Jump to content

Removing Cryptowall 3.0

cwallremove

By cwallremove
in Resolved Malware Removal Logs

 Share

Recommended Posts

cwallremove

cwallremove

Posted
Posted

Hello

 

Looking for your help.

 

Essentially the startup is creating errors from the registry. Also internet explorer is more or less unusable as it has become so slow.

 

Would be grateful for any assistance.

Thanks in advance for your time.

 

I've followed the instructions for posting.....

 

FRST log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-11-2015
Ran by HD (administrator) on HD-HP (10-11-2015 02:33:25)
Running from C:\Users\HD\Downloads
Loaded Profiles: HD (Available Profiles: HD)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Trend Micro Inc.) C:\Program Files (x86)\AntiRansomware2.0\ARService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
() C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wbengine.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1424896 2012-01-11] (IDT, Inc.)
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2799912 2011-06-10] (Synaptics Incorporated)
HKLM\...\Run: [setDefault] => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [44880 2011-12-19] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170280 2015-07-11] (Apple Inc.)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [WinampAgent] => "C:\Program Files (x86)\Winamp\winampa.exe"
HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-04-30] (Intel Corporation)
HKLM-x32\...\Run: [HPQuickWebProxy] => C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [168504 2011-06-28] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Easybits Recovery] => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-05-15] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-13] ()
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] => C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [559696 2013-09-27] (Lavasoft)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3498728 2015-09-26] (Adobe Systems Inc.)
HKLM-x32\...\Run: [QuickTime Task] => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
HKLM-x32\...\Run: [AVG_TRAY] => C:\Program Files (x86)\AVG\AVG2012\avgtray.exe [2598912 2015-05-19] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-790991912-2550835033-3860445865-1000\...\Run: [AVG-Secure-Search-Update_1113a] => C:\Users\HD\AppData\Roaming\AVG 1113a Campaign\AVG-Secure-Search-Update-1113a.exe /PROMPT /mid=44c53dddba0b47d08ca9c15632504498-8e3f2d5a62688078dbb924d632c9ff21b4437419 /CMPID=1113a
HKU\S-1-5-21-790991912-2550835033-3860445865-1000\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-790991912-2550835033-3860445865-1000\...\Run: [ifsoft] => regsvr32.exe C:\Users\HD\AppData\Local\Ifsoft\CNBJOP6N.DLL <===== ATTENTION
HKU\S-1-5-21-790991912-2550835033-3860445865-1000\...\Run: [Odics] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\HD\AppData\Local\YhPack\mdnsNSP.dll
HKU\S-1-5-21-790991912-2550835033-3860445865-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-790991912-2550835033-3860445865-1000\...\Run: [browserChoice] => C:\Windows\System32\browserchoice.exe [294912 2010-02-23] (Microsoft Corporation)
HKU\S-1-5-21-790991912-2550835033-3860445865-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-790991912-2550835033-3860445865-1000\...\Policies\system: [DisableChangePassword] 0
HKU\S-1-5-21-790991912-2550835033-3860445865-1000\...\MountPoints2: G - G:\laucher.exe
HKU\S-1-5-21-790991912-2550835033-3860445865-1000\...\MountPoints2: {02e4023e-371a-11e1-84eb-101f74b4ad6b} - G:\AutoRun.exe
HKU\S-1-5-21-790991912-2550835033-3860445865-1000\...\MountPoints2: {5ae6f57c-d377-11e1-ab15-101f74b4ad6b} - G:\Startme.exe
HKU\S-1-5-21-790991912-2550835033-3860445865-1000\...\MountPoints2: {61ce1fd0-acc3-11e1-858c-101f74b4ad6b} - G:\laucher.exe
HKU\S-1-5-21-790991912-2550835033-3860445865-1000\...\MountPoints2: {7553b7b3-354d-11e1-a314-101f74b4ad6b} - H:\SETUP.EXE
HKU\S-1-5-21-790991912-2550835033-3860445865-1000\...\MountPoints2: {8177e547-331d-11e1-ace1-806e6f6e6963} - F:\AUTOPLAY.EXE id=10000020000015000011 ver=1.0.0.0
HKU\S-1-5-21-790991912-2550835033-3860445865-1000\...\MountPoints2: {bc7cf4ad-ad9a-11e1-adc2-101f74b4ad6b} - G:\laucher.exe
BootExecute: autocheck autochk * C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{77AE7A19-732E-4EA7-8965-47C741A5A197}: [NameServer] 8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{8E675C0D-6714-481B-986A-5E644D6737AF}: [NameServer] 8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{8E675C0D-6714-481B-986A-5E644D6737AF}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{9B4AD3B2-583E-49AE-A01A-EF3519946C33}: [NameServer] 8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{9FEAFB74-FDC6-454E-A2A8-7DBB7EB65219}: [NameServer] 8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{D8E81319-F7C4-42DE-92B6-8428AEF256B9}: [NameServer] 8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{D8E81319-F7C4-42DE-92B6-8428AEF256B9}: [DhcpNameServer] 194.168.4.100 194.168.8.100
 
Internet Explorer:
==================
SearchScopes: HKLM-x32 -> {486C7B30-EB16-4426-B1BC-4C0D77815160} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/710-111095-2958-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: AVG Do Not Track -> {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} -> C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll [2015-05-19] (AVG Technologies CZ, s.r.o.)
BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll [2011-05-06] (HP)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.)
BHO-x32: AVG Do Not Track -> {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} -> C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll [2015-05-19] (AVG Technologies CZ, s.r.o.)
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2013-02-07] (DivX, LLC)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2012-10-25] (Sun Microsystems, Inc.)
BHO-x32: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll [2011-05-06] (HP)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2012-10-25] (Sun Microsystems, Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Co.)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-790991912-2550835033-3860445865-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-790991912-2550835033-3860445865-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-790991912-2550835033-3860445865-1000 -> No Name - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} -  No File
Toolbar: HKU\S-1-5-21-790991912-2550835033-3860445865-1000 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1327170353107
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll [2015-05-19] (AVG Technologies CZ, s.r.o.)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll [2015-05-19] (AVG Technologies CZ, s.r.o.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-04-08] (Skype Technologies)
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll [2015-10-18] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-18] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2013-02-07] (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin -> C:\Program Files (x86)\Java\jre6\bin\dtplugin\npDeployJava1.dll [2012-09-24] (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll [2012-09-24] (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-12-08] ()
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &video& - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-02-22] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-08-10] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2015-10-15] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{F53C93F1-07D5-430c-86D4-C9531B27DFAF}] - C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack
FF Extension: AVG Do Not Track - C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack [2015-11-09] [not signed]
FF HKU\S-1-5-21-790991912-2550835033-3860445865-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
 
Chrome: 
=======
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\gcswf32.dll => No File
CHR Plugin: (Simple Pass 2011) - C:\Users\HD\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdhihajbmafmgilcciomnamcjfkdhikl\1.0_0\npwebsitelogon.dll => No File
CHR Plugin: (Norton Confidential) - C:\Users\HD\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.0.140_0\npcoplgn.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll => No File
CHR Plugin: (Java Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (WildTangent Games App Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll => No File
CHR Profile: C:\Users\HD\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Adobe Acrobat) - C:\Users\HD\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2015-11-09]
CHR Extension: (Website Logon) - C:\Users\HD\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdhihajbmafmgilcciomnamcjfkdhikl [2015-02-23]
CHR Extension: (AVG Do Not Track) - C:\Users\HD\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2015-11-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\HD\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-14]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\HD\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2015-02-23]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2015-09-26]
CHR HKLM-x32\...\Chrome\Extension: [hdhihajbmafmgilcciomnamcjfkdhikl] - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx [2011-04-14]
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\Program Files (x86)\AVG\AVG2012\Chrome\donottrack.crx [2015-05-19]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-02-07]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AntiRansomwareService; C:\Program Files (x86)\AntiRansomware2.0\arservice.exe [100864 2015-07-30] (Trend Micro Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [5176832 2015-05-19] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [198616 2015-05-19] (AVG Technologies CZ, s.r.o.)
R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S4 hpqcxs08;  [X]
S4 hpqddsvc;  [X]
S2 HPSLPSVC; C:\Users\HD\AppData\Local\Temp\7zS206C\hpslpsvc64.dll [X]
S4 jswpsapi;  [X]
S4 Net Driver HPZ12;  [X]
S4 PassThru Service;  [X]
S4 Pml Driver HPZ12;  [X]
S4 WDCS_WNDA3200;  [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 A2DDA; C:\EEK\bin\a2ddax64.sys [26176 2015-03-30] (Emsisoft GmbH)
R3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [127752 2015-05-19] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [32008 2015-05-19] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [28936 2015-05-19] (AVG Technologies CZ, s.r.o. )
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [307464 2015-05-19] (AVG Technologies CZ, s.r.o.)
R1 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [49928 2015-05-19] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [39176 2015-05-19] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [384776 2015-05-19] (AVG Technologies CZ, s.r.o.)
S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2015-03-30] (Emsisoft GmbH)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 HTCAND64; C:\Windows\System32\Drivers\ANDROIDUSB.sys [33736 2009-11-02] (HTC, Corporation) [File not signed]
R1 KbHook; C:\Program Files (x86)\AntiRansomware2.0\hookdriver64.sys [18720 2013-06-08] (<company name here>)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-11-10] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S4 USBAAPL64;  [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-10 02:33 - 2015-11-10 02:34 - 00028866 _____ C:\Users\HD\Downloads\FRST.txt
2015-11-10 02:30 - 2015-11-10 02:33 - 00000000 ____D C:\FRST
2015-11-10 02:30 - 2015-11-10 02:30 - 02198528 _____ (Farbar) C:\Users\HD\Downloads\FRST64.exe
2015-11-10 01:49 - 2015-11-10 01:51 - 00000000 ____D C:\Users\HD\AppData\Roaming\Media Player Classic
2015-11-10 01:41 - 2015-11-10 01:41 - 00000000 ____D C:\Users\HD\AppData\Roaming\com.adobe.formscentral.FormsCentralForAcrobat
2015-11-10 01:22 - 2015-11-10 01:22 - 00026900 _____ C:\Users\HD\AppData\LocalLow\dt.dat
2015-11-10 00:08 - 2015-11-10 00:08 - 00000412 _____ C:\Windows\DCEBOOT.RST
2015-11-10 00:08 - 2015-11-10 00:08 - 00000000 _____ C:\Windows\DCEBOOT.LOG
2015-11-10 00:06 - 2015-11-10 00:06 - 00231960 _____ C:\Windows\RegBootClean64.exe
2015-11-10 00:06 - 2015-11-10 00:06 - 00021528 _____ C:\Windows\DCEBoot64.exe
2015-11-10 00:06 - 2015-11-10 00:06 - 00009392 _____ C:\Windows\RegBootClean64.CFG
2015-11-10 00:04 - 2015-11-10 00:08 - 00000000 ____D C:\ProgramData\AntiRansomware
2015-11-10 00:04 - 2015-11-10 00:06 - 00000000 ____D C:\Program Files (x86)\AntiRansomware2.0
2015-11-09 22:17 - 2015-11-09 22:24 - 02581978 _____ C:\Users\HD\Desktop\ListCWall.txt
2015-11-09 22:17 - 2015-11-09 22:17 - 00452424 _____ (Bleeping Computer, LLC) C:\Users\HD\Downloads\ListCWall.exe
2015-11-09 21:51 - 2015-11-09 21:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-11-09 21:51 - 2015-11-09 21:51 - 00000000 ____D C:\Program Files\Common Files\AV
2015-11-09 21:47 - 2015-11-09 21:47 - 00000000 ____D C:\Users\HD\AppData\Roaming\AVG2012
2015-11-09 21:46 - 2015-11-09 21:51 - 00000965 _____ C:\Users\Public\Desktop\AVG 2012.lnk
2015-11-09 21:46 - 2015-11-09 21:46 - 00000000 ____D C:\Windows\SysWOW64\Drivers\AVG
2015-11-09 21:45 - 2015-11-09 21:52 - 00000000 ____D C:\ProgramData\AVG2012
2015-11-09 21:45 - 2015-11-09 21:48 - 00000000 ____D C:\Windows\system32\Drivers\AVG
2015-11-09 21:45 - 2015-11-09 21:45 - 00000000 ___HD C:\$AVG
2015-11-09 21:43 - 2015-11-09 21:43 - 00000000 ____D C:\Program Files (x86)\AVG
2015-11-09 21:40 - 2015-11-09 21:52 - 00000000 ____D C:\ProgramData\MFAData
2015-10-15 14:09 - 2015-10-15 14:10 - 03673683 _____ C:\Users\HD\Downloads\Sepsis_audit_Feb2015 (3).pptx
2015-10-15 14:08 - 2015-10-18 21:37 - 00000000 ____D C:\Users\HD\Documents\sepsis audit
2015-10-15 12:21 - 2015-10-15 12:21 - 00017877 _____ C:\Users\HD\Downloads\ICU ACCS rota NovDecJan 2015 2016 Draft1 v3009.xlsx
2015-10-14 14:44 - 2015-08-06 18:04 - 14176768 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-10-14 14:43 - 2015-10-01 18:06 - 00692672 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-10-14 14:43 - 2015-10-01 18:04 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-10-14 14:43 - 2015-10-01 18:00 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-10-14 14:43 - 2015-10-01 18:00 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-10-14 14:43 - 2015-10-01 18:00 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-10-14 14:43 - 2015-10-01 18:00 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-10-14 14:43 - 2015-10-01 18:00 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-10-14 14:43 - 2015-10-01 17:50 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-10-14 14:43 - 2015-10-01 17:00 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-10-14 14:43 - 2015-09-29 03:16 - 05569472 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-10-14 14:43 - 2015-09-29 03:13 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-10-14 14:43 - 2015-09-29 03:11 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-10-14 14:43 - 2015-09-29 03:11 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-10-14 14:43 - 2015-09-29 03:11 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-10-14 14:43 - 2015-09-29 03:11 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-10-14 14:43 - 2015-09-29 03:11 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-10-14 14:43 - 2015-09-29 03:11 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-10-14 14:43 - 2015-09-29 03:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-10-14 14:43 - 2015-09-29 03:11 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-10-14 14:43 - 2015-09-29 03:10 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-10-14 14:43 - 2015-09-29 03:10 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-10-14 14:43 - 2015-09-29 03:10 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-10-14 14:43 - 2015-09-29 03:10 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-10-14 14:43 - 2015-09-29 03:10 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-10-14 14:43 - 2015-09-29 03:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-10-14 14:43 - 2015-09-29 03:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-10-14 14:43 - 2015-09-29 03:10 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-10-14 14:43 - 2015-09-29 03:10 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-10-14 14:43 - 2015-09-29 03:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-10-14 14:43 - 2015-09-29 03:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-10-14 14:43 - 2015-09-29 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-10-14 14:43 - 2015-09-29 03:09 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-10-14 14:43 - 2015-09-29 03:05 - 03990976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-10-14 14:43 - 2015-09-29 03:05 - 03936192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-10-14 14:43 - 2015-09-29 03:05 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-10-14 14:43 - 2015-09-29 03:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-10-14 14:43 - 2015-09-29 03:02 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-10-14 14:43 - 2015-09-29 03:01 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-10-14 14:43 - 2015-09-29 03:01 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-10-14 14:43 - 2015-09-29 03:01 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-10-14 14:43 - 2015-09-29 03:01 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-10-14 14:43 - 2015-09-29 03:01 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-10-14 14:43 - 2015-09-29 03:01 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-10-14 14:43 - 2015-09-29 03:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-10-14 14:43 - 2015-09-29 03:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-10-14 14:43 - 2015-09-29 03:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-10-14 14:43 - 2015-09-29 03:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-10-14 14:43 - 2015-09-29 03:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-10-14 14:43 - 2015-09-29 03:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-10-14 14:43 - 2015-09-29 03:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-10-14 14:43 - 2015-09-29 03:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-10-14 14:43 - 2015-09-29 03:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-10-14 14:43 - 2015-09-29 03:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-10-14 14:43 - 2015-09-29 03:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-10-14 14:43 - 2015-09-29 03:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-10-14 14:43 - 2015-09-29 03:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-10-14 14:43 - 2015-09-29 03:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-10-14 14:43 - 2015-09-29 03:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-10-14 14:43 - 2015-09-29 03:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-10-14 14:43 - 2015-09-29 03:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-10-14 14:43 - 2015-09-29 03:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-10-14 14:43 - 2015-09-29 03:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-10-14 14:43 - 2015-09-29 03:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-10-14 14:43 - 2015-09-29 03:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-10-14 14:43 - 2015-09-29 03:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-10-14 14:43 - 2015-09-29 03:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-10-14 14:43 - 2015-09-29 03:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-10-14 14:43 - 2015-09-29 02:59 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-10-14 14:43 - 2015-09-29 02:59 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-10-14 14:43 - 2015-09-29 02:59 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-10-14 14:43 - 2015-09-29 02:59 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-10-14 14:43 - 2015-09-29 02:59 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-10-14 14:43 - 2015-09-29 02:59 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-10-14 14:43 - 2015-09-29 02:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-10-14 14:43 - 2015-09-29 02:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-10-14 14:43 - 2015-09-29 02:58 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-10-14 14:43 - 2015-09-29 02:58 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-10-14 14:43 - 2015-09-29 02:57 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-10-14 14:43 - 2015-09-29 02:57 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-10-14 14:43 - 2015-09-29 02:57 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-10-14 14:43 - 2015-09-29 02:57 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-10-14 14:43 - 2015-09-29 02:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-10-14 14:43 - 2015-09-29 02:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-10-14 14:43 - 2015-09-29 02:49 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-10-14 14:43 - 2015-09-29 02:49 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-10-14 14:43 - 2015-09-29 02:49 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-10-14 14:43 - 2015-09-29 02:49 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-10-14 14:43 - 2015-09-29 02:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-10-14 14:43 - 2015-09-29 02:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-10-14 14:43 - 2015-09-29 02:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-10-14 14:43 - 2015-09-29 02:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-10-14 14:43 - 2015-09-29 02:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-10-14 14:43 - 2015-09-29 02:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-10-14 14:43 - 2015-09-29 02:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-10-14 14:43 - 2015-09-29 02:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-10-14 14:43 - 2015-09-29 02:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-10-14 14:43 - 2015-09-29 02:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-10-14 14:43 - 2015-09-29 02:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-10-14 14:43 - 2015-09-29 02:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-10-14 14:43 - 2015-09-29 02:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-10-14 14:43 - 2015-09-29 02:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-10-14 14:43 - 2015-09-29 02:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-10-14 14:43 - 2015-09-29 02:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-10-14 14:43 - 2015-09-29 02:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-10-14 14:43 - 2015-09-29 02:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-10-14 14:43 - 2015-09-29 02:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-10-14 14:43 - 2015-09-29 02:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-10-14 14:43 - 2015-09-29 02:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-10-14 14:43 - 2015-09-29 02:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-10-14 14:43 - 2015-09-29 01:50 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-10-14 14:43 - 2015-09-29 01:49 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-10-14 14:43 - 2015-09-29 01:49 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-10-14 14:43 - 2015-09-29 01:43 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-10-14 14:43 - 2015-09-29 01:43 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-10-14 14:43 - 2015-09-29 01:40 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-10-14 14:43 - 2015-09-29 01:40 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-10-14 14:43 - 2015-09-29 01:40 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-10-14 14:43 - 2015-09-29 01:40 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-10-14 14:43 - 2015-09-25 18:07 - 03168768 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-10-14 14:43 - 2015-09-25 18:07 - 02607104 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-10-14 14:43 - 2015-09-25 18:07 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-10-14 14:43 - 2015-09-25 18:07 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-10-14 14:43 - 2015-09-25 18:07 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-10-14 14:43 - 2015-09-25 18:07 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-10-14 14:43 - 2015-09-25 18:07 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-10-14 14:43 - 2015-09-25 18:06 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-10-14 14:43 - 2015-09-25 18:06 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-10-14 14:43 - 2015-09-25 18:06 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-10-14 14:43 - 2015-09-25 18:06 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-10-14 14:43 - 2015-09-25 17:59 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-10-14 14:43 - 2015-09-25 17:59 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-10-14 14:43 - 2015-09-25 17:59 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-10-14 14:43 - 2015-09-25 17:59 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-10-14 14:43 - 2015-09-25 17:58 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-10-14 14:43 - 2015-09-15 18:17 - 00157016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-10-14 14:43 - 2015-09-15 18:17 - 00097112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-10-14 14:43 - 2015-09-15 18:11 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-10-14 14:43 - 2015-09-15 18:11 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-10-14 14:43 - 2015-09-15 18:11 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-10-14 14:43 - 2015-09-15 18:11 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-10-14 14:43 - 2015-09-15 18:11 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-10-14 14:43 - 2015-09-15 18:11 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-10-14 14:43 - 2015-09-15 18:10 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-10-14 14:43 - 2015-09-15 17:36 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-10-14 14:43 - 2015-09-15 17:36 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-10-14 14:43 - 2015-09-15 17:36 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-10-14 14:43 - 2015-09-15 17:35 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-10-14 14:43 - 2015-08-06 18:03 - 01866752 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2015-10-14 14:43 - 2015-08-06 17:44 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-10-14 14:43 - 2015-08-06 17:44 - 01498624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2015-10-14 14:42 - 2015-09-17 23:48 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-10-14 14:42 - 2015-09-17 23:48 - 01409024 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-10-14 14:42 - 2015-09-17 23:48 - 00603648 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-10-14 14:42 - 2015-09-17 23:48 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-10-14 14:42 - 2015-09-17 23:47 - 19280896 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-10-14 14:42 - 2015-09-17 23:47 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-10-14 14:42 - 2015-09-17 23:47 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-10-14 14:42 - 2015-09-17 23:47 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-10-14 14:42 - 2015-09-17 23:46 - 15416320 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-10-14 14:42 - 2015-09-17 23:46 - 03960832 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-10-14 14:42 - 2015-09-17 23:46 - 02656768 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-10-14 14:42 - 2015-09-17 23:46 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-10-14 14:42 - 2015-09-17 23:46 - 00857600 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-10-14 14:42 - 2015-09-17 23:46 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-10-14 14:42 - 2015-09-17 23:46 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-10-14 14:42 - 2015-09-17 23:46 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-10-14 14:42 - 2015-09-17 23:46 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-10-14 14:42 - 2015-09-17 23:46 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-10-14 14:42 - 2015-09-17 23:46 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-10-14 14:42 - 2015-09-17 23:46 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-10-14 14:42 - 2015-09-17 23:46 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-10-14 14:42 - 2015-09-17 20:44 - 14290944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-10-14 14:42 - 2015-09-17 20:44 - 01763328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-10-14 14:42 - 2015-09-17 20:44 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-10-14 14:42 - 2015-09-17 20:44 - 00525824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-10-14 14:42 - 2015-09-17 20:44 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-10-14 14:42 - 2015-09-17 20:44 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-10-14 14:42 - 2015-09-17 20:44 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-10-14 14:42 - 2015-09-17 20:43 - 13775360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-10-14 14:42 - 2015-09-17 20:43 - 02866176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-10-14 14:42 - 2015-09-17 20:43 - 02056704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-10-14 14:42 - 2015-09-17 20:43 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-10-14 14:42 - 2015-09-17 20:43 - 00715264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-10-14 14:42 - 2015-09-17 20:43 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-10-14 14:42 - 2015-09-17 20:43 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-10-14 14:42 - 2015-09-17 20:43 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-10-14 14:42 - 2015-09-17 20:43 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-10-14 14:42 - 2015-09-17 20:43 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2015-10-14 14:42 - 2015-09-17 20:43 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-10-14 14:42 - 2015-09-17 20:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-10-14 14:42 - 2015-09-17 20:43 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-10-14 14:42 - 2015-09-17 18:58 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-10-14 14:42 - 2015-09-17 18:58 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-10-14 14:42 - 2015-09-17 18:31 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-10-14 14:42 - 2015-09-17 18:27 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-10-14 14:42 - 2015-09-17 18:06 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2015-10-14 14:42 - 2015-09-17 18:02 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-10 02:29 - 2012-02-07 12:53 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-10 01:56 - 2012-03-25 01:49 - 00000000 ____D C:\Users\HD\Documents\Films
2015-11-10 01:43 - 2013-02-15 10:35 - 00000000 ____D C:\Program Files (x86)\ElcomSoft
2015-11-10 01:42 - 2011-09-23 08:42 - 00000000 ____D C:\ProgramData\Temp
2015-11-10 01:36 - 2012-06-03 00:46 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-11-10 01:17 - 2012-01-02 15:35 - 00000000 ____D C:\Users\HD\AppData\Roaming\DAEMON Tools Lite
2015-11-10 00:55 - 2013-01-08 11:51 - 00000000 ____D C:\Users\HD\AppData\Local\Pearson VUE Common
2015-11-10 00:47 - 2013-01-08 01:12 - 00000000 ____D C:\Program Files (x86)\HTC
2015-11-10 00:47 - 2012-01-20 01:31 - 00000000 ____D C:\Users\HD\AppData\Local\Downloaded Installations
2015-11-10 00:46 - 2011-09-23 08:32 - 00031616 _____ C:\Windows\DPINST.LOG
2015-11-10 00:42 - 2012-01-04 21:25 - 00011728 _____ C:\Windows\TdiInstall.log
2015-11-10 00:42 - 2012-01-04 21:25 - 00000000 ____D C:\Users\HD\AppData\Roaming\Birdstep Technology
2015-11-10 00:42 - 2012-01-04 21:25 - 00000000 ____D C:\ProgramData\Birdstep Technology
2015-11-10 00:42 - 2011-07-16 06:18 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-11-10 00:37 - 2009-07-14 04:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-10 00:37 - 2009-07-14 04:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-10 00:35 - 2011-09-23 08:35 - 01884694 _____ C:\Windows\WindowsUpdate.log
2015-11-10 00:35 - 2009-07-14 05:13 - 00726444 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-10 00:31 - 2011-12-30 11:43 - 00003902 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{61AB342F-D81B-48E5-8BC6-556E460029F9}
2015-11-10 00:30 - 2015-03-30 21:25 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-11-10 00:30 - 2011-12-30 11:39 - 00000000 ____D C:\Users\HD\AppData\LocalLow\AuthenTec
2015-11-10 00:29 - 2015-03-31 18:36 - 00003650 _____ C:\Windows\setupact.log
2015-11-10 00:29 - 2015-01-24 11:22 - 00000000 ____D C:\Users\HD\AppData\Local\YhPack
2015-11-10 00:29 - 2015-01-24 11:21 - 00000000 ____D C:\Users\HD\AppData\Local\Ifsoft
2015-11-10 00:29 - 2013-11-13 18:20 - 00000000 ____D C:\ProgramData\Ad-Aware Browsing Protection
2015-11-10 00:29 - 2012-02-07 12:53 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-10 00:29 - 2009-07-14 05:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-10 00:06 - 2015-08-13 14:44 - 00000000 ____D C:\Program Files (x86)\QuickTime
2015-11-10 00:06 - 2012-06-04 19:32 - 00000000 ____D C:\Program Files (x86)\Winamp
2015-11-09 23:56 - 2015-03-30 21:25 - 00001102 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-11-09 23:56 - 2015-03-30 21:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-11-09 23:56 - 2015-03-30 21:25 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-11-09 23:43 - 2010-11-21 03:47 - 00646120 _____ C:\Windows\PFRO.log
2015-11-09 21:46 - 2012-04-11 17:22 - 00003230 _____ C:\Windows\System32\Tasks\SidebarExecute
2015-11-09 21:01 - 2012-10-13 06:31 - 00000000 ____D C:\Users\HD\Documents\Interview questions
2015-11-09 00:39 - 2012-08-06 09:25 - 00000000 ____D C:\Users\HD\AppData\Roaming\Skype
2015-11-05 16:52 - 2012-01-11 18:46 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2015-11-01 23:13 - 2015-01-12 21:28 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-10-27 09:53 - 2012-06-25 20:36 - 00003168 _____ C:\Windows\System32\Tasks\HPCeeScheduleForHD
2015-10-27 09:53 - 2012-06-25 20:36 - 00000320 _____ C:\Windows\Tasks\HPCeeScheduleForHD.job
2015-10-26 19:16 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\rescache
2015-10-24 12:50 - 2012-02-24 21:36 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-10-18 21:36 - 2012-06-03 00:46 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-10-18 21:36 - 2012-06-03 00:46 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-10-18 21:36 - 2011-07-16 06:05 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-15 22:41 - 2012-01-18 18:28 - 00000000 ____D C:\Users\HD\AppData\Local\CrashDumps
2015-10-15 14:19 - 2014-02-27 17:04 - 00002453 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk
2015-10-15 14:19 - 2014-02-27 17:04 - 00002210 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe FormsCentral.lnk
2015-10-15 14:19 - 2014-02-27 17:04 - 00002049 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk
2015-10-15 12:15 - 2014-04-11 19:00 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-10-15 12:08 - 2013-08-17 11:52 - 00000000 ____D C:\Windows\system32\MRT
2015-10-15 11:59 - 2012-01-11 18:38 - 143481208 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-10-15 11:58 - 2012-01-02 15:45 - 00000000 ____D C:\ProgramData\Microsoft Help
 
==================== Files in the root of some directories =======
 
2012-05-21 22:31 - 2012-05-21 22:31 - 0000000 _____ () C:\Users\HD\AppData\Roaming\.googlewebacchosts
2015-03-29 22:14 - 2015-03-29 22:14 - 0008572 _____ () C:\Users\HD\AppData\Roaming\HELP_DECRYPT.HTML
2015-03-29 22:14 - 2015-03-29 22:14 - 0045306 _____ () C:\Users\HD\AppData\Roaming\HELP_DECRYPT.PNG
2015-03-29 22:14 - 2015-03-29 22:14 - 0004226 _____ () C:\Users\HD\AppData\Roaming\HELP_DECRYPT.TXT
2015-03-29 22:14 - 2015-03-29 22:14 - 0000276 _____ () C:\Users\HD\AppData\Roaming\HELP_DECRYPT.URL
2015-08-27 15:11 - 2015-08-27 15:11 - 0000038 ___SH () C:\Users\HD\AppData\Local\69ff07055291669bb2b218.72821112
2015-03-29 22:13 - 2015-03-29 22:13 - 0008572 _____ () C:\Users\HD\AppData\Local\HELP_DECRYPT.HTML
2015-03-29 22:13 - 2015-03-29 22:13 - 0045306 _____ () C:\Users\HD\AppData\Local\HELP_DECRYPT.PNG
2015-03-29 22:13 - 2015-03-29 22:13 - 0004226 _____ () C:\Users\HD\AppData\Local\HELP_DECRYPT.TXT
2015-03-29 22:13 - 2015-03-29 22:13 - 0000276 _____ () C:\Users\HD\AppData\Local\HELP_DECRYPT.URL
2015-03-29 22:12 - 2015-03-29 22:12 - 0008572 _____ () C:\ProgramData\HELP_DECRYPT.HTML
2015-03-29 22:12 - 2015-03-29 22:12 - 0045306 _____ () C:\ProgramData\HELP_DECRYPT.PNG
2015-03-29 22:12 - 2015-03-29 22:12 - 0004226 _____ () C:\ProgramData\HELP_DECRYPT.TXT
2015-03-29 22:12 - 2015-03-29 22:12 - 0000276 _____ () C:\ProgramData\HELP_DECRYPT.URL
2012-01-21 18:07 - 2014-03-12 18:35 - 0002111 _____ () C:\ProgramData\hpzinstall.log
 
Files to move or delete:
====================
C:\Users\HD\DeletePrintJobs.cmd
 
 
Some files in TEMP:
====================
C:\Users\HD\AppData\Local\Temp\HitmanPro.exe
C:\Users\HD\AppData\Local\Temp\ose00000.exe
C:\Users\HD\AppData\Local\Temp\Quarantine.exe
C:\Users\HD\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-10-31 01:52
 
==================== End of FRST.txt ============================
 
Link to post
Share on other sites
  • Replies 55
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Posted Images

cwallremove

cwallremove

Posted
  • Author
Posted
 



Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-11-2015

Ran by HD (2015-11-10 02:35:28)

Running from C:\Users\HD\Downloads

Windows 7 Home Premium Service Pack 1 (X64) (2011-12-30 11:39:07)

Boot Mode: Normal

==========================================================

 

 

==================== Accounts: =============================

 

Administrator (S-1-5-21-790991912-2550835033-3860445865-500 - Administrator - Disabled)

Guest (S-1-5-21-790991912-2550835033-3860445865-501 - Limited - Disabled)

HD (S-1-5-21-790991912-2550835033-3860445865-1000 - Administrator - Enabled) => C:\Users\HD

HomeGroupUser$ (S-1-5-21-790991912-2550835033-3860445865-1002 - Limited - Enabled)

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: AVG AntiVirus Free Edition 2012 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: AVG AntiVirus Free Edition 2012 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

 

==================== Installed Programs ======================

 

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

1400 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden

1400_Help (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden

1400Trb (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden

Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.13 - Adobe Systems)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.7.0.1860 - Adobe Systems Incorporated)

Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.6 - Adobe Systems Incorporated)

Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.226 - Adobe Systems Incorporated)

Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.226 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)

Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)

Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden

AIO_CDB_ProductContext (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden

AIO_CDB_Software (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden

AIO_Scan (x32 Version: 130.0.421.000 - Hewlett-Packard) Hidden

Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)

Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

AuthenTec TrueAPI (Version: 1.3.0.111 - AuthenTec, Inc.) Hidden

AVG 2012 (HKLM\...\AVG) (Version: 2012.1.2258 - AVG Technologies)

AVG 2012 (Version: 12.0.4311 - AVG Technologies) Hidden

AVG 2012 (Version: 12.1.2258 - AVG Technologies) Hidden

BBC iPlayer Desktop (HKLM-x32\...\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1) (Version: 3.2.15 - British Broadcasting Corp.)

BBC iPlayer Desktop (x32 Version: 3.2.15 - British Broadcasting Corp.) Hidden

Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden

Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden

Blasterball 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden

BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden

Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden

Chronicles of Albian (x32 Version: 2.2.0.95 - WildTangent) Hidden

Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden

Cradle of Rome 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden

CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.1.4119 - CyberLink Corp.)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden

DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden

DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.24 - DivX, LLC)

DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden

ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{E96CAA2A-0244-4A2A-8403-0C3C9534778B}) (Version: 2.1.1 - Hewlett-Packard)

Excel Password Recovery Master 3.6 (HKLM-x32\...\Excel Password Recovery Master_is1) (Version:  - )

Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden

FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden

Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden

Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.80 - Google Inc.)

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden

Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden

GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden

Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden

HP Documentation (HKLM-x32\...\{DE15C5EC-7C30-44BF-ACEB-03960FC5601D}) (Version: 1.1.1.0 - Hewlett-Packard)

HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)

HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)

HP Launch Box (HKLM\...\{5A847522-375C-4D05-BD3D-88C450CC047F}) (Version: 1.1.5 - Hewlett-Packard Company)

HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)

HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)

HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B (HKLM\...\{B61ED343-0B14-4241-999C-490CB1A20DA4}) (Version: 13.0 - HP)

HP Power Manager (HKLM-x32\...\{7E799992-5DA0-4A1A-9443-B1836B063FEC}) (Version: 1.4.8 - Hewlett-Packard Company)

HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company)

HP QuickWeb (HKLM-x32\...\{8B52057C-15DB-433E-957C-E279BC7D07E3}) (Version: 3.1.0.9742 - Hewlett-Packard Company)

HP Setup (HKLM-x32\...\{5036764A-435D-40C9-869C-31085A3D741D}) (Version: 8.7.4751.3798 - Hewlett-Packard Company)

HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13476.3753 - Hewlett-Packard Company)

HP SimplePass PE 2011 (HKLM-x32\...\{31CEFF4E-B6D1-46A5-9169-7C67570E7FFA}) (Version: 5.3.0.163 - Hewlett-Packard)

HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)

HP Software Framework (HKLM-x32\...\{675D093B-815D-47FD-AB2C-192EC751E8E2}) (Version: 4.6.10.1 - Hewlett-Packard Company)

HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)

HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)

HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)

HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden

HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden

HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden

HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden

HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden

IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6365.0 - IDT)

InstallConverter (HKLM-x32\...\InstallConverter) (Version: 1.0 - InstallConverter)

Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)

Intel® Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2372 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.5.0.1026 - Intel Corporation)

IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC)

iTunes (HKLM\...\{6CF1A7E2-8001-4870-9F18-3C6CDD6FE9E3}) (Version: 12.2.1.16 - Apple Inc.)

Java 6 Update 37 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216035FF}) (Version: 6.0.370 - Oracle)

Jewel Quest: The Sleepless Star - Collector's Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden

Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden

Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)

Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)

Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)

Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft SQL Server Compact 3.5 SP1 English (HKLM-x32\...\{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}) (Version: 3.5.5692.0 - Microsoft Corporation)

Microsoft SQL Server Compact 3.5 SP1 x64 English (HKLM\...\{F83779DF-E1F5-43A2-A7BE-732F856FADB7}) (Version: 3.5.5692.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)

MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)

MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)

Mystery of Mortlake Mansion (x32 Version: 2.2.0.97 - WildTangent) Hidden

Namco All-Stars: PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden

NETGEAR WNDA3200 wireless adapter Setup (HKLM-x32\...\{9B02F55E-7E6B-4226-8E67-76514D33FD41}_is1) (Version: 1.0.0.11 - NETGEAR)

Network64 (Version: 130.0.572.000 - Hewlett-Packard) Hidden

Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden

OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)

Opera 12.16 (HKLM-x32\...\Opera 12.16.1860) (Version: 12.16.1860 - Opera Software ASA)

Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden

Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden

Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden

Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden

Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden

QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)

Ralink RT5390 802.11b/g/n WiFi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 3.2.13.0 - Ralink)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)

Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.85 - Realtek Semiconductor Corp.)

Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) Hidden

Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden

Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)

Slingo Supreme (x32 Version: 2.2.0.97 - WildTangent) Hidden

SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden

SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden

Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden

Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.11.0 - Synaptics Incorporated)

Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden

TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden

UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden

Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)

Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden

USB Storage Driver (HKLM-x32\...\GENEUIDE) (Version:  - )

Vacation Quest - The Hawaiian Islands (x32 Version: 2.2.0.97 - WildTangent) Hidden

VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden

VIP Access SDK (1.0.1.2)  (HKLM-x32\...\VIP Access SDK) (Version: 1.0.1.2 - Symantec Inc.)

Virtual Villagers 5 - New Believers (x32 Version: 2.2.0.97 - WildTangent) Hidden

Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)

Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)

Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)

Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)

WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden

WildTangent Games App (HP Games) (x32 Version: 4.0.5.2 - WildTangent) Hidden

Winamp (HKLM-x32\...\Winamp) (Version: 5.623  - Nullsoft, Inc)

Winamp Detector Plug-in (HKU\S-1-5-21-790991912-2550835033-3860445865-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)

Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

WinRAR 4.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)

ZTE_1.2059.0.8 (HKLM-x32\...\ZTE_1.2059.0.8) (Version:  - )

Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

 

==================== Custom CLSID (Whitelisted): ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== Restore Points =========================

 

15-10-2015 11:46:08 Windows Update

23-10-2015 10:32:20 Windows Update

29-10-2015 18:43:14 Windows Update

05-11-2015 08:20:00 Windows Update

09-11-2015 21:42:33 Installed AVG 2012

09-11-2015 21:43:31 Installed AVG 2012

10-11-2015 00:41:59 Removed 3Connect

10-11-2015 00:44:09 Removed HTC BMP USB Driver.

10-11-2015 00:44:42 Removed HTC Driver Installer.

10-11-2015 00:46:30 Removed HTC Sync.

10-11-2015 00:49:24 Removed PDFill FREE PDF Tools

10-11-2015 00:54:26 Removed Pearson VUE Tutorial and Demo

10-11-2015 00:56:27 Removed IPTInstaller

10-11-2015 01:21:21 Removed inSSIDer Home

 

==================== Hosts content: ===============================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2009-07-14 02:34 - 2015-03-31 18:27 - 00000019 ____A C:\Windows\system32\Drivers\etc\hosts

 

127.0.0.1 localhost

 

==================== Scheduled Tasks (Whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

Task: {0D953963-EE46-473B-95C8-1263B4C2D731} - System32\Tasks\HPCeeScheduleForHD => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)

Task: {143AC611-7445-431E-99B1-5036BBF51DE5} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)

Task: {32112E33-1530-42F3-975F-ECDB8134B02E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.)

Task: {383A2E06-95D1-43B8-AC4E-AB7F0F019516} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)

Task: {3CC6E8EE-F4B5-45DC-B07C-3C5EBD36A657} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)

Task: {3E38FDB1-07DB-4542-A004-E3F3DC83DE6B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-18] (Adobe Systems Incorporated)

Task: {46F54200-3015-4D3D-9CB1-48777A971FE1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-10-20] (Hewlett-Packard)

Task: {66F996CF-CB4F-4007-9F13-E578BD18DD05} - System32\Tasks\{5A7748BB-DEE4-4341-81D7-C4A57563A6D6} => pcalua.exe -a C:\Users\HD\Downloads\AdobeAIRInstaller.exe -d C:\Users\HD\Desktop

Task: {72C19120-9B73-40C5-898A-9C607C6A757D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)

Task: {79E741BA-842F-4C71-A5F9-16C85212FA65} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)

Task: {7D195A02-9CCB-433A-A560-76A68C4C4903} - System32\Tasks\{B8255646-8301-4024-8695-3F0E95711F24} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.1.0.129.272/en/abandoninstall?page=tsProgressBar

Task: {7F468A3D-8A16-439B-B62D-BBE5F6DC55B2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {81D92224-3B71-4D70-83BE-0FB1EA889468} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)

Task: {8C1590CA-546A-48F0-9FB4-02F1B5A5FA60} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2011-06-28] ()

Task: {DA9EC47A-C905-4FF8-9009-B8F3B68660E7} - System32\Tasks\{85932C58-3690-48DF-A1E5-09073CFC0FEC} => pcalua.exe -a C:\Users\HD\Downloads\CF_101.exe -d C:\Users\HD\Desktop

Task: {DCA20E7B-2573-4556-8A62-B4E59CE47D9A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.)

Task: {E1B00C8A-A174-4A0C-8AA0-27364EE8DE89} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2011-06-28] ()

Task: {F54C477F-4CF8-41F8-9C2E-8F36CB39C2B0} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-17] ()

Task: {F799B1DD-E5F0-44AE-AE99-FFBD0D76EF20} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-06-16] (CyberLink)

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\HPCeeScheduleForHD.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe

 

==================== Loaded Modules (Whitelisted) ==============

 

2015-05-15 15:26 - 2015-05-15 15:26 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

2015-05-15 15:26 - 2015-05-15 15:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

2012-01-02 14:28 - 2011-03-02 12:40 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll

2011-05-10 17:56 - 2011-05-10 17:56 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll

2013-02-13 02:37 - 2013-02-13 02:37 - 01263952 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

2013-05-29 11:17 - 2013-05-29 11:17 - 00142336 _____ () C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe

2013-02-13 02:38 - 2013-02-13 02:38 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll

2014-10-21 19:16 - 2014-10-21 19:16 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\c152a64e30c5b94894d75ac86aa7aad2\IsdiInterop.ni.dll

2011-09-23 08:33 - 2011-04-30 07:28 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

2015-10-24 12:50 - 2015-10-20 14:08 - 01532744 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\libglesv2.dll

2015-10-24 12:50 - 2015-10-20 14:08 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\libegl.dll

2015-07-14 17:20 - 2015-07-14 17:20 - 00756376 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL

 

==================== Alternate Data Streams (Whitelisted) =========

 

(If an entry is included in the fixlist, only the ADS will be removed.)

 

AlternateDataStreams: C:\ProgramData\Temp:16EAB5F6

AlternateDataStreams: C:\ProgramData\Temp:8FFC7CF4

 

==================== Safe Mode (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

 

==================== EXE Association (Whitelisted) ===============

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

 

 

==================== Internet Explorer trusted/restricted ===============

 

(If an entry is included in the fixlist, it will be removed from the registry.)

 

 

==================== Other Areas ============================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-790991912-2550835033-3860445865-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\HD\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

DNS Servers: 8.8.8.8

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is enabled.

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

(Currently there is no automatic fix for this section.)

 

 

==================== FirewallRules (Whitelisted) ===============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

FirewallRules: [{614582A4-85F4-4C37-8364-E1055222BD3F}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

FirewallRules: [{05BA44B1-9770-45D8-9AEB-8A9EBCE29E3B}] => (Allow) LPort=2869

FirewallRules: [{40076678-29C4-4030-8008-E1E7822C5D11}] => (Allow) LPort=1900

FirewallRules: [{A20B9249-5652-4BC4-9983-CEF3B596645B}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

FirewallRules: [{CD60A239-BFF2-481C-B2EA-A9436150C130}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe

FirewallRules: [{15AE612D-A7E6-4E6A-B3AA-2A84844E70A5}] => (Allow) C:\Windows\system32\ezSharedSvcHost.exe

FirewallRules: [{4162BB8F-D695-4E33-8195-265740A3D167}] => (Allow) C:\Program Files (x86)\EasyBits For Kids\ezDesktop.exe

FirewallRules: [{7615B21B-A1E2-4992-97AE-FD11A2AC48AA}] => (Allow) C:\Users\HD\AppData\Local\Temp\7zS206C\hppiw.exe

FirewallRules: [{78A2D2C3-E8F9-4D6C-9728-F32173EA98A5}] => (Allow) C:\Users\HD\AppData\Local\Temp\7zS206C\hppiw.exe

FirewallRules: [{A5728895-2EF5-459F-A3A9-77BC15310319}] => (Allow) C:\Users\HD\AppData\Local\Temp\7zS24A8\hppiw.exe

FirewallRules: [{67617C66-01AA-4FCF-B22E-50C8E0D93C50}] => (Allow) C:\Users\HD\AppData\Local\Temp\7zS24A8\hppiw.exe

FirewallRules: [{2137483A-98EF-43A2-8FA7-D62180418D41}] => (Allow) C:\Users\HD\AppData\Local\Temp\7zS2C11\hppiw.exe

FirewallRules: [{2DA8ED79-F6D5-4D09-8533-D8397300651A}] => (Allow) C:\Users\HD\AppData\Local\Temp\7zS2C11\hppiw.exe

FirewallRules: [{69B22D2E-36E5-455F-A483-83A0DAED92CA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{FE2E9389-0938-4F43-810F-C541956DA062}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{D94837B6-FF3F-4C9F-9691-4D5C7CDAC8F5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{30AF7599-9503-45ED-ADEE-354C4C56436D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [TCP Query User{7FBA15FC-D1BC-48E6-9F26-000349A0E0F5}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe

FirewallRules: [uDP Query User{45977704-FF79-4161-843F-A1F3D3F21426}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe

FirewallRules: [{B20B3A39-2E5C-4256-B237-C6352D0A2FE2}] => (Block) C:\program files (x86)\winamp\winamp.exe

FirewallRules: [{3DEE8EF9-F73E-41E2-8EF7-796F1AB4D18F}] => (Block) C:\program files (x86)\winamp\winamp.exe

FirewallRules: [{2C14F5A5-D77D-4E46-A17F-BD6CFD44726C}] => (Allow) C:\Program Files (x86)\BearShare Applications\BearShare\BearShare.exe

FirewallRules: [{7173E337-6968-4A88-A495-92BAB3871430}] => (Allow) C:\Program Files (x86)\BearShare Applications\BearShare\BearShare.exe

FirewallRules: [TCP Query User{EB31D149-71BA-46AB-8AE3-6A0B84769905}C:\program files (x86)\bearshare applications\bearshare\bearshare.exe] => (Allow) C:\program files (x86)\bearshare applications\bearshare\bearshare.exe

FirewallRules: [uDP Query User{27EE48CE-257B-4112-80D7-F3A0C82CBFE8}C:\program files (x86)\bearshare applications\bearshare\bearshare.exe] => (Allow) C:\program files (x86)\bearshare applications\bearshare\bearshare.exe

FirewallRules: [{45BF514C-B32F-44CB-95BB-B507E774802D}] => (Allow) C:\Program Files (x86)\FrostWire 5\FrostWire.exe

FirewallRules: [{4F3512B4-6D00-4618-8C7F-9C29B1E088E0}] => (Allow) C:\Program Files (x86)\FrostWire 5\FrostWire.exe

FirewallRules: [{EC1DE418-D0D1-44E4-A0E6-4BE4EC461D70}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe

FirewallRules: [{11D4EDA4-7974-4C9F-87CB-3974DE2C0619}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe

FirewallRules: [{952270A4-B69D-4123-92FE-453D83C3631E}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe

FirewallRules: [TCP Query User{0F10156A-C338-4CD5-A2FB-FD967B5224B3}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe

FirewallRules: [uDP Query User{E267FAEE-95A5-4A1A-A543-2144CE00B3BD}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe

FirewallRules: [TCP Query User{9C05F0F2-0AA9-4FF7-B680-EDDDB27BEC00}C:\users\hd\appdata\local\pearson vue common\jre\jre1.6.0_29\bin\java.exe] => (Allow) C:\users\hd\appdata\local\pearson vue common\jre\jre1.6.0_29\bin\java.exe

FirewallRules: [uDP Query User{874FE1F8-2A7D-4897-8B7F-7BC64CE6FA8B}C:\users\hd\appdata\local\pearson vue common\jre\jre1.6.0_29\bin\java.exe] => (Allow) C:\users\hd\appdata\local\pearson vue common\jre\jre1.6.0_29\bin\java.exe

FirewallRules: [{5AB6D06C-4816-4AE6-A9AE-B3321A20BE82}] => (Allow) C:\Program Files (x86)\Opera\opera.exe

FirewallRules: [{A590A189-28AC-4665-BD3B-CCF14200B8A9}] => (Allow) C:\Program Files (x86)\Opera\opera.exe

FirewallRules: [{B06A38BE-C9DD-47DC-BBB1-28C094A54699}] => (Allow) C:\Users\HD\AppData\Local\Temp\7zS1C4A\hppiw.exe

FirewallRules: [{8A98DBAB-877A-4372-8A3B-36D1ECA05F99}] => (Allow) C:\Users\HD\AppData\Local\Temp\7zS1C4A\hppiw.exe

FirewallRules: [{52016BED-F6A4-41B3-95CA-584C7283179E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

FirewallRules: [{AAB9FA19-584B-4F0B-8735-EF0AEB9E1F44}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe

FirewallRules: [{4E4AF0F6-053B-4DD9-93C5-7D0D0F3AE78F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe

FirewallRules: [{EEB9B7F5-6846-4C7A-90A7-9AB9DE297967}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe

FirewallRules: [{E56361B4-BAAA-4E0C-BA78-AFA0C8BF9EEC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe

FirewallRules: [{927ED191-A1BA-457A-B81F-705E050F5838}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe

FirewallRules: [{180B1B1C-AB27-4A38-8B56-03D3D0E382B3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe

FirewallRules: [{8034EEB2-9EB6-4EBF-8C7D-4E0B10FFEC62}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe

FirewallRules: [{F1AF2D08-4189-4B23-8505-2B5DE74106D5}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe

FirewallRules: [{C7F537BF-1F48-408E-9CF1-D4CD99A069F9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe

FirewallRules: [{FED2820C-3BE5-459D-A972-BC85558880B8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqnrs08.exe

FirewallRules: [{F52DEE61-44B9-4B1F-A796-D20781B0D1AF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe

FirewallRules: [{066F02D9-D367-4A94-B688-894246EDF8D3}] => (Allow) C:\Program Files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe

FirewallRules: [{3ECFFB87-C2EB-4FBF-9933-8BA8C6AB5099}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsudi.exe

FirewallRules: [{26FD7136-A615-42FE-B0B2-798D0F34A2CA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpsapp.exe

FirewallRules: [{D9A59CC1-9C03-47AC-9616-BCC47DD0B52D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe

FirewallRules: [{C1198291-7293-4D82-AE9C-45AA8887275C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe

FirewallRules: [{4B5ACC21-9E60-4F9C-9186-D943F9A347BA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpse.exe

FirewallRules: [{CA61B0C9-BF1A-43B4-8974-01D52A4138F9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe

FirewallRules: [{EB87E9D5-47D3-4AA7-B1FE-4A7C6B815EDC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

FirewallRules: [{1469B0AA-E6B7-4D4D-ACAD-8FEC8B737116}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe

FirewallRules: [{4E67A9F6-EF4C-4AC7-84AA-3141A7F96137}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe

FirewallRules: [{CEEFA4F0-41B8-40EA-A083-65E1FFE58157}] => (Allow) C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\dtUser.exe

FirewallRules: [{4B3E233F-818A-4EED-B9CF-8CE46094EFA6}] => (Allow) C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\dtUser.exe

FirewallRules: [{D38A1C7A-DDE5-40FB-919E-900038CAC138}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe

FirewallRules: [{46926604-3383-40BA-82EA-276FCD7B9B70}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe

FirewallRules: [{C2E24CF7-4579-4C68-A355-394A9EA59082}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe

FirewallRules: [{B5174953-5218-4DFA-A783-0C641FFD738D}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe

FirewallRules: [{DD230501-6B1B-498A-AB59-7BB4CC4E8312}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe

FirewallRules: [{0B5DCFA4-D24A-4828-9A2B-B2D6DC5D4100}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe

FirewallRules: [{546C7B2E-5DA5-480E-AB9D-3F2179E3C302}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe

FirewallRules: [{EE5AD014-01F0-443E-B773-497948BEC93B}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe

FirewallRules: [{96BBB5B0-633F-4960-B31D-47D31FDBA3D0}] => (Allow) C:\Windows\explorer.exe

FirewallRules: [{268C26D6-3337-4BA3-AC87-F7899D55FB9B}] => (Allow) C:\Windows\explorer.exe

FirewallRules: [{600E0492-257C-4875-B9F3-149BCA223887}] => (Allow) C:\Windows\SysWOW64\explorer.exe

FirewallRules: [{CCA6D64B-6399-4138-A5D1-902F743997BE}] => (Allow) C:\Windows\SysWOW64\explorer.exe

FirewallRules: [TCP Query User{63A4573B-7E0D-45B5-A8CD-F7F1B4B13E92}C:\windows\syswow64\explorer.exe] => (Block) C:\windows\syswow64\explorer.exe

FirewallRules: [uDP Query User{4CA47036-11E7-4A08-A894-E2541658573A}C:\windows\syswow64\explorer.exe] => (Block) C:\windows\syswow64\explorer.exe

FirewallRules: [{29BFDFC6-FEDE-4B24-8678-B00039405859}] => (Allow) C:\Users\HD\AppData\Local\Temp\nsq33FC.tmp\CnetInstaller-10794603.exe

FirewallRules: [{CD8B1EF3-2138-4A91-857F-67E5F0EEE35D}] => (Allow) C:\Users\HD\AppData\Local\Temp\nsq33FC.tmp\CnetInstaller-10794603.exe

FirewallRules: [{B4A5D356-CE28-4662-9F32-5F4F3D808943}] => (Allow) C:\Program Files\iTunes\iTunes.exe

FirewallRules: [{2FB105A2-84F4-4CB6-8A4C-6688FC0BA0D6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

FirewallRules: [{FD58475D-A4B2-46FE-AEFB-9504BACA4701}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe

FirewallRules: [{D328FEEC-52BB-4E78-8D42-8BD8324F0CB2}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe

FirewallRules: [{654AB552-EE35-419A-83E0-87B616873C4A}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe

FirewallRules: [{353B62DB-B659-4D19-9B77-75A1C5AD2A32}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe

FirewallRules: [{85DBBF5C-02D5-4CEE-8397-595D63941A81}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe

FirewallRules: [{6A33AF2B-4A2F-42ED-831A-C268AA173FAB}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe

FirewallRules: [{F6DFD1FE-2585-4BA4-BF48-4808905F1EBA}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe

FirewallRules: [{277AB371-899F-4DDD-8985-339A17EE70F2}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgemca.exe

FirewallRules: [{F5ADCCAC-97D6-44C2-8051-6D4D0ACC1807}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgemca.exe

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (11/10/2015 01:57:57 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program winamp.exe version 5.6.2.3199 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

 

Process ID: 1dd0

 

Start Time: 01d11b5a488ee97a

 

Termination Time: 10

 

Application Path: C:\Program Files (x86)\Winamp\winamp.exe

 

Report Id:

 

Error: (11/10/2015 01:46:13 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program winamp.exe version 5.6.2.3199 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

 

Process ID: 1104

 

Start Time: 01d11b5953ac369d

 

Termination Time: 20

 

Application Path: C:\Program Files (x86)\Winamp\winamp.exe

 

Report Id:

 

Error: (11/10/2015 12:57:20 AM) (Source: MsiInstaller) (EventID: 11721) (User: HD-HP)

Description: Product: IPTInstaller -- Error 1721. There is a problem with this Windows Installer package. A program required for this install to complete could not be run. Contact your support personnel or package vendor. Action: _D1AC4EC6_7CC2_45B1_99F7_828B9E5226E2, location: C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe, command: /uninstall

 

Error: (11/10/2015 12:30:20 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (11/10/2015 12:12:35 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (11/10/2015 12:09:34 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (11/09/2015 11:45:35 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (11/09/2015 11:40:04 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (11/09/2015 11:08:25 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program iexplore.exe version 10.0.9200.17519 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

 

Process ID: 1740

 

Start Time: 01d11b42b1f7f00f

 

Termination Time: 9

 

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

 

Report Id: c4a7187e-8736-11e5-8d52-101f74b4ad6b

 

Error: (11/09/2015 09:55:35 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

 

System errors:

=============

Error: (11/10/2015 12:31:56 AM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: The HP Network Devices Support service terminated with the following error: 

%%126

 

Error: (11/10/2015 12:29:55 AM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.

 

Error: (11/10/2015 12:29:02 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Mobile IP Route Manager service failed to start due to the following error: 

%%1275

 

Error: (11/10/2015 12:29:02 AM) (Source: Application Popup) (EventID: 1060) (User: )

Description: \??\C:\Windows\SysWow64\drivers\mdvrmng.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

 

Error: (11/10/2015 12:27:33 AM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 

%%1068

 

Error: (11/10/2015 12:27:33 AM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 

%%1068

 

Error: (11/10/2015 12:27:33 AM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 

%%1068

 

Error: (11/10/2015 12:25:27 AM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 

%%1068

 

Error: (11/10/2015 12:25:27 AM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 

%%1068

 

Error: (11/10/2015 12:25:27 AM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 

%%1068

 

 

==================== Memory info =========================== 

 

Processor: Intel® Core i5-2430M CPU @ 2.40GHz

Percentage of memory in use: 49%

Total physical RAM: 6091.86 MB

Available physical RAM: 3071.39 MB

Total Virtual: 12181.93 MB

Available Virtual: 8741.21 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:679.24 GB) (Free:552.33 GB) NTFS ==>[system with boot components (obtained from drive)]

Drive d: (Recovery) (Fixed) (Total:15.24 GB) (Free:1.65 GB) NTFS ==>[system with boot components (obtained from drive)]

Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:1.08 GB) FAT32

Drive f: (FRIENDS_SERIES1_D1A) (CDROM) (Total:3.57 GB) (Free:0 GB) UDF

Drive g: () (Removable) (Total:29.87 GB) (Free:28.42 GB) FAT32

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: EBFB7460)

Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=679.2 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=15.2 GB) - (Type=07 NTFS)

Partition 4: (Not Active) - (Size=4 GB) - (Type=0C)

 

========================================================

Disk: 1 (Size: 29.9 GB) (Disk ID: 00000000)

 

Partition: GPT.

 

==================== End of Addition.txt ============================


Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Hello and :welcome:

 

Unfortunately, at this time there is no way to recover your files without restoring from a backup or paying the ransom. We can assist you in attempting to clean the computer of the infection if you like.

You can read more about Cryptowall from here:

 

http://www.bleepingcomputer.com/virus-removal/cryptowall-ransomware-information

 

 

 

Please open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkits, Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button. Remove any threats found
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

 

 

Link to post
Share on other sites
cwallremove

cwallremove

Posted
  • Author
Posted
Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 13/11/2015

Scan Time: 12:59

Logfile: malware scan log.txt

Administrator: Yes

 

Version: 2.2.0.1024

Malware Database: v2015.11.13.04

Rootkit Database: v2015.11.13.01

License: Trial

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

 

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: HD

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 359319

Time Elapsed: 54 min, 15 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Please go ahead and run through the following steps and post back the logs when ready.
 
STEP 04
Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus


STEP 05
Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.


STEP 06
Please open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkits, Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button. Remove any threats found
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.


STEP 07
button_eos.gif

Please go here to run the online antivirus scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology


    [*]Click Scan [*]Wait for the scan to finish [*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.


STEP 08
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

Link to post
Share on other sites
cwallremove

cwallremove

Posted
  • Author
Posted
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Malwarebytes

Version: 8.0.0 (11.12.2015)

Operating System: Windows 7 Home Premium x64 

Ran by HD (Administrator) on 17/11/2015 at 14:21:50.04

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

File System: 81 

 

Failed to delete: C:\ProgramData\ad-aware browsing protection (Folder) 

Successfully deleted: C:\ProgramData\avg security toolbar (Folder) 

Successfully deleted: C:\Users\HD\AppData\Local\{06E617D0-E177-4C03-976B-52BA5FEBA827} (Empty Folder)

Successfully deleted: C:\Users\HD\AppData\Local\{0CD46F20-0BB6-435A-858F-30502304CAF4} (Empty Folder)

Successfully deleted: C:\Users\HD\AppData\Local\{0F24388D-6768-4434-B1B7-14F49C3E7058} (Empty Folder)

Successfully deleted: C:\Users\HD\AppData\Local\{105D511F-23EF-499A-9EF9-BB47A46A0E7E} (Empty Folder)

Successfully deleted: C:\Users\HD\AppData\Local\{15BA3E84-D605-4464-ABB9-6FA6DE790BA9} (Empty Folder)

Successfully deleted: C:\Users\HD\AppData\Local\{1B446B2A-7AC3-41D2-BCC1-AFD7FE56E008} (Empty Folder)

Successfully deleted: C:\Users\HD\AppData\Local\{1FEBF18A-7A38-4D7C-8264-FCFB94F85634} (Empty Folder)

Successfully deleted: C:\Users\HD\AppData\Local\{20343811-98EB-42DB-8AD6-AC98DC0BCEDB} (Empty Folder)

Successfully deleted: C:\Users\HD\AppData\Local\{219467E2-2A3B-402E-B5C8-4E3956A92D17} (Empty Folder)

Successfully deleted: C:\Users\HD\AppData\Local\{260BECAA-B0C6-4729-AE0B-C5D848AB53F1} (Empty Folder)

Successfully deleted: C:\Users\HD\AppData\Local\{2AE906D0-96D3-41CF-91A2-BE0210303690} (Empty Folder)

Successfully deleted: C:\Users\HD\AppData\Local\{2BA21354-6A57-4075-AC89-63C02ACD8381} (Empty Folder)

Successfully deleted: C:\Users\HD\AppData\Local\{338E1274-8224-448C-AF80-714E683EC805} (Empty Folder)

Successfully deleted: C:\Users\HD\AppData\Local\{34BE7072-F9B4-45CB-9AFB-2C4CB0FF6ADC} (Empty Folder)

Successfully deleted: C:\Users\HD\AppData\Local\{3E2D1983-A62F-4C33-9FFC-3CCA28245512} (Empty Folder)

Successfully deleted: C:\Users\HD\AppData\Local\{416F929B-60DE-491C-B8D6-7A0DA884FB12} (Empty Folder)

Successfully deleted: C:\Users\HD\AppData\Local\{4286EECF-37E3-4480-9FB9-CB63EF5AC237} (Empty Folder)

Successfully deleted: C:\Users\HD\AppData\Local\{42A5052E-6932-4784-8B90-820AA9839991} (Empty Folder)

Successfully deleted: C:\Users\HD\AppData\Local\{448C3DF0-1FCB-4525-AEB2-B8F6D77F5672} (Empty Folder)

Successfully deleted: C:\Users\HD\AppData\Local\{478D4ADF-F773-42F6-8B46-2A47220B32A8} (Empty Folder)

Successfully deleted: C:\Users\HD\AppData\Local\{494CB167-B091-4DD3-83A1-23FC07F6BDBC} (Empty Folder)

Successfully deleted: C:\Users\HD\AppData\Local\{4A4EFD9B-9831-4C54-B44F-75A3D8A9CF01} (Empty Folder)

Successfully deleted: C:\Users\HD\AppData\Local\{4D43E2A0-5D93-43D1-9679-A7F8CBF4EEA5} (Empty Folder)

Successfully deleted: C:\Users\HD\AppData\Local\{5036D979-B232-4E7A-B49D-DFED3F030536} (Empty Folder)

Successfully deleted: C:\Users\HD\AppData\Local\{5047F2B0-C49F-4553-8025-9D6D6ED78B54} (Empty Folder)

Successfully deleted: C:\Users\HD\AppData\Local\{565B84B2-4C42-4E33-B953-AB02E4FE0D81} (Empty Folder)

Successfully deleted: C:\Users\HD\AppData\Local\{5AE5C65A-C597-451A-AFEF-32D04E453A26} (Empty Folder)

Successfully deleted: C:\Users\HD\AppData\Local\{624F8387-B433-40E1-BC65-0553C35F6DF4} (Empty Folder)

Successfully deleted: C:\Users\HD\AppData\Local\{65C8BAEB-8BAD-4DE8-A553-8A966EBE11F2} (Empty Folder)

Successfully deleted: C:\Users\HD\AppData\Local\{6C1348D1-F2DD-45E7-A969-0DAB673F6F0E} (Empty Folder)

Successfully deleted: C:\Users\HD\AppData\Local\{75DC139A-2C67-42B9-AE67-8B24923E83EF} (Empty Folder)

Successfully deleted: C:\Users\HD\AppData\Local\{7A0637DE-CBFE-4062-A2FC-7A32D9031F4E} (Empty Folder)

Successfully deleted: C:\Users\HD\AppData\Local\{7B8F1D43-0A2E-436D-AEBB-0DE828343368} (Empty Folder)

Successfully deleted: C:\Users\HD\AppData\Local\{7EED236F-9D1B-4EFC-9DE5-AB85E9831340} (Empty Folder)

Successfully deleted: C:\Users\HD\AppData\Local\{81C6CB67-5F92-423D-8222-2D4B260E2F69} (Empty Folder)

Successfully deleted: C:\Users\HD\AppData\Local\{821E6035-6253-4D63-91D7-D9A2E4999E9B} (Empty Folder)

Successfully deleted: C:\Users\HD\AppData\Local\{8C047549-5C2D-48E1-9135-B747A835CF48} (Empty Folder)

Successfully deleted: C:\Users\HD\AppData\Local\{91939FCF-A8B4-4FFB-A7E0-13C286BD41CF} (Empty Folder)

Successfully deleted: C:\Users\HD\AppData\Local\{91F94685-C633-4E25-AAB5-1D2BCB217D36} (Empty Folder)

Successfully deleted: C:\Users\HD\AppData\Local\{974E7940-7683-428E-B3D7-1D977816FA2D} (Empty Folder)

Successfully deleted: C:\Users\HD\AppData\Local\{99FD52CD-423F-4E17-BE07-4F3360724BEB} (Empty Folder)

Successfully deleted: C:\Users\HD\AppData\Local\{9B38B8CC-1CA4-4CCD-ACA3-5CE4C415C3E3} (Empty Folder)

Successfully deleted: C:\Users\HD\AppData\Local\{9CB4AA6D-6714-4F2D-B722-657E396158F3} (Empty Folder)

Successfully deleted: C:\Users\HD\AppData\Local\{A15D5EC6-9DB6-415D-B8A0-31BF4C02C46D} (Empty Folder)

Successfully deleted: C:\Users\HD\AppData\Local\{A78F656C-A6E4-4B57-BEA4-1EF2188237C6} (Empty Folder)

Successfully deleted: C:\Users\HD\AppData\Local\{A84B0F3C-61D9-46E2-AD05-381474FE8663} (Empty Folder)

Successfully deleted: C:\Users\HD\AppData\Local\{A8E3CB9E-126D-41EC-9C3B-5C998D8C5B61} (Empty Folder)

Successfully deleted: C:\Users\HD\AppData\Local\{AE06E6AE-0E93-4183-A322-B1AA47CF8CBC} (Empty Folder)

Successfully deleted: C:\Users\HD\AppData\Local\{B1490BD8-AA98-44DC-8517-A28AECB21876} (Empty Folder)

Successfully deleted: C:\Users\HD\AppData\Local\{B345D671-6319-472E-A611-EE1B74C34CD1} (Empty Folder)

Successfully deleted: C:\Users\HD\AppData\Local\{B85AE0B6-A384-453B-A382-71FADFD5CFF1} (Empty Folder)

Successfully deleted: C:\Users\HD\AppData\Local\{C851A390-565D-418E-8016-8DAD1D56E8F4} (Empty Folder)

Successfully deleted: C:\Users\HD\AppData\Local\{C86EAD78-96CE-4DAB-BF42-39864B3FB845} (Empty Folder)

Successfully deleted: C:\Users\HD\AppData\Local\{C920D46F-EC68-4AD4-B88F-9FD49CBB1A84} (Empty Folder)

Successfully deleted: C:\Users\HD\AppData\Local\{CAA343E0-00C4-4FF0-A90D-AA0408FE2DE8} (Empty Folder)

Successfully deleted: C:\Users\HD\AppData\Local\{CB26BFB9-FB60-4475-A8D9-CCBD6D2CAA75} (Empty Folder)

Successfully deleted: C:\Users\HD\AppData\Local\{CE1148FF-E127-45A7-81D7-87F3F24767C4} (Empty Folder)

Successfully deleted: C:\Users\HD\AppData\Local\{CF32E510-1728-4FD6-B0FB-56A9BD75230D} (Empty Folder)

Successfully deleted: C:\Users\HD\AppData\Local\{D207D71A-C9CB-4A8D-ACBD-FFBB4008888A} (Empty Folder)

Successfully deleted: C:\Users\HD\AppData\Local\{D2784323-E550-4AE3-9652-BB3D69F865BC} (Empty Folder)

Successfully deleted: C:\Users\HD\AppData\Local\{D47C5A9E-2007-4A7B-9542-B9105BF4D128} (Empty Folder)

Successfully deleted: C:\Users\HD\AppData\Local\{D6EEE5B2-2499-4BDA-B5A7-DFBD98DC4A59} (Empty Folder)

Successfully deleted: C:\Users\HD\AppData\Local\{DD1CD3D4-787A-4F3D-B890-D2A262BA2E3D} (Empty Folder)

Successfully deleted: C:\Users\HD\AppData\Local\{DD3B0D81-5310-4B82-B13C-A9AF606B803B} (Empty Folder)

Successfully deleted: C:\Users\HD\AppData\Local\{E116B460-55A8-480F-A1D8-099A6814F298} (Empty Folder)

Successfully deleted: C:\Users\HD\AppData\Local\{E253C0BC-52F6-40F1-B7E5-EA05B3043EF0} (Empty Folder)

Successfully deleted: C:\Users\HD\AppData\Local\{E58F72D1-4F6A-429A-A889-51B7CC47E984} (Empty Folder)

Successfully deleted: C:\Users\HD\AppData\Local\{E68948E4-6CCD-4FAC-979D-1ADFA391D487} (Empty Folder)

Successfully deleted: C:\Users\HD\AppData\Local\{EAA9E959-18F9-4A9B-9EE7-6C75502B0270} (Empty Folder)

Successfully deleted: C:\Users\HD\AppData\Local\{EE0AB7AA-21A1-4D2C-A512-C4C81B81AF81} (Empty Folder)

Successfully deleted: C:\Users\HD\AppData\Local\{EF88A45C-1375-4CC7-BE07-B3D7F01CA598} (Empty Folder)

Successfully deleted: C:\Users\HD\AppData\Local\{F5358A8E-BB61-4E7B-B5F5-52750D199713} (Empty Folder)

Successfully deleted: C:\Users\HD\AppData\Local\{F5F72BDD-F05B-4DEF-A602-BB29EF3719DD} (Empty Folder)

Successfully deleted: C:\Users\HD\AppData\Local\{F8AEE973-5252-47CA-B00A-A81DC3BDA050} (Empty Folder)

Successfully deleted: C:\Users\HD\AppData\Local\{FCD13A40-282B-45BA-9A15-0822B0CEB246} (Empty Folder)

Successfully deleted: C:\Users\HD\AppData\Local\{FE46D0AD-E6B8-4EE6-BCC6-473DFBC101D0} (Empty Folder)

Successfully deleted: C:\Users\HD\AppData\Local\adawarebp (Folder) 

Successfully deleted: C:\Users\HD\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal (File) 

Successfully deleted: C:\Users\HD\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage (File) 

 

 

 

Registry: 7 

 

Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\Ad-Aware Browsing Protection (Registry Value) 

Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\vToolbarUpdater40.1.8 (Registry Key) 

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page (Registry Value) 

Successfully deleted: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} (Registry Key)

Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{486C7B30-EB16-4426-B1BC-4C0D77815160} (Registry Key)

Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} (Registry Key)

Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Main\\Start Page (Registry Value) 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 17/11/2015 at 14:26:21.41

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Link to post
Share on other sites
cwallremove

cwallremove

Posted
  • Author
Posted
# AdwCleaner v5.021 - Logfile created 17/11/2015 at 14:33:48

# Updated 14/11/2015 by Xplode

# Database : 2015-11-13.3 [server]

# Operating system : Windows 7 Home Premium Service Pack 1 (x64)

# Username : HD - HD-HP

# Running from : C:\Users\HD\Downloads\AdwCleaner.exe

# Option : Cleaning


 

***** [ Services ] *****

 

 

***** [ Folders ] *****

 

[-] Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search

[-] Folder Deleted : C:\ProgramData\AVG Secure Search

[-] Folder Deleted : C:\ProgramData\Avg_Update_0814tb

[-] Folder Deleted : C:\ProgramData\Avg_Update_1114tb

[-] Folder Deleted : C:\ProgramData\Avg_Update_1214tb

 

***** [ Files ] *****

 

 

***** [ DLLs ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Scheduled tasks ] *****

 

 

***** [ Registry ] *****

 

[-] Key Deleted : HKLM\SOFTWARE\Classes\S

[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi

[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1

[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]

[-] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin

[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615}

[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}

[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}

[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}

[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}

[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}

[-] Key Deleted : HKCU\Software\Avg Secure Update

[-] Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp

[-] Key Deleted : HKU\.DEFAULT\Software\AVG SafeGuard toolbar

[-] Key Deleted : HKU\.DEFAULT\Software\Avg Secure Update

 

***** [ Web browsers ] *****

 

 

*************************

 

:: "Tracing" keys removed

:: Winsock settings cleared

 

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [3009 bytes] ##########
Link to post
Share on other sites
cwallremove

cwallremove

Posted
  • Author
Posted
Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 17/11/2015

Scan Time: 14:41

Logfile: 2nd malware scan.txt

Administrator: Yes

 

Version: 2.2.0.1024

Malware Database: v2015.11.17.04

Rootkit Database: v2015.11.14.01

License: Trial

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

 

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: HD

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 361892

Time Elapsed: 1 hr, 10 min, 33 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

Link to post
Share on other sites
cwallremove

cwallremove

Posted
  • Author
Posted
C:\$Recycle.Bin\S-1-5-21-790991912-2550835033-3860445865-1000\$RLW5EH9.TXT Win32/Filecoder.CR trojan

C:\$Recycle.Bin\S-1-5-21-790991912-2550835033-3860445865-1000\$RPVZHLN.HTML Win32/Filecoder.CR trojan

C:\$Recycle.Bin\S-1-5-21-790991912-2550835033-3860445865-1000\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\$Recycle.Bin\S-1-5-21-790991912-2550835033-3860445865-1000\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\$Recycle.Bin\S-1-5-21-790991912-2550835033-3860445865-1000\$RA7EIN5\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\$Recycle.Bin\S-1-5-21-790991912-2550835033-3860445865-1000\$RA7EIN5\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\$Recycle.Bin\S-1-5-21-790991912-2550835033-3860445865-1000\$REICOHX\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\$Recycle.Bin\S-1-5-21-790991912-2550835033-3860445865-1000\$REICOHX\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\$Recycle.Bin\S-1-5-21-790991912-2550835033-3860445865-1000\$RP9CVJM\Che Part One & Two 2008 Box Set BRRip H264 5.1 ch-SecretMyth (Kingdom-Release)\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\$Recycle.Bin\S-1-5-21-790991912-2550835033-3860445865-1000\$RP9CVJM\Che Part One & Two 2008 Box Set BRRip H264 5.1 ch-SecretMyth (Kingdom-Release)\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\AdwCleaner\Quarantine\C\ProgramData\Search Protection\HELP_DECRYPT.HTML.vir Win32/Filecoder.CR trojan

C:\AdwCleaner\Quarantine\C\ProgramData\Search Protection\HELP_DECRYPT.TXT.vir Win32/Filecoder.CR trojan

C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll a variant of Win32/Toolbar.Visicom.B potentially unwanted application

C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawaretb.dll a variant of Win32/Toolbar.Visicom.A potentially unwanted application

C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\dtUser.exe a variant of Win32/Toolbar.Visicom.C potentially unwanted application

C:\ProgramData\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\ProgramData\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\ProgramData\Birdstep Technology\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\ProgramData\Birdstep Technology\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\ProgramData\Microsoft\RAC\PublishedData\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\ProgramData\Microsoft\RAC\PublishedData\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\ProgramData\TuneUpMedia\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\ProgramData\TuneUpMedia\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\All Users\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\All Users\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\All Users\Birdstep Technology\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\All Users\Birdstep Technology\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\All Users\Microsoft\RAC\PublishedData\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\All Users\Microsoft\RAC\PublishedData\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\All Users\TuneUpMedia\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\All Users\TuneUpMedia\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\.frostwire5\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\.frostwire5\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\.frostwire5\azureus\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\.frostwire5\azureus\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\.frostwire5\azureus\active\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\.frostwire5\azureus\active\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\.frostwire5\image_cache\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\.frostwire5\image_cache\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\.frostwire5\image_cache\static.frostwire.com\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\.frostwire5\image_cache\static.frostwire.com\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\.frostwire5\image_cache\static.frostwire.com\images\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\.frostwire5\image_cache\static.frostwire.com\images\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\.frostwire5\image_cache\static.frostwire.com\images\overlays\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\.frostwire5\image_cache\static.frostwire.com\images\overlays\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\.frostwire5\library_db\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\.frostwire5\library_db\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\.frostwire5\search_db\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\.frostwire5\search_db\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Adobe\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Adobe\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Adobe\contentstore\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Adobe\contentstore\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Adobe\OOBE\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Adobe\OOBE\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Apple Computer\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Apple Computer\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Apple Computer\iTunes\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Apple Computer\iTunes\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Citrix\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Citrix\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Citrix\GoToMeeting\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Citrix\GoToMeeting\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Citrix\GoToMeeting\1468\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Citrix\GoToMeeting\1468\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Google\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Google\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Google\Chrome\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Google\Chrome\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Google\Chrome\User Data\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Google\Chrome\User Data\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Google\Chrome\User Data\Default\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Google\Chrome\User Data\Default\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Google\Chrome\User Data\Default\Extensions\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Google\Chrome\User Data\Default\Extensions\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.google.co.uk_0.indexeddb.leveldb\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.google.co.uk_0.indexeddb.leveldb\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\AssetCache\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\AssetCache\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\AssetCache\3MJ9S6CH\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\AssetCache\3MJ9S6CH\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\HP\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\HP\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\HP\Digital Imaging\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\HP\Digital Imaging\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\HP\Digital Imaging\cache2\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\HP\Digital Imaging\cache2\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\HP\Digital Imaging\db2\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\HP\Digital Imaging\db2\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Ifsoft\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Ifsoft\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Microsoft\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Microsoft\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Microsoft\Internet Explorer\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Microsoft\Internet Explorer\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Microsoft\Media Player\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Microsoft\Media Player\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Microsoft\Media Player\Art Cache\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Microsoft\Media Player\Art Cache\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Microsoft\Media Player\Art Cache\LocalMLS\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Microsoft\Media Player\Art Cache\LocalMLS\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Microsoft\Messenger\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Microsoft\Messenger\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Microsoft\Photo Acquisition\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Microsoft\Photo Acquisition\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4MIG5I2\plugins[1].htm HTML/ScrInject.B.Gen virus

C:\Users\HD\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W518Q4YM\CnetInstaller[1] a variant of Win32/WinWrapper.E potentially unwanted application

C:\Users\HD\AppData\Local\Microsoft\Windows Live\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Microsoft\Windows Live\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Microsoft\Windows Live\Contacts\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Microsoft\Windows Live\Contacts\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Microsoft\Windows Live\Contacts\Default\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Microsoft\Windows Live\Contacts\Default\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Microsoft\Windows Live\Contacts\Default\15.4\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Microsoft\Windows Live\Contacts\Default\15.4\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Microsoft\Windows Live\Contacts\Default\15.4\DBStore\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Microsoft\Windows Live\Contacts\Default\15.4\DBStore\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Microsoft\Windows Live\Contacts\Default\15.4\DBStore\Backup\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Microsoft\Windows Live\Contacts\Default\15.4\DBStore\Backup\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Microsoft\Windows Live Mail\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Microsoft\Windows Live Mail\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Microsoft\Windows Live Mail\Backup\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Microsoft\Windows Live Mail\Backup\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Microsoft\Windows Live Mail\Calendars\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Microsoft\Windows Live Mail\Calendars\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Microsoft\Windows Live Mail\Calendars\DBStore\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Microsoft\Windows Live Mail\Calendars\DBStore\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Microsoft\Windows Live Mail\Calendars\DBStore\Backup\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Microsoft\Windows Live Mail\Calendars\DBStore\Backup\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Microsoft\Windows Live Mail\Sentinel\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Microsoft\Windows Live Mail\Sentinel\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Microsoft\Windows Live Mail\Storage Folders\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Microsoft\Windows Live Mail\Storage Folders\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Microsoft\Windows Live Mail\Storage Folders\Drafts\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Microsoft\Windows Live Mail\Storage Folders\Drafts\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Microsoft\Windows Mail\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Microsoft\Windows Mail\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Microsoft\Windows Mail\Backup\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Microsoft\Windows Mail\Backup\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Microsoft\Windows Mail\Backup\new\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Microsoft\Windows Mail\Backup\new\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Microsoft\Windows Mail\Local Folders\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Microsoft\Windows Mail\Local Folders\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Microsoft\Windows Mail\Local Folders\Inbox\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Microsoft\Windows Mail\Local Folders\Inbox\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Microsoft\Windows Mail\Stationery\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Microsoft\Windows Mail\Stationery\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Microsoft\Windows Media\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Microsoft\Windows Media\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Microsoft\Windows Media\12.0\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Microsoft\Windows Media\12.0\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Opera\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Opera\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Opera\Opera\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Opera\Opera\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Opera\Opera\icons\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Opera\Opera\icons\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Pearson VUE\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Pearson VUE\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Pearson VUE\Pearson VUE Tutorial and Demo\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Pearson VUE\Pearson VUE Tutorial and Demo\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Pearson VUE\Pearson VUE Tutorial and Demo\lib\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Pearson VUE\Pearson VUE Tutorial and Demo\lib\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Pearson VUE\Pearson VUE Tutorial and Demo\lib\vue\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Pearson VUE\Pearson VUE Tutorial and Demo\lib\vue\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Pearson VUE\Pearson VUE Tutorial and Demo\lib\vue\exam\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Pearson VUE\Pearson VUE Tutorial and Demo\lib\vue\exam\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Pearson VUE\Pearson VUE Tutorial and Demo\lib\vue\exam\core\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Pearson VUE\Pearson VUE Tutorial and Demo\lib\vue\exam\core\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Pearson VUE\Pearson VUE Tutorial and Demo\lib\vue\exam\core\resource\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Pearson VUE\Pearson VUE Tutorial and Demo\lib\vue\exam\core\resource\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Pearson VUE\Pearson VUE Tutorial and Demo\lib\vue\exam\core\resource\color\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Pearson VUE\Pearson VUE Tutorial and Demo\lib\vue\exam\core\resource\color\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Pearson VUE\Pearson VUE Tutorial and Demo\lib\vue\exam\core\resource\language\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Pearson VUE\Pearson VUE Tutorial and Demo\lib\vue\exam\core\resource\language\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Pearson VUE\Pearson VUE Tutorial and Demo\lib\vue\exam\core\resource\layout\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Pearson VUE\Pearson VUE Tutorial and Demo\lib\vue\exam\core\resource\layout\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Pearson VUE\Pearson VUE Tutorial and Demo\lib\vue\exam\driver\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Pearson VUE\Pearson VUE Tutorial and Demo\lib\vue\exam\driver\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Pearson VUE\Pearson VUE Tutorial and Demo\lib\vue\exam\driver\ui\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Pearson VUE\Pearson VUE Tutorial and Demo\lib\vue\exam\driver\ui\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Pearson VUE\Pearson VUE Tutorial and Demo\lib\vue\exam\driver\ui\components\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Pearson VUE\Pearson VUE Tutorial and Demo\lib\vue\exam\driver\ui\components\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Pearson VUE\Pearson VUE Tutorial and Demo\lib\vue\exam\driver\ui\components\legacyexternalitem\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Pearson VUE\Pearson VUE Tutorial and Demo\lib\vue\exam\driver\ui\components\legacyexternalitem\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Pearson VUE\Pearson VUE Tutorial and Demo\lib\vue\exam\driver\ui\components\legacyexternalitem\com\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Pearson VUE\Pearson VUE Tutorial and Demo\lib\vue\exam\driver\ui\components\legacyexternalitem\com\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Pearson VUE\Pearson VUE Tutorial and Demo\lib\vue\exam\driver\ui\components\legacyexternalitem\com\dtd\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Pearson VUE\Pearson VUE Tutorial and Demo\lib\vue\exam\driver\ui\components\legacyexternalitem\com\dtd\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Pearson VUE\Pearson VUE Tutorial and Demo\lib\vue\exam\driver\ui\components\legacyexternalitem\flash\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Pearson VUE\Pearson VUE Tutorial and Demo\lib\vue\exam\driver\ui\components\legacyexternalitem\flash\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Pearson VUE\Pearson VUE Tutorial and Demo\lib\vue\exam\driver\ui\components\legacyexternalitem\flash\dtd\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Pearson VUE\Pearson VUE Tutorial and Demo\lib\vue\exam\driver\ui\components\legacyexternalitem\flash\dtd\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Pearson VUE\Pearson VUE Tutorial and Demo\lib\vue\exam\loftanalysis\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Pearson VUE\Pearson VUE Tutorial and Demo\lib\vue\exam\loftanalysis\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Pearson VUE\Pearson VUE Tutorial and Demo\lib\vue\exam\loftanalysis\ui\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Pearson VUE\Pearson VUE Tutorial and Demo\lib\vue\exam\loftanalysis\ui\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Pearson VUE\Pearson VUE Tutorial and Demo\lib\vue\exam\loftanalysis\ui\resources\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Pearson VUE\Pearson VUE Tutorial and Demo\lib\vue\exam\loftanalysis\ui\resources\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Pearson VUE\Pearson VUE Tutorial and Demo\lib\vue\exam\player\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Pearson VUE\Pearson VUE Tutorial and Demo\lib\vue\exam\player\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Pearson VUE\Pearson VUE Tutorial and Demo\lib\vue\exam\player\ui\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Pearson VUE\Pearson VUE Tutorial and Demo\lib\vue\exam\player\ui\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Pearson VUE\Pearson VUE Tutorial and Demo\lib\vue\exam\player\ui\resources\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Pearson VUE\Pearson VUE Tutorial and Demo\lib\vue\exam\player\ui\resources\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Pearson VUE\Pearson VUE Tutorial and Demo\lib\vue\exam\prevue\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Pearson VUE\Pearson VUE Tutorial and Demo\lib\vue\exam\prevue\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Pearson VUE\Pearson VUE Tutorial and Demo\lib\vue\exam\prevue\viewer\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Pearson VUE\Pearson VUE Tutorial and Demo\lib\vue\exam\prevue\viewer\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Pearson VUE\Pearson VUE Tutorial and Demo\lib\vue\exam\prevue\viewer\ui\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Pearson VUE\Pearson VUE Tutorial and Demo\lib\vue\exam\prevue\viewer\ui\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Pearson VUE\Pearson VUE Tutorial and Demo\lib\vue\exam\prevue\viewer\ui\resources\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Pearson VUE\Pearson VUE Tutorial and Demo\lib\vue\exam\prevue\viewer\ui\resources\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Pearson VUE\Pearson VUE Tutorial and Demo\lib\vue\exam\simulator\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Pearson VUE\Pearson VUE Tutorial and Demo\lib\vue\exam\simulator\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Pearson VUE\Pearson VUE Tutorial and Demo\lib\vue\exam\simulator\ui\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Pearson VUE\Pearson VUE Tutorial and Demo\lib\vue\exam\simulator\ui\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Pearson VUE\Pearson VUE Tutorial and Demo\lib\vue\exam\simulator\ui\resources\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Pearson VUE\Pearson VUE Tutorial and Demo\lib\vue\exam\simulator\ui\resources\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Pearson VUE\Pearson VUE Tutorial and Demo\lib\vue\exam\testdrive\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Pearson VUE\Pearson VUE Tutorial and Demo\lib\vue\exam\testdrive\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Pearson VUE\Pearson VUE Tutorial and Demo\lib\vue\exam\testdrive\parser\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Pearson VUE\Pearson VUE Tutorial and Demo\lib\vue\exam\testdrive\parser\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Pearson VUE Common\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Pearson VUE Common\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Pearson VUE Common\JRE\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Pearson VUE Common\JRE\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Pearson VUE Common\JRE\jre1.6.0_29\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Pearson VUE Common\JRE\jre1.6.0_29\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Pearson VUE Common\JRE\jre1.6.0_29\bin\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Pearson VUE Common\JRE\jre1.6.0_29\bin\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Pearson VUE Common\JRE\jre1.6.0_29\bin\client\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Pearson VUE Common\JRE\jre1.6.0_29\bin\client\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Pearson VUE Common\JRE\jre1.6.0_29\lib\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Pearson VUE Common\JRE\jre1.6.0_29\lib\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Pearson VUE Common\JRE\jre1.6.0_29\lib\deploy\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Pearson VUE Common\JRE\jre1.6.0_29\lib\deploy\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Skype\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Skype\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Skype\Apps\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Skype\Apps\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Skype\Apps\login\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Skype\Apps\login\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Skype\Apps\login\images\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\Skype\Apps\login\images\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\VirtualStore\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\VirtualStore\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\YhPack\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Local\YhPack\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\LocalLow\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\LocalLow\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\LocalLow\Adobe\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\LocalLow\Adobe\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\LocalLow\Adobe\Acrobat\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\LocalLow\Adobe\Acrobat\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\LocalLow\Adobe\Acrobat\10.0\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\LocalLow\Adobe\Acrobat\10.0\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\LocalLow\Adobe\Acrobat\10.0\Search\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\LocalLow\Adobe\Acrobat\10.0\Search\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\LocalLow\Adobe\Acrobat\11.0\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\LocalLow\Adobe\Acrobat\11.0\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\LocalLow\Adobe\Acrobat\11.0\Search\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\LocalLow\Adobe\Acrobat\11.0\Search\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\LocalLow\Microsoft\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\LocalLow\Microsoft\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\LocalLow\Microsoft\MuCatalog\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\LocalLow\Microsoft\MuCatalog\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\LocalLow\Microsoft\Silverlight\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\LocalLow\Microsoft\Silverlight\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\LocalLow\Microsoft\Silverlight\is\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\LocalLow\Microsoft\Silverlight\is\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\LocalLow\Microsoft\Silverlight\is\lb43ftcd.2dq\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\LocalLow\Microsoft\Silverlight\is\lb43ftcd.2dq\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\LocalLow\Microsoft\Silverlight\is\lb43ftcd.2dq\sdbj3pu0.3zn\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\LocalLow\Microsoft\Silverlight\is\lb43ftcd.2dq\sdbj3pu0.3zn\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\LocalLow\Microsoft\Silverlight\is\lb43ftcd.2dq\sdbj3pu0.3zn\1\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\LocalLow\Microsoft\Silverlight\is\lb43ftcd.2dq\sdbj3pu0.3zn\1\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\LocalLow\Microsoft\Silverlight\is\lb43ftcd.2dq\sdbj3pu0.3zn\1\s\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\LocalLow\Microsoft\Silverlight\is\lb43ftcd.2dq\sdbj3pu0.3zn\1\s\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\LocalLow\Microsoft\Silverlight\is\lb43ftcd.2dq\sdbj3pu0.3zn\1\s\3lozfbt13fcuaawha2aegjbiamxdgnwnjythcjhrraqxc0snupaaadaa\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\LocalLow\Microsoft\Silverlight\is\lb43ftcd.2dq\sdbj3pu0.3zn\1\s\3lozfbt13fcuaawha2aegjbiamxdgnwnjythcjhrraqxc0snupaaadaa\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\LocalLow\Microsoft\Silverlight\is\lb43ftcd.2dq\sdbj3pu0.3zn\1\s\3lozfbt13fcuaawha2aegjbiamxdgnwnjythcjhrraqxc0snupaaadaa\f\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\LocalLow\Microsoft\Silverlight\is\lb43ftcd.2dq\sdbj3pu0.3zn\1\s\3lozfbt13fcuaawha2aegjbiamxdgnwnjythcjhrraqxc0snupaaadaa\f\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\LocalLow\Microsoft\Silverlight\is\lb43ftcd.2dq\sdbj3pu0.3zn\1\s\jw40ub2geo4fq1x3fekmyxzwg5fakxc2ko44hrf4fxn2i23zpvaaaefa\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\LocalLow\Microsoft\Silverlight\is\lb43ftcd.2dq\sdbj3pu0.3zn\1\s\jw40ub2geo4fq1x3fekmyxzwg5fakxc2ko44hrf4fxn2i23zpvaaaefa\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\LocalLow\Microsoft\Silverlight\is\lb43ftcd.2dq\sdbj3pu0.3zn\1\s\jw40ub2geo4fq1x3fekmyxzwg5fakxc2ko44hrf4fxn2i23zpvaaaefa\f\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\LocalLow\Microsoft\Silverlight\is\lb43ftcd.2dq\sdbj3pu0.3zn\1\s\jw40ub2geo4fq1x3fekmyxzwg5fakxc2ko44hrf4fxn2i23zpvaaaefa\f\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\LocalLow\Microsoft\Silverlight\is\lb43ftcd.2dq\sdbj3pu0.3zn\1\s\pnsdpvtb5exgchyg03smstegrqs5kzr50c1qg51ibdd01qibu2aaagfa\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\LocalLow\Microsoft\Silverlight\is\lb43ftcd.2dq\sdbj3pu0.3zn\1\s\pnsdpvtb5exgchyg03smstegrqs5kzr50c1qg51ibdd01qibu2aaagfa\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\LocalLow\Microsoft\Silverlight\is\lb43ftcd.2dq\sdbj3pu0.3zn\1\s\pnsdpvtb5exgchyg03smstegrqs5kzr50c1qg51ibdd01qibu2aaagfa\f\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\LocalLow\Microsoft\Silverlight\is\lb43ftcd.2dq\sdbj3pu0.3zn\1\s\pnsdpvtb5exgchyg03smstegrqs5kzr50c1qg51ibdd01qibu2aaagfa\f\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\LocalLow\Microsoft\Silverlight\is\lb43ftcd.2dq\sdbj3pu0.3zn\1\s\psld1rq2evnjg2ki2ziatkouhebg2l4klzm3vvurqxwtu41pinaaahda\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\LocalLow\Microsoft\Silverlight\is\lb43ftcd.2dq\sdbj3pu0.3zn\1\s\psld1rq2evnjg2ki2ziatkouhebg2l4klzm3vvurqxwtu41pinaaahda\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\LocalLow\Microsoft\Silverlight\is\lb43ftcd.2dq\sdbj3pu0.3zn\1\s\psld1rq2evnjg2ki2ziatkouhebg2l4klzm3vvurqxwtu41pinaaahda\f\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\LocalLow\Microsoft\Silverlight\is\lb43ftcd.2dq\sdbj3pu0.3zn\1\s\psld1rq2evnjg2ki2ziatkouhebg2l4klzm3vvurqxwtu41pinaaahda\f\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\LocalLow\Microsoft\Silverlight\is\lb43ftcd.2dq\sdbj3pu0.3zn\1\s\qmq203fn3qtn0mbot2ewy5y2renlk1xlpshvlg0rf2admreghbaaadfa\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\LocalLow\Microsoft\Silverlight\is\lb43ftcd.2dq\sdbj3pu0.3zn\1\s\qmq203fn3qtn0mbot2ewy5y2renlk1xlpshvlg0rf2admreghbaaadfa\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\LocalLow\Microsoft\Silverlight\is\lb43ftcd.2dq\sdbj3pu0.3zn\1\s\qmq203fn3qtn0mbot2ewy5y2renlk1xlpshvlg0rf2admreghbaaadfa\f\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\LocalLow\Microsoft\Silverlight\is\lb43ftcd.2dq\sdbj3pu0.3zn\1\s\qmq203fn3qtn0mbot2ewy5y2renlk1xlpshvlg0rf2admreghbaaadfa\f\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\LocalLow\Sun\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\LocalLow\Sun\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\LocalLow\Sun\Java\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\LocalLow\Sun\Java\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\LocalLow\Sun\Java\Deployment\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\LocalLow\Sun\Java\Deployment\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\LocalLow\Sun\Java\Deployment\SystemCache\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\LocalLow\Sun\Java\Deployment\SystemCache\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Roaming\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Roaming\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Roaming\Adobe\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Roaming\Adobe\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Roaming\Adobe\Adobe PDF\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Roaming\Adobe\Adobe PDF\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Roaming\Adobe\Adobe PDF\Distiller\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Roaming\Adobe\Adobe PDF\Distiller\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Roaming\Adobe\Adobe PDF\Distiller\Data\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Roaming\Adobe\Adobe PDF\Distiller\Data\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Roaming\Adobe\Adobe PDF\Distiller\Startup\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Roaming\Adobe\Adobe PDF\Distiller\Startup\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Roaming\Adobe\Flash Player\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Roaming\Adobe\Flash Player\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Roaming\Adobe\Flash Player\AssetCache\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Roaming\Adobe\Flash Player\AssetCache\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Roaming\Adobe\Flash Player\AssetCache\N97BFN54\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Roaming\Adobe\Flash Player\AssetCache\N97BFN54\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Roaming\Apple Computer\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Roaming\Apple Computer\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Roaming\Apple Computer\SyncServices\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Roaming\Apple Computer\SyncServices\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Roaming\Apple Computer\SyncServices\Local\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Roaming\Apple Computer\SyncServices\Local\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Roaming\Apple Computer\SyncServices\Local\clientdata\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Roaming\Apple Computer\SyncServices\Local\clientdata\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Roaming\Apple Computer\SyncServices\Local\clientdata\928ce871e31e838b84dc3874b86b384438631594\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Roaming\Apple Computer\SyncServices\Local\clientdata\928ce871e31e838b84dc3874b86b384438631594\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Roaming\Apple Computer\SyncServices\Local\clientdata\ebf0f86d30f0f15eb295a85fd1c590756e81420a\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Roaming\Apple Computer\SyncServices\Local\clientdata\ebf0f86d30f0f15eb295a85fd1c590756e81420a\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Roaming\Birdstep Technology\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Roaming\Birdstep Technology\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant\Local Store\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant\Local Store\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Roaming\Guitar Pro 6\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Roaming\Guitar Pro 6\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Roaming\HP\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Roaming\HP\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Roaming\HP\WebRegLogs\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Roaming\HP\WebRegLogs\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Roaming\Malwarebytes\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Roaming\Malwarebytes\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Roaming\Microsoft\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Roaming\Microsoft\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Roaming\Microsoft\Document Building Blocks\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Roaming\Microsoft\Document Building Blocks\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Roaming\Microsoft\Document Building Blocks\1033\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Roaming\Microsoft\Document Building Blocks\1033\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Roaming\Skype\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Roaming\Skype\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Roaming\Skype\hannahdahwa\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Roaming\Skype\hannahdahwa\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Roaming\Skype\hannahdahwa\media_messaging\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Roaming\Skype\hannahdahwa\media_messaging\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Roaming\Skype\hannahdahwa\media_messaging\media_cache\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Roaming\Skype\hannahdahwa\media_messaging\media_cache\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Roaming\Skype\hannahdahwa\media_messaging\media_cache\asyncdb\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Roaming\Skype\hannahdahwa\media_messaging\media_cache\asyncdb\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Roaming\Skype\hannahdahwa\media_messaging\storage_db\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Roaming\Skype\hannahdahwa\media_messaging\storage_db\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Roaming\Skype\hannahdahwa\media_messaging\storage_db\asyncdb\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Roaming\Skype\hannahdahwa\media_messaging\storage_db\asyncdb\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Roaming\Skype\hannahdahwa\qikdb\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Roaming\Skype\hannahdahwa\qikdb\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Roaming\Skype\shared_httpfe\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Roaming\Skype\shared_httpfe\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Roaming\Teleca\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Roaming\Teleca\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Roaming\Teleca\Telecalib\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Roaming\Teleca\Telecalib\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Roaming\Teleca\Telecalib\Logging\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Roaming\Teleca\Telecalib\Logging\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Roaming\Teleca\Telecalib\Logging\Application logs\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Roaming\Teleca\Telecalib\Logging\Application logs\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Roaming\Teleca\Telecalib\Logging\CA100\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Roaming\Teleca\Telecalib\Logging\CA100\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Roaming\Teleca\Telecalib\Logging\GE\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Roaming\Teleca\Telecalib\Logging\GE\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Roaming\TuneUpMedia\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Roaming\TuneUpMedia\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Roaming\Winamp\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Roaming\Winamp\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Roaming\Winamp\Plugins\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Roaming\Winamp\Plugins\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Roaming\Winamp\Plugins\ml\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\AppData\Roaming\Winamp\Plugins\ml\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\Documents\Antipsychotics audit\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\Documents\Antipsychotics audit\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\Documents\Antipsychotics audit\Previous audits\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\Documents\Antipsychotics audit\Previous audits\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\Documents\Certificates of learning\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\Documents\Certificates of learning\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\Documents\COPD audit\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\Documents\COPD audit\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\Documents\Endocrine CT2\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\Documents\Endocrine CT2\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\Documents\Eportfolio CT1\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\Documents\Eportfolio CT1\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\Documents\Eportfolio CT1\New Zealand WPBA\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

C:\Users\HD\Documents\Eportfolio CT1\New Zealand WPBA\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

C:\Users\HD\Downloads\cbsi-3_2_5_39-10064069.exe a variant of Win32/CNETInstaller.B potentially unwanted application

C:\Users\HD\Downloads\cbsidlm-cbsi5_4_0_101-Free_VPN-ORG-75445860 (1).exe a variant of Win32/CNETInstaller.B potentially unwanted application

C:\Users\HD\Downloads\cbsidlm-cbsi5_4_0_101-Free_VPN-ORG-75445860.exe a variant of Win32/CNETInstaller.B potentially unwanted application

C:\Users\HD\Downloads\cbsidlm-tr1_10a-Advanced_Office_Password_Breaker-ORG-10165536.exe Win32/DownloadAdmin.G potentially unwanted application

C:\Users\HD\Downloads\cbsidlm-tr1_10a-Easy_Excel_Password_Recovery_Free-ORG-10908132.exe Win32/DownloadAdmin.G potentially unwanted application

C:\Users\HD\Downloads\cbsidlm-tr1_10a-ExcelDecryptor-ORG-75622718.exe Win32/DownloadAdmin.G potentially unwanted application

C:\Users\HD\Downloads\cbsidlm-tr1_10a-Excel_Password_Recovery_Master-ORG-10701264.exe Win32/DownloadAdmin.G potentially unwanted application

C:\Users\HD\Downloads\cbsidlm-tr1_10a-Guaranteed_Excel_Decrypter-ORG-10053323.exe Win32/DownloadAdmin.G potentially unwanted application

C:\Users\HD\Downloads\cbsidlm-tr1_10a-Passware_Kit_Enterprise-ORG-10235518.exe Win32/DownloadAdmin.G potentially unwanted application

C:\Users\HD\Downloads\cbsidlm-tr1_11-Guitarpad_Free_Digital_Tuner-ORG-10467757.exe Win32/DownloadAdmin.G potentially unwanted application

C:\Users\HD\Downloads\cbsidlm-tr1_11-Guitar_Tuner-ORG-10391414.exe Win32/DownloadAdmin.G potentially unwanted application

C:\Users\HD\Downloads\cbsidlm-tr1_11-RoboGuru_Guitar_Tuner-ORG-10969530.exe Win32/DownloadAdmin.G potentially unwanted application

C:\Users\HD\Downloads\cbsidlm-tr1_6-KLite_Mega_Codec_Pack-10794603.exe Win32/DownloadAdmin.G potentially unwanted application

C:\Users\HD\Downloads\frostwire-5.3.6.windows.exe a variant of Win32/Bundled.Toolbar.Ask.C potentially unsafe application

C:\Users\HD\Downloads\HSS-2.25-install-anchorfree-232-expatshield.exe a variant of Win32/Toolbar.Conduit.AI potentially unwanted application

D:\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

D:\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

E:\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

E:\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

E:\Hewlett-Packard\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

E:\Hewlett-Packard\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

E:\Hewlett-Packard\QuickWeb\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

E:\Hewlett-Packard\QuickWeb\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan

E:\Hewlett-Packard\QuickWeb\Settings\HELP_DECRYPT.TXT Win32/Filecoder.CR trojan

E:\Hewlett-Packard\QuickWeb\Settings\HELP_DECRYPT.HTML Win32/Filecoder.CR trojan
Link to post
Share on other sites
cwallremove

cwallremove

Posted
  • Author
Posted
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-11-2015

Ran by HD (administrator) on HD-HP (18-11-2015 17:57:44)

Running from C:\Users\HD\Downloads\FRST-OlderVersion

Loaded Profiles: HD (Available Profiles: HD)

Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)

Internet Explorer Version 10 (Default browser: IE)

Boot Mode: Normal


 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(HP) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe

() C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe

(Trend Micro Inc.) C:\Program Files (x86)\AntiRansomware2.0\ARService.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe

(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe

(Genie9) C:\Program Files\Genie9\Genie Timeline\GenieTimelineService.exe

(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe

(LaCie) C:\Program Files (x86)\LaCie\LaCie Desktop Manager\LaCieDesktopManagerDaemon.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe

(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

(Genie9) C:\Program Files\Genie9\Genie Timeline\GenieTimeLineAgent.exe

(HP) C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe

(HP) C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe

(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

 

==================== Registry (Whitelisted) ===========================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1424896 2012-01-11] (IDT, Inc.)

HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2799912 2011-06-10] (Synaptics Incorporated)

HKLM\...\Run: [setDefault] => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [44880 2011-12-19] (Hewlett-Packard Development Company, L.P.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170280 2015-07-11] (Apple Inc.)

HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)

HKLM-x32\...\Run: [WinampAgent] => "C:\Program Files (x86)\Winamp\winampa.exe"

HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-04-30] (Intel Corporation)

HKLM-x32\...\Run: [HPQuickWebProxy] => C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [168504 2011-06-28] (Hewlett-Packard Company)

HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)

HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)

HKLM-x32\...\Run: [Easybits Recovery] => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-05-15] (Apple Inc.)

HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe

HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-13] ()

HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe

HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3498728 2015-09-26] (Adobe Systems Inc.)

HKLM-x32\...\Run: [QuickTime Task] => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguix.exe [1136552 2015-11-12] (AVG Technologies CZ, s.r.o.)

HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [3826600 2015-10-30] (AVG Technologies CZ, s.r.o.)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1

HKU\S-1-5-21-790991912-2550835033-3860445865-1000\...\Run: [AVG-Secure-Search-Update_1113a] => C:\Users\HD\AppData\Roaming\AVG 1113a Campaign\AVG-Secure-Search-Update-1113a.exe /PROMPT /mid=44c53dddba0b47d08ca9c15632504498-8e3f2d5a62688078dbb924d632c9ff21b4437419 /CMPID=1113a

HKU\S-1-5-21-790991912-2550835033-3860445865-1000\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)

HKU\S-1-5-21-790991912-2550835033-3860445865-1000\...\Run: [ifsoft] => regsvr32.exe C:\Users\HD\AppData\Local\Ifsoft\CNBJOP6N.DLL <===== ATTENTION

HKU\S-1-5-21-790991912-2550835033-3860445865-1000\...\Run: [Odics] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\HD\AppData\Local\YhPack\mdnsNSP.dll

HKU\S-1-5-21-790991912-2550835033-3860445865-1000\...\Run: [LaCie Desktop Manager 2 Startup] => C:\Program Files (x86)\LaCie\LaCie Desktop Manager\LaCie Desktop Manager.exe [869232 2014-09-22] (LaCie)

HKU\S-1-5-21-790991912-2550835033-3860445865-1000\...\Policies\system: [DisableLockWorkstation] 0

HKU\S-1-5-21-790991912-2550835033-3860445865-1000\...\Policies\system: [DisableChangePassword] 0

HKU\S-1-5-21-790991912-2550835033-3860445865-1000\...\MountPoints2: G - G:\laucher.exe

HKU\S-1-5-21-790991912-2550835033-3860445865-1000\...\MountPoints2: {02e4023e-371a-11e1-84eb-101f74b4ad6b} - G:\AutoRun.exe

HKU\S-1-5-21-790991912-2550835033-3860445865-1000\...\MountPoints2: {5ae6f57c-d377-11e1-ab15-101f74b4ad6b} - G:\Startme.exe

HKU\S-1-5-21-790991912-2550835033-3860445865-1000\...\MountPoints2: {61ce1fd0-acc3-11e1-858c-101f74b4ad6b} - G:\laucher.exe

HKU\S-1-5-21-790991912-2550835033-3860445865-1000\...\MountPoints2: {7553b7b3-354d-11e1-a314-101f74b4ad6b} - H:\SETUP.EXE

HKU\S-1-5-21-790991912-2550835033-3860445865-1000\...\MountPoints2: {8177e547-331d-11e1-ace1-806e6f6e6963} - F:\start.exe \MENU.pps

HKU\S-1-5-21-790991912-2550835033-3860445865-1000\...\MountPoints2: {bc7cf4ad-ad9a-11e1-adc2-101f74b4ad6b} - G:\laucher.exe

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

Tcpip\..\Interfaces\{77AE7A19-732E-4EA7-8965-47C741A5A197}: [NameServer] 8.8.8.8,8.8.8.8

Tcpip\..\Interfaces\{8E675C0D-6714-481B-986A-5E644D6737AF}: [NameServer] 8.8.8.8,8.8.8.8

Tcpip\..\Interfaces\{8E675C0D-6714-481B-986A-5E644D6737AF}: [DhcpNameServer] 192.168.0.1

Tcpip\..\Interfaces\{9B4AD3B2-583E-49AE-A01A-EF3519946C33}: [NameServer] 8.8.8.8,8.8.8.8

Tcpip\..\Interfaces\{9FEAFB74-FDC6-454E-A2A8-7DBB7EB65219}: [NameServer] 8.8.8.8,8.8.8.8

Tcpip\..\Interfaces\{D8E81319-F7C4-42DE-92B6-8428AEF256B9}: [NameServer] 8.8.8.8,8.8.8.8

Tcpip\..\Interfaces\{D8E81319-F7C4-42DE-92B6-8428AEF256B9}: [DhcpNameServer] 194.168.4.100 194.168.8.100

 

Internet Explorer:

==================

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = 

SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF

SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}

SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/710-111095-2958-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll [2011-05-06] (HP)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)

BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)

BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)

BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)

BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.)

BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2013-02-07] (DivX, LLC)

BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)

BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2012-10-25] (Sun Microsystems, Inc.)

BHO-x32: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll [2011-05-06] (HP)

BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)

BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated)

BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2012-10-25] (Sun Microsystems, Inc.)

BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)

BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated)

BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Co.)

Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)

Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated)

Toolbar: HKU\S-1-5-21-790991912-2550835033-3860445865-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File

Toolbar: HKU\S-1-5-21-790991912-2550835033-3860445865-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File

Toolbar: HKU\S-1-5-21-790991912-2550835033-3860445865-1000 -> No Name - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} -  No File

Toolbar: HKU\S-1-5-21-790991912-2550835033-3860445865-1000 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)

DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1327170353107

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-04-08] (Skype Technologies)

 

FireFox:

========

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-11] ()

FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)

FF Plugin: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)

FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-11] ()

FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] ()

FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2013-02-07] (DivX, LLC)

FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)

FF Plugin-x32: @java.com/DTPlugin -> C:\Program Files (x86)\Java\jre6\bin\dtplugin\npDeployJava1.dll [2012-09-24] (Sun Microsystems, Inc.)

FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll [2012-09-24] (Sun Microsystems, Inc.)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.)

FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-12-08] ()

FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)

FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)

FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5

FF Extension: DivX Plus Web Player HTML5 &video& - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-02-22] [not signed]

FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-08-10] [not signed]

FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn

FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2015-10-15] [not signed]

FF HKU\S-1-5-21-790991912-2550835033-3860445865-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-08-10] [not signed]

 

Chrome: 

=======

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\ppGoogleNaClPluginChrome.dll => No File

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\pdf.dll => No File

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\gcswf32.dll => No File

CHR Plugin: (Simple Pass 2011) - C:\Users\HD\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdhihajbmafmgilcciomnamcjfkdhikl\1.0_0\npwebsitelogon.dll => No File

CHR Plugin: (Norton Confidential) - C:\Users\HD\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.0.140_0\npcoplgn.dll => No File

CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll => No File

CHR Plugin: (Java Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

CHR Plugin: (WildTangent Games App Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()

CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll => No File

CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll => No File

CHR Profile: C:\Users\HD\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Adobe Acrobat) - C:\Users\HD\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2015-11-09]

CHR Extension: (Website Logon) - C:\Users\HD\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdhihajbmafmgilcciomnamcjfkdhikl [2015-02-23]

CHR Extension: (Chrome Web Store Payments) - C:\Users\HD\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-14]

CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\HD\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2015-02-23]

CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2015-09-26]

CHR HKLM-x32\...\Chrome\Extension: [hdhihajbmafmgilcciomnamcjfkdhikl] - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx [2011-04-14]

CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-02-07]

 

==================== Services (Whitelisted) ========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 AntiRansomwareService; C:\Program Files (x86)\AntiRansomware2.0\arservice.exe [100864 2015-07-30] (Trend Micro Inc.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)

S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [595376 2015-10-30] (AVG Technologies CZ, s.r.o.)

S2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagent.exe [3815648 2015-10-30] (AVG Technologies CZ, s.r.o.)

R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1046952 2015-11-12] (AVG Technologies CZ, s.r.o.)

R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe [579776 2015-10-30] (AVG Technologies CZ, s.r.o.)

R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed]

R2 GenieTimelineService; C:\Program Files\Genie9\Genie Timeline\GenieTimelineService.exe [662104 2012-09-16] (Genie9)

R2 LaCieDesktopManagerDaemon; C:\Program Files (x86)\LaCie\LaCie Desktop Manager\LaCieDesktopManagerDaemon.exe [1147248 2014-09-22] (LaCie)

S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [1205136 2015-11-13] ()

S4 hpqcxs08;  [X]

S4 hpqddsvc;  [X]

S2 HPSLPSVC; C:\Users\HD\AppData\Local\Temp\7zS206C\hpslpsvc64.dll [X]

S4 jswpsapi;  [X]

S4 Net Driver HPZ12;  [X]

S4 PassThru Service;  [X]

S4 Pml Driver HPZ12;  [X]

S4 WDCS_WNDA3200;  [X]

 

===================== Drivers (Whitelisted) ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R1 A2DDA; C:\EEK\bin\a2ddax64.sys [26176 2015-03-30] (Emsisoft GmbH)

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [197040 2015-08-10] (AVG Technologies CZ, s.r.o.)

R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [313776 2015-10-19] (AVG Technologies CZ, s.r.o.)

R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [298416 2015-08-20] (AVG Technologies CZ, s.r.o.)

R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [284080 2015-10-21] (AVG Technologies CZ, s.r.o.)

R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [398256 2015-08-14] (AVG Technologies CZ, s.r.o.)

R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [255408 2015-10-21] (AVG Technologies CZ, s.r.o.)

R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [42416 2015-08-10] (AVG Technologies CZ, s.r.o.)

R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [302000 2015-10-08] (AVG Technologies CZ, s.r.o.)

S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2015-03-30] (Emsisoft GmbH)

S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)

S3 HTCAND64; C:\Windows\System32\Drivers\ANDROIDUSB.sys [33736 2009-11-02] (HTC, Corporation) [File not signed]

R1 KbHook; C:\Program Files (x86)\AntiRansomware2.0\hookdriver64.sys [18720 2013-06-08] (<company name here>)

S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)

S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)

S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)

S4 USBAAPL64;  [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One Month Created files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2015-11-18 17:40 - 2015-11-18 17:57 - 00000000 ____D C:\Users\HD\Downloads\FRST-OlderVersion

2015-11-18 17:31 - 2015-11-18 17:31 - 00100026 _____ C:\Users\HD\Desktop\eset scanner.txt

2015-11-17 15:54 - 2015-11-17 15:54 - 00000000 ____D C:\Program Files (x86)\ESET

2015-11-17 15:52 - 2015-11-17 15:52 - 00001065 _____ C:\Users\HD\Desktop\2nd malware scan.txt

2015-11-17 14:32 - 2015-11-17 14:32 - 00002836 _____ C:\Users\HD\Desktop\AdwCleaner[s2].txt

2015-11-17 14:26 - 2015-11-17 14:26 - 00009746 _____ C:\Users\HD\Desktop\JRT.txt

2015-11-13 19:45 - 2015-11-13 20:37 - 00021504 _____ C:\Users\HD\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2015-11-13 16:05 - 2015-11-13 16:05 - 00000000 ____D C:\Users\Default\AppData\Roaming\Genie9

2015-11-13 16:05 - 2015-11-13 16:05 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Genie9

2015-11-13 13:07 - 2015-11-13 13:07 - 00000000 ____D C:\Users\HD\AppData\Local\AVG Web TuneUp

2015-11-13 13:07 - 2015-11-13 13:07 - 00000000 ____D C:\ProgramData\AVG Web TuneUp

2015-11-13 13:07 - 2015-11-13 13:07 - 00000000 ____D C:\Program Files (x86)\AVG Web TuneUp

2015-11-13 13:03 - 2015-11-13 13:03 - 00000000 ____D C:\Users\HD\AppData\Roaming\AVG

2015-11-13 13:03 - 2015-11-13 13:03 - 00000000 ____D C:\Users\HD\AppData\Local\Avg

2015-11-13 12:53 - 2015-11-18 17:30 - 00000896 _____ C:\Users\Public\Desktop\AVG.lnk

2015-11-13 12:53 - 2015-11-18 17:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen

2015-11-13 12:49 - 2015-11-13 12:56 - 00000000 ____D C:\ProgramData\Avg

2015-11-12 20:42 - 2015-11-03 17:55 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2015-11-11 15:02 - 2015-10-13 04:57 - 00950720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys

2015-11-11 15:01 - 2015-10-20 18:42 - 03168768 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll

2015-11-11 15:01 - 2015-10-20 18:42 - 02608128 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll

2015-11-11 15:01 - 2015-10-20 18:42 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll

2015-11-11 15:01 - 2015-10-20 18:42 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll

2015-11-11 15:01 - 2015-10-20 18:42 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll

2015-11-11 15:01 - 2015-10-20 18:42 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll

2015-11-11 15:01 - 2015-10-20 18:42 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll

2015-11-11 15:01 - 2015-10-20 18:41 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe

2015-11-11 15:01 - 2015-10-20 18:41 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll

2015-11-11 15:01 - 2015-10-20 18:41 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe

2015-11-11 15:01 - 2015-10-20 18:41 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll

2015-11-11 15:01 - 2015-10-20 17:46 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll

2015-11-11 15:01 - 2015-10-20 17:46 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll

2015-11-11 15:01 - 2015-10-20 17:46 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll

2015-11-11 15:01 - 2015-10-20 17:46 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll

2015-11-11 15:01 - 2015-10-20 17:45 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe

2015-11-11 15:01 - 2015-10-20 15:01 - 01763328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2015-11-11 15:01 - 2015-10-20 15:01 - 00525824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2015-11-11 15:01 - 2015-10-20 15:00 - 14292992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2015-11-11 15:01 - 2015-10-20 15:00 - 13775360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2015-11-11 15:01 - 2015-10-20 15:00 - 02866176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2015-11-11 15:01 - 2015-10-20 15:00 - 02056704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2015-11-11 15:01 - 2015-10-20 15:00 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2015-11-11 15:01 - 2015-10-20 15:00 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2015-11-11 15:01 - 2015-10-20 15:00 - 00715776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2015-11-11 15:01 - 2015-10-20 15:00 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2015-11-11 15:01 - 2015-10-20 15:00 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2015-11-11 15:01 - 2015-10-20 15:00 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2015-11-11 15:01 - 2015-10-20 15:00 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2015-11-11 15:01 - 2015-10-20 15:00 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2015-11-11 15:01 - 2015-10-20 15:00 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2015-11-11 15:01 - 2015-10-20 15:00 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2015-11-11 15:01 - 2015-10-20 15:00 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2015-11-11 15:01 - 2015-10-20 15:00 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2015-11-11 15:01 - 2015-10-20 15:00 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2015-11-11 15:01 - 2015-10-20 15:00 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2015-11-11 15:01 - 2015-10-20 13:54 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2015-11-11 15:01 - 2015-10-20 13:54 - 01409024 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2015-11-11 15:01 - 2015-10-20 13:54 - 00603648 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2015-11-11 15:01 - 2015-10-20 13:54 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2015-11-11 15:01 - 2015-10-20 13:53 - 19283456 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2015-11-11 15:01 - 2015-10-20 13:53 - 15416320 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2015-11-11 15:01 - 2015-10-20 13:53 - 03960832 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2015-11-11 15:01 - 2015-10-20 13:53 - 02657280 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2015-11-11 15:01 - 2015-10-20 13:53 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2015-11-11 15:01 - 2015-10-20 13:53 - 00857600 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2015-11-11 15:01 - 2015-10-20 13:53 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2015-11-11 15:01 - 2015-10-20 13:53 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2015-11-11 15:01 - 2015-10-20 13:53 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2015-11-11 15:01 - 2015-10-20 13:53 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2015-11-11 15:01 - 2015-10-20 13:53 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2015-11-11 15:01 - 2015-10-20 13:53 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2015-11-11 15:01 - 2015-10-20 13:53 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2015-11-11 15:01 - 2015-10-20 13:53 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2015-11-11 15:01 - 2015-10-20 13:53 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2015-11-11 15:01 - 2015-10-20 13:53 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2015-11-11 15:01 - 2015-10-20 13:53 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2015-11-11 15:01 - 2015-10-15 19:12 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2015-11-11 15:01 - 2015-10-15 19:04 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2015-11-11 15:01 - 2015-10-15 18:39 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec

2015-11-11 15:01 - 2015-10-15 18:36 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec

2015-11-11 15:01 - 2015-10-15 18:11 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe

2015-11-11 15:01 - 2015-10-15 18:11 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2015-11-11 14:59 - 2015-10-20 01:12 - 05570496 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2015-11-11 14:59 - 2015-10-20 01:12 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys

2015-11-11 14:59 - 2015-10-20 01:12 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys

2015-11-11 14:59 - 2015-10-20 01:09 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll

2015-11-11 14:59 - 2015-10-20 01:06 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll

2015-11-11 14:59 - 2015-10-20 01:06 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll

2015-11-11 14:59 - 2015-10-20 01:06 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll

2015-11-11 14:59 - 2015-10-20 01:06 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll

2015-11-11 14:59 - 2015-10-20 01:05 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2015-11-11 14:59 - 2015-10-20 01:05 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll

2015-11-11 14:59 - 2015-10-20 01:05 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll

2015-11-11 14:59 - 2015-10-20 01:05 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2015-11-11 14:59 - 2015-10-20 01:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll

2015-11-11 14:59 - 2015-10-20 01:05 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll

2015-11-11 14:59 - 2015-10-20 01:05 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2015-11-11 14:59 - 2015-10-20 01:05 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll

2015-11-11 14:59 - 2015-10-20 01:05 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll

2015-11-11 14:59 - 2015-10-20 01:05 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe

2015-11-11 14:59 - 2015-10-20 01:05 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll

2015-11-11 14:59 - 2015-10-20 01:05 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll

2015-11-11 14:59 - 2015-10-20 01:05 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe

2015-11-11 14:59 - 2015-10-20 01:05 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll

2015-11-11 14:59 - 2015-10-20 01:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll

2015-11-11 14:59 - 2015-10-20 01:05 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll

2015-11-11 14:59 - 2015-10-20 01:05 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll

2015-11-11 14:59 - 2015-10-20 01:05 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll

2015-11-11 14:59 - 2015-10-20 01:05 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll

2015-11-11 14:59 - 2015-10-20 01:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll

2015-11-11 14:59 - 2015-10-20 01:05 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll

2015-11-11 14:59 - 2015-10-20 01:04 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe

2015-11-11 14:59 - 2015-10-20 01:04 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe

2015-11-11 14:59 - 2015-10-20 01:04 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe

2015-11-11 14:59 - 2015-10-20 01:00 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll

2015-11-11 14:59 - 2015-10-20 00:59 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll

2015-11-11 14:59 - 2015-10-20 00:53 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll

2015-11-11 14:59 - 2015-10-20 00:53 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll

2015-11-11 14:59 - 2015-10-20 00:53 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll

2015-11-11 14:59 - 2015-10-20 00:53 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll

2015-11-11 14:59 - 2015-10-20 00:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2015-11-11 14:59 - 2015-10-20 00:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2015-11-11 14:59 - 2015-10-20 00:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2015-11-11 14:59 - 2015-10-20 00:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll

2015-11-11 14:59 - 2015-10-20 00:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2015-11-11 14:59 - 2015-10-20 00:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll

2015-11-11 14:59 - 2015-10-20 00:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2015-11-11 14:59 - 2015-10-20 00:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2015-11-11 14:59 - 2015-10-20 00:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2015-11-11 14:59 - 2015-10-20 00:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll

2015-11-11 14:59 - 2015-10-20 00:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll

2015-11-11 14:59 - 2015-10-20 00:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2015-11-11 14:59 - 2015-10-20 00:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll

2015-11-11 14:59 - 2015-10-20 00:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2015-11-11 14:59 - 2015-10-20 00:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll

2015-11-11 14:59 - 2015-10-20 00:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll

2015-11-11 14:59 - 2015-10-20 00:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll

2015-11-11 14:59 - 2015-10-20 00:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll

2015-11-11 14:59 - 2015-10-20 00:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2015-11-11 14:59 - 2015-10-20 00:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll

2015-11-11 14:59 - 2015-10-20 00:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2015-11-11 14:59 - 2015-10-20 00:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2015-11-11 14:59 - 2015-10-20 00:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2015-11-11 14:59 - 2015-10-20 00:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll

2015-11-11 14:59 - 2015-10-20 00:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2015-11-11 14:59 - 2015-10-20 00:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll

2015-11-11 14:59 - 2015-10-20 00:52 - 03991488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2015-11-11 14:59 - 2015-10-20 00:52 - 03935680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2015-11-11 14:59 - 2015-10-20 00:48 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll

2015-11-11 14:59 - 2015-10-20 00:45 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

2015-11-11 14:59 - 2015-10-20 00:45 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll

2015-11-11 14:59 - 2015-10-20 00:45 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2015-11-11 14:59 - 2015-10-20 00:45 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2015-11-11 14:59 - 2015-10-20 00:45 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll

2015-11-11 14:59 - 2015-10-20 00:45 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll

2015-11-11 14:59 - 2015-10-20 00:45 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll

2015-11-11 14:59 - 2015-10-20 00:45 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll

2015-11-11 14:59 - 2015-10-20 00:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2015-11-11 14:59 - 2015-10-20 00:45 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2015-11-11 14:59 - 2015-10-20 00:45 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll

2015-11-11 14:59 - 2015-10-20 00:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2015-11-11 14:59 - 2015-10-20 00:44 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll

2015-11-11 14:59 - 2015-10-20 00:44 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll

2015-11-11 14:59 - 2015-10-20 00:44 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll

2015-11-11 14:59 - 2015-10-20 00:44 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2015-11-11 14:59 - 2015-10-20 00:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe

2015-11-11 14:59 - 2015-10-20 00:44 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2015-11-11 14:59 - 2015-10-20 00:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll

2015-11-11 14:59 - 2015-10-20 00:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll

2015-11-11 14:59 - 2015-10-20 00:35 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll

2015-11-11 14:59 - 2015-10-20 00:35 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll

2015-11-11 14:59 - 2015-10-20 00:35 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll

2015-11-11 14:59 - 2015-10-20 00:35 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll

2015-11-11 14:59 - 2015-10-20 00:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll

2015-11-11 14:59 - 2015-10-20 00:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll

2015-11-11 14:59 - 2015-10-20 00:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll

2015-11-11 14:59 - 2015-10-20 00:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll

2015-11-11 14:59 - 2015-10-20 00:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll

2015-11-11 14:59 - 2015-10-20 00:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll

2015-11-11 14:59 - 2015-10-20 00:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll

2015-11-11 14:59 - 2015-10-20 00:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll

2015-11-11 14:59 - 2015-10-20 00:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll

2015-11-11 14:59 - 2015-10-20 00:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll

2015-11-11 14:59 - 2015-10-20 00:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll

2015-11-11 14:59 - 2015-10-20 00:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll

2015-11-11 14:59 - 2015-10-20 00:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll

2015-11-11 14:59 - 2015-10-20 00:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll

2015-11-11 14:59 - 2015-10-20 00:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll

2015-11-11 14:59 - 2015-10-20 00:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll

2015-11-11 14:59 - 2015-10-20 00:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll

2015-11-11 14:59 - 2015-10-20 00:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll

2015-11-11 14:59 - 2015-10-20 00:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll

2015-11-11 14:59 - 2015-10-20 00:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll

2015-11-11 14:59 - 2015-10-20 00:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll

2015-11-11 14:59 - 2015-10-20 00:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll

2015-11-11 14:59 - 2015-10-19 23:41 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys

2015-11-11 14:59 - 2015-10-19 23:40 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys

2015-11-11 14:59 - 2015-10-19 23:40 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys

2015-11-11 14:59 - 2015-10-19 23:29 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2015-11-11 14:59 - 2015-10-19 23:29 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2015-11-11 14:59 - 2015-10-19 23:27 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll

2015-11-11 14:59 - 2015-10-19 23:27 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll

2015-11-11 14:59 - 2015-10-19 23:27 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll

2015-11-11 14:59 - 2015-10-19 23:27 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll

2015-11-11 14:59 - 2015-09-23 13:15 - 00460776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys

2015-11-11 14:59 - 2015-09-23 13:15 - 00299632 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll

2015-11-11 14:59 - 2015-09-23 13:09 - 00251000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll

2015-11-11 14:58 - 2015-10-13 16:41 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys

2015-11-11 14:58 - 2015-10-13 16:40 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys

2015-11-11 14:57 - 2015-10-01 18:00 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll

2015-11-11 14:57 - 2015-10-01 17:50 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll

2015-11-11 14:14 - 2015-11-11 14:14 - 00002211 _____ C:\Users\Public\Desktop\LaCie Desktop Manager.lnk

2015-11-11 14:14 - 2015-11-11 14:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LaCie

2015-11-11 14:14 - 2015-11-11 14:14 - 00000000 ____D C:\ProgramData\LaCie

2015-11-11 14:14 - 2015-11-11 14:14 - 00000000 ____D C:\Program Files (x86)\LaCie

2015-11-11 14:13 - 2015-11-11 14:13 - 00000000 ___RD C:\Users\HD\Desktop\No-Backup Zone

2015-11-11 14:13 - 2015-11-11 14:13 - 00000000 ____D C:\Users\HD\AppData\Roaming\Genie9

2015-11-11 14:12 - 2015-11-11 14:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Genie9

2015-11-11 14:11 - 2015-11-11 14:11 - 00000000 ____D C:\Program Files\Genie9

2015-11-11 14:09 - 2015-11-11 14:09 - 00003086 _____ C:\Windows\System32\Tasks\{37E200F2-F0DA-480E-8C5D-F90178EBEC8C}

2015-11-10 02:56 - 2015-11-10 02:56 - 00063301 _____ C:\Users\HD\Desktop\FRST.txt

2015-11-10 02:56 - 2015-11-10 02:56 - 00045456 _____ C:\Users\HD\Desktop\Addition.txt

2015-11-10 02:35 - 2015-11-10 02:36 - 00045456 _____ C:\Users\HD\Downloads\Addition.txt

2015-11-10 02:33 - 2015-11-18 17:41 - 00022618 _____ C:\Users\HD\Downloads\FRST.txt

2015-11-10 02:30 - 2015-11-18 17:57 - 00000000 ____D C:\FRST

2015-11-10 02:30 - 2015-11-18 17:40 - 02008576 _____ (Farbar) C:\Users\HD\Downloads\FRST64.exe

2015-11-10 01:49 - 2015-11-10 01:51 - 00000000 ____D C:\Users\HD\AppData\Roaming\Media Player Classic

2015-11-10 01:41 - 2015-11-10 01:41 - 00000000 ____D C:\Users\HD\AppData\Roaming\com.adobe.formscentral.FormsCentralForAcrobat

2015-11-10 01:22 - 2015-11-10 01:22 - 00026900 _____ C:\Users\HD\AppData\LocalLow\dt.dat

2015-11-10 00:08 - 2015-11-10 00:08 - 00000412 _____ C:\Windows\DCEBOOT.RST

2015-11-10 00:08 - 2015-11-10 00:08 - 00000000 _____ C:\Windows\DCEBOOT.LOG

2015-11-10 00:06 - 2015-11-10 00:06 - 00231960 _____ C:\Windows\RegBootClean64.exe

2015-11-10 00:06 - 2015-11-10 00:06 - 00021528 _____ C:\Windows\DCEBoot64.exe

2015-11-10 00:06 - 2015-11-10 00:06 - 00009392 _____ C:\Windows\RegBootClean64.CFG

2015-11-10 00:04 - 2015-11-10 00:08 - 00000000 ____D C:\ProgramData\AntiRansomware

2015-11-10 00:04 - 2015-11-10 00:06 - 00000000 ____D C:\Program Files (x86)\AntiRansomware2.0

2015-11-09 22:17 - 2015-11-09 22:24 - 02581978 _____ C:\Users\HD\Desktop\ListCWall.txt

2015-11-09 21:51 - 2015-11-13 13:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG

2015-11-09 21:51 - 2015-11-13 13:01 - 00000000 ____D C:\Program Files\Common Files\AV

2015-11-09 21:45 - 2015-11-13 13:02 - 00000000 ___HD C:\$AVG

2015-11-09 21:43 - 2015-11-13 16:06 - 00000000 ____D C:\Program Files (x86)\AVG

2015-11-09 21:40 - 2015-11-18 17:30 - 00000000 ____D C:\ProgramData\MFAData

2015-10-21 16:16 - 2015-10-21 16:16 - 00284080 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys

2015-10-21 16:15 - 2015-10-21 16:15 - 00255408 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys

2015-10-19 08:03 - 2015-10-19 08:03 - 00313776 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys

 

==================== One Month Modified files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2015-11-18 17:56 - 2013-02-26 09:26 - 00000000 ____D C:\Users\HD\Downloads\GuitarTuner

2015-11-18 17:56 - 2013-02-26 09:08 - 00000000 ____D C:\Users\HD\Downloads\roboguru

2015-11-18 17:56 - 2013-02-15 11:10 - 00000000 ____D C:\Users\HD\Downloads\guaxcl17zip

2015-11-18 17:56 - 2013-02-15 10:35 - 00000000 ____D C:\Users\HD\Downloads\aopbzip

2015-11-18 17:55 - 2013-02-15 11:18 - 00000000 ____D C:\Users\HD\Downloads\edsetupzip

2015-11-18 17:55 - 2013-02-15 10:56 - 00000000 ____D C:\Users\HD\Downloads\epasreczip

2015-11-18 17:50 - 2011-12-30 11:39 - 00000000 ____D C:\Users\HD

2015-11-18 17:49 - 2011-09-23 08:35 - 01080762 _____ C:\Windows\WindowsUpdate.log

2015-11-18 17:36 - 2012-06-03 00:46 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-11-18 17:32 - 2011-12-30 11:43 - 00003902 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{61AB342F-D81B-48E5-8BC6-556E460029F9}

2015-11-18 17:29 - 2012-02-07 12:53 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-11-18 17:28 - 2011-12-30 11:39 - 00000000 ____D C:\Users\HD\AppData\LocalLow\AuthenTec

2015-11-17 19:29 - 2012-02-07 12:53 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-11-17 14:45 - 2009-07-14 04:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-11-17 14:45 - 2009-07-14 04:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-11-17 14:39 - 2012-08-06 09:25 - 00000000 ____D C:\Users\HD\AppData\Roaming\Skype

2015-11-17 14:38 - 2015-03-30 21:25 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-11-17 14:36 - 2015-03-31 18:36 - 00003818 _____ C:\Windows\setupact.log

2015-11-17 14:36 - 2009-07-14 05:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2015-11-17 14:33 - 2015-03-31 18:29 - 00000000 ____D C:\AdwCleaner

2015-11-17 14:23 - 2013-11-13 18:20 - 00000000 ____D C:\ProgramData\Ad-Aware Browsing Protection

2015-11-13 16:07 - 2015-06-11 18:48 - 00411304 _____ C:\Windows\system32\FNTCACHE.DAT

2015-11-13 16:06 - 2010-11-21 03:47 - 00670998 _____ C:\Windows\PFRO.log

2015-11-13 14:32 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\rescache

2015-11-13 13:07 - 2013-02-15 10:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2015-11-12 21:11 - 2009-07-14 05:13 - 00726444 _____ C:\Windows\system32\PerfStringBackup.INI

2015-11-12 21:07 - 2015-01-24 11:22 - 00000000 ____D C:\Users\HD\AppData\Local\YhPack

2015-11-12 21:07 - 2015-01-24 11:21 - 00000000 ____D C:\Users\HD\AppData\Local\Ifsoft

2015-11-12 20:47 - 2013-08-17 11:52 - 00000000 ____D C:\Windows\system32\MRT

2015-11-12 20:47 - 2012-01-11 18:38 - 145617392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2015-11-12 20:47 - 2012-01-02 15:45 - 00000000 ____D C:\ProgramData\Microsoft Help

2015-11-11 19:44 - 2012-02-24 21:36 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2015-11-11 14:37 - 2012-06-03 00:46 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2015-11-11 14:37 - 2012-06-03 00:46 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

2015-11-11 14:37 - 2011-07-16 06:05 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2015-11-10 01:56 - 2012-03-25 01:49 - 00000000 ____D C:\Users\HD\Documents\Films

2015-11-10 01:43 - 2013-02-15 10:35 - 00000000 ____D C:\Program Files (x86)\ElcomSoft

2015-11-10 01:42 - 2011-09-23 08:42 - 00000000 ____D C:\ProgramData\Temp

2015-11-10 01:17 - 2012-01-02 15:35 - 00000000 ____D C:\Users\HD\AppData\Roaming\DAEMON Tools Lite

2015-11-10 00:55 - 2013-01-08 11:51 - 00000000 ____D C:\Users\HD\AppData\Local\Pearson VUE Common

2015-11-10 00:47 - 2013-01-08 01:12 - 00000000 ____D C:\Program Files (x86)\HTC

2015-11-10 00:47 - 2012-01-20 01:31 - 00000000 ____D C:\Users\HD\AppData\Local\Downloaded Installations

2015-11-10 00:46 - 2011-09-23 08:32 - 00031616 _____ C:\Windows\DPINST.LOG

2015-11-10 00:42 - 2012-01-04 21:25 - 00011728 _____ C:\Windows\TdiInstall.log

2015-11-10 00:42 - 2012-01-04 21:25 - 00000000 ____D C:\Users\HD\AppData\Roaming\Birdstep Technology

2015-11-10 00:42 - 2012-01-04 21:25 - 00000000 ____D C:\ProgramData\Birdstep Technology

2015-11-10 00:42 - 2011-07-16 06:18 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information

2015-11-10 00:06 - 2015-08-13 14:44 - 00000000 ____D C:\Program Files (x86)\QuickTime

2015-11-10 00:06 - 2012-06-04 19:32 - 00000000 ____D C:\Program Files (x86)\Winamp

2015-11-09 23:56 - 2015-03-30 21:25 - 00001102 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-11-09 23:56 - 2015-03-30 21:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-11-09 23:56 - 2015-03-30 21:25 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-11-09 21:46 - 2012-04-11 17:22 - 00003230 _____ C:\Windows\System32\Tasks\SidebarExecute

2015-11-09 21:01 - 2012-10-13 06:31 - 00000000 ____D C:\Users\HD\Documents\Interview questions

2015-11-05 16:52 - 2012-01-11 18:46 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log

2015-11-01 23:13 - 2015-01-12 21:28 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task

2015-10-27 09:53 - 2012-06-25 20:36 - 00003168 _____ C:\Windows\System32\Tasks\HPCeeScheduleForHD

2015-10-27 09:53 - 2012-06-25 20:36 - 00000320 _____ C:\Windows\Tasks\HPCeeScheduleForHD.job

 

==================== Files in the root of some directories =======

 

2012-05-21 22:31 - 2012-05-21 22:31 - 0000000 _____ () C:\Users\HD\AppData\Roaming\.googlewebacchosts

2015-03-29 22:14 - 2015-03-29 22:14 - 0008572 _____ () C:\Users\HD\AppData\Roaming\HELP_DECRYPT.HTML

2015-03-29 22:14 - 2015-03-29 22:14 - 0045306 _____ () C:\Users\HD\AppData\Roaming\HELP_DECRYPT.PNG

2015-03-29 22:14 - 2015-03-29 22:14 - 0004226 _____ () C:\Users\HD\AppData\Roaming\HELP_DECRYPT.TXT

2015-03-29 22:14 - 2015-03-29 22:14 - 0000276 _____ () C:\Users\HD\AppData\Roaming\HELP_DECRYPT.URL

2015-08-27 15:11 - 2015-08-27 15:11 - 0000038 ___SH () C:\Users\HD\AppData\Local\69ff07055291669bb2b218.72821112

2015-11-13 19:45 - 2015-11-13 20:37 - 0021504 _____ () C:\Users\HD\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2015-03-29 22:13 - 2015-03-29 22:13 - 0008572 _____ () C:\Users\HD\AppData\Local\HELP_DECRYPT.HTML

2015-03-29 22:13 - 2015-03-29 22:13 - 0045306 _____ () C:\Users\HD\AppData\Local\HELP_DECRYPT.PNG

2015-03-29 22:13 - 2015-03-29 22:13 - 0004226 _____ () C:\Users\HD\AppData\Local\HELP_DECRYPT.TXT

2015-03-29 22:13 - 2015-03-29 22:13 - 0000276 _____ () C:\Users\HD\AppData\Local\HELP_DECRYPT.URL

2015-03-29 22:12 - 2015-03-29 22:12 - 0008572 _____ () C:\ProgramData\HELP_DECRYPT.HTML

2015-03-29 22:12 - 2015-03-29 22:12 - 0045306 _____ () C:\ProgramData\HELP_DECRYPT.PNG

2015-03-29 22:12 - 2015-03-29 22:12 - 0004226 _____ () C:\ProgramData\HELP_DECRYPT.TXT

2015-03-29 22:12 - 2015-03-29 22:12 - 0000276 _____ () C:\ProgramData\HELP_DECRYPT.URL

2012-01-21 18:07 - 2014-03-12 18:35 - 0002111 _____ () C:\ProgramData\hpzinstall.log

 

Files to move or delete:

====================

C:\Users\HD\DeletePrintJobs.cmd

 

 

Some files in TEMP:

====================

C:\Users\HD\AppData\Local\Temp\HitmanPro.exe

C:\Users\HD\AppData\Local\Temp\ose00000.exe

C:\Users\HD\AppData\Local\Temp\Quarantine.exe

C:\Users\HD\AppData\Local\Temp\sqlite3.dll

 

 

==================== Bamital & volsnap =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\dnsapi.dll => File is digitally signed

C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2015-11-10 08:59

 

==================== End of FRST.txt ============================

Link to post
Share on other sites
cwallremove

cwallremove

Posted
  • Author
Posted
Additional scan result of Farbar Recovery Scan Tool (x64) Version:18-11-2015

Ran by HD (2015-11-18 17:58:49)

Running from C:\Users\HD\Downloads\FRST-OlderVersion

Windows 7 Home Premium Service Pack 1 (X64) (2011-12-30 11:39:07)

Boot Mode: Normal

==========================================================

 

 

==================== Accounts: =============================

 

Administrator (S-1-5-21-790991912-2550835033-3860445865-500 - Administrator - Disabled)

Guest (S-1-5-21-790991912-2550835033-3860445865-501 - Limited - Disabled)

HD (S-1-5-21-790991912-2550835033-3860445865-1000 - Administrator - Enabled) => C:\Users\HD

HomeGroupUser$ (S-1-5-21-790991912-2550835033-3860445865-1002 - Limited - Enabled)

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: AVG AntiVirus Free Edition (Disabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: AVG AntiVirus Free Edition (Disabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

 

==================== Installed Programs ======================

 

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

1400 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden

1400_Help (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden

1400Trb (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden

Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.13 - Adobe Systems)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.7.0.1860 - Adobe Systems Incorporated)

Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.6 - Adobe Systems Incorporated)

Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.245 - Adobe Systems Incorporated)

Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)

Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)

Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden

AIO_CDB_ProductContext (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden

AIO_CDB_Software (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden

AIO_Scan (x32 Version: 130.0.421.000 - Hewlett-Packard) Hidden

Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)

Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

AuthenTec TrueAPI (Version: 1.3.0.111 - AuthenTec, Inc.) Hidden

AVG (HKLM\...\AvgZen) (Version: 1.22.1.40089 - AVG Technologies)

AVG (Version: 16.7.7227 - AVG Technologies) Hidden

AVG 2012 (Version: 12.0.4311 - AVG Technologies) Hidden

AVG 2016 (Version: 16.0.4460 - AVG Technologies) Hidden

AVG Protection (HKLM\...\AVG) (Version: 2016.7.7227 - AVG Technologies)

AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.1.8.599 - AVG Technologies)

AVG Zen (Version: 1.22.1 - AVG Technologies) Hidden

BBC iPlayer Desktop (HKLM-x32\...\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1) (Version: 3.2.15 - British Broadcasting Corp.)

BBC iPlayer Desktop (x32 Version: 3.2.15 - British Broadcasting Corp.) Hidden

Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden

Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden

Blasterball 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden

BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden

Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden

Chronicles of Albian (x32 Version: 2.2.0.95 - WildTangent) Hidden

Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden

Cradle of Rome 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden

CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.1.4119 - CyberLink Corp.)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden

DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden

DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.24 - DivX, LLC)

DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden

ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )

ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{E96CAA2A-0244-4A2A-8403-0C3C9534778B}) (Version: 2.1.1 - Hewlett-Packard)

Excel Password Recovery Master 3.6 (HKLM-x32\...\Excel Password Recovery Master_is1) (Version:  - )

Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden

FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden

Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden

Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden

FMW 1 (Version: 1.32.2 - AVG Technologies) Hidden

Genie Timeline (HKLM-x32\...\Genie Timeline) (Version: 3.0 - Genie9)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.86 - Google Inc.)

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden

Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden

GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden

Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden

HP Documentation (HKLM-x32\...\{DE15C5EC-7C30-44BF-ACEB-03960FC5601D}) (Version: 1.1.1.0 - Hewlett-Packard)

HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)

HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)

HP Launch Box (HKLM\...\{5A847522-375C-4D05-BD3D-88C450CC047F}) (Version: 1.1.5 - Hewlett-Packard Company)

HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)

HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)

HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B (HKLM\...\{B61ED343-0B14-4241-999C-490CB1A20DA4}) (Version: 13.0 - HP)

HP Power Manager (HKLM-x32\...\{7E799992-5DA0-4A1A-9443-B1836B063FEC}) (Version: 1.4.8 - Hewlett-Packard Company)

HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company)

HP QuickWeb (HKLM-x32\...\{8B52057C-15DB-433E-957C-E279BC7D07E3}) (Version: 3.1.0.9742 - Hewlett-Packard Company)

HP Setup (HKLM-x32\...\{5036764A-435D-40C9-869C-31085A3D741D}) (Version: 8.7.4751.3798 - Hewlett-Packard Company)

HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13476.3753 - Hewlett-Packard Company)

HP SimplePass PE 2011 (HKLM-x32\...\{31CEFF4E-B6D1-46A5-9169-7C67570E7FFA}) (Version: 5.3.0.163 - Hewlett-Packard)

HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)

HP Software Framework (HKLM-x32\...\{675D093B-815D-47FD-AB2C-192EC751E8E2}) (Version: 4.6.10.1 - Hewlett-Packard Company)

HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)

HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)

HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)

HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden

HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden

HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden

HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden

HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden

IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6365.0 - IDT)

InstallConverter (HKLM-x32\...\InstallConverter) (Version: 1.0 - InstallConverter)

Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)

Intel® Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2372 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.5.0.1026 - Intel Corporation)

IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC)

iTunes (HKLM\...\{6CF1A7E2-8001-4870-9F18-3C6CDD6FE9E3}) (Version: 12.2.1.16 - Apple Inc.)

Java 6 Update 37 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216035FF}) (Version: 6.0.370 - Oracle)

Jewel Quest: The Sleepless Star - Collector's Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden

Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

LaCie Desktop Manager 2.3.0 (HKLM-x32\...\{3845209F-142E-4F48-B61A-AA34D2DB54BB}_is1) (Version: 2.3.0 - LaCie)

Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden

Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)

Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)

Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)

Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft SQL Server Compact 3.5 SP1 English (HKLM-x32\...\{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}) (Version: 3.5.5692.0 - Microsoft Corporation)

Microsoft SQL Server Compact 3.5 SP1 x64 English (HKLM\...\{F83779DF-E1F5-43A2-A7BE-732F856FADB7}) (Version: 3.5.5692.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)

MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)

MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)

Mystery of Mortlake Mansion (x32 Version: 2.2.0.97 - WildTangent) Hidden

Namco All-Stars: PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden

NETGEAR WNDA3200 wireless adapter Setup (HKLM-x32\...\{9B02F55E-7E6B-4226-8E67-76514D33FD41}_is1) (Version: 1.0.0.11 - NETGEAR)

Network64 (Version: 130.0.572.000 - Hewlett-Packard) Hidden

Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden

OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)

Opera 12.16 (HKLM-x32\...\Opera 12.16.1860) (Version: 12.16.1860 - Opera Software ASA)

Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden

Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden

Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden

Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden

Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden

QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)

Ralink RT5390 802.11b/g/n WiFi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 3.2.13.0 - Ralink)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)

Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.85 - Realtek Semiconductor Corp.)

Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) Hidden

Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden

Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)

Slingo Supreme (x32 Version: 2.2.0.97 - WildTangent) Hidden

SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden

SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden

Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden

Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.11.0 - Synaptics Incorporated)

Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden

TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden

UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden

Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)

Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden

USB Storage Driver (HKLM-x32\...\GENEUIDE) (Version:  - )

Vacation Quest - The Hawaiian Islands (x32 Version: 2.2.0.97 - WildTangent) Hidden

VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden

VIP Access SDK (1.0.1.2)  (HKLM-x32\...\VIP Access SDK) (Version: 1.0.1.2 - Symantec Inc.)

Virtual Villagers 5 - New Believers (x32 Version: 2.2.0.97 - WildTangent) Hidden

Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)

Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)

Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)

Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)

WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden

WildTangent Games App (HP Games) (x32 Version: 4.0.5.2 - WildTangent) Hidden

Winamp (HKLM-x32\...\Winamp) (Version: 5.623  - Nullsoft, Inc)

Winamp Detector Plug-in (HKU\S-1-5-21-790991912-2550835033-3860445865-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)

Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

WinRAR 4.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)

ZTE_1.2059.0.8 (HKLM-x32\...\ZTE_1.2059.0.8) (Version:  - )

Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

 

==================== Custom CLSID (Whitelisted): ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== Restore Points =========================

 

11-11-2015 19:34:21 Scheduled Checkpoint

12-11-2015 20:16:50 Windows Update

13-11-2015 12:38:54 Windows Modules Installer

13-11-2015 12:55:17 Installed AVG 2016

13-11-2015 12:56:38 Installed AVG

17-11-2015 14:21:57 JRT Pre-Junkware Removal

 

==================== Hosts content: ===============================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2009-07-14 02:34 - 2015-03-31 18:27 - 00000019 ____A C:\Windows\system32\Drivers\etc\hosts

 

127.0.0.1 localhost

 

==================== Scheduled Tasks (Whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

Task: {0D953963-EE46-473B-95C8-1263B4C2D731} - System32\Tasks\HPCeeScheduleForHD => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)

Task: {143AC611-7445-431E-99B1-5036BBF51DE5} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)

Task: {32112E33-1530-42F3-975F-ECDB8134B02E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.)

Task: {383A2E06-95D1-43B8-AC4E-AB7F0F019516} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)

Task: {3CC6E8EE-F4B5-45DC-B07C-3C5EBD36A657} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)

Task: {3E38FDB1-07DB-4542-A004-E3F3DC83DE6B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-11] (Adobe Systems Incorporated)

Task: {42DC1E66-6B83-45FE-8A86-D3A79E5257BD} - System32\Tasks\{37E200F2-F0DA-480E-8C5D-F90178EBEC8C} => pcalua.exe -a "I:\LaCie Setup\LaCie Setup.exe" -d "I:\LaCie Setup"

Task: {46F54200-3015-4D3D-9CB1-48777A971FE1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-10-20] (Hewlett-Packard)

Task: {66F996CF-CB4F-4007-9F13-E578BD18DD05} - System32\Tasks\{5A7748BB-DEE4-4341-81D7-C4A57563A6D6} => pcalua.exe -a C:\Users\HD\Downloads\AdobeAIRInstaller.exe -d C:\Users\HD\Desktop

Task: {72C19120-9B73-40C5-898A-9C607C6A757D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)

Task: {79E741BA-842F-4C71-A5F9-16C85212FA65} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)

Task: {7D195A02-9CCB-433A-A560-76A68C4C4903} - System32\Tasks\{B8255646-8301-4024-8695-3F0E95711F24} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.1.0.129.272/en/abandoninstall?page=tsProgressBar

Task: {7F468A3D-8A16-439B-B62D-BBE5F6DC55B2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {81D92224-3B71-4D70-83BE-0FB1EA889468} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)

Task: {8C1590CA-546A-48F0-9FB4-02F1B5A5FA60} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2011-06-28] ()

Task: {DA9EC47A-C905-4FF8-9009-B8F3B68660E7} - System32\Tasks\{85932C58-3690-48DF-A1E5-09073CFC0FEC} => pcalua.exe -a C:\Users\HD\Downloads\CF_101.exe -d C:\Users\HD\Desktop

Task: {DCA20E7B-2573-4556-8A62-B4E59CE47D9A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.)

Task: {E1B00C8A-A174-4A0C-8AA0-27364EE8DE89} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2011-06-28] ()

Task: {F54C477F-4CF8-41F8-9C2E-8F36CB39C2B0} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-17] ()

Task: {F799B1DD-E5F0-44AE-AE99-FFBD0D76EF20} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-06-16] (CyberLink)

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\HPCeeScheduleForHD.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe

 

==================== Loaded Modules (Whitelisted) ==============

 

2015-11-13 13:07 - 2015-11-13 13:06 - 01205136 ____N () C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe

2015-05-15 15:26 - 2015-05-15 15:26 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

2015-05-15 15:26 - 2015-05-15 15:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

2012-01-02 14:28 - 2011-03-02 12:40 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll

2011-05-10 17:56 - 2011-05-10 17:56 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll

2012-09-10 14:29 - 2012-09-10 14:29 - 00332800 _____ () C:\Program Files\Genie9\Genie Timeline\OnlineHandler.dll

2012-04-24 09:29 - 2012-04-24 09:29 - 00045568 _____ () C:\Program Files\Genie9\Genie Timeline\GSLogging.dll

2012-09-10 14:29 - 2012-09-10 14:29 - 00488960 _____ () C:\Program Files\Genie9\Genie Timeline\GSIndexDB.dll

2012-02-02 09:16 - 2012-02-02 09:16 - 00740864 _____ () C:\Program Files\Genie9\Genie Timeline\sqlite3.dll

2012-04-24 09:29 - 2012-04-24 09:29 - 00011264 _____ () C:\Program Files\Genie9\Genie Timeline\RWLock.dll

2012-09-10 14:29 - 2012-09-10 14:29 - 00205824 _____ () C:\Program Files\Genie9\Genie Timeline\Settings.dll

2012-04-24 09:29 - 2012-04-24 09:29 - 00089600 _____ () C:\Program Files\Genie9\Genie Timeline\GSEncryption.dll

2012-09-10 14:29 - 2012-09-10 14:29 - 00087040 _____ () C:\Program Files\Genie9\Genie Timeline\QueueManager.dll

2012-09-10 14:29 - 2012-09-10 14:29 - 00708608 _____ () C:\Program Files\Genie9\Genie Timeline\GSBackupManager.dll

2012-09-10 14:29 - 2012-09-10 14:29 - 00343552 _____ () C:\Program Files\Genie9\Genie Timeline\GSWatcher4.dll

2012-09-10 14:29 - 2012-09-10 14:29 - 00054784 _____ () C:\Program Files\Genie9\Genie Timeline\GSLogManager.dll

2012-02-02 09:16 - 2012-02-02 09:16 - 00010752 _____ () C:\Program Files\Genie9\Genie Timeline\VSSEngine_Proxy.dll

2012-04-24 09:29 - 2012-04-24 09:29 - 00058368 _____ () C:\Program Files\Genie9\Genie Timeline\GSLibrariesManager.dll

2012-02-02 09:16 - 2012-02-02 09:16 - 00031232 _____ () C:\Program Files\Genie9\Genie Timeline\VSSEngine_W2K3.dll

2013-02-13 02:37 - 2013-02-13 02:37 - 01263952 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

2012-09-10 14:29 - 2012-09-10 14:29 - 00063488 _____ () C:\Program Files\Genie9\Genie Timeline\XBalloonMsgDll.dll

2012-04-24 09:29 - 2012-04-24 09:29 - 00093696 _____ () C:\Program Files\Genie9\Genie Timeline\GSCurl.dll

2015-11-11 14:14 - 2014-09-22 09:34 - 02278912 _____ () C:\Program Files (x86)\LaCie\LaCie Desktop Manager\QtCore4.dll

2015-11-11 14:14 - 2014-09-22 09:34 - 00911872 _____ () C:\Program Files (x86)\LaCie\LaCie Desktop Manager\QtNetwork4.dll

2015-11-11 14:14 - 2014-09-22 09:34 - 00339456 _____ () C:\Program Files (x86)\LaCie\LaCie Desktop Manager\QtXml4.dll

2013-02-13 02:38 - 2013-02-13 02:38 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll

2014-10-21 19:16 - 2014-10-21 19:16 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\c152a64e30c5b94894d75ac86aa7aad2\IsdiInterop.ni.dll

2011-09-23 08:33 - 2011-04-30 07:28 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

2015-11-11 19:44 - 2015-11-07 04:36 - 01532744 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\libglesv2.dll

2015-11-11 19:44 - 2015-11-07 04:36 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\libegl.dll

 

==================== Alternate Data Streams (Whitelisted) =========

 

(If an entry is included in the fixlist, only the ADS will be removed.)

 

AlternateDataStreams: C:\ProgramData\Temp:16EAB5F6

AlternateDataStreams: C:\ProgramData\Temp:8FFC7CF4

 

==================== Safe Mode (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

 

==================== EXE Association (Whitelisted) ===============

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

 

 

==================== Internet Explorer trusted/restricted ===============

 

(If an entry is included in the fixlist, it will be removed from the registry.)

 

 

==================== Other Areas ============================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-790991912-2550835033-3860445865-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\HD\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

DNS Servers: 8.8.8.8

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is enabled.

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

(Currently there is no automatic fix for this section.)

 

 

==================== FirewallRules (Whitelisted) ===============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

FirewallRules: [{614582A4-85F4-4C37-8364-E1055222BD3F}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

FirewallRules: [{05BA44B1-9770-45D8-9AEB-8A9EBCE29E3B}] => (Allow) LPort=2869

FirewallRules: [{40076678-29C4-4030-8008-E1E7822C5D11}] => (Allow) LPort=1900

FirewallRules: [{A20B9249-5652-4BC4-9983-CEF3B596645B}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

FirewallRules: [{CD60A239-BFF2-481C-B2EA-A9436150C130}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe

FirewallRules: [{15AE612D-A7E6-4E6A-B3AA-2A84844E70A5}] => (Allow) C:\Windows\system32\ezSharedSvcHost.exe

FirewallRules: [{4162BB8F-D695-4E33-8195-265740A3D167}] => (Allow) C:\Program Files (x86)\EasyBits For Kids\ezDesktop.exe

FirewallRules: [{7615B21B-A1E2-4992-97AE-FD11A2AC48AA}] => (Allow) C:\Users\HD\AppData\Local\Temp\7zS206C\hppiw.exe

FirewallRules: [{78A2D2C3-E8F9-4D6C-9728-F32173EA98A5}] => (Allow) C:\Users\HD\AppData\Local\Temp\7zS206C\hppiw.exe

FirewallRules: [{A5728895-2EF5-459F-A3A9-77BC15310319}] => (Allow) C:\Users\HD\AppData\Local\Temp\7zS24A8\hppiw.exe

FirewallRules: [{67617C66-01AA-4FCF-B22E-50C8E0D93C50}] => (Allow) C:\Users\HD\AppData\Local\Temp\7zS24A8\hppiw.exe

FirewallRules: [{2137483A-98EF-43A2-8FA7-D62180418D41}] => (Allow) C:\Users\HD\AppData\Local\Temp\7zS2C11\hppiw.exe

FirewallRules: [{2DA8ED79-F6D5-4D09-8533-D8397300651A}] => (Allow) C:\Users\HD\AppData\Local\Temp\7zS2C11\hppiw.exe

FirewallRules: [{69B22D2E-36E5-455F-A483-83A0DAED92CA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{FE2E9389-0938-4F43-810F-C541956DA062}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{D94837B6-FF3F-4C9F-9691-4D5C7CDAC8F5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{30AF7599-9503-45ED-ADEE-354C4C56436D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [TCP Query User{7FBA15FC-D1BC-48E6-9F26-000349A0E0F5}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe

FirewallRules: [uDP Query User{45977704-FF79-4161-843F-A1F3D3F21426}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe

FirewallRules: [{B20B3A39-2E5C-4256-B237-C6352D0A2FE2}] => (Block) C:\program files (x86)\winamp\winamp.exe

FirewallRules: [{3DEE8EF9-F73E-41E2-8EF7-796F1AB4D18F}] => (Block) C:\program files (x86)\winamp\winamp.exe

FirewallRules: [{2C14F5A5-D77D-4E46-A17F-BD6CFD44726C}] => (Allow) C:\Program Files (x86)\BearShare Applications\BearShare\BearShare.exe

FirewallRules: [{7173E337-6968-4A88-A495-92BAB3871430}] => (Allow) C:\Program Files (x86)\BearShare Applications\BearShare\BearShare.exe

FirewallRules: [TCP Query User{EB31D149-71BA-46AB-8AE3-6A0B84769905}C:\program files (x86)\bearshare applications\bearshare\bearshare.exe] => (Allow) C:\program files (x86)\bearshare applications\bearshare\bearshare.exe

FirewallRules: [uDP Query User{27EE48CE-257B-4112-80D7-F3A0C82CBFE8}C:\program files (x86)\bearshare applications\bearshare\bearshare.exe] => (Allow) C:\program files (x86)\bearshare applications\bearshare\bearshare.exe

FirewallRules: [{45BF514C-B32F-44CB-95BB-B507E774802D}] => (Allow) C:\Program Files (x86)\FrostWire 5\FrostWire.exe

FirewallRules: [{4F3512B4-6D00-4618-8C7F-9C29B1E088E0}] => (Allow) C:\Program Files (x86)\FrostWire 5\FrostWire.exe

FirewallRules: [{EC1DE418-D0D1-44E4-A0E6-4BE4EC461D70}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe

FirewallRules: [{11D4EDA4-7974-4C9F-87CB-3974DE2C0619}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe

FirewallRules: [{952270A4-B69D-4123-92FE-453D83C3631E}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe

FirewallRules: [TCP Query User{0F10156A-C338-4CD5-A2FB-FD967B5224B3}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe

FirewallRules: [uDP Query User{E267FAEE-95A5-4A1A-A543-2144CE00B3BD}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe

FirewallRules: [TCP Query User{9C05F0F2-0AA9-4FF7-B680-EDDDB27BEC00}C:\users\hd\appdata\local\pearson vue common\jre\jre1.6.0_29\bin\java.exe] => (Allow) C:\users\hd\appdata\local\pearson vue common\jre\jre1.6.0_29\bin\java.exe

FirewallRules: [uDP Query User{874FE1F8-2A7D-4897-8B7F-7BC64CE6FA8B}C:\users\hd\appdata\local\pearson vue common\jre\jre1.6.0_29\bin\java.exe] => (Allow) C:\users\hd\appdata\local\pearson vue common\jre\jre1.6.0_29\bin\java.exe

FirewallRules: [{5AB6D06C-4816-4AE6-A9AE-B3321A20BE82}] => (Allow) C:\Program Files (x86)\Opera\opera.exe

FirewallRules: [{A590A189-28AC-4665-BD3B-CCF14200B8A9}] => (Allow) C:\Program Files (x86)\Opera\opera.exe

FirewallRules: [{B06A38BE-C9DD-47DC-BBB1-28C094A54699}] => (Allow) C:\Users\HD\AppData\Local\Temp\7zS1C4A\hppiw.exe

FirewallRules: [{8A98DBAB-877A-4372-8A3B-36D1ECA05F99}] => (Allow) C:\Users\HD\AppData\Local\Temp\7zS1C4A\hppiw.exe

FirewallRules: [{52016BED-F6A4-41B3-95CA-584C7283179E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

FirewallRules: [{AAB9FA19-584B-4F0B-8735-EF0AEB9E1F44}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe

FirewallRules: [{4E4AF0F6-053B-4DD9-93C5-7D0D0F3AE78F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe

FirewallRules: [{EEB9B7F5-6846-4C7A-90A7-9AB9DE297967}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe

FirewallRules: [{E56361B4-BAAA-4E0C-BA78-AFA0C8BF9EEC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe

FirewallRules: [{927ED191-A1BA-457A-B81F-705E050F5838}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe

FirewallRules: [{180B1B1C-AB27-4A38-8B56-03D3D0E382B3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe

FirewallRules: [{8034EEB2-9EB6-4EBF-8C7D-4E0B10FFEC62}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe

FirewallRules: [{F1AF2D08-4189-4B23-8505-2B5DE74106D5}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe

FirewallRules: [{C7F537BF-1F48-408E-9CF1-D4CD99A069F9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe

FirewallRules: [{FED2820C-3BE5-459D-A972-BC85558880B8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqnrs08.exe

FirewallRules: [{F52DEE61-44B9-4B1F-A796-D20781B0D1AF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe

FirewallRules: [{066F02D9-D367-4A94-B688-894246EDF8D3}] => (Allow) C:\Program Files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe

FirewallRules: [{3ECFFB87-C2EB-4FBF-9933-8BA8C6AB5099}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsudi.exe

FirewallRules: [{26FD7136-A615-42FE-B0B2-798D0F34A2CA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpsapp.exe

FirewallRules: [{D9A59CC1-9C03-47AC-9616-BCC47DD0B52D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe

FirewallRules: [{C1198291-7293-4D82-AE9C-45AA8887275C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe

FirewallRules: [{4B5ACC21-9E60-4F9C-9186-D943F9A347BA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpse.exe

FirewallRules: [{CA61B0C9-BF1A-43B4-8974-01D52A4138F9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe

FirewallRules: [{EB87E9D5-47D3-4AA7-B1FE-4A7C6B815EDC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

FirewallRules: [{1469B0AA-E6B7-4D4D-ACAD-8FEC8B737116}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe

FirewallRules: [{4E67A9F6-EF4C-4AC7-84AA-3141A7F96137}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe

FirewallRules: [{CEEFA4F0-41B8-40EA-A083-65E1FFE58157}] => (Allow) C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\dtUser.exe

FirewallRules: [{4B3E233F-818A-4EED-B9CF-8CE46094EFA6}] => (Allow) C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\dtUser.exe

FirewallRules: [{D38A1C7A-DDE5-40FB-919E-900038CAC138}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe

FirewallRules: [{46926604-3383-40BA-82EA-276FCD7B9B70}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe

FirewallRules: [{C2E24CF7-4579-4C68-A355-394A9EA59082}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe

FirewallRules: [{B5174953-5218-4DFA-A783-0C641FFD738D}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe

FirewallRules: [{DD230501-6B1B-498A-AB59-7BB4CC4E8312}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe

FirewallRules: [{0B5DCFA4-D24A-4828-9A2B-B2D6DC5D4100}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe

FirewallRules: [{546C7B2E-5DA5-480E-AB9D-3F2179E3C302}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe

FirewallRules: [{EE5AD014-01F0-443E-B773-497948BEC93B}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe

FirewallRules: [{96BBB5B0-633F-4960-B31D-47D31FDBA3D0}] => (Allow) C:\Windows\explorer.exe

FirewallRules: [{268C26D6-3337-4BA3-AC87-F7899D55FB9B}] => (Allow) C:\Windows\explorer.exe

FirewallRules: [{600E0492-257C-4875-B9F3-149BCA223887}] => (Allow) C:\Windows\SysWOW64\explorer.exe

FirewallRules: [{CCA6D64B-6399-4138-A5D1-902F743997BE}] => (Allow) C:\Windows\SysWOW64\explorer.exe

FirewallRules: [TCP Query User{63A4573B-7E0D-45B5-A8CD-F7F1B4B13E92}C:\windows\syswow64\explorer.exe] => (Block) C:\windows\syswow64\explorer.exe

FirewallRules: [uDP Query User{4CA47036-11E7-4A08-A894-E2541658573A}C:\windows\syswow64\explorer.exe] => (Block) C:\windows\syswow64\explorer.exe

FirewallRules: [{29BFDFC6-FEDE-4B24-8678-B00039405859}] => (Allow) C:\Users\HD\AppData\Local\Temp\nsq33FC.tmp\CnetInstaller-10794603.exe

FirewallRules: [{CD8B1EF3-2138-4A91-857F-67E5F0EEE35D}] => (Allow) C:\Users\HD\AppData\Local\Temp\nsq33FC.tmp\CnetInstaller-10794603.exe

FirewallRules: [{B4A5D356-CE28-4662-9F32-5F4F3D808943}] => (Allow) C:\Program Files\iTunes\iTunes.exe

FirewallRules: [{FD58475D-A4B2-46FE-AEFB-9504BACA4701}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe

FirewallRules: [{D328FEEC-52BB-4E78-8D42-8BD8324F0CB2}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe

FirewallRules: [{654AB552-EE35-419A-83E0-87B616873C4A}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe

FirewallRules: [{6FF6B03A-3CE4-4BF9-B523-C483A2DC33C9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

FirewallRules: [{9358448F-FB64-48E6-896F-AD5598443583}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe

FirewallRules: [{6102061C-C447-4DF8-8C5E-236518868E9B}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe

FirewallRules: [{46C04DCD-1DFB-44AE-A519-0AE5A20F7DB0}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe

FirewallRules: [{E4569A14-5472-47B4-AC3F-B0626C06F0A6}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe

FirewallRules: [{D6CFD0D5-016F-4D9A-BC18-ED9C2C3B7DB9}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe

FirewallRules: [{581C1F6F-E16C-4F52-87BE-82DCF4C44ECE}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe

FirewallRules: [{3330E8AF-D338-493C-B04F-7AD46A1C6F76}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe

FirewallRules: [{5FDAA864-CC72-48FA-99B7-586CED68B25B}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (11/18/2015 05:42:29 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program FRST64.exe version 18.11.2015.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

 

Process ID: f9c

 

Start Time: 01d1222847b52606

 

Termination Time: 0

 

Application Path: C:\Users\HD\Downloads\FRST64.exe

 

Report Id:

 

Error: (11/18/2015 02:10:24 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 15710

 

Error: (11/18/2015 02:10:24 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 15710

 

Error: (11/18/2015 02:10:24 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (11/17/2015 05:37:49 PM) (Source: SideBySide) (EventID: 80) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

 

Error: (11/17/2015 05:37:45 PM) (Source: SideBySide) (EventID: 80) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

 

Error: (11/17/2015 05:37:45 PM) (Source: SideBySide) (EventID: 80) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

 

Error: (11/17/2015 05:37:02 PM) (Source: SideBySide) (EventID: 80) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

 

Error: (11/17/2015 03:54:37 PM) (Source: SideBySide) (EventID: 80) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

 

Error: (11/17/2015 02:38:01 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

 

System errors:

=============

Error: (11/17/2015 05:38:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The eapihdrv service failed to start due to the following error: 

%%1275

 

Error: (11/17/2015 05:38:57 PM) (Source: Application Popup) (EventID: 1060) (User: )

Description: \??\C:\Users\HD\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

 

Error: (11/17/2015 05:38:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The eapihdrv service failed to start due to the following error: 

%%1275

 

Error: (11/17/2015 05:38:57 PM) (Source: Application Popup) (EventID: 1060) (User: )

Description: \??\C:\Users\HD\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

 

Error: (11/17/2015 05:38:56 PM) (Source: Application Popup) (EventID: 1060) (User: )

Description: \??\C:\Users\HD\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

 

Error: (11/17/2015 05:38:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The eapihdrv service failed to start due to the following error: 

%%1275

 

Error: (11/17/2015 05:38:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The eapihdrv service failed to start due to the following error: 

%%1275

 

Error: (11/17/2015 05:38:56 PM) (Source: Application Popup) (EventID: 1060) (User: )

Description: \??\C:\Users\HD\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

 

Error: (11/17/2015 05:38:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The eapihdrv service failed to start due to the following error: 

%%1275

 

Error: (11/17/2015 05:38:56 PM) (Source: Application Popup) (EventID: 1060) (User: )

Description: \??\C:\Users\HD\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

 

 

==================== Memory info =========================== 

 

Processor: Intel® Core i5-2430M CPU @ 2.40GHz

Percentage of memory in use: 34%

Total physical RAM: 6091.86 MB

Available physical RAM: 4012.55 MB

Total Virtual: 12181.93 MB

Available Virtual: 9895.31 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:679.24 GB) (Free:593.81 GB) NTFS ==>[system with boot components (obtained from drive)]

Drive d: (Recovery) (Fixed) (Total:15.24 GB) (Free:1.65 GB) NTFS ==>[system with boot components (obtained from drive)]

Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:1.08 GB) FAT32

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: EBFB7460)

Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=679.2 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=15.2 GB) - (Type=07 NTFS)

Partition 4: (Not Active) - (Size=4 GB) - (Type=0C)

 

==================== End of Addition.txt ============================

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Please delete all the files listed by ESET with the trailing moniker  "Win32/Filecoder.CR trojan"

 

Then do a browser reset on all browsers.

 

Please visit each of the following sites and lets reset all of your browsers back to defaults to prevent unexpected issues.
If you are not using one of the browsers but it is installed then you may want to consider uninstalling it as older versions of some software can pose an increase in the potential for an infection to get in.

Internet Explorer
How to reset Internet Explorer settings

Firefox
Click on Help / Troubleshooting Information then click on the Reset Firefox button.

Chrome
Start by disabling Sync
How To Delete Your Google Chrome Browser Sync Data
Chrome - Reset browser settings
If that fails then Uninstall Google Chrome and do not reinstall until sure the system is clean.
 

 

Then next run the following.

 

 

Please Run TFC by OldTimer to clear temporary files:

  • Download TFC from here and save it to your desktop.
  • http://oldtimer.geekstogo.com/TFC.exe
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

 

Then restart the computer and run the following.

 

Please download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!


 

 

Thanks

Link to post
Share on other sites
cwallremove

cwallremove

Posted
  • Author
Posted
 Results of screen317's Security Check version 1.009  

 Windows 7 Service Pack 1 x64 (UAC is enabled)  

 Internet Explorer 10 Out of date! 

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Firewall Enabled!  

AVG AntiVirus Free Edition   

 Antivirus out of date!  

`````````Anti-malware/Other Utilities Check:````````` 

 AVG Web TuneUp   

 Java 6 Update 37  

 Java version 32-bit out of Date! 

 Adobe Flash Player 19.0.0.245  

 Adobe Reader XI  

 Google Chrome (46.0.2490.80) 

 Google Chrome (46.0.2490.86) 

````````Process Check: objlist.exe by Laurent````````  

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C: 1% 

````````````````````End of Log`````````````````````` 

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Yes, you should have removed any files or folders that ESET listed. If needed I can help you remove them.

 

The logs show an old version of Java. Let me have you remove all java.

 

Next please run JavaRa.

  • Please download JavaRa 2.6 and unzip it to your desktop.
  • Double-click on JavaRa.exe to start the program.
  • Choose Remove JRE and since you already uninstalled JAVA skip step 1 and click on the next button.
  • Now click on Perform Removal Routine to remove the older versions of Java installed on your computer.
  • When that's successfully done, please click OK to close the message.
  • Click on Next and skip the downloading process. Click Next and now click on Close this wizard and click Finish.
  • From the main menu please choose Additional tasks
  • Place a checkmark beside Remove startup entry, Remove Outdated JRE Firefox Extentions and Clean JRE Temp Files and click Run. The browsers should be closed before running this task.
  • When that's succesfully done you will see a message at the top saying: "Selected tasks completed successfully".
  • A log file should be created in the same directory as JavaRa.
  • Please attach the log to your next reply.
  • Close JavaRa by clicking the red cross button.


 

 

Then restart your computer, enable your antivirus and check for updates and do a full system scan with it and let me know what it finds.

Link to post
Share on other sites
cwallremove

cwallremove

Posted
  • Author
Posted
User initialised redundant data purge.

......................

 

Removed registry subkey: java.exe

Removed registry subkey: javaw.exe

Removed registry subkey tree: JavaPlugin.FamilyVersionSupport

Removed registry subkey tree: JavaPlugin.160_37

Removed registry subkey tree: Java Update

Removed registry subkey: 1.6.0_37

Removed registry subkey tree: JavaPlugin

Removed registry subkey tree: JavaPlugin.160_37

Removed registry subkey tree: JavaWebStart.isInstalled.1.6.0.0

Removed registry subkey: F60730A4A66673047777F5728467D401

Removed registry subkey tree: F60730A4A66673047777F5728467D401

Removed registry subkey: A5CCAAC40F5B69B47777ACF82566467C

Removed registry subkey tree: {5852F5EC-8BF4-11D4-A245-0080C6F74284}

Removed registry subkey: application/java-deployment-toolkit

Removed registry subkey: application/x-java-applet

Removed registry subkey: application/x-java-jnlp-file

Removed registry subkey tree: {5852F5E0-8BF4-11D4-A245-0080C6F74284}

Removed registry subkey: .jar

Removed registry subkey: .jnlp

Removed registry subkey tree: jarfile

Removed registry subkey tree: JavaWebStart.isInstalled

Removed registry subkey tree: JavaWebStart.isInstalled.1.7.0.0

Removed registry subkey tree: JNLPFile

Removed registry subkey: javaws.exe

Removed registry subkey: A5CCAAC40F5B69B47777ACF82566467C

Removed registry subkey: 225FA5D4CDB0C57489E7F511C11D0182

Removed registry subkey: 225FC5D4ADB0C57489E7F511C11D0182

Removed registry subkey: 225FC5D4BDB0C57489E7F511C11D0182

Removed registry subkey: 225FC5D4CDB0C57489E7F511C11D0182

Removed registry subkey: 52AAFD69654C07446983ADA1256FC7A9

Removed registry subkey: AD9BB15F1AC776D49B768EDF5A02B896

Removed registry subkey: E1215CC4312C58A4A8F9D630115FB457

Removed registry subkey tree: F60730A4A66673047777F5728467D401

Exception encountered in module [JavaRa]

Message: Cannot delete a subkey tree because the subkey does not exist.

   at Microsoft.Win32.RegistryKey.DeleteSubKeyTreeInternal(String subkey)

   at Microsoft.Win32.RegistryKey.DeleteSubKeyTree(String subkey)

   at JavaRa.routines_registry.delete_key(String key)

 

Removal routine completed successfully. 33 items have been deleted.

== Cleaning JRE temporary files ==

Deleted file: C:\Users\HD\AppData\LocalLow\Sun\Java\Deployment\SystemCache\HELP_DECRYPT.PNG

Deleted file: C:\Users\HD\AppData\LocalLow\Sun\Java\Deployment\SystemCache\HELP_DECRYPT.URL

Deleted file: C:\Users\HD\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\HELP_DECRYPT.PNG

Deleted file: C:\Users\HD\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\HELP_DECRYPT.URL

Deleted file: C:\Users\HD\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\lastAccessed

Deleted file: C:\Users\HD\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-2e267ad9

Deleted file: C:\Users\HD\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-2e267ad9.idx

Deleted file: C:\Users\HD\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-339ddb74

Deleted file: C:\Users\HD\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-339ddb74.idx

Deleted file: C:\Users\HD\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-36971c15.idx

Deleted file: C:\Users\HD\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-4487777a.idx

Deleted file: C:\Users\HD\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-541777b4.idx

Deleted file: C:\Users\HD\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-6205caf4.idx

Deleted file: C:\Users\HD\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-634469ee.idx

Deleted file: C:\Users\HD\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\HELP_DECRYPT.PNG

Deleted file: C:\Users\HD\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\HELP_DECRYPT.URL

 

== Cleaning JRE temporary files ==

Deleted file: C:\Users\HD\AppData\LocalLow\Sun\Java\Deployment\SystemCache\HELP_DECRYPT.PNG

Deleted file: C:\Users\HD\AppData\LocalLow\Sun\Java\Deployment\SystemCache\HELP_DECRYPT.URL

Deleted file: C:\Users\HD\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\HELP_DECRYPT.PNG

Deleted file: C:\Users\HD\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\HELP_DECRYPT.URL

Deleted file: C:\Users\HD\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\lastAccessed

Deleted file: C:\Users\HD\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-2e267ad9

Deleted file: C:\Users\HD\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-2e267ad9.idx

Deleted file: C:\Users\HD\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-339ddb74

Deleted file: C:\Users\HD\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-339ddb74.idx

Deleted file: C:\Users\HD\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-36971c15.idx

Deleted file: C:\Users\HD\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-4487777a.idx

Deleted file: C:\Users\HD\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-541777b4.idx

Deleted file: C:\Users\HD\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-6205caf4.idx

Deleted file: C:\Users\HD\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-634469ee.idx

Deleted file: C:\Users\HD\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\HELP_DECRYPT.PNG

Deleted file: C:\Users\HD\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\HELP_DECRYPT.URL

 

== Cleaning JRE temporary files ==

Deleted file: C:\Users\HD\AppData\LocalLow\Sun\Java\Deployment\SystemCache\HELP_DECRYPT.PNG

Deleted file: C:\Users\HD\AppData\LocalLow\Sun\Java\Deployment\SystemCache\HELP_DECRYPT.URL

Deleted file: C:\Users\HD\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\HELP_DECRYPT.PNG

Deleted file: C:\Users\HD\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\HELP_DECRYPT.URL

Deleted file: C:\Users\HD\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\lastAccessed

Deleted file: C:\Users\HD\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-2e267ad9

Deleted file: C:\Users\HD\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-2e267ad9.idx

Deleted file: C:\Users\HD\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-339ddb74

Deleted file: C:\Users\HD\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-339ddb74.idx

Deleted file: C:\Users\HD\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-36971c15.idx

Deleted file: C:\Users\HD\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-4487777a.idx

Deleted file: C:\Users\HD\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-541777b4.idx

Deleted file: C:\Users\HD\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-6205caf4.idx

Deleted file: C:\Users\HD\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-634469ee.idx

Deleted file: C:\Users\HD\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\HELP_DECRYPT.PNG

Deleted file: C:\Users\HD\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\HELP_DECRYPT.URL

 

== Cleaning JRE temporary files ==

Deleted file: C:\Users\HD\AppData\LocalLow\Sun\Java\Deployment\SystemCache\HELP_DECRYPT.PNG

Deleted file: C:\Users\HD\AppData\LocalLow\Sun\Java\Deployment\SystemCache\HELP_DECRYPT.URL

Deleted file: C:\Users\HD\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\HELP_DECRYPT.PNG

Deleted file: C:\Users\HD\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\HELP_DECRYPT.URL

Deleted file: C:\Users\HD\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\lastAccessed

Deleted file: C:\Users\HD\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-2e267ad9

Deleted file: C:\Users\HD\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-2e267ad9.idx

Deleted file: C:\Users\HD\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-339ddb74

Deleted file: C:\Users\HD\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-339ddb74.idx

Deleted file: C:\Users\HD\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-36971c15.idx

Deleted file: C:\Users\HD\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-4487777a.idx

Deleted file: C:\Users\HD\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-541777b4.idx

Deleted file: C:\Users\HD\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-6205caf4.idx

Deleted file: C:\Users\HD\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-634469ee.idx

Deleted file: C:\Users\HD\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\HELP_DECRYPT.PNG

Deleted file: C:\Users\HD\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\HELP_DECRYPT.URL

 

== Cleaning JRE temporary files ==

Deleted file: C:\Users\HD\AppData\LocalLow\Sun\Java\Deployment\SystemCache\HELP_DECRYPT.PNG

Deleted file: C:\Users\HD\AppData\LocalLow\Sun\Java\Deployment\SystemCache\HELP_DECRYPT.URL

Deleted file: C:\Users\HD\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\HELP_DECRYPT.PNG

Deleted file: C:\Users\HD\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\HELP_DECRYPT.URL

Deleted file: C:\Users\HD\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\lastAccessed

Deleted file: C:\Users\HD\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-2e267ad9

Deleted file: C:\Users\HD\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-2e267ad9.idx

Deleted file: C:\Users\HD\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-339ddb74

Deleted file: C:\Users\HD\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-339ddb74.idx

Deleted file: C:\Users\HD\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-36971c15.idx

Deleted file: C:\Users\HD\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-4487777a.idx

Deleted file: C:\Users\HD\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-541777b4.idx

Deleted file: C:\Users\HD\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-6205caf4.idx

Deleted file: C:\Users\HD\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-634469ee.idx

Deleted file: C:\Users\HD\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\HELP_DECRYPT.PNG

Deleted file: C:\Users\HD\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\HELP_DECRYPT.URL

 

== Cleaning JRE temporary files ==

Deleted file: C:\Users\HD\AppData\LocalLow\Sun\Java\Deployment\SystemCache\HELP_DECRYPT.PNG

Deleted file: C:\Users\HD\AppData\LocalLow\Sun\Java\Deployment\SystemCache\HELP_DECRYPT.URL

Deleted file: C:\Users\HD\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\HELP_DECRYPT.PNG

Deleted file: C:\Users\HD\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\HELP_DECRYPT.URL

Deleted file: C:\Users\HD\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\lastAccessed

Deleted file: C:\Users\HD\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-2e267ad9

Deleted file: C:\Users\HD\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-2e267ad9.idx

Deleted file: C:\Users\HD\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-339ddb74

Deleted file: C:\Users\HD\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-339ddb74.idx

Deleted file: C:\Users\HD\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-36971c15.idx

Deleted file: C:\Users\HD\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-4487777a.idx

Deleted file: C:\Users\HD\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-541777b4.idx

Deleted file: C:\Users\HD\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-6205caf4.idx

Deleted file: C:\Users\HD\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-634469ee.idx

Deleted file: C:\Users\HD\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\HELP_DECRYPT.PNG

Deleted file: C:\Users\HD\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\HELP_DECRYPT.URL

 

== Cleaning JRE temporary files ==

Deleted file: C:\Users\HD\AppData\LocalLow\Sun\Java\Deployment\SystemCache\HELP_DECRYPT.PNG

Deleted file: C:\Users\HD\AppData\LocalLow\Sun\Java\Deployment\SystemCache\HELP_DECRYPT.URL

Deleted file: C:\Users\HD\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\HELP_DECRYPT.PNG

Deleted file: C:\Users\HD\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\HELP_DECRYPT.URL

Deleted file: C:\Users\HD\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\lastAccessed

Deleted file: C:\Users\HD\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-2e267ad9

Deleted file: C:\Users\HD\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-2e267ad9.idx

Deleted file: C:\Users\HD\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-339ddb74

Deleted file: C:\Users\HD\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-339ddb74.idx

Deleted file: C:\Users\HD\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-36971c15.idx

Deleted file: C:\Users\HD\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-4487777a.idx

Deleted file: C:\Users\HD\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-541777b4.idx

Deleted file: C:\Users\HD\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-6205caf4.idx

Deleted file: C:\Users\HD\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-634469ee.idx

Deleted file: C:\Users\HD\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\HELP_DECRYPT.PNG

Deleted file: C:\Users\HD\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\HELP_DECRYPT.URL
Link to post
Share on other sites
cwallremove

cwallremove

Posted
  • Author
Posted

Thanks Ron. I'm also getting the following message in startup errors when putting on my laptop....

 

Top of the box says RegSvr32

 

The module "C:\Users\HD\AppData\Local\Ifsoft\CNBJOP6N.DLL" failed to load. Makes sure binary is stored at the specified path or debug it to check for problems with the binary or depedent .DLL files. 

 

The specified module could not be found

 

Similar message for C:\Users\HD\Local\YhPack\mdnsNSP.dll

 

Have you any ideas how to fix this? Not sure if it was crypto that did this....

Link to post
Share on other sites
cwallremove

cwallremove

Posted
  • Author
Posted
Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 21/11/2015

Scan Time: 21:19

Logfile: latest malware log 21.11.txt

Administrator: Yes

 

Version: 2.2.0.1024

Malware Database: v2015.11.21.05

Rootkit Database: v2015.11.14.01

License: Trial

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

 

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: HD

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 357151

Time Elapsed: 1 hr, 3 min, 27 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

The file mdnsNSP.dll is part of Apple's Bonjour and/or Rendezvous zero configuration networking, most often added by Itunes version 5.0 and later. Reinstalling the latest version of iTunes should correct that error.

I believe that CNBJOP6N.DLL is a DLL file made by CANON INC. for their Canon Inkjet Printer Driver. Updating or reinstalling your printer driver should also correct that error.
 

Please restart the computer one more time. Then run the FRST program again and make sure to place a check mark in the Additions.txt check box and post back both new logs and let me know how the computer is running now.

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.
You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply as well.


 

 

Thanks

Link to post
Share on other sites
cwallremove

cwallremove

Posted
  • Author
Posted
Additional scan result of Farbar Recovery Scan Tool (x64) Version:23-11-2015

Ran by HD (2015-11-25 13:56:14)

Running from C:\Users\HD\Downloads

Windows 7 Home Premium Service Pack 1 (X64) (2011-12-30 11:39:07)

Boot Mode: Normal

==========================================================

 

 

==================== Accounts: =============================

 

Administrator (S-1-5-21-790991912-2550835033-3860445865-500 - Administrator - Disabled)

Guest (S-1-5-21-790991912-2550835033-3860445865-501 - Limited - Disabled)

HD (S-1-5-21-790991912-2550835033-3860445865-1000 - Administrator - Enabled) => C:\Users\HD

HomeGroupUser$ (S-1-5-21-790991912-2550835033-3860445865-1002 - Limited - Enabled)

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: AVG AntiVirus Free Edition (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: AVG AntiVirus Free Edition (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

 

==================== Installed Programs ======================

 

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

1400 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden

1400_Help (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden

1400Trb (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden

Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.13 - Adobe Systems)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.7.0.1860 - Adobe Systems Incorporated)

Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.6 - Adobe Systems Incorporated)

Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.245 - Adobe Systems Incorporated)

Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)

Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)

AIO_CDB_ProductContext (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden

AIO_CDB_Software (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden

AIO_Scan (x32 Version: 130.0.421.000 - Hewlett-Packard) Hidden

Apple Application Support (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)

Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)

AVG (HKLM\...\AvgZen) (Version: 1.22.1.40089 - AVG Technologies)

AVG (Version: 16.7.7227 - AVG Technologies) Hidden

AVG 2016 (Version: 16.0.4477 - AVG Technologies) Hidden

AVG Protection (HKLM\...\AVG) (Version: 2016.7.7227 - AVG Technologies)

AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.1.8.599 - AVG Technologies)

AVG Zen (Version: 1.22.1 - AVG Technologies) Hidden

BBC iPlayer Desktop (HKLM-x32\...\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1) (Version: 3.2.15 - British Broadcasting Corp.)

BBC iPlayer Desktop (x32 Version: 3.2.15 - British Broadcasting Corp.) Hidden

Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)

BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden

Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden

CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.1.4119 - CyberLink Corp.)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden

DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden

DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.24 - DivX, LLC)

DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden

ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{E96CAA2A-0244-4A2A-8403-0C3C9534778B}) (Version: 2.1.1 - Hewlett-Packard)

Excel Password Recovery Master 3.6 (HKLM-x32\...\Excel Password Recovery Master_is1) (Version:  - )

Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden

FMW 1 (Version: 1.32.2 - AVG Technologies) Hidden

Genie Timeline (HKLM-x32\...\Genie Timeline) (Version: 3.0 - Genie9)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.86 - Google Inc.)

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden

GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden

Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden

HP Documentation (HKLM-x32\...\{DE15C5EC-7C30-44BF-ACEB-03960FC5601D}) (Version: 1.1.1.0 - Hewlett-Packard)

HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)

HP Launch Box (HKLM\...\{5A847522-375C-4D05-BD3D-88C450CC047F}) (Version: 1.1.5 - Hewlett-Packard Company)

HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)

HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)

HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B (HKLM\...\{B61ED343-0B14-4241-999C-490CB1A20DA4}) (Version: 13.0 - HP)

HP Setup (HKLM-x32\...\{5036764A-435D-40C9-869C-31085A3D741D}) (Version: 8.7.4751.3798 - Hewlett-Packard Company)

HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13476.3753 - Hewlett-Packard Company)

HP Software Framework (HKLM-x32\...\{675D093B-815D-47FD-AB2C-192EC751E8E2}) (Version: 4.6.10.1 - Hewlett-Packard Company)

HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)

HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.1.40.3 - Hewlett-Packard Company)

HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.0.30.219 - Hewlett-Packard Company)

HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)

HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden

HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden

HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden

HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden

HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden

IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6365.0 - IDT)

InstallConverter (HKLM-x32\...\InstallConverter) (Version: 1.0 - InstallConverter)

Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)

Intel® Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2372 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.5.0.1026 - Intel Corporation)

IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC)

iTunes (HKLM\...\{E690A491-702F-4DEC-9977-C015D1DBB57C}) (Version: 12.3.1.23 - Apple Inc.)

Java 6 Update 37 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216035FF}) (Version: 6.0.370 - Oracle)

Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

LaCie Desktop Manager 2.3.0 (HKLM-x32\...\{3845209F-142E-4F48-B61A-AA34D2DB54BB}_is1) (Version: 2.3.0 - LaCie)

Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)

Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)

Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)

Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)

Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft SQL Server Compact 3.5 SP1 English (HKLM-x32\...\{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}) (Version: 3.5.5692.0 - Microsoft Corporation)

Microsoft SQL Server Compact 3.5 SP1 x64 English (HKLM\...\{F83779DF-E1F5-43A2-A7BE-732F856FADB7}) (Version: 3.5.5692.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)

MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)

MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)

NETGEAR WNDA3200 wireless adapter Setup (HKLM-x32\...\{9B02F55E-7E6B-4226-8E67-76514D33FD41}_is1) (Version: 1.0.0.11 - NETGEAR)

Network64 (Version: 130.0.572.000 - Hewlett-Packard) Hidden

Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden

OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)

Opera 12.16 (HKLM-x32\...\Opera 12.16.1860) (Version: 12.16.1860 - Opera Software ASA)

QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)

Ralink RT5390 802.11b/g/n WiFi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 3.2.13.0 - Ralink)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)

Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.85 - Realtek Semiconductor Corp.)

Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) Hidden

Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden

Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)

SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden

Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden

Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.11.0 - Synaptics Incorporated)

Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden

TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden

UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden

Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)

Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden

USB Storage Driver (HKLM-x32\...\GENEUIDE) (Version:  - )

VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden

VIP Access SDK (1.0.1.2)  (HKLM-x32\...\VIP Access SDK) (Version: 1.0.1.2 - Symantec Inc.)

Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)

Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)

Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)

Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)

WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden

Winamp (HKLM-x32\...\Winamp) (Version: 5.623  - Nullsoft, Inc)

Winamp Detector Plug-in (HKU\S-1-5-21-790991912-2550835033-3860445865-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)

Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

WinRAR 4.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)

ZTE_1.2059.0.8 (HKLM-x32\...\ZTE_1.2059.0.8) (Version:  - )

 

==================== Custom CLSID (Whitelisted): ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Link to post
Share on other sites
cwallremove

cwallremove

Posted
  • Author
Posted
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:23-11-2015

Ran by HD (administrator) on HD-HP (25-11-2015 13:54:07)

Running from C:\Users\HD\Downloads

Loaded Profiles: HD (Available Profiles: HD)

Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)

Internet Explorer Version 10 (Default browser: IE)

Boot Mode: Normal


 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe

() C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe

(Trend Micro Inc.) C:\Program Files (x86)\AntiRansomware2.0\ARService.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagent.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe

(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe

(Genie9) C:\Program Files\Genie9\Genie Timeline\GenieTimelineService.exe

(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe

(LaCie) C:\Program Files (x86)\LaCie\LaCie Desktop Manager\LaCie Desktop Manager.exe