Jump to content

Adware Present, Malwarebytes Not Finding The Threats Now


marrow

Recommended Posts

Hi there.

 

I have a HP laptop with Windows 7 on it. It's a used laptop, I got it recently from a friend and they had Sophos antivirus on there. It sucked, but I depended on that for protection for awhile until one day I realized that Sophos wouldn't update no matter how many times I tried updating it. I decided to download the free trial of Malwarebytes after that because I had another computer (Windows XP) that had it on there and that computer was old, but it wasn't getting any viruses on it. When I downloaded the free version of Malwarebytes onto my laptop it worked great when I had what I think was just an adware infection and it prevented the adware from popping up. Then my trial ended (this happened just a few days ago), so I downloaded Malwarebytes premium today and while it seems to have gotten rid of some of the stuff that was supposedly infecting my system after I scanned it several times, the adware is still appearing everywhere. I also downloaded the Farbar Recovery Scan Tool. I ran that just now, here is the log and the additional log:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-02-2015
Ran by Robert_Halenda (administrator) on ROBERTHALENDA on 17-02-2015 20:25:27
Running from C:\Users\Robert_Halenda\Downloads
Loaded Profiles: Robert_Halenda (Available profiles: Robert_Halenda)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(HP) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Livescribe) C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Remote Management System\RouterNT.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [intelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-05-02] (Intel® Corporation)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [569200 2011-02-18] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [HPQuickWebProxy] => C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [168504 2011-06-28] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1342008 2011-08-26] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [574008 2011-07-11] (Hewlett-Packard Development Company, L.P.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4061329147-3275801034-3357550431-1000\...\Run: [GoogleChromeAutoLaunch_E9DA72BC843C1F9158AD78BC8C44537C] => "C:\Users\Robert_Halenda\AppData\Local\Taplika\Application\taplika.exe" --auto-launch-at-startup --profile-directory="Default"
HKU\S-1-5-21-4061329147-3275801034-3357550431-1000\...\Run: [KSS] => "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun
HKU\S-1-5-21-4061329147-3275801034-3357550431-1000\...\RunOnce: [uninstall C:\Users\Robert_Halenda\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Robert_Halenda\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64"
HKU\S-1-5-21-4061329147-3275801034-3357550431-1000\...\RunOnce: [uninstall C:\Users\Robert_Halenda\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Robert_Halenda\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112"
HKU\S-1-5-21-4061329147-3275801034-3357550431-1000\...\Policies\Explorer: [NoInstrumentation] 1
HKU\S-1-5-21-4061329147-3275801034-3357550431-1000\...\MountPoints2: {b6713d14-148f-11e3-bff7-e4115b23653a} - G:\VerizonSWUpgradeAssistantLauncher.exe
HKU\S-1-5-21-4061329147-3275801034-3357550431-1000\...\MountPoints2: {f916390d-3f55-11e3-aa96-e4115b23653a} - G:\MotorolaDeviceManagerSetup.exe -a
HKU\S-1-5-18\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
AppInit_DLLs: C:\PROGRA~2\Sophos\Sophos C:\PROGRA~2\Sophos\Sophos => C:\PROGRA~2\Sophos\Sophos C:\PROGRA~2\Sophos\Sophos File Not Found
AppInit_DLLs-x32: C:/PROGRA~3/{B2565A95-E2D4-8B13-5352-FB9183D0281F}/1.7.1.0/cone.dll => C:/PROGRA~3/{B2565A95-E2D4-8B13-5352-FB9183D0281F}/1.7.1.0/cone.dll [649216 2015-02-02] ()
AppInit_DLLs-x32:  _C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll => "C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll" File Not Found
AppInit_DLLs-x32:  c:\progra~2\sophos\sophos anti-virus\sophos_detoured.dll => c:\Program Files (x86)\Sophos\sophos anti-virus\sophos_detoured.dll [221840 2013-08-29] (Sophos Limited)
AppInit_DLLs-x32:  c:\progra~2\sophos\sophos anti-virus\sophos_detoured.dll => c:\Program Files (x86)\Sophos\sophos anti-virus\sophos_detoured.dll [221840 2013-08-29] (Sophos Limited)
AppInit_DLLs-x32:  c:\progra~2\sophos\sophos anti-virus\sophos_detoured.dll => c:\Program Files (x86)\Sophos\sophos anti-virus\sophos_detoured.dll [221840 2013-08-29] (Sophos Limited)
AppInit_DLLs-x32:  c:\progra~2\sophos\sophos anti-virus\sophos_detoured.dll => c:\Program Files (x86)\Sophos\sophos anti-virus\sophos_detoured.dll [221840 2013-08-29] (Sophos Limited)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd64&cd=2XzuyEtN2Y1L1Qzu0EyEtCtCyD0BtBtAyCyDtA0AtDtDyEyDtN0D0Tzu0SyDyEyDtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1L1C1H1B1QyCyE&cr=587386991&ir=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd64&cd=2XzuyEtN2Y1L1Qzu0EyEtCtCyD0BtBtAyCyDtA0AtDtDyEyDtN0D0Tzu0SyDyEyDtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1L1C1H1B1QyCyE&cr=587386991&ir=
SearchScopes: HKLM -> {0B512C3F-62E9-48DC-9327-87C8ABB5725B} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM -> {67809D8F-8682-4404-0B80-0883D8DDBAAA} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {2A66B2E8-FA91-4C3C-ADA5-63E88093ECAE} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd64&cd=2XzuyEtN2Y1L1Qzu0EyEtCtCyD0BtBtAyCyDtA0AtDtDyEyDtN0D0Tzu0SyDyEyDtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1L1C1H1B1QyCyE&cr=587386991&ir=
SearchScopes: HKLM-x32 -> {0B512C3F-62E9-48DC-9327-87C8ABB5725B} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 -> {5A5D1FB0-9B61-F1C9-C80F-72B95B6E4877} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-4061329147-3275801034-3357550431-1000 -> DefaultScope {2A66B2E8-FA91-4C3C-ADA5-63E88093ECAE} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3291326&CUI=UN17182649852023329&UM=2
SearchScopes: HKU\S-1-5-21-4061329147-3275801034-3357550431-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-4061329147-3275801034-3357550431-1000 -> {0B512C3F-62E9-48DC-9327-87C8ABB5725B} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-4061329147-3275801034-3357550431-1000 -> {2A66B2E8-FA91-4C3C-ADA5-63E88093ECAE} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3291326&CUI=UN17182649852023329&UM=2
SearchScopes: HKU\S-1-5-21-4061329147-3275801034-3357550431-1000 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKU\S-1-5-21-4061329147-3275801034-3357550431-1000 -> {67809D8F-8682-4404-0B80-0883D8DDBAAA} URL = http://search.babylon.com/?q={searchTerms}&AF=100486&babsrc=SP_ss&mntrId=42540045000000000000e4115b23653a
SearchScopes: HKU\S-1-5-21-4061329147-3275801034-3357550431-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
SearchScopes: HKU\S-1-5-21-4061329147-3275801034-3357550431-1000 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-4061329147-3275801034-3357550431-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
BHO: eassytOshopa -> {10c69977-0f93-4692-9bbe-2374976d348e} -> C:\ProgramData\eassytOshopa\gFZzBZon8QcEDN.x64.dll ()
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: gureatsaaving -> {aba59f56-d240-4bb8-b34c-f30cd39988e0} -> C:\Program Files (x86)\gureatsaaving\bPzhW31SIyh5N9.x64.dll ()
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: eassytOshopa -> {10c69977-0f93-4692-9bbe-2374976d348e} -> C:\ProgramData\eassytOshopa\gFZzBZon8QcEDN.dll ()
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: DownloadTerms -> {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} -> C:\Users\Robert_Halenda\AppData\Local\DownloadTerms\temp.dat ()
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: getsav-in 5.0 -> {7937AA21-FB29-445C-8739-E1E33582FBDE} ->  No File
BHO-x32: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: gureatsaaving -> {aba59f56-d240-4bb8-b34c-f30cd39988e0} -> C:\Program Files (x86)\gureatsaaving\bPzhW31SIyh5N9.dll ()
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 19 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9-x64 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132088] (Sophos Limited)
Winsock: Catalog9-x64 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132088] (Sophos Limited)
Winsock: Catalog9-x64 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132088] (Sophos Limited)
Winsock: Catalog9-x64 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132088] (Sophos Limited)
Winsock: Catalog9-x64 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132088] (Sophos Limited)
Winsock: Catalog9-x64 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132088] (Sophos Limited)
Winsock: Catalog9-x64 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132088] (Sophos Limited)
Winsock: Catalog9-x64 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132088] (Sophos Limited)
Winsock: Catalog9-x64 19 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132088] (Sophos Limited)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Robert_Halenda\AppData\Roaming\Mozilla\Firefox\Profiles\oj44ne36.default-1408371888641
FF DefaultSearchEngine: Google
FF SelectedSearchEngine: Taplika
FF Homepage: hxxp://www.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF Plugin HKU\S-1-5-21-4061329147-3275801034-3357550431-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Robert_Halenda\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Extension: Media Finder plugin - C:\Users\Robert_Halenda\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\@themediafinder.com [2013-09-24]
FF Extension: CoolSaleCoUPonn - C:\Users\Robert_Halenda\AppData\Roaming\Mozilla\Firefox\Profiles\oj44ne36.default-1408371888641\Extensions\yW@jB.edu [2015-02-17]
FF Extension: DownloadTerms - C:\Program Files (x86)\Mozilla Firefox\extensions\cxfnl@nxazbwxrbgsgfqqp.net [2015-01-27]
FF Extension: WordOv - C:\Program Files (x86)\Mozilla Firefox\extensions\gmijq@bnasdndblib.com [2015-01-27]
FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com [2015-01-27]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\coFFPlgn
FF Extension: No Name - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\coFFPlgn [2013-08-17]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\IPSFFPlgn
FF Extension: No Name - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\IPSFFPlgn [2013-06-17]
StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [hdhihajbmafmgilcciomnamcjfkdhikl] - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx [2011-04-14]
CHR HKLM-x32\...\Chrome\Extension: [lgnbhdnimikkoodkogjlcllngimhlapp] - No Path
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\Exts\Chrome.crx [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
R2 f22bc34d; c:\Program Files (x86)\lightergeneration\lightergeneration.dll [2052096 2015-01-24] () [File not signed]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2375168 2011-03-07] (Realsil Microelectronics Inc.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-05-02] ()
R2 PenCommService; C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe [473088 2013-08-21] (Livescribe) [File not signed]
R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [217592 2013-08-29] (Sophos Limited)
R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [159296 2013-08-29] (Sophos Limited)
S2 Sophos Agent; C:\Program Files (x86)\Sophos\Remote Management System\ManagementAgentNT.exe [289856 2013-08-29] (Sophos Limited)
R2 Sophos Message Router; C:\Program Files (x86)\Sophos\Remote Management System\RouterNT.exe [818240 2013-08-29] (Sophos Limited)
R2 Sophos Web Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [357400 2013-08-29] (Sophos Limited)
R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2890232 2013-08-29] (Sophos Limited)
S2 swi_update_64; C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [2010688 2013-08-29] (Sophos Limited)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 NIS; "C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\diMaster.dll" /prefetch:1

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-05-11] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\IPSDefs\20130810.001\IDSvia64.sys [513184 2013-07-23] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-17] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\VirusDefs\20130817.006\ENG64.SYS [126040 2013-07-01] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\VirusDefs\20130817.006\EX64.SYS [2098776 2013-07-01] (Symantec Corporation)
S3 PulseUsb; C:\Windows\System32\DRIVERS\PulseUsb.sys [26112 2013-08-05] (Windows ® Win 7 DDK provider)
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [154952 2013-08-29] (Sophos Limited)
S3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [36640 2013-08-29] (Sophos Limited)
S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [25608 2013-08-29] (Sophos Plc)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-18] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2013-03-04] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-17 20:00 - 2015-02-17 20:01 - 00044173 _____ () C:\Users\Robert_Halenda\Downloads\Addition.txt
2015-02-17 19:58 - 2015-02-17 20:25 - 00028644 _____ () C:\Users\Robert_Halenda\Downloads\FRST.txt
2015-02-17 19:57 - 2015-02-17 20:25 - 00000000 ____D () C:\FRST
2015-02-17 19:56 - 2015-02-17 19:56 - 02085888 _____ (Farbar) C:\Users\Robert_Halenda\Downloads\FRST64.exe
2015-02-17 17:06 - 2015-02-17 17:06 - 00000000 ____D () C:\Users\Robert_Halenda\Downloads\mbam-chameleon-3.1.7.0
2015-02-17 17:05 - 2015-02-17 17:06 - 04909382 _____ () C:\Users\Robert_Halenda\Downloads\mbam-chameleon-3.1.7.0.zip
2015-02-17 16:43 - 2015-02-17 16:43 - 20447120 _____ (Malwarebytes Corporation ) C:\Users\Robert_Halenda\Downloads\mbam_premium.exe
2015-02-17 16:28 - 2015-02-17 16:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-02-17 16:27 - 2015-02-17 16:28 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-02-17 16:21 - 2015-02-17 16:50 - 00000000 ____D () C:\ProgramData\Kaspersky Lab Setup Files
2015-02-17 16:19 - 2015-02-17 17:47 - 00000000 ____D () C:\Program Files (x86)\Rescroller
2015-02-17 16:19 - 2015-02-17 16:49 - 00000000 ____D () C:\Program Files (x86)\gureatsaaving
2015-02-17 16:19 - 2015-02-17 16:48 - 00000000 ____D () C:\Program Files (x86)\CoolSaleCoUPonn
2015-02-17 16:19 - 2015-02-17 16:19 - 00000000 ____D () C:\ProgramData\14768254586969087947
2015-02-14 21:12 - 2015-02-14 21:12 - 00000000 ____D () C:\d80a033e6863494cc0
2015-02-10 23:22 - 2015-02-17 18:42 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-10 23:22 - 2015-02-17 17:07 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-10 23:22 - 2015-02-17 16:44 - 00001082 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-10 23:22 - 2015-02-17 16:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-10 23:22 - 2015-02-17 16:44 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-10 23:22 - 2014-11-21 07:08 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-10 23:22 - 2014-11-21 07:07 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-10 23:17 - 2015-02-10 23:18 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Robert_Halenda\Downloads\mbam-setup-2.0.4.1028(1).exe
2015-02-10 22:56 - 2014-12-07 22:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-10 22:56 - 2014-12-07 21:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-10 22:56 - 2014-10-03 21:10 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-02-10 22:56 - 2014-10-03 20:42 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-02-10 22:56 - 2014-10-03 20:42 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-02-10 22:55 - 2015-01-14 01:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-10 22:55 - 2015-01-14 01:09 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-10 22:55 - 2015-01-14 01:09 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-10 22:55 - 2015-01-14 01:05 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-10 22:55 - 2015-01-14 01:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-10 22:55 - 2015-01-14 01:05 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-10 22:55 - 2015-01-14 01:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-10 22:55 - 2015-01-14 01:05 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-10 22:55 - 2015-01-14 01:05 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-10 22:55 - 2015-01-14 01:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-10 22:55 - 2015-01-14 01:04 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-10 22:55 - 2015-01-14 01:04 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-10 22:55 - 2015-01-14 01:02 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-10 22:55 - 2015-01-14 01:02 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-10 22:55 - 2015-01-14 00:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-10 22:55 - 2015-01-14 00:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-10 22:55 - 2015-01-14 00:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-10 22:55 - 2015-01-14 00:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-10 22:55 - 2015-01-14 00:41 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-10 22:55 - 2015-01-14 00:40 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-10 22:55 - 2015-01-14 00:40 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-10 22:55 - 2015-01-14 00:38 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-10 22:55 - 2015-01-14 00:37 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-10 22:55 - 2015-01-14 00:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-10 22:55 - 2015-01-08 21:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-10 22:55 - 2014-12-29 20:23 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-09 10:20 - 2015-02-10 23:10 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\372309E4.sys
2015-02-06 08:33 - 2015-02-08 22:58 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\465E4D13.sys
2015-02-02 21:31 - 2015-02-02 21:31 - 00000000 ____D () C:\ProgramData\{B2565A95-E2D4-8B13-5352-FB9183D0281F}
2015-01-28 14:39 - 2015-01-28 14:40 - 04081878 _____ () C:\Users\Robert_Halenda\Downloads\Mother_1+2_(J)_[T+Eng1.01_Tomato].zip
2015-01-27 11:07 - 2015-01-27 11:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-25 00:08 - 2015-01-27 18:53 - 00000000 ____D () C:\ProgramData\eassytOshopa
2015-01-24 23:47 - 2015-01-25 15:25 - 00000000 ____D () C:\Program Files (x86)\LighterGeneration
2015-01-23 17:19 - 2015-01-23 17:19 - 00003530 _____ () C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-RobertHalenda-Robert_Halenda
2015-01-18 22:41 - 2015-01-18 22:42 - 00000000 ____D () C:\Users\Robert_Halenda\AppData\Local\{058049B1-4F79-4116-80D2-090092A43496}
2015-01-18 22:21 - 2015-01-18 22:21 - 01190544 _____ ( ) C:\Users\Robert_Halenda\Downloads\hwmonitor_1.26-setup.exe
2015-01-18 22:21 - 2015-01-18 22:21 - 00000930 _____ () C:\Users\Public\Desktop\CPUID HWMonitor.lnk
2015-01-18 22:21 - 2015-01-18 22:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2015-01-18 22:21 - 2015-01-18 22:21 - 00000000 ____D () C:\Program Files\CPUID
2015-01-18 20:50 - 2015-01-18 20:50 - 00000000 ____D () C:\Windows\wt
2015-01-18 20:50 - 2015-01-18 20:50 - 00000000 ____D () C:\Program Files (x86)\WildTangent
2015-01-18 19:54 - 2015-01-18 20:42 - 00000000 ____D () C:\Users\Robert_Halenda\AppData\Local\FileTypeAssistant
2015-01-18 19:53 - 2015-01-18 19:53 - 00000000 ____D () C:\ProgramData\Unchecky

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-17 20:20 - 2012-01-02 17:56 - 00003982 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{2183CCFB-43E4-4DE3-A45A-70828540557F}
2015-02-17 19:54 - 2012-01-19 17:45 - 00003240 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForRobert_Halenda
2015-02-17 19:54 - 2012-01-19 17:45 - 00000368 _____ () C:\Windows\Tasks\HPCeeScheduleForRobert_Halenda.job
2015-02-17 19:44 - 2012-07-19 18:04 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-17 19:38 - 2011-11-15 08:18 - 01446052 _____ () C:\Windows\WindowsUpdate.log
2015-02-17 19:31 - 2012-03-17 21:08 - 00000964 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4061329147-3275801034-3357550431-1000UA.job
2015-02-17 19:31 - 2012-03-17 21:08 - 00000942 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4061329147-3275801034-3357550431-1000Core.job
2015-02-17 17:57 - 2009-07-13 23:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-17 17:57 - 2009-07-13 23:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-17 17:55 - 2009-07-14 00:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-17 17:49 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-17 17:48 - 2015-01-07 15:01 - 00004546 _____ () C:\Windows\setupact.log
2015-02-17 17:48 - 2010-11-20 22:47 - 01277066 _____ () C:\Windows\PFRO.log
2015-02-17 17:02 - 2014-04-13 09:16 - 00000000 ____D () C:\Users\Robert_Halenda\Steam
2015-02-17 16:28 - 2013-09-03 12:11 - 00000000 ____D () C:\Program Files\iTunes
2015-02-17 16:28 - 2012-04-17 22:50 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-02-17 16:28 - 2012-03-13 22:15 - 00000000 ____D () C:\Program Files\iPod
2015-02-17 16:28 - 2012-03-13 22:15 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-02-17 16:24 - 2013-05-29 11:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2015-02-17 16:24 - 2012-01-23 17:40 - 00000000 ____D () C:\ProgramData\Apple
2015-02-17 16:24 - 2012-01-10 10:17 - 00000000 ____D () C:\Users\Robert_Halenda\AppData\Local\CrashDumps
2015-02-17 15:59 - 2009-07-13 23:45 - 00449184 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-14 21:44 - 2012-07-19 18:04 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-14 21:44 - 2012-07-19 18:04 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-14 21:44 - 2011-10-12 18:42 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-14 21:12 - 2013-08-15 19:53 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-14 21:03 - 2012-03-23 15:50 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-10 22:39 - 2009-07-14 00:08 - 00032594 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-03 21:57 - 2013-02-03 16:36 - 00000000 ____D () C:\Users\Robert_Halenda\AppData\Roaming\Skype
2015-02-03 17:52 - 2013-02-03 16:36 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-02-03 17:51 - 2013-02-03 16:36 - 00000000 ____D () C:\ProgramData\Skype
2015-02-02 21:31 - 2014-05-05 15:16 - 00001117 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-01-31 21:10 - 2013-10-29 10:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo II
2015-01-28 15:55 - 2015-01-11 22:36 - 00000000 ____D () C:\Users\Robert_Halenda\Downloads\zsnesw151
2015-01-27 18:57 - 2014-05-05 15:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-27 18:57 - 2009-07-13 23:45 - 00000000 ____D () C:\Windows\Setup
2015-01-27 18:53 - 2013-10-03 16:30 - 00000000 ____D () C:\ProgramData\Conduit
2015-01-27 18:53 - 2013-09-24 10:26 - 00000000 ____D () C:\Users\Robert_Halenda\AppData\Roaming\Media Finder
2015-01-27 18:21 - 2015-01-08 23:11 - 00000000 ___RD () C:\Users\Robert_Halenda\Desktop\Other Games
2015-01-27 18:06 - 2013-08-27 15:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-27 17:05 - 2009-07-14 00:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-01-27 17:04 - 2011-10-12 18:43 - 00000000 ____D () C:\Program Files (x86)\WildTangent Games
2015-01-27 11:00 - 2012-03-05 16:47 - 00000000 ____D () C:\Program Files\Bonjour
2015-01-27 11:00 - 2012-03-05 16:47 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2015-01-25 00:08 - 2014-04-22 21:57 - 00000000 ____D () C:\ProgramData\ccf3614d20d35fcb
2015-01-24 15:32 - 2011-10-12 18:51 - 00000000 ____D () C:\ProgramData\Adobe
2015-01-18 21:22 - 2011-10-12 18:43 - 00000000 ____D () C:\ProgramData\WildTangent

==================== Files in the root of some directories =======

2014-04-23 11:23 - 2014-04-23 11:23 - 4216840 _____ (Microsoft Corporation) C:\Program Files (x86)\Common Files\vcredist.exe
2012-01-05 13:34 - 2012-01-05 13:34 - 0002428 _____ () C:\Users\Robert_Halenda\AppData\Local\FastClean.20120105.133417.txt
2012-01-05 13:34 - 2012-01-05 13:34 - 0002241 _____ () C:\Users\Robert_Halenda\AppData\Local\IWDAudHelper.20120105.133436.txt
2012-01-05 13:34 - 2012-01-05 13:35 - 0021570 _____ () C:\Users\Robert_Halenda\AppData\Local\IWDAudHelper.20120105.133452.txt
2012-01-05 13:34 - 2012-01-05 13:34 - 0000663 _____ () C:\Users\Robert_Halenda\AppData\Local\PDLSetup.20120105.133420.txt
2012-01-05 13:34 - 2012-01-05 13:34 - 0001706 _____ () C:\Users\Robert_Halenda\AppData\Local\PDLSetup.20120105.133423.txt
2012-01-05 13:34 - 2012-01-05 13:34 - 0000673 _____ () C:\Users\Robert_Halenda\AppData\Local\PDLSetup.20120105.133430.txt
2012-01-05 13:34 - 2012-01-05 13:34 - 0001229 _____ () C:\Users\Robert_Halenda\AppData\Local\PDLSetup.20120105.133436.txt
2012-01-05 13:34 - 2012-01-05 13:34 - 0001247 _____ () C:\Users\Robert_Halenda\AppData\Local\PDLSetup.20120105.133445.txt
2013-10-24 16:41 - 2013-10-24 16:41 - 0007605 _____ () C:\Users\Robert_Halenda\AppData\Local\Resmon.ResmonCfg
2012-01-16 21:01 - 2012-01-16 21:02 - 0000000 _____ () C:\Users\Robert_Halenda\AppData\Local\{04BD6136-348D-4285-8F0D-3E85E5E40019}

Files to move or delete:
====================
C:\Users\Robert_Halenda\AcDelTree.exe


Some content of TEMP:
====================
C:\Users\Robert_Halenda\AppData\Local\Temp\iCloudUpdateSetup.exe
C:\Users\Robert_Halenda\AppData\Local\Temp\ICReinstall_iCloudUpdateSetup.exe
C:\Users\Robert_Halenda\AppData\Local\Temp\ICReinstall_SkypeUpdateSetup.exe
C:\Users\Robert_Halenda\AppData\Local\Temp\SkypeUpdateSetup.exe
C:\Users\Robert_Halenda\AppData\Local\Temp\SoftonicAssistant_v0-1-6.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-14 21:53

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-02-2015
Ran by Robert_Halenda at 2015-02-17 20:26:04
Running from C:\Users\Robert_Halenda\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Sophos Anti-Virus (Enabled - Out of date) {65FBD860-96D8-75EF-C7ED-7BE27E6C498A}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Sophos Anti-Virus (Enabled - Out of date) {DE9A3984-B0E2-7A61-FD5D-409005EB0337}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.2.1.650 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Photoshop Elements 9 (HKLM-x32\...\Adobe Photoshop Elements 9) (Version: 9.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 9 (HKLM-x32\...\PremElem90) (Version: 9.0 - Adobe Systems Incorporated)
Adobe Reader X MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.0.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
Akamai NetSession Interface (HKU\S-1-5-21-4061329147-3275801034-3357550431-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.206.1717.117 - Alps Electric)
Apple Application Support (64-bit) (HKLM\...\{28791292-D18D-42FA-AE66-3D3D20AA8618}) (Version: 3.1.1 - Apple Inc.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.2.43 - Atheros Communications Inc.)
AuthenTec TrueAPI (Version: 1.3.0.111 - AuthenTec, Inc.) Hidden
AutoCAD 2011 Language Pack - English (Version: 18.1.49.0 - Autodesk) Hidden
Autodesk Material Library 2011 Base Image library (HKLM-x32\...\{CD1E078C-A6B9-47DA-B035-6365C85C7832}) (Version: 2.0.0.49 - Autodesk)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chronicles of Albian (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
CPUID HWMonitor 1.26 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
Cradle of Rome 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5822 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diablo II (HKLM-x32\...\Diablo II) (Version:  - Blizzard Entertainment)
Elements 9 Organizer (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Elements STI Installer (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{E96CAA2A-0244-4A2A-8403-0C3C9534778B}) (Version: 2.1.1 - Hewlett-Packard)
Facebook Video Calling 1.2.0.287 (HKLM-x32\...\{B92C5909-1D37-4C51-8397-A28BB28E5DC3}) (Version: 1.2.287 - Skype Limited)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FARO LS 1.1.406.58 (HKLM-x32\...\{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}) (Version: 4.6.58.2 - FARO Scanner Production)
FATE (HKLM-x32\...\1D4E9291-9C81-4995-999C-DECD63BD494D) (Version: 08/29/2005  04:04 PM - WildTangent)
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version:  - Valve)
HP 3D DriveGuard (HKLM\...\{5601F151-A69F-4E30-8C60-37928124CD07}) (Version: 4.1.9.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{16B7BDA1-B967-4D2D-8B27-E12727C28350}) (Version: 2.10.3 - Hewlett-Packard Company)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP Launch Box (HKLM\...\{9CAB2212-0732-4827-8EC4-61D8EF0AA65B}) (Version: 1.0.11 - Hewlett-Packard Company)
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Power Manager (HKLM-x32\...\{E44578C7-4667-4124-8BC2-1161BCA54978}) (Version: 1.4.4 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{285F722C-0E45-47DE-B38E-5B3B10FA4A7C}) (Version: 2.5.2 - Hewlett-Packard Company)
HP QuickWeb (HKLM-x32\...\{8B52057C-15DB-433E-957C-E279BC7D07E3}) (Version: 3.1.0.9742 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{5036764A-435D-40C9-869C-31085A3D741D}) (Version: 8.7.4751.3798 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13476.3753 - Hewlett-Packard Company)
HP SimplePass 2011 (HKLM-x32\...\{31CEFF4E-B6D1-46A5-9169-7C67570E7FFA}) (Version: 5.3.0.163 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{6C302296-6129-4125-9FD6-2188ECD8814E}) (Version: 4.1.6.1 - Hewlett-Packard Company)
IBM ViaVoice Command and Control Runtime 5.3 - UK English (HKLM-x32\...\DeleteProdRunControl_UK) (Version:  - )
IBM ViaVoice Outloud Runtime - UK English (HKLM-x32\...\VV_Outloud_En_UK) (Version:  - )
iCloud (HKLM\...\{704C0303-D20C-45AF-BD2B-556EAF31BE09}) (Version: 2.1.2.8 - Apple Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6341.0 - IDT)
Intel PROSet Wireless (x32 Version:  - ) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2843 - Intel Corporation)
Intel® PROSet/Wireless for Bluetooth® 3.0 + High Speed (HKLM\...\{A0E106D2-4815-4B7A-BAA7-7E21B530CFB4}) (Version: 1.1.0.0157 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{3C41721F-AF0F-4086-AA1C-4C7F29076228}) (Version: 14.01.1000 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.5.0.1026 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® WiDi (HKLM-x32\...\{7257132D-7F65-41E6-A90F-43BF6099461A}) (Version: 2.1.42.0 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
iTunes (HKLM\...\{427174C0-096E-40D9-9684-9C109BEE2CBF}) (Version: 11.0.5.5 - Apple Inc.)
Java 7 Update 9 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217009FF}) (Version: 7.0.90 - Oracle)
Jewel Quest: The Sleepless Star - Collector's Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Katawa Shoujo (HKLM-x32\...\Katawa Shoujo) (Version:  - )
LG VZW United Drivers (HKLM-x32\...\{AAAB3333-0F97-4A5D-B725-FFD7E7450FD9}) (Version: 2.14.1 - LG Electronics)
Livescribe Helper (HKLM-x32\...\Livescribe Helper 1.4.1) (Version: 1.4.1 - Livescribe Inc)
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft AppLocale (HKLM-x32\...\{394BE3D9-7F57-4638-A8D1-1D88671913B7}) (Version: 1.0.0 - MS)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4675.1003 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-4061329147-3275801034-3357550431-1000\...\SkyDriveSetup.exe) (Version: 17.0.2015.0811 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Windows Application Compatibility Database (HKLM\...\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb) (Version:  - )
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Mystery of Mortlake Mansion (x32 Version: 2.2.0.97 - WildTangent) Hidden
Namco All-Stars: PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4551.1005 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4551.1005 - Microsoft Corporation) Hidden
PDF Reader (HKU\S-1-5-21-4061329147-3275801034-3357550431-1000\...\PDF Reader) (Version:  - )
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Petz 4 (remove only) (HKLM-x32\...\Petz 4) (Version:  - )
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Portal (HKLM-x32\...\Steam App 400) (Version:  - Valve)
Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.80 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) Hidden
Saya no Uta - The Song of Saya version 1.0 (HKLM-x32\...\{54BFE519-3276-4B64-A747-E89AEF5D9337}_is1) (Version: 1.0 - JAST USA)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Slingo Supreme (x32 Version: 2.2.0.97 - WildTangent) Hidden
SmartSound Quicktracks for Premiere Elements 9.0 (HKLM-x32\...\InstallShield_{6748E773-5DA0-4D19-8AA5-273B4133A09B}) (Version: 3.12.3090 - SmartSound Software Inc)
SmartSound Quicktracks for Premiere Elements 9.0 (x32 Version: 3.12.3090 - SmartSound Software Inc) Hidden
Sophos Anti-Virus (HKLM-x32\...\{9ACB414D-9347-40B6-A453-5EFB2DB59DFA}) (Version: 10.2.9 - Sophos Limited)
Sophos Remote Management System (HKLM-x32\...\{FED1005D-CBC8-45D5-A288-FFC7BB304121}) (Version: 3.4.1 - Sophos Limited)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Strong Bad Episode 1: Homestar Ruiner (HKLM-x32\...\Steam App 8340) (Version:  - Telltale Games)
Strong Bad Episode 2: Strong Badia the Free (HKLM-x32\...\Steam App 8350) (Version:  - Telltale Games)
Strong Bad Episode 3: Baddest of the Bands (HKLM-x32\...\Steam App 8360) (Version:  - Telltale Games)
Strong Bad Episode 4: Dangeresque 3 (HKLM-x32\...\Steam App 8370) (Version:  - Telltale Games)
Strong Bad Episode 5: 8-Bit Is Enough (HKLM-x32\...\Steam App 8380) (Version:  - Telltale Games)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vacation Quest - The Hawaiian Islands (x32 Version: 2.2.0.97 - WildTangent) Hidden
Validity WBF DDK (HKLM\...\{79174AF2-6CB1-42F5-981E-66DCA49391D0}) (Version: 4.3.205.0 - Validity Sensors, Inc.)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Virtual Villagers 5 - New Believers (x32 Version: 2.2.0.97 - WildTangent) Hidden
Visual Boy Advance (HKU\S-1-5-21-4061329147-3275801034-3357550431-1000\...\Visual Boy Advance) (Version: 1.8.0-beta-3 - Visual Boy Advance)
WildTangent Games App for HP (x32 Version: 4.0.11.14 - WildTangent) Hidden
WildTangent Web Driver (HKLM-x32\...\WildTangent CDA) (Version:  - )
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4061329147-3275801034-3357550431-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Robert_Halenda\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4061329147-3275801034-3357550431-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Robert_Halenda\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4061329147-3275801034-3357550431-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Robert_Halenda\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4061329147-3275801034-3357550431-1000_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2011\acadficn.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-4061329147-3275801034-3357550431-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Robert_Halenda\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4061329147-3275801034-3357550431-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Robert_Halenda\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================

08-01-2015 20:52:22 Installed Microsoft AppLocale
08-01-2015 20:53:48 Installed Microsoft AppLocale
08-01-2015 23:59:23 Windows Update
09-01-2015 15:35:41 Removed Evernote v. 5.1.1
09-01-2015 15:41:08 Removed Facebook Video Calling 3.1.0.521
09-01-2015 15:41:38 Removed FARO LS 1.1.406.58
10-01-2015 15:58:59 Windows Update
10-01-2015 16:30:15 Windows Update
10-01-2015 17:32:22 Windows Update
11-01-2015 16:28:56 Windows Update
12-01-2015 18:23:15 Windows Update
13-01-2015 01:05:21 Windows Update
13-01-2015 12:35:54 Windows Update
14-01-2015 23:47:27 Windows Update
15-01-2015 19:10:54 Windows Update
15-01-2015 20:46:16 Windows Update
16-01-2015 00:02:04 Windows Update
16-01-2015 19:05:16 Windows Update
16-01-2015 22:20:27 Windows Update
18-01-2015 20:54:15 Removed Bonjour
18-01-2015 21:51:03 Windows Update
18-01-2015 22:42:11 Installed Windows Live Mail
18-01-2015 23:22:44 Windows Update
19-01-2015 14:48:59 Windows Update
19-01-2015 23:44:34 Windows Update
21-01-2015 00:34:08 Windows Update
21-01-2015 15:40:28 Windows Update
22-01-2015 17:45:09 Windows Update
22-01-2015 22:19:11 Windows Update
24-01-2015 15:27:11 Windows Update
24-01-2015 17:21:29 Windows Update
25-01-2015 01:13:58 Windows Update
25-01-2015 22:43:40 Windows Update
27-01-2015 00:32:38 Windows Update
28-01-2015 00:19:38 Windows Update
28-01-2015 16:32:32 Windows Update
28-01-2015 22:48:24 Windows Update
29-01-2015 11:14:51 Windows Update
31-01-2015 15:55:39 Windows Update
02-02-2015 19:09:19 Windows Update
02-02-2015 22:20:31 Windows Update
03-02-2015 22:04:17 Windows Update
05-02-2015 23:00:22 Windows Update
06-02-2015 08:36:45 Windows Update
08-02-2015 23:01:37 Windows Update
14-02-2015 20:59:15 Windows Update
17-02-2015 16:02:46 Windows Update
17-02-2015 16:49:59 Removed Sophos AutoUpdate
17-02-2015 16:53:26 Removed Sophos AutoUpdate

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2015-01-18 19:55 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {16D95739-0540-4CBD-82A5-BE69D8295708} - System32\Tasks\Games\UpdateCheck_S-1-5-21-4061329147-3275801034-3357550431-1000
Task: {2427F843-DAAC-4561-89A2-CB4CA5211D58} - System32\Tasks\HPCeeScheduleForRobert_Halenda => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {26188E85-72E4-4281-87D1-0E2469E560FF} - System32\Tasks\{3AAB38D2-4F98-4577-A094-39DC1AA34A5A} => msiexec.exe /package "C:\Users\Robert_Halenda\Downloads\apploc.msi"
Task: {2618F204-F65E-4762-A4BC-B7E229EEBB9C} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-11-11] (Microsoft Corporation)
Task: {2BFCEF3B-B66C-4CBD-B0CD-EE5D10F0BCD5} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation)
Task: {3C915CA8-6E6C-447C-B011-7B8698C49D27} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4061329147-3275801034-3357550431-1000Core => C:\Users\Robert_Halenda\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11] (Facebook Inc.)
Task: {3FBA1D73-BFBF-4315-A385-13979A3DEDFC} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-10-26] (CyberLink)
Task: {47C51D0F-42EC-4D31-A707-570E1926B40C} - System32\Tasks\{925964B6-D9D8-4D18-8282-456847A47DD8} => pcalua.exe -a C:\Users\Robert_Halenda\Desktop\AutoCAD_2011_English_Win_32bit.exe -d C:\Users\Robert_Halenda\Desktop
Task: {50410816-B8C9-4CAD-9A93-BD7D591C0F43} - System32\Tasks\{B6B44652-DBED-43B0-A831-80B63565A88B} => C:\Program Files (x86)\Diablo II\Diablo II.exe [2013-10-29] (Blizzard North)
Task: {56EB3988-7293-4726-8CF1-4B7A51817ED6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {5D8DD547-0981-43BB-B879-0D5E9761E499} - System32\Tasks\AdobeAAMUpdater-1.0-RobertHalenda-Robert_Halenda => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-07-29] (Adobe Systems Incorporated)
Task: {83A41D6F-0AC8-4863-AA71-1AED23DC7768} - System32\Tasks\{CF54FFA4-9138-4D06-A8BC-F3F9691085B5} => Firefox.exe http://ui.skype.com/ui/0/6.1.0.129.272/en/abandoninstall?source=lightinstaller&page=tsBing
Task: {86C1C0CC-9C67-4D65-BC94-987A1BD0BCD2} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2011-06-27] ()
Task: {8B5F2C6A-EDC2-41FA-B226-BF8326EE581C} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe
Task: {9324B2BC-1E17-45AA-8AB1-C29845333FB2} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {A1F09C57-30E8-4D2A-AC37-864ECE4F9998} - System32\Tasks\{19094E87-C3B3-415D-B2C7-880D521A62AE} => pcalua.exe -a C:\Users\Robert_Halenda\Downloads\AutoCAD_2011_English_Win_64bit.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {AE192394-7DD6-45B3-BE5B-969CB4D54033} - System32\Tasks\Express FilesUpdate => C:\Program Files (x86)\ExpressFiles\EFUpdater.exe <==== ATTENTION
Task: {B40D29C7-A791-45A6-B1DB-AA785972B960} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe
Task: {C746AB7E-C03F-403D-86C6-0DBB9F2DF116} - \ProgramRefresh-ATFST No Task File <==== ATTENTION
Task: {D4C75060-52F5-4A9A-9101-F1548C3D8F39} - System32\Tasks\{E2958A4E-2441-4863-8601-ED68F566DC17} => pcalua.exe -a C:\Users\Robert_Halenda\Downloads\AutoCAD_2011_English_Win_32bit.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {D78A7655-9E86-463F-B7F4-BA81CDE293E9} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\WSCStub.exe
Task: {D8C2BFFD-9169-4FB3-BBE1-0A5E097FCA40} - \ProgramUpdateCheck No Task File <==== ATTENTION
Task: {DDB8931C-3C99-4BCB-8AB2-857029BA0F8A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-14] (Adobe Systems Incorporated)
Task: {E7511CB1-4A74-4F29-8ACA-3F5B29855514} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4061329147-3275801034-3357550431-1000UA => C:\Users\Robert_Halenda\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11] (Facebook Inc.)
Task: {EC9E5F97-F394-4493-82FF-39B5F717927E} - System32\Tasks\{9A43A97E-D18C-40A8-94E8-10A9CA502ED4} => pcalua.exe -a "C:\Users\Robert_Halenda\Desktop\Other Games\RTP¾¯Ä±¯Ìß\RPG2000RTP.exe" -d "C:\Users\Robert_Halenda\Desktop\Other Games\RTP¾¯Ä±¯Ìß"
Task: {EED17783-744A-4F1D-A2ED-B0FFDCAA2C2F} - System32\Tasks\{C13E4C17-4ACE-40DA-958D-DFAF9AA90BDD} => pcalua.exe -a C:\Users\Robert_Halenda\Desktop\AutoCAD_2011_English_Win_32bit.exe -d C:\Users\Robert_Halenda\Desktop
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4061329147-3275801034-3357550431-1000Core.job => C:\Users\Robert_Halenda\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4061329147-3275801034-3357550431-1000UA.job => C:\Users\Robert_Halenda\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForRobert_Halenda.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) ==============

2011-05-02 16:41 - 2011-05-02 16:41 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2014-03-20 13:49 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-11-20 15:36 - 2014-09-23 08:36 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-04-05 11:58 - 2013-04-05 11:58 - 00954696 _____ () C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll
2011-05-02 16:41 - 2011-05-02 16:41 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2011-09-27 07:23 - 2011-09-27 07:23 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 07:22 - 2011-09-27 07:22 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-01-24 23:47 - 2015-01-24 23:47 - 02052096 _____ () c:\Program Files (x86)\lightergeneration\lightergeneration.dll
2013-08-05 13:46 - 2013-08-21 17:12 - 00275968 ____N () C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommSdk.dll
2013-08-29 10:58 - 2013-08-29 10:58 - 01055808 _____ () C:\Program Files (x86)\Sophos\Remote Management System\ACE.dll
2013-08-29 10:58 - 2013-08-29 10:58 - 00076864 _____ () C:\Program Files (x86)\Sophos\Remote Management System\ACE_SSL.dll
2013-08-29 10:58 - 2013-08-29 10:58 - 00760896 _____ () C:\Program Files (x86)\Sophos\Remote Management System\LIBEAY32.dll
2013-08-29 10:58 - 2013-08-29 10:58 - 00146496 _____ () C:\Program Files (x86)\Sophos\Remote Management System\SSLEAY32.dll
2013-08-29 10:58 - 2013-08-29 10:58 - 01539136 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO.dll
2013-08-29 10:58 - 2013-08-29 10:58 - 00244800 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_SSLIOP.dll
2013-08-29 10:58 - 2013-08-29 10:58 - 00740416 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_Security.dll
2013-08-29 10:58 - 2013-08-29 10:58 - 00039488 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_Valuetype.dll
2013-08-29 10:58 - 2013-08-29 10:58 - 00535616 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_PortableServer.dll
2013-08-29 10:58 - 2013-08-29 10:58 - 00183360 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_DynamicAny.dll
2014-10-19 16:04 - 2014-10-19 16:04 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\c152a64e30c5b94894d75ac86aa7aad2\IsdiInterop.ni.dll
2011-11-15 08:19 - 2011-04-30 03:28 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2015-01-27 11:07 - 2015-01-27 11:07 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2015-02-10 14:44 - 2015-02-14 21:44 - 16852144 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:D1B5B4F1

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAVService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4061329147-3275801034-3357550431-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Robert_Halenda\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\Robert_Halenda\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Facebook Update => "C:\Users\Robert_Halenda\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: HPOSD => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SetDefault => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe
MSCONFIG\startupreg: SSDMonitor => C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SysTrayApp => C:\Program Files\IDT\WDM\sttray64.exe

==================== Accounts: =============================

Administrator (S-1-5-21-4061329147-3275801034-3357550431-500 - Administrator - Disabled)
Guest (S-1-5-21-4061329147-3275801034-3357550431-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4061329147-3275801034-3357550431-1002 - Limited - Enabled)
Robert_Halenda (S-1-5-21-4061329147-3275801034-3357550431-1000 - Administrator - Enabled) => C:\Users\Robert_Halenda
SophosSAUROBERTHALE0 (S-1-5-21-4061329147-3275801034-3357550431-1003 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: BHDrvx64
Description: BHDrvx64
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: BHDrvx64
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/17/2015 04:28:09 PM) (Source: MsiInstaller) (EventID: 11920) (User: RobertHalenda)
Description: Product: iTunes -- Error 1920. Service 'Apple Mobile Device Service' (Apple Mobile Device Service) failed to start.  Verify that you have sufficient privileges to start system services.

Error: (02/17/2015 04:24:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 35.0.1.5500, time stamp: 0x54c1f9f3
Faulting module name: mozalloc.dll, version: 35.0.1.5500, time stamp: 0x54c1f224
Exception code: 0x80000003
Fault offset: 0x00001425
Faulting process id: 0xf24
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (02/17/2015 04:24:32 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 35.0.1.5500 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1384

Start Time: 01d04af8049517cf

Termination Time: 33

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: 571719e1-b6eb-11e4-b671-e4115b23653a

Error: (02/17/2015 04:24:15 PM) (Source: MsiInstaller) (EventID: 10005) (User: RobertHalenda)
Description: Product: iCloud -- A later version of iCloud Control Panel is already installed on this computer.

Error: (02/17/2015 04:19:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 35.0.1.5500, time stamp: 0x54c1f9f3
Faulting module name: mozalloc.dll, version: 35.0.1.5500, time stamp: 0x54c1f224
Exception code: 0x80000003
Fault offset: 0x00001425
Faulting process id: 0x1918
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (02/17/2015 04:15:17 PM) (Source: MsiInstaller) (EventID: 10005) (User: RobertHalenda)
Description: Product: iCloud -- A later version of iCloud Control Panel is already installed on this computer.

Error: (02/17/2015 03:59:00 PM) (Source: Sophos Message Router) (EventID: 8006) (User: NT AUTHORITY)
Description: The network identity (also known as the Interoperable Object Reference or IOR) of the local computer is invalid.%%3

Error: (02/14/2015 09:12:31 PM) (Source: MsiInstaller) (EventID: 11714) (User: NT AUTHORITY)
Description: Product: Microsoft Visual C++ 2005 Redistributable -- Error 1714.The older version of Microsoft Visual C++ 2005 Redistributable cannot be removed.  Contact your technical support group.  System Error 1612.

Error: (02/14/2015 08:55:03 PM) (Source: Sophos Message Router) (EventID: 8006) (User: NT AUTHORITY)
Description: The network identity (also known as the Interoperable Object Reference or IOR) of the local computer is invalid.%%3

Error: (02/13/2015 07:56:03 AM) (Source: Sophos Message Router) (EventID: 8006) (User: NT AUTHORITY)
Description: The network identity (also known as the Interoperable Object Reference or IOR) of the local computer is invalid.%%3


System errors:
=============
Error: (02/17/2015 08:25:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sophos Agent service terminated unexpectedly.  It has done this 157 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (02/17/2015 08:24:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sophos Agent service terminated unexpectedly.  It has done this 156 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (02/17/2015 08:23:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sophos Agent service terminated unexpectedly.  It has done this 155 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (02/17/2015 08:22:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sophos Agent service terminated unexpectedly.  It has done this 154 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (02/17/2015 08:21:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sophos Agent service terminated unexpectedly.  It has done this 153 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (02/17/2015 08:20:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sophos Agent service terminated unexpectedly.  It has done this 152 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (02/17/2015 08:19:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sophos Agent service terminated unexpectedly.  It has done this 151 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (02/17/2015 08:18:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sophos Agent service terminated unexpectedly.  It has done this 150 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (02/17/2015 08:17:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sophos Agent service terminated unexpectedly.  It has done this 149 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (02/17/2015 08:16:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sophos Agent service terminated unexpectedly.  It has done this 148 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.


Microsoft Office Sessions:
=========================
Error: (02/17/2015 04:28:09 PM) (Source: MsiInstaller) (EventID: 11920) (User: RobertHalenda)
Description: Product: iTunes -- Error 1920. Service 'Apple Mobile Device Service' (Apple Mobile Device Service) failed to start.  Verify that you have sufficient privileges to start system services.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (02/17/2015 04:24:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe35.0.1.550054c1f9f3mozalloc.dll35.0.1.550054c1f2248000000300001425f2401d04af8077203baC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll5caf8689-b6eb-11e4-b671-e4115b23653a

Error: (02/17/2015 04:24:32 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: firefox.exe35.0.1.5500138401d04af8049517cf33C:\Program Files (x86)\Mozilla Firefox\firefox.exe571719e1-b6eb-11e4-b671-e4115b23653a

Error: (02/17/2015 04:24:15 PM) (Source: MsiInstaller) (EventID: 10005) (User: RobertHalenda)
Description: Product: iCloud -- A later version of iCloud Control Panel is already installed on this computer.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (02/17/2015 04:19:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe35.0.1.550054c1f9f3mozalloc.dll35.0.1.550054c1f2248000000300001425191801d04af6c17bed51C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dlla1b41a45-b6ea-11e4-b671-e4115b23653a

Error: (02/17/2015 04:15:17 PM) (Source: MsiInstaller) (EventID: 10005) (User: RobertHalenda)
Description: Product: iCloud -- A later version of iCloud Control Panel is already installed on this computer.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (02/17/2015 03:59:00 PM) (Source: Sophos Message Router) (EventID: 8006) (User: NT AUTHORITY)
Description:

Error: (02/14/2015 09:12:31 PM) (Source: MsiInstaller) (EventID: 11714) (User: NT AUTHORITY)
Description: Product: Microsoft Visual C++ 2005 Redistributable -- Error 1714.The older version of Microsoft Visual C++ 2005 Redistributable cannot be removed.  Contact your technical support group.  System Error 1612.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (02/14/2015 08:55:03 PM) (Source: Sophos Message Router) (EventID: 8006) (User: NT AUTHORITY)
Description:

Error: (02/13/2015 07:56:03 AM) (Source: Sophos Message Router) (EventID: 8006) (User: NT AUTHORITY)
Description:


==================== Memory info ===========================

Processor: Intel® Core i5-2430M CPU @ 2.40GHz
Percentage of memory in use: 37%
Total physical RAM: 6091.86 MB
Available physical RAM: 3805.28 MB
Total Pagefile: 12181.91 MB
Available Pagefile: 9611.99 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:571.05 GB) (Free:427.82 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (Recovery) (Fixed) (Total:20.96 GB) (Free:0.99 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:0.58 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 72185642)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=571.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=21 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=4 GB) - (Type=0C)

==================== End Of Log ============================

 

 

 

I'd appreciate some help. Thanks.

 

 

 
 
Link to post
Share on other sites

Hello,
    
 
They call me TwinHeadedEagle around here, and I'll try to help your with your issue.
 
     
    
Before we start please read and note the following:

  • We're primarily oriented on malware removal here, so you must know that some issues just cannot be solved and you must be prepared for this. Some tools we use here will remove your browser search history, so backup your important links and all the files whose loss is unacceptable.
  • Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
  • Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time. Keep in mind that private life gets in the way too. Note that we may live in totally different time zones, what may cause some delays between answers.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
  • Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.
  • Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.

:excl: I can't foresee everything, so if anything not covered in my instructions happens, please stop and inform me!
:excl: There are no silly questions. Never be afraid to ask if in doubt!
 
 
 
  warning.gif Rules and policies
 
We won't support any piracy. 
That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!
The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!
 
Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.
 



 
Download 51a5f31352b88-icon_MBAR.pngMalwarebytes Anti-Rootkit to your desktop.
  • Double-click the icon to start the tool.
  • It will ask you where to extract it, then it will start.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder and paste the content of the following files in your next reply:
    • "mbar-log-{date} (xx-xx-xx).txt"
    • "system-log.txt"


 

adwcleaner_new.png Fix with AdwCleaner
 
Please download AdwCleaner by Xplode and save the file to your Desktop.
  • Right-click on adwcleaner_new.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait until the database is updated.
  • Accept the Terms of use and click Scan.
  • When finished, please click Clean.
  • Upon completion, click Report. A log (AdwCleaner[s*].txt) will open.

Please upload report in your reply.
 
Note: Reports will be saved in your system partition, usually at C:\Adwcleaner

 



 
FRST.gif Scan with Farbar Recovery Scan Tool
 
Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content into your next reply.

Link to post
Share on other sites

Hi TwinHeadedEagle.

 

I downloaded the Malwarebytes Anti-Rootkit program, updated it (twice to make certain), and ran the scan like you said. It still said that it could not detect any malware on my system, so I could not perform a proper cleanup. Should I just continue with the steps that follow or should I try something else?

Link to post
Share on other sites

Glad I could help. We will delete all used tools and I'll give you some tips to harden your security and learn how to protect yourself :)
 
 

Recommended reading:

 
 
icon_exclaim.gifMUST READ - security tips:

icon_exclaim.gifMUST READ - general maintenance:

The Importance of Software Updating:

 

 
In order to stay protected it is very important that you regularly update all of your software. Cybercriminals depend on the apathy of users around software updates to keep their malicious endeavor running.
 
Operating systems, such as Windows, and applications, such as Adobe Reader or JAVA, are used by tens of millions of computers and devices around the world, making them a huge target for cybercriminals. Downloading updates and installing them can sometimes be tedious, but the advantages you get from the updates are certainly worth it.

Recommended additional software:

 
 
icon_arrow.gifTFC - to clean unneeded temporary files.
icon_arrow.gifMalwarebytes' Anti-Malware - to scan your system from time to time in search for malware.
icon_arrow.gifMalwarebytes' Anti-Exploit - to prevent plenty of mostly exploited vulnerabilities.
icon_arrow.gifMcShield - to prevent infections spread by removable media.
icon_arrow.gifUnchecky - to prevent from installing additional foistware, implemented in legitimate installations.
icon_arrow.gifAdblock - to surf the web without annoying ads! 
 
 

Post-cleanup procedures:

 

 
Download DelFix by Xplode and save it to your desktop.

  • Run the tool by right click on the 51a5ce45263de-delfix.png icon and Run as administrator option.
  • Make sure that these ones are checked:
    • Remove disinfection tools
    • Purge system restore
    • Reset system settings
  • Push Run.
  • The program will run for a few seconds and display a notepad report. You do not need to attach it.

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning. 
 
 
 


My help is free for everybody.

If you're happy with the help provided and/or wish to buy me a beer for the assistance you received, then you can consider a donation: 
btn_donateCC_LG.gif

 

Thank you!

 
 
Stay safe,
TwinHeadedEagle   :)

Link to post
Share on other sites

  • 3 weeks later...
  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.