Jump to content

Malware removal assistance needed


Recommended Posts

Hi, 

Second attempt at this post as "froze" on log paste window.... so now attached files...

 

Have tried to remove     " reimage "     on a number of occasions, but keeps coming back... also a extension on chrome, I suspect as a problem also returns after deleting/ removing...

 

as two particular pup files being quarantined repeatedly and removed.... with MBAM  and another malware site actually listing itself on your exclusion website list ?

 

I await your response, thanks.

 

Jim

 

Australia Time zone.

FRST.txtAddition.txt

 

 

Link to post
Share on other sites

Minion%20Welcome.jpg

My name's Naathim and I'm a GeekU Minion! Now that we are mates and will be working together to clean your machine out of any junkware, feel free to call me Naat :)

Before we start please note the following:

  • Analysis and research take some time, also sometimes real life gets in the way, please be patient.
  • Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Paste the logs in your posts, attachments make my work harder and more complicated.
  • Stay with me to the end, the absence of symtoms doesn't mean that your machine is fully operational.
  • Note that we may live in totally different time zones, what may cause some delays between answers.
I can't foresee everything, so if anything unexpected happens, please stop and inform me!

There are no silly questions. Never be afraid to ask if in doubt!

Let's start and enjoy the fight! :)

warning.gif Rules and policies

We won't support any piracy.

That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!

The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.


51a46ae42d560-malwarebytes_anti_malware. Scan with Malwarebytes' Anti-Malware

Please download and install Malwarebytes Anti-Malware, or re-run it if you already have it installed.

  • First of all select update.
  • Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.
  • Click the Scan tab, choose Threat Scan is checked and click Scan Now.
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • At the bottom click Export and choose Text file.
Save the file to your desktop and include its content in your next reply.

warning.gif IOBit software warning!

I see that you are running some IOBit software. Although legitimate one, IOBit as a vendor is considered a rogue one here due to stealing Malwarebytes' interllectual property. This is only an information and a polite request to refrain from using its software. Whether you decide to do it or not, it's your call, but Advanced System Care and other like this are never recommended by the true experts.

51a612a8b27e2-Zoek.png Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:

    createsrpoint;autoclean;{33BB0A4E-99AF-4226-BDF6-49120163DE86};c{72EB4AE9-791A-826E-0765-1F291AD05049};c{A5B7E8EE-FE3E-4882-A6E1-A1CF431A0FC3};c{397AF45F-48C7-ADC4-21F2-0109E175AA3B};cgpailjkghfjdfeginpcebppcnhggbkin;chremptyclsid;AppleChargerSrv;sC:\Windows\System32\AppleChargerSrv.exe;fAppleCharger;sC:\Windows\System32\DRIVERS\AppleCharger.sys;f
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)
Please include its content in your next reply.

Don't forget to re-enable your switched-off protection software!

Link to post
Share on other sites

Hi Naat,

Thanks for taking the time out to help.

 

files as requested...

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 17/01/2015
Scan Time: 9:24:41 AM
Logfile: scan log 1.txt
Administrator: Yes
 
Version: 0.00.0.0000
Malware Database: v2015.01.16.14
Rootkit Database: v2015.01.14.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Jim
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 371865
Time Elapsed: 9 min, 39 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
Zoek.exe v5.0.0.0 Updated 15-01-2015
Tool run by Jim on Sat 17/01/2015 at  9:52:58.96.
Microsoft Windows 7 Professional  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Jim\Downloads\zoek.exe [scan all users] [script inserted] 
 
==== System Restore Info ======================
 
17/01/2015 9:55:26 AM Zoek.exe System Restore Point Created Succesfully.
 
==== Empty Folders Check ======================
 
C:\PROGRA~2\AGEIA Technologies deleted successfully
C:\PROGRA~2\MSXML 4.0 deleted successfully
C:\PROGRA~2\NewBlue deleted successfully
C:\PROGRA~3\934bcbfe-35c5-4039-88e2-8d1494de198e deleted successfully
C:\PROGRA~3\dcc1157c-0575-4f3a-b001-af9a2dcc0614 deleted successfully
C:\PROGRA~3\eSafe deleted successfully
C:\PROGRA~3\Oracle deleted successfully
C:\PROGRA~3\PopCapY deleted successfully
C:\PROGRA~3\Splashtop deleted successfully
C:\PROGRA~3\ZoomBrowser deleted successfully
C:\PROGRA~3\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A} deleted successfully
C:\Users\Jim\AppData\Roaming\1O1L1I1PtF1F1C1N deleted successfully
C:\Users\Jim\AppData\Roaming\Activeris deleted successfully
C:\Users\Jim\AppData\Roaming\Publish Providers deleted successfully
C:\Users\Jim\AppData\Roaming\Splashtop deleted successfully
C:\Users\Jim\AppData\Local\Sparta deleted successfully
C:\Users\Jim\AppData\Local\WorldofTanks deleted successfully
 
==== Deleting CLSID Registry Keys ======================
 
HKEY_USERS\S-1-5-21-4070555886-3179266670-2468568908-1000\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{72EB4AE9-791A-826E-0765-1F291AD05049} deleted successfully
HKEY_USERS\S-1-5-21-4070555886-3179266670-2468568908-1000\Software\Microsoft\Internet Explorer\SearchScopes\{72EB4AE9-791A-826E-0765-1F291AD05049} deleted successfully
HKEY_USERS\S-1-5-21-4070555886-3179266670-2468568908-1000\Software\Microsoft\Internet Explorer\SearchScopes\{A5B7E8EE-FE3E-4882-A6E1-A1CF431A0FC3} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully
HKEY_USERS\S-1-5-21-4070555886-3179266670-2468568908-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully
HKEY_USERS\S-1-5-21-4070555886-3179266670-2468568908-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully
HKEY_USERS\S-1-5-21-4070555886-3179266670-2468568908-1000\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} deleted successfully
HKEY_USERS\S-1-5-21-4070555886-3179266670-2468568908-1000\Software\Microsoft\Internet Explorer\SearchScopes\{EF43DDA6-15AF-4165-9257-B033520D64CD} deleted successfully
HKEY_USERS\S-1-5-21-4070555886-3179266670-2468568908-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{45D30484-7DED-43D9-957A-D2FD1F046511} deleted successfully
HKEY_USERS\S-1-5-21-4070555886-3179266670-2468568908-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6BF8123F-3009-498A-B607-1A0248967789} deleted successfully
HKEY_USERS\S-1-5-21-4070555886-3179266670-2468568908-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6BF8123F-3009-498A-B607-1A0248967789} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{45D30484-7DED-43D9-957A-D2FD1F046511} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{1D09C093-F71E-43C3-B948-19316CBD695E} deleted successfully
 
==== Deleting CLSID Registry Values ======================
 
HKEY_USERS\S-1-5-21-4070555886-3179266670-2468568908-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{6BF8123F-3009-498A-B607-1A0248967789} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{6BF8123F-3009-498A-B607-1A0248967789} deleted successfully
 
==== Deleting Services ======================
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AppleChargerSrv deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\AppleChargerSrv deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AppleCharger deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\AppleCharger deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ReimageRealTimeProtector deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ReimageRealTimeProtector deleted successfully
 
==== Deleting Files \ Folders ======================
 
C:\PROGRA~3\934bcbfe-35c5-4039-88e2-8d1494de198e not found
C:\PROGRA~3\dcc1157c-0575-4f3a-b001-af9a2dcc0614 not found
C:\PROGRA~3\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A} not found
C:\PROGRA~3\gpailjkghfjdfeginpcebppcnhggbkin deleted
C:\PROGRA~3\12880955223089693821 deleted
C:\PROGRA~2\uniisaelles deleted
C:\PROGRA~2\Free Video Converter deleted
C:\PROGRA~2\Movdap deleted
C:\Program Files\Reimage deleted
C:\PROGRA~2\globalUpdate deleted
C:\Users\Jim\AppData\Roaming\WB.CFG deleted
C:\Users\Jim\AppData\Roaming\FreeVideoConverter deleted
C:\Users\Jim\AppData\Roaming\MAGIX deleted
C:\Users\Jim\AppData\Roaming\Movdap deleted
C:\Users\Jim\AppData\Roaming\Web Cake deleted
C:\Users\Jim\AppData\Roaming\DriverCure deleted
C:\Users\Jim\AppData\Roaming\YoudaGames deleted
C:\Users\Jim\AppData\Roaming\Systweak deleted
C:\PROGRA~3\Reimage Protector deleted
C:\PROGRA~3\ProductData deleted
C:\PROGRA~3\MAGIX deleted
C:\PROGRA~3\InstallMate deleted
C:\PROGRA~3\Tarma Installer deleted
C:\PROGRA~3\Package Cache deleted
C:\PROGRA~3\SummerSoft deleted
C:\Users\Jim\AppData\Local\FileTypeAssistant deleted
C:\Users\Jim\AppData\Local\globalUpdate deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\FileTypeAssistant deleted
C:\windows\SysNative\Tasks\LaunchApp deleted
C:\rei deleted
C:\Users\Jim\AppData\LocalLow\ADSRemoval deleted
C:\windows\SysNative\tasks\ReimageUpdater deleted
C:\windows\SysNative\Tasks\Reimage Reminder deleted
C:\END deleted
"C:\windows\SysNative\AppleChargerSrv.exe" deleted
"C:\windows\SysNative\DRIVERS\AppleCharger.sys" deleted
 
==== Chromium Look ======================
 
Google Chrome Version: 39.0.2171.95 (Possible outdated, latest Stable version: 39.0.2171.99)
 
 
Google Docs - Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
Advanced SystemCare Surfing Protection - Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd
Google Voice Search Hotword (Beta) - Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
YouTube - Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
AdBlock - Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Google Wallet - Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
 
==== Chromium Startpages ======================
 
C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Preferences
"startup_urls": [ "https://www.google.com.au/" ],
 
 
==== Chromium Fix ======================
 
C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pckeeperapp.zeobit.com_0.localstorage deleted successfully
C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.selectgo00.selectgo.net_0.localstorage deleted successfully
 
==== Set IE to Default ======================
 
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Use Search Asst"="yes"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"Default"="www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{33BB0A4E-99AF-4226-BDF6-49120163DE86}"
 
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Use Search Asst"="no"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
 
==== All HKCU SearchScopes ======================
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"
 
==== Deleting Registry Keys ======================
 
HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WsysControl deleted successfully
 
==== Empty IE Cache ======================
 
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
 
==== Empty FireFox Cache ======================
 
No FireFox Profiles found
 
==== Empty Chrome Cache ======================
 
C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
 
==== Empty All Flash Cache ======================
 
Flash Cache Emptied Successfully
 
==== Empty All Java Cache ======================
 
Java Cache cleared successfully
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=141 folders=77 46209942 bytes)
 
==== Empty Temp Folders ======================
 
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Jim\AppData\Local\Temp will be emptied at reboot
C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
 
==== After Reboot ======================
 
==== Empty Temp Folders ======================
 
C:\Windows\Temp successfully emptied
C:\Users\Jim\AppData\Local\Temp successfully emptied
 
==== Empty Recycle Bin ======================
 
C:\$RECYCLE.BIN successfully emptied
 
==== EOF on Sat 17/01/2015 at 10:15:44.75 ======================
 
 
I await your reply, thank you.
 
Jim
 
Link to post
Share on other sites

Hello :)

51a612a8b27e2-Zoek.png Scan with ZOEK

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:

    createsrpoint;{33BB0A4E-99AF-4226-BDF6-49120163DE86};cprocesses;drivers-services-list;systemspecs;filesrcm;startupall;skipfix-iedefaults;firefoxlook;chromelook;installedprogs;
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)
Please include its content in your next reply.

Don't forget to re-enable your switched-off protection software!

Link to post
Share on other sites

Hi  Naat,

 

Next installment... file

also I note in the log report  .....under   -    "installed programs"  - Advertising center.........  have no idea what this is or where it came from...

 

and I see "Reimage RealTime Protector"  -  mentioned in the startup registry disabled x64

 

...Log File:-

 

 
Zoek.exe v5.0.0.0 Updated 15-01-2015
Tool run by Jim on Sat 17/01/2015 at 14:25:28.23.
Microsoft Windows 7 Professional  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Jim\Downloads\zoek.exe [scan all users] [script inserted] 
 
==== Older Logs ======================
 
C:\zoek-results2015-01-16-231544.log 13185 bytes
 
==== System Restore Info ======================
 
17/01/2015 2:26:37 PM Zoek.exe System Restore Point Created Succesfully.
 
==== Deleting CLSID Registry Keys ======================
 
HKEY_USERS\S-1-5-21-4070555886-3179266670-2468568908-1000\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} deleted successfully
 
==== Deleting CLSID Registry Values ======================
 
 
==== Installed Programs ======================
 
@BIOS  
Adobe Flash Player 16 ActiveX  
Adobe Flash Player 16 NPAPI  
Adobe Reader XI (11.0.10)  
Advanced SystemCare 8  
Advertising Center  
ArcSoft PhotoStudio 5.5  
AutoGreen B10.1021.1  
AVG 2014  
BlueStacks App Player  
Bookworm Deluxe 1.13  
Canon CanoScan Toolbox 5.0  
Canon MOV Decoder  
Canon Utilities CameraWindow  
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX  
Canon Utilities Digital Photo Professional 3.5  
Canon Utilities EOS Utility  
Canon Utilities MyCamera  
Canon Utilities PhotoStitch  
Canon Utilities Picture Style Editor  
Canon Utilities RemoteCapture Task for ZoomBrowser EX  
Canon Utilities WFT-E1/E2/E3/E4 Utility  
Canon Utilities ZoomBrowser EX  
Canon ZoomBrowser EX Memory Card Utility  
CanoScan LiDE 70  
Cinescore Studio 1.0  
D3DX10  
Debut Video Capture Software  
DES 2.0  
Dolby Home Theater v4  
Driver Booster 2.1  
Easy Tune 6 B11.0823.1  
EasyWeatherPlus  
Endless Legend  
Etron USB3.0 Host Controller  
Express Burn  
GIMP 2.8.6  
Golden Dozen Solitaire  
Google Chrome  
Google Earth  
Google Update Helper  
Graboid Video 4.5  
Humanized Enso  
ImagXpress  
Intel® Control Center  
Intel® Management Engine Components  
Intel® Processor Graphics  
IObit Malware Fighter  
IObit Uninstaller  
Java 7 Update 72  
Java Auto Updater  
Junk Mail filter update  
K-Lite Codec Pack 3.3.0 Full  
MAGIX 3D Maker 6.0.0.12 (UK)  
Malwarebytes Anti-Malware version 2.0.4.1028  
Menu Templates - Starter Kit  
Microsoft .NET Framework 4.5.1 RC  
Microsoft Application Error Reporting  
Microsoft Visual C++ 2005 Redistributable  
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17  
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161  
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219  
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219  
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610  
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610  
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610  
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610  
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610  
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610  
Microsoft Windows Media Video 9 VCM  
Movie Templates - Starter Kit  
MSVCRT  
MSVCRT_amd64  
MSVCRT110  
MSVCRT110_amd64  
MSXML 4.0 SP2 (KB954430)  
MSXML 4.0 SP2 (KB973688)  
Nero 9 Essentials  
Nero BurnRights  
Nero BurnRights Help  
Nero ControlCenter  
Nero CoverDesigner  
Nero CoverDesigner Help  
Nero Disc Copy Gadget  
Nero Disc Copy Gadget Help  
Nero DiscSpeed  
Nero DiscSpeed Help  
Nero DriveSpeed  
Nero DriveSpeed Help  
Nero Express Help  
Nero InfoTool  
Nero InfoTool Help  
Nero Installer  
Nero Online Upgrade  
Nero Rescue Agent  
Nero RescueAgent Help  
Nero ShowTime  
Nero StartSmart  
Nero StartSmart Help  
Nero Vision  
Nero Vision Help  
NeroExpress  
neroxml  
NVIDIA 3D Vision Controller Driver  
NVIDIA 3D Vision Controller Driver 280.19  
NVIDIA 3D Vision Driver 311.06  
NVIDIA Control Panel 311.06  
NVIDIA Graphics Driver 311.06  
NVIDIA HD Audio Driver 1.2.23.3  
NVIDIA Install Application  
NVIDIA PhysX  
NVIDIA Stereoscopic 3D Driver  
NVIDIA Update 1.11.3  
NVIDIA Update Components  
ON_OFF Charge B11.0110.1  
OpenOffice.org 2.3  
Peggle Deluxe 1.01  
Photo Common  
Pinball FX2  
Plants vs. Zombies  
PlayMemories Home  
Presto PageManager 7.15.14  
Realtek Ethernet Controller Driver  
Realtek High Definition Audio Driver  
Security Update for CAPICOM (KB931906)  
Sid Meier's Ace Patrol: Pacific Skies  
Sid Meier's Civilization V  
Smart 6 B11.0824.1  
Smart Defrag 3  
Sony DVD Architect Studio 4.5  
Sony Sound Forge Audio Studio 9.0  
Space Empires IV Deluxe  
Space Empires V  
Steam  
Surfing Protection  
Sword of the Stars Complete Collection  
Sword of the Stars II: Enhanced Edition  
Total War: ROME II - Emperor Edition  
TouchBIOS B11.0824.1  
Vegas Movie Studio Platinum 9.0  
VideoPad Video Editor  
Visual Studio 2010 x64 Redistributables  
Visual Studio 2012 x64 Redistributables  
Visual Studio 2012 x86 Redistributables  
VLC media player 2.0.8  
Windows Live Communications Platform  
Windows Live Essentials  
Windows Live ID Sign-in Assistant  
Windows Live Installer  
Windows Live Mail  
Windows Live MIME IFilter  
Windows Live Photo Common  
Windows Live PIMT Platform  
Windows Live SOXE  
Windows Live SOXE Definitions  
Windows Live UX Platform  
Windows Live UX Platform Language Pack  
Windows Live Writer  
Windows Live Writer Resources  
Zuma's Revenge  
 
==== Services(whitelist) ======================
Powered by E Dev
 
R2 - [AdobeARMservice] - Adobe Acrobat Update Service - c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe
R2 - [avgfws] - AVG Firewall - c:\program files (x86)\avg\avg2014\avgfws.exe
R2 - [AVGIDSAgent] - AVGIDSAgent - c:\program files (x86)\avg\avg2014\avgidsagent.exe
R2 - [avgwd] - AVG WatchDog - c:\program files (x86)\avg\avg2014\avgwdsvc.exe
R2 - [bstHdLogRotatorSvc] - BlueStacks Log Rotator Service - c:\program files (x86)\bluestacks\hd-logrotatorservice.exe
R2 - [bstHdUpdaterSvc] - BlueStacks Updater Service - c:\program files (x86)\bluestacks\hd-updaterservice.exe
R2 - [iMFservice] - IMF Service - c:\program files (x86)\iobit\iobit malware fighter\imfsrv.exe
R2 - [Nero BackItUp Scheduler 4.0] - Nero BackItUp Scheduler 4.0 - c:\program files (x86)\common files\nero\nero backitup 4\nbservice.exe
R2 - [nvsvc] - NVIDIA Display Driver Service - c:\windows\system32\nvvsvc.exe
R2 - [PMBDeviceInfoProvider] - PMBDeviceInfoProvider - c:\program files (x86)\sony\playmemories home\pmbdeviceinfoprovider.exe
R2 - [stereo Service] - NVIDIA Stereoscopic 3D Driver Service - c:\program files (x86)\nvidia corporation\3d vision\nvscpapisvr.exe
R2 - [wlidsvc] - Windows Live ID Sign-in Assistant - c:\program files\common files\microsoft shared\windows live\wlidsvc.exe
R2 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - c:\program files\windows media player\wmpnetwk.exe
R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe
R3 - [steam Client Service] - Steam Client Service - c:\program files (x86)\common files\steam\steamservice.exe
R3 - [VSS] - Volume Shadow Copy - c:\windows\system32\vssvc.exe
S2 - [bstHdAndroidSvc] - BlueStacks Android Service - c:\program files (x86)\bluestacks\hd-service.exe
S2 - [clr_optimization_v4.0.30319_32] - Microsoft .NET Framework NGEN v4.0.30319_X86 - c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe
S2 - [clr_optimization_v4.0.30319_64] - Microsoft .NET Framework NGEN v4.0.30319_X64 - c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe
S2 - [gupdate] - Google Update Service (gupdate) - c:\program files (x86)\google\update\googleupdate.exe
S2 - [LiveUpdateSvc] - LiveUpdate - c:\program files (x86)\iobit\liveupdate\liveupdate.exe
S2 - [nvUpdatusService] - NVIDIA Update Service Daemon - c:\program files (x86)\nvidia corporation\nvidia update core\daemonu.exe
S2 - [sppsvc] - Software Protection - c:\windows\system32\sppsvc.exe
S3 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe
S3 - [ALG] - Application Layer Gateway Service - c:\windows\system32\alg.exe
S3 - [aspnet_state] - ASP.NET State Service - c:\windows\microsoft.net\framework64\v4.0.30319\aspnet_state.exe
S3 - [clr_optimization_v2.0.50727_32] - Microsoft .NET Framework NGEN v2.0.50727_X86 - c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe
S3 - [clr_optimization_v2.0.50727_64] - Microsoft .NET Framework NGEN v2.0.50727_X64 - c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe
S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe
S3 - [ehRecvr] - Windows Media Center Receiver Service - c:\windows\ehome\ehrecvr.exe
S3 - [ehSched] - Windows Media Center Scheduler Service - c:\windows\ehome\ehsched.exe
S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe
S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe
S3 - [gupdatem] - Google Update Service (gupdatem) - c:\program files (x86)\google\update\googleupdate.exe
S3 - [iEEtwCollectorService] - Internet Explorer ETW Collector Service - c:\windows\system32\ieetwcollector.exe
S3 - [MSDTC] - Distributed Transaction Coordinator - c:\windows\system32\msdtc.exe
S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe
S3 - [PerfHost] - Performance Counter DLL Host - c:\windows\syswow64\perfhost.exe
S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - c:\windows\system32\locator.exe
S3 - [TrustedInstaller] - Windows Modules Installer - c:\windows\servicing\trustedinstaller.exe
S3 - [vds] - Virtual Disk - c:\windows\system32\vds.exe
S3 - [WatAdminSvc] - Windows Activation Technologies Service - c:\windows\system32\wat\watadminsvc.exe
S3 - [wbengine] - Block Level Backup Engine Service - c:\windows\system32\wbengine.exe
S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe
S4 - [sNMPTRAP] - SNMP Trap - c:\windows\system32\snmptrap.exe
 
==== Drivers(whitelist) ======================
Powered by E Dev
 
R0 - [AVGIDSHA] - AVGIDSHA - C:\Windows\system32\Drivers\AVGIDSHA.sys
R0 - [Avgloga] - AVG Logging Driver - C:\Windows\system32\Drivers\Avgloga.sys
R0 - [Avgmfx64] - AVG Mini-Filter Resident Anti-Virus Shield - C:\Windows\system32\Drivers\Avgmfx64.sys
R0 - [Avgrkx64] - AVG Anti-Rootkit Driver - C:\Windows\system32\Drivers\Avgrkx64.sys
R0 - [FileInfo] - File Information FS MiniFilter - C:\Windows\system32\Drivers\FileInfo.sys
R0 - [FltMgr] - FltMgr - C:\Windows\system32\Drivers\FltMgr.sys
R0 - [MBAMSwissArmy] - MBAMSwissArmy - C:\Windows\system32\Drivers\MBAMSwissArmy.sys
R0 - [Mup] - Mup - C:\Windows\system32\Drivers\Mup.sys
R1 - [NetBIOS] - NetBIOS Interface - C:\Windows\system32\Drivers\NetBIOS.sys
R3 - [srv] - Server SMB 1.xxx Driver - C:\Windows\system32\Drivers\srv.sys
R3 - [srv2] - Server SMB 2.xxx Driver - C:\Windows\system32\Drivers\srv2.sys
R0 - [ACPI] - Microsoft ACPI Driver - C:\Windows\system32\Drivers\ACPI.sys
R0 - [amdxata] - amdxata - C:\Windows\system32\Drivers\amdxata.sys
R0 - [atapi] - IDE Channel - C:\Windows\system32\Drivers\atapi.sys
R0 - [CLFS] - Common Log (CLFS) - C:\Windows\system32\Drivers\CLFS.sys [x]
R0 - [CNG] - CNG - C:\Windows\system32\Drivers\CNG.sys
R0 - [Disk] - Disk Driver - C:\Windows\system32\Drivers\Disk.sys
R0 - [fvevol] - Bitlocker Drive Encryption Filter Driver - C:\Windows\system32\Drivers\fvevol.sys
R0 - [hwpolicy] - Hardware Policy Driver - C:\Windows\system32\Drivers\hwpolicy.sys
R0 - [KSecDD] - KSecDD - C:\Windows\system32\Drivers\KSecDD.sys
R0 - [KSecPkg] - KSecPkg - C:\Windows\system32\Drivers\KSecPkg.sys
R0 - [mountmgr] - Mount Point Manager - C:\Windows\system32\Drivers\mountmgr.sys
R0 - [msisadrv] - msisadrv - C:\Windows\system32\Drivers\msisadrv.sys
R0 - [NDIS] - NDIS System Driver - C:\Windows\system32\Drivers\NDIS.sys
R0 - [partmgr] - Partition Manager - C:\Windows\system32\Drivers\partmgr.sys
R0 - [pci] - PCI Bus Driver - C:\Windows\system32\Drivers\pci.sys
R0 - [pciide] - pciide - C:\Windows\system32\Drivers\pciide.sys
R0 - [pcw] - Performance Counters for Windows Driver - C:\Windows\system32\Drivers\pcw.sys
R0 - [rdyboost] - ReadyBoost - C:\Windows\system32\Drivers\rdyboost.sys
R0 - [smartDefragDriver] - SmartDefragDriver - C:\Windows\system32\Drivers\SmartDefragDriver.sys
R0 - [spldr] - Security Processor Loader Driver - C:\Windows\system32\Drivers\spldr.sys
R0 - [storflt] - Disk Virtual Machine Bus Acceleration Filter Driver - C:\Windows\system32\Drivers\storflt.sys [x]
R0 - [Tcpip] - TCP/IP Protocol Driver - C:\Windows\system32\Drivers\Tcpip.sys
R0 - [vdrvroot] - Microsoft Virtual Drive Enumerator Driver - C:\Windows\system32\Drivers\vdrvroot.sys
R0 - [volmgr] - Volume Manager Driver - C:\Windows\system32\Drivers\volmgr.sys
R0 - [volmgrx] - Dynamic Volume Manager - C:\Windows\system32\Drivers\volmgrx.sys
R0 - [volsnap] - Storage volumes - C:\Windows\system32\Drivers\volsnap.sys
R0 - [Wdf01000] - Kernel Mode Driver Frameworks service - C:\Windows\system32\Drivers\Wdf01000.sys
R1 - [AFD] - Ancillary Function Driver for Winsock - C:\Windows\system32\Drivers\AFD.sys
R1 - [beep] - Beep - C:\Windows\system32\Drivers\Beep.sys
R1 - [tdx] - NetIO Legacy TDI Support Driver - C:\Windows\system32\Drivers\tdx.sys
R2 - [tcpipreg] - TCP/IP Registry Compatibility - C:\Windows\system32\Drivers\tcpipreg.sys
 
==== System Specs ======================
 
Windows: Windows 7 Professional Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 16302 MB
CPU Info: Intel® Core i7-2600K CPU @ 3.40GHz
CPU Speed: 3390.0 MHz
Sound Card: Speakers (Realtek High Definiti | 
Realtek Digital Output(Optical) | 
Realtek Digital Output (Realtek | 
Display Adapters: NVIDIA GeForce GTX 560  | NVIDIA GeForce GTX 560  | Intel® HD Graphics Family | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; SyncMaster 206BW(Digital) | 
Screen Resolution: 1680 X 1050 - 32 bit
Network: Network Present
Network Adapters: Realtek PCIe GBE Family Controller
CD / DVD Drives: 1x (D: | ) D: Optiarc DVD RW AD-7280S
Ports: COM1 LPT Port NOT Present. 
Mouse: 8 Button Wheel Mouse Present
Hard Disks: C:  931.4GB | K:  931.5GB | L:  931.5GB | N:  1397.3GB
Hard Disks - Free: C:  644.3GB | K:  22.1GB | L:  8.9GB | N:  1267.5GB
Manufacturer *: Award Software International, Inc.
BIOS Info: AT/AT COMPATIBLE | 10/11/11 | GBT    - 42302e31
Time Zone: AUS Eastern Standard Time
Motherboard *: Gigabyte Technology Co., Ltd. Z68XP-UD3
Country: Australia 
Language: ENA 
 
==== System Specs (Software) ======================
 
Anti-Virus: AVG Internet Security 2014 On-access scanning disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Anti-Spyware: IObit Malware Fighter disabled (Outdated)
Anti-Spyware: AVG Internet Security 2014 disabled (Outdated)
Firewall: AVG Internet Security 2014 disabled
Default Browser: Google Chrome 39.0.2171.99
Internet Explorer Version: 11.0.9600.17501 
Google Chrome version: 39.0.2171.99
Adobe Reader version: 11.0.10.32
Sun Java version: 1.7.0_72 (32-bit) 
Flash Player version: 16.0.0.257
 
==== Files Recently Created / Modified ======================
 
====== C:\Windows ====
====== C:\Users\Jim\AppData\Local\Temp ====
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2015-01-16 16:04:24 6BEA81D3173FC13402033ADC86C88E29 1050112 ----a-w- C:\Windows\SysWOW64\mstsc.exe
2015-01-16 16:04:24 471B09D4C3A4EFE36A18CC1F433FE299 4922368 ----a-w- C:\Windows\SysWOW64\mstscax.dll
2015-01-16 16:04:24 22FE6C9FB6C490F9D279F95E5996323D 37376 ----a-w- C:\Windows\SysWOW64\tsgqec.dll
2015-01-16 16:04:24 157E827DCEF60AB109537FD34885725A 269312 ----a-w- C:\Windows\SysWOW64\aaclient.dll
2015-01-14 20:51:49 8999F18D38D55E34D356796507FFD639 192000 ----a-w- C:\Windows\SysWOW64\rdpendp_winip.dll
2015-01-14 20:51:48 D3F64318307CEC05CBDE533D99976532 16896 ----a-w- C:\Windows\SysWOW64\wksprtPS.dll
2015-01-14 20:51:48 3F853160DEE5B71B9AD2F1BAF2B1E55B 46592 ----a-w- C:\Windows\SysWOW64\MsRdpWebAccess.dll
2015-01-13 21:06:30 FE48346938C1CDDDF4E4097DB9B99764 52224 ----a-w- C:\Windows\SysWOW64\nlaapi.dll
2015-01-13 21:06:30 92940397DFFB4D237EA5BB22FF912BDC 156672 ----a-w- C:\Windows\SysWOW64\ncsi.dll
2015-01-13 21:06:24 2AF481C03C0383ADE09FFEDA0C583140 3971512 ----a-w- C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-13 21:06:23 9606307F5E1EABA98ACB61206EFC2127 43008 ----a-w- C:\Windows\SysWOW64\srclient.dll
2015-01-13 21:06:23 8A289EF0AE709327D6AA9769E108B5A6 3916728 ----a-w- C:\Windows\SysWOW64\ntoskrnl.exe
====== C:\Windows\SysWOW64\drivers =====
2014-12-25 06:29:28 E5805896A55D4166C20F216249F40FA3 26528 ----a-w- C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS
====== C:\Windows\Sysnative =====
2015-01-16 16:04:24 FDC825DBD7B8FD5AEFE573E19342071B 5780480 ----a-w- C:\Windows\Sysnative\mstscax.dll
2015-01-16 16:04:24 E345E529C548F9A876DE0FCC9447F32C 1125888 ----a-w- C:\Windows\Sysnative\mstsc.exe
2015-01-16 16:04:24 C234A772C8A9198F302ECE50B05AC258 322560 ----a-w- C:\Windows\Sysnative\aaclient.dll
2015-01-16 16:04:24 760453BB975A6615D360651718CA3866 44032 ----a-w- C:\Windows\Sysnative\tsgqec.dll
2015-01-16 16:04:23 E9CB5F138943D383DB67F29AAB60453F 3179520 ----a-w- C:\Windows\Sysnative\rdpcorets.dll
2015-01-15 21:15:25 DCD00561CBDE7FC42A49D84783F4C00B 62976 ----a-w- C:\Windows\Sysnative\TSWbPrxy.exe
2015-01-15 21:15:22 2147C5330F983D76A36B73F4A804F778 16384 ----a-w- C:\Windows\Sysnative\RdpGroupPolicyExtension.dll
2015-01-14 20:51:49 F059D17612BF074443C01FCCC8D5C905 54272 ----a-w- C:\Windows\Sysnative\MsRdpWebAccess.dll
2015-01-14 20:51:49 D346E07D62E3D4BEAB040939744EC31B 228864 ----a-w- C:\Windows\Sysnative\rdpendp_winip.dll
2015-01-14 20:51:49 AD4D0AEDB5993EDA31EB80A54EDBC344 243200 ----a-w- C:\Windows\Sysnative\rdpudd.dll
2015-01-14 20:51:48 9EB297848DAACF111C36B6048EFF5AEA 43520 ----a-w- C:\Windows\Sysnative\TsUsbGDCoInstaller.dll
2015-01-14 20:51:48 7B619C36F84720CB6AB77031B6F4FA60 13312 ----a-w- C:\Windows\Sysnative\TsUsbRedirectionGroupPolicyExtension.dll
2015-01-14 20:51:48 6846ECABF7034DD97EE1DE38F1DA16B4 384000 ----a-w- C:\Windows\Sysnative\wksprt.exe
2015-01-14 20:51:48 0E894692EB8579703FB1EC8AB6908571 13312 ----a-w- C:\Windows\Sysnative\TsUsbRedirectionGroupPolicyControl.exe
2015-01-14 20:51:48 09112DADA82F4700F833C2E40DFB59FC 18432 ----a-w- C:\Windows\Sysnative\wksprtPS.dll
2015-01-13 21:06:31 B6A58491307B4CADA572583D863DC602 210432 ----a-w- C:\Windows\Sysnative\profsvc.dll
2015-01-13 21:06:30 8B301D474B478E9A92823BAB50A7BC49 303616 ----a-w- C:\Windows\Sysnative\nlasvc.dll
2015-01-13 21:06:24 0A70B8D78AF95894E221DDAC6482DF6D 5553592 ----a-w- C:\Windows\Sysnative\ntoskrnl.exe
2015-01-13 21:06:23 F4846789B3795F14DCB7D92ED1DAF74F 503808 ----a-w- C:\Windows\Sysnative\srcore.dll
2015-01-13 21:06:23 DE595EACC79006E7B15B848BF0831E78 296960 ----a-w- C:\Windows\Sysnative\rstrui.exe
2015-01-13 21:06:23 BA6D609BAB615991E8791CA1DFFD034C 50176 ----a-w- C:\Windows\Sysnative\srclient.dll
2015-01-08 23:13:09 4D5D8058F17C873B4F0792678BAA6534 34080 ----a-w- C:\Windows\Sysnative\SmartDefragBootTime.exe
2015-01-08 23:10:53 84E8B979BBBDD23AD84E88FD12236306 128288 ----a-w- C:\Windows\Sysnative\IObitSmartDefragExtension.dll
====== C:\Windows\Sysnative\drivers =====
2015-01-14 20:51:49 313F68E1A3E6345A4F47A36B07062F34 19456 ----a-w- C:\Windows\Sysnative\drivers\rdpvideominiport.sys
2015-01-14 20:51:48 AD64450A4ABE076F5CB34CC08EEACB07 30208 ----a-w- C:\Windows\Sysnative\drivers\TsUsbGD.sys
2015-01-14 20:51:48 17C6B51CBCCDED95B3CC14E22791F85E 57856 ----a-w- C:\Windows\Sysnative\drivers\TsUsbFlt.sys
2015-01-13 21:06:27 AE3334958D8F631FF14A0AEB3D7EFB3A 141312 ----a-w- C:\Windows\Sysnative\drivers\mrxdav.sys
2015-01-08 23:10:52 E77CB3736A702D46A6FB15FB4A9894E3 21184 ----a-w- C:\Windows\Sysnative\drivers\SmartDefragDriver.sys
2015-01-03 01:20:27 26C43960C99EE861A5D0EDC4DCF3B1C3 129752 ----a-w- C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys
2015-01-03 01:20:07 CA43F8904E24BBE49982E4C0B29E6579 25816 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys
2015-01-03 01:20:07 A646C2DDB8C46E9B20A326FAF566646C 63704 ----a-w- C:\Windows\Sysnative\drivers\mwac.sys
2015-01-03 01:20:07 478CC94C937D235CB0A96AB8F2359D81 93400 ----a-w- C:\Windows\Sysnative\drivers\mbamchameleon.sys
2014-12-26 20:02:15 059F00DEF82BF41E433B7ED465847726 155584 ----a-w- C:\Windows\Sysnative\drivers\ataport.sys
2014-12-26 20:02:10 B3222734D80013D2C73841B0C549FA63 27584 ----a-w- C:\Windows\Sysnative\drivers\Diskdump.sys
2014-12-26 20:02:10 A3F0BC5897F9D3786A3CB695B163633A 190912 ----a-w- C:\Windows\Sysnative\drivers\storport.sys
2014-12-26 20:02:10 96BB922A0981BC7432C8CF52B5410FE6 274880 ----a-w- C:\Windows\Sysnative\drivers\msiscsi.sys
2014-12-26 20:01:42 70988118145F5F10EF24720B97F35F65 119296 ----a-w- C:\Windows\Sysnative\drivers\tdx.sys
2014-12-26 20:01:10 1A29A59A4C5BA6F8C85062A613B7E2B2 1684928 ----a-w- C:\Windows\Sysnative\drivers\ntfs.sys
2014-12-25 09:20:24 7B486E26DCA97766F3617A395690E76A 941784 ----a-w- C:\Windows\Sysnative\drivers\Rt64win7.sys
2014-12-25 09:17:47 03CBDC540473AA54D43DF4C7AC5205C4 65152 ----a-w- C:\Windows\Sysnative\drivers\EtronHub3.sys
2014-12-20 01:05:06 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\Windows\Sysnative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
====== C:\Windows\Tasks ======
2015-01-08 23:13:09 F31941F0F6D0E10E52A1124BC75F6688 3170 ----a-w- C:\Windows\Sysnative\Tasks\SmartDefrag3_Update
2014-12-25 09:10:19 0A672DC8600ED68B222AC857379249E2 2850 ----a-w- C:\Windows\Sysnative\Tasks\ASC8_SkipUac_Jim
2014-12-25 06:30:20 143E7B0F153FEEA55D0E4D603BAC8DFE 2860 ----a-w- C:\Windows\Sysnative\Tasks\Driver Booster SkipUAC (SYSTEM)
2014-12-25 06:29:53 F00A7FA85CAD9EB1B61EBC565A8EDA3F 2892 ----a-w- C:\Windows\Sysnative\Tasks\Uninstaller_SkipUac_Jim
2014-12-25 06:29:33 DA2463FD4CDB3D33A2B564BF69C1D6D9 2850 ----a-w- C:\Windows\Sysnative\Tasks\Driver Booster SkipUAC (Jim)
2014-12-25 06:29:32 8E6ADD3902392A90CC0194007FB5E4E6 3220 ----a-w- C:\Windows\Sysnative\Tasks\Driver Booster Scan
2014-12-25 06:29:27 BEC6D895A16CA4BDE4083196A7D56068 3164 ----a-w- C:\Windows\Sysnative\Tasks\Driver Booster Update
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
2014-12-27 06:04:02 -------- d-----w- C:\PROGRA~2\CCTV View
2014-12-25 09:21:41 -------- d-----w- C:\PROGRA~2\COMMON~1\Java
2014-12-25 09:21:24 -------- d-----w- C:\PROGRA~2\Java
2014-12-25 06:29:44 -------- d-----w- C:\PROGRA~2\COMMON~1\IObit
======= C: =====
====== C:\Users\Jim\AppData\Roaming ======
2015-01-16 23:08:51 -------- d-----w- C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp
2015-01-16 23:08:51 -------- d-----w- C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp
2015-01-16 23:08:51 -------- d-----w- C:\Users\UpdatusUser\AppData\Local\Temp
2015-01-16 23:08:51 -------- d-----w- C:\Users\Jim\AppData\Local\Temp
2015-01-16 23:08:51 -------- d-----w- C:\Users\Default\AppData\Local\Temp
2015-01-16 23:08:51 -------- d-----w- C:\Users\Default User\AppData\Local\Temp
2015-01-11 04:52:24 -------- d-----w- C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-12-30 03:13:38 -------- d-sh--w- C:\Users\Jim\AppData\Locallow\EmieBrowserModeList
2014-12-30 03:13:38 -------- d-sh--w- C:\Users\Jim\AppData\Local\EmieBrowserModeList
====== C:\Users\Jim ======
2015-01-16 23:16:29 -------- d-----w- C:\ProgramData\ProductData
2015-01-15 22:57:25 D23EC5AF103C75F3496C19A5885CF2A2 2125312 ----a-w- C:\Users\Jim\Downloads\FRST64.exe
2015-01-08 23:10:50 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 3
2015-01-07 02:57:46 -------- d-----r- C:\Users\Jim\Favorites
2014-12-29 21:00:00 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
2014-12-25 09:21:27 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-12-25 06:29:51 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller
2014-12-25 06:29:42 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 8
2014-12-25 06:29:26 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 2
 
====== C: exe-files ==
2015-01-16 23:16:41 BA7DC0C9141BE7292CA7E744B6F19F26 897104 ----a-w- C:\Program Files (x86)\Google\Update\Install\{A1202809-D14C-4DD2-B341-E55D21D79236}\39.0.2171.99_39.0.2171.95_chrome_updater.exe
2015-01-16 23:16:41 BA7DC0C9141BE7292CA7E744B6F19F26 897104 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\39.0.2171.99\39.0.2171.99_39.0.2171.95_chrome_updater.exe
2015-01-16 16:04:24 E345E529C548F9A876DE0FCC9447F32C 1125888 ----a-w- C:\Windows\System32\mstsc.exe
2015-01-16 16:04:24 6BEA81D3173FC13402033ADC86C88E29 1050112 ----a-w- C:\Windows\SysWOW64\mstsc.exe
2015-01-15 22:57:25 D23EC5AF103C75F3496C19A5885CF2A2 2125312 ----a-w- C:\Users\Jim\Downloads\FRST64.exe
2015-01-15 21:15:25 DCD00561CBDE7FC42A49D84783F4C00B 62976 ----a-w- C:\Windows\System32\TSWbPrxy.exe
2015-01-14 20:51:48 6846ECABF7034DD97EE1DE38F1DA16B4 384000 ----a-w- C:\Windows\System32\wksprt.exe
2015-01-14 20:51:48 0E894692EB8579703FB1EC8AB6908571 13312 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
2015-01-13 21:06:24 2AF481C03C0383ADE09FFEDA0C583140 3971512 ----a-w- C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-13 21:06:24 0A70B8D78AF95894E221DDAC6482DF6D 5553592 ----a-w- C:\Windows\System32\ntoskrnl.exe
2015-01-13 21:06:23 DE595EACC79006E7B15B848BF0831E78 296960 ----a-w- C:\Windows\System32\rstrui.exe
2015-01-13 21:06:23 8A289EF0AE709327D6AA9769E108B5A6 3916728 ----a-w- C:\Windows\SysWOW64\ntoskrnl.exe
=== C: other files ==
2015-01-14 20:51:49 313F68E1A3E6345A4F47A36B07062F34 19456 ----a-w- C:\Windows\System32\drivers\rdpvideominiport.sys
2015-01-14 20:51:48 AD64450A4ABE076F5CB34CC08EEACB07 30208 ----a-w- C:\Windows\System32\drivers\TsUsbGD.sys
2015-01-14 20:51:48 17C6B51CBCCDED95B3CC14E22791F85E 57856 ----a-w- C:\Windows\System32\drivers\TsUsbFlt.sys
2015-01-14 05:56:36 1C127C52F2B06562FECF67A5E07D148B 188446 ----atw- C:\Users\Jim\Documents\Endless Legend\Save Files\AutoSave 1429.zip
2015-01-14 05:53:37 AA0BA6AD71A8B48DD0CFB6BB376F414F 186637 ----atw- C:\Users\Jim\Documents\Endless Legend\Save Files\AutoSave 1428.zip
2015-01-14 05:40:47 DC6E9B250DCDD15E276BBE953186B8FB 186266 ----atw- C:\Users\Jim\Documents\Endless Legend\Save Files\AutoSave 1427.zip
2015-01-14 05:37:57 CBD97E2C7323C9906007121F16F27363 185859 ----atw- C:\Users\Jim\Documents\Endless Legend\Save Files\AutoSave 1426.zip
2015-01-14 02:19:05 1C18357D8D7933BE4EFB776AC46F900E 11161583 ----a-w- C:\Users\Jim\Documents\Endless Legend\Temporary Files\e0073ab0-9a62-4ff1-947f-2fad510e3618\Default_V1.zip
2015-01-14 01:54:04 44F095A2411D8151B349511DD4AAA393 185734 ----atw- C:\Users\Jim\Documents\Endless Legend\Save Files\Wild Walkers - Attack Capital.zip
2015-01-14 01:52:37 B24A037DC367B67F71A0D52850BFD645 254553 ----atw- C:\Users\Jim\Documents\Endless Legend\Save Files\Wild Walkers - Sieze Holding 3.zip
2015-01-14 01:42:03 F60282B36992BE4C0CF020FAE905B54D 177022 ----atw- C:\Users\Jim\Documents\Endless Legend\Save Files\Wild Walkers - Sieze Holding 2.zip
2015-01-13 21:06:27 AE3334958D8F631FF14A0AEB3D7EFB3A 141312 ----a-w- C:\Windows\System32\drivers\mrxdav.sys
2015-01-12 20:17:33 EE203D8A37A1020CD1719809D9CB2B66 16577481 ----a-w- C:\Users\Jim\Documents\Endless Legend\Temporary Files\0f11d98e-0910-4bb3-b59c-ce76a51dfd99\Default_V1.zip
2015-01-12 04:09:21 F5857135DF54661F453A1103628017CF 177715 ----atw- C:\Users\Jim\Documents\Endless Legend\Save Files\Wild Walkers - All at WAR.zip
2015-01-11 20:57:33 04B928F2C65750B864E63DA2C9D8E1D3 14887732 ----a-w- C:\Users\Jim\Documents\Endless Legend\Temporary Files\b07bb10a-0f58-4ade-a007-0203e4bc7f77\Default_V1.zip
2015-01-11 03:09:04 63A9D65BFC70BA5C9BAE9FF213CBAEA4 245109 ----atw- C:\Users\Jim\Documents\Endless Legend\Save Files\Wild Walkers - It's You & I now.zip
2015-01-10 05:55:28 FC30991CC15B7E056132D93F8E0F3E67 245228 ----atw- C:\Users\Jim\Documents\Endless Legend\Save Files\Wild Walkers - City Defence 1.zip
2015-01-10 05:44:19 15AF521517BA597E6ACE122819E4A751 177135 ----atw- C:\Users\Jim\Documents\Endless Legend\Save Files\Wild Walkers - Sieze Attack start.zip
2015-01-10 05:37:35 5FD5E577E16445E779BBE78C469504AB 246873 ----atw- C:\Users\Jim\Documents\Endless Legend\Save Files\Wild Walkers - Attack 1.zip
 
==== Startup Registry Enabled ======================
 
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 8"="C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe /Auto"
 
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
 
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
 
[HKEY_USERS\S-1-5-21-4070555886-3179266670-2468568908-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup"
"Steam"="C:\Program Files (x86)\Steam\Steam.exe -silent"
"HumanizedEnso"="C:\Users\Jim\AppData\Local\HumanizedEnso\Enso.exe --disable-monologue-boxes"
 
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 8"="C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe /Auto"
 
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
 
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dolby Home Theater v4"="C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe -autostart"
"ISUSScheduler"="C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe -start"
"AVG_UI"="C:\Program Files (x86)\AVG\AVG2014\avgui.exe /TRAYONLY"
"PMBVolumeWatcher"="C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"BlueStacks Agent"="C:\Program Files (x86)\BlueStacks\HD-Agent.exe"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
 
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup"
"Steam"="C:\Program Files (x86)\Steam\Steam.exe -silent"
"HumanizedEnso"="C:\Users\Jim\AppData\Local\HumanizedEnso\Enso.exe --disable-monologue-boxes"
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\Windows\\SysWOW64\\nvinit.dll"
 
==== Startup Registry Enabled x64 ======================
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"
"RtHDVBg_Dolby"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 "
"WrtMon.exe"="C:\Windows\system32\spool\drivers\x64\3\WrtMon.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"RPMKickstart"="C:\Program Files\GIGABYTE\SMART6\Recovery\RPMKickstart.exe"
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\Windows\\system32\\nvinitx.dll"
 
==== Startup Registry Disabled x64 ======================
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\ReimageRealTimeProtector]
 
 
==== Task Scheduler Jobs ======================
 
C:\Windows\tasks\Adobe Flash Player Updater.job --a------ [undetermined Task]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [25/07/2013 04:50 PM]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [25/07/2013 04:50 PM]
 
==== Other Scheduled Tasks ======================
 
"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\ASC8_SkipUac_Jim" ["C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe" /SkipUac]
"C:\Windows\SysNative\tasks\Driver Booster Scan" [C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe]
"C:\Windows\SysNative\tasks\Driver Booster SkipUAC (Jim)" [C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe]
"C:\Windows\SysNative\tasks\Driver Booster SkipUAC (SYSTEM)" [C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe]
"C:\Windows\SysNative\tasks\Driver Booster Update" [C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe]
"C:\Windows\SysNative\tasks\SmartDefrag3_Update" [C:\Program Files (x86)\IObit\Smart Defrag 3\AutoUpdate.exe]
"C:\Windows\SysNative\tasks\Uninstaller_SkipUac_Administrator" [C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe]
"C:\Windows\SysNative\tasks\Uninstaller_SkipUac_Jim" [C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe]
 
==== Chromium Look ======================
 
Google Chrome Version: 39.0.2171.99 (Up to date, latest Stable version: 39.0.2171.99)
 
 
Google Docs - Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
Advanced SystemCare Surfing Protection - Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd
Google Voice Search Hotword (Beta) - Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
YouTube - Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
AdBlock - Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Google Wallet - Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
 
==== IE Start and Search Settings ======================
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{33BB0A4E-99AF-4226-BDF6-49120163DE86}"
 
==== All HKCU SearchScopes ======================
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=141 folders=77 46209942 bytes)
 
==== EOF on Sat 17/01/2015 at 14:28:53.45 ======================
 
 
Thanks,
 
Jim
Link to post
Share on other sites

Hi :)

I still see some IOBit software here. What's your decision about it?

JRTbythisisu.png Fix with Junkware Removal Tool

Please download JRT by Thisisu and save the file to your desktop.

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on JRTbythisisu.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Follow the prompts and let this process run uninterrupted.
  • This scan can take a while, depending on your System specs.
  • Upon completion, a log (JRT.txt) will open on your desktop.
Please include the contents of that file in your reply.

Do not forget to re-enable your previously switched off protection software!

Please also manually reboot your machine after this procedure.

adwcleaner_new.png Fix with AdwCleaner

Please download AdwCleaner by Xplode and save the file to your desktop.

  • Right-click on adwcleaner_new.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • The program will begin to update the database (if internet connection is operational). Please wait a little bit.
  • Follow the prompts and click Scan.
  • When finished, please click Clean.
  • Upon completion, click Report. A log (AdwCleaner[s*].txt) will open.
Please include the contents of that file in your reply.
Link to post
Share on other sites

Hi  Naat,

 

As you said, my option....and as you also said... not to use tools during the procedure.... and being thrifty - do not remove paid for programs whilst I do not have a better replacement!

 

I have uninstalled some of the IOBit software at your request as I do not endorse theft of any kind and take it on face value that you are truthful at this time.

 

Since the 2 remaining programs are in use... until a replacement for them is found or they expire their license period, they remain. If you have a program that carries out the same job, then direct me to it for assessment, thanks.

 

Now on with the job at hand...

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Professional x64
Ran by Jim on Sun 18/01/2015 at  8:32:28.46
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{44444444-4444-4444-4444-440444184458}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440444184458}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{44444444-4444-4444-4444-440444184458}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updatealbrechto_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updatealbrechto_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\utilalbrechto_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\utilalbrechto_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110411181158}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440444184458}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\updatealbrechto_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\updatealbrechto_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\utilalbrechto_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\utilalbrechto_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\speedmaxpc"
Successfully deleted: [Folder] "C:\Users\Jim\AppData\Roaming\speedmaxpc"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 18/01/2015 at  8:35:01.06
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
# AdwCleaner v4.108 - Report created 18/01/2015 at 09:03:48
# Updated 17/01/2015 by Xplode
# Database : 2015-01-13.2 [Live]
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Jim - JIM-PC
# Running from : C:\Users\Jim\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\NCH Software
Folder Deleted : C:\Program Files (x86)\NCH Software
Folder Deleted : C:\Users\Jim\AppData\Roaming\NCH Software
 
***** [ Scheduled Tasks ] *****
 
Task Deleted : LaunchApp
Task Deleted : ProgramRefresh-ATFST
Task Deleted : ProgramUpdateCheck
Task Deleted : ReimageUpdater
Task Deleted : Reimage Reminder
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6EC77D09-02CB-4E1F-E3C4-FB141B2610B3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FFE66D00-A56A-4F7F-81D7-4A28C5816D6C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\Bitberry Software
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\FileTypeAssistant
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\InstalledThirdPartyPrograms
Key Deleted : HKCU\Software\SpeedMaxPC
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\Reimage
Key Deleted : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\eSafeSecControl
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : HKLM\SOFTWARE\SpeedMaxPC
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Free Video Converter
Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : [x64] HKLM\SOFTWARE\InstalledThirdPartyPrograms
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
Key Deleted : [x64] HKLM\SOFTWARE\Reimage
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\qvo6.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\snapdo.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\v9.com
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17496
 
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [secondary Start Pages]
 
-\\ Google Chrome v39.0.2171.99
 
[C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://isearch.avg.com/search?cid={193CD69D-E6F4-4B68-B28C-E87E15C4953E}&mid=a93d132fb3d747d086d181ac0f2258da-5cfe0e4d64c65645f3628ac245431824ac4159e1&ds=AVG〈=en&v=15.2.0.5&sg=&pid=avg&pr=pr&d=2012-09-30 11:50:46&sap=dsp&q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [25444 octets] - [18/01/2015 08:59:51]
AdwCleaner[s0].txt - [6318 octets] - [18/01/2015 09:03:48]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [6378 octets] ##########
 
 
I appreciate your time to assist with this work, but I am a self made man and do not bend to the will of others, without just cause.  If you provide a acceptable alternate program, logics say that I would benefit and you also.
 
Jim
 
 
Link to post
Share on other sites

Hi Jim :)

I will post my recommendations later, first I need to make sure that you are clean and secure. So please bare with me, I think that we may be able to find suitable solutions. I totally understand your point as you appear that you know what are you doing - I just want you to know that there's a very blurred line between IObit software and any rogue one.

Please re-run FRST for me now. Make sure that addition box is checked and press scan. Post the two logs generated.

Link to post
Share on other sites

Hi  Naat,

 

Maybe sometimes... (know what I'm doing), been computing since Apple 11E 's back in 1985  with "Basic" but pretty grey these days.... ha ha 

 

next logfiles...

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-01-2015
Ran by Jim (administrator) on JIM-PC on 18-01-2015 17:39:39
Running from C:\Users\Jim\Downloads
Loaded Profiles: Jim (Available profiles: Jim & UpdatusUser)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
() C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Gigabyte Technology CO., LTD.) C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Gigabyte Technology CO.) C:\Program Files\GIGABYTE\SMART6\Recovery\RPMDaemon.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
() C:\Users\Jim\AppData\Local\HumanizedEnso\Enso.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
() C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
(InstallShield Software Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Gigabyte Technology CO., LTD.) C:\Program Files (x86)\GIGABYTE\smart6\timelock\AlarmClock.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12632168 2011-07-21] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2264168 2011-07-13] (Realtek Semiconductor)
HKLM\...\Run: [WrtMon.exe] => C:\Windows\system32\spool\drivers\x64\3\WrtMon.exe [20480 2006-09-20] ()
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [iSUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-02-17] (InstallShield Software Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5188112 2014-12-16] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [740888 2013-04-24] (Sony Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [blueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [839384 2014-09-16] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM\...\RunOnce: [RPMKickstart] => C:\Program Files\GIGABYTE\SMART6\Recovery\RPMKickstart.exe [2552320 2011-03-30] (Gigabyte Technology CO., LTD.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4070555886-3179266670-2468568908-1000\...\Run: [iSUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2005-02-17] (InstallShield Software Corporation)
HKU\S-1-5-21-4070555886-3179266670-2468568908-1000\...\Run: [steam] => C:\Program Files (x86)\Steam\Steam.exe [1940160 2014-11-19] (Valve Corporation)
HKU\S-1-5-21-4070555886-3179266670-2468568908-1000\...\Run: [HumanizedEnso] => C:\Users\Jim\AppData\Local\HumanizedEnso\Enso.exe [117232 2008-01-15] ()
HKU\S-1-5-18\...\Run: [Advanced SystemCare 8] => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe [2427680 2014-12-10] (IObit)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [245872 2013-02-26] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [201576 2013-02-26] (NVIDIA Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKU\S-1-5-21-4070555886-3179266670-2468568908-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com.au/?gfe_rd=cr&ei=TcChVL7XEsiN8Qef9ICYDw&gws_rd=ssl
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-4070555886-3179266670-2468568908-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.qvo6.com/web/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=ds&from=cor&uid=HitachiXHDS721010CLA630_JPS930N11SHN1L1SHN1LX&ts=1380665699&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4070555886-3179266670-2468568908-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.1.1.1
Tcpip\..\Interfaces\{A1AB101F-64E2-40AD-960C-5D9626A433F6}: [NameServer] 8.8.8.8
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.72.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.72.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR StartupUrls: Default -> "https://www.google.com.au/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\pdf.dll ()
CHR Plugin: (Advanced SystemCare 6) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkddabcabcabcabcabc\1.0.0_1\Plugin/ASCPlugin_Protect.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.450.18) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java Platform SE 7 U45) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Profile: C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-07-25]
CHR Extension: (Google Drive) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-25]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-25]
CHR Extension: (YouTube) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-25]
CHR Extension: (Google Search) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-25]
CHR Extension: (AdBlock) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-08-27]
CHR Extension: (Google Wallet) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-25]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdvancedSystemCareService8; C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe [815392 2014-11-04] (IObit)
R2 avgfws; C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [1417160 2014-12-16] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3247120 2014-12-16] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-12-16] (AVG Technologies CZ, s.r.o.)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2014-09-16] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384728 2014-09-16] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [777944 2014-09-16] (BlueStack Systems, Inc.)
R2 DES2 Service; C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [57344 2011-08-22] () [File not signed]
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2631456 2014-12-10] (IObit)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [483864 2013-04-24] (Sony Corporation)
R2 Smart TimeLock; C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [114688 2009-10-13] (Gigabyte Technology CO., LTD.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [57144 2013-09-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [244504 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [237848 2014-10-24] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-10-29] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-10-20] (AVG Technologies CZ, s.r.o.)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-09-16] (BlueStack Systems)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2014-11-25] ()
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2014-12-25] (REALiX)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [129752 2015-01-17] (Malwarebytes Corporation)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2013-08-11] ()
S3 cpuz134; \??\C:\Users\Jim\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-18 17:39 - 2015-01-18 17:39 - 00000000 ____D () C:\Users\Jim\Downloads\FRST-OlderVersion
2015-01-18 10:00 - 2015-01-18 10:00 - 00000000 ____D () C:\Users\Jim\AppData\Roaming\FiraxisLive
2015-01-18 09:13 - 2015-01-18 09:13 - 00006514 _____ () C:\Users\Jim\Desktop\AdwCleaner[s0] 1.txt
2015-01-18 08:59 - 2015-01-18 09:03 - 00000000 ____D () C:\AdwCleaner
2015-01-18 08:35 - 2015-01-18 08:35 - 00002452 _____ () C:\Users\Jim\Desktop\JRT.txt
2015-01-18 08:32 - 2015-01-18 08:32 - 00000000 ____D () C:\Windows\ERUNT
2015-01-18 08:27 - 2015-01-18 08:28 - 02186752 _____ () C:\Users\Jim\Downloads\AdwCleaner.exe
2015-01-18 08:25 - 2015-01-18 08:25 - 01707939 _____ (Thisisu) C:\Users\Jim\Downloads\JRT.exe
2015-01-17 17:42 - 2015-01-17 17:42 - 00000221 _____ () C:\Users\Jim\Desktop\Sid Meier's Civilization Beyond Earth.url
2015-01-17 14:54 - 2015-01-17 14:54 - 00036559 _____ () C:\Users\Jim\Desktop\zoek-results 2.txt
2015-01-17 14:26 - 2015-01-17 10:15 - 00013185 _____ () C:\zoek-results2015-01-16-231544.log
2015-01-17 10:32 - 2015-01-17 10:32 - 209715200 _____ () C:\Users\Jim\Documents\Lock Box.avgfv
2015-01-17 10:32 - 2015-01-17 10:32 - 00000790 _____ () C:\Users\Jim\Desktop\Lock Box.lnk
2015-01-17 10:17 - 2015-01-17 10:17 - 00013185 _____ () C:\Users\Jim\Desktop\zoek-results.txt
2015-01-17 10:16 - 2015-01-18 08:40 - 00000000 ____D () C:\ProgramData\ProductData
2015-01-17 09:55 - 2015-01-17 14:28 - 00036559 _____ () C:\zoek-results.log
2015-01-17 09:52 - 2015-01-17 10:07 - 00000000 ____D () C:\zoek_backup
2015-01-17 09:45 - 2015-01-17 09:45 - 01295360 _____ () C:\Users\Jim\Downloads\zoek.exe
2015-01-17 08:49 - 2015-01-17 08:49 - 00066042 _____ () C:\Users\Jim\Downloads\FRST (2).txt
2015-01-17 08:44 - 2015-01-17 08:44 - 00066042 _____ () C:\Users\Jim\Downloads\FRST (1).txt
2015-01-17 03:20 - 2015-01-18 09:20 - 00000392 _____ () C:\Windows\setupact.log
2015-01-17 03:20 - 2015-01-18 09:10 - 00002664 _____ () C:\Windows\PFRO.log
2015-01-17 03:20 - 2015-01-17 03:20 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-17 03:04 - 2014-08-29 13:07 - 05780480 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-01-17 03:04 - 2014-08-29 13:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-01-17 03:04 - 2014-08-29 13:07 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2015-01-17 03:04 - 2014-08-29 13:07 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-01-17 03:04 - 2014-08-29 13:06 - 01125888 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2015-01-17 03:04 - 2014-08-29 12:44 - 04922368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-01-17 03:04 - 2014-08-29 12:44 - 01050112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2015-01-17 03:04 - 2014-08-29 12:44 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-01-17 03:04 - 2014-08-29 12:44 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-01-16 11:40 - 2015-01-16 11:40 - 00034904 _____ () C:\Users\Jim\Desktop\Addition.txt
2015-01-16 11:34 - 2015-01-16 11:34 - 00066042 _____ () C:\Users\Jim\Desktop\FRST.txt
2015-01-16 10:00 - 2015-01-18 17:39 - 00018013 _____ () C:\Users\Jim\Downloads\FRST.txt
2015-01-16 10:00 - 2015-01-16 10:01 - 00034904 _____ () C:\Users\Jim\Downloads\Addition.txt
2015-01-16 09:59 - 2015-01-18 17:39 - 00000000 ____D () C:\FRST
2015-01-16 09:57 - 2015-01-18 17:39 - 02126336 _____ (Farbar) C:\Users\Jim\Downloads\FRST64.exe
2015-01-16 08:15 - 2014-12-12 04:47 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-16 08:15 - 2014-05-08 20:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-01-15 07:51 - 2015-01-15 07:51 - 00384000 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-01-15 07:51 - 2015-01-15 07:51 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-01-15 07:51 - 2015-01-15 07:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2015-01-15 07:51 - 2015-01-15 07:51 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2015-01-15 07:51 - 2015-01-15 07:51 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2015-01-15 07:51 - 2015-01-15 07:51 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2015-01-15 07:51 - 2015-01-15 07:51 - 00046592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2015-01-15 07:51 - 2015-01-15 07:51 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2015-01-15 07:51 - 2015-01-15 07:51 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys
2015-01-15 07:51 - 2015-01-15 07:51 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2015-01-15 07:51 - 2015-01-15 07:51 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2015-01-15 07:51 - 2015-01-15 07:51 - 00016896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2015-01-15 07:51 - 2015-01-15 07:51 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2015-01-15 07:51 - 2015-01-15 07:51 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2015-01-15 07:48 - 2015-01-15 07:48 - 67317760 _____ () C:\Windows\system32\config\SOFTWARE.iobit
2015-01-15 07:48 - 2015-01-15 07:48 - 00327680 _____ () C:\Windows\system32\config\DEFAULT.iobit
2015-01-15 07:48 - 2015-01-15 07:48 - 00028672 _____ () C:\Windows\system32\config\SECURITY.iobit
2015-01-15 07:48 - 2015-01-15 07:48 - 00028672 _____ () C:\Windows\system32\config\SAM.iobit
2015-01-14 08:06 - 2014-12-19 14:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 08:06 - 2014-12-19 12:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 08:06 - 2014-12-12 16:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 08:06 - 2014-12-12 16:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 08:06 - 2014-12-12 16:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 08:06 - 2014-12-12 16:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 08:06 - 2014-12-12 16:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 08:06 - 2014-12-12 16:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 08:06 - 2014-12-12 16:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 08:06 - 2014-12-06 15:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 08:06 - 2014-12-06 14:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 08:06 - 2014-12-06 14:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-11 15:52 - 2015-01-11 15:52 - 00000000 ____D () C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-01-09 10:13 - 2014-06-04 15:17 - 00034080 _____ (IObit) C:\Windows\system32\SmartDefragBootTime.exe
2015-01-09 10:10 - 2014-06-04 15:17 - 00128288 _____ (IObit) C:\Windows\system32\IObitSmartDefragExtension.dll
2015-01-03 12:20 - 2015-01-17 10:15 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-03 12:20 - 2015-01-03 12:20 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-03 12:20 - 2015-01-03 12:20 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-03 12:20 - 2015-01-03 12:20 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-03 12:20 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-03 12:20 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-03 12:20 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-03 12:14 - 2015-01-03 12:14 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Jim\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-01 08:55 - 2015-01-07 09:00 - 00004858 _____ () C:\Windows\system32\ScanResults.xml
2015-01-01 08:53 - 2015-01-07 08:58 - 00000464 _____ () C:\Windows\system32\ScannerSettings
2015-01-01 08:12 - 2015-01-01 08:12 - 00000000 ____D () C:\Users\Jim\Documents\Zen Studios
2014-12-31 17:53 - 2014-12-31 17:53 - 00000221 _____ () C:\Users\Jim\Desktop\Sword of the Stars II Enhanced Edition.url
2014-12-31 17:52 - 2014-12-31 17:52 - 00000220 _____ () C:\Users\Jim\Desktop\Space Empires V.url
2014-12-31 11:24 - 2014-12-31 11:24 - 00000220 _____ () C:\Users\Jim\Desktop\Space Empires IV Deluxe.url
2014-12-31 11:23 - 2014-12-31 11:23 - 00000221 _____ () C:\Users\Jim\Desktop\Sword of the Stars Complete Collection.url
2014-12-31 08:21 - 2014-12-31 08:21 - 00000222 _____ () C:\Users\Jim\Desktop\Pinball FX2.url
2014-12-30 14:13 - 2014-12-30 14:13 - 00000000 __SHD () C:\Users\Jim\AppData\Local\EmieBrowserModeList
2014-12-27 18:00 - 2014-12-27 18:00 - 00000222 _____ () C:\Users\Jim\Desktop\Total War ROME II - Emperor Edition.url
2014-12-27 17:04 - 2015-01-03 12:35 - 00000000 ____D () C:\Program Files (x86)\CCTV View
2014-12-27 17:04 - 2014-12-27 17:04 - 00000000 ____D () C:\Windows\SysWOW64\X86
2014-12-27 17:04 - 2014-12-27 17:04 - 00000000 ____D () C:\Windows\SysWOW64\AMD64
2014-12-27 07:05 - 2014-10-18 13:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-27 07:05 - 2014-10-18 12:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-27 07:04 - 2014-06-27 13:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-12-27 07:04 - 2014-06-27 12:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-12-27 07:03 - 2013-12-04 13:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-12-27 07:03 - 2013-12-04 13:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-12-27 07:03 - 2013-12-04 12:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-12-27 07:03 - 2013-12-04 12:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-12-27 07:03 - 2013-12-04 12:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-12-27 07:02 - 2014-07-09 13:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-12-27 07:02 - 2014-07-09 13:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-12-27 07:02 - 2014-07-09 13:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-12-27 07:02 - 2014-07-09 13:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-12-27 07:02 - 2014-07-09 13:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-12-27 07:02 - 2014-07-09 12:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-12-27 07:02 - 2014-07-09 12:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-12-27 07:02 - 2014-07-09 12:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-12-27 07:02 - 2014-07-09 12:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-12-27 07:02 - 2014-07-09 12:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-12-27 07:02 - 2014-07-09 09:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-12-27 07:02 - 2014-07-09 09:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-12-27 07:02 - 2014-06-25 13:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-12-27 07:02 - 2014-06-25 12:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-12-27 07:02 - 2014-06-24 14:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-12-27 07:02 - 2014-06-24 13:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-12-27 07:02 - 2014-02-04 13:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-12-27 07:02 - 2014-02-04 13:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-12-27 07:02 - 2014-02-04 13:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-12-27 07:02 - 2014-02-04 13:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-12-27 07:02 - 2014-02-04 13:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-12-27 07:02 - 2014-01-28 13:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-12-27 07:02 - 2013-12-04 13:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-12-27 07:02 - 2013-12-04 13:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-12-27 07:02 - 2013-12-04 13:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-12-27 07:02 - 2013-12-04 13:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-12-27 07:02 - 2013-12-04 13:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-12-27 07:02 - 2013-12-04 13:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-12-27 07:02 - 2013-12-04 13:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-12-27 07:02 - 2013-12-04 13:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-12-27 07:02 - 2013-12-04 13:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-12-27 07:02 - 2013-12-04 13:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-12-27 07:02 - 2013-12-04 13:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-12-27 07:02 - 2013-12-04 13:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-12-27 07:02 - 2013-12-04 12:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-12-27 07:02 - 2013-11-24 05:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2014-12-27 07:02 - 2013-11-24 04:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-12-27 07:02 - 2013-10-30 13:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2014-12-27 07:02 - 2013-10-30 13:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2014-12-27 07:02 - 2013-10-04 13:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2014-12-27 07:02 - 2013-10-04 13:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2014-12-27 07:02 - 2013-10-04 12:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2014-12-27 07:02 - 2013-10-04 12:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2014-12-27 07:02 - 2013-08-05 13:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2014-12-27 07:02 - 2013-07-04 23:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2014-12-27 07:02 - 2013-07-04 23:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2014-12-27 07:02 - 2013-07-04 22:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2014-12-27 07:02 - 2013-07-04 22:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2014-12-27 07:01 - 2014-11-11 12:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-27 07:01 - 2014-11-08 14:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-27 07:01 - 2014-11-08 13:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-27 07:01 - 2014-10-30 13:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-27 07:01 - 2014-10-30 12:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-27 07:01 - 2014-10-14 13:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-12-27 07:01 - 2014-10-14 12:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-12-27 07:01 - 2014-10-03 13:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-27 07:01 - 2014-10-03 13:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-27 07:01 - 2014-10-03 13:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-27 07:01 - 2014-10-03 13:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-27 07:01 - 2014-10-03 13:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-27 07:01 - 2014-10-03 12:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-27 07:01 - 2014-10-03 12:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-27 07:01 - 2014-10-03 12:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-27 07:01 - 2014-10-03 12:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-27 07:01 - 2014-10-03 12:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-27 07:01 - 2014-09-25 13:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-12-27 07:01 - 2014-09-25 12:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-12-27 07:01 - 2014-08-01 22:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-12-27 07:01 - 2014-08-01 22:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-12-27 07:01 - 2014-01-24 13:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-12-27 06:59 - 2013-08-28 12:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2014-12-25 20:22 - 2015-01-11 07:59 - 00000000 ____D () C:\Windows\B9DB4C7601A446D58910F7AA6376DBAF.TMP
2014-12-25 20:21 - 2014-12-25 20:21 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-12-25 20:21 - 2014-12-25 20:21 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-12-25 20:21 - 2014-12-25 20:21 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-12-25 20:21 - 2014-12-25 20:21 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-12-25 20:21 - 2014-12-25 20:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-12-25 20:21 - 2014-12-25 20:21 - 00000000 ____D () C:\Program Files (x86)\Java
2014-12-25 20:20 - 2014-12-25 20:20 - 00941784 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys
2014-12-25 20:20 - 2014-12-25 20:20 - 00073800 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2014-12-25 20:17 - 2014-12-25 20:17 - 00065152 _____ (Etron Technology Inc) C:\Windows\system32\Drivers\EtronHub3.sys
2014-12-25 20:10 - 2014-12-25 20:10 - 00002850 _____ () C:\Windows\System32\Tasks\ASC8_SkipUac_Jim
2014-12-25 17:29 - 2015-01-17 08:40 - 00002109 _____ () C:\Users\Public\Desktop\Advanced SystemCare 8.lnk
2014-12-25 17:29 - 2014-12-25 17:29 - 00026528 _____ (REALiX) C:\Windows\SysWOW64\Drivers\HWiNFO64A.SYS
2014-12-25 17:29 - 2014-12-25 17:29 - 00002892 _____ () C:\Windows\System32\Tasks\Uninstaller_SkipUac_Jim
2014-12-25 17:29 - 2014-12-25 17:29 - 00001156 _____ () C:\Users\Public\Desktop\IObit Uninstaller.lnk
2014-12-25 17:29 - 2014-12-25 17:29 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled
2014-12-25 17:29 - 2014-12-25 17:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 8
2014-12-23 19:10 - 2014-12-23 19:10 - 00000371 _____ () C:\Users\Jim\Documents\Potkin Research finds.txt
2014-12-20 12:05 - 2014-12-20 12:05 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-18 17:33 - 2013-07-25 16:30 - 00000000 ____D () C:\ProgramData\MFAData
2015-01-18 17:30 - 2014-03-14 11:39 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-18 16:28 - 2013-07-25 08:41 - 01169999 _____ () C:\Windows\WindowsUpdate.log
2015-01-18 10:00 - 2013-07-27 10:14 - 00000000 ____D () C:\Users\Jim\Documents\My Games
2015-01-18 10:00 - 2013-07-27 10:14 - 00000000 ____D () C:\Users\Jim\AppData\Local\My Games
2015-01-18 10:00 - 2013-07-26 17:05 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-18 09:27 - 2009-07-14 15:45 - 00022096 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-18 09:27 - 2009-07-14 15:45 - 00022096 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-18 09:26 - 2013-07-25 16:50 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-18 09:20 - 2013-07-25 15:48 - 00025640 _____ (Windows ® Server 2003 DDK provider) C:\Windows\gdrv.sys
2015-01-18 09:20 - 2009-07-14 16:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-18 09:19 - 2013-07-25 15:09 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-18 08:53 - 2013-07-27 09:05 - 00000000 ____D () C:\Program Files (x86)\IObit
2015-01-18 08:51 - 2013-07-27 09:10 - 00000000 ____D () C:\Users\Jim\AppData\Roaming\IObit
2015-01-17 18:31 - 2009-07-14 14:20 - 00000000 ____D () C:\Windows\rescache
2015-01-17 08:35 - 2009-07-14 14:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-17 03:16 - 2009-07-14 14:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-01-15 03:04 - 2013-08-12 18:05 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-15 03:00 - 2013-07-28 08:18 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-14 14:30 - 2014-03-14 11:39 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-14 14:30 - 2014-03-14 11:39 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-14 14:30 - 2014-03-14 11:39 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-09 09:04 - 2014-04-02 08:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-01-09 09:04 - 2013-11-21 12:55 - 00000965 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2015-01-07 13:57 - 2013-07-25 14:44 - 00000000 ____D () C:\Users\Jim
2015-01-07 09:35 - 2009-07-14 14:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-07 08:50 - 2013-08-19 21:09 - 00000129 _____ () C:\Users\Jim\AppData\Roaming\default.rss
2015-01-07 08:06 - 2013-07-27 08:30 - 00000000 ____D () C:\Users\Jim\AppData\Local\HumanizedEnso
2015-01-07 08:03 - 2009-07-14 14:20 - 00000000 ____D () C:\Windows\security
2015-01-03 12:40 - 2009-07-14 16:32 - 00000000 ____D () C:\Windows\addins
2014-12-31 17:51 - 2013-08-20 08:22 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-30 09:31 - 2009-07-14 15:45 - 00404336 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-30 09:19 - 2013-07-28 09:11 - 00000000 ____D () C:\Program Files (x86)\PopCap Games
2014-12-30 09:10 - 2014-08-03 08:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameTop.com
2014-12-30 09:10 - 2014-08-03 08:49 - 00000000 ____D () C:\Program Files (x86)\GameTop.com
2014-12-30 08:05 - 2013-07-25 14:45 - 00001196 _____ () C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-27 07:08 - 2009-07-14 14:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-12-27 07:08 - 2009-07-14 14:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-12-25 20:20 - 2013-07-25 15:35 - 00107552 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst64.dll
2014-12-25 20:17 - 2011-07-29 14:40 - 00088576 _____ (Etron Technology Inc) C:\Windows\system32\Drivers\EtronXHCI.sys
2014-12-25 17:29 - 2013-07-27 09:05 - 00000000 ____D () C:\ProgramData\IObit
2014-12-25 17:28 - 2014-11-25 06:34 - 00000000 ____D () C:\Users\Jim\AppData\Local\Adobe
2014-12-25 17:16 - 2009-07-14 16:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-12-21 09:09 - 2009-07-14 16:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-19 15:38 - 2013-07-26 17:28 - 00000220 _____ () C:\Users\Jim\Desktop\Sid Meier's Civilization V.url
 
==================== Files in the root of some directories =======
2013-07-28 08:16 - 2013-07-28 08:16 - 0050968 _____ (cake bake) C:\Program Files (x86)\WCDesktop.Updater.exe
2013-08-19 21:09 - 2015-01-07 08:50 - 0000129 _____ () C:\Users\Jim\AppData\Roaming\default.rss
2013-08-21 16:06 - 2013-08-21 16:06 - 0004608 _____ () C:\Users\Jim\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-10-12 09:02 - 2013-10-12 09:02 - 0047766 _____ () C:\Users\Jim\AppData\Local\recently-used.xbel
 
Some content of TEMP:
====================
C:\Users\Jim\AppData\Local\Temp\Quarantine.exe
C:\Users\Jim\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-14 17:26
 
==================== End Of Log ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-01-2015
Ran by Jim at 2015-01-18 17:40:08
Running from C:\Users\Jim\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG Internet Security 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2014 (Enabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
@BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.12 - GIGABYTE)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Advanced SystemCare 8 (HKLM-x32\...\Advanced SystemCare 8_is1) (Version: 8.0.3 - IObit)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
ArcSoft PhotoStudio 5.5 (HKLM-x32\...\{85309D89-7BE9-4094-BB17-24999C6118FC}) (Version:  - ArcSoft)
AutoGreen B10.1021.1 (HKLM-x32\...\InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}) (Version: 1.00.0000 - GIGABYTE)
AutoGreen B10.1021.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4800 - AVG Technologies)
AVG 2014 (Version: 14.0.4257 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4800 - AVG Technologies) Hidden
BlueStacks App Player (HKLM-x32\...\{FCE8EDCE-A5E7-4084-897D-7BC25DDBEA0F}) (Version: 0.9.3.4070 - BlueStack Systems, Inc.)
Bookworm Deluxe 1.13 (HKLM-x32\...\Bookworm Deluxe 1.13) (Version:  - )
Canon CanoScan Toolbox 5.0 (HKLM-x32\...\CanoScan Toolbox 5.0) (Version:  - )
Canon MOV Decoder (HKLM-x32\...\Canon MOV Decoder) (Version: 1.1.0.31 - Canon Inc.)
Canon Utilities CameraWindow (HKLM-x32\...\CameraWindowLauncher) (Version: 7.1.0.2 - Canon Inc.)
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (HKLM-x32\...\CameraWindowDVC6) (Version: 6.4.2.16 - Canon Inc.)
Canon Utilities Digital Photo Professional 3.5 (HKLM-x32\...\DPP) (Version: 3.5.2.0 - Canon Inc.)
Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 2.5.1.1 - Canon Inc.)
Canon Utilities MyCamera (HKLM-x32\...\MyCamera) (Version: 7.0.0.3 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.4.2.0 - Canon Inc.)
Canon Utilities RemoteCapture Task for ZoomBrowser EX (HKLM-x32\...\RemoteCaptureTask) (Version: 1.7.1.9 - Canon Inc.)
Canon Utilities WFT-E1/E2/E3/E4 Utility (HKLM-x32\...\WFTK) (Version: 3.3.0.0 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.2.1.31 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.2.0.9 - Canon Inc.)
CanoScan LiDE 70 (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2411) (Version:  - )
Cinescore Studio 1.0 (HKLM-x32\...\{F6C5F1A1-F459-498F-A50A-EE6C80799D3B}) (Version: 1.0.111 - Sony)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Debut Video Capture Software (HKLM-x32\...\Debut) (Version: 1.82 - NCH Software)
DES 2.0 (HKLM-x32\...\{675F86A8-E093-4002-87D5-915CC2C45571}) (Version: 1.00.0000 - Gigabyte)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.7000.7 - Dolby Laboratories Inc)
Easy Tune 6 B11.0823.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)
Easy Tune 6 B11.0823.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
EasyWeatherPlus (HKLM-x32\...\{CE1B03BC-3C99-4580-A2AC-A41DB9B83378}) (Version:  - 1.0)
Endless Legend (HKLM-x32\...\Steam App 289130) (Version:  - AMPLITUDE Studios)
Etron USB3.0 Host Controller (x32 Version: 0.104 - Etron Technology) Hidden
Express Burn (HKLM-x32\...\ExpressBurn) (Version:  - NCH Software)
GIMP 2.8.6 (HKLM\...\GIMP-2_is1) (Version: 2.8.6 - The GIMP Team)
Golden Dozen Solitaire (HKLM-x32\...\GoldenDozenSolitaire_is1) (Version: 1.0 - Media Contact LLC)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Graboid Video 4.5 (HKLM-x32\...\Graboid Video) (Version: 4.5 - Graboid Inc.)
Humanized Enso (HKU\S-1-5-21-4070555886-3179266670-2468568908-1000\...\HumanizedEnso) (Version:  - )
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2418 - Intel Corporation)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 4.1.6.25 - IObit)
Java 7 Update 72 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217072FF}) (Version: 7.0.720 - Oracle)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
K-Lite Codec Pack 3.3.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 3.30 - )
MAGIX 3D Maker 6.0.0.12 (UK) (HKLM-x32\...\MAGIX 3D Maker UK) (Version: 6.0.0.12 - MAGIX AG)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Menu Templates - Starter Kit (x32 Version: 9.4.6.0 - Nero AG) Hidden
Microsoft .NET Framework 4.5.1 RC (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50861 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Windows Media Video 9 VCM (HKLM-x32\...\WMV9_VCM) (Version:  - )
Movie Templates - Starter Kit (x32 Version: 9.4.6.0 - Nero AG) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 9 Essentials (HKLM-x32\...\{1390002e-6294-4d63-a174-6b42018d3caa}) (Version:  - Nero AG)
NVIDIA 3D Vision Controller Driver 280.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 280.19 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Graphics Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.2.23.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.2.23.3 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
ON_OFF Charge B11.0110.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
OpenOffice.org 2.3 (HKLM-x32\...\{8A268828-B6CB-4FC4-A680-83CE8F54DE67}) (Version: 2.3.9238 - OpenOffice.org)
Peggle Deluxe 1.01 (HKLM-x32\...\Peggle Deluxe 1.01) (Version:  - )
Pinball FX2 (HKLM-x32\...\Steam App 226980) (Version:  - Zen Studios)
Plants vs. Zombies (HKLM-x32\...\Plants vs. Zombies) (Version:  - PopCap Games)
PlayMemories Home (HKLM-x32\...\{0657DE52-8F5C-4073-B70C-ED4F3F7FA076}) (Version: 7.0.03.04240 - Sony Corporation)
Presto! PageManager 7.15.14 (HKLM-x32\...\{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}) (Version: 7.15.14E - NewSoft)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.46.531.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6423 - Realtek Semiconductor Corp.)
Sid Meier’s Ace Patrol: Pacific Skies (HKLM-x32\...\Steam App 244090) (Version:  - Firaxis)
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
Sid Meier's Civilization: Beyond Earth (HKLM-x32\...\Steam App 65980) (Version:  - Firaxis Games)
Smart 6 B11.0824.1 (HKLM-x32\...\{3B35725F-C623-4A1E-B5CC-99C0868679E3}) (Version: 1.00.0000 - GIGABYTE)
Sony DVD Architect Studio 4.5 (HKLM-x32\...\{B7C7A59F-CF70-481E-A94F-7C2563AA5ADD}) (Version: 4.5.107 - Sony)
Sony Sound Forge Audio Studio 9.0 (HKLM-x32\...\{20207CCE-A8FA-44A7-AA3D-1E43EB307B27}) (Version: 9.0.232 - Sony)
Space Empires IV Deluxe (HKLM-x32\...\Steam App 1610) (Version:  - Malfador Machinations)
Space Empires V (HKLM-x32\...\Steam App 1690) (Version:  - Malfador Machinations)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Sword of the Stars Complete Collection (HKLM-x32\...\Steam App 42890) (Version:  - Kerberos Productions Inc.)
Sword of the Stars II: Enhanced Edition (HKLM-x32\...\Steam App 42990) (Version:  - Kerberos Productions)
Total War: ROME II - Emperor Edition (HKLM-x32\...\Steam App 214950) (Version:  - Creative Assembly)
TouchBIOS B11.0824.1 (HKLM-x32\...\{A2EBACDD-09BB-4894-AE25-7168DB3BFA7F}) (Version: 1.00.0000 - GIGABYTE)
Vegas Movie Studio Platinum 9.0 (HKLM-x32\...\{DA507A38-4B2A-40C0-90AC-E30AAA0B757C}) (Version: 9.0.85 - Sony)
VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 3.10 - NCH Software)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.0.8 (HKLM-x32\...\VLC media player) (Version: 2.0.8 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Zuma's Revenge! (HKLM-x32\...\Zuma's Revenge!) (Version:  - PopCap Games)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
04-01-2015 18:05:45 Scheduled Checkpoint
12-01-2015 12:41:44 Scheduled Checkpoint
15-01-2015 03:00:25 Windows Update
15-01-2015 07:50:11 Windows Modules Installer
15-01-2015 07:51:12 Windows Modules Installer
17-01-2015 03:00:21 Windows Update
17-01-2015 08:34:46 Windows Update
17-01-2015 09:55:16 zoek.exe restore point
17-01-2015 14:26:23 zoek.exe restore point
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 13:34 - 2009-06-11 08:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0165FF7D-0D63-4730-802A-C5B0711E95D5} - System32\Tasks\{2DAF3393-19BA-456E-95D7-7E27F789384A} => pcalua.exe -a D:\SETUP.EXE -d D:\
Task: {05231CF8-77A9-4F47-87B3-6A743FBA69EC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-14] (Adobe Systems Incorporated)
Task: {1EB6485B-136B-4470-93A6-83964B014797} - System32\Tasks\{03309852-3F39-4447-8024-C7F2DAA8FC52} => pcalua.exe -a D:\PSTUDIO\Setup.exe -d D:\PSTUDIO
Task: {3B9EAF9D-7BD6-4071-A4AE-8894EF851246} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-25] (Google Inc.)
Task: {4822E93D-8563-43D8-AE0B-504D2B452F73} - System32\Tasks\ASC8_SkipUac_Jim => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe [2014-12-10] (IObit)
Task: {A5297321-2535-4702-AFC4-7DBF88FF6894} - System32\Tasks\Uninstaller_SkipUac_Jim => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-12-09] (IObit)
Task: {D5036D1B-89E9-4372-AE11-19EF4BA2B933} - System32\Tasks\{07BD8F22-6B1D-468D-9F59-05447DC4C31E} => pcalua.exe -a D:\monsetup.exe -d D:\
Task: {E6EDEB9F-ACA3-43AB-BEA2-8608F6BC232D} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-12-09] (IObit)
Task: {F3321216-65DE-45F4-894C-E01959BBF24B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-25] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-07-25 15:43 - 2013-01-19 02:00 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-07-25 15:41 - 2011-08-22 16:26 - 00057344 _____ () C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe
2013-07-25 15:34 - 2011-06-10 13:36 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-07-26 13:37 - 2006-09-20 09:35 - 00020480 _____ () C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
2008-01-15 07:42 - 2008-01-15 07:42 - 00117232 _____ () C:\Users\Jim\AppData\Local\HumanizedEnso\Enso.exe
2013-07-26 13:37 - 2006-09-19 17:05 - 00024576 _____ () C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
2014-12-25 17:29 - 2013-10-25 12:08 - 00517408 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\sqlite3.dll
2013-07-25 15:41 - 2009-05-04 18:56 - 00102400 _____ () C:\Program Files (x86)\GIGABYTE\EnergySaver2\ycc.dll
2013-02-26 01:32 - 2013-02-26 01:32 - 00004096 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2014-08-29 08:22 - 2014-11-12 05:48 - 01171456 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-08-29 08:22 - 2014-11-12 05:48 - 00442368 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-08-29 08:22 - 2014-11-12 05:48 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2013-07-01 09:20 - 2014-11-12 05:47 - 00774656 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2014-05-22 08:32 - 2014-11-19 07:23 - 02227904 _____ () C:\Program Files (x86)\Steam\video.dll
2014-08-29 08:22 - 2014-11-12 05:48 - 00403968 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-08-29 08:22 - 2014-11-12 05:48 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2013-07-09 18:56 - 2014-11-19 07:23 - 00690880 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2006-10-19 00:35 - 2006-10-19 00:35 - 01871872 _____ () C:\Users\Jim\AppData\Local\HumanizedEnso\PYTHON24.DLL
2006-04-21 07:39 - 2006-04-21 07:39 - 00086016 _____ () C:\Users\Jim\AppData\Local\HumanizedEnso\_ctypes.pyd
2008-01-13 05:57 - 2008-01-13 05:57 - 00029184 _____ () C:\Users\Jim\AppData\Local\HumanizedEnso\_LoggingBackend.dll
2008-01-13 05:55 - 2008-01-13 05:55 - 00015360 _____ () C:\Users\Jim\AppData\Local\HumanizedEnso\CLogging.dll
2008-01-13 05:56 - 2008-01-13 05:56 - 00029696 _____ () C:\Users\Jim\AppData\Local\HumanizedEnso\PyDtwinver.dll
2006-10-19 00:35 - 2006-10-19 00:35 - 00049152 _____ () C:\Users\Jim\AppData\Local\HumanizedEnso\_socket.pyd
2006-10-19 00:18 - 2006-10-19 00:18 - 00499712 _____ () C:\Users\Jim\AppData\Local\HumanizedEnso\_ssl.pyd
2006-10-19 00:35 - 2006-10-19 00:35 - 00135168 _____ () C:\Users\Jim\AppData\Local\HumanizedEnso\pyexpat.pyd
2008-01-13 05:56 - 2008-01-13 05:56 - 00030720 _____ () C:\Users\Jim\AppData\Local\HumanizedEnso\_CrashCatcherBackend.dll
2006-09-23 12:02 - 2006-09-23 12:02 - 00086016 _____ () C:\Users\Jim\AppData\Local\HumanizedEnso\win32api.pyd
2006-09-23 12:01 - 2006-09-23 12:01 - 00102400 _____ () C:\Users\Jim\AppData\Local\HumanizedEnso\pywintypes24.dll
2006-09-23 12:02 - 2006-09-23 12:02 - 00014336 _____ () C:\Users\Jim\AppData\Local\HumanizedEnso\win32clipboard.pyd
2008-01-13 05:56 - 2008-01-13 05:56 - 00147456 _____ () C:\Users\Jim\AppData\Local\HumanizedEnso\_ClipboardBackend.dll
2008-01-13 05:55 - 2008-01-13 05:55 - 00038912 _____ () C:\Users\Jim\AppData\Local\HumanizedEnso\AsyncEventProcessorRegistry.dll
2006-09-23 12:11 - 2006-09-23 12:11 - 00114688 _____ () C:\Users\Jim\AppData\Local\HumanizedEnso\win32gui.pyd
2006-09-23 12:03 - 2006-09-23 12:03 - 00028672 _____ () C:\Users\Jim\AppData\Local\HumanizedEnso\win32process.pyd
2008-01-13 05:57 - 2008-01-13 05:57 - 00106496 _____ () C:\Users\Jim\AppData\Local\HumanizedEnso\_pyAAc.dll
2006-09-23 12:12 - 2006-09-23 12:12 - 00327680 _____ () C:\Users\Jim\AppData\Local\HumanizedEnso\pythoncom24.DLL
2008-01-13 05:56 - 2008-01-13 05:56 - 00029696 _____ () C:\Users\Jim\AppData\Local\HumanizedEnso\_WindowManipulationBackend.dll
2008-01-13 05:57 - 2008-01-13 05:57 - 00118784 _____ () C:\Users\Jim\AppData\Local\HumanizedEnso\_InputManager.dll
2008-01-13 05:57 - 2008-01-13 05:57 - 00012800 _____ () C:\Users\Jim\AppData\Local\HumanizedEnso\Keyhook.dll
2006-09-23 12:15 - 2006-09-23 12:15 - 00151552 _____ () C:\Users\Jim\AppData\Local\HumanizedEnso\shell.pyd
2008-01-13 05:57 - 2008-01-13 05:57 - 00055296 _____ () C:\Users\Jim\AppData\Local\HumanizedEnso\_TransparentWindow.dll
2008-01-13 05:57 - 2008-01-13 05:57 - 00245760 _____ () C:\Users\Jim\AppData\Local\HumanizedEnso\libcairo-2.dll
2008-01-13 05:56 - 2008-01-13 05:56 - 00212992 _____ () C:\Users\Jim\AppData\Local\HumanizedEnso\freetype2.dll
2008-01-13 05:57 - 2008-01-13 05:57 - 00065536 _____ () C:\Users\Jim\AppData\Local\HumanizedEnso\_cairo.dll
2008-01-13 05:57 - 2008-01-13 05:57 - 00034304 _____ () C:\Users\Jim\AppData\Local\HumanizedEnso\_AsyncEventThread.dll
2008-01-13 05:58 - 2008-01-13 05:58 - 00050176 _____ () C:\Users\Jim\AppData\Local\HumanizedEnso\_WebWindow.dll
2008-01-13 05:58 - 2008-01-13 05:58 - 00037376 _____ () C:\Users\Jim\AppData\Local\HumanizedEnso\_PyMessageWindow.dll
2006-10-19 00:35 - 2006-10-19 00:35 - 00069632 _____ () C:\Users\Jim\AppData\Local\HumanizedEnso\zlib.pyd
2006-09-23 12:02 - 2006-09-23 12:02 - 00014848 _____ () C:\Users\Jim\AppData\Local\HumanizedEnso\win32event.pyd
2005-12-16 23:35 - 2005-12-16 23:35 - 00135168 _____ () C:\Users\Jim\AppData\Local\HumanizedEnso\cElementTree.pyd
2006-09-23 12:11 - 2006-09-23 12:11 - 00013312 _____ () C:\Users\Jim\AppData\Local\HumanizedEnso\win32inet.pyd
2008-01-13 05:55 - 2008-01-13 05:55 - 00017408 _____ () C:\Users\Jim\AppData\Local\HumanizedEnso\PyWinHttp.dll
2006-09-23 12:11 - 2006-09-23 12:11 - 00106496 _____ () C:\Users\Jim\AppData\Local\HumanizedEnso\win32security.pyd
2008-01-13 05:58 - 2008-01-13 05:58 - 00034304 _____ () C:\Users\Jim\AppData\Local\HumanizedEnso\_Twofish.dll
2006-09-23 12:02 - 2006-09-23 12:02 - 00090112 _____ () C:\Users\Jim\AppData\Local\HumanizedEnso\win32file.pyd
2008-01-13 05:57 - 2008-01-13 05:57 - 00237568 _____ () C:\Users\Jim\AppData\Local\HumanizedEnso\_hunspell.dll
2013-07-09 14:45 - 2014-11-12 05:48 - 34589888 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2014-05-22 15:01 - 2013-01-15 18:48 - 00348992 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl
2014-05-22 15:01 - 2013-01-15 18:48 - 00183616 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
2014-05-22 15:01 - 2013-01-15 18:48 - 00051008 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl
2015-01-17 10:17 - 2015-01-09 11:35 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\libglesv2.dll
2015-01-17 10:17 - 2015-01-09 11:35 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\libegl.dll
2015-01-17 10:17 - 2015-01-09 11:35 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\pdf.dll
2015-01-17 10:17 - 2015-01-09 11:35 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: ReimageRealTimeProtector => 2
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-4070555886-3179266670-2468568908-500 - Administrator - Disabled)
Guest (S-1-5-21-4070555886-3179266670-2468568908-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4070555886-3179266670-2468568908-1003 - Limited - Enabled)
Jim (S-1-5-21-4070555886-3179266670-2468568908-1000 - Administrator - Enabled) => C:\Users\Jim
UpdatusUser (S-1-5-21-4070555886-3179266670-2468568908-1001 - Limited - Enabled) => C:\Users\UpdatusUser
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/18/2015 09:21:11 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/18/2015 09:20:50 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (01/18/2015 09:11:49 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (01/18/2015 09:11:46 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/18/2015 09:03:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: PMBBrowser.exe, version: 7.0.3.4240, time stamp: 0x5176ebaf
Faulting module name: PMBBrowser.exe, version: 7.0.3.4240, time stamp: 0x5176ebaf
Exception code: 0xc0000005
Fault offset: 0x004a661a
Faulting process id: 0x19d8
Faulting application start time: 0xPMBBrowser.exe0
Faulting application path: PMBBrowser.exe1
Faulting module path: PMBBrowser.exe2
Report Id: PMBBrowser.exe3
 
Error: (01/18/2015 08:46:57 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/18/2015 08:46:52 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (01/18/2015 08:44:20 AM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: The handle is invalid
 
Error: (01/18/2015 08:44:20 AM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: The handle is invalid
 
 
System errors:
=============
Error: (01/18/2015 09:22:52 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error: 
%%1069
 
Error: (01/18/2015 09:22:52 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: 
%%1330
 
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
 
Error: (01/18/2015 09:20:50 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The BlueStacks Android Service service terminated with the following error: 
%%1064
 
Error: (01/18/2015 09:13:50 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error: 
%%1069
 
Error: (01/18/2015 09:13:50 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: 
%%1330
 
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
 
Error: (01/18/2015 09:11:49 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The BlueStacks Android Service service terminated with the following error: 
%%1064
 
Error: (01/18/2015 09:03:53 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Volume Shadow Copy service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (01/18/2015 09:03:53 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (01/18/2015 09:03:53 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (01/18/2015 09:03:53 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Live ID Sign-in Assistant service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
 
Microsoft Office Sessions:
=========================
Error: (01/18/2015 09:21:11 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/18/2015 09:20:50 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (01/18/2015 09:11:49 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (01/18/2015 09:11:46 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/18/2015 09:03:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: PMBBrowser.exe7.0.3.42405176ebafPMBBrowser.exe7.0.3.42405176ebafc0000005004a661a19d801d032a177e05f2fC:\Program Files (x86)\Sony\PlayMemories Home\PMBBrowser.exeC:\Program Files (x86)\Sony\PlayMemories Home\PMBBrowser.exeb6909b8f-9e94-11e4-a6df-50e549c6b129
 
Error: (01/18/2015 08:46:57 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/18/2015 08:46:52 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (01/18/2015 08:44:20 AM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: The handle is invalid
 
Error: (01/18/2015 08:44:20 AM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: The handle is invalid
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core i7-2600K CPU @ 3.40GHz
Percentage of memory in use: 22%
Total physical RAM: 16301.12 MB
Available physical RAM: 12686.19 MB
Total Pagefile: 32600.42 MB
Available Pagefile: 28848.08 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:931.41 GB) (Free:637.46 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 88DF6913)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
was the only/first 1440  modem for a hundred km around back in 1985 on the web...and I was teaching the IT Teachers how to do graphics in Basic language.......  too much water under the bridge since then...
 
Jim
 
 
Link to post
Share on other sites

Hi :)

Please update me how is your machine upon completion of these steps.

FRST.gif Fix with Farbar Recovery Scan Tool

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif

icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

Press the WindowsKey.png + R on your keyboard at the same time. Type Notepad and click OK.

  • Copy the entire content of the codebox below and paste into the Notepad document:

    startCreateRestorePoint:SearchScopes: HKU\S-1-5-21-4070555886-3179266670-2468568908-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.qvo6.c...q={searchTerms}SearchScopes: HKU\S-1-5-21-4070555886-3179266670-2468568908-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.qvo6.c...q={searchTerms}S3 cpuz134; \??\C:\Users\Jim\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]end
  • Click File, Save As and type fixlist.txt as the File Name.
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.

    > XP users click run after receipt of Windows Security Warning - Open File.

    > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.

  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please include it in your reply.

chrome.png Reset Chrome Plugins Cache

Open Google Chrome.

  • In the address bar type in the following: chrome://plugins
  • Press Enter.
  • Select one plugin from the list and disable it.
  • After that please re-enable it.
Finally please restart Google Chrome.
Link to post
Share on other sites

Hi  Naat,

 

Trialled eBay, YouTube etc. and no pop-ups or add blankets... so seems to be clear.

at present. Thanks.

 

not that it mattered but my winkey doesn't bring up my Run command as I have it used for enzo commands.... but as I knew what you wanted it was no difference for me. I use Start in my toolbar for my accessories, as notepad.

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-01-2015
Ran by Jim at 2015-01-20 08:56:19 Run:1
Running from C:\Users\Jim\Downloads
Loaded Profiles: Jim (Available profiles: Jim & UpdatusUser)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
CreateRestorePoint:
SearchScopes: HKU\S-1-5-21-4070555886-3179266670-2468568908-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.qvo6.c...q={searchTerms}
SearchScopes: HKU\S-1-5-21-4070555886-3179266670-2468568908-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.qvo6.c...q={searchTerms}
S3 cpuz134; \??\C:\Users\Jim\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
end
*****************
 
Restore point was successfully created.
HKU\S-1-5-21-4070555886-3179266670-2468568908-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-4070555886-3179266670-2468568908-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key deleted successfully.
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found. 
cpuz134 => Service deleted successfully.
 
==== End of Fixlog 08:56:36 ====
 
So are we clean / done, now?
if so,  then I await your recommendation for replacing my programs as Advanced System Care 8  and  IObit Uninstaller as I will most likely install MBAM soon for real time protection, but I have a query about it's method....
As when trialling it prior to your assistance..... it still interrupted the flow with a "block" screen each time a keystroke/click was made to activate the malware....... this was as annoying as the malware adds..... I would hope this was not the expected thing with the "pro" version after a clean system?
 
Jim
:)  :unsure:
Link to post
Share on other sites

BTW   - my username is  ORGASMICTOMATO......  not  organictomato.....

 

accepted world wide..... do the search....

 

Jim

Link to post
Share on other sites

Hi :)

I am not the one who changed anything, so you should contact one of the administrators for some explanations.

Please do these for me now:

51a46ae42d560-malwarebytes_anti_malware. Scan with Malwarebytes' Anti-Malware

Please re-run 51a46ae42d560-malwarebytes_anti_malware. Malwarebytes' Anti-Malware.

  • First of all, select update.
  • Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.
  • Click the Scan tab, choose Threat Scan is checked and click Scan Now.
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the newest Scan Log.
  • At the bottom click Export and choose Text file.
Save the file to your desktop and include its content in your next reply.

panda-av.jpg Scan with Panda Cloud Cleaner

This type of scan often produces false positives. In any case do not remove on your own any of its findings! Removal will be made after the careful analysis of the scan results.

Please download Panda Cloud Cleaner and save the file to your desktop.

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Install the scanner by right-click on panda-av.jpg icon and select RunAsAdmin.jpg Run as Administrator.
  • It should start itself automaticaly after the installation.
  • In the main console click Accept and Scan.
  • This scan won't take long, about several minutes (depending on your system specs). Let it run uninterrupted.
  • At the last stage you will see a couple of messages about veryfying & analyzing results. Wait patiently.
  • Upon completion you will see detections window. Enter one of them and click there View Report at the bottom right side.
  • A notepad window named PCloudCleaner.log will open. Save it to your desktop.
Please include the contents of that file in your next reply.

Don't forget to re-enable your switched-off protection software!

After that you may uninstall Panda Cloud Cleaner from your machine, if you wish to.

Link to post
Share on other sites

Hi  Naat,

 

I know, but I have better things to do than try to deal with uneducated children with personal problems, showing their ignorance for all to see. If they want to change my username illegally without my permission and with no notification, then the sooner we are finished the better as I can then close my account as people like this (Admin) will see no business from me, thanks. (small minds small people)

 

log files, before panda cloud cleaner and after...

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 21/01/2015
Scan Time: 7:09:06 AM
Logfile: scan log 21.txt
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.01.20.10
Rootkit Database: v2015.01.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Jim
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 372491
Time Elapsed: 8 min, 32 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 1
PUP.Optional.Qone8, HKU\S-1-5-21-4070555886-3179266670-2468568908-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Quarantined, [401135c2d2b7c2748b39b12a3bc938c8], 
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
Malware. FILE: C:\USERS\JIM\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ZPPX8LLW.TXT to be deleted.
 
Malware. FILE: C:\USERS\JIM\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\WE8EKG2L.TXT to be deleted.
 
Malware. FILE: C:\USERS\JIM\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\FBX4DWEY.TXT to be deleted.
 
Malware. FILE: C:\USERS\JIM\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\1Q12RURO.TXT to be deleted.
 
Malware. FILE: C:\USERS\JIM\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MS2ENPBU.TXT to be deleted.
 
Malware. FILE: C:\USERS\JIM\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\2F7HXPAL.TXT to be deleted.
 
Malware. FILE: C:\USERS\JIM\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\3TIK90FV.TXT to be deleted.
 
Malware. FILE: C:\USERS\JIM\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HJPZNTJZ.TXT to be deleted.
 
Malware. FILE: C:\USERS\JIM\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\JRYJEX2K.TXT to be deleted.
 
Malware. FILE: C:\USERS\JIM\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ZXVHPTU3.TXT to be deleted.
 
Malware. FILE: C:\USERS\JIM\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\6BWEDWPP.TXT to be deleted.
 
Malware. FILE: C:\USERS\JIM\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\PV483HD0.TXT to be deleted.
 
Malware. FILE: C:\USERS\JIM\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\S7SJ47MJ.TXT to be deleted.
 
Malware. FILE: C:\USERS\JIM\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\KX6NF12Z.TXT to be deleted.
 
Malware. FILE: C:\USERS\JIM\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\DDC18AJJ.TXT to be deleted.
 
Malware. FILE: C:\USERS\JIM\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\7W22LM0H.TXT to be deleted.
 
Malware. FILE: C:\USERS\JIM\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\XWDRL052.TXT to be deleted.
 
Malware. FILE: C:\USERS\JIM\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\CTVH6VIK.TXT to be deleted.
 
Malware. REGKEY: HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND. Value: (null) To be changed to: C:\Program Files\Internet Explorer\IEXPLORE.EXE.
 
Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[HIDEFILEEXT] to be changed to: 0
 
Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[HIDEFILEEXT] to be changed to: 0
 
Malware. REGKEY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM[DISABLEREGISTRYTOOLS]. Value: DISABLEREGISTRYTOOLS To be deleted.
 
Malware. REGKEY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM[DISABLETASKMGR]. Value: DISABLETASKMGR To be deleted.
 
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 21/01/2015
Scan Time: 8:41:27 AM
Logfile: scan log 8_50 21j.txt
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.01.20.12
Rootkit Database: v2015.01.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Jim
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 372327
Time Elapsed: 7 min, 15 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 1
PUP.Optional.Qone8, HKU\S-1-5-21-4070555886-3179266670-2468568908-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Quarantined, [163b6b8cf59482b4d35a5d7fdd27c23e], 
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
How would you like it if I changed your name to " Gnaat "  - just because...... see my point...
 
Jim  (orgasmictomato)
 
 
 
Link to post
Share on other sites

Jim,

being honest I think that your name just seemed inappropriate for some reason. I do not have any powers here to change anything, so you should discuss this wit an Administrator.

51c9d14017fa0-SecurityCheck.PNG Scan with Security Check

Please download Security Check by Screen317 and save it to your desktop.

  • Right-click on 51c9d14017fa0-SecurityCheck.PNG icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Follow onscreen instructions inside the black box. This scan won't take long.
  • Soon a notepad document called checkup.txt will open automaticaly.
Please include the content of that document.
Link to post
Share on other sites

 Results of screen317's Security Check version 0.99.94  

 Windows 7 Service Pack 1 x64 (UAC is enabled)  

 Internet Explorer 11  

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Firewall Enabled!  

AVG Internet Security 2014   

 Antivirus up to date!   

`````````Anti-malware/Other Utilities Check:````````` 

 Panda Cloud Cleaner   

 Java 7 Update 72  

 Java version 32-bit out of Date! 

 Adobe Flash Player 16.0.0.257  

 Adobe Reader XI  

 Google Chrome (39.0.2171.95) 

 Google Chrome (39.0.2171.99) 

````````Process Check: objlist.exe by Laurent````````  

 AVG avgwdsvc.exe 

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C: 0% 

````````````````````End of Log`````````````````````` 
Link to post
Share on other sites

OK, let's upgrade Java for now.

updates.png Update outdated software

Staying always updated is crucial, not only for your operating system, but also for any third-party installed software.

Your logs clearly indicate that some of your software needs updating.

javacup.png Updating Java manually

  • Click the Start button
  • Click Control Panel
  • Double click Java - Looks like a coffee cup. You may have to switch to Classical View to see it.
  • Click the Update tab
  • Click Update Now
  • Allow any updates to be downloaded and installed.
  • If prompted (during the installation) to also install ASK toolbar, leave this unchecked - Ask does not have a good reputation.
  • From Control panel also please remove any older versions of Java - do not leave them installed!.
Please remember to keep your software always updated. It's crucial as the bugs are still discovered and patched by the vendors.

51a5ce45263de-delfix.png Clean with DelFix

Please download DelFix by Xplode and save it to your desktop.

  • Right-click on 51a5ce45263de-delfix.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Ensure that Remove disinfection tools, Purge system restore and Reset system settings are checked.
  • Push Run.
  • When finished, it will display a notepad report.
Include it for my review.

Please also manually reboot your machine after posting your logfile.

Link to post
Share on other sites

My java auto update was turned off because it kept "updating"  on a daily basis, even though the latest version was already installed......let's hope that version 8 is better than that.

 

also version 7 update 72 was installed as my latest version on 25/12/ 2014....  so why would security scan flag java outdated 32 bit??? as I use 64bit version...doesn't comply.

 

setting is for weekly checks, not daily...

 

# DelFix v10.8 - Logfile created 22/01/2015 at 09:57:26
# Updated 29/07/2014 by Xplode
# Username : Jim - JIM-PC
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
 
~ Removing disinfection tools ...
 
Deleted : C:\FRST
Deleted : C:\zoek_backup
Deleted : C:\AdwCleaner
Deleted : C:\Users\Jim\Downloads\FRST-OlderVersion
Deleted : C:\zoek-results.log
Deleted : C:\zoek-results2015-01-16-231544.log
Deleted : C:\Users\Jim\Desktop\Addition 3.txt
Deleted : C:\Users\Jim\Desktop\Addition.txt
Deleted : C:\Users\Jim\Desktop\AdwCleaner[s0] 1.txt
Deleted : C:\Users\Jim\Desktop\Fixlog.txt
Deleted : C:\Users\Jim\Desktop\FRST 3.txt
Deleted : C:\Users\Jim\Desktop\FRST.txt
Deleted : C:\Users\Jim\Desktop\JRT.txt
Deleted : C:\Users\Jim\Desktop\zoek-results 2.txt
Deleted : C:\Users\Jim\Desktop\zoek-results.txt
Deleted : C:\Users\Jim\Downloads\Addition.txt
Deleted : C:\Users\Jim\Downloads\AdwCleaner.exe
Deleted : C:\Users\Jim\Downloads\Fixlog.txt
Deleted : C:\Users\Jim\Downloads\FRST (1).txt
Deleted : C:\Users\Jim\Downloads\FRST (2).txt
Deleted : C:\Users\Jim\Downloads\FRST.txt
Deleted : C:\Users\Jim\Downloads\FRST64.exe
Deleted : C:\Users\Jim\Downloads\JRT.exe
Deleted : C:\Users\Jim\Downloads\SecurityCheck.exe
Deleted : C:\Users\Jim\Downloads\zoek.exe
Deleted : HKLM\SOFTWARE\AdwCleaner
 
~ Cleaning system restore ...
 
Deleted : RP #131 [scheduled Checkpoint | 01/12/2015 01:41:44]
Deleted : RP #132 [Windows Update | 01/14/2015 16:00:25]
Deleted : RP #133 [Windows Modules Installer | 01/14/2015 20:50:11]
Deleted : RP #134 [Windows Modules Installer | 01/14/2015 20:51:12]
Deleted : RP #135 [Windows Update | 01/16/2015 16:00:21]
Deleted : RP #136 [Windows Update | 01/16/2015 21:34:46]
Deleted : RP #137 [zoek.exe restore point | 01/16/2015 22:55:16]
Deleted : RP #138 [zoek.exe restore point | 01/17/2015 03:26:23]
Deleted : RP #140 [Restore Point Created by FRST | 01/19/2015 21:56:23]
 
New restore point created !
 
~ Resetting system settings ... OK
 
########## - EOF - ##########
 
 
Jim
Link to post
Share on other sites

Hi :)

Below you will find my thoughts about securing your machine. Go ahead through it, you will benefit from some useful advice about safe computing.

Recommended reading:

icon_exclaim.gif MUST READ - security tips: Computer Security - a short guide to staying safer online.

icon_exclaim.gif MUST READ - general maintenance: What to do if your Computer is running slowly?

Recommended additional software:

icon_arrow.gif TFC - to clean unneeded temporary files.

icon_arrow.gif Malwarebytes' Anti-Malware - to scan your system from time to time in search for malware.

icon_arrow.gif Malwarebytes' Anti-Exploit - to prevent plenty of mostly exploited vulnerabilities.

icon_arrow.gif McShield - to prevent infections spread by removable media.

icon_arrow.gif CryptoPrevent - to secure yourself from very severe CryptoLocker infection.

icon_arrow.gif Unchecky - to prevent from installing additional foistware, implemented in legitimate installations.

Now if you have any other questions, feel free to ask me. Otherwise simply acknowledge my recommendations and this topic will be closed.

Minion-Bye-smaller.jpg

Stay safe,

Naat :)

Link to post
Share on other sites

Hi  Naat,

 

Thanks for all the info and your time here.

 

My account will now be terminated as I will not stay in a controlling situation as this forum, so maybe  "advanced setup" or whoever took it upon themselves to try to dominate my username here... for self benefit...or need....may one day actually learn to understand the English language or read a dictionary even (Oxford) as then they may understand some of the problems of this planet....... So many people trying to control the others for self gain, thinking they are the chosen one.... FAIL

 

I have survived 65 years on this earth in the midst of all the corruption, greed and contempt for human life, maybe somewhere in the distant future is a answer, as human life is extinguished and replaced with a better form that is reliant on all the other species for themselves to survive. Then and only then may I return to see this for myself.

 

Jim (orgasmictomato)

Australia

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.