Jump to content

Browser has been hijacked


Recommended Posts

My browsers especially IE appear to be very sluggish. I started to disable unknown add-ons and noticed three add-on that are enabled and do not allow me to disable them. Specifically. AdBlockerWaitchu, YoutubeAdblocker, and greaatsaaver. I looked around and found these are malware but couldn't find a method that would remove them. Additionally, my DishAnywhere video is now intermittent. It will play and then eventually black screen. I believe adobe flashplayer may be used for the dishplayer app. I uninstalled and reinstalled both to no avail. Please help. Below are my logs.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:11-07-2015
Ran by mark (administrator) on MYPC on 11-07-2015 10:24:51
Running from C:\Users\mark\Desktop
Loaded Profiles: mark & Acronis Agent User & Linda (Available Profiles: mark & Acronis Agent User & Linda)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Acronis) C:\Program Files (x86)\Acronis\ARSM\arsm.exe
(Acronis) C:\Program Files (x86)\Acronis\TrayMonitor\TrayMonitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(VIA Technologies, Inc.) C:\Program Files\VIA XHCI UASP Utility\usb3Monitor.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\SysWOW64\runonce.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
() I:\Program Files (x86)\Synology Data Replicator  3\SynoDrServicex64.exe
() I:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Acronis) C:\Program Files (x86)\Acronis\BackupAndRecovery\mms.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\consent.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Acronis) C:\Program Files (x86)\Acronis\TrayMonitor\TrayMonitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
() C:\Program Files\pia_manager\pia_manager.exe
(VIA Technologies, Inc.) C:\Program Files\VIA XHCI UASP Utility\usb3Monitor.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CtHelper.exe
(Creative Technology Ltd.) C:\Windows\V0230Mon.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(http://www.ruby-lang.org/) C:\Users\mark\AppData\Local\Temp\ocr8DDD.tmp\bin\rubyw.exe
() C:\Program Files\pia_manager\pia_manager.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exe
(http://www.ruby-lang.org/) C:\Users\mark\AppData\Local\Temp\ocrBD26.tmp\bin\rubyw.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
() C:\Program Files\pia_manager\pia_tray\pia_tray.exe
(Intuit Inc.) C:\Program Files (x86)\Quicken\qw.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Collectorz.com) C:\Program Files (x86)\Collectorz.com\Movie Collector\MovieCollector.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Apple Inc.) C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
(WinZip Computing, Inc.) H:\util\WinZip\WINZIP32.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_17_0_0_190_ActiveX.exe
(ACD Systems) C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
(jdobbs softworks) C:\Program Files (x86)\BD_Rebuilder\BDRB.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_203.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_203.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Sling Media Inc.) C:\Program Files (x86)\DishAnywhereDesktop\DishAnywherePlayer.exe
(Sling Media Inc.) C:\Program Files (x86)\DishAnywhereDesktop\DishAnywherePlayer.exe
(Sling Media Inc.) C:\Program Files (x86)\DishAnywhereDesktop\DishAnywherePlayer.exe
(LIGHTNING UK!) I:\Program Files (x86)\ImgBurn\ImgBurn.exe
(FengTao Software Inc.) C:\Program Files (x86)\DVDFab 9\DVDFab.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\pia_manager\openvpn.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
() C:\Program Files (x86)\Calibre2\calibre.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [iAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [391632 2012-09-25] (Acronis)
HKLM\...\Run: [TrayMonitor.exe] => C:\Program Files (x86)\Acronis\TrayMonitor\TrayMonitor.exe [1496960 2012-09-25] (Acronis)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [VIAxHCUtl] => C:\Program Files\VIA XHCI UASP Utility\usb3Monitor
HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [36864 2007-03-19] ()
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1105280 2012-08-16] (Acronis)
HKLM-x32\...\Run: [backupAndRecoveryMonitor.exe] => C:\Program Files (x86)\Acronis\BackupAndRecovery\BackupAndRecoveryMonitor.exe [1530896 2012-09-25] (Acronis)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [AddressBookReminderApp] => I:\Program Files (x86)\Creative Home\Hallmark Card Studio 2012 Deluxe\ReminderApp.exe
HKLM-x32\...\Run: [PowerDVD13Agent] => "C:\Program Files (x86)\CyberLink\PowerDVD13\PowerDVD13Agent.exe"
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2010-02-03] (CyberLink Corp.)
HKLM-x32\...\Run: [bDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2010-11-17] (cyberlink)
HKLM-x32\...\Run: [36X Raid Configurer] => C:\Windows\SysWOW64\xRaidSetup.exe [1970176 2009-08-26] (Gigabyte Technology Corp.)
HKLM-x32\...\Run: [AsioThk32Reg] => REGSVR32.EXE /S CTASIO.DLL
HKLM-x32\...\Run: [CTHelper] => CTHELPER.EXE
HKLM-x32\...\Run: [V0230Mon.exe] => C:\Windows\V0230Mon.exe [32768 2006-09-07] (Creative Technology Ltd.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => I:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKU\S-1-5-21-2933260109-1030829455-491473259-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2933260109-1030829455-491473259-1001\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-2933260109-1030829455-491473259-1001\...\Run: [HP Officejet 6700 (NET)] => C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2933260109-1030829455-491473259-1001\...\Run: [HP Officejet 6700 (NET) #2] => C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2933260109-1030829455-491473259-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-12-14] (Google Inc.)
HKU\S-1-5-21-2933260109-1030829455-491473259-1001\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\system32\Macromed\Flash\FlashUtil64_17_0_0_190_ActiveX.exe [623792 2015-06-23] (Adobe Systems Incorporated)
HKU\S-1-5-21-2933260109-1030829455-491473259-1001\...\MountPoints2: {6fa3f802-d36e-11e2-9b17-001a4d4bcdf1} - K:\iStudio.exe
HKU\S-1-5-21-2933260109-1030829455-491473259-1001\...\MountPoints2: {92a32def-a961-11e3-bd48-001a4d4bcdf1} - E:\setup64.exe
HKU\S-1-5-21-2933260109-1030829455-491473259-1001\...\MountPoints2: {bed4f810-0884-11e5-81b8-001a4d4bcdf1} - K:\autorun.exe
HKU\S-1-5-21-2933260109-1030829455-491473259-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-2933260109-1030829455-491473259-1006\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-12-14] (Google Inc.)
HKU\S-1-5-21-2933260109-1030829455-491473259-1006\...\Run: [Device Detector] => DevDetect.exe -autorun
HKU\S-1-5-21-2933260109-1030829455-491473259-1006\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2741616 2011-03-04] (Hewlett-Packard Company)
HKU\S-1-5-21-2933260109-1030829455-491473259-1006\...\Run: [DevconDefaultDB] => C:\Windows\system32\READREG /SILENT /FAIL=1
HKU\S-1-5-21-2933260109-1030829455-491473259-1006\...\RunOnce: [CTAutoUpdate] => C:\Program Files (x86)\Creative\Shared Files\Software Update\AutoUpdate.exe [430968 2009-01-15] (Creative Technology Ltd)
HKU\S-1-5-21-2933260109-1030829455-491473259-1006\...\MountPoints2: {fb94094d-c55f-11e2-b0fc-806e6f6e6963} - E:\AutoPlay.exe -c
HKU\S-1-5-21-2933260109-1030829455-491473259-1011\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2741616 2011-03-04] (Hewlett-Packard Company)
HKU\S-1-5-21-2933260109-1030829455-491473259-1011\...\Run: [QuickTime Task] => I:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKU\S-1-5-21-2933260109-1030829455-491473259-1011\...\MountPoints2: {6fa3f802-d36e-11e2-9b17-001a4d4bcdf1} - K:\iStudio.exe
HKU\S-1-5-21-2933260109-1030829455-491473259-1011\...\MountPoints2: {92a32def-a961-11e3-bd48-001a4d4bcdf1} - E:\setup64.exe
HKU\S-1-5-21-2933260109-1030829455-491473259-1011\...\MountPoints2: {bed4f810-0884-11e5-81b8-001a4d4bcdf1} - K:\autorun.exe
Startup: C:\Users\mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CloudStation.lnk [2014-01-20]
ShortcutTarget: CloudStation.lnk -> C:\Users\mark\AppData\Local\CloudStation\bin\cloud.exe ()
Startup: C:\Users\mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-06-07]
ShortcutTarget: Dropbox.lnk -> C:\Users\mark\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [01UnsuppModule] -> {AEB16659-2125-4ADA-A4AB-45EE21E86469} => C:\Users\mark\AppData\Local\CloudStation\iconoverlay_v6\IconOverlayDLLs_x64\iconOverlay.dll [2014-03-05] (TODO: <Company name>)
ShellIconOverlayIdentifiers: [02SyncingModule] -> {48AB5ADA-36B1-4137-99C9-2BD97F8788AB} => C:\Users\mark\AppData\Local\CloudStation\iconoverlay_v6\IconOverlayDLLs_x64\iconOverlay.dll [2014-03-05] (TODO: <Company name>)
ShellIconOverlayIdentifiers: [03SyncedModule] -> {472CE1AD-5D53-4BCF-A1FB-3982A5F55138} => C:\Users\mark\AppData\Local\CloudStation\iconoverlay_v6\IconOverlayDLLs_x64\iconOverlay.dll [2014-03-05] (TODO: <Company name>)
ShellIconOverlayIdentifiers: [04ReadOnlyModule] -> {A433C3E0-8B24-40EB-93C3-4B10D9959F58} => C:\Users\mark\AppData\Local\CloudStation\iconoverlay_v6\IconOverlayDLLs_x64\iconOverlay.dll [2014-03-05] (TODO: <Company name>)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\mark\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\mark\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\mark\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\mark\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\mark\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\mark\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\mark\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\mark\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://www.google.com
HKU\S-1-5-21-2933260109-1030829455-491473259-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
HKU\S-1-5-21-2933260109-1030829455-491473259-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-2933260109-1030829455-491473259-1006\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://us.yhs4.search.yahoo.com/web/partner?&hspart=w3i&hsimp=yhs-syctransfer&type=W3i_SP,204,0_0,StartPage,20130522,19891,0,25,0
HKU\S-1-5-21-2933260109-1030829455-491473259-1006\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-2933260109-1030829455-491473259-1011\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://go.microsoft.com/fwlink/p/?LinkId=255141
HKU\S-1-5-21-2933260109-1030829455-491473259-1011\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2933260109-1030829455-491473259-1001 -> {E8342393-60D6-4378-9D30-DE53EB446344} URL =
SearchScopes: HKU\S-1-5-21-2933260109-1030829455-491473259-1001 -> {F479E1E4-E728-429B-8599-A903BBD5A2E6} URL =
SearchScopes: HKU\S-1-5-21-2933260109-1030829455-491473259-1011 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = https://www.google.com/search?q={searchTerms}
BHO: AdBlockanWaitchu -> {2954FA7F-6EA5-6DFC-5D7D-F60995913C7C} -> C:\ProgramData\AdBlockanWaitchu\K.x64.dll No File
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2014-10-27] (RealDownloader)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-05-19] (Microsoft Corporation)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-15] (Oracle Corporation)
BHO: YoutubeAdblocker -> {7C1A7E48-B3E2-444F-9969-FCB352AF8A8C} -> C:\Program Files (x86)\YoutubeAdblocker\4FEYC.x64.dll No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-02] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: greaatsaaver -> {CE6BAB4F-55F6-E5DA-EBBE-2BDC31A56939} -> C:\Program Files (x86)\greaatsaaver\mWvsG.x64.dll No File
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-05-13] (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-15] (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27] (Adobe Systems Incorporated)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2014-10-27] (RealDownloader)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-05-19] (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-15] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-02] (Google Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-07-27] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-05-13] (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-15] (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-07-27] (Adobe Systems Incorporated)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-02] (Google Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-07-27] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-02] (Google Inc.)
Toolbar: HKU\S-1-5-21-2933260109-1030829455-491473259-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-02] (Google Inc.)
Toolbar: HKU\S-1-5-21-2933260109-1030829455-491473259-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-2933260109-1030829455-491473259-1006 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-02] (Google Inc.)
Toolbar: HKU\S-1-5-21-2933260109-1030829455-491473259-1006 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect1262.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T28L10NSP12EP6-17378/webex/ieatgpc1.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=1058
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-03-12] (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
Hosts: 127.0.0.1 activate.adobe.com
Tcpip\Parameters: [DhcpNameServer] 209.222.18.222 209.222.18.218
Tcpip\..\Interfaces\{45D0F8FF-83C4-45EC-BB05-4EF018B383C5}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{5A2AFB55-96A1-4A92-9F01-7E82ED5C806A}: [DhcpNameServer] 209.222.18.222 209.222.18.218
Tcpip\..\Interfaces\{F58A8856-1C2D-45F4-A0BD-1AE710E411D6}: [NameServer] 129.250.35.251,192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\kyn1olxa.default-1424797121510
FF DefaultSearchEngine: Yahoo!
FF SelectedSearchEngine: Yahoo!
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_203.dll [2015-07-08] ()
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-15] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-15] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_203.dll [2015-07-08] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @canon.com/EPPEX -> H:\Program Files (x86)\cannon\NPEZFFPI.DLL [2013-04-19] (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-15] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-15] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2012-12-19] (Nero AG)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll [2013-12-12] (Nullsoft, Inc.)
FF Plugin-x32: @real.com/nppl3260;version=17.0.15.10 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2015-02-25] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.15 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2014-10-27] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.15.10 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2015-02-25] (RealPlayer Cloud)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-24] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-24] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2012-07-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2933260109-1030829455-491473259-1001: DISH Anywhere.com/DISH Anywhere Video Player -> C:\Users\mark\AppData\Roaming\DISH Anywhere\DISH Anywhere Video Player\npNMPCBrowserPlugin.dll [2015-02-09] (Nagravision)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll [2015-02-25] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-12-16] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-12-16] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-12-16] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-12-16] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-12-16] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll [2015-02-25] (RealPlayer Cloud)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npatgpc.dll [2013-11-14] (Cisco WebEx LLC)
FF SearchPlugin: C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\kyn1olxa.default-1424797121510\searchplugins\yandex.xml [2015-05-01]
FF Extension: WebSlingPlayer - C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\kyn1olxa.default-1424797121510\Extensions\{9EB34849-81D3-4841-939D-666D522B889A} [2015-03-31]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-05-15]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-05-15]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-06-11]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2015-02-25]
FF HKLM-x32\...\Firefox\Extensions: [{338950EA-82DB-44C1-930D-0C28E023C9F0}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

Chrome:
=======
CHR Profile: C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (SlingPlayer for DISH Anywhere) - C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcnpmlegoehfgohpkmjhpohjchokamnn [2015-04-15]
CHR Extension: (DISH Anywhere Video Player Extension) - C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\jddfihmdfalfpnnebhgpmopljbopmkea [2015-06-10]
CHR Extension: (Google Wallet) - C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-30]
CHR HKLM\...\Chrome\Extension: [jddfihmdfalfpnnebhgpmopljbopmkea] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jddfihmdfalfpnnebhgpmopljbopmkea] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AcronisAgent; C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe [2021248 2012-02-10] (Acronis)
R2 ARSM; C:\Program Files (x86)\Acronis\ARSM\arsm.exe [5292048 2012-09-25] (Acronis)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2013-04-30] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2014-03-05] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2011-03-04] (Hewlett-Packard Company) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 MMS; C:\Program Files (x86)\Acronis\BackupAndRecovery\mms.exe [10172768 2012-09-25] (Acronis)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-10-26] ()
R2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2015-02-25] (RealNetworks, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [31856 2014-10-30] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 SynoDrService; I:\Program Files (x86)\Synology Data Replicator  3\SynoDrServicex64.exe [381312 2013-04-24] () [File not signed]
R2 UsbClientService; i:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [248736 2015-05-11] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 CT20XUT.DLL; C:\Windows\System32\CT20XUT.DLL [252712 2007-04-10] (Creative Technology Ltd.)
S3 CTEAPSFX.DLL; C:\Windows\System32\CTEAPSFX.DLL [219432 2007-04-10] (Creative Technology Ltd)
S3 CTEDSPFX.DLL; C:\Windows\System32\CTEDSPFX.DLL [321832 2007-04-10] (Creative Technology Ltd)
S3 CTEDSPIO.DLL; C:\Windows\System32\CTEDSPIO.DLL [190248 2007-04-10] (Creative Technology Ltd)
S3 CTEDSPSY.DLL; C:\Windows\System32\CTEDSPSY.DLL [363304 2007-04-10] (Creative Technology Ltd)
S3 CTEXFIFX.DLL; C:\Windows\System32\CTEXFIFX.DLL [1571112 2007-04-10] (Creative Technology Ltd.)
S3 CTHWIUT.DLL; C:\Windows\System32\CTHWIUT.DLL [123688 2007-04-10] (Creative Technology Ltd.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-07-26] (Disc Soft Ltd)
S2 Hardlock; C:\Windows\system32\drivers\hardlock.sys [296448 2005-06-14] (Aladdin Knowledge Systems Ltd.) [File not signed]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-07-26] (Duplex Secure Ltd.)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [1322120 2013-05-04] (Acronis)
R3 V0230Vfx; C:\Windows\System32\DRIVERS\V0230Vfx.sys [10752 2006-05-05] (EyePower Games Pte. Ltd.)
R3 V0230VID; C:\Windows\System32\DRIVERS\V0230VID.sys [595488 2007-08-07] (Creative Technology Ltd.)
R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [225792 2013-09-25] (VIA Technologies, Inc.)
R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [296960 2013-09-25] (VIA Technologies, Inc.)
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [146928 2010-11-17] (CyberLink Corp.)
U3 aotfswux; C:\Windows\System32\Drivers\aotfswux.sys [0 ] (Advanced Micro Devices) <==== ATTENTION (zero byte File/Folder)
S3 COMMONFX.DLL; system32\COMMONFX.DLL [X]
S3 CTAUDFX.DLL; system32\CTAUDFX.DLL [X]
S3 CTERFXFX.DLL; system32\CTERFXFX.DLL [X]
S3 CTSBLFX.DLL; system32\CTSBLFX.DLL [X]
S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]
S3 Ser2pl; system32\DRIVERS\ser2pl64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-11 10:08 - 2015-07-11 10:08 - 00000000 ____D C:\Users\mark\Desktop\FRST-OlderVersion
2015-07-09 12:04 - 2015-07-09 12:04 - 00000000 ____D C:\Users\mark\AppData\Roaming\32040
2015-07-08 18:26 - 2015-07-08 18:52 - 00083697 _____ C:\Users\mark\Desktop\Addition.txt
2015-07-08 18:24 - 2015-07-11 10:24 - 00038997 _____ C:\Users\mark\Desktop\FRST.txt
2015-07-08 18:23 - 2015-07-11 10:25 - 00000000 ____D C:\FRST
2015-07-08 18:23 - 2015-07-11 10:08 - 02130944 _____ (Farbar) C:\Users\mark\Desktop\FRST64.exe
2015-07-02 11:42 - 2015-07-02 11:42 - 00290808 _____ C:\Windows\Minidump\070215-17331-01.dmp
2015-07-01 23:50 - 2015-05-27 19:04 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-07-01 23:50 - 2015-05-27 19:03 - 02237440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-01 23:50 - 2015-05-27 19:03 - 01409024 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-01 23:50 - 2015-05-27 19:03 - 00601600 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-01 23:50 - 2015-05-27 19:02 - 19291136 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-01 23:50 - 2015-05-27 19:02 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-01 23:50 - 2015-05-27 19:02 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-01 23:50 - 2015-05-27 19:02 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-01 23:50 - 2015-05-27 19:01 - 15415808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-01 23:50 - 2015-05-27 19:01 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-01 23:50 - 2015-05-27 19:01 - 02656768 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-01 23:50 - 2015-05-27 19:01 - 00856064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-01 23:50 - 2015-05-27 19:01 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-01 23:50 - 2015-05-27 19:01 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-01 23:50 - 2015-05-27 19:01 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-01 23:50 - 2015-05-27 19:01 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-07-01 23:50 - 2015-05-27 19:01 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-07-01 23:50 - 2015-05-27 19:01 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-01 23:50 - 2015-05-27 19:01 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-07-01 23:50 - 2015-05-27 19:00 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-01 23:50 - 2015-05-27 17:45 - 01763328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-07-01 23:50 - 2015-05-27 17:45 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-07-01 23:50 - 2015-05-27 17:45 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-07-01 23:50 - 2015-05-27 17:44 - 14383104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-07-01 23:50 - 2015-05-27 17:44 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-07-01 23:50 - 2015-05-27 17:44 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-07-01 23:50 - 2015-05-27 17:44 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-07-01 23:50 - 2015-05-27 17:43 - 13771776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-07-01 23:50 - 2015-05-27 17:43 - 02865152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-07-01 23:50 - 2015-05-27 17:43 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-07-01 23:50 - 2015-05-27 17:43 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-07-01 23:50 - 2015-05-27 17:43 - 00690176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-07-01 23:50 - 2015-05-27 17:43 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-07-01 23:50 - 2015-05-27 17:43 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-07-01 23:50 - 2015-05-27 17:43 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-07-01 23:50 - 2015-05-27 17:43 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-07-01 23:50 - 2015-05-27 17:43 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-07-01 23:50 - 2015-05-27 17:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-07-01 23:50 - 2015-05-27 17:43 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-07-01 23:50 - 2015-05-27 17:24 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-07-01 23:50 - 2015-05-27 17:23 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-07-01 23:50 - 2015-05-27 17:00 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-01 23:50 - 2015-05-27 16:55 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-07-01 23:49 - 2015-05-27 19:01 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-07-01 23:49 - 2015-05-27 17:43 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2015-07-01 23:49 - 2015-05-27 16:34 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2015-07-01 23:49 - 2015-05-27 16:32 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2015-06-30 20:27 - 2015-06-30 20:27 - 00262144 _____ C:\Windows\Minidump\063015-17768-01.dmp
2015-06-30 07:28 - 2015-06-30 07:28 - 00000000 ____D C:\Users\mark\Calibre Library
2015-06-27 12:36 - 2015-06-27 12:36 - 00000000 ____D C:\Users\mark\AppData\Roaming\27566
2015-06-25 20:05 - 2015-06-25 20:05 - 00535176 _____ C:\Windows\Minidump\062515-17456-01.dmp
2015-06-17 11:45 - 2015-06-17 11:45 - 00399272 _____ C:\Windows\Minidump\061715-16738-01.dmp
2015-06-13 16:23 - 2015-06-13 16:23 - 00000842 _____ C:\Users\Public\Desktop\Synology Assistant.lnk
2015-06-13 16:23 - 2015-06-13 16:23 - 00000000 ____D C:\ProgramData\Synology
2015-06-13 11:30 - 2015-06-13 12:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\nLite

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-11 10:22 - 2015-04-17 17:55 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-11 09:31 - 2013-04-30 14:18 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-11 08:12 - 2009-07-13 21:45 - 00029376 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-11 08:12 - 2009-07-13 21:45 - 00029376 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-11 04:09 - 2013-04-29 20:02 - 01516969 _____ C:\Windows\WindowsUpdate.log
2015-07-11 02:54 - 2013-09-25 16:55 - 00000296 _____ C:\Windows\Tasks\Synology Data Replicator 3-MYPC-mark.job
2015-07-11 02:00 - 2014-08-27 11:52 - 00000000 ____D C:\Users\mark\AppData\Local\Adobe
2015-07-10 19:40 - 2013-04-30 14:18 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-08 18:23 - 2015-04-17 17:55 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-08 18:23 - 2015-04-17 17:55 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-08 18:23 - 2015-04-17 17:55 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-07 16:34 - 2013-11-29 10:23 - 00002112 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-07 13:09 - 2013-10-28 10:40 - 00000000 ____D C:\Users\mark\AppData\Roaming\Dropbox
2015-07-05 03:08 - 2010-11-20 20:27 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-07-04 10:05 - 2013-08-07 16:02 - 00000000 ____D C:\ProgramData\CanonIJPLM
2015-07-04 10:01 - 2009-07-13 22:13 - 04704652 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-04 10:00 - 2009-07-13 22:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2015-07-02 11:51 - 2013-07-20 12:12 - 00000000 ____D C:\Users\mark\AppData\Local\CloudStation
2015-07-02 11:42 - 2015-05-24 09:24 - 923971712 _____ C:\Windows\MEMORY.DMP
2015-07-02 11:42 - 2013-12-16 12:16 - 00000000 ____D C:\Windows\Minidump
2015-07-02 11:42 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-02 11:42 - 2009-07-13 21:51 - 00001339 _____ C:\Windows\setupact.log
2015-07-02 11:09 - 2013-06-29 09:30 - 00000000 ____D C:\Users\mark\AppData\Roaming\Mp3tag
2015-07-02 03:42 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2015-07-01 16:56 - 2013-11-29 10:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-07-01 16:47 - 2014-09-16 08:42 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-01 16:31 - 2014-01-18 11:27 - 00000000 ____D C:\AdwCleaner
2015-07-01 16:10 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-30 16:26 - 2013-11-29 10:23 - 00002440 _____ C:\Users\mark\Desktop\Google Chrome.lnk
2015-06-30 14:35 - 2014-08-06 08:19 - 00000000 ____D C:\Program Files (x86)\DVDFab 9
2015-06-30 14:34 - 2015-05-30 13:57 - 00001005 _____ C:\Users\Public\Desktop\DVDFab 9.lnk
2015-06-30 14:34 - 2015-05-30 13:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDFab 9
2015-06-30 07:28 - 2013-04-29 20:03 - 00000000 ____D C:\Users\mark
2015-06-25 18:59 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\NDF
2015-06-17 11:52 - 2014-12-06 17:17 - 00000000 __SHD C:\Users\Linda.MYPC.000\AppData\Local\EmieBrowserModeList
2015-06-17 11:52 - 2014-05-01 22:09 - 00000000 __SHD C:\Users\Linda.MYPC.000\AppData\Local\EmieUserList
2015-06-17 11:52 - 2014-05-01 22:09 - 00000000 __SHD C:\Users\Linda.MYPC.000\AppData\Local\EmieSiteList
2015-06-16 10:41 - 2010-11-20 20:47 - 00325966 _____ C:\Windows\PFRO.log
2015-06-16 10:32 - 2015-02-07 17:45 - 00000000 ____D C:\Program Files (x86)\Quicken
2015-06-13 16:23 - 2013-05-04 11:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Synology
2015-06-13 16:23 - 2013-05-04 11:11 - 00000000 ____D C:\Program Files (x86)\Synology
2015-06-13 12:26 - 2015-06-10 07:21 - 00001908 _____ C:\Windows\diagwrn.xml
2015-06-13 12:26 - 2015-06-10 07:21 - 00001908 _____ C:\Windows\diagerr.xml
2015-06-13 12:26 - 2009-07-13 21:51 - 00000000 _____ C:\Windows\setuperr.log
2015-06-11 03:03 - 2013-06-01 12:24 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-11 03:02 - 2013-12-04 19:59 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013

==================== Files in the root of some directories =======

2014-02-27 14:24 - 2014-02-27 14:24 - 0000029 _____ () C:\Users\mark\AppData\Roaming\default.rss
2013-06-15 15:20 - 2013-06-15 15:20 - 0000268 ___RH () C:\Users\mark\AppData\Roaming\LaunchAgents
2013-06-15 14:15 - 2013-06-15 15:01 - 0000000 _____ () C:\Users\mark\AppData\Roaming\Multipressor
2013-06-24 10:08 - 2015-04-02 15:21 - 0038400 _____ () C:\Users\mark\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-07-18 17:04 - 2013-07-18 17:04 - 0007604 _____ () C:\Users\mark\AppData\Local\Resmon.ResmonCfg
2013-12-19 18:53 - 2015-04-26 09:58 - 0000040 ___SH () C:\ProgramData\.zreglib
2013-06-28 14:52 - 2013-06-28 14:52 - 0000057 _____ () C:\ProgramData\Ament.ini
2013-06-01 11:15 - 2013-08-07 18:11 - 0007695 _____ () C:\ProgramData\hpzinstall.log
2013-06-15 15:01 - 2013-06-15 15:01 - 0000000 _____ () C:\ProgramData\Internet Services
2013-06-15 15:20 - 2013-06-15 15:20 - 0000268 ___RH () C:\ProgramData\Light Machine
2013-06-15 15:01 - 2013-06-15 15:01 - 0000000 _____ () C:\ProgramData\Metadata Importer
2013-12-14 14:23 - 2015-01-24 12:33 - 0001385 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2013-06-15 15:20 - 2013-06-15 15:20 - 0000020 ____H () C:\ProgramData\PKP_DLdw.DAT
2013-06-15 14:30 - 2013-06-15 15:17 - 0000000 ____H () C:\ProgramData\PKP_DLea.DAT
2013-06-15 14:15 - 2013-06-15 15:01 - 0000000 ____H () C:\ProgramData\PKP_DLeo.DAT
2013-06-15 14:16 - 2013-06-15 15:01 - 0000000 ____H () C:\ProgramData\PKP_DLes.DAT
2013-06-15 14:16 - 2013-06-15 15:01 - 0000000 ____H () C:\ProgramData\PKP_DLet.DAT
2013-06-15 14:16 - 2013-06-15 15:01 - 0000000 ____H () C:\ProgramData\PKP_DLev.DAT

Some files in TEMP:
====================
C:\Users\Linda.MYPC.000\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\mark\AppData\Local\Temp\AVG Toolbar v.9.23.exe
C:\Users\mark\AppData\Local\Temp\checkChipVersion_v1006.exe
C:\Users\mark\AppData\Local\Temp\CheckLang.dll
C:\Users\mark\AppData\Local\Temp\COMAP.EXE
C:\Users\mark\AppData\Local\Temp\CtRunApp.dll
C:\Users\mark\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxkyxep.dll
C:\Users\mark\AppData\Local\Temp\en_ww_Package.exe
C:\Users\mark\AppData\Local\Temp\GPUpd54120DC81.exe
C:\Users\mark\AppData\Local\Temp\GPUpd5416024B1.exe
C:\Users\mark\AppData\Local\Temp\GPUpd541753D81.exe
C:\Users\mark\AppData\Local\Temp\haspdinst_x64.exe
C:\Users\mark\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\mark\AppData\Local\Temp\jre-8u45-windows-au.exe
C:\Users\mark\AppData\Local\Temp\lowproc.exe
C:\Users\mark\AppData\Local\Temp\MSETUP4.EXE
C:\Users\mark\AppData\Local\Temp\namebench.exe
C:\Users\mark\AppData\Local\Temp\ose00000.exe
C:\Users\mark\AppData\Local\Temp\ose00003.exe
C:\Users\mark\AppData\Local\Temp\PidGenX.dll
C:\Users\mark\AppData\Local\Temp\post1.exe
C:\Users\mark\AppData\Local\Temp\post2.dll
C:\Users\mark\AppData\Local\Temp\post2.exe
C:\Users\mark\AppData\Local\Temp\python27.dll
C:\Users\mark\AppData\Local\Temp\Quarantine.exe
C:\Users\mark\AppData\Local\Temp\RunApp.dll
C:\Users\mark\AppData\Local\Temp\SCC.dll
C:\Users\mark\AppData\Local\Temp\setup.exe
C:\Users\mark\AppData\Local\Temp\SkypeSetup.exe
C:\Users\mark\AppData\Local\Temp\sqlite3.dll
C:\Users\mark\AppData\Local\Temp\stubhelper.dll
C:\Users\mark\AppData\Local\Temp\SymCCIS.dll
C:\Users\mark\AppData\Local\Temp\Synology-CloudStation-Upgrader-3004.exe
C:\Users\mark\AppData\Local\Temp\Synology-CloudStation-Upgrader-3103.exe
C:\Users\mark\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\mark\AppData\Local\Temp\tcl85.dll
C:\Users\mark\AppData\Local\Temp\tk85.dll
C:\Users\mark\AppData\Local\Temp\utt71C4.tmp.exe
C:\Users\mark\AppData\Local\Temp\utt71F.tmp.exe
C:\Users\mark\AppData\Local\Temp\vsdel.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-07-03 13:23

==================== End of log ============================

Addition.txt

Link to post
Share on other sites

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 
 
Scan with aswMBR

Please download aswMBR ( 4.5MB ) to your desktop.
  • Double click the aswMBR.exe icon, and click Run.
  • There will be a short delay before the next dialog box comes up. Please just wait a minute or two.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Typically this is about a 100MB download so depending on your connection speed it can take a short while to download and become ready.
  • Click the Scan button to start the scan once the update has finished downloading
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.


Note: There will also be a file on your desktop named MBR.dat do not delete this for now. It is an actual backup of the MBR (master boot record).

Link to post
Share on other sites

aswMBR version 1.0.1.2290 Copyright© 2014 AVAST Software
Run date: 2015-07-12 10:05:22
-----------------------------
10:05:22.754    OS Version: Windows x64 6.1.7601 Service Pack 1
10:05:22.754    Number of processors: 4 586 0xF0B
10:05:22.756    ComputerName: MYPC  UserName: mark
10:05:23.588    Initialize success
10:05:25.052    VM: initialized successfully
10:05:25.066    VM: Intel CPU supported
10:05:42.151    VM: disk I/O atapi.sys
10:15:23.586    AVAST engine defs: 15071201
10:16:29.532    Disk 0  \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3
10:16:29.536    Disk 0 Vendor: ST3500630AS 3.AAK Size: 476938MB BusType: 3
10:16:29.540    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T1L0-5
10:16:29.545    Disk 1 Vendor: WDC_WD7500AADS-00L5B1 01.01A01 Size: 715404MB BusType: 3
10:16:29.550    Disk 2  \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP2T0L0-2
10:16:29.558    Disk 2 Vendor: Hitachi_HDS5C3020ALA632 ML6OA580 Size: 1907729MB BusType: 3
10:16:29.563    Disk 3 (boot) \Device\Harddisk3\DR3 -> \Device\Ide\IdeDeviceP7T0L0-d
10:16:29.570    Disk 3 Vendor: OCZ-AGILITY3 2.25 Size: 228936MB BusType: 11
10:16:29.578    Disk 4  \Device\Harddisk4\DR4 -> \Device\Scsi\JRAID1Port8Path0Target0Lun0
10:16:29.584    Disk 4 Vendor: WDC_____ 080. Size: 2861588MB BusType: 8
10:16:29.910    Disk 3 MBR read successfully
10:16:29.917    Disk 3 MBR scan
10:16:29.965    Disk 3 Windows 7 default MBR code
10:16:29.973    Disk 3 Partition 1 80 (A) 07      HPFS/NTFS NTFS          100 MB offset 2048
10:16:29.980    Disk 3 Boot: NTFS     code=1
10:16:30.015    Disk 3 Partition 2 00     07      HPFS/NTFS NTFS       228834 MB offset 206848
10:16:30.084    Disk 3 scanning C:\Windows\system32\drivers
10:16:46.892    Service scanning
10:17:14.359    Modules scanning
10:17:14.370    Disk 3 trace - called modules:
10:17:14.379    ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa80068df2c0]<<sptd.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
10:17:14.386    1 nt!IofCallDriver -> \Device\Harddisk3\DR3[0xfffffa8006c95060]
10:17:14.391    3 CLASSPNP.SYS[fffff880017ca43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP7T0L0-d[0xfffffa8006a2e060]
10:17:14.401    \Driver\atapi[0xfffffa80069cddb0] -> IRP_MJ_CREATE -> 0xfffffa80068df2c0
10:17:14.921    AVAST engine scan C:\Windows
10:17:16.948    AVAST engine scan C:\Windows\system32
10:21:24.172    AVAST engine scan C:\Windows\system32\drivers
10:21:50.917    AVAST engine scan C:\Users\mark
11:35:28.784    File: C:\Users\mark\AppData\Local\Temp\post1.exe  **INFECTED** Win32:Adware-CHW [Adw]
11:54:09.686    AVAST engine scan C:\ProgramData
12:01:26.371    Disk 3 statistics 7347378/0/0 @ 1.09 MB/s
12:01:26.383    Scan finished successfully
13:00:26.832    Disk 3 MBR has been saved successfully to "C:\Users\mark\Desktop\MBR.dat"
13:00:26.877    The log file has been saved successfully to "C:\Users\mark\Desktop\aswMBR.txt"

 

Link to post
Share on other sites

Your logs show obvious signs of having cracked software on your system. This is the main reason your computer is infected. Visiting cracksites/warezsites - and other questionable/illegal sites is always a risk.

Even a single click on the site can drop multiple forms of very serious malware, many of which disable your onboard protection, and System Restore.

If you install the cracked software, you are running executable files from these dubious, unknown sources. You are in effect giving these sources access to information on your hard disk, and potential control over the operation of your computer.

Additionally, cracked programs are illegal. Referring to the Forum Rules which you should have read at the time of Registering at this forum, this forum does not support illegal activity. As such, be advised that any request for assistance in removing malware may go unanswered, or may be discontinued, if the cracked (illegal) software is still present on the machine

Having said that we can help you clean your machine this time BUT this would be a ONCE ONLY offer on the understanding that all cracks are removed. This would apply not only here but at many other Malware Support forums if you were to appear again with cracks onboard, as many of us analysts work at multiple support sites. Please remove all cracked software and illegally obtained copyrighted material you have on the system so we may continue with the clean up.

Link to post
Share on other sites

Thanks. Done.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-07-2015
Ran by mark (administrator) on MYPC on 14-07-2015 09:51:07
Running from C:\Users\mark\Desktop
Loaded Profiles: mark & Acronis Agent User & Linda (Available Profiles: mark & Acronis Agent User & Linda)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Acronis) C:\Program Files (x86)\Acronis\TrayMonitor\TrayMonitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Acronis) C:\Program Files (x86)\Acronis\ARSM\arsm.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(VIA Technologies, Inc.) C:\Program Files\VIA XHCI UASP Utility\usb3Monitor.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
() I:\Program Files (x86)\Synology Data Replicator  3\SynoDrServicex64.exe
() I:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Acronis) C:\Program Files (x86)\Acronis\BackupAndRecovery\mms.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CtHelper.exe
(Creative Technology Ltd.) C:\Windows\V0230Mon.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
() C:\Program Files\pia_manager\pia_manager.exe
(Acronis) C:\Program Files (x86)\Acronis\TrayMonitor\TrayMonitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(VIA Technologies, Inc.) C:\Program Files\VIA XHCI UASP Utility\usb3Monitor.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CtHelper.exe
(Creative Technology Ltd.) C:\Windows\V0230Mon.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
(http://www.ruby-lang.org/) C:\Users\mark\AppData\Local\Temp\ocrE243.tmp\bin\rubyw.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
() C:\Program Files\pia_manager\pia_manager.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exe
(http://www.ruby-lang.org/) C:\Users\mark\AppData\Local\Temp\ocr6C3.tmp\bin\rubyw.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
() C:\Program Files\pia_manager\pia_tray\pia_tray.exe
() C:\Program Files\pia_manager\openvpn.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Sling Media Inc.) C:\Program Files (x86)\DishAnywhereDesktop\DishAnywherePlayer.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Sling Media Inc.) C:\Program Files (x86)\DishAnywhereDesktop\DishAnywherePlayer.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_17_0_0_191_ActiveX.exe
(Sling Media Inc.) C:\Program Files (x86)\DishAnywhereDesktop\DishAnywherePlayer.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Sling Media Inc.) C:\Program Files (x86)\DishAnywhereDesktop\DishAnywherePlayer.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [iAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [391632 2012-09-25] (Acronis)
HKLM\...\Run: [TrayMonitor.exe] => C:\Program Files (x86)\Acronis\TrayMonitor\TrayMonitor.exe [1496960 2012-09-25] (Acronis)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [VIAxHCUtl] => C:\Program Files\VIA XHCI UASP Utility\usb3Monitor
HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [36864 2007-03-19] ()
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1105280 2012-08-16] (Acronis)
HKLM-x32\...\Run: [backupAndRecoveryMonitor.exe] => C:\Program Files (x86)\Acronis\BackupAndRecovery\BackupAndRecoveryMonitor.exe [1530896 2012-09-25] (Acronis)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [AddressBookReminderApp] => I:\Program Files (x86)\Creative Home\Hallmark Card Studio 2012 Deluxe\ReminderApp.exe
HKLM-x32\...\Run: [PowerDVD13Agent] => "C:\Program Files (x86)\CyberLink\PowerDVD13\PowerDVD13Agent.exe"
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2010-02-03] (CyberLink Corp.)
HKLM-x32\...\Run: [bDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2010-11-17] (cyberlink)
HKLM-x32\...\Run: [36X Raid Configurer] => C:\Windows\SysWOW64\xRaidSetup.exe [1970176 2009-08-26] (Gigabyte Technology Corp.)
HKLM-x32\...\Run: [AsioThk32Reg] => REGSVR32.EXE /S CTASIO.DLL
HKLM-x32\...\Run: [CTHelper] => CTHELPER.EXE
HKLM-x32\...\Run: [V0230Mon.exe] => C:\Windows\V0230Mon.exe [32768 2006-09-07] (Creative Technology Ltd.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => I:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKU\S-1-5-21-2933260109-1030829455-491473259-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2933260109-1030829455-491473259-1001\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-2933260109-1030829455-491473259-1001\...\Run: [HP Officejet 6700 (NET)] => C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2933260109-1030829455-491473259-1001\...\Run: [HP Officejet 6700 (NET) #2] => C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2933260109-1030829455-491473259-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-12-14] (Google Inc.)
HKU\S-1-5-21-2933260109-1030829455-491473259-1001\...\MountPoints2: {6fa3f802-d36e-11e2-9b17-001a4d4bcdf1} - K:\iStudio.exe
HKU\S-1-5-21-2933260109-1030829455-491473259-1001\...\MountPoints2: {92a32def-a961-11e3-bd48-001a4d4bcdf1} - E:\setup64.exe
HKU\S-1-5-21-2933260109-1030829455-491473259-1001\...\MountPoints2: {bed4f810-0884-11e5-81b8-001a4d4bcdf1} - K:\autorun.exe
HKU\S-1-5-21-2933260109-1030829455-491473259-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-2933260109-1030829455-491473259-1006\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-12-14] (Google Inc.)
HKU\S-1-5-21-2933260109-1030829455-491473259-1006\...\Run: [Device Detector] => DevDetect.exe -autorun
HKU\S-1-5-21-2933260109-1030829455-491473259-1006\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2741616 2011-03-04] (Hewlett-Packard Company)
HKU\S-1-5-21-2933260109-1030829455-491473259-1006\...\Run: [DevconDefaultDB] => C:\Windows\system32\READREG /SILENT /FAIL=1
HKU\S-1-5-21-2933260109-1030829455-491473259-1006\...\RunOnce: [CTAutoUpdate] => C:\Program Files (x86)\Creative\Shared Files\Software Update\AutoUpdate.exe [430968 2009-01-15] (Creative Technology Ltd)
HKU\S-1-5-21-2933260109-1030829455-491473259-1006\...\MountPoints2: {fb94094d-c55f-11e2-b0fc-806e6f6e6963} - E:\AutoPlay.exe -c
HKU\S-1-5-21-2933260109-1030829455-491473259-1011\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2741616 2011-03-04] (Hewlett-Packard Company)
HKU\S-1-5-21-2933260109-1030829455-491473259-1011\...\Run: [QuickTime Task] => I:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKU\S-1-5-21-2933260109-1030829455-491473259-1011\...\MountPoints2: {6fa3f802-d36e-11e2-9b17-001a4d4bcdf1} - K:\iStudio.exe
HKU\S-1-5-21-2933260109-1030829455-491473259-1011\...\MountPoints2: {92a32def-a961-11e3-bd48-001a4d4bcdf1} - E:\setup64.exe
HKU\S-1-5-21-2933260109-1030829455-491473259-1011\...\MountPoints2: {bed4f810-0884-11e5-81b8-001a4d4bcdf1} - K:\autorun.exe
Startup: C:\Users\mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CloudStation.lnk [2014-01-20]
ShortcutTarget: CloudStation.lnk -> C:\Users\mark\AppData\Local\CloudStation\bin\cloud.exe ()
ShellIconOverlayIdentifiers: [01UnsuppModule] -> {AEB16659-2125-4ADA-A4AB-45EE21E86469} => C:\Users\mark\AppData\Local\CloudStation\iconoverlay_v6\IconOverlayDLLs_x64\iconOverlay.dll [2014-03-05] (TODO: <Company name>)
ShellIconOverlayIdentifiers: [02SyncingModule] -> {48AB5ADA-36B1-4137-99C9-2BD97F8788AB} => C:\Users\mark\AppData\Local\CloudStation\iconoverlay_v6\IconOverlayDLLs_x64\iconOverlay.dll [2014-03-05] (TODO: <Company name>)
ShellIconOverlayIdentifiers: [03SyncedModule] -> {472CE1AD-5D53-4BCF-A1FB-3982A5F55138} => C:\Users\mark\AppData\Local\CloudStation\iconoverlay_v6\IconOverlayDLLs_x64\iconOverlay.dll [2014-03-05] (TODO: <Company name>)
ShellIconOverlayIdentifiers: [04ReadOnlyModule] -> {A433C3E0-8B24-40EB-93C3-4B10D9959F58} => C:\Users\mark\AppData\Local\CloudStation\iconoverlay_v6\IconOverlayDLLs_x64\iconOverlay.dll [2014-03-05] (TODO: <Company name>)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://www.google.com
HKU\S-1-5-21-2933260109-1030829455-491473259-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
HKU\S-1-5-21-2933260109-1030829455-491473259-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-2933260109-1030829455-491473259-1006\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://us.yhs4.search.yahoo.com/web/partner?&hspart=w3i&hsimp=yhs-syctransfer&type=W3i_SP,204,0_0,StartPage,20130522,19891,0,25,0
HKU\S-1-5-21-2933260109-1030829455-491473259-1006\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-2933260109-1030829455-491473259-1011\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://go.microsoft.com/fwlink/p/?LinkId=255141
HKU\S-1-5-21-2933260109-1030829455-491473259-1011\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2933260109-1030829455-491473259-1001 -> {E8342393-60D6-4378-9D30-DE53EB446344} URL =
SearchScopes: HKU\S-1-5-21-2933260109-1030829455-491473259-1001 -> {F479E1E4-E728-429B-8599-A903BBD5A2E6} URL =
SearchScopes: HKU\S-1-5-21-2933260109-1030829455-491473259-1011 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = https://www.google.com/search?q={searchTerms}
BHO: AdBlockanWaitchu -> {2954FA7F-6EA5-6DFC-5D7D-F60995913C7C} -> C:\ProgramData\AdBlockanWaitchu\K.x64.dll No File
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2014-10-27] (RealDownloader)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-05-19] (Microsoft Corporation)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-15] (Oracle Corporation)
BHO: YoutubeAdblocker -> {7C1A7E48-B3E2-444F-9969-FCB352AF8A8C} -> C:\Program Files (x86)\YoutubeAdblocker\4FEYC.x64.dll No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-02] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: greaatsaaver -> {CE6BAB4F-55F6-E5DA-EBBE-2BDC31A56939} -> C:\Program Files (x86)\greaatsaaver\mWvsG.x64.dll No File
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-05-13] (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-15] (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27] (Adobe Systems Incorporated)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2014-10-27] (RealDownloader)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-05-19] (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-15] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-02] (Google Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-07-27] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-05-13] (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-15] (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-07-27] (Adobe Systems Incorporated)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-02] (Google Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-07-27] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-02] (Google Inc.)
Toolbar: HKU\S-1-5-21-2933260109-1030829455-491473259-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-02] (Google Inc.)
Toolbar: HKU\S-1-5-21-2933260109-1030829455-491473259-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-2933260109-1030829455-491473259-1006 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-02] (Google Inc.)
Toolbar: HKU\S-1-5-21-2933260109-1030829455-491473259-1006 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect1262.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T28L10NSP12EP6-17378/webex/ieatgpc1.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=1058
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-03-12] (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
Hosts: 127.0.0.1 activate.adobe.com
Tcpip\Parameters: [DhcpNameServer] 209.222.18.222 209.222.18.218
Tcpip\..\Interfaces\{45D0F8FF-83C4-45EC-BB05-4EF018B383C5}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{5A2AFB55-96A1-4A92-9F01-7E82ED5C806A}: [DhcpNameServer] 209.222.18.222 209.222.18.218
Tcpip\..\Interfaces\{F58A8856-1C2D-45F4-A0BD-1AE710E411D6}: [NameServer] 129.250.35.251,192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\kyn1olxa.default-1424797121510
FF DefaultSearchEngine: Yahoo!
FF SelectedSearchEngine: Yahoo!
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_203.dll [2015-07-08] ()
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-15] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-15] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_203.dll [2015-07-08] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @canon.com/EPPEX -> H:\Program Files (x86)\cannon\NPEZFFPI.DLL [2013-04-19] (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-15] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-15] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2012-12-19] (Nero AG)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll [2013-12-12] (Nullsoft, Inc.)
FF Plugin-x32: @real.com/nppl3260;version=17.0.15.10 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2015-02-25] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.15 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2014-10-27] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.15.10 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2015-02-25] (RealPlayer Cloud)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-24] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-24] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2012-07-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2933260109-1030829455-491473259-1001: DISH Anywhere.com/DISH Anywhere Video Player -> C:\Users\mark\AppData\Roaming\DISH Anywhere\DISH Anywhere Video Player\npNMPCBrowserPlugin.dll [2015-02-09] (Nagravision)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll [2015-02-25] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-12-16] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-12-16] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-12-16] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-12-16] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-12-16] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll [2015-02-25] (RealPlayer Cloud)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npatgpc.dll [2013-11-14] (Cisco WebEx LLC)
FF SearchPlugin: C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\kyn1olxa.default-1424797121510\searchplugins\yandex.xml [2015-05-01]
FF Extension: WebSlingPlayer - C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\kyn1olxa.default-1424797121510\Extensions\{9EB34849-81D3-4841-939D-666D522B889A} [2015-03-31]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-05-15]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-05-15]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-06-11]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2015-02-25]
FF HKLM-x32\...\Firefox\Extensions: [{338950EA-82DB-44C1-930D-0C28E023C9F0}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

Chrome:
=======
CHR Profile: C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (SlingPlayer for DISH Anywhere) - C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcnpmlegoehfgohpkmjhpohjchokamnn [2015-04-15]
CHR Extension: (DISH Anywhere Video Player Extension) - C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\jddfihmdfalfpnnebhgpmopljbopmkea [2015-06-10]
CHR Extension: (Google Wallet) - C:\Users\mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-30]
CHR HKLM\...\Chrome\Extension: [jddfihmdfalfpnnebhgpmopljbopmkea] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jddfihmdfalfpnnebhgpmopljbopmkea] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AcronisAgent; C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe [2021248 2012-02-10] (Acronis)
R2 ARSM; C:\Program Files (x86)\Acronis\ARSM\arsm.exe [5292048 2012-09-25] (Acronis)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2013-04-30] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2014-03-05] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2011-03-04] (Hewlett-Packard Company) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 MMS; C:\Program Files (x86)\Acronis\BackupAndRecovery\mms.exe [10172768 2012-09-25] (Acronis)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-10-26] ()
R2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2015-02-25] (RealNetworks, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [31856 2014-10-30] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
R2 SynoDrService; I:\Program Files (x86)\Synology Data Replicator  3\SynoDrServicex64.exe [381312 2013-04-24] () [File not signed]
R2 UsbClientService; i:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [248736 2015-05-11] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 CT20XUT.DLL; C:\Windows\System32\CT20XUT.DLL [252712 2007-04-10] (Creative Technology Ltd.)
S3 CTEAPSFX.DLL; C:\Windows\System32\CTEAPSFX.DLL [219432 2007-04-10] (Creative Technology Ltd)
S3 CTEDSPFX.DLL; C:\Windows\System32\CTEDSPFX.DLL [321832 2007-04-10] (Creative Technology Ltd)
S3 CTEDSPIO.DLL; C:\Windows\System32\CTEDSPIO.DLL [190248 2007-04-10] (Creative Technology Ltd)
S3 CTEDSPSY.DLL; C:\Windows\System32\CTEDSPSY.DLL [363304 2007-04-10] (Creative Technology Ltd)
S3 CTEXFIFX.DLL; C:\Windows\System32\CTEXFIFX.DLL [1571112 2007-04-10] (Creative Technology Ltd.)
S3 CTHWIUT.DLL; C:\Windows\System32\CTHWIUT.DLL [123688 2007-04-10] (Creative Technology Ltd.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-07-26] (Disc Soft Ltd)
S2 Hardlock; C:\Windows\system32\drivers\hardlock.sys [296448 2005-06-14] (Aladdin Knowledge Systems Ltd.) [File not signed]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-07-26] (Duplex Secure Ltd.)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [1322120 2013-05-04] (Acronis)
R3 V0230Vfx; C:\Windows\System32\DRIVERS\V0230Vfx.sys [10752 2006-05-05] (EyePower Games Pte. Ltd.)
R3 V0230VID; C:\Windows\System32\DRIVERS\V0230VID.sys [595488 2007-08-07] (Creative Technology Ltd.)
R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [225792 2013-09-25] (VIA Technologies, Inc.)
R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [296960 2013-09-25] (VIA Technologies, Inc.)
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [146928 2010-11-17] (CyberLink Corp.)
U3 at4srv7k; C:\Windows\System32\Drivers\at4srv7k.sys [0 ] (Intel Corporation) <==== ATTENTION (zero byte File/Folder)
S3 COMMONFX.DLL; system32\COMMONFX.DLL [X]
S3 CTAUDFX.DLL; system32\CTAUDFX.DLL [X]
S3 CTERFXFX.DLL; system32\CTERFXFX.DLL [X]
S3 CTSBLFX.DLL; system32\CTSBLFX.DLL [X]
S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]
S3 Ser2pl; system32\DRIVERS\ser2pl64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-14 09:47 - 2015-07-14 09:47 - 00262144 _____ C:\Windows\Minidump\071415-18735-01.dmp
2015-07-12 13:00 - 2015-07-12 13:00 - 00002956 _____ C:\Users\mark\Desktop\aswMBR.txt
2015-07-12 13:00 - 2015-07-12 13:00 - 00000512 _____ C:\Users\mark\Desktop\MBR.dat
2015-07-12 10:05 - 2015-07-12 10:05 - 05200384 _____ (AVAST Software) C:\Users\mark\Desktop\aswmbr.exe
2015-07-11 10:08 - 2015-07-14 09:43 - 00000000 ____D C:\Users\mark\Desktop\FRST-OlderVersion
2015-07-09 12:04 - 2015-07-09 12:04 - 00000000 ____D C:\Users\mark\AppData\Roaming\32040
2015-07-08 18:26 - 2015-07-14 09:45 - 00028833 _____ C:\Users\mark\Desktop\Addition.txt
2015-07-08 18:24 - 2015-07-14 09:51 - 00036490 _____ C:\Users\mark\Desktop\FRST.txt
2015-07-08 18:23 - 2015-07-14 09:51 - 00000000 ____D C:\FRST
2015-07-08 18:23 - 2015-07-14 09:43 - 02133504 _____ (Farbar) C:\Users\mark\Desktop\FRST64.exe
2015-07-02 11:42 - 2015-07-02 11:42 - 00290808 _____ C:\Windows\Minidump\070215-17331-01.dmp
2015-07-01 23:50 - 2015-05-27 19:04 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-07-01 23:50 - 2015-05-27 19:03 - 02237440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-01 23:50 - 2015-05-27 19:03 - 01409024 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-01 23:50 - 2015-05-27 19:03 - 00601600 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-01 23:50 - 2015-05-27 19:02 - 19291136 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-01 23:50 - 2015-05-27 19:02 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-01 23:50 - 2015-05-27 19:02 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-01 23:50 - 2015-05-27 19:02 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-01 23:50 - 2015-05-27 19:01 - 15415808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-01 23:50 - 2015-05-27 19:01 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-01 23:50 - 2015-05-27 19:01 - 02656768 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-01 23:50 - 2015-05-27 19:01 - 00856064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-01 23:50 - 2015-05-27 19:01 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-01 23:50 - 2015-05-27 19:01 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-01 23:50 - 2015-05-27 19:01 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-01 23:50 - 2015-05-27 19:01 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-07-01 23:50 - 2015-05-27 19:01 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-07-01 23:50 - 2015-05-27 19:01 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-01 23:50 - 2015-05-27 19:01 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-07-01 23:50 - 2015-05-27 19:00 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-01 23:50 - 2015-05-27 17:45 - 01763328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-07-01 23:50 - 2015-05-27 17:45 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-07-01 23:50 - 2015-05-27 17:45 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-07-01 23:50 - 2015-05-27 17:44 - 14383104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-07-01 23:50 - 2015-05-27 17:44 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-07-01 23:50 - 2015-05-27 17:44 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-07-01 23:50 - 2015-05-27 17:44 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-07-01 23:50 - 2015-05-27 17:43 - 13771776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-07-01 23:50 - 2015-05-27 17:43 - 02865152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-07-01 23:50 - 2015-05-27 17:43 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-07-01 23:50 - 2015-05-27 17:43 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-07-01 23:50 - 2015-05-27 17:43 - 00690176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-07-01 23:50 - 2015-05-27 17:43 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-07-01 23:50 - 2015-05-27 17:43 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-07-01 23:50 - 2015-05-27 17:43 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-07-01 23:50 - 2015-05-27 17:43 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-07-01 23:50 - 2015-05-27 17:43 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-07-01 23:50 - 2015-05-27 17:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-07-01 23:50 - 2015-05-27 17:43 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-07-01 23:50 - 2015-05-27 17:24 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-07-01 23:50 - 2015-05-27 17:23 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-07-01 23:50 - 2015-05-27 17:00 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-01 23:50 - 2015-05-27 16:55 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-07-01 23:49 - 2015-05-27 19:01 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-07-01 23:49 - 2015-05-27 17:43 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2015-07-01 23:49 - 2015-05-27 16:34 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2015-07-01 23:49 - 2015-05-27 16:32 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2015-06-30 20:27 - 2015-06-30 20:27 - 00262144 _____ C:\Windows\Minidump\063015-17768-01.dmp
2015-06-30 07:28 - 2015-06-30 07:28 - 00000000 ____D C:\Users\mark\Calibre Library
2015-06-27 12:36 - 2015-06-27 12:36 - 00000000 ____D C:\Users\mark\AppData\Roaming\27566
2015-06-25 20:05 - 2015-06-25 20:05 - 00535176 _____ C:\Windows\Minidump\062515-17456-01.dmp
2015-06-17 11:45 - 2015-06-17 11:45 - 00399272 _____ C:\Windows\Minidump\061715-16738-01.dmp

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-14 09:50 - 2013-06-22 10:24 - 00000000 ____D C:\Program Files\Common Files\Adobe
2015-07-14 09:50 - 2013-06-01 13:04 - 00000000 ____D C:\ProgramData\Adobe
2015-07-14 09:49 - 2013-06-22 10:26 - 00000000 ____D C:\Program Files\Adobe
2015-07-14 09:49 - 2013-05-25 13:34 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-07-14 09:48 - 2013-07-20 12:12 - 00000000 ____D C:\Users\mark\AppData\Local\CloudStation
2015-07-14 09:48 - 2013-04-30 14:18 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-14 09:47 - 2015-05-24 09:24 - 999228359 _____ C:\Windows\MEMORY.DMP
2015-07-14 09:47 - 2013-12-16 12:16 - 00000000 ____D C:\Windows\Minidump
2015-07-14 09:47 - 2013-10-28 10:40 - 00000000 ____D C:\Users\mark\AppData\Roaming\Dropbox
2015-07-14 09:47 - 2013-05-31 21:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-14 09:47 - 2010-11-20 20:47 - 00328546 _____ C:\Windows\PFRO.log
2015-07-14 09:47 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-14 09:47 - 2009-07-13 21:51 - 00001395 _____ C:\Windows\setupact.log
2015-07-14 09:31 - 2013-04-30 14:18 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-14 09:22 - 2015-04-17 17:55 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-14 08:55 - 2009-07-13 22:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2015-07-14 08:32 - 2013-11-29 10:23 - 00002112 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-14 07:46 - 2013-04-29 20:02 - 01965622 _____ C:\Windows\WindowsUpdate.log
2015-07-14 04:28 - 2009-07-13 21:45 - 00029376 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-14 04:28 - 2009-07-13 21:45 - 00029376 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-14 02:54 - 2013-09-25 16:55 - 00000296 _____ C:\Windows\Tasks\Synology Data Replicator 3-MYPC-mark.job
2015-07-14 02:00 - 2014-08-27 11:52 - 00000000 ____D C:\Users\mark\AppData\Local\Adobe
2015-07-11 16:41 - 2013-07-18 17:04 - 00007604 _____ C:\Users\mark\AppData\Local\Resmon.ResmonCfg
2015-07-11 13:50 - 2015-05-15 00:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-08 18:23 - 2015-04-17 17:55 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-08 18:23 - 2015-04-17 17:55 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-08 18:23 - 2015-04-17 17:55 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-05 03:08 - 2010-11-20 20:27 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-07-04 10:05 - 2013-08-07 16:02 - 00000000 ____D C:\ProgramData\CanonIJPLM
2015-07-04 10:01 - 2009-07-13 22:13 - 04704652 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-02 11:09 - 2013-06-29 09:30 - 00000000 ____D C:\Users\mark\AppData\Roaming\Mp3tag
2015-07-02 03:42 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2015-07-01 16:56 - 2013-11-29 10:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-07-01 16:47 - 2014-09-16 08:42 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-01 16:31 - 2014-01-18 11:27 - 00000000 ____D C:\AdwCleaner
2015-07-01 16:10 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-30 16:26 - 2013-11-29 10:23 - 00002440 _____ C:\Users\mark\Desktop\Google Chrome.lnk
2015-06-30 14:35 - 2014-08-06 08:19 - 00000000 ____D C:\Program Files (x86)\DVDFab 9
2015-06-30 14:34 - 2015-05-30 13:57 - 00001005 _____ C:\Users\Public\Desktop\DVDFab 9.lnk
2015-06-30 14:34 - 2015-05-30 13:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDFab 9
2015-06-30 07:28 - 2013-04-29 20:03 - 00000000 ____D C:\Users\mark
2015-06-25 18:59 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\NDF
2015-06-17 11:52 - 2014-12-06 17:17 - 00000000 __SHD C:\Users\Linda.MYPC.000\AppData\Local\EmieBrowserModeList
2015-06-17 11:52 - 2014-05-01 22:09 - 00000000 __SHD C:\Users\Linda.MYPC.000\AppData\Local\EmieUserList
2015-06-17 11:52 - 2014-05-01 22:09 - 00000000 __SHD C:\Users\Linda.MYPC.000\AppData\Local\EmieSiteList
2015-06-16 10:32 - 2015-02-07 17:45 - 00000000 ____D C:\Program Files (x86)\Quicken

==================== Files in the root of some directories =======

2014-02-27 14:24 - 2014-02-27 14:24 - 0000029 _____ () C:\Users\mark\AppData\Roaming\default.rss
2013-06-15 15:20 - 2013-06-15 15:20 - 0000268 ___RH () C:\Users\mark\AppData\Roaming\LaunchAgents
2013-06-15 14:15 - 2013-06-15 15:01 - 0000000 _____ () C:\Users\mark\AppData\Roaming\Multipressor
2013-06-24 10:08 - 2015-04-02 15:21 - 0038400 _____ () C:\Users\mark\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-07-18 17:04 - 2015-07-11 16:41 - 0007604 _____ () C:\Users\mark\AppData\Local\Resmon.ResmonCfg
2013-12-19 18:53 - 2015-04-26 09:58 - 0000040 ___SH () C:\ProgramData\.zreglib
2013-06-28 14:52 - 2013-06-28 14:52 - 0000057 _____ () C:\ProgramData\Ament.ini
2013-06-01 11:15 - 2013-08-07 18:11 - 0007695 _____ () C:\ProgramData\hpzinstall.log
2013-06-15 15:01 - 2013-06-15 15:01 - 0000000 _____ () C:\ProgramData\Internet Services
2013-06-15 15:20 - 2013-06-15 15:20 - 0000268 ___RH () C:\ProgramData\Light Machine
2013-06-15 15:01 - 2013-06-15 15:01 - 0000000 _____ () C:\ProgramData\Metadata Importer
2013-12-14 14:23 - 2015-01-24 12:33 - 0001385 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2013-06-15 15:20 - 2013-06-15 15:20 - 0000020 ____H () C:\ProgramData\PKP_DLdw.DAT
2013-06-15 14:30 - 2013-06-15 15:17 - 0000000 ____H () C:\ProgramData\PKP_DLea.DAT
2013-06-15 14:15 - 2013-06-15 15:01 - 0000000 ____H () C:\ProgramData\PKP_DLeo.DAT
2013-06-15 14:16 - 2013-06-15 15:01 - 0000000 ____H () C:\ProgramData\PKP_DLes.DAT
2013-06-15 14:16 - 2013-06-15 15:01 - 0000000 ____H () C:\ProgramData\PKP_DLet.DAT
2013-06-15 14:16 - 2013-06-15 15:01 - 0000000 ____H () C:\ProgramData\PKP_DLev.DAT

Some files in TEMP:
====================
C:\Users\Linda.MYPC.000\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\mark\AppData\Local\Temp\AVG Toolbar v.9.23.exe
C:\Users\mark\AppData\Local\Temp\checkChipVersion_v1006.exe
C:\Users\mark\AppData\Local\Temp\CheckLang.dll
C:\Users\mark\AppData\Local\Temp\COMAP.EXE
C:\Users\mark\AppData\Local\Temp\CtRunApp.dll
C:\Users\mark\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpcq4yrf.dll
C:\Users\mark\AppData\Local\Temp\en_ww_Package.exe
C:\Users\mark\AppData\Local\Temp\GPUpd54120DC81.exe
C:\Users\mark\AppData\Local\Temp\GPUpd5416024B1.exe
C:\Users\mark\AppData\Local\Temp\GPUpd541753D81.exe
C:\Users\mark\AppData\Local\Temp\haspdinst_x64.exe
C:\Users\mark\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\mark\AppData\Local\Temp\jre-8u45-windows-au.exe
C:\Users\mark\AppData\Local\Temp\lowproc.exe
C:\Users\mark\AppData\Local\Temp\MSETUP4.EXE
C:\Users\mark\AppData\Local\Temp\namebench.exe
C:\Users\mark\AppData\Local\Temp\ose00000.exe
C:\Users\mark\AppData\Local\Temp\ose00003.exe
C:\Users\mark\AppData\Local\Temp\PidGenX.dll
C:\Users\mark\AppData\Local\Temp\post1.exe
C:\Users\mark\AppData\Local\Temp\post2.dll
C:\Users\mark\AppData\Local\Temp\post2.exe
C:\Users\mark\AppData\Local\Temp\python27.dll
C:\Users\mark\AppData\Local\Temp\Quarantine.exe
C:\Users\mark\AppData\Local\Temp\RunApp.dll
C:\Users\mark\AppData\Local\Temp\SCC.dll
C:\Users\mark\AppData\Local\Temp\setup.exe
C:\Users\mark\AppData\Local\Temp\SkypeSetup.exe
C:\Users\mark\AppData\Local\Temp\sqlite3.dll
C:\Users\mark\AppData\Local\Temp\stubhelper.dll
C:\Users\mark\AppData\Local\Temp\SymCCIS.dll
C:\Users\mark\AppData\Local\Temp\Synology-CloudStation-Upgrader-3004.exe
C:\Users\mark\AppData\Local\Temp\Synology-CloudStation-Upgrader-3103.exe
C:\Users\mark\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\mark\AppData\Local\Temp\tcl85.dll
C:\Users\mark\AppData\Local\Temp\tk85.dll
C:\Users\mark\AppData\Local\Temp\utt71C4.tmp.exe
C:\Users\mark\AppData\Local\Temp\utt71F.tmp.exe
C:\Users\mark\AppData\Local\Temp\vsdel.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-07-03 13:23

==================== End of log ============================

Addition.txt

Link to post
Share on other sites

Add-/remove programms

Click on start-->control panel.

Vista/7: Open Programs and Features
XP: Open add/remove programs

Search for and remove the following programs
 

Cinema Craft Encoder SP
DISH Anywhere Video Player (HKLM-x32\...\{D180F2F3-9CD4-4867-A221-D81C725D8045}) (Version: 2.24.2 - DISH Anywhere)
DISH Anywhere Video Player Installer (x32 Version: 0.0.0.188 - Sling Media) Hidden
DishAnywhereDesktop (HKLM-x32\...\{46b8f45d-687e-4788-89e9-5000b7357db5}) (Version: 0.0.0.188 - Sling Media)


Close the window.

 

 

 

 

Fix with FRST (normal mode)

WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 

  • Download the attached fixlist.txt and save it to the location where FRST is saved to.
  • Run FRST.exe (on 64bit, run FRST64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

Full System Scan with Malwarebytes Antimalware



  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.

 

fixlist.txt

Link to post
Share on other sites

Sorry for the delay. Eset took a very long time as I have large  amount of disks.

 

I could not find: DISH Anywhere Video Player Installer (x32 Version: 0.0.0.188 - Sling Media) Hidden but was able to uninstall the other 2.

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/15/2015
Scan Time: 9:14 AM
Logfile:
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.07.15.05
Rootkit Database: v2015.07.15.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: mark

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 643571
Time Elapsed: 13 min, 45 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

 

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=b967cc1db6773c489dfde017f688ab02
# end=init
# utc_time=2015-07-15 04:39:51
# local_time=2015-07-15 09:39:51 (-0800, Pacific Daylight Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 24812
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=b967cc1db6773c489dfde017f688ab02
# end=updated
# utc_time=2015-07-15 04:43:38
# local_time=2015-07-15 09:43:38 (-0800, Pacific Daylight Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=b967cc1db6773c489dfde017f688ab02
# engine=24812
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-07-16 04:05:34
# local_time=2015-07-15 09:05:34 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 62645967 188562984 0 0
# scanned=1194323
# found=50
# cleaned=0
# scan_time=40915
sh=CEAAA6689E7192AA2292B16599047975DB4C1E60 ft=1 fh=39ea1816af158d56 vn="a variant of Win32/HackTool.Patcher.AD potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Applian Technologies\Replay Media Catcher 5\replay.media.catcher.5.0.0.99-MPT.exe.vir"
sh=1F1F560C29DB6A61B05212EEA0E3C68DE0B9D61E ft=1 fh=0901d8467018be74 vn="a variant of Win32/Techsnab.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\GetPrivate\gpup.exe.vir"
sh=2C5AA90350EA9A8FA0391A0EADE7C6C136A58A2C ft=1 fh=c71c00112c474a2d vn="a variant of Win64/SProtector.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ss supporter\Assistant_x64.dll.vir"
sh=A6326480D436E7A81C9F88773AF076F892533C54 ft=1 fh=7ea23495ccc6880c vn="a variant of Win32/Techsnab.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Techsnab\Chrome Launcher\chrome-links.exe.vir"
sh=44B4BFBB97F949B7906D8331018D44A58D563526 ft=1 fh=eadef1625f8507bb vn="a variant of Win32/Techsnab.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Techsnab\Chrome Launcher\chromelauncher.dll.vir"
sh=4ABF7F5415FECF1DDB30956F1CF0A21006DDC693 ft=1 fh=e834c045009faf5f vn="a variant of Win32/Techsnab.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Techsnab\Chrome Launcher\chromelauncher.exe.vir"
sh=CB014C39FC72708E313BDC8DDA9144E3DA7DE68C ft=1 fh=524063ddb00bdfac vn="a variant of Win32/Techsnab.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Techsnab\Chrome Launcher\tasks.dll.vir"
sh=170E95D460F6646D76779B4FE097711093F9EC14 ft=1 fh=51a54013aaae74e4 vn="Win32/Bundled.Toolbar.Ask.B potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\apn\APN-Stub\W3IV6-G\APNIC.dll.vir"
sh=1F1F560C29DB6A61B05212EEA0E3C68DE0B9D61E ft=1 fh=0901d8467018be74 vn="a variant of Win32/Techsnab.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\mark\AppData\Roaming\GetPrivate\gp_upd.exe.vir"
sh=3B91A3145B7D5AA3581AC812A02257BE572862E9 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EK application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\ufdn6361.default\Extensions\jggar@xptwae.org\content\bg.js.vir"
sh=F1A4C9A54D6C13F00D7E2F571E1A1CFD394781E3 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EK application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\ufdn6361.default\Extensions\yea426uu@dhprfe.net\content\bg.js.vir"
sh=BE50CDDCFCC95639534033BFBF01A8305FA43B2A ft=1 fh=791567f6b933959d vn="a variant of Win32/Toolbar.Widgi.J potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\mark\AppData\Roaming\Search Protection\SearchProtection.exe.vir"
sh=D7949BB2C4538A60B9F7DE5CE0F304FF726CBFFF ft=1 fh=c095e1f088b7bb3e vn="a variant of Win32/Toolbar.Widgi.J potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\mark\AppData\Roaming\Search Protection\Uninstall.exe.vir"
sh=F85A41D270C5153524ABF2AC1F1F9678D709199F ft=1 fh=00b4d39371a2559f vn="a variant of Win32/Toolbar.Widgi.U potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\mark\AppData\Roaming\Update Manager\UM.exe.vir"
sh=D2408C8A09A2BD9704AF39F818EC7AC9E9CCA46E ft=1 fh=08d2b982dc66508e vn="a variant of Win32/Bunndle potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Util\uTorrent.exe.vir"
sh=236E9B77218EA4F4C41D071C4851FD60D7B98843 ft=1 fh=876d10472c82787a vn="a variant of Win32/Packed.VMProtect.ABO trojan" ac=I fn="C:\Program Files (x86)\DVDFab 9\BRD.dll"
sh=1A3B1DAF00298FC46BB75BF9D17960C4EEAC0925 ft=1 fh=c71c001198f425ea vn="Win32/InstalleRex.M potentially unwanted application" ac=I fn="C:\ProgramData\InstallMate\{0CCC3E5A-F6A5-4B01-A9EA-BE87D72F1CAC}\Custom.dll"
sh=1A3B1DAF00298FC46BB75BF9D17960C4EEAC0925 ft=1 fh=c71c001198f425ea vn="Win32/InstalleRex.M potentially unwanted application" ac=I fn="C:\Users\All Users\InstallMate\{0CCC3E5A-F6A5-4B01-A9EA-BE87D72F1CAC}\Custom.dll"
sh=C47FC5BB2593A3811A3584EE27ED9FEA75921950 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB application" ac=I fn="C:\Users\Linda.MYPC\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\coiakhhhedckpidiffhmoiimmmphpbdo\2.7\KaR.js"
sh=F3AC6DAA4E6A9D932652F08F39D5B48715D094BA ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB application" ac=I fn="C:\Users\Linda.MYPC\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kkgpfmbndnmlgjgdcaneflkjbldelafi\2.1\ykwNX9.js"
sh=50DC84207F6DB0CD7616DD7627E4F479D3B38474 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB application" ac=I fn="C:\Users\Linda.MYPC\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mpginoejgoliklbimejelmmjcnoehonp\1.1\mrsrQo.js"
sh=C47FC5BB2593A3811A3584EE27ED9FEA75921950 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB application" ac=I fn="C:\Users\mark\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\coiakhhhedckpidiffhmoiimmmphpbdo\2.7\KaR.js"
sh=F3AC6DAA4E6A9D932652F08F39D5B48715D094BA ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB application" ac=I fn="C:\Users\mark\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kkgpfmbndnmlgjgdcaneflkjbldelafi\2.1\ykwNX9.js"
sh=50DC84207F6DB0CD7616DD7627E4F479D3B38474 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB application" ac=I fn="C:\Users\mark\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mpginoejgoliklbimejelmmjcnoehonp\1.1\mrsrQo.js"
sh=E57E473126A14C01D21F82BDF311D9850650ED0E ft=1 fh=0ae8027449f7283d vn="Win32/OpenCandy potentially unsafe application" ac=I fn="E:\Documents and Settings\Mark\My Documents\Aubrees_ITouch\winscp427setup.exe"
sh=13D4D95B639E1879C40A384A178987A3A159330A ft=1 fh=8580574a11020f17 vn="a variant of Win32/Conduit.SearchProtect.N potentially unwanted application" ac=I fn="H:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\p5oo56mt.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Plugins\npConduitFirefoxPlugin.dll"
sh=E57E473126A14C01D21F82BDF311D9850650ED0E ft=1 fh=0ae8027449f7283d vn="Win32/OpenCandy potentially unsafe application" ac=I fn="H:\Documents and Settings\Mark\Documents\Aubrees_ITouch\winscp427setup.exe"
sh=1F8AB4681581BA4A31DD06CAFE417CE53945680B ft=1 fh=d10192e685f1b13a vn="a variant of Win32/Tsingsoft.A potentially unwanted application" ac=I fn="H:\dwld\FreeVideoCapture_CNET.exe"
sh=92E84D2216A7763D580E42FA2493CCF67D0D0560 ft=1 fh=e8efc42494afd9f6 vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="H:\RECYCLER\S-1-5-21-1960408961-1303643608-839522115-1003\Dc114.dll"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Packed.VMProtect.ABO trojan" ac=I fn="${Memory}"
 

Link to post
Share on other sites

Fix with FRST (normal mode)

WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 

  • Download the attached fixlist.txt and save it to the location where FRST is saved to.
  • Run FRST.exe (on 64bit, run FRST64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

 

 

 

When finished, please rescan with ESET. I know that it takes a huge amount of time, but I want to ensure everything is gone.

 

fixlist.txt

Link to post
Share on other sites

Fix result of Farbar Recovery Scan Tool (x64) Version:13-07-2015
Ran by mark at 2015-07-17 02:58:25 Run:2
Running from C:\Users\mark\Desktop
Loaded Profiles: mark & Acronis Agent User & Linda (Available Profiles: mark & Acronis Agent User & Linda)
Boot Mode: Normal
==============================================

fixlist content:
*****************
C:\Program Files (x86)\DVDFab 9
C:\ProgramData\InstallMate\{0CCC3E5A-F6A5-4B01-A9EA-BE87D72F1CAC}
C:\Users\All Users\InstallMate\{0CCC3E5A-F6A5-4B01-A9EA-BE87D72F1CAC}
C:\Users\Linda.MYPC\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\coiakhhhedckpidiffhmoiimmmphpbdo
C:\Users\Linda.MYPC\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kkgpfmbndnmlgjgdcaneflkjbldelafi
C:\Users\Linda.MYPC\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mpginoejgoliklbimejelmmjcnoehonp
C:\Users\mark\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\coiakhhhedckpidiffhmoiimmmphpbdo
C:\Users\mark\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kkgpfmbndnmlgjgdcaneflkjbldelafi
C:\Users\mark\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mpginoejgoliklbimejelmmjcnoehonp
E:\Documents and Settings\Mark\My Documents\Aubrees_ITouch\winscp427setup.exe
H:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\p5oo56mt.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}
H:\Documents and Settings\Mark\Documents\Aubrees_ITouch\winscp427setup.exe
H:\dwld\FreeVideoCapture_CNET.exe
H:\RECYCLER\S-1-5-21-1960408961-1303643608-839522115-1003\Dc114.dll

CloseProcesses:
EmptyTemp:
Reboot:
*****************

C:\Program Files (x86)\DVDFab 9 => moved successfully.
C:\ProgramData\InstallMate\{0CCC3E5A-F6A5-4B01-A9EA-BE87D72F1CAC} => moved successfully.
"C:\Users\All Users\InstallMate\{0CCC3E5A-F6A5-4B01-A9EA-BE87D72F1CAC}" => File/Folder not found.
C:\Users\Linda.MYPC\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\coiakhhhedckpidiffhmoiimmmphpbdo => moved successfully.
C:\Users\Linda.MYPC\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kkgpfmbndnmlgjgdcaneflkjbldelafi => moved successfully.
C:\Users\Linda.MYPC\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mpginoejgoliklbimejelmmjcnoehonp => moved successfully.
C:\Users\mark\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\coiakhhhedckpidiffhmoiimmmphpbdo => moved successfully.
C:\Users\mark\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kkgpfmbndnmlgjgdcaneflkjbldelafi => moved successfully.
C:\Users\mark\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mpginoejgoliklbimejelmmjcnoehonp => moved successfully.
E:\Documents and Settings\Mark\My Documents\Aubrees_ITouch\winscp427setup.exe => moved successfully.
H:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\p5oo56mt.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6} => moved successfully.
H:\Documents and Settings\Mark\Documents\Aubrees_ITouch\winscp427setup.exe => moved successfully.
H:\dwld\FreeVideoCapture_CNET.exe => moved successfully.
H:\RECYCLER\S-1-5-21-1960408961-1303643608-839522115-1003\Dc114.dll => moved successfully.
Processes closed successfully.
EmptyTemp: => 309.5 MB temporary data Removed.

The system needed a reboot..

==== End of Fixlog 02:59:05 ====

 

 

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Applian Technologies\Replay Media Catcher 5\replay.media.catcher.5.0.0.99-MPT.exe.vir a variant of Win32/HackTool.Patcher.AD potentially unsafe application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\GetPrivate\gpup.exe.vir a variant of Win32/Techsnab.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\ss supporter\Assistant_x64.dll.vir a variant of Win64/SProtector.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Techsnab\Chrome Launcher\chrome-links.exe.vir a variant of Win32/Techsnab.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Techsnab\Chrome Launcher\chromelauncher.dll.vir a variant of Win32/Techsnab.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Techsnab\Chrome Launcher\chromelauncher.exe.vir a variant of Win32/Techsnab.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Techsnab\Chrome Launcher\tasks.dll.vir a variant of Win32/Techsnab.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\ProgramData\apn\APN-Stub\W3IV6-G\APNIC.dll.vir Win32/Bundled.Toolbar.Ask.B potentially unsafe application
C:\AdwCleaner\Quarantine\C\Users\mark\AppData\Roaming\GetPrivate\gp_upd.exe.vir a variant of Win32/Techsnab.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\ufdn6361.default\Extensions\jggar@xptwae.org\content\bg.js.vir Win32/Adware.MultiPlug.EK application
C:\AdwCleaner\Quarantine\C\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\ufdn6361.default\Extensions\yea426uu@dhprfe.net\content\bg.js.vir Win32/Adware.MultiPlug.EK application
C:\AdwCleaner\Quarantine\C\Users\mark\AppData\Roaming\Search Protection\SearchProtection.exe.vir a variant of Win32/Toolbar.Widgi.J potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\mark\AppData\Roaming\Search Protection\Uninstall.exe.vir a variant of Win32/Toolbar.Widgi.J potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\mark\AppData\Roaming\Update Manager\UM.exe.vir a variant of Win32/Toolbar.Widgi.U potentially unwanted application
C:\AdwCleaner\Quarantine\C\Util\uTorrent.exe.vir a variant of Win32/Bunndle potentially unsafe application
C:\FRST\Quarantine\C\Program Files (x86)\DVDFab 9\BRD.dll a variant of Win32/Packed.VMProtect.ABO trojan
C:\FRST\Quarantine\C\ProgramData\InstallMate\{0CCC3E5A-F6A5-4B01-A9EA-BE87D72F1CAC}\Custom.dll Win32/InstalleRex.M potentially unwanted application
C:\FRST\Quarantine\C\Users\Linda.MYPC\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\coiakhhhedckpidiffhmoiimmmphpbdo\2.7\KaR.js Win32/Adware.MultiPlug.EB application
C:\FRST\Quarantine\C\Users\Linda.MYPC\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kkgpfmbndnmlgjgdcaneflkjbldelafi\2.1\ykwNX9.js Win32/Adware.MultiPlug.EB application
C:\FRST\Quarantine\C\Users\Linda.MYPC\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mpginoejgoliklbimejelmmjcnoehonp\1.1\mrsrQo.js Win32/Adware.MultiPlug.EB application
C:\FRST\Quarantine\C\Users\mark\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\coiakhhhedckpidiffhmoiimmmphpbdo\2.7\KaR.js Win32/Adware.MultiPlug.EB application
C:\FRST\Quarantine\C\Users\mark\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kkgpfmbndnmlgjgdcaneflkjbldelafi\2.1\ykwNX9.js Win32/Adware.MultiPlug.EB application
C:\FRST\Quarantine\C\Users\mark\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mpginoejgoliklbimejelmmjcnoehonp\1.1\mrsrQo.js Win32/Adware.MultiPlug.EB application
C:\FRST\Quarantine\E\Documents and Settings\Mark\My Documents\Aubrees_ITouch\winscp427setup.exe.xBAD Win32/OpenCandy potentially unsafe application
C:\FRST\Quarantine\H\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\p5oo56mt.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Plugins\npConduitFirefoxPlugin.dll a variant of Win32/Conduit.SearchProtect.N potentially unwanted application
C:\FRST\Quarantine\H\Documents and Settings\Mark\Documents\Aubrees_ITouch\winscp427setup.exe.xBAD Win32/OpenCandy potentially unsafe application
C:\FRST\Quarantine\H\dwld\FreeVideoCapture_CNET.exe.xBAD a variant of Win32/Tsingsoft.A potentially unwanted application
C:\FRST\Quarantine\H\RECYCLER\S-1-5-21-1960408961-1303643608-839522115-1003\Dc114.dll.xBAD a variant of Win32/Toolbar.Conduit.B potentially unwanted application
 

Link to post
Share on other sites

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[s1].txt also




Delete junk with JRT

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.





SecurityCheck

Reboot your system before starting!

Please download SecurityCheck: LINK1 LINK2

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread.




Tell me: Are any problems left now or may I post the final reply? :)

Link to post
Share on other sites

# AdwCleaner v4.208 - Logfile created 19/07/2015 at 09:55:41
# Updated 09/07/2015 by Xplode
# Database : 2015-07-15.1 [server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x64)
# Username : mark - MYPC
# Running from : I:\dwld\adwcleaner_4.208.exe
# Option : Cleaning

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

-\\ Internet Explorer v10.0.9200.17410

-\\ Mozilla Firefox v39.0 (x86 en-US)

-\\ Google Chrome v43.0.2357.134

-\\ Comodo Dragon v

-\\ Chrome Canary v

*************************

AdwCleaner[R0].txt - [7058 bytes] - [18/01/2014 11:27:55]
AdwCleaner[R10].txt - [2223 bytes] - [19/05/2014 07:16:09]
AdwCleaner[R11].txt - [2344 bytes] - [20/05/2014 06:52:46]
AdwCleaner[R12].txt - [3286 bytes] - [27/05/2014 08:53:13]
AdwCleaner[R13].txt - [2532 bytes] - [04/06/2014 11:17:18]
AdwCleaner[R14].txt - [3231 bytes] - [09/06/2014 10:33:58]
AdwCleaner[R15].txt - [5152 bytes] - [16/09/2014 09:35:19]
AdwCleaner[R16].txt - [2997 bytes] - [16/09/2014 09:42:34]
AdwCleaner[R17].txt - [3975 bytes] - [01/07/2015 16:28:58]
AdwCleaner[R18].txt - [2845 bytes] - [19/07/2015 09:51:20]
AdwCleaner[R1].txt - [2012 bytes] - [13/02/2014 09:33:23]
AdwCleaner[R2].txt - [3818 bytes] - [16/04/2014 10:47:47]
AdwCleaner[R3].txt - [1433 bytes] - [16/04/2014 11:09:23]
AdwCleaner[R4].txt - [4512 bytes] - [07/05/2014 09:34:16]
AdwCleaner[R5].txt - [1673 bytes] - [07/05/2014 09:39:17]
AdwCleaner[R6].txt - [1793 bytes] - [09/05/2014 07:31:26]
AdwCleaner[R7].txt - [1855 bytes] - [13/05/2014 11:48:17]
AdwCleaner[R8].txt - [1975 bytes] - [14/05/2014 09:07:45]
AdwCleaner[R9].txt - [2095 bytes] - [16/05/2014 08:27:02]
AdwCleaner[s0].txt - [7087 bytes] - [18/01/2014 11:31:52]
AdwCleaner[s10].txt - [2406 bytes] - [20/05/2014 06:57:13]
AdwCleaner[s11].txt - [3362 bytes] - [27/05/2014 08:53:52]
AdwCleaner[s12].txt - [2596 bytes] - [04/06/2014 11:18:12]
AdwCleaner[s13].txt - [3204 bytes] - [09/06/2014 10:40:40]
AdwCleaner[s14].txt - [5274 bytes] - [16/09/2014 09:36:50]
AdwCleaner[s15].txt - [4080 bytes] - [01/07/2015 16:31:04]
AdwCleaner[s16].txt - [2238 bytes] - [19/07/2015 09:55:41]
AdwCleaner[s1].txt - [2093 bytes] - [13/02/2014 10:11:36]
AdwCleaner[s2].txt - [3528 bytes] - [16/04/2014 11:03:03]
AdwCleaner[s3].txt - [1494 bytes] - [16/04/2014 11:10:32]
AdwCleaner[s4].txt - [4492 bytes] - [07/05/2014 09:35:41]
AdwCleaner[s5].txt - [1734 bytes] - [07/05/2014 09:40:04]
AdwCleaner[s6].txt - [1916 bytes] - [13/05/2014 11:49:01]
AdwCleaner[s7].txt - [2036 bytes] - [14/05/2014 09:11:13]
AdwCleaner[s8].txt - [2156 bytes] - [16/05/2014 08:27:41]
AdwCleaner[s9].txt - [2283 bytes] - [19/05/2014 07:16:54]

########## EOF - C:\AdwCleaner\AdwCleaner[s16].txt - [2829  bytes] ##########

 

 

# AdwCleaner v4.208 - Logfile created 19/07/2015 at 09:51:20
# Updated 09/07/2015 by Xplode
# Database : 2015-07-15.1 [server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x64)
# Username : mark - MYPC
# Running from : I:\dwld\adwcleaner_4.208.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

-\\ Internet Explorer v10.0.9200.17410

-\\ Mozilla Firefox v39.0 (x86 en-US)

-\\ Google Chrome v43.0.2357.134

-\\ Comodo Dragon v

-\\ Chrome Canary v

*************************

AdwCleaner[R0].txt - [7058 bytes] - [18/01/2014 11:27:55]
AdwCleaner[R10].txt - [2223 bytes] - [19/05/2014 07:16:09]
AdwCleaner[R11].txt - [2344 bytes] - [20/05/2014 06:52:46]
AdwCleaner[R12].txt - [3286 bytes] - [27/05/2014 08:53:13]
AdwCleaner[R13].txt - [2532 bytes] - [04/06/2014 11:17:18]
AdwCleaner[R14].txt - [3231 bytes] - [09/06/2014 10:33:58]
AdwCleaner[R15].txt - [5152 bytes] - [16/09/2014 09:35:19]
AdwCleaner[R16].txt - [2997 bytes] - [16/09/2014 09:42:34]
AdwCleaner[R17].txt - [3975 bytes] - [01/07/2015 16:28:58]
AdwCleaner[R18].txt - [1224 bytes] - [19/07/2015 09:51:20]
AdwCleaner[R1].txt - [2012 bytes] - [13/02/2014 09:33:23]
AdwCleaner[R2].txt - [3818 bytes] - [16/04/2014 10:47:47]
AdwCleaner[R3].txt - [1433 bytes] - [16/04/2014 11:09:23]
AdwCleaner[R4].txt - [4512 bytes] - [07/05/2014 09:34:16]
AdwCleaner[R5].txt - [1673 bytes] - [07/05/2014 09:39:17]
AdwCleaner[R6].txt - [1793 bytes] - [09/05/2014 07:31:26]
AdwCleaner[R7].txt - [1855 bytes] - [13/05/2014 11:48:17]
AdwCleaner[R8].txt - [1975 bytes] - [14/05/2014 09:07:45]
AdwCleaner[R9].txt - [2095 bytes] - [16/05/2014 08:27:02]
AdwCleaner[s0].txt - [7087 bytes] - [18/01/2014 11:31:52]
AdwCleaner[s10].txt - [2406 bytes] - [20/05/2014 06:57:13]
AdwCleaner[s11].txt - [3362 bytes] - [27/05/2014 08:53:52]
AdwCleaner[s12].txt - [2596 bytes] - [04/06/2014 11:18:12]
AdwCleaner[s13].txt - [3204 bytes] - [09/06/2014 10:40:40]
AdwCleaner[s14].txt - [5274 bytes] - [16/09/2014 09:36:50]
AdwCleaner[s15].txt - [4080 bytes] - [01/07/2015 16:31:04]
AdwCleaner[s1].txt - [2093 bytes] - [13/02/2014 10:11:36]
AdwCleaner[s2].txt - [3528 bytes] - [16/04/2014 11:03:03]
AdwCleaner[s3].txt - [1494 bytes] - [16/04/2014 11:10:32]
AdwCleaner[s4].txt - [4492 bytes] - [07/05/2014 09:35:41]
AdwCleaner[s5].txt - [1734 bytes] - [07/05/2014 09:40:04]
AdwCleaner[s6].txt - [1916 bytes] - [13/05/2014 11:49:01]
AdwCleaner[s7].txt - [2036 bytes] - [14/05/2014 09:11:13]
AdwCleaner[s8].txt - [2156 bytes] - [16/05/2014 08:27:41]
AdwCleaner[s9].txt - [2283 bytes] - [19/05/2014 07:16:54]

########## EOF - C:\AdwCleaner\AdwCleaner[R18].txt - [2765 bytes] ##########

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.1 (07.16.2015:1)
OS: Windows 7 Ultimate x64
Ran by mark on Sun 07/19/2015 at 10:00:57.93
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Tasks

Successfully deleted: [Task] C:\Windows\system32\tasks\Synology Data Replicator 3-MYPC-mark
Successfully deleted: [Task] C:\Windows\Tasks\Synology Data Replicator 3-MYPC-mark.job

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Folder] C:\ProgramData\google
Successfully deleted: [Folder] C:\Users\mark\AppData\Roaming\1641
Successfully deleted: [Folder] C:\Users\mark\AppData\Roaming\2122
Successfully deleted: [Folder] C:\Users\mark\AppData\Roaming\3602
Successfully deleted: [Folder] C:\Users\mark\AppData\Roaming\4000
Successfully deleted: [Folder] C:\Users\mark\AppData\Roaming\6293

 

~~~ FireFox

Emptied folder: C:\Users\mark\AppData\Roaming\mozilla\firefox\profiles\kyn1olxa.default-1424797121510\minidumps [2 files]

 

~~~ Chrome

[C:\Users\mark\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\mark\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\mark\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\mark\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 07/19/2015 at 10:06:04.73
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 Results of screen317's Security Check version 1.005 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
 Windows Security Center service is not running! This report may not be accurate!
 Windows Firewall Enabled! 
Microsoft Forefront Endpoint Protection  
  (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 Java 8 Update 45 
 Adobe Flash Player 18.0.0.209 
 Mozilla Firefox (39.0)
 Google Chrome (43.0.2357.132)
 Google Chrome (43.0.2357.134)
````````Process Check: objlist.exe by Laurent```````` 
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 11% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 

Link to post
Share on other sites

Your system is clean now! :)

 

 

Internet Explorer out of date

Your version of Internet Explorer is outdated.

  1. Please download IE 11 from here
  2. Save it to your desktop.
  3. Double click on the file on your desktop to start the installation process.
  4. Reboot

 

 

 

Defrag your hard drive
 
Your hard drive is heavily fragmented. This may result in performance losses. If it is NOT an SSD drive, use a tool like Auslogic DiskDefrag to defrag the drive. Attention: During srtup, uncheck any additional tools the software may provide!

 

 

 

Uninstall our tools using delfix

Please follow these steps in order:

  1. In the case we used Defogger to turn off your CD emulation software. You can start it again and use the Enable button.
  2. In the case we used Combofix. Deactivate your antivirus software once more, then rename the combofix.exe to uninstall.exe and run it one last time. You shall be noted that Combofix has been removed.
  3. In any case please download delfix to your desktop.
    • Close all other programms and start delfix.
    • Please check all the boxes and run the tool.
    • delfix will now delete all found traces of our removal process

[*] If there is still something left please delete it manualy.





Delete System Restore Points

To ensure your System Restore Points are free of malware, we will delete all of them but the most recent or create a new one.

On Windows Vista: Please follow these instructions to delete all but the most common System Protection Restore Points.
On Windows 7/8: Please follow these instructions to delete all but the most common System Protection Restore Points.
On Windows XP: Please follow these instructions to delete all but the most common System Protection Restore Points.

 

 

 

Recommendations: How to protect yourself

  • System Updates
    Please ensure to have automatic updates activated in your control panel.
    For further information and a tutorial, see this Microsoft Support article.
  • Protection
    What you need is one (not more) virus scanner with background protection. Additionally I recommend a special malware scanner to run on demand weekly.
    Personally I am using avast! Antivirus Free Edition and Malwarebytes Anti-Malware. They offer good protection for free.
    • To keep your browser free of advertising, you may install the Adblock Plus browser extension.
      It will filter unwanted advertising out of the website´s content.
    • To protect yourself from accidentally visiting malicious web sites, install the Web of Trust (WOT) browser extension.
      It will display a green (safe), yellow (unknown) or red (potentially dangerous) icon for a visited website within your browser.
      In addition, before accessing a dangerous classified web site, a warning screen is displayed.


    [*]Up to date Software
    Keep your Windows and your third party software up to date. The easiest way to get infected is an outdated windows, followed by: browser(s) (including add-ons and plug-ins), Adobe Flash Player and Adobe Reader, Java Runtime Environment, your antivirus program and so on. These links may help you to check:

    [*]Backup
    Hardware issues, malware, fire, lightning strike: There is a long list of different ways to loose all your data. Back up your files regularly. Use the windows internal backup function or a third party tool and save your data onto an external hard drive, cloud storage, optical media like CDs or DVDs or (if available) a professional network backup system. [*]Behaviour
    The commonest error when using a computer is "error 80" - what means that the error is located about 80cm in front of the monitor. This is a common joke between IT support technicians but it shows that all the safety mechanisms won´t help if you aren´t careful enough.

    • While surfing the internet, don´t click on anything you don´t know. In the worst case, it infects your system with malware.
    • Watch your step in social networks! Many cyber criminals use them to spread malware, mine personal pata (to be sold to advertising companies, for example) or simply do damage to other users. Even if a received hyperlink within a message seems to be coming from one of your friends, have a closer look. In addition, don´t click everything.
    • When installing software, have a look to each of the setup windows and uncheck any additional toolbars or free programs that may be offered additionally. Most of today´s setup procedures contain potentially unwanted programs so keep them off your system.
    • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
      They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.



Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.