 0x6e8

Faulting application start time: 0xiexplore.exe0

Faulting application path: iexplore.exe1

Faulting module path: iexplore.exe2

Report Id: iexplore.exe3

 

Error: (12/12/2014 10:25:51 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )

Description: Service cannot be started. System.IO.FileNotFoundException: Could not find file 'C:\ProgramData\BlueStacks\Android\kernel.elf'.

File name: 'C:\ProgramData\BlueStacks\Android\kernel.elf'

   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)

   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

 

 

System errors:

=============

Error: (12/15/2014 10:25:46 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)

Description: The following fatal alert was received: 40.

 

Error: (12/15/2014 10:25:46 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)

Description: The following fatal alert was received: 40.

 

Error: (12/15/2014 10:25:46 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)

Description: The following fatal alert was received: 70.

 

Error: (12/15/2014 10:25:46 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)

Description: The following fatal alert was received: 70.

 

Error: (12/15/2014 09:38:19 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)

Description: The following fatal alert was generated: 10. The internal error state is 10.

 

Error: (12/15/2014 09:38:19 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)

Description: The following fatal alert was generated: 10. The internal error state is 10.

 

Error: (12/15/2014 09:37:59 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)

Description: The following fatal alert was generated: 10. The internal error state is 10.

 

Error: (12/15/2014 09:37:59 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)

Description: The following fatal alert was generated: 10. The internal error state is 10.

 

Error: (12/15/2014 09:14:09 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)

Description: There was an error while attempting to read the local hosts file.

 

Error: (12/15/2014 09:14:08 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)

Description: There was an error while attempting to read the local hosts file.

 

 

Microsoft Office Sessions:

=========================

Error: (12/15/2014 09:57:12 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: DellSystemDetect.exe5.12.0.2122c01d0186f63fe52f41889C:\Users\Don S\AppData\Local\Apps\2.0\9DDDYZMH.HXM\CQ1OTBA7.CQK\dell..tion_e30b47f5d4a30e9e_0005.000c_1df9a4888f2ef11e\DellSystemDetect.exe

 

Error: (12/15/2014 09:44:52 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: FRST64.exe14.12.2014.11da001d018748247b3b8113C:\Users\Don S\Downloads\FRST64.exe

 

Error: (12/15/2014 09:03:40 AM) (Source: MsiInstaller) (EventID: 1024) (User: DonS-PC)

Description: Adobe Reader XI{AC76BA86-7AD7-0000-2550-7A8C40011010}1625(NULL)(NULL)(NULL)

 

Error: (12/15/2014 08:59:29 AM) (Source: System Restore) (EventID: 8211) (User: )

Description: 0x81000101

 

Error: (12/15/2014 08:59:29 AM) (Source: System Restore) (EventID: 8193) (User: )

Description: C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreationScheduled Checkpoint0x81000101

 

Error: (12/13/2014 03:28:28 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )

Description: Service cannot be started. System.IO.FileNotFoundException: Could not find file 'C:\ProgramData\BlueStacks\Android\kernel.elf'.

File name: 'C:\ProgramData\BlueStacks\Android\kernel.elf'

   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)

   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

 

Error: (12/13/2014 01:13:23 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: iexplore.exe11.0.9600.174964a5bc6b7MSHTML.dll11.0.9600.17496546ff2f9c00000fd000a3d3c48fc01d0169b80eda32aC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dll24343293-828f-11e4-b15c-00256405899f

 

Error: (12/12/2014 06:02:22 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: iexplore.exe11.0.9600.174964a5bc5e1MSHTML.dll11.0.9600.17496546ff2f9c00000fd000a38492f3001d0165f8fa0a0e5C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dlled7c0f33-8252-11e4-b15c-00256405899f

 

Error: (12/12/2014 04:22:24 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: iexplore.exe11.0.9600.174964ce7a46bMSHTML.dll11.0.9600.17496546ff2f9c00000fd0011fb5c6e801d016512bca3059C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dllf664582b-8244-11e4-b15c-00256405899f

 

Error: (12/12/2014 10:25:51 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )

Description: Service cannot be started. System.IO.FileNotFoundException: Could not find file 'C:\ProgramData\BlueStacks\Android\kernel.elf'.

File name: 'C:\ProgramData\BlueStacks\Android\kernel.elf'

   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)

   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

 

 

==================== Memory info ===========================

 

Processor: Pentium® Dual-Core CPU E5400 @ 2.70GHz

Percentage of memory in use: 56%

Total physical RAM: 4095.05 MB

Available physical RAM: 1765.13 MB

Total Pagefile: 8188.29 MB

Available Pagefile: 4368.8 MB

Total Virtual: 8192 MB

Available Virtual: 8191.86 MB

 

==================== Drives ================================

 

Drive c: (OS) (Fixed) (Total:288.29 GB) (Free:117.48 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

Drive i: (MULTIBOOT) (Removable) (Total:0.49 GB) (Free:0.49 GB) FAT

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: A42D04A3)

Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)

Partition 2: (Active) - (Size=288.3 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=9.8 GB) - (Type=DB)

 

========================================================

Disk: 1 (Size: 506.6 MB) (Disk ID: 6F20736B)

No partition Table on disk 1.

Disk 1 is a removable device.

 

==================== End Of Log ============================

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-12-2014 01

Ran by Don S (administrator) on DONS-PC on 15-12-2014 10:13:23

Running from C:\Users\Don S\Desktop

Loaded Profile: Don S (Available profiles: Don S & Admin)

Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 11

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(AMD) C:\Windows\System32\atiesrxx.exe

(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe

(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe

() C:\Program Files (x86)\Backblaze\bzserv.exe

(Coupons.com Inc.) C:\Program Files (x86)\Coupons\CouponPrinterService.exe

(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe

(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Professional 7\PDFProFiltSrv.exe

(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

(Samsung Electronics Co., Ltd.) C:\Windows\System32\spool\drivers\x64\3\NetFaxServer64.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe

(Microsoft Corporation) C:\Windows\System32\mcbuilder.exe

(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE

(AOL Inc.) C:\Program Files (x86)\AIM\aim.exe

() C:\Program Files (x86)\Backblaze\bzbui.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe

(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe

(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\SmarThru Office\BackUpSvr.exe

(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\SmarThru Office\x64\LegacyLauncher.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe

(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe

(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe

(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe

(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe

(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe

(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfService.exe

() C:\Program Files (x86)\Backblaze\bzfilelist.exe

() C:\Program Files (x86)\Backblaze\x64\bztransmit64.exe

(Microsoft Corporation) C:\Windows\SysWOW64\dvdupgrd.exe

(Microsoft Corporation) C:\Windows\SysWOW64\dvdupgrd.exe

(Microsoft Corporation) C:\Windows\SysWOW64\cmmon32.exe

(Microsoft Corporation) C:\Windows\SysWOW64\fixmapi.exe

(Microsoft Corporation) C:\Windows\SysWOW64\cmmon32.exe

() C:\Program Files (x86)\PCPitstop\PC Matic\unins000.exe

(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe

(Microsoft Corporation) C:\Windows\SysWOW64\cmmon32.exe

(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe

(Microsoft Corporation) C:\Windows\SysWOW64\dplaysvr.exe

(Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe

() C:\Program Files (x86)\PCPitstop\PC Matic\unins000.exe

(Microsoft Corporation) C:\Windows\SysWOW64\upnpcont.exe

(Microsoft Corporation) C:\Windows\SysWOW64\systray.exe

(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe

(Microsoft Corporation) C:\Windows\SysWOW64\upnpcont.exe

(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe

() C:\Users\DONS~1\AppData\Local\Temp\_iu14D2N.tmp

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)

HKLM\...\Run: [HP LaserJet Professional M1530 MFP Series Fax] => C:\Program Files\HP\HP LaserJet Professional M1530 MFP Series\Fax Driver\hppfaxprintersrv.exe "HP LaserJet Professional M1530 MFP Series Fax"

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)

HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [438784 2010-12-17] ()

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)

HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [362432 2011-12-22] (Citrix Systems, Inc.)

HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)

HKLM-x32\...\Run: [brMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN

HKLM-x32\...\Run: [sTO Backup Service] => C:\Program Files (x86)\SmarThru Office\BackUpSvr.exe [199760 2012-01-13] (Samsung Electronics Co., Ltd.)

HKLM-x32\...\Run: [sTO Launcher Service] => C:\Program Files (x86)\SmarThru Office\x64\LegacyLauncher.exe [405584 2012-01-13] (Samsung Electronics Co., Ltd.)

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe

HKLM-x32\...\Run: [browserPlugInHelper] => C:\Program Files (x86)\iSkysoft\iTube Studio\BrowserPlugInHelper.exe

HKLM-x32\...\Run: [sDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5580752 2013-12-19] (Safer-Networking Ltd.)

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)

HKLM-x32\...\Run: [blueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [843480 2014-10-08] (BlueStack Systems, Inc.)

HKLM-x32\...\Run: [info Center] => C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe [28792 2013-12-26] (PC Pitstop LLC)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]

HKU\S-1-5-21-1237837275-29157359-2308031490-1000\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2014-10-14] (Microsoft Corporation)

HKU\S-1-5-21-1237837275-29157359-2308031490-1000\...\Run: [cdloader] => C:\Users\Don S\AppData\Roaming\mjusbsp\cdloader2.exe [51592 2013-05-06] (magicJack L.P.)

HKU\S-1-5-21-1237837275-29157359-2308031490-1000\...\Run: [Aim] => C:\Program Files (x86)\AIM\aim.exe [4321112 2011-05-03] (AOL Inc.)

HKU\S-1-5-21-1237837275-29157359-2308031490-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)

HKU\S-1-5-21-1237837275-29157359-2308031490-1000\...\Run: [backblaze] => C:\Program Files (x86)\Backblaze\bzbui.exe [493672 2014-11-21] ()

HKU\S-1-5-21-1237837275-29157359-2308031490-1000\...\Run: [iSUSPM] => "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

HKU\S-1-5-21-1237837275-29157359-2308031490-1000\...\Run: [spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [6032840 2013-12-19] (Safer-Networking Ltd.)

HKU\S-1-5-21-1237837275-29157359-2308031490-1000\...\Run: [DellSystemDetect] => C:\Users\Don S\AppData\Local\Apps\2.0\9DDDYZMH.HXM\CQ1OTBA7.CQK\dell..tion_e30b47f5d4a30e9e_0005.000c_1df9a4888f2ef11e\DellSystemDetect.exe [264488 2014-10-15] (Dell)

HKU\S-1-5-21-1237837275-29157359-2308031490-1000\...\RunOnce: [Adobe Speed Launcher] => 1418652000

HKU\S-1-5-21-1237837275-29157359-2308031490-1000\...\MountPoints2: {5b5755d8-9913-11e1-b248-00256405899f} - I:\LaunchU3.exe

HKU\S-1-5-21-1237837275-29157359-2308031490-1000\...\MountPoints2: {5b5755e2-9913-11e1-b248-00256405899f} - I:\LaunchU3.exe -a

HKU\S-1-5-21-1237837275-29157359-2308031490-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 243 more characters). <==== Poweliks!

HKU\S-1-5-18\...\Run: [backblaze] => C:\Program Files (x86)\Backblaze\bzbui.exe [493672 2014-11-21] ()

Startup: C:\Users\Don S\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk

ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

Startup: C:\Users\Don S\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yahoo! Widgets.lnk

ShortcutTarget: Yahoo! Widgets.lnk -> C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.)

ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Don S\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Don S\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Don S\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Don S\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Don S\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Don S\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Don S\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll (Dropbox, Inc.)

BootExecute: autocheck autochk * sdnclean64.exe

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKU\S-1-5-21-1237837275-29157359-2308031490-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

SearchScopes: HKLM-x32 -> DefaultScope value is missing.

BHO: Speckie -> {8CE7F568-67FA-4432-BA39-F5AFD68E7B8B} -> C:\Users\Don S\AppData\Roaming\Speckie\bin64\Speckie64.dll (Versoworks Pty Ltd)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)

BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)

BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll (Adblock Plus)

BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\PlusIEContextMenu.dll (Zeon Corporation)

BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)

BHO-x32: Speckie -> {8CE7F568-67FA-4432-BA39-F5AFD68E7B8B} -> C:\Users\Don S\AppData\Roaming\Speckie\bin32\Speckie32.dll (Versoworks Pty Ltd)

BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)

BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)

BHO-x32: ZeonIEEventHelper Class -> {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} -> C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll (Zeon Corporation)

BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)

BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus)

Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

Toolbar: HKLM-x32 - DocuCom PDF - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll (Zeon Corporation)

Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)

Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKU\S-1-5-21-1237837275-29157359-2308031490-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File

Toolbar: HKU\S-1-5-21-1237837275-29157359-2308031490-1000 -> No Name - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} -  No File

Toolbar: HKU\S-1-5-21-1237837275-29157359-2308031490-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab

DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)

Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Hosts: Hosts file not detected in the default directory

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

 

FireFox:

========

FF ProfilePath: C:\Users\Don S\AppData\Roaming\Mozilla\Firefox\Profiles\ujppdshf.default-1396033520971

FF Homepage: hxxp://www.stocktraderspress.com/

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files (x86)\SkypeWebPlugin\npSkypeWebPlugin64.dll (Skype)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)

FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files (x86)\SkypeWebPlugin\npSkypeWebPlugin.dll (Skype)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.0.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin-x32: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npyaxmpb.dll (Yahoo! Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll (Catalina Marketing Corporation)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npyaxmpb.dll (Yahoo! Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)

FF Extension: FireFTP - C:\Users\Don S\AppData\Roaming\Mozilla\Firefox\Profiles\ujppdshf.default-1396033520971\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f} [2014-10-15]

FF Extension: Download videos and MP3s from YouTube - C:\Users\Don S\AppData\Roaming\Mozilla\Firefox\Profiles\ujppdshf.default-1396033520971\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900} [2014-10-06]

FF HKU\S-1-5-21-1237837275-29157359-2308031490-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff

FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-10-06]

 

Chrome:

=======

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2014-10-08] (BlueStack Systems, Inc.)

R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [388824 2014-10-08] (BlueStack Systems, Inc.)

R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [782040 2014-10-08] (BlueStack Systems, Inc.)

R2 bzserv; C:\Program Files (x86)\Backblaze\bzserv.exe [234600 2014-11-21] ()

R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [177648 2014-09-05] (Coupons.com Inc.)

S2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [142336 2010-04-12] (HP) [File not signed]

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)

S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-01-18] (Hewlett-Packard) [File not signed]

R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)

R2 PDFProFiltSrv; C:\Program Files (x86)\Nuance\PDF Professional 7\PDFProFiltSrv.exe [135016 2011-09-09] (Nuance Communications, Inc.)

S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-01-18] (Hewlett-Packard) [File not signed]

S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)

R2 Samsung Network Fax Server; C:\Windows\system32\spool\drivers\x64\3\NetFaxServer64.exe [229888 2011-06-20] (Samsung Electronics Co., Ltd.) [File not signed]

R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3666392 2013-12-19] (Safer-Networking Ltd.)

R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2729432 2013-12-19] (Safer-Networking Ltd.)

R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-12-19] (Safer-Networking Ltd.)

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

S3 appliand; C:\Windows\System32\DRIVERS\appliand.sys [33888 2011-06-25] (Applian Technologies Inc.)

R3 appliandMP; C:\Windows\System32\DRIVERS\appliand.sys [33888 2011-06-25] (Applian Technologies Inc.)

R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-10-08] (BlueStack Systems)

S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-12] (Malwarebytes Corporation)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)

R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)

R2 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-12-15 10:13 - 2014-12-15 10:29 - 00029130 _____ () C:\Users\Don S\Desktop\FRST.txt

2014-12-15 09:37 - 2014-12-15 10:18 - 00000000 ___DC () C:\FRST

2014-12-15 09:27 - 2014-12-15 09:28 - 02119168 _____ (Farbar) C:\Users\Don S\Desktop\FRST64.exe

2014-12-12 09:50 - 2014-12-12 09:50 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\561B7130.sys

2014-12-12 09:36 - 2014-12-15 09:00 - 00000000 ____D () C:\ProgramData\PCPitstop

2014-12-11 10:14 - 2014-12-11 10:14 - 00000000 ____D () C:\Windows\system32\appraiser

2014-12-11 09:58 - 2014-10-17 21:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll

2014-12-11 09:58 - 2014-10-17 20:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll

2014-12-11 09:28 - 2014-12-11 09:28 - 00003029 _____ () C:\Users\Don S\Desktop\Microsoft Outlook 2010.lnk

2014-12-10 12:39 - 2014-12-10 12:39 - 00000000 ____D () C:\Users\Don S\AppData\Local\{A6DB82A1-8BE2-439B-B21E-9F3D551C0FB8}

2014-12-10 05:29 - 2014-12-03 21:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll

2014-12-10 05:29 - 2014-12-03 21:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll

2014-12-10 05:29 - 2014-12-03 21:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll

2014-12-10 05:29 - 2014-12-03 21:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll

2014-12-10 05:29 - 2014-12-03 21:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2014-12-10 05:29 - 2014-12-03 21:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll

2014-12-10 05:29 - 2014-12-03 21:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2014-12-10 05:29 - 2014-12-01 18:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe

2014-12-10 05:28 - 2014-11-26 20:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-12-10 05:28 - 2014-11-26 20:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-12-10 05:28 - 2014-11-21 22:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-12-10 05:28 - 2014-11-21 22:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-12-10 05:28 - 2014-11-21 22:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-12-10 05:28 - 2014-11-21 21:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-12-10 05:28 - 2014-11-21 21:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-12-10 05:28 - 2014-11-21 21:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-12-10 05:28 - 2014-11-21 21:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-12-10 05:28 - 2014-11-21 21:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-12-10 05:28 - 2014-11-21 21:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-12-10 05:28 - 2014-11-21 21:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-12-10 05:28 - 2014-11-21 21:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-12-10 05:28 - 2014-11-21 21:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-12-10 05:28 - 2014-11-21 21:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-12-10 05:28 - 2014-11-21 21:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-12-10 05:28 - 2014-11-21 21:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-12-10 05:28 - 2014-11-21 21:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-12-10 05:28 - 2014-11-21 21:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-12-10 05:28 - 2014-11-21 21:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-12-10 05:28 - 2014-11-21 21:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-12-10 05:28 - 2014-11-21 21:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-12-10 05:28 - 2014-11-21 21:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-12-10 05:28 - 2014-11-21 21:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-12-10 05:28 - 2014-11-21 21:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-12-10 05:28 - 2014-11-21 21:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-12-10 05:28 - 2014-11-21 21:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-12-10 05:28 - 2014-11-21 21:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-12-10 05:28 - 2014-11-21 21:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2014-12-10 05:28 - 2014-11-21 21:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-12-10 05:28 - 2014-11-21 20:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-12-10 05:28 - 2014-11-21 20:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-12-10 05:28 - 2014-11-21 20:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-12-10 05:28 - 2014-11-21 20:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-12-10 05:28 - 2014-11-21 20:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-12-10 05:28 - 2014-11-21 20:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-12-10 05:28 - 2014-11-21 20:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-12-10 05:28 - 2014-11-21 20:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-12-10 05:28 - 2014-11-21 20:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-12-10 05:28 - 2014-11-21 20:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-12-10 05:28 - 2014-11-21 20:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-12-10 05:28 - 2014-11-21 20:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-12-10 05:28 - 2014-11-21 20:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-12-10 05:28 - 2014-11-21 20:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-12-10 05:28 - 2014-11-21 20:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-12-10 05:28 - 2014-11-21 20:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-12-10 05:28 - 2014-11-21 20:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-12-10 05:28 - 2014-11-21 20:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-12-10 05:28 - 2014-11-21 20:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-12-10 05:28 - 2014-11-21 20:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2014-12-10 05:28 - 2014-11-21 20:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-12-10 05:28 - 2014-11-21 20:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-12-10 05:28 - 2014-11-21 20:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-12-10 05:28 - 2014-11-21 20:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-12-10 05:28 - 2014-11-21 19:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-12-10 05:28 - 2014-11-21 19:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-12-10 05:28 - 2014-11-10 22:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll

2014-12-10 05:28 - 2014-11-10 21:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll

2014-12-10 05:28 - 2014-11-10 20:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys

2014-12-10 05:28 - 2014-11-07 22:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2014-12-10 05:28 - 2014-11-07 21:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2014-12-10 05:28 - 2014-10-29 21:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe

2014-12-10 05:28 - 2014-10-29 20:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe

2014-12-10 05:28 - 2014-10-02 21:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll

2014-12-10 05:28 - 2014-10-02 21:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll

2014-12-10 05:28 - 2014-10-02 21:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll

2014-12-10 05:28 - 2014-10-02 21:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll

2014-12-10 05:28 - 2014-10-02 21:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe

2014-12-10 05:28 - 2014-10-02 20:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll

2014-12-10 05:28 - 2014-10-02 20:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll

2014-12-10 05:28 - 2014-10-02 20:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll

2014-12-10 05:28 - 2014-10-02 20:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll

2014-12-10 05:28 - 2014-10-02 20:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe

2014-12-01 22:34 - 2014-12-01 22:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-12-01 16:34 - 2014-12-09 15:02 - 00009034 _____ () C:\Users\Don S\_viminfo

2014-12-01 12:36 - 2014-12-04 13:10 - 00000000 ____D () C:\Users\Don S\Desktop\Mon bay Sec Corp

2014-11-19 04:31 - 2014-11-19 04:31 - 01217192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FM20.DLL

2014-11-19 03:08 - 2014-11-10 22:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2014-11-19 03:08 - 2014-11-10 22:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll

2014-11-19 03:08 - 2014-11-10 21:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

2014-11-19 03:08 - 2014-11-10 21:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-12-15 10:33 - 2012-11-26 08:45 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-12-15 10:29 - 2014-02-26 10:04 - 01707027 _____ () C:\Windows\WindowsUpdate.log

2014-12-15 10:06 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache

2014-12-15 09:53 - 2012-03-29 15:53 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-12-15 09:26 - 2012-11-26 08:45 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-12-15 09:03 - 2010-04-13 09:08 - 00000000 ____D () C:\Users\Don S\Documents\Outlook Files

2014-12-15 09:02 - 2014-03-20 08:20 - 00000000 ____D () C:\Users\Don S\Documents\Outlook Data

2014-12-13 04:30 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\tracing

2014-12-13 03:48 - 2009-07-13 23:45 - 00025424 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-12-13 03:48 - 2009-07-13 23:45 - 00025424 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-12-13 03:26 - 2014-10-20 08:30 - 00001736 _____ () C:\Windows\setupact.log

2014-12-13 03:26 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-12-12 16:02 - 2012-09-05 11:47 - 00000072 _____ () C:\Users\Public\LMDebug.log

2014-12-12 14:58 - 2014-08-19 14:08 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-12-12 14:53 - 2012-06-05 12:32 - 00000000 ____D () C:\Users\Don S\AppData\Roaming\uTorrent

2014-12-12 14:50 - 2013-01-28 14:04 - 00000000 ____D () C:\Users\Don S\Desktop\New folder

2014-12-12 10:24 - 2010-04-08 16:51 - 00000000 ____D () C:\Users\Don S\AppData\Local\VirtualStore

2014-12-12 10:22 - 2014-03-14 13:02 - 00103150 _____ () C:\Windows\PFRO.log

2014-12-12 10:11 - 2013-08-08 09:34 - 00000000 ____D () C:\Program Files (x86)\iSkysoft

2014-12-12 10:10 - 2012-11-26 08:45 - 00000000 ____D () C:\Program Files (x86)\Google

2014-12-12 10:10 - 2012-03-12 10:20 - 00000000 ____D () C:\Users\Don S\AppData\Local\Google

2014-12-12 10:10 - 2010-04-20 12:31 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information

2014-12-12 10:09 - 2012-09-06 14:49 - 00000000 ____D () C:\Users\Don S\AppData\Local\Deployment

2014-12-12 10:09 - 2011-12-05 14:54 - 00000000 ____D () C:\Users\Don S\AppData\Local\Jaksta_Technologies_Pty_L

2014-12-12 10:08 - 2014-11-10 11:22 - 00000000 ____D () C:\Program Files (x86)\BlueStacks

2014-12-12 09:35 - 2014-08-19 14:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-12-12 09:35 - 2014-08-19 14:08 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-12-12 09:35 - 2014-03-14 12:54 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-12-11 10:14 - 2014-05-06 02:01 - 00000000 ___SD () C:\Windows\system32\CompatTel

2014-12-11 10:14 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

2014-12-11 10:14 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat

2014-12-11 10:11 - 2010-05-25 10:32 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-12-11 10:08 - 2013-08-15 02:02 - 00000000 ____D () C:\Windows\system32\MRT

2014-12-11 10:02 - 2010-04-13 08:37 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-12-10 16:37 - 2011-10-07 09:38 - 00000000 ____D () C:\ProgramData\TEMP

2014-12-10 12:53 - 2012-03-29 15:53 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-12-10 12:53 - 2012-03-29 15:53 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-12-10 12:53 - 2011-08-22 08:45 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-12-09 15:02 - 2010-04-13 15:22 - 00000000 ____D () C:\Users\Don S\Desktop\STP FTP

2014-12-09 15:02 - 2010-04-08 16:51 - 00000000 ____D () C:\Users\Don S

2014-12-09 12:22 - 2014-07-09 13:42 - 00000000 ____D () C:\Users\Don S\Desktop\Monarch Bay Sec

2014-12-04 14:48 - 2014-03-17 09:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-12-02 02:41 - 2012-02-01 14:41 - 00000000 ____D () C:\Users\Admin

2014-11-21 16:22 - 2014-02-18 11:12 - 00000000 ____D () C:\Program Files (x86)\Backblaze

2014-11-21 14:18 - 2009-07-14 00:13 - 00786662 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-11-21 06:14 - 2014-08-19 14:08 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-11-21 06:14 - 2014-08-19 14:08 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-11-21 06:14 - 2011-12-09 10:28 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-11-19 09:21 - 2009-11-03 17:45 - 00000000 ___DC () C:\dell

2014-11-17 13:15 - 2014-09-29 15:44 - 00002521 _____ () C:\Users\Don S\Desktop\Windows 7 USB DVD Download Tool.lnk

2014-11-17 13:15 - 2014-09-29 15:44 - 00000000 ____D () C:\Users\Don S\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool

2014-11-17 13:15 - 2014-09-29 15:44 - 00000000 ____D () C:\Users\Don S\AppData\Local\Apps\Windows 7 USB DVD Download Tool

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2014-12-05 00:22

 

==================== End Of Log ============================

Link to post
Share on other sites

  • Staff

Hi Don, 
 
Please work your way through the following steps. 
 
STEP 1
xfuv55DC.png.pagespeed.ic.utHP7dQtHY.jpg Creating System Restore Point (W7/Vista)

  • Click the Windows Start Button 29Fou9c.jpg. Right-click Computer and click Properties.
  • Click System protection in the panel on the left. 
  • Click the System Protection tab, followed by Create.
  • In the System Protection dialog box, type a description, and click Create.
  • Upon completion, close the window.
     

STEP 2
9SN2ePL.png ComboFix

  • Note: Please read through these instructions before running ComboFix. 
  • Please download ComboFix and save the file to your Desktop. << Important!
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Right-Click ComboFix.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts. 
     
  • Allow ComboFix to complete it's removal routine (please refer to Important Notes:).
  • Upon completion, a log (ComboFix.txt) will be created in the root directory (C:\). Copy the contents of the log and paste in your next reply.
  • Re-enable your anti-virus software.
     

Important Notes:

  • Do NOT mouse click ComboFix's window whilst it is running. This may cause the programme to stall.
  • Do NOT use your computer whilst ComboFix is running.
  • Your Desktop/taskbar may disappear whilst ComboFix is running; this is normal.
     
  • If you get the message Illegal operation attempted on registry key that has been marked for deletion please reboot your computer.
  • ComboFix will disconnect your machine from the Internet as soon as it starts.
  • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
  • If you are unable to access the Internet after running ComboFix, please reboot your computer. 
     

STEP 3
BY4dvz9.png AdwCleaner

  • Please download AdwCleaner and save the file to your Desktop.
  • Right-Click AdwCleaner.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts. 
  • Click Scan
  • Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate. 
  • Ensure anything you know to be legitimate does not have a checkmark, and click Clean
  • Follow the prompts and allow your computer to reboot
  • After rebooting, a log (AdwCleaner[s0].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and folder backups are made for anything removed using this tool. Should a legitimate file or folder be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.
 

STEP 4
E3feWj5.png Junkware Removal Tool (JRT)

  • Please download Junkware Removal Tool and save the file to your Desktop.
  • Note: If you unchecked any items in AdwCleaner, please backup the associated folders/files before running JRT.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Right-Click JRT.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts and allow the scan to run uninterrupted. 
  • Upon completion, a log (JRT.txt) will open on your desktop.
  • Re-enable your anti-virus software.
  • Copy the contents of JRT.txt and paste in your next reply.
     

STEP 5
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Yes to the disclaimer.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply. 
     

======================================================

STEP 6
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • ComboFix.txt
  • AdwCleaner[s0].txt
  • JRT.txt
  • FRST.txt
  • Addition.txt
Link to post
Share on other sites

Adam, thank you. Here are the logs:

 

# AdwCleaner v4.105 - Report created 16/12/2014 at 09:35:19

# Updated 08/12/2014 by Xplode

# Database : 2014-12-13.4 [Live]

# Operating System : Windows 7 Professional Service Pack 1 (64 bits)

# Username : Don S - DONS-PC

# Running from : C:\Users\Don S\Desktop\AdwCleaner(1).exe

# Option : Clean

 

***** [ Services ] *****

 

Service Deleted : YahooAUService

 

***** [ Files / Folders ] *****

 

[!] Folder Deleted : C:\Windows\System32\Online

 

***** [ Scheduled Tasks ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8DCB7100-DF86-4384-8842-8FA844297B3F}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8DCB7100-DF86-4384-8842-8FA844297B3F}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8DCB7100-DF86-4384-8842-8FA844297B3F}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{8DCB7100-DF86-4384-8842-8FA844297B3F}]

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{8DCB7100-DF86-4384-8842-8FA844297B3F}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}

Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{8DCB7100-DF86-4384-8842-8FA844297B3F}]

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.1.2

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v11.0.9600.17496

 

 

-\\ Mozilla Firefox v34.0 (x86 en-US)

 

 

*************************

 

AdwCleaner[R0].txt - [17531 octets] - [18/03/2014 09:11:50]

AdwCleaner[R1].txt - [1137 octets] - [18/03/2014 09:19:22]

AdwCleaner[R2].txt - [3195 octets] - [16/12/2014 09:30:43]

AdwCleaner[s0].txt - [17788 octets] - [18/03/2014 09:13:22]

AdwCleaner[s1].txt - [1199 octets] - [18/03/2014 09:21:13]

AdwCleaner[s2].txt - [3140 octets] - [16/12/2014 09:35:19]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s2].txt - [3200 octets] ##########

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.4.0 (11.29.2014:1)

OS: Windows 7 Professional x64

Ran by Don S on Tue 12/16/2014 at 10:10:47.91

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

Successfully stopped: [service] couponprinterservice

Successfully deleted: [service] couponprinterservice

 

 

 

~~~ Registry Values

 

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-1237837275-29157359-2308031490-1000\Software\Microsoft\Internet Explorer\Main\\Start Page

 

 

 

~~~ Registry Keys

 

 

 

~~~ Files

 

Successfully deleted: [File] "C:\Windows\couponprinter.ocx"

Successfully deleted: [File] C:\Windows\prefetch\GOOGLETOOLBARMANAGER_8CA8B414-8A88BD82.pf

Successfully deleted: [File] C:\Windows\prefetch\GOOGLETOOLBARNOTIFIER.EXE-7AE0A20E.pf

Successfully deleted: [File] C:\Windows\prefetch\GOOGLETOOLBARUSER_32.EXE-34B1B1C5.pf

 

 

 

~~~ Folders

 

Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{009D88D3-572E-48BF-A7B6-E8A788F9AF21}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{016B586E-CE1C-4B3A-BF4E-97A8E5C28105}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{01D22AFE-A856-4C04-A556-E018E5632FCD}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{02650187-DDE8-46FB-BC23-84DC5CEF8471}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{0314703D-C37D-468A-8D2E-51C42D68B1A1}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{03BE9AC9-9210-4333-8E70-739BAA2EA8CC}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{03F8A5AB-14D1-4C2F-984F-AC8B800D4309}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{04F6C65B-DE28-4BA8-8358-900DAD5C6E48}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{05526A17-9EFF-4EE1-8C7C-265D003E13D0}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{072DEDFA-A9A4-4800-9470-29A4AB23B98D}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{07797453-2B0A-40EB-8335-5097BDC3EFFE}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{08C3FB42-C98D-4A88-897B-4D96429B09D8}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{0A6FE706-18A7-49F1-B1EB-859B3C87E0DD}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{0D2337AE-D9A7-47B4-B12A-3F7BD0886744}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{0D419BA8-34AB-40A9-AE7A-EB42FA793408}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{0D41AF8A-B6EF-43F5-ABCB-6CC36F3123CE}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{0DEDFF55-8127-49DB-B3F9-6BC1CB7C69C6}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{0DF3C75A-AE5C-45E0-ABD1-F2714488D27A}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{0E16E577-DE5C-4882-BC40-1AEFA6041F4C}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{0E2BBAC9-56F1-4922-8234-299FE7919F9F}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{118328BA-E206-4860-ABE8-81488AD6A63D}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{11FF1BB7-7B4E-4427-8428-CD86E4F415FC}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{1212669C-BC9E-4720-8822-733B1F608B9F}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{125FFD31-2476-4533-906F-6E2778D44360}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{13AF4EB1-4F3E-40BF-A2AB-76E73C9A0E1D}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{14E2FEBE-E25E-4DD2-AAE8-86B7D2E9EAC5}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{152A06B8-BA89-4019-BE80-C9610FFAE17E}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{15990BDB-9A73-4A49-9A28-19E3E4A37B81}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{15CD97E6-6940-403D-A75C-0DAD793BAEA8}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{18D4CACD-06AA-497F-9A4C-028A882761E0}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{199D9BCA-6603-407E-BDE3-C8DEA26DEA75}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{1A8BA4FC-2174-44ED-9B26-8B7B466CF30B}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{1BC9485C-6FDA-45BC-B072-7B9C9EABDCEE}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{1C1CB804-1586-4F93-8526-333193440E4F}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{1C537E0F-904B-4C7D-B49D-533D5AD23E68}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{1C5F4427-487D-436A-BFD6-E2F09146F755}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{1C68F765-F695-4536-9329-5D5411CE43BB}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{1DBCAA29-60F2-4A02-A970-436D63D57114}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{1E247907-A40C-4D46-BBC3-D30FC1D51088}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{1F1B5B18-C70E-4948-B273-463B0416C890}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{1F5963DB-7A0D-4015-82CC-A2212870D44E}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{208DBC62-E646-4FCB-B299-F620583FB91A}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{211FEA94-10D6-4412-95E1-F18EF6B5334E}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{24D88D7E-1689-4BCA-8A37-0F9DC2062187}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{25DCC700-C98A-417A-98FC-6299E59E46C2}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{28626723-EC0C-49A9-B1F6-069796C13400}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{2892242A-E034-4B4F-B1C6-8E1B4F7F7CC2}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{290402DA-AE83-4E6D-8856-95451909F003}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{295E4CE4-1EC3-45EF-90BE-DB47BA59C45F}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{2965DB1A-B8E3-404D-B523-C153390BB3E1}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{29C01344-6BFD-47DB-8D15-9CA5BBBB8C75}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{29CC0F20-8D79-44B4-9760-7E8D6E9411E5}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{2A48750A-D720-466B-8406-A84296DEA469}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{2A490B1E-4E75-4FC4-BCA6-D8AA7E7EE3DA}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{2AE4BC0A-1B32-4193-8A94-4BBFB94289D6}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{2BB7761D-8F71-4F2A-9BE7-A07BE2FF18FC}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{2C55D955-36FB-4BF4-83D4-343F303E9046}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{2D8B68D9-10BB-4759-9A57-719035AA2969}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{2FC2A5C0-48BA-44D7-B0C7-711F51D9F4F1}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{306D7F99-44AF-4EED-B70E-EC108A775AA2}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{327E08BA-9D76-4248-9D7B-37A0EE41F706}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{35324EEB-3730-4713-9BAA-9320CCF9BB1D}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{35731210-4773-4381-A583-974E1A257C8F}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{35740361-F30A-41BF-93B1-C7EE5DB9CF9A}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{363E4EC4-A832-4CFE-B7F9-24DEE55DE667}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{370CFDE9-8313-4999-BDE2-DDACE1A0CAFC}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{3BF57D89-48A7-40E3-92A0-429BE23FA374}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{3C16D333-6EDC-4665-9558-E652E782540D}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{3C3D9A98-2320-426B-888A-2487EE38D9C7}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{3C92C56E-CE03-4267-9416-F6104BDF7449}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{3CEA0AE0-0425-4C21-851D-F7289E18707A}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{3DB71072-53CC-4B93-B96D-CE4FB9BE6890}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{3F7D26C1-6268-4CB8-B719-57B078CFBE66}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{402A1FFD-D838-4AA8-8AC7-7E1C78D80BAB}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{40E498AC-DBE7-4982-94FD-C15CF6B9F2D1}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{411671F9-9782-450C-89F9-05ECB2C50056}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{41B55DA8-7C64-4F18-A740-FFA744903845}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{44447c60-5bb2-65b6-5435-0ccf78eab4cd}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{44E3D7E5-16EE-430A-AE93-9F1979668BCE}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{4573F462-AA79-41C9-99FD-5F09F2A1CB41}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{470A7E58-7F9B-4B9C-BBE5-7D898B18C588}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{472E9669-AA47-4958-ACAC-06DEF6F3C5F3}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{47C15D0D-2688-4D99-A7A7-3EDEB0B4DF02}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{491FC587-3B9C-4A9D-AB85-45E3766B867C}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{49C61A4F-707E-44D3-BF09-CCA37F6FE0D4}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{49F9E70D-2E8D-4FEE-B9C3-1EF9E81E12DA}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{4B97140C-014B-472B-8766-EED02ADC2132}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{4B9A09E0-DD35-4129-8A6F-93D457E33D20}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{4EA3F2E1-4C5D-4927-BFF8-2E1F57427C98}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{4EA5CDB1-07C5-47D6-A4C7-3667E5AD9504}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{4FD52080-32C6-4EDB-851A-330D7CFB5C0A}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{50530D99-9C22-4C14-BBD7-5ED3ADC7A115}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{50C5B257-1BFD-4A7A-9D17-B822C6EBAD93}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{50C8958E-6D3D-40C9-88A0-B3347DCAE39B}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{526AA0E3-F70F-4316-B0AD-A25CB006811E}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{542CDC7D-E914-4C5E-AFD4-DFDAA0EF7DEA}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{555FA14D-56A2-473D-A7CC-7B7317DF89E8}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{55F6B54D-6BDA-4029-848C-3920FFB45716}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{56F9F828-D2FE-4110-B754-DFB99A244AEF}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{59631B55-C654-484A-AE0C-7CAE525687C8}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{5AA34463-8D0A-4809-ADF4-C38400EC891B}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{5C6C233B-3925-43A1-B52F-8C9348E747D4}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{5CA3722A-3223-4D50-B48A-3192535E6180}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{5CBD2161-879D-4DF6-890A-724F89A62A2B}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{5D91A087-220D-4B62-8A88-E4B005818E5C}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{5F26D1B1-22CC-420C-876B-4B517FAEBFD1}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{6127FCB9-0C8B-4D14-BB71-9418342281C5}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{614EF7E1-92F6-498F-A861-CF37A76EC80E}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{62BA8816-D927-4BC6-A8E3-E5B93A9374BE}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{63D03B3B-B38B-41F8-98C4-71E4BD54F52A}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{6462FE33-00BF-4A3E-BBB0-626F9F820132}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{64AC13C7-8476-4CA2-B1D9-60A20629A251}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{64FC3E60-93B5-42FD-872F-DC46626C4C84}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{65FB6439-59EE-46F2-85C5-A86B64BA77E2}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{673874A1-DE8A-492F-8526-40C0E62FDCCD}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{676EABD5-7759-441D-83AB-24F3E083243B}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{68C40875-61DE-4126-83EF-020F0D279C60}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{68D413DA-DDB8-4244-82E9-C1984FA0E103}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{68FEBC99-9D95-4FE6-A5E8-5F8AC763CCE7}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{6ABE489E-5993-4C02-A1B3-C42722F2226C}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{6ADF49D7-89E2-462A-90E2-5C03D6E56A23}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{6AEC59FB-BCE5-421A-8E98-DCBCE7CABD50}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{6C5EC60C-7739-4FA3-AE3C-521031912044}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{6CE39077-FD31-485D-BABA-D57449F326FB}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{6D948F20-2E7E-4F04-8417-429F68560EAF}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{6EB4EC2E-E361-4493-8B6C-AEFC30A34863}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{6EBA275E-EFF7-44C5-8BF2-5E46770AF2A6}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{6EE86FF7-4515-4D34-A08F-9DD4B8EB7ACF}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{70F240E0-3D00-4B3C-B0DA-F011209948F8}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{7141702E-F81C-404A-B5B9-3A20594532EA}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{714D6C52-A81A-4E99-8777-9B594B87C47F}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{719122EE-AC3D-45E9-993D-73B8A1417368}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{720A460D-E1EB-45D6-AAE5-E215B255A206}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{72EB4361-78F6-4C3B-9ACD-1C5BAE291429}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{739052EA-4756-4374-9AAD-31F9B611F45A}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{742C34B4-FE32-4A40-8308-8B227EC9A3E8}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{74C2AE57-7CE7-4F87-A153-823B698AEB8D}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{7523E9FC-19C4-437A-8217-024B6230E9C9}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{753FD0CC-A6F2-41BC-901B-E9A65FE80128}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{75812B86-2732-4410-94E7-6E72360684E8}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{759E59AC-8872-48FB-ADB3-3E53F332D885}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{76C4F438-9115-4FC2-9F56-2BF45A1B49A8}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{77BE294D-800B-483F-87A6-5BE704B83B67}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{789655D5-645F-4EF5-8840-924AB24655CF}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{789EE88B-AA5C-4D12-BA02-B967B318A029}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{78ADCD1A-CCBF-421D-BDAD-09335BB8CD30}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{78D676B8-7EBB-4B40-9E39-A4D0B8304911}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{78F90551-6B33-4D5F-AE80-2460D51C6AE2}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{7963A9C7-4DC5-4B22-AC68-554DB0EA9534}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{7A1BBDD4-1142-4D6F-925A-C3FF6F6901FF}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{7A33247C-C6AF-4354-A548-377A74C0B340}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{7B43780B-48AE-4159-969E-0E49B1EA88E0}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{7CD265A2-D9CD-452C-995B-18970025CD32}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{81FD1A42-8EE1-445A-8A43-D67059E63EA4}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{82E181C5-ADF8-45DB-80AF-4F8187DBD0D0}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{854A8D91-626C-4699-851B-423B1616E921}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{87B16419-5716-42CC-93FF-8E08BA86C37B}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{8802796C-C563-4922-A1D8-80DF341553DA}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{89992117-E50A-44F0-8638-4250EA8953C8}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{8AD70865-8595-4DD3-AD02-62345E66694B}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{8B295E68-81AA-424D-A356-F492A73CF397}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{8B4D38E9-7CA0-4165-9F30-55696C844722}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{8BCA4BAD-7A7A-4596-94BC-ABCBE32D0534}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{8C9B8E73-136F-4E5B-93AE-4BBED8AA1D28}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{8E712C35-25A0-48A9-BC75-D6B5EABE3424}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{8E751306-599F-4A2D-B164-0C433022290A}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{906F39A2-72D2-4B2D-AC98-0B1B4BB66621}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{91363D60-9476-473F-BCD4-B3A20B4296C3}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{9170D9A2-0360-49E1-BB41-373FC17C27CF}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{92314AE6-1444-41C6-BF5F-26F49E35AEB5}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{93736B21-25FB-4DC8-BD74-1D70831E47F9}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{95833E15-F5BF-4F0D-8362-F19F08E236F5}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{95CB583B-0742-4FA3-9092-020BE932D10D}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{964EB4C0-D554-40E1-A642-9397AF077078}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{965567F0-5BA1-4ED8-8FE3-346AC57EF06C}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{9AAC5C0C-879C-4C95-8F63-4A21259C00BB}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{9C3B5602-2C55-4541-8A1E-6B72884D37FA}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{9E715329-2AF1-4216-8B7E-FA7F1DCC143C}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{9E803F5F-F77E-4D44-8F29-B5150D38221A}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{A001AE62-4889-446B-9543-4D7A760A7711}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{A11D1269-63FD-4EFD-866D-E03F3A104779}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{A294C49B-F663-46D6-A74E-F2EE991D90D4}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{A2E62476-C099-446B-B25B-D93D604E7006}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{A3619545-A6F9-4B56-B0F2-5DE00353A5C1}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{A374A848-C950-406C-B320-1F639C306908}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{A42D558B-C58D-469A-B54E-98374A5A5D72}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{A4F23EEF-4159-4B69-9D3C-863B8086252D}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{A527CDD8-60ED-47D6-A083-28337BE9BB3F}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{A6DB82A1-8BE2-439B-B21E-9F3D551C0FB8}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{A77B65AB-22C3-4AAB-A8D8-A42BB4963018}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{A7FDAF01-B830-4A43-BFFE-0F2BA6E20C68}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{A982276D-32E8-48E3-9A4C-F38D2B4FC9B2}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{A9C3C7F9-6FE6-4BD5-BDB4-744D06983E25}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{AA2CB0AC-7449-484E-A146-8C51703BD337}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{AB22847A-55FB-43C0-B522-189660E64C10}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{AB70F4D7-1B9D-4D89-B543-1CE4F1C3860F}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{AB7A241F-D3D2-4728-B340-70F7584F8D1B}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{AD58287F-7BAC-481C-8D92-AFB4B0E87F2F}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{B090BE1F-DE90-477C-83DF-18626D66E3A7}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{B10D7107-CC3A-4575-8F02-E736A5C15032}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{B12CF724-EC90-42F0-A082-97F9E87C5656}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{B1EE0CEF-5EEE-47F1-A71D-9AECA8155044}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{B21DA47C-DAA3-4D85-B32E-133825070A70}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{B253F92A-74F9-4BE2-8FA0-EF02DEC2C200}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{B44123BD-593D-40BA-924A-89AAFA8C3D71}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{B4B08A93-8C97-413B-B27A-135D9CDA402B}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{B4FA86FA-3DEA-43DE-8219-358E1389E53E}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{B5D628F3-4967-4E74-9410-682F186DFA71}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{B60CBDD6-C731-435B-8111-B535C224AA87}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{B9B76992-BAD7-47E6-B9F7-1DF95F196753}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{BA19279A-6896-4E56-BB95-77A31BACEBE0}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{BB83A9C3-5537-4987-8EDA-2F33672B1B67}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{BBC624F3-CC04-4828-9F3B-D978563DDC71}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{BC30052B-763D-46F9-8A6E-B1A001DE955F}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{BD090016-C211-4BA1-AAE6-3F0D0E4D1CFE}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{C0625E08-AF6D-4F95-8E55-65343A825E9D}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{C3C911AC-33F5-4F30-BA13-44437CB9B0E6}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{C3DD9EAB-178F-4842-A033-3C67DB342448}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{C41CE579-E0AA-474D-BAD1-A220F745D1FA}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{C4C7D025-076A-494F-9B16-E3FEF4B7713E}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{C5242F11-77D2-455E-A4A0-2F04C4145BDB}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{C58C61F5-0073-438B-AEAD-F8D1B1E8CFF2}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{C5C351E9-B094-431B-A681-6113D74DD35E}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{C6C93269-4940-415C-9905-0ECC5E689621}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{C71C9552-EC96-4DE2-9839-2FA3E5613740}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{C729617A-6EC9-44FB-82C3-AF17E5ED6BBC}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{CDF21CCF-B80C-473E-BB92-673F8ACB6CBC}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{CF03C3FD-C6F5-4819-B724-90A176867BCD}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{CF6775A4-B1A6-4DAE-92A3-7CD74106DA02}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{D04AEE58-83A7-4543-B0BE-53A9AAB37B90}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{D1679B9F-9521-42C5-8A03-EAA9C4535F75}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{D1F6D5CB-0608-4F06-8511-8FCCBE13E10C}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{D24D0E28-0A07-4A8C-9AF5-22DA793E93C3}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{D3306FDF-A265-4759-AD09-34AB7BF6980E}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{D46CA7A9-3747-44ED-A967-21D540ECF788}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{D7EBCE6C-4220-46CB-B644-7AD11C849DA2}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{D7EDCFDD-0DC9-4200-88F7-BF18C0CBE2B7}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{D84DE6D9-BD30-4AC8-B9C1-6068EC5E22BA}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{DBE5B4BB-1A37-49D0-A7E9-21C5C35CEB1A}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{E2276635-7E43-4E57-A9C0-27A17C94E9CD}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{E293BFBD-EB0E-41F4-9C28-5DDADEED926D}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{E3687CC3-11B7-4D6D-B1EB-0AEFC7E18AB9}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{E37BE1FD-BE0A-4B59-9477-B96DE51A516A}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{E38738DB-DC4B-4E9D-A159-0CAC38A252A8}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{E3CAD49C-6E16-403A-ADC8-C6D347B753DC}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{E42E49FC-91E1-445D-B75A-1341C3ABA9F8}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{E4FE3517-4E94-463E-8543-5028D9735975}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{E5A2D675-D46A-403C-B21F-2C859BBF0F06}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{E5BEE820-044A-4C6B-A9E2-B8707A51E529}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{E79CA6C8-6104-4CBD-A580-F82DC9A846DF}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{E7AFFB23-9E2F-4B8E-BC29-34BE0AD2F401}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{E7F50B32-2D6B-46A4-8D49-48C747E4FB1C}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{E7F797E7-E587-40EC-97D1-B4137FF71D6C}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{E801F682-A1A1-41AC-A449-0F3AE782DC6D}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{E96ED2A8-6606-4D72-9EB9-21196D443820}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{EA89751D-BB78-4C91-BDD2-4456BF9C67E1}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{EB4CC410-1342-4A45-97F0-D99B49C8E8B8}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{EBEB795D-7272-489F-BCBF-3966A4C8D1E9}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{EC1E33A3-89A2-492E-889B-E36E9DC70097}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{EDA7DABC-EC3B-44FC-9815-82427DA85C48}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{EDBFAC8D-3E24-4732-817E-18FF99349FFF}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{EE8F6593-C89F-4C2B-AEF3-4EAD15118E4F}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{EEF354EE-A256-4BDA-BC29-82CEDD5808F4}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{F028D5A9-347B-4BBB-88CF-DCA33A4C6173}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{F17F935E-1169-43A1-ABF6-39A19F1AAE28}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{F2EBBDAC-BA4E-473F-A3EC-089EE691530A}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{F303B62C-ED33-4992-BA93-105EDC138431}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{F43AEE5B-6CF8-4B11-923B-E327BA411B71}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{F5F111A8-416C-4B1B-8CFA-E4349B68D656}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{F69E0E0B-85F8-4873-B575-C24423E703F3}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{F6EF462C-0C34-495D-A548-7D3900EC3C5A}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{F8383FB5-B059-4396-B1B7-FB4675228CEB}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{F8CD64FF-CC15-47BB-AAA0-DFE3E28F79D6}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{F8FBC819-DFCC-4131-9836-B254628E52BA}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{F9C842F7-2AEF-4E3A-B69B-B39040D5C229}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{FB01C03A-5E1E-4D35-A541-D3FB70E8E35B}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{FB2EFC0D-E468-4CD7-A8DF-816D69761F05}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{FC022BAD-2B3E-46C0-AC1C-DB7AF5A07168}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{FD13AA2C-9AEB-4B4A-94FC-EBE9710AD4F1}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{FE0A32E4-811E-4EF2-A311-2044C728754A}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{FE43D254-A4A6-4D8D-B577-76AAFD4B0BDF}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{FE44A22E-CB28-4177-A269-50987AE9D042}

Successfully deleted: [Empty Folder] C:\Users\Don S\appdata\local\{FEFEF548-4AD7-406B-8EB5-2B43C0145A05}

 

 

 

~~~ FireFox

 

Emptied folder: C:\Users\Don S\AppData\Roaming\mozilla\firefox\profiles\ujppdshf.default-1396033520971\minidumps [55 files]

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Tue 12/16/2014 at 10:13:43.66

End of JRT log

Link to post
Share on other sites

And the two logs from Farbar:

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-12-2014 01

Ran by Don S (administrator) on DONS-PC on 16-12-2014 10:32:33

Running from C:\Users\Don S\Desktop

Loaded Profile: Don S (Available profiles: Don S & Admin)

Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 11

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(AMD) C:\Windows\System32\atiesrxx.exe

(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe

(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe

() C:\Program Files (x86)\Backblaze\bzserv.exe

(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe

(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Professional 7\PDFProFiltSrv.exe

(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

(Samsung Electronics Co., Ltd.) C:\Windows\System32\spool\drivers\x64\3\NetFaxServer64.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE

(AOL Inc.) C:\Program Files (x86)\AIM\aim.exe

(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe

() C:\Program Files (x86)\Backblaze\bzbui.exe

(Dell) C:\Users\Don S\AppData\Local\Apps\2.0\9DDDYZMH.HXM\CQ1OTBA7.CQK\dell..tion_e30b47f5d4a30e9e_0005.000c_1df9a4888f2ef11e\DellSystemDetect.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe

(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\SmarThru Office\BackUpSvr.exe

(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\SmarThru Office\x64\LegacyLauncher.exe

(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe

(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe

(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe

(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

(Microsoft Corporation) C:\Windows\splwow64.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)

HKLM\...\Run: [HP LaserJet Professional M1530 MFP Series Fax] => C:\Program Files\HP\HP LaserJet Professional M1530 MFP Series\Fax Driver\hppfaxprintersrv.exe "HP LaserJet Professional M1530 MFP Series Fax"

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)

HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [438784 2010-12-17] ()

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)

HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [362432 2011-12-22] (Citrix Systems, Inc.)

HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)

HKLM-x32\...\Run: [sTO Backup Service] => C:\Program Files (x86)\SmarThru Office\BackUpSvr.exe [199760 2012-01-13] (Samsung Electronics Co., Ltd.)

HKLM-x32\...\Run: [sTO Launcher Service] => C:\Program Files (x86)\SmarThru Office\x64\LegacyLauncher.exe [405584 2012-01-13] (Samsung Electronics Co., Ltd.)

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [sDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5580752 2013-12-19] (Safer-Networking Ltd.)

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)

HKLM-x32\...\Run: [blueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [843480 2014-10-08] (BlueStack Systems, Inc.)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]

HKU\S-1-5-21-1237837275-29157359-2308031490-1000\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2014-10-14] (Microsoft Corporation)

HKU\S-1-5-21-1237837275-29157359-2308031490-1000\...\Run: [cdloader] => C:\Users\Don S\AppData\Roaming\mjusbsp\cdloader2.exe [51592 2013-05-06] (magicJack L.P.)

HKU\S-1-5-21-1237837275-29157359-2308031490-1000\...\Run: [Aim] => C:\Program Files (x86)\AIM\aim.exe [4321112 2011-05-03] (AOL Inc.)

HKU\S-1-5-21-1237837275-29157359-2308031490-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)

HKU\S-1-5-21-1237837275-29157359-2308031490-1000\...\Run: [backblaze] => C:\Program Files (x86)\Backblaze\bzbui.exe [493672 2014-11-21] ()

HKU\S-1-5-21-1237837275-29157359-2308031490-1000\...\Run: [spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [6032840 2013-12-19] (Safer-Networking Ltd.)

HKU\S-1-5-21-1237837275-29157359-2308031490-1000\...\Run: [DellSystemDetect] => C:\Users\Don S\AppData\Local\Apps\2.0\9DDDYZMH.HXM\CQ1OTBA7.CQK\dell..tion_e30b47f5d4a30e9e_0005.000c_1df9a4888f2ef11e\DellSystemDetect.exe [264488 2014-10-15] (Dell)

HKU\S-1-5-18\...\Run: [backblaze] => C:\Program Files (x86)\Backblaze\bzbui.exe [493672 2014-11-21] ()

Startup: C:\Users\Don S\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk

ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

Startup: C:\Users\Don S\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yahoo! Widgets.lnk

ShortcutTarget: Yahoo! Widgets.lnk -> C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.)

ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Don S\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Don S\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Don S\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Don S\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Don S\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Don S\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Don S\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll (Dropbox, Inc.)

BootExecute: autocheck autochk * sdnclean64.exe

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKU\S-1-5-21-1237837275-29157359-2308031490-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\S-1-5-21-1237837275-29157359-2308031490-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

BHO: Speckie -> {8CE7F568-67FA-4432-BA39-F5AFD68E7B8B} -> C:\Users\Don S\AppData\Roaming\Speckie\bin64\Speckie64.dll (Versoworks Pty Ltd)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll (Adblock Plus)

BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\PlusIEContextMenu.dll (Zeon Corporation)

BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)

BHO-x32: Speckie -> {8CE7F568-67FA-4432-BA39-F5AFD68E7B8B} -> C:\Users\Don S\AppData\Roaming\Speckie\bin32\Speckie32.dll (Versoworks Pty Ltd)

BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)

BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: ZeonIEEventHelper Class -> {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} -> C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll (Zeon Corporation)

BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

Toolbar: HKLM-x32 - DocuCom PDF - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll (Zeon Corporation)

Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKU\S-1-5-21-1237837275-29157359-2308031490-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File

Toolbar: HKU\S-1-5-21-1237837275-29157359-2308031490-1000 -> No Name - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} -  No File

Toolbar: HKU\S-1-5-21-1237837275-29157359-2308031490-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab

DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)

Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

 

FireFox:

========

FF ProfilePath: C:\Users\Don S\AppData\Roaming\Mozilla\Firefox\Profiles\ujppdshf.default-1396033520971

FF Homepage: hxxp://www.stocktraderspress.com/

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files (x86)\SkypeWebPlugin\npSkypeWebPlugin64.dll (Skype)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)

FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files (x86)\SkypeWebPlugin\npSkypeWebPlugin.dll (Skype)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.0.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin-x32: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npyaxmpb.dll (Yahoo! Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll (Catalina Marketing Corporation)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npyaxmpb.dll (Yahoo! Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)

FF Extension: FireFTP - C:\Users\Don S\AppData\Roaming\Mozilla\Firefox\Profiles\ujppdshf.default-1396033520971\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f} [2014-10-15]

FF Extension: Download videos and MP3s from YouTube - C:\Users\Don S\AppData\Roaming\Mozilla\Firefox\Profiles\ujppdshf.default-1396033520971\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900} [2014-10-06]

FF HKU\S-1-5-21-1237837275-29157359-2308031490-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff

FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-10-06]

 

Chrome:

=======

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2014-10-08] (BlueStack Systems, Inc.)

R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [388824 2014-10-08] (BlueStack Systems, Inc.)

R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [782040 2014-10-08] (BlueStack Systems, Inc.)

R2 bzserv; C:\Program Files (x86)\Backblaze\bzserv.exe [234600 2014-11-21] ()

S2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [142336 2010-04-12] (HP) [File not signed]

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)

R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-01-18] (Hewlett-Packard) [File not signed]

R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)

R2 PDFProFiltSrv; C:\Program Files (x86)\Nuance\PDF Professional 7\PDFProFiltSrv.exe [135016 2011-09-09] (Nuance Communications, Inc.)

R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-01-18] (Hewlett-Packard) [File not signed]

S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)

R2 Samsung Network Fax Server; C:\Windows\system32\spool\drivers\x64\3\NetFaxServer64.exe [229888 2011-06-20] (Samsung Electronics Co., Ltd.) [File not signed]

R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3666392 2013-12-19] (Safer-Networking Ltd.)

R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2729432 2013-12-19] (Safer-Networking Ltd.)

R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-12-19] (Safer-Networking Ltd.)

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

S3 appliand; C:\Windows\System32\DRIVERS\appliand.sys [33888 2011-06-25] (Applian Technologies Inc.)

R3 appliandMP; C:\Windows\System32\DRIVERS\appliand.sys [33888 2011-06-25] (Applian Technologies Inc.)

R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-10-08] (BlueStack Systems)

S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-12] (Malwarebytes Corporation)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)

R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)

R2 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)

S3 catchme; \??\C:\ComboFix\catchme.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-12-16 10:13 - 2014-12-16 10:13 - 00032012 _____ () C:\Users\Don S\Desktop\JRT.txt

2014-12-16 10:10 - 2014-12-16 10:10 - 00000000 ____D () C:\Windows\ERUNT

2014-12-16 09:58 - 2014-12-16 09:59 - 01707646 _____ (Thisisu) C:\Users\Don S\Desktop\JRT.exe

2014-12-16 09:29 - 2014-12-16 09:30 - 02166272 _____ () C:\Users\Don S\Desktop\AdwCleaner(1).exe

2014-12-15 16:25 - 2014-12-15 16:25 - 00027691 ____C () C:\ComboFix.txt

2014-12-15 15:42 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe

2014-12-15 15:42 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe

2014-12-15 15:42 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2014-12-15 15:42 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2014-12-15 15:42 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2014-12-15 15:42 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe

2014-12-15 15:42 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe

2014-12-15 15:42 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe

2014-12-15 15:36 - 2014-12-15 16:25 - 00000000 ___DC () C:\Qoobox

2014-12-15 15:35 - 2014-12-15 16:22 - 00000000 ____D () C:\Windows\erdnt

2014-12-15 15:29 - 2014-12-15 15:29 - 05601641 ____R (Swearware) C:\Users\Don S\Desktop\ComboFix.exe

2014-12-15 11:23 - 2014-12-15 11:32 - 04187592 _____ (Kaspersky Lab ZAO) C:\Users\Don S\Desktop\tdsskiller.exe

2014-12-15 10:41 - 2014-12-15 10:56 - 00036958 _____ () C:\Users\Don S\Desktop\Addition.txt

2014-12-15 10:13 - 2014-12-16 10:33 - 00025902 _____ () C:\Users\Don S\Desktop\FRST.txt

2014-12-15 09:37 - 2014-12-16 10:32 - 00000000 ___DC () C:\FRST

2014-12-15 09:27 - 2014-12-15 09:28 - 02119168 _____ (Farbar) C:\Users\Don S\Desktop\FRST64.exe

2014-12-12 09:50 - 2014-12-12 09:50 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\561B7130.sys

2014-12-12 09:36 - 2014-12-15 09:00 - 00000000 ____D () C:\ProgramData\PCPitstop

2014-12-11 10:14 - 2014-12-11 10:14 - 00000000 ____D () C:\Windows\system32\appraiser

2014-12-11 09:58 - 2014-10-17 21:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll

2014-12-11 09:58 - 2014-10-17 20:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll

2014-12-11 09:28 - 2014-12-11 09:28 - 00003029 _____ () C:\Users\Don S\Desktop\Microsoft Outlook 2010.lnk

2014-12-10 05:29 - 2014-12-03 21:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll

2014-12-10 05:29 - 2014-12-03 21:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll

2014-12-10 05:29 - 2014-12-03 21:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll

2014-12-10 05:29 - 2014-12-03 21:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll

2014-12-10 05:29 - 2014-12-03 21:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2014-12-10 05:29 - 2014-12-03 21:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll

2014-12-10 05:29 - 2014-12-03 21:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2014-12-10 05:29 - 2014-12-01 18:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe

2014-12-10 05:28 - 2014-11-26 20:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-12-10 05:28 - 2014-11-26 20:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-12-10 05:28 - 2014-11-21 22:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-12-10 05:28 - 2014-11-21 22:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-12-10 05:28 - 2014-11-21 22:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-12-10 05:28 - 2014-11-21 21:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-12-10 05:28 - 2014-11-21 21:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-12-10 05:28 - 2014-11-21 21:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-12-10 05:28 - 2014-11-21 21:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-12-10 05:28 - 2014-11-21 21:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-12-10 05:28 - 2014-11-21 21:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-12-10 05:28 - 2014-11-21 21:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-12-10 05:28 - 2014-11-21 21:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-12-10 05:28 - 2014-11-21 21:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-12-10 05:28 - 2014-11-21 21:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-12-10 05:28 - 2014-11-21 21:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-12-10 05:28 - 2014-11-21 21:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-12-10 05:28 - 2014-11-21 21:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-12-10 05:28 - 2014-11-21 21:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-12-10 05:28 - 2014-11-21 21:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-12-10 05:28 - 2014-11-21 21:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-12-10 05:28 - 2014-11-21 21:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-12-10 05:28 - 2014-11-21 21:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-12-10 05:28 - 2014-11-21 21:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-12-10 05:28 - 2014-11-21 21:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-12-10 05:28 - 2014-11-21 21:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-12-10 05:28 - 2014-11-21 21:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-12-10 05:28 - 2014-11-21 21:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-12-10 05:28 - 2014-11-21 21:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2014-12-10 05:28 - 2014-11-21 21:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-12-10 05:28 - 2014-11-21 20:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-12-10 05:28 - 2014-11-21 20:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-12-10 05:28 - 2014-11-21 20:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-12-10 05:28 - 2014-11-21 20:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-12-10 05:28 - 2014-11-21 20:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-12-10 05:28 - 2014-11-21 20:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-12-10 05:28 - 2014-11-21 20:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-12-10 05:28 - 2014-11-21 20:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-12-10 05:28 - 2014-11-21 20:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-12-10 05:28 - 2014-11-21 20:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-12-10 05:28 - 2014-11-21 20:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-12-10 05:28 - 2014-11-21 20:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-12-10 05:28 - 2014-11-21 20:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-12-10 05:28 - 2014-11-21 20:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-12-10 05:28 - 2014-11-21 20:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-12-10 05:28 - 2014-11-21 20:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-12-10 05:28 - 2014-11-21 20:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-12-10 05:28 - 2014-11-21 20:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-12-10 05:28 - 2014-11-21 20:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-12-10 05:28 - 2014-11-21 20:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2014-12-10 05:28 - 2014-11-21 20:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-12-10 05:28 - 2014-11-21 20:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-12-10 05:28 - 2014-11-21 20:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-12-10 05:28 - 2014-11-21 20:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-12-10 05:28 - 2014-11-21 19:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-12-10 05:28 - 2014-11-21 19:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-12-10 05:28 - 2014-11-10 22:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll

2014-12-10 05:28 - 2014-11-10 21:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll

2014-12-10 05:28 - 2014-11-10 20:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys

2014-12-10 05:28 - 2014-11-07 22:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2014-12-10 05:28 - 2014-11-07 21:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2014-12-10 05:28 - 2014-10-29 21:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe

2014-12-10 05:28 - 2014-10-29 20:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe

2014-12-10 05:28 - 2014-10-02 21:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll

2014-12-10 05:28 - 2014-10-02 21:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll

2014-12-10 05:28 - 2014-10-02 21:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll

2014-12-10 05:28 - 2014-10-02 21:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll

2014-12-10 05:28 - 2014-10-02 21:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe

2014-12-10 05:28 - 2014-10-02 20:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll

2014-12-10 05:28 - 2014-10-02 20:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll

2014-12-10 05:28 - 2014-10-02 20:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll

2014-12-10 05:28 - 2014-10-02 20:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll

2014-12-10 05:28 - 2014-10-02 20:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe

2014-12-01 22:34 - 2014-12-01 22:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-12-01 16:34 - 2014-12-09 15:02 - 00009034 _____ () C:\Users\Don S\_viminfo

2014-12-01 12:36 - 2014-12-04 13:10 - 00000000 ____D () C:\Users\Don S\Desktop\Mon bay Sec Corp

2014-11-19 04:31 - 2014-11-19 04:31 - 01217192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FM20.DLL

2014-11-19 03:08 - 2014-11-10 22:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2014-11-19 03:08 - 2014-11-10 22:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll

2014-11-19 03:08 - 2014-11-10 21:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

2014-11-19 03:08 - 2014-11-10 21:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-12-16 10:32 - 2012-11-26 08:45 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-12-16 10:27 - 2012-09-05 11:47 - 00000072 _____ () C:\Users\Public\LMDebug.log

2014-12-16 09:56 - 2014-03-20 08:20 - 00000000 ____D () C:\Users\Don S\Documents\Outlook Data

2014-12-16 09:56 - 2010-04-13 09:08 - 00000000 ____D () C:\Users\Don S\Documents\Outlook Files

2014-12-16 09:53 - 2012-03-29 15:53 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-12-16 09:49 - 2012-11-26 08:45 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-12-16 09:48 - 2009-07-13 23:45 - 00025424 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-12-16 09:48 - 2009-07-13 23:45 - 00025424 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-12-16 09:45 - 2014-02-26 10:04 - 01779975 _____ () C:\Windows\WindowsUpdate.log

2014-12-16 09:41 - 2014-10-20 08:30 - 00001792 _____ () C:\Windows\setupact.log

2014-12-16 09:41 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-12-16 09:39 - 2014-03-14 13:02 - 00104382 _____ () C:\Windows\PFRO.log

2014-12-16 09:35 - 2014-03-18 09:11 - 00000000 ___DC () C:\AdwCleaner

2014-12-16 09:20 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\tracing

2014-12-15 16:25 - 2009-07-14 00:08 - 00000000 ____D () C:\Users\Administrator

2014-12-15 16:25 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Default

2014-12-15 16:21 - 2009-07-13 21:34 - 00000215 ____C () C:\Windows\system.ini

2014-12-15 15:42 - 2014-03-14 13:21 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy

2014-12-15 10:33 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache

2014-12-12 14:58 - 2014-08-19 14:08 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-12-12 14:53 - 2012-06-05 12:32 - 00000000 ____D () C:\Users\Don S\AppData\Roaming\uTorrent

2014-12-12 14:50 - 2013-01-28 14:04 - 00000000 ____D () C:\Users\Don S\Desktop\New folder

2014-12-12 10:24 - 2010-04-08 16:51 - 00000000 ____D () C:\Users\Don S\AppData\Local\VirtualStore

2014-12-12 10:11 - 2013-08-08 09:34 - 00000000 ____D () C:\Program Files (x86)\iSkysoft

2014-12-12 10:10 - 2012-11-26 08:45 - 00000000 ____D () C:\Program Files (x86)\Google

2014-12-12 10:10 - 2012-03-12 10:20 - 00000000 ____D () C:\Users\Don S\AppData\Local\Google

2014-12-12 10:10 - 2010-04-20 12:31 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information

2014-12-12 10:09 - 2012-09-06 14:49 - 00000000 ____D () C:\Users\Don S\AppData\Local\Deployment

2014-12-12 10:09 - 2011-12-05 14:54 - 00000000 ____D () C:\Users\Don S\AppData\Local\Jaksta_Technologies_Pty_L

2014-12-12 10:08 - 2014-11-10 11:22 - 00000000 ____D () C:\Program Files (x86)\BlueStacks

2014-12-12 09:35 - 2014-08-19 14:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-12-12 09:35 - 2014-08-19 14:08 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-12-12 09:35 - 2014-03-14 12:54 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-12-11 10:14 - 2014-05-06 02:01 - 00000000 ___SD () C:\Windows\system32\CompatTel

2014-12-11 10:14 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

2014-12-11 10:14 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat

2014-12-11 10:11 - 2010-05-25 10:32 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-12-11 10:08 - 2013-08-15 02:02 - 00000000 ____D () C:\Windows\system32\MRT

2014-12-11 10:02 - 2010-04-13 08:37 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-12-10 16:37 - 2011-10-07 09:38 - 00000000 ____D () C:\ProgramData\TEMP

2014-12-10 12:53 - 2012-03-29 15:53 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-12-10 12:53 - 2012-03-29 15:53 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-12-10 12:53 - 2011-08-22 08:45 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-12-09 15:02 - 2010-04-13 15:22 - 00000000 ____D () C:\Users\Don S\Desktop\STP FTP

2014-12-09 15:02 - 2010-04-08 16:51 - 00000000 ____D () C:\Users\Don S

2014-12-09 12:22 - 2014-07-09 13:42 - 00000000 ____D () C:\Users\Don S\Desktop\Monarch Bay Sec

2014-12-04 14:48 - 2014-03-17 09:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-12-02 02:41 - 2012-02-01 14:41 - 00000000 ____D () C:\Users\Admin

2014-11-21 16:22 - 2014-02-18 11:12 - 00000000 ____D () C:\Program Files (x86)\Backblaze

2014-11-21 14:18 - 2009-07-14 00:13 - 00786662 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-11-21 06:14 - 2014-08-19 14:08 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-11-21 06:14 - 2014-08-19 14:08 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-11-21 06:14 - 2011-12-09 10:28 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-11-19 09:21 - 2009-11-03 17:45 - 00000000 ___DC () C:\dell

2014-11-17 13:15 - 2014-09-29 15:44 - 00002521 _____ () C:\Users\Don S\Desktop\Windows 7 USB DVD Download Tool.lnk

2014-11-17 13:15 - 2014-09-29 15:44 - 00000000 ____D () C:\Users\Don S\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool

2014-11-17 13:15 - 2014-09-29 15:44 - 00000000 ____D () C:\Users\Don S\AppData\Local\Apps\Windows 7 USB DVD Download Tool

 

Some content of TEMP:

====================

C:\Users\Don S\AppData\Local\Temp\Quarantine.exe

C:\Users\Don S\AppData\Local\Temp\sqlite3.dll

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2014-12-15 16:51

 

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-12-2014 01

Ran by Don S at 2014-12-16 10:33:28

Running from C:\Users\Don S\Desktop

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}

AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}

AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden

64 Bit HP CIO Components Installer (Version: 7.2.4 - Hewlett-Packard) Hidden

Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.3.0.0 - Adobe Systems Incorporated)

Acrobat.com (x32 Version: 2.3.0 - Adobe Systems Incorporated) Hidden

Actiontec Gateway (HKLM-x32\...\{9692FD03-6662-4E62-B08C-30DFF51651E1}) (Version:  - )

Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{C23EE7CE-C1A3-4F94-A8F0-9E0AC9C6DE6E}) (Version: 1.1 - Eyeo GmbH)

Adblock Plus for IE (HKLM-x32\...\{fd97d1e2-368a-4cd9-af63-8eeff938044a}) (Version: 1.1 - )

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.6.0.5970 - Adobe Systems Incorporated)

Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)

Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)

AIM 7 (HKLM-x32\...\AIM_7) (Version:  - )

Amaya (HKLM-x32\...\Amaya) (Version: 11.3 - )

Amazon Send to Kindle (HKLM-x32\...\SendToKindle) (Version: 1.0.1.239 - Amazon)

Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Applian FLV and Media Player 3.1.1.12 (HKLM-x32\...\Applian FLV and Media Player) (Version: 3.1.1.12 - Applian Technologies)

AutoHotkey 1.0.48.05 (HKLM-x32\...\AutoHotkey) (Version: 1.0.48.05 - Chris Mallett)

Backblaze (HKLM-x32\...\Backblaze) (Version:  - Backblaze, Inc)

Belarc Advisor 8.1 (HKLM-x32\...\Belarc Advisor) (Version:  - )

Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)

BlueStacks Notification Center (HKLM-x32\...\{8DCCC556-265B-478A-8B32-C12DA988BA74}) (Version: 0.9.4.4079 - BlueStack Systems, Inc.)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

calibre (HKLM-x32\...\{8511CE6E-F12F-4539-B19E-62B9C43B5B34}) (Version: 1.47.0 - Kovid Goyal)

CameraHelperMsi (x32 Version: 13.30.1395.0 - Logitech) Hidden

CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)

Chinese Simplified Fonts Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-2447-0000-900000000003}) (Version: 9.0.0 - Adobe Systems Incorporated)

Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 13.1.0.89 - Citrix Systems, Inc.)

Common Desktop Agent (Version: 1.53.0 - OEM) Hidden

ContentHD (x32 Version: 1.00.0002 - Corel Corporation) Hidden

Contents (x32 Version: 1.6.0.272 - Corel Corporation) Hidden

Corel VideoStudio Pro X3 (HKLM-x32\...\_{F072CA07-A781-45E4-9975-C033A73019CF}) (Version: 1.6.0.272 - Corel Corporation)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Dell System Detect (HKU\S-1-5-21-1237837275-29157359-2308031490-1000\...\73f463568823ebbe) (Version: 5.12.0.2 - Dell)

DeviceIO (x32 Version: 1.6.0.272 - Corel Corporation) Hidden

Dropbox (HKU\S-1-5-21-1237837275-29157359-2308031490-1000\...\Dropbox) (Version: 1.1.35 - Dropbox, Inc.)

erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden

Free PDF To PPT Converter (HKLM-x32\...\{F0712F9D-4B28-4AED-9AA5-BEE9B0B533D5}) (Version: 1.0.0 - Free PDF Solutions)

Free PDF to Word Converter 5.1.0.383 (HKLM\...\Free PDF to Word Converter_is1) (Version: 5.1.0.383 - Smart Soft)

Free Studio version 2014 (HKLM-x32\...\Free Studio_is1) (Version: 6.3.10.923 - DVDVideoSoft Ltd.)

Freecorder 6 (HKLM-x32\...\Freecorder 6) (Version: 2.1.10 - Applian Technologies Inc.)

Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)

Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

hppLaserJetService (x32 Version: 002.007.00397 - Hewlett-Packard) Hidden

ICA (x32 Version: 1.6.0.272 - Corel Corporation) Hidden

ieSpell (HKLM-x32\...\ieSpell) (Version: 2.6.4 (build 573) - Red Egg Software)

ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.5.0 - LIGHTNING UK!)

Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version:  - )

IPM_VS_Pro (x32 Version: 13.0 - Corel Corporation) Hidden

iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)

IZArc 4.1.6 (HKLM-x32\...\{97C82B44-D408-4F14-9252-47FC1636D23E}_is1) (Version: 4.1.6 - Ivan Zahariev)

Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)

join.me (HKU\S-1-5-21-1237837275-29157359-2308031490-1000\...\JoinMe) (Version: 1.2.1.374 - LogMeIn, Inc.)

Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Korean Fonts Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5670-0000-900000000003}) (Version: 9.0.0 - Adobe Systems Incorporated)

Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.30 - Logitech Inc.)

LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden

magicJack (HKU\S-1-5-21-1237837275-29157359-2308031490-1000\...\magicJack) (Version: 3.1.6970.4873 - magicJack L.P.)

Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)

Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft LifeCam (HKLM\...\{6965A8D2-465D-4F98-9FAA-0E9E2348F329}) (Version: 3.22.270.0 - Microsoft Corporation)

Microsoft MSN MoneyCentral Stock Quotes Add-In for Excel (HKLM-x32\...\{A99C1048-A569-4B65-A3DD-3584B0A4AA69}) (Version: 1.0.0.0322 - Microsoft Corporation)

Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)

Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)

Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)

Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

MLE (x32 Version: 1.0.0.18 - Corel Corporation) Hidden

Mozilla Firefox 34.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0 (x86 en-US)) (Version: 34.0 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

MySQL Workbench 5.2 CE (HKLM-x32\...\{E3DF0E76-825F-4377-9BB6-F8F1DC204287}) (Version: 5.2.40 - Oracle Corporation)

Nuance PDF Converter Professional 7 (HKLM\...\{FFAE98FC-4E1A-45BB-ADED-081160A2CBD7}) (Version: 7.20.6187 - Nuance Communications, Inc.)

Nuance PDF Converter Professional 7 (HKLM-x32\...\{FFAE98FC-4E1A-45BB-ADED-081160A2CBD7}) (Version: 7.20.6187 - Nuance Communications, Inc.)

Online Plug-in (x32 Version: 13.1.0.89 - Citrix Systems, Inc.) Hidden

PureHD (x32 Version: 1.6.0.272 - Corel Corporation) Hidden

QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)

Replay Media Catcher 4 (4.3.2) (HKLM-x32\...\Replay Media Catcher 4) (Version: 4.3.2 - Applian Technologies)

Samsung Easy Deployment Manager (HKLM-x32\...\Samsung Easy Deployment Manager) (Version: 1.00.26 - Samsung Electronics Co., Ltd.)

Samsung Easy Printer Manager (HKLM-x32\...\Samsung Easy Printer Manager) (Version: 1.01.16.00 - Samsung Electronics Co., Ltd.)

Samsung Network PC Fax (HKLM-x32\...\Samsung Network PC Fax) (Version: 1.05.23.04 - Samsung Electronics Co., Ltd.)

Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)

Samsung Scan Assistant (HKLM-x32\...\Samsung Scan Assistant) (Version: 1.05.07 (7/20/2012) - Samsung Electronics Co., Ltd.)

Samsung SCX-472x Series (HKLM-x32\...\Samsung SCX-472x Series) (Version:  - Samsung Electronics Co., Ltd.)

Scansoft PDF Professional (x32 Version:  - ) Hidden

Self-service Plug-in (x32 Version: 3.1.0.21744 - Citrix Systems, Inc.) Hidden

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)

Setup (x32 Version: 1.6.0.272 - Corel Corporation) Hidden

Share (x32 Version: 1.6.0.272 - Corel Corporation) Hidden

Share64 (Version: 1.6.0.272 - Corel Corporation) Hidden

Skype Web Plugin (HKLM-x32\...\{B51DD93B-3CB5-4D9D-BFF2-FD19DBBBFD9A}) (Version: 2.9.13008.18866 - Skype Technologies S.A.)

SmarThru Office (HKLM-x32\...\{9BC1E722-AE07-46A3-B7A6-556DBE18E22A}) (Version: 2.08.018 - Samsung Electronics Co., Ltd.)

SmartSound Common Data (HKLM-x32\...\InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}) (Version: 1.1.0 - SmartSound Software Inc.)

SmartSound Common Data (x32 Version: 1.1.0 - SmartSound Software Inc.) Hidden

SmartSound Quicktracks 5 (HKLM-x32\...\InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.5 - SmartSound Software Inc.)

SmartSound Quicktracks 5 (x32 Version: 5.1.5 - SmartSound Software Inc.) Hidden

Speckie (HKLM\...\{40E14C77-0EA0-4A67-A7CB-BE54ADEB697C}) (Version: 4.4.0 - Versoworks)

Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.3.37 - Safer-Networking Ltd.)

UltraISO Premium V9.62 (HKLM-x32\...\UltraISO_is1) (Version:  - )

ViiKii Desktop Plug-in (HKLM-x32\...\ViiKiiDesktopPlugin.5E22EA0FF243470AB5EDDF282C0A5B52E9909C36.1) (Version: 0.4 - Global Tongue Inc)

ViiKii Desktop Plug-in (x32 Version: 0.4 - Global Tongue Inc) Hidden

VIO (x32 Version: 1.6.0.272 - Corel Corporation) Hidden

VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)

VSClassic (x32 Version: 1.6.0.272 - Corel Corporation) Hidden

VSPro (x32 Version: 1.6.0.272 - Corel Corporation) Hidden

Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)

Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)

Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version:  - )

Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)

Windows Mobile Device Center (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)

Windows Phone app for desktop (HKLM-x32\...\{5F71448B-88EB-4357-9A98-8658D4C49C48}) (Version: 1.1.2726.0 - Microsoft Corporation)

WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)

Yahoo! Detect (HKLM-x32\...\YTdetect) (Version:  - )

Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)

Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )

Yahoo! Widgets (HKLM-x32\...\Yahoo! Widget Engine) (Version: 4.5.2.0 - Yahoo! Inc.)

Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation)

 

==================== Custom CLSID (selected items): ==========================

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

CustomCLSID: HKU\S-1-5-21-1237837275-29157359-2308031490-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Don S\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1237837275-29157359-2308031490-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Don S\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1237837275-29157359-2308031490-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Don S\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1237837275-29157359-2308031490-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Don S\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll (Dropbox, Inc.)

 

==================== Restore Points  =========================

 

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2014-12-15 16:21 - 2014-12-15 16:21 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

 

==================== Scheduled Tasks (whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

 

Task: {0F36C13C-BF96-4424-8C5E-ADB0A941717F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-02-20] (Piriform Ltd)

Task: {38F9F8E3-D426-4589-9320-5E9372767791} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {6383FED2-78C3-4BF0-81D2-50DD37D3CDB0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-10] (Adobe Systems Incorporated)

Task: {6E2AD666-1AB5-4F70-8346-4EC99D548679} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)

Task: {7384777E-55CF-4DB4-A793-D84B759E4F4B} - System32\Tasks\{DE428C7C-C63B-470E-B597-ED59E678935C} => pcalua.exe -a D:\IB.exe -d D:\

Task: {7F237DF3-AD8C-45E0-9EEE-3F565EEC1199} - System32\Tasks\{E5F1BCD4-5029-4C9C-A8A2-AB46A8B537FB} => pcalua.exe -a "C:\Users\Don S\Downloads\MFC-7820N-inst-win7-A2.EXE" -d "C:\Program Files (x86)\Mozilla Firefox"

Task: {8105A9A2-622A-49E9-981F-AE42E955D8B5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)

Task: {82863534-27A0-4703-90AF-33C4C786B32D} - System32\Tasks\{B725467A-5455-4202-BACE-A51760E6105C} => pcalua.exe -a "C:\Users\Don S\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VA523OZJ\LJM1522-PCL6-pd-win32-ww[1].exe" -d "C:\Users\Don S\Desktop"

Task: {9300CCFB-59DF-430E-BEAD-D96DF6F157CA} - System32\Tasks\{6A695BCC-4E2E-4765-8C5A-FF02CA95B259} => pcalua.exe -a "C:\Users\Don S\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2GILZKBO\ffdshow[1].exe" -d "C:\Users\Don S\Desktop"

Task: {93D39D02-6644-429E-A6DE-0BA1424C903F} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION

Task: {95B7CCDE-C04C-4AA8-B113-282631CEB360} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc

Task: {A09BFEC3-169A-4A89-A0D3-DAC6ADB71AD6} - System32\Tasks\4664 => Wscript.exe C:\Users\DONS~1\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION

Task: {A65D603A-26F7-4F53-9946-F6C508E2EB27} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe

Task: {F858D7E0-D923-4EB8-AC02-128D055F2EB8} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe

Task: {FAB72F27-3816-4D04-B0DD-B94809F9624C} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (whitelisted) =============

 

2011-05-11 02:38 - 2011-05-11 02:38 - 00034304 _____ () C:\Windows\System32\ssa3mlm.dll

2014-02-18 11:13 - 2014-11-21 16:22 - 00234600 _____ () C:\Program Files (x86)\Backblaze\bzserv.exe

2010-12-17 17:13 - 2010-12-17 17:13 - 00438784 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe

2010-12-17 17:13 - 2010-12-17 17:13 - 00050688 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrvPS.dll

2014-02-18 11:13 - 2014-11-21 16:22 - 00493672 _____ () C:\Program Files (x86)\Backblaze\bzbui.exe

2011-05-09 06:48 - 2013-07-26 09:42 - 01372160 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\ssa3mdu.dll

2011-05-28 22:46 - 2013-07-26 09:42 - 01385472 _____ () C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\X64\3\SSA3MUM.DLL

2012-01-10 15:27 - 2011-02-28 08:39 - 00211456 _____ () C:\Program Files (x86)\IZArc\IZArcCM64.dll

2014-10-11 12:06 - 2014-10-11 12:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2011-05-03 10:38 - 2011-05-03 10:38 - 00176128 _____ () C:\Program Files (x86)\AIM\nssckbi.dll

2013-11-08 09:33 - 2012-05-25 04:25 - 00921600 _____ () C:\Program Files (x86)\Yahoo!\Messenger\yui.dll

2008-01-08 17:50 - 2008-01-08 17:50 - 00349147 _____ () C:\Program Files (x86)\Yahoo!\Widgets\sqlite3.dll

2008-03-18 19:21 - 2008-03-18 19:21 - 00512000 _____ () C:\Program Files (x86)\Yahoo!\Widgets\js32.dll

2008-03-18 19:21 - 2008-03-18 19:21 - 00094208 _____ () C:\Program Files (x86)\Yahoo!\Widgets\jsd.dll

2013-09-04 23:14 - 2013-09-04 23:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf

2011-09-09 00:45 - 2011-09-09 00:45 - 00574464 _____ () C:\Program Files (x86)\Common Files\ScanSoft Shared\PDF7\OutlookAddin.dll

2011-09-09 00:45 - 2011-09-09 00:45 - 00294912 _____ () C:\Program Files (x86)\Common Files\ScanSoft Shared\PDF7\MailProcessor7.dll

2013-02-14 14:46 - 2013-02-14 14:46 - 01044048 _____ () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll

2014-03-14 13:21 - 2012-08-23 08:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll

2014-03-14 13:21 - 2012-04-03 15:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

AlternateDataStreams: C:\ProgramData\TEMP:0574215C

AlternateDataStreams: C:\ProgramData\TEMP:D95ACC7D

 

==================== Safe Mode (whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"

 

==================== EXE Association (whitelisted) =============

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

 

==================== MSCONFIG/TASK MANAGER disabled items =========

 

(Currently there is no automatic fix for this section.)

 

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup

MSCONFIG\startupfolder: C:^Users^Don S^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup

MSCONFIG\startupfolder: C:^Users^Don S^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ViiKiiDesktopPlugin.lnk => C:\Windows\pss\ViiKiiDesktopPlugin.lnk.Startup

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

MSCONFIG\startupreg: Aim => "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US

MSCONFIG\startupreg: ISUSPM => "C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe" -scheduler

MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

MSCONFIG\startupreg: LWS => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide

MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet

MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

MSCONFIG\startupreg: Nuance PDF Converter Professional 7-reminder => "C:\Program Files (x86)\Nuance\PDF Professional 7\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Converter Professional 7\Ereg\Ereg.ini"

MSCONFIG\startupreg: PDF7 Registry Controller => C:\Program Files (x86)\Nuance\PDF Professional 7\RegistryController.exe

MSCONFIG\startupreg: PDFProHook => C:\Program Files (x86)\Nuance\PDF Professional 7\pdfpro7hook.exe

MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

MSCONFIG\startupreg: Standby => "C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe" -START

MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

MSCONFIG\startupreg: Zune Launcher => "c:\Program Files\Zune\ZuneLauncher.exe"

 

========================= Accounts: ==========================

 

Admin (S-1-5-21-1237837275-29157359-2308031490-1003 - Administrator - Enabled) => C:\Users\Admin

Administrator (S-1-5-21-1237837275-29157359-2308031490-500 - Administrator - Disabled)

Don S (S-1-5-21-1237837275-29157359-2308031490-1000 - Administrator - Enabled) => C:\Users\Don S

Guest (S-1-5-21-1237837275-29157359-2308031490-501 - Limited - Enabled)

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

 

System errors:

=============

 

Microsoft Office Sessions:

=========================

 

CodeIntegrity Errors:

===================================

  Date: 2014-12-15 16:19:51.249

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2014-12-15 16:19:51.218

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

 

==================== Memory info ===========================

 

Processor: Pentium® Dual-Core CPU E5400 @ 2.70GHz

Percentage of memory in use: 42%

Total physical RAM: 4095.05 MB

Available physical RAM: 2345.5 MB

Total Pagefile: 8188.29 MB

Available Pagefile: 6315.31 MB

Total Virtual: 8192 MB

Available Virtual: 8191.85 MB

 

==================== Drives ================================

 

Drive c: (OS) (Fixed) (Total:288.29 GB) (Free:147.77 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

Drive i: (MULTIBOOT) (Removable) (Total:0.49 GB) (Free:0.49 GB) FAT

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: A42D04A3)

Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)

Partition 2: (Active) - (Size=288.3 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=9.8 GB) - (Type=DB)

 

========================================================

Disk: 1 (Size: 506.6 MB) (Disk ID: 6F20736B)

No partition Table on disk 1.

Disk 1 is a removable device.

 

==================== End Of Log ============================

Link to post
Share on other sites

oh, sorry:

 

 

ComboFix 14-12-14.01 - Don S 12/15/2014  15:45:12.1.2 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.4095.2284 [GMT -5:00]
Running from: c:\users\Don S\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Disabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\C94B6D8006.sys
c:\programdata\ntuser.pol
c:\users\Don S\AppData\Roaming\.#
c:\windows\msdownld.tmp
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((   Files Created from 2014-11-15 to 2014-12-15  )))))))))))))))))))))))))))))))
.
.
2014-12-15 21:21 . 2014-12-15 21:21    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-12-15 21:20 . 2014-12-15 21:20    --------    d-----w-    c:\users\Admin\AppData\Local\temp
2014-12-15 15:35 . 2014-11-02 04:20    11632448    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ECE4C4A1-FD5F-4580-8FDA-71B978223231}\mpengine.dll
2014-12-15 14:37 . 2014-12-15 15:56    --------    dc----w-    C:\FRST
2014-12-13 08:38 . 2014-11-02 04:20    11632448    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-12-12 14:50 . 2014-12-12 14:50    129752    ----a-w-    c:\windows\system32\drivers\561B7130.sys
2014-12-12 14:36 . 2014-12-15 14:00    --------    d-----w-    c:\programdata\PCPitstop
2014-12-11 15:14 . 2014-12-11 15:14    --------    d-----w-    c:\windows\system32\appraiser
2014-12-11 14:58 . 2014-10-18 01:33    3209728    ----a-w-    c:\windows\SysWow64\mf.dll
2014-12-11 14:58 . 2014-10-18 02:05    4121600    ----a-w-    c:\windows\system32\mf.dll
2014-12-10 14:59 . 2014-09-17 13:30    1188440    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2F915FED-8AD2-4009-BD62-06CCEBF17A73}\gapaengine.dll
2014-12-10 10:29 . 2014-12-01 23:28    1232040    ----a-w-    c:\windows\system32\aitstatic.exe
2014-12-10 10:29 . 2014-12-04 02:50    413184    ----a-w-    c:\windows\system32\generaltel.dll
2014-12-10 10:29 . 2014-12-04 02:50    741376    ----a-w-    c:\windows\system32\invagent.dll
2014-12-10 10:29 . 2014-12-04 02:50    396800    ----a-w-    c:\windows\system32\devinv.dll
2014-12-10 10:29 . 2014-12-04 02:50    192000    ----a-w-    c:\windows\system32\aepic.dll
2014-12-10 10:29 . 2014-12-04 02:44    1083392    ----a-w-    c:\windows\system32\aeinv.dll
2014-12-10 10:29 . 2014-12-04 02:50    227328    ----a-w-    c:\windows\system32\aepdu.dll
2014-11-25 18:59 . 2014-11-25 18:59    18638520    ----a-w-    c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\MSO.DLL
2014-11-19 09:31 . 2014-11-19 09:31    1217192    ----a-w-    c:\windows\SysWow64\FM20.DLL
2014-11-19 08:08 . 2014-11-11 03:08    241152    ----a-w-    c:\windows\system32\pku2u.dll
2014-11-19 08:08 . 2014-11-11 03:08    728064    ----a-w-    c:\windows\system32\kerberos.dll
2014-11-19 08:08 . 2014-11-11 02:44    186880    ----a-w-    c:\windows\SysWow64\pku2u.dll
2014-11-19 08:08 . 2014-11-11 02:44    550912    ----a-w-    c:\windows\SysWow64\kerberos.dll
2014-11-17 18:15 . 2014-11-17 18:15    119808    ----a-r-    c:\users\Don S\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-12-12 19:58 . 2014-08-19 19:08    129752    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-12-11 15:02 . 2010-04-13 13:37    112710672    ----a-w-    c:\windows\system32\MRT.exe
2014-12-10 17:53 . 2012-03-29 20:53    701104    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-12-10 17:53 . 2011-08-22 13:45    71344    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-11-21 11:14 . 2014-08-19 19:08    63704    ----a-w-    c:\windows\system32\drivers\mwac.sys
2014-11-21 11:14 . 2014-08-19 19:08    93400    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-11-21 11:14 . 2011-12-09 15:28    25816    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-10-30 11:25 . 2010-04-08 21:51    275080    ------w-    c:\windows\system32\MpSigStub.exe
2014-10-25 01:57 . 2014-11-12 05:36    77824    ----a-w-    c:\windows\system32\packager.dll
2014-10-25 01:32 . 2014-11-12 05:36    67584    ----a-w-    c:\windows\SysWow64\packager.dll
2014-10-20 13:49 . 2014-08-06 13:59    98216    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-10-18 02:05 . 2014-11-12 05:35    861696    ----a-w-    c:\windows\system32\oleaut32.dll
2014-10-18 01:33 . 2014-11-12 05:35    571904    ----a-w-    c:\windows\SysWow64\oleaut32.dll
2014-10-14 02:16 . 2014-11-12 05:36    155064    ----a-w-    c:\windows\system32\drivers\ksecpkg.sys
2014-10-14 02:13 . 2014-11-12 05:36    683520    ----a-w-    c:\windows\system32\termsrv.dll
2014-10-14 02:13 . 2014-11-12 05:35    3241984    ----a-w-    c:\windows\system32\msi.dll
2014-10-14 02:12 . 2014-11-12 05:36    1460736    ----a-w-    c:\windows\system32\lsasrv.dll
2014-10-14 02:09 . 2014-11-12 05:36    146432    ----a-w-    c:\windows\system32\msaudite.dll
2014-10-14 02:07 . 2014-11-12 05:36    681984    ----a-w-    c:\windows\system32\adtschema.dll
2014-10-14 01:50 . 2014-11-12 05:36    22016    ----a-w-    c:\windows\SysWow64\secur32.dll
2014-10-14 01:50 . 2014-11-12 05:35    2363904    ----a-w-    c:\windows\SysWow64\msi.dll
2014-10-14 01:49 . 2014-11-12 05:36    96768    ----a-w-    c:\windows\SysWow64\sspicli.dll
2014-10-14 01:47 . 2014-11-12 05:36    146432    ----a-w-    c:\windows\SysWow64\msaudite.dll
2014-10-14 01:46 . 2014-11-12 05:36    681984    ----a-w-    c:\windows\SysWow64\adtschema.dll
2014-10-10 00:57 . 2014-11-12 05:35    3198976    ----a-w-    c:\windows\system32\win32k.sys
2014-10-03 02:12 . 2014-11-12 05:36    500224    ----a-w-    c:\windows\system32\AUDIOKSE.dll
2014-10-03 02:11 . 2014-11-12 05:36    284672    ----a-w-    c:\windows\system32\EncDump.dll
2014-10-03 02:11 . 2014-11-12 05:36    680960    ----a-w-    c:\windows\system32\audiosrv.dll
2014-10-03 02:11 . 2014-11-12 05:36    440832    ----a-w-    c:\windows\system32\AudioEng.dll
2014-10-03 02:11 . 2014-11-12 05:36    296448    ----a-w-    c:\windows\system32\AudioSes.dll
2014-10-03 01:44 . 2014-11-12 05:36    442880    ----a-w-    c:\windows\SysWow64\AUDIOKSE.dll
2014-10-03 01:44 . 2014-11-12 05:36    374784    ----a-w-    c:\windows\SysWow64\AudioEng.dll
2014-10-03 01:44 . 2014-11-12 05:36    195584    ----a-w-    c:\windows\SysWow64\AudioSes.dll
2014-09-25 02:08 . 2014-10-01 04:49    371712    ----a-w-    c:\windows\system32\qdvd.dll
2014-09-25 01:40 . 2014-10-01 04:49    519680    ----a-w-    c:\windows\SysWow64\qdvd.dll
2014-09-19 09:42 . 2014-11-12 05:36    210944    ----a-w-    c:\windows\system32\wdigest.dll
2014-09-19 09:42 . 2014-11-12 05:36    86528    ----a-w-    c:\windows\system32\TSpkg.dll
2014-09-19 09:42 . 2014-11-12 05:36    342016    ----a-w-    c:\windows\system32\schannel.dll
2014-09-19 09:42 . 2014-11-12 05:36    309760    ----a-w-    c:\windows\system32\ncrypt.dll
2014-09-19 09:42 . 2014-11-12 05:36    314880    ----a-w-    c:\windows\system32\msv1_0.dll
2014-09-19 09:42 . 2014-11-12 05:36    22016    ----a-w-    c:\windows\system32\credssp.dll
2014-09-19 09:23 . 2014-11-12 05:36    172032    ----a-w-    c:\windows\SysWow64\wdigest.dll
2014-09-19 09:23 . 2014-11-12 05:36    65536    ----a-w-    c:\windows\SysWow64\TSpkg.dll
2014-09-19 09:23 . 2014-11-12 05:36    248832    ----a-w-    c:\windows\SysWow64\schannel.dll
2014-09-19 09:23 . 2014-11-12 05:36    221184    ----a-w-    c:\windows\SysWow64\ncrypt.dll
2014-09-19 09:23 . 2014-11-12 05:36    259584    ----a-w-    c:\windows\SysWow64\msv1_0.dll
2014-09-19 09:23 . 2014-11-12 05:36    17408    ----a-w-    c:\windows\SysWow64\credssp.dll
2014-09-17 13:30 . 2011-03-25 19:58    1188440    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2014-09-23 19:26    323752    ----a-w-    c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12    94208    ----a-w-    c:\users\Don S\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12    94208    ----a-w-    c:\users\Don S\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12    94208    ----a-w-    c:\users\Don S\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2014-10-15 720064]
"cdloader"="c:\users\Don S\AppData\Roaming\mjusbsp\cdloader2.exe" [2013-05-06 51592]
"Aim"="c:\program files (x86)\AIM\aim.exe" [2011-05-03 4321112]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2012-05-25 6595928]
"Backblaze"="c:\program files (x86)\Backblaze\bzbui.exe" [2014-11-21 493672]
"Spybot-S&D Cleaning"="c:\program files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" [2013-12-19 6032840]
"DellSystemDetect"="c:\users\Don S\AppData\Local\Apps\2.0\9DDDYZMH.HXM\CQ1OTBA7.CQK\dell..tion_e30b47f5d4a30e9e_0005.000c_1df9a4888f2ef11e\DellSystemDetect.exe" [2014-10-15 264488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-10-11 60712]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2011-12-22 362432]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
"STO Backup Service"="c:\program files (x86)\SmarThru Office\BackUpSvr.exe" [2012-01-13 199760]
"STO Launcher Service"="c:\program files (x86)\SmarThru Office\x64\LegacyLauncher.exe" [2012-01-13 405584]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-11-20 1021128]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2013-12-19 5580752]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-10-15 157480]
"BlueStacks Agent"="c:\program files (x86)\BlueStacks\HD-Agent.exe" [2014-10-09 843480]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Backblaze"="c:\program files (x86)\Backblaze\bzbui.exe" [2014-11-21 493672]
.
c:\users\Don S\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552]
Yahoo! Widgets.lnk - c:\program files (x86)\Yahoo!\Widgets\YahooWidgets.exe [2008-3-18 4742184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe [x]
R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HP LaserJet Service;HP LaserJet Service;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [x]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
R3 appliand;Applian Network Service;c:\windows\system32\DRIVERS\appliand.sys;c:\windows\SYSNATIVE\DRIVERS\appliand.sys [x]
R3 HPFXBULKLEDM;HPFXBULKLEDM;c:\windows\system32\drivers\hppdbulkio.sys;c:\windows\SYSNATIVE\drivers\hppdbulkio.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys;c:\windows\SYSNATIVE\DRIVERS\ivusb.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech QuickCam S7500(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys;c:\windows\SYSNATIVE\DRIVERS\ctxusbm.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
S2 BstHdUpdaterSvc;BlueStacks Updater Service;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe [x]
S2 bzserv;Backblaze Service;c:\program files (x86)\Backblaze\bzserv.exe;c:\program files (x86)\Backblaze\bzserv.exe [x]
S2 CouponPrinterService;Coupon Printer Service;c:\program files (x86)\Coupons\CouponPrinterService.exe;c:\program files (x86)\Coupons\CouponPrinterService.exe [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
S2 PDFProFiltSrv;PDFProFiltSrv;c:\program files (x86)\Nuance\PDF Professional 7\PDFProFiltSrv.exe;c:\program files (x86)\Nuance\PDF Professional 7\PDFProFiltSrv.exe [x]
S2 Samsung Network Fax Server;Samsung Network Fax Server;c:\windows\system32\spool\drivers\x64\3\NetFaxServer64.exe;c:\windows\SYSNATIVE\spool\drivers\x64\3\NetFaxServer64.exe [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys;c:\windows\SYSNATIVE\DRIVERS\appliand.sys [x]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 63919813
*Deregistered* - 63919813
.
Contents of the 'Scheduled Tasks' folder
.
2014-12-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 17:53]
.
2014-12-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-26 21:22]
.
2014-12-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-26 21:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2014-09-19 23:42    357376    ----a-w-    c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12    97792    ----a-w-    c:\users\Don S\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12    97792    ----a-w-    c:\users\Don S\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12    97792    ----a-w-    c:\users\Don S\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12    97792    ----a-w-    c:\users\Don S\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 417304]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 1331288]
"CDAServer"="c:\program files\Common Files\Common Desktop Agent\CDASrv.exe" [2010-12-17 438784]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube Download - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
Trusted Zone: dell.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Don S\AppData\Roaming\Mozilla\Firefox\Profiles\ujppdshf.default-1396033520971\
FF - prefs.js: browser.startup.homepage - hxxp://www.stocktraderspress.com/
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-ISUSPM - c:\program files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
Wow6432Node-HKLM-Run-BrMfcWnd - c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
Wow6432Node-HKLM-Run-iSkysoft Helper Compact.exe - c:\program files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
Wow6432Node-HKLM-Run-BrowserPlugInHelper - c:\program files (x86)\iSkysoft\iTube Studio\BrowserPlugInHelper.exe
Notify-SDWinLogon - SDWinLogon.dll
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
HKLM-Run-HP LaserJet Professional M1530 MFP Series Fax - c:\program files\HP\HP LaserJet Professional M1530 MFP Series\Fax Driver\hppfaxprintersrv.exe
AddRemove-Freecorder 6 - c:\program files (x86)\Freecorder 6\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_246_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_246_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_246_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_246_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-12-15  16:25:23
ComboFix-quarantined-files.txt  2014-12-15 21:25
.
Pre-Run: 138,642,657,280 bytes free
Post-Run: 155,548,819,456 bytes free
.
- - End Of File - - 06A2E9450B20D4E30E470D6F9A7EC0B0
A36C5E4F47E84449FF07ED3517B43A31
 

Link to post
Share on other sites

  • Staff

Hi Don, 
 
Did you create a System Restore Point? 
 
Please consider the following suggestion, and proceed with the instructions below. 
 

goGMWSt.gifSpybot S&D No Longer Recommended

------------------------------

MVPS.org is no longer recommending Spybot S&D due to poor testing results (scroll down and read under Freeware Antispyware Products).

I would advise uninstalling Spybot S&D. The presence of this programme can make the cleaning of your computer more difficult. You can uninstall the programme by:

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search for Spybot, right-click the entry and click Uninstall.
Please inform me of your decision.

 
STEP 1
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Script

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    startHKU\S-1-5-21-1237837275-29157359-2308031490-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONSearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =Toolbar: HKU\S-1-5-21-1237837275-29157359-2308031490-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No FileToolbar: HKU\S-1-5-21-1237837275-29157359-2308031490-1000 -> No Name - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} -  No FileFF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll (Catalina Marketing Corporation)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)Task: {93D39D02-6644-429E-A6DE-0BA1424C903F} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTIONTask: {A09BFEC3-169A-4A89-A0D3-DAC6ADB71AD6} - System32\Tasks\4664 => Wscript.exe C:\Users\DONS~1\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION AlternateDataStreams: C:\ProgramData\TEMP:0574215CAlternateDataStreams: C:\ProgramData\TEMP:D95ACC7DHKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"CMD: ipconfig /flushdnsCMD: netsh winsock reset allCMD: netsh int ipv4 resetCMD: netsh int ipv6 resetEmptyTemp:end
  • Click FileSave As and type fixlist.txt as the File Name
  • Important: The file must be saved in the same location as FRST64.exe. 

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Right-Click FRST64.exe and select Run as administrator to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.
     

STEP 2
b8zkrsY.png Browser Reset
 
Instructions on how to backup your Favourites/Bookmarks and other data can be found below.

Proceed with the reset once done.

STEP 3
mlEX1wH.png RogueKiller

  • Please download RogueKiller (x64) and save the file to your Desktop.
  • Close any running programmes.
  • Right-Click RogueKiller.exe and select Run as administrator to run the programme.
  • Allow the Prescan to complete. Upon completion, a window will open. Click Accept.
  • A browser window may open. Close the browser window.
  • Click Scan. Upon completion, click Report.
  • Close the programme. Do not fix anything!
  • A log (RKreport.txt) will be open. Copy the contents of the log and paste in your next reply.
     

STEP 4
GzlsbnV.png ESET Online Scan
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

  • Please download ESET Online Scan and save the file to your Desktop.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Double-click esetsmartinstaller_enu.exe to run the programme. 
  • Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
  • Agree to the Terms of Use once more and click Start. Allow components to download.
  • Place a checkmark next to Enable detection of potentially unwanted applications.
  • Click Hide advanced settings. Place a checkmark next to:
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Ensure Remove found threats is unchecked.
  • Click Start.
  • Wait for the scan to finish. Please be patient as this can take some time.
  • Upon completion, click esetListThreats.png. If no threats were found, skip the next two bullet points. 
  • Click esetExport.png and save the file to your Desktop, naming it something such as "MyEsetScan".
  • Push the Back button.
  • Place a checkmark next to xKN1w2nv.png.pagespeed.ic.JWqIaEgZi7.png and click Finish.
  • Re-enable your anti-virus software.
  • Copy the contents of the log and paste in your next reply.
     

======================================================
 
STEP 5
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Did you uninstall Spybot? 
  • Fixlog.txt
  • Did your browsers reset OK?
  • RKreport.txt
  • ESET Online Scan log
Link to post
Share on other sites

Adam,

 

I did create a system restore, i have uninstalled Spybot and I did reset my browsers.  i was unable to retrieve a log after running (for close to 19hrs) ESET. Since no threats weer found, I did as suggested and just 'placed a checkmark next to and click Finish.  ESET closed within generating a log (that i noticed).

 

Here is the other two scan logs:

 

RogueKiller V10.1.0.0 (x64) [Dec 11 2014] by Adlice Software

mail : http://www.adlice.com/contact/

Feedback : http://forum.adlice.com

Website : http://www.adlice.com/softwares/roguekiller/

Blog : http://www.adlice.com

 

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Don S [Administrator]

Mode : Scan -- Date : 12/16/2014  16:15:25

 

¤¤¤ Processes : 0 ¤¤¤

 

¤¤¤ Registry : 14 ¤¤¤

[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1237837275-29157359-2308031490-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : localhost:8080  -> Found

[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1237837275-29157359-2308031490-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : localhost:8080  -> Found

[PUM.SearchPage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found

[PUM.SearchPage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found

[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-1237837275-29157359-2308031490-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found

[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-1237837275-29157359-2308031490-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found

[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found

[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found

[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1237837275-29157359-2308031490-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found

[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1237837275-29157359-2308031490-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found

[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found

[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found

[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found

[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found

 

¤¤¤ Tasks : 0 ¤¤¤

 

¤¤¤ Files : 0 ¤¤¤

 

¤¤¤ Hosts File : 1 ¤¤¤

[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost

 

¤¤¤ Antirootkit : 1 (Driver: Loaded) ¤¤¤

[Filter(Kernel.Filter)] \Driver\atapi @ \Device\CdRom0 : \Driver\GEARAspiWDM @ Unknown (\SystemRoot\system32\DRIVERS\fdc.sys)

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ MBR Check : ¤¤¤

+++++ PhysicalDrive0: WDC WD3200AAKS-75L9A0 ATA Device +++++

--- User ---

[MBR] 8303c9157e504ccf33364641e74713b9

[bSP] e7a4d88e39462edee4d9ce59ade9badd : Windows Vista/7/8 MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 MB

1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 81920 | Size: 295204 MB

2 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 604670535 | Size: 9993 MB

User = LL1 ... OK

User = LL2 ... OK

 

+++++ PhysicalDrive1: flash usb2.0 USB Device +++++

--- User ---

[MBR] 0f430de007f99c0e2e885661ca985253

[bSP] 67642656663340394010e5fba3c05931 : Unknown MBR Code

Partition table:

0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 778135908 | Size: 557377 MB

1 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 168689522 | Size: 945326 MB

2 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1869881465 | Size: 945326 MB

3 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 0 | Size: 1775989 MB

User = LL1 ... OK

Error reading LL2 MBR! ([32] The request is not supported. )

 

+++++ PhysicalDrive2: Generic- SD/MMC USB Device +++++

Error reading User MBR! ([15] The device is not ready. )

Error reading LL1 MBR! NOT VALID!

Error reading LL2 MBR! ([32] The request is not supported. )

 

+++++ PhysicalDrive3: Generic- Compact Flash USB Device +++++

Error reading User MBR! ([15] The device is not ready. )

Error reading LL1 MBR! NOT VALID!

Error reading LL2 MBR! ([32] The request is not supported. )

 

+++++ PhysicalDrive4: Generic- SM/xD Picture USB Device +++++

Error reading User MBR! ([15] The device is not ready. )

Error reading LL1 MBR! NOT VALID!

Error reading LL2 MBR! ([32] The request is not supported. )

 

+++++ PhysicalDrive5: Generic- MS/MS-Pro USB Device +++++

Error reading User MBR! ([15] The device is not ready. )

Error reading LL1 MBR! NOT VALID!

Error reading LL2 MBR! ([32] The request is not supported. )

 

 

============================================

RKreport_SCN_12162014_161049.log

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-12-2014 01
Ran by Don S at 2014-12-16 15:40:54 Run:1
Running from C:\Users\Don S\Downloads\Antivirus Programs
Loaded Profile: Don S (Available profiles: Don S & Admin)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
HKU\S-1-5-21-1237837275-29157359-2308031490-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKU\S-1-5-21-1237837275-29157359-2308031490-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-1237837275-29157359-2308031490-1000 -> No Name - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} -  No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll (Catalina Marketing Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
Task: {93D39D02-6644-429E-A6DE-0BA1424C903F} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: {A09BFEC3-169A-4A89-A0D3-DAC6ADB71AD6} - System32\Tasks\4664 => Wscript.exe C:\Users\DONS~1\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:0574215C
AlternateDataStreams: C:\ProgramData\TEMP:D95ACC7D
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
end
*****************

"HKU\S-1-5-21-1237837275-29157359-2308031490-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-1237837275-29157359-2308031490-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => value deleted successfully.
"HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}" => Key not found.
HKU\S-1-5-21-1237837275-29157359-2308031490-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{88C7F2AA-F93F-432C-8F0E-B7D85967A527} => value deleted successfully.
"HKCR\CLSID\{88C7F2AA-F93F-432C-8F0E-B7D85967A527}" => Key not found.
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll (Catalina Marketing Corporation) => Error: No automatic fix found for this entry.
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.) => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{93D39D02-6644-429E-A6DE-0BA1424C903F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{93D39D02-6644-429E-A6DE-0BA1424C903F}" => Key deleted successfully.
C:\Windows\System32\Tasks\0 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A09BFEC3-169A-4A89-A0D3-DAC6ADB71AD6}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A09BFEC3-169A-4A89-A0D3-DAC6ADB71AD6}" => Key deleted successfully.
C:\Windows\System32\Tasks\4664 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4664" => Key deleted successfully.
C:\ProgramData\TEMP => ":0574215C" ADS removed successfully.
C:\ProgramData\TEMP => ":D95ACC7D" ADS removed successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\sndappv2" => Key deleted successfully.

=========  ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========  netsh winsock reset all =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


=========  netsh int ipv4 reset =========

Reseting Global, OK!
Reseting Interface, OK!
Reseting Route, OK!
Restart the computer to complete this action.


========= End of CMD: =========


=========  netsh int ipv6 reset =========

Reseting Interface, OK!
Restart the computer to complete this action.


========= End of CMD: =========

EmptyTemp: => Removed 781.2 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====

Link to post
Share on other sites

  • Staff

Hello Don, 
 
Please provide an update on your computer after doing the following.
 
mlEX1wH.png RogueKiller Fix

  • Close any running programmes.
  • Right-Click RogueKiller.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Allow the Prescan to complete.
  • A browser window may open. Close the browser window.
  • Click jpgUwzp.png
  • Upon completion, do the following:
     
  • Click 5UKuIKl.png and place a checkmark next to the following items. Ensure any other items are unchecked.
    • [PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1237837275-29157359-2308031490-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : localhost:8080  -> Found
    • [PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1237837275-29157359-2308031490-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : localhost:8080  -> Found
  • Click QEIRkTE.png.
     
  • Click phPvmc6.png.
  • Copy the contents of the log and paste in your next reply.
Link to post
Share on other sites

Adam, my desktop seems to be running much better. programs are starting quickly and timely.  Here is the result of the RogueKiller Fix log as requested:

 

RogueKiller V10.1.0.0 (x64) [Dec 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Don S [Administrator]
Mode : Delete -- Date : 12/18/2014  13:24:48

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 14 ¤¤¤
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1237837275-29157359-2308031490-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : localhost:8080  -> Deleted
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1237837275-29157359-2308031490-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : localhost:8080  -> ERROR [2]
[PUM.SearchPage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Not selected
[PUM.SearchPage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Not selected
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-1237837275-29157359-2308031490-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Not selected
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-1237837275-29157359-2308031490-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Not selected
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Not selected
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Not selected
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1237837275-29157359-2308031490-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Not selected
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1237837275-29157359-2308031490-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Not selected

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost

¤¤¤ Antirootkit : 1 (Driver: Loaded) ¤¤¤
[Filter(Kernel.Filter)] \Driver\atapi @ \Device\CdRom0 : \Driver\GEARAspiWDM @ Unknown (\SystemRoot\system32\DRIVERS\fdc.sys)

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] btgh2s5f.default-1418763525155 : user_pref("browser.startup.homepage", "http://stocktraderspress.com/");-> Not selected

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD3200AAKS-75L9A0 ATA Device +++++
--- User ---
[MBR] 8303c9157e504ccf33364641e74713b9
[bSP] e7a4d88e39462edee4d9ce59ade9badd : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 81920 | Size: 295204 MB
2 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 604670535 | Size: 9993 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: flash usb2.0 USB Device +++++
--- User ---
[MBR] 0f430de007f99c0e2e885661ca985253
[bSP] 67642656663340394010e5fba3c05931 : Unknown MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 778135908 | Size: 557377 MB
1 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 168689522 | Size: 945326 MB
2 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1869881465 | Size: 945326 MB
3 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 0 | Size: 1775989 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive2: Generic- SD/MMC USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive3: Generic- Compact Flash USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive4: Generic- SM/xD Picture USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive5: Generic- MS/MS-Pro USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )


============================================
RKreport_SCN_12162014_161049.log - RKreport_SCN_12162014_161525.log - RKreport_SCN_12182014_132034.log

Link to post
Share on other sites

  • Staff

Hi Don, 
 

Adam, my desktop seems to be running much better.

Very good. :)
 
Lets update your vulnerable software to reduce the risk of infection. 
 
STEP 1
CXrghb6.png Update Outdated Software

Outdated software contain security risks that must be patched. Please download and install the latest version of the programmes below.

STEP 2
EtQetiM.png Remove Outdated Software

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search for the following programmes, right-click and click Uninstall one at a time.
  • Note: The programmes below may not be present. If this is the case, please skip to the next step.
    • Adobe Reader XI (11.0.07)
  • Follow the prompts, and reboot if necessary.
     

STEP 3
zANS9oB.png Disable Java in Your Browser
Due to frequent exploits we recommend you disable Java in your browser.
For information on Java vulnerabilities, please read the following article (point #7).

  • Click the 29Fou9c.jpg Windows Start Button  and type Java Control Panel (or javacpl) in the search bar. 
  • Click on the Java Control Panel. Once opened, click the Security tab.
  • Deselect the check box for Enable Java content in the browser. This will disable the Java plug-in in the browser. 
  • Click Apply. When the AVOiBNU.jpg Windows User Account Control (UAC) appears, allow permissions to make the changes. 
  • Click OK in the Java Plug-in confirmation window.
  • Restart your browser(s) for changes to take effect.
  • More information can be found here and here.
     

STEP 4
oxliOQk.png Security Check

  • Please download SecurityCheck and save the file to your Desktop.
  • Double-click SecurityCheck.exe and follow the onscreen instructions inside the black box.
  • A log (checkup.txt) will automatically open on your Desktop.
  • Copy the contents of the log and paste in your next reply.
     

======================================================
 
STEP 5
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • checkup.txt
  • How is your computer performing? Are there any outstanding issues?
Link to post
Share on other sites

Adam,  I updated the three Adobe products (and removed Adobe Reader XI).  I also disabled Java from running in my browsers and did the Security check. My pc is running well, thanks. 

 

May I ask if I need 'Winpcap"? 

 

Also,  interestingly my html editor (vim) was removed (not sure when/how or why).  Could it have been because it was determined to be unsafe?  If so, would you recommend a good free-source html editor please.  Thank you.

 

here is the SecurityCheck scan results:

 

 Results of screen317's Security Check version 0.99.93  
 Windows 7 Service Pack 1 x64   
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 Java 8 Update 25  
 Java version 32-bit out of Date!
 Adobe Flash Player 16.0.0.235  
 Adobe Reader 9 Adobe Reader out of Date!
 Mozilla Firefox (34.0)
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

Link to post
Share on other sites

After the restart,

 

 

 Results of screen317's Security Check version 0.99.93  
 Windows 7 Service Pack 1 x64   
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 Java 8 Update 25  
 Java version 32-bit out of Date!
 Adobe Flash Player 16.0.0.235  
 Adobe Reader 9  
 Adobe Reader XI  
 Mozilla Firefox (34.0)
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

Link to post
Share on other sites

  • Staff

Hi Don,
 

May I ask if I need 'Winpcap"? 

No, if you don't use the programme it can be uninstalled. 
 

Also,  interestingly my html editor (vim) was removed (not sure when/how or why).  Could it have been because it was determined to be unsafe?  If so, would you recommend a good free-source html editor please. 

The programme is safe, and can be reinstalled. 
 
----------------
 
Now for the good news!
 
All Clean!
Congratulations, your computer appears clean!  :)
I no longer see signs of malware on your computer, and feel satisfied that our work here is done. The steps below will remove the tools we have used, and reset any settings changed. I have also provided a list of resources and tools that you may find useful
 
My help will always be free. But if you are happy with the help provided, and would like to support my fight against malware and/or buy me a beer, please consider a donation. YSCcjW7.png
 
 
STEP 1
9SN2ePL.png ComboFix Uninstall

  • Press the Windows Key + r on your keyboard at the same time. Type the following text into the Run box:
    ComboFix /Uninstall
  • Click OK.
  • Note: It may appear as if Combofix is installing. This is not the case; the programme is uninstalling. Please do not interrupt the process.
     

STEP 2
AFZxnZc.jpg DelFix

  • Please download DelFix and save the file to your Desktop.
  • Double-click DelFix.exe to run the programme.
  • Place a checkmark next to the following items:
    • Activate UAC
    • Remove disinfection tools
    • Create registry backup
    • Purge system restore
    • Reset system settings
  • Click the Run button.

-- This will remove the specialised tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).
 
======================================================
 
I have compiled below a list of resources you may find useful. The articles document information on computer security, common infection vectors and how you can stay safe on the Internet.

The following programmes come highly recommended in the security community.

  • xKsUqI5A.png.pagespeed.ic.vn1Hlvqi8h.jpg AdBlock is a browser add-on that blocks annoying banners, pop-ups and video ads.
  • E8I37RF.pngCryptoPrevent places policy restrictions on loading points for ransomware (eg. CryptoWall), helping prevent the execution of malware. 
  • EG85Vjt.png Malwarebytes Anti-Exploit (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
  • x6YRrgUC.png.pagespeed.ic.HjgFxjvw2Z.jpg Malwarebytes Anti-Malware Premium (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
  • xjv4nhMJ.png.pagespeed.ic.A5YbWn1eDO.png NoScript is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
  • 3O8r9Uq.png Sandboxie isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
  • DgW1XL2.png.pagespeed.ce.v1OlJl_ZAS.png Secunia PSI will scan your computer for vulnerable software that is outdatedand automatically find the latest update for you.
  • xj1OLIec.png.pagespeed.ic.k6hhwopU0q.jpg SpywareBlaster is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
  • xJEP5iWI.png.pagespeed.ic.4tmM1lM7DQ.png Web of Trust (WOT) is a browser add-on designed to alert you before interacting with a potentially malicious website.

-- Please feel free to ask if you have any questions or concerns on computer security or the programmes above.
 
======================================================
 
Please confirm you have no outstanding issues, and are happy with the state of your computer. Once I have confirmation things are in order, we can wrap things up and I will close this thread. 
 
Thank you for using Malwarebytes.
 
Safe Surfing. :)
Adam

Link to post
Share on other sites

Adam,  you, Sir, are a star!  My pc runs very well now, even faster loading at start up.  I have followed all your instructions and they were quite thorough.

 

I will also be making a donation, because, though i am impressed with your dedication to the philosophy of helping those of us who are in need of assistance with their computers in a rather altruistic manner, I am aware that kind words does not feed the tummy.

 

Happy Holidays Adam to you and your loved ones and thank you very much,

 

Don

Link to post
Share on other sites

  • Staff

Hi Don, 
 

My pc runs very well now, even faster loading at start up.  I have followed all your instructions and they were quite thorough.

I'm pleased to hear. 
 

I will also be making a donation

Thank you. I appreciate that very much. :)
 

Happy Holidays Adam to you and your loved ones and thank you very much,

You're more than welcome. 
And the same to you and your family.
 
I will mark your topic as solved. 
 
All the best, 
Adam

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.