Jump to content

pup.optional.winyahoo removed?


Suiken

Recommended Posts

hi I clicked a suspicious link...it was something   "mark of bravery megaman.exe sfxxxxxxxxxxx.swf"   I either got it from there or my roommate googled some nsfw pics and followed the link then got it. Anyways afterwards when i browse internet it's really slow, pc was really slow, mouse kept stopping and pausing. When I open up a link the cpu useage goese to 90%, and ram is mostly used up.  So I was busy for 4 days until I used malwarebyes to scan for malware, well actually it was 3rd of 4th day when I have more free time to mess with pc then found pc was really slow. Then malwarebyte found pup.optional.winyahoo and quarantined it, and then I deleted it.  I checked in control panel's remove program and nothing like that was there or anything suspicious. It's been 1.5 days and everything seems fine. pc runs ok not slow, ram doesn't get used up a lot. updated and ran malwarebytes in threat scan, hyper scan and custom scan and didn't find anything. scanned with nod32 didn't find anything. So am I good? or it's hiding, I googled and few links said it's hard to get rid of it so I was wondering the next step to check to make sure I got rid of it completely.

 

oh when I have problem with pc, the scheduled scan from malwarebytes won't complete, froze at pre-scanning.  tried to close down malwarebytes in task manger but can't, rebooted then finally  was able to scan then found pup.optional.winyahoo. then everything seems fine now.  so am I all good? or need to look into it more to make sure it's gone? I need to do some banking on this desktop and other stuff. please help asap thanks so much!

Link to post
Share on other sites

Hello and welcome to Malwarebytes,

Please be aware the following P2P/Piracy Warning is a standard opening reply made here at Malwarebytes, we make no accusations but do make you aware of Forum Protocol....

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.


Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good...

Please open Malwarebytes Anti-Malware.

  • On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
  • Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • With some infections, you may or may not see this message box.

            'Could not load DDA driver'
  • Click 'Yes' to this message, to allow the driver to load after a restart.
  • Allow the computer to restart. Continue with the rest of these instructions.
  • When the scan is complete, click Apply Actions.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.



To get the log from Malwarebytes do the following:

  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have three options:

      Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
      Text file (*.txt)        - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
      XML file (*.xml)      - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…




If Malwarebytes is not installed follow these instructions first:

Download Malwarebytes Anti-Malware to your desktop.

  • Double-click mbam-setup and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish. Follow the instructions above....


Next,

Download AdwCleaner by Xplode onto your Desktop.

  • Double click on Adwcleaner.exe to run the tool.
  • Click on the Scan in the Actions box
  • Please wait fot the scan to finish..
  • When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
  • Click on the Cleaning box.
  • Next click OK on the "Closing Programs" pop up box.
  • Click OK on the Information box & again OK to allow the necessary reboot
  • After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...



Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


  • Double-click to run it. When the tool opens click Yes to disclaimer.
    (Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make logs named (Addition.txt) and Shortcut.txt Please attach those logs to your reply.

 

Next,

 

Please download RogueKiller and save it to your desktop from the following link: http://www.bleepingcomputer.com/download/roguekiller/

  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8/8.1/10, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes select "Report",in the next window select "Export txt" the log will open as a text file post that log... Also save to your Desktop for reference. log will open.
  • Close the program > Don't Fix anything!



Let me see those logs in your next reply...

Thank you,

Kevin...

Link to post
Share on other sites

Thanks Kevin here we go:

 

 

 

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 01/12/2016
Scan Time: 6:36 PM
Logfile:
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2016.01.13.01
Rootkit Database: v2016.01.09.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Enabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Dave

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 389757
Time Elapsed: 7 min, 28 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)










# AdwCleaner v5.029 - Logfile created 12/01/2016 at 18:14:36
# Updated 11/01/2016 by Xplode
# Database : 2016-01-12.1 [server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x64)
# Username : Dave - DAVE-PC
# Running from : H:\newsbindownload\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Users\Dave\AppData\Local\YSearchUtil
[-] Folder Deleted : C:\Users\Dave\AppData\Roaming\BabSolution
[-] Folder Deleted : C:\Windows\SysWOW64\config\systemprofile\AppData\Local\YSearchUtil

***** [ Files ] *****

[-] File Deleted : C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-

extension_lfmhcpmkbdkbgbmkjoiopeeegenkdikp_0.localstorage

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
[-] Key Deleted : HKLM\SOFTWARE\Classes\S
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD}
[-] Key Deleted : HKLM\SOFTWARE\Babylon

***** [ Web browsers ] *****

[-] [C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\9ep3jubf.default\prefs.js] [Preference] Deleted : user_pref

("browser.search.order.1", "Search the web (Babylon)");
[-] [C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\9ep3jubf.default\prefs.js] [Preference] Deleted : user_pref

("urlclassifier.keyupdatetime.hxxps://sb-ssl.google.com/safebrowsing/newkey", 1401420566);

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1733 bytes] ##########











Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-01-2015 01
Ran by Dave (administrator) on DAVE-PC (12-01-2016 18:51:08)
Running from C:\Users\Dave\Desktop
Loaded Profiles: Dave & UpdatusUser (Available Profiles: Dave & UpdatusUser)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(SANDBOXIE L.T.D) C:\Program Files\Sandboxie\SbieSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Realtime Soft Ltd) C:\Program Files\UltraMon\UltraMon.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Realtime Soft Ltd) C:\Program Files\UltraMon\UltraMonTaskbar.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(proXPN.com) C:\Program Files (x86)\proXPN\bin\proxpn.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
() C:\Program Files (x86)\SABnzbd\SABnzbd.exe
(mIRC Co. Ltd.) C:\Program Files (x86)\mIRCNEW\mirc.exe
(Realtime Soft Ltd) C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe
(Realtime Soft Ltd) C:\Program Files\UltraMon\UltraMonUiAcc.exe
(Realtime Soft Ltd) C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [1923640 2009-10-06] (ESET)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12681320 2011-08-26] (Realtek Semiconductor)
HKLM\...\Run: [intelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems

Incorporated)
HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01]

(Intel Corporation)
HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

[291648 2012-05-20] (Intel Corporation)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5263504 2012-08-09] (VIA)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-

Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle

Corporation)
HKU\S-1-5-21-1881341424-2202409537-1386783955-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe

[3671872 2012-04-17] (DT Soft Ltd)
HKU\S-1-5-21-1881341424-2202409537-1386783955-1000\...\Run: [iSUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield

\UpdateService\ISUSPM.exe [221184 2005-02-16] (InstallShield Software Corporation)
HKU\S-1-5-21-1881341424-2202409537-1386783955-1000\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro

8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-1881341424-2202409537-1386783955-1000\...\MountPoints2: D - D:\setup.exe
HKU\S-1-5-21-1881341424-2202409537-1386783955-1000\...\MountPoints2: {e534f00f-8198-11e2-831f-806e6f6e6963} - D:\Run.exe
HKU\S-1-5-21-1881341424-2202409537-1386783955-1000\...\MountPoints2: {e61354d6-818b-11e2-9b46-806e6f6e6963} - D:\Run.exe
HKU\S-1-5-21-1881341424-2202409537-1386783955-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\UltraMon.scr [303616 2010-02-13]

(Realtime Soft Ltd)
AppInit_DLLs: C:\PROGRA~2\Amazon\AMAZON~1\AMAZON~2.DLL => C:\Program Files (x86)\Amazon\Amazon1ButtonApp\AmazonExtIE64.dll [119616

2014-09-26] (Amazon Inc.)
AppInit_DLLs-x32: C:\PROGRA~2\Amazon\AMAZON~1\AMAZON~3.DLL => C:\Program Files (x86)\Amazon\Amazon1ButtonApp\AmazonExtIE.dll [106304

2014-09-26] (Amazon Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2012-02-20]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UltraMon.lnk [2012-02-20]
ShortcutTarget: UltraMon.lnk -> C:\Windows\Installer\{B49673F8-7AB6-4A14-8213-C8A7BE370010}\IcoUltraMon.ico ()
Startup: C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8600

(Network).lnk [2016-01-12]
ShortcutTarget: Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin

\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{0C5D1C82-FB0B-45E2-A1B6-EAFAB6AB7C8B}: [DhcpNameServer] 8.8.8.8 4.2.2.1
Tcpip\..\Interfaces\{D929382D-ED1A-44AF-A3C9-5A6C7DF439DA}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{F13E058B-FB70-4C96-910D-069FA53C121B}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-1881341424-2202409537-1386783955-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?

fr=yset_ie_syc_oracle&type=orcl_hpset
SearchScopes: HKU\S-1-5-21-1881341424-2202409537-1386783955-1000 -> {01FE47A2-74B9-453C-84C3-BEB16CA8CFF5} URL =

hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows

Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll

[2016-01-06] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft

Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin

\jp2ssv.dll [2016-01-06] (Oracle Corporation)
IE Session Restore: HKU\S-1-5-21-1881341424-2202409537-1386783955-1000 -> is enabled.
DPF: HKLM-x32 {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} hxxp://download.gigabyte.com.tw/object/Dldrv.ocx
DPF: HKLM-x32 {217A3DCF-D19B-4054-810A-FA8EABCA6268} hxxps://ebank.bot.com.tw/NNBank/NN/BOTATM.cab
DPF: HKLM-x32 {2B38E40E-977D-4767-919C-2AA29C041618} hxxps://ebank.bot.com.tw/NNBank/NN/FCards.CAB
DPF: HKLM-x32 {3C073A4B-B1D2-4A7B-B970-7F1277D74FB0} hxxps://www.chb.com.tw/wcm/extFunc/Security/CHBCertificateDBClientCOM.cab
DPF: HKLM-x32 {8E1D16E3-37B1-48B8-862E-9D646FC0C8FF} hxxps://ebank.taipeifubon.com.tw/ibank/component/ICCard/TFBWebATM.cab
DPF: HKLM-x32 {B503D409-763E-4351-BFF7-61347B7F7775} hxxps://www.chb.com.tw/wcm/extFunc/Security/CHBXMLSignatureClientCOM.cab
DPF: HKLM-x32 {C0F4471E-DF4F-4D02-9D2D-CF33B0724A1C} hxxps://webatm.post.gov.tw/postatm/TRUSTATMPOST5.cab
DPF: HKLM-x32 {E7891ABB-8ACA-4AD3-AE94-8AA7BC3D9BBB} hxxps://cloudicweb.nhi.gov.tw/cloudic/system/SMC/NHIICC.cab

FireFox:
========
FF ProfilePath: C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\9ep3jubf.default
FF NewTab:
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Homepage: www.google.com/ncr
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2016-01-06] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft

Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2016-01-06] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2012-02-03] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine

Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT

\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @IPCWebComponents -> C:\Program Files (x86)\IPCWebComponents\npIPCReg.dll [2014-04-07] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2016-01-

06] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2016-01-06]

(Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] (

Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-10-22] (NVIDIA

Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-10-22]

(NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12

-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12

-02] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-08-03] (Adobe Systems Inc.)
FF Extension: NoScript - C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\9ep3jubf.default\extensions\{73a6fe31-595d-460b-a920-

fcc0f8843232}.xpi [2016-01-09]
FF Extension: FlashStopper - C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\9ep3jubf.default\Extensions

\flashstopper@byo.co.il.xpi [2015-12-30]
FF Extension: npIpcam - C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\9ep3jubf.default\Extensions\npapi@n.com [2014-11-14]

[not signed]
FF Extension: Session Manager - C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\9ep3jubf.default\Extensions\{1280606b-2510-4fe0

-97ef-9b5a22eafe30}.xpi [2015-10-30]
FF Extension: Video DownloadHelper - C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\9ep3jubf.default\Extensions\{b9db16a4-

6edc-47ec-a1f4-b86292ed211d}.xpi [2015-10-29]
FF Extension: Adblock Plus - C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\9ep3jubf.default\Extensions\{d10d0bf8-f5b5-c8b4-

a8b2-2b9879e08c5d}.xpi [2015-12-17]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=orcl_default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\pdf.dll => No File
CHR Plugin: (Babylon ToolBar) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions

\dhkplhfnhceodhffomolpfigojocbpcb\1.8_0\BabylonChromeToolBar.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll => No File
CHR Plugin: (Java Platform SE 7 U2) - C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll => No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll => No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll => No File
CHR Profile: C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions

\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-23]
CHR HKLM-x32\...\Chrome\Extension: [aaffhmecfaelkngcbnfdkcckmillnoki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
S3 EhttpSrv; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [23296 2009-10-06] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [472280 2009-10-06] (ESET)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-19] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-19] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision

Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-24] (Intel

Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [123664 2012-08-25] (SANDBOXIE L.T.D)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27792 2012-08-02] (VIA Technologies, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21616 2011-11-01] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-05-05] (DT Soft Ltd)
R2 eamon; C:\Windows\System32\DRIVERS\eamon.sys [44944 2009-10-06] (ESET)
R1 easdrv; C:\Windows\System32\DRIVERS\easdrv.sys [54232 2009-10-06] (ESET)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 epfwtdir; C:\Windows\System32\DRIVERS\epfwtdir.sys [38776 2009-10-06] ()
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [110744 2012-07-19] (Qualcomm Atheros Co., Ltd.)
S3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [66800 2013-01-17] (Logitech Inc.)
S3 LGSUsbFilt; C:\Windows\System32\DRIVERS\LGSUsbFilt.Sys [44272 2013-01-17] (Logitech Inc.)
R2 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [109272 2015-10-05] (Malwarebytes)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-01-12] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [202632 2012-08-25] (SANDBOXIE L.T.D)
S3 whfltr2k; C:\Windows\System32\DRIVERS\whfltr2k.sys [10368 2009-09-16] () [File not signed]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-12 18:51 - 2016-01-12 18:51 - 00021548 _____ C:\Users\Dave\Desktop\FRST.txt
2016-01-12 18:50 - 2016-01-12 18:51 - 00000000 ____D C:\FRST
2016-01-12 18:44 - 2016-01-12 18:44 - 02370560 _____ (Farbar) C:\Users\Dave\Desktop\FRST64.exe
2016-01-12 18:29 - 2016-01-12 18:49 - 00002881 _____ C:\Users\Dave\Desktop\AdwCleaner[C1].txt
2016-01-12 18:02 - 2016-01-12 18:14 - 00000000 ____D C:\AdwCleaner
2016-01-06 15:40 - 2016-01-09 23:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-12 18:50 - 2009-07-13 19:20 - 00000000 ____D C:\Windows
2016-01-12 18:45 - 2012-10-22 09:27 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-01-12 18:36 - 2014-11-29 23:26 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-01-12 18:26 - 2009-07-13 20:45 - 00014192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-

8115-601632D005A0
2016-01-12 18:26 - 2009-07-13 20:45 - 00014192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-

8115-601632D005A0
2016-01-12 18:21 - 2012-05-07 01:18 - 00408242 _____ C:\Windows\system32\prfh0404.dat
2016-01-12 18:21 - 2012-05-07 01:18 - 00120118 _____ C:\Windows\system32\prfc0404.dat
2016-01-12 18:21 - 2009-07-13 21:13 - 01297798 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-12 18:21 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf
2016-01-12 18:20 - 2012-02-17 23:14 - 00000000 ____D C:\Users\Dave\AppData\Roaming\mIRC
2016-01-12 18:15 - 2012-10-22 09:27 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-12 18:15 - 2012-09-03 21:32 - 00003136 _____ C:\Windows\System32\Tasks\proXPN
2016-01-12 18:15 - 2012-02-19 23:38 - 00000000 ____D C:\ProgramData\NVIDIA
2016-01-12 18:15 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-12 17:54 - 2012-10-22 09:27 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-12 16:29 - 2015-05-06 12:01 - 00000000 ____D C:\Users\Dave\AppData\Local\CrashDumps
2016-01-11 22:57 - 2012-02-19 16:16 - 00003918 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{62E49310-AB67-44AF-A02E-

ABDB8D2F8EB6}
2016-01-11 08:06 - 2012-02-18 17:20 - 00000000 ____D C:\ProgramData\PMS
2016-01-09 23:12 - 2012-09-01 14:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-06 16:25 - 2012-02-18 13:59 - 00000000 ____D C:\Users\Dave\AppData\Roaming\vlc
2016-01-06 14:05 - 2012-10-22 09:27 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-01-06 14:05 - 2012-10-13 10:38 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-01-06 14:05 - 2012-02-17 21:24 - 00000000 ____D C:\Users\Dave\AppData\Local\Adobe
2016-01-06 14:05 - 2012-02-17 14:21 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-06 14:00 - 2014-02-27 23:11 - 00000000 ____D C:\ProgramData\Oracle
2016-01-06 13:59 - 2013-06-27 23:41 - 00000000 ____D C:\Program Files (x86)\Java
2016-01-06 13:58 - 2015-09-11 00:42 - 00000000 ____D C:\Users\Dave\.oracle_jre_usage
2016-01-06 13:58 - 2014-06-27 12:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-01-06 13:57 - 2014-02-27 23:11 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-01-06 13:47 - 2012-02-18 15:06 - 00000000 ____D C:\sab temp
2015-12-31 06:38 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2015-12-24 15:59 - 2012-03-02 23:15 - 00000000 ____D C:\Users\Dave\AppData\Local\QuickPar
2015-12-22 18:07 - 2012-02-18 17:52 - 00000000 ____D C:\Users\Dave\.dvdcss
2015-12-21 02:07 - 2012-05-12 14:21 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-12-21 02:07 - 2012-05-12 14:21 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-12-21 02:07 - 2009-07-13 20:45 - 00290112 _____ C:\Windows\system32\FNTCACHE.DAT
2015-12-21 02:06 - 2015-04-05 18:30 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-12-21 02:06 - 2015-04-05 18:30 - 00000000 ___SD C:\Windows\system32\GWX
2015-12-21 02:03 - 2014-11-13 22:31 - 00000000 ____D C:\Users\Dave\AppData\Local\ElevatedDiagnostics
2015-12-21 01:55 - 2012-05-12 14:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-12-21 01:53 - 2013-07-17 09:38 - 00000000 ____D C:\Windows\system32\MRT
2015-12-21 01:44 - 2012-02-18 08:04 - 140158008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-12-16 15:56 - 2012-10-22 09:27 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk

==================== Files in the root of some directories =======

2012-09-09 05:07 - 2013-03-26 19:25 - 0000000 _____ () C:\Users\Dave\AppData\Local\ars.cache
2012-09-09 05:07 - 2013-03-26 19:31 - 8511857 _____ () C:\Users\Dave\AppData\Local\census.cache
2012-06-17 14:07 - 2012-06-17 14:07 - 0003584 _____ () C:\Users\Dave\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-09-09 04:59 - 2012-09-09 04:59 - 0000036 _____ () C:\Users\Dave\AppData\Local\housecall.guid.cache
2012-02-20 17:16 - 2015-08-22 18:20 - 0007657 _____ () C:\Users\Dave\AppData\Local\Resmon.ResmonCfg
2014-03-19 20:40 - 2014-03-19 20:40 - 0000057 _____ () C:\ProgramData\Ament.ini
2012-02-20 13:39 - 2012-02-20 14:06 - 0001758 _____ () C:\ProgramData\hpzinstall.log

Some files in TEMP:
====================
C:\Users\Dave\AppData\Local\Temp\jna118727098533509398.dll
C:\Users\Dave\AppData\Local\Temp\jna1589930572578500811.dll
C:\Users\Dave\AppData\Local\Temp\jna3187541447983473811.dll
C:\Users\Dave\AppData\Local\Temp\jna333332388614025625.dll
C:\Users\Dave\AppData\Local\Temp\jna356685692011650139.dll
C:\Users\Dave\AppData\Local\Temp\jna4025693111825373184.dll
C:\Users\Dave\AppData\Local\Temp\jna4102299264529323874.dll
C:\Users\Dave\AppData\Local\Temp\jna4276629993214637727.dll
C:\Users\Dave\AppData\Local\Temp\jna4511658727503454305.dll
C:\Users\Dave\AppData\Local\Temp\jna4608759306475932152.dll
C:\Users\Dave\AppData\Local\Temp\jna4731034324341881742.dll
C:\Users\Dave\AppData\Local\Temp\jna4874504205248951956.dll
C:\Users\Dave\AppData\Local\Temp\jna5708075752512086671.dll
C:\Users\Dave\AppData\Local\Temp\jna5781956366249277123.dll
C:\Users\Dave\AppData\Local\Temp\jna6007184821297905081.dll
C:\Users\Dave\AppData\Local\Temp\jna6116372051156977605.dll
C:\Users\Dave\AppData\Local\Temp\jna6910887011821193176.dll
C:\Users\Dave\AppData\Local\Temp\jna6999620930751629773.dll
C:\Users\Dave\AppData\Local\Temp\jna706907338789194806.dll
C:\Users\Dave\AppData\Local\Temp\jna7119260058251563003.dll
C:\Users\Dave\AppData\Local\Temp\jna7128518335820516098.dll
C:\Users\Dave\AppData\Local\Temp\jna740643306810254178.dll
C:\Users\Dave\AppData\Local\Temp\jna8167089414912295653.dll
C:\Users\Dave\AppData\Local\Temp\jna8370115515445004220.dll
C:\Users\Dave\AppData\Local\Temp\jna8438758796511080789.dll
C:\Users\Dave\AppData\Local\Temp\jre-8u66-windows-au.exe
C:\Users\Dave\AppData\Local\Temp\KMP_4.0.3.1.exe
C:\Users\Dave\AppData\Local\Temp\sqlite3.dll
C:\Users\Dave\AppData\Local\Temp\ytb.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-10 00:27

==================== End of FRST.txt ============================






















Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-01-2015 01
Ran by Dave (administrator) on DAVE-PC (12-01-2016 18:51:08)
Running from C:\Users\Dave\Desktop
Loaded Profiles: Dave & UpdatusUser (Available Profiles: Dave & UpdatusUser)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(SANDBOXIE L.T.D) C:\Program Files\Sandboxie\SbieSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Realtime Soft Ltd) C:\Program Files\UltraMon\UltraMon.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Realtime Soft Ltd) C:\Program Files\UltraMon\UltraMonTaskbar.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(proXPN.com) C:\Program Files (x86)\proXPN\bin\proxpn.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
() C:\Program Files (x86)\SABnzbd\SABnzbd.exe
(mIRC Co. Ltd.) C:\Program Files (x86)\mIRCNEW\mirc.exe
(Realtime Soft Ltd) C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe
(Realtime Soft Ltd) C:\Program Files\UltraMon\UltraMonUiAcc.exe
(Realtime Soft Ltd) C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [1923640 2009-10-06] (ESET)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12681320 2011-08-26] (Realtek Semiconductor)
HKLM\...\Run: [intelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems

Incorporated)
HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01]

(Intel Corporation)
HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

[291648 2012-05-20] (Intel Corporation)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5263504 2012-08-09] (VIA)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-

Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle

Corporation)
HKU\S-1-5-21-1881341424-2202409537-1386783955-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe

[3671872 2012-04-17] (DT Soft Ltd)
HKU\S-1-5-21-1881341424-2202409537-1386783955-1000\...\Run: [iSUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield

\UpdateService\ISUSPM.exe [221184 2005-02-16] (InstallShield Software Corporation)
HKU\S-1-5-21-1881341424-2202409537-1386783955-1000\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro

8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-1881341424-2202409537-1386783955-1000\...\MountPoints2: D - D:\setup.exe
HKU\S-1-5-21-1881341424-2202409537-1386783955-1000\...\MountPoints2: {e534f00f-8198-11e2-831f-806e6f6e6963} - D:\Run.exe
HKU\S-1-5-21-1881341424-2202409537-1386783955-1000\...\MountPoints2: {e61354d6-818b-11e2-9b46-806e6f6e6963} - D:\Run.exe
HKU\S-1-5-21-1881341424-2202409537-1386783955-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\UltraMon.scr [303616 2010-02-13]

(Realtime Soft Ltd)
AppInit_DLLs: C:\PROGRA~2\Amazon\AMAZON~1\AMAZON~2.DLL => C:\Program Files (x86)\Amazon\Amazon1ButtonApp\AmazonExtIE64.dll [119616

2014-09-26] (Amazon Inc.)
AppInit_DLLs-x32: C:\PROGRA~2\Amazon\AMAZON~1\AMAZON~3.DLL => C:\Program Files (x86)\Amazon\Amazon1ButtonApp\AmazonExtIE.dll [106304

2014-09-26] (Amazon Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2012-02-20]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UltraMon.lnk [2012-02-20]
ShortcutTarget: UltraMon.lnk -> C:\Windows\Installer\{B49673F8-7AB6-4A14-8213-C8A7BE370010}\IcoUltraMon.ico ()
Startup: C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8600

(Network).lnk [2016-01-12]
ShortcutTarget: Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin

\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{0C5D1C82-FB0B-45E2-A1B6-EAFAB6AB7C8B}: [DhcpNameServer] 8.8.8.8 4.2.2.1
Tcpip\..\Interfaces\{D929382D-ED1A-44AF-A3C9-5A6C7DF439DA}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{F13E058B-FB70-4C96-910D-069FA53C121B}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-1881341424-2202409537-1386783955-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?

fr=yset_ie_syc_oracle&type=orcl_hpset
SearchScopes: HKU\S-1-5-21-1881341424-2202409537-1386783955-1000 -> {01FE47A2-74B9-453C-84C3-BEB16CA8CFF5} URL =

hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows

Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll

[2016-01-06] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft

Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin

\jp2ssv.dll [2016-01-06] (Oracle Corporation)
IE Session Restore: HKU\S-1-5-21-1881341424-2202409537-1386783955-1000 -> is enabled.
DPF: HKLM-x32 {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} hxxp://download.gigabyte.com.tw/object/Dldrv.ocx
DPF: HKLM-x32 {217A3DCF-D19B-4054-810A-FA8EABCA6268} hxxps://ebank.bot.com.tw/NNBank/NN/BOTATM.cab
DPF: HKLM-x32 {2B38E40E-977D-4767-919C-2AA29C041618} hxxps://ebank.bot.com.tw/NNBank/NN/FCards.CAB
DPF: HKLM-x32 {3C073A4B-B1D2-4A7B-B970-7F1277D74FB0} hxxps://www.chb.com.tw/wcm/extFunc/Security/CHBCertificateDBClientCOM.cab
DPF: HKLM-x32 {8E1D16E3-37B1-48B8-862E-9D646FC0C8FF} hxxps://ebank.taipeifubon.com.tw/ibank/component/ICCard/TFBWebATM.cab
DPF: HKLM-x32 {B503D409-763E-4351-BFF7-61347B7F7775} hxxps://www.chb.com.tw/wcm/extFunc/Security/CHBXMLSignatureClientCOM.cab
DPF: HKLM-x32 {C0F4471E-DF4F-4D02-9D2D-CF33B0724A1C} hxxps://webatm.post.gov.tw/postatm/TRUSTATMPOST5.cab
DPF: HKLM-x32 {E7891ABB-8ACA-4AD3-AE94-8AA7BC3D9BBB} hxxps://cloudicweb.nhi.gov.tw/cloudic/system/SMC/NHIICC.cab

FireFox:
========
FF ProfilePath: C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\9ep3jubf.default
FF NewTab:
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Homepage: www.google.com/ncr
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2016-01-06] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft

Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2016-01-06] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2012-02-03] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine

Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT

\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @IPCWebComponents -> C:\Program Files (x86)\IPCWebComponents\npIPCReg.dll [2014-04-07] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2016-01-

06] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2016-01-06]

(Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] (

Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-10-22] (NVIDIA

Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-10-22]

(NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12

-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12

-02] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-08-03] (Adobe Systems Inc.)
FF Extension: NoScript - C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\9ep3jubf.default\extensions\{73a6fe31-595d-460b-a920-

fcc0f8843232}.xpi [2016-01-09]
FF Extension: FlashStopper - C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\9ep3jubf.default\Extensions

\flashstopper@byo.co.il.xpi [2015-12-30]
FF Extension: npIpcam - C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\9ep3jubf.default\Extensions\npapi@n.com [2014-11-14]

[not signed]
FF Extension: Session Manager - C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\9ep3jubf.default\Extensions\{1280606b-2510-4fe0

-97ef-9b5a22eafe30}.xpi [2015-10-30]
FF Extension: Video DownloadHelper - C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\9ep3jubf.default\Extensions\{b9db16a4-

6edc-47ec-a1f4-b86292ed211d}.xpi [2015-10-29]
FF Extension: Adblock Plus - C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\9ep3jubf.default\Extensions\{d10d0bf8-f5b5-c8b4-

a8b2-2b9879e08c5d}.xpi [2015-12-17]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=orcl_default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\pdf.dll => No File
CHR Plugin: (Babylon ToolBar) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions

\dhkplhfnhceodhffomolpfigojocbpcb\1.8_0\BabylonChromeToolBar.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll => No File
CHR Plugin: (Java Platform SE 7 U2) - C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll => No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll => No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll => No File
CHR Profile: C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions

\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-23]
CHR HKLM-x32\...\Chrome\Extension: [aaffhmecfaelkngcbnfdkcckmillnoki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
S3 EhttpSrv; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [23296 2009-10-06] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [472280 2009-10-06] (ESET)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-19] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-19] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision

Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-24] (Intel

Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [123664 2012-08-25] (SANDBOXIE L.T.D)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27792 2012-08-02] (VIA Technologies, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21616 2011-11-01] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-05-05] (DT Soft Ltd)
R2 eamon; C:\Windows\System32\DRIVERS\eamon.sys [44944 2009-10-06] (ESET)
R1 easdrv; C:\Windows\System32\DRIVERS\easdrv.sys [54232 2009-10-06] (ESET)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 epfwtdir; C:\Windows\System32\DRIVERS\epfwtdir.sys [38776 2009-10-06] ()
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [110744 2012-07-19] (Qualcomm Atheros Co., Ltd.)
S3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [66800 2013-01-17] (Logitech Inc.)
S3 LGSUsbFilt; C:\Windows\System32\DRIVERS\LGSUsbFilt.Sys [44272 2013-01-17] (Logitech Inc.)
R2 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [109272 2015-10-05] (Malwarebytes)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-01-12] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [202632 2012-08-25] (SANDBOXIE L.T.D)
S3 whfltr2k; C:\Windows\System32\DRIVERS\whfltr2k.sys [10368 2009-09-16] () [File not signed]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-12 18:51 - 2016-01-12 18:51 - 00021548 _____ C:\Users\Dave\Desktop\FRST.txt
2016-01-12 18:50 - 2016-01-12 18:51 - 00000000 ____D C:\FRST
2016-01-12 18:44 - 2016-01-12 18:44 - 02370560 _____ (Farbar) C:\Users\Dave\Desktop\FRST64.exe
2016-01-12 18:29 - 2016-01-12 18:49 - 00002881 _____ C:\Users\Dave\Desktop\AdwCleaner[C1].txt
2016-01-12 18:02 - 2016-01-12 18:14 - 00000000 ____D C:\AdwCleaner
2016-01-06 15:40 - 2016-01-09 23:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-12 18:50 - 2009-07-13 19:20 - 00000000 ____D C:\Windows
2016-01-12 18:45 - 2012-10-22 09:27 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-01-12 18:36 - 2014-11-29 23:26 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-01-12 18:26 - 2009-07-13 20:45 - 00014192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-

8115-601632D005A0
2016-01-12 18:26 - 2009-07-13 20:45 - 00014192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-

8115-601632D005A0
2016-01-12 18:21 - 2012-05-07 01:18 - 00408242 _____ C:\Windows\system32\prfh0404.dat
2016-01-12 18:21 - 2012-05-07 01:18 - 00120118 _____ C:\Windows\system32\prfc0404.dat
2016-01-12 18:21 - 2009-07-13 21:13 - 01297798 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-12 18:21 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf
2016-01-12 18:20 - 2012-02-17 23:14 - 00000000 ____D C:\Users\Dave\AppData\Roaming\mIRC
2016-01-12 18:15 - 2012-10-22 09:27 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-12 18:15 - 2012-09-03 21:32 - 00003136 _____ C:\Windows\System32\Tasks\proXPN
2016-01-12 18:15 - 2012-02-19 23:38 - 00000000 ____D C:\ProgramData\NVIDIA
2016-01-12 18:15 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-12 17:54 - 2012-10-22 09:27 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-12 16:29 - 2015-05-06 12:01 - 00000000 ____D C:\Users\Dave\AppData\Local\CrashDumps
2016-01-11 22:57 - 2012-02-19 16:16 - 00003918 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{62E49310-AB67-44AF-A02E-

ABDB8D2F8EB6}
2016-01-11 08:06 - 2012-02-18 17:20 - 00000000 ____D C:\ProgramData\PMS
2016-01-09 23:12 - 2012-09-01 14:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-06 16:25 - 2012-02-18 13:59 - 00000000 ____D C:\Users\Dave\AppData\Roaming\vlc
2016-01-06 14:05 - 2012-10-22 09:27 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-01-06 14:05 - 2012-10-13 10:38 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-01-06 14:05 - 2012-02-17 21:24 - 00000000 ____D C:\Users\Dave\AppData\Local\Adobe
2016-01-06 14:05 - 2012-02-17 14:21 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-06 14:00 - 2014-02-27 23:11 - 00000000 ____D C:\ProgramData\Oracle
2016-01-06 13:59 - 2013-06-27 23:41 - 00000000 ____D C:\Program Files (x86)\Java
2016-01-06 13:58 - 2015-09-11 00:42 - 00000000 ____D C:\Users\Dave\.oracle_jre_usage
2016-01-06 13:58 - 2014-06-27 12:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-01-06 13:57 - 2014-02-27 23:11 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-01-06 13:47 - 2012-02-18 15:06 - 00000000 ____D C:\sab temp
2015-12-31 06:38 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2015-12-24 15:59 - 2012-03-02 23:15 - 00000000 ____D C:\Users\Dave\AppData\Local\QuickPar
2015-12-22 18:07 - 2012-02-18 17:52 - 00000000 ____D C:\Users\Dave\.dvdcss
2015-12-21 02:07 - 2012-05-12 14:21 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-12-21 02:07 - 2012-05-12 14:21 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-12-21 02:07 - 2009-07-13 20:45 - 00290112 _____ C:\Windows\system32\FNTCACHE.DAT
2015-12-21 02:06 - 2015-04-05 18:30 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-12-21 02:06 - 2015-04-05 18:30 - 00000000 ___SD C:\Windows\system32\GWX
2015-12-21 02:03 - 2014-11-13 22:31 - 00000000 ____D C:\Users\Dave\AppData\Local\ElevatedDiagnostics
2015-12-21 01:55 - 2012-05-12 14:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-12-21 01:53 - 2013-07-17 09:38 - 00000000 ____D C:\Windows\system32\MRT
2015-12-21 01:44 - 2012-02-18 08:04 - 140158008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-12-16 15:56 - 2012-10-22 09:27 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk

==================== Files in the root of some directories =======

2012-09-09 05:07 - 2013-03-26 19:25 - 0000000 _____ () C:\Users\Dave\AppData\Local\ars.cache
2012-09-09 05:07 - 2013-03-26 19:31 - 8511857 _____ () C:\Users\Dave\AppData\Local\census.cache
2012-06-17 14:07 - 2012-06-17 14:07 - 0003584 _____ () C:\Users\Dave\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-09-09 04:59 - 2012-09-09 04:59 - 0000036 _____ () C:\Users\Dave\AppData\Local\housecall.guid.cache
2012-02-20 17:16 - 2015-08-22 18:20 - 0007657 _____ () C:\Users\Dave\AppData\Local\Resmon.ResmonCfg
2014-03-19 20:40 - 2014-03-19 20:40 - 0000057 _____ () C:\ProgramData\Ament.ini
2012-02-20 13:39 - 2012-02-20 14:06 - 0001758 _____ () C:\ProgramData\hpzinstall.log

Some files in TEMP:
====================
C:\Users\Dave\AppData\Local\Temp\jna118727098533509398.dll
C:\Users\Dave\AppData\Local\Temp\jna1589930572578500811.dll
C:\Users\Dave\AppData\Local\Temp\jna3187541447983473811.dll
C:\Users\Dave\AppData\Local\Temp\jna333332388614025625.dll
C:\Users\Dave\AppData\Local\Temp\jna356685692011650139.dll
C:\Users\Dave\AppData\Local\Temp\jna4025693111825373184.dll
C:\Users\Dave\AppData\Local\Temp\jna4102299264529323874.dll
C:\Users\Dave\AppData\Local\Temp\jna4276629993214637727.dll
C:\Users\Dave\AppData\Local\Temp\jna4511658727503454305.dll
C:\Users\Dave\AppData\Local\Temp\jna4608759306475932152.dll
C:\Users\Dave\AppData\Local\Temp\jna4731034324341881742.dll
C:\Users\Dave\AppData\Local\Temp\jna4874504205248951956.dll
C:\Users\Dave\AppData\Local\Temp\jna5708075752512086671.dll
C:\Users\Dave\AppData\Local\Temp\jna5781956366249277123.dll
C:\Users\Dave\AppData\Local\Temp\jna6007184821297905081.dll
C:\Users\Dave\AppData\Local\Temp\jna6116372051156977605.dll
C:\Users\Dave\AppData\Local\Temp\jna6910887011821193176.dll
C:\Users\Dave\AppData\Local\Temp\jna6999620930751629773.dll
C:\Users\Dave\AppData\Local\Temp\jna706907338789194806.dll
C:\Users\Dave\AppData\Local\Temp\jna7119260058251563003.dll
C:\Users\Dave\AppData\Local\Temp\jna7128518335820516098.dll
C:\Users\Dave\AppData\Local\Temp\jna740643306810254178.dll
C:\Users\Dave\AppData\Local\Temp\jna8167089414912295653.dll
C:\Users\Dave\AppData\Local\Temp\jna8370115515445004220.dll
C:\Users\Dave\AppData\Local\Temp\jna8438758796511080789.dll
C:\Users\Dave\AppData\Local\Temp\jre-8u66-windows-au.exe
C:\Users\Dave\AppData\Local\Temp\KMP_4.0.3.1.exe
C:\Users\Dave\AppData\Local\Temp\sqlite3.dll
C:\Users\Dave\AppData\Local\Temp\ytb.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-10 00:27

==================== End of FRST.txt ============================







It didn't create shortcut.txt, couldn't find it.













RogueKiller V11.0.7.0 [Jan 11 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Dave [Administrator]
Started from : C:\Users\Dave\Desktop\RogueKiller.exe
Mode : Scan -- Date : 01/12/2016 19:23:48

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 0 ¤¤¤

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: OCZ-VERTEX3 +++++
--- User ---
[MBR] 73e8d8f5b942f9daf3cb6a7d5a497d19
[bSP] b32f008df662a799dd339908aab1a2f8 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 114370 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8

Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: WDC WD2002FAEX-007BA0 +++++
--- User ---
[MBR] 0086f36f0b7bc8b257f89fc226376c3d
[bSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows Vista/7/8 MBR Code
Partition table:
0 - Microsoft reserved partition | Offset (sectors): 34 | Size: 128 MB
1 - Basic data partition | Offset (sectors): 264192 | Size: 1907600 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: ST3320620AS +++++
--- User ---
[MBR] ce45321d4b10e915f18fb771e2a5fac3
[bSP] 56e92410cb459bd56a45bd54738ceb39 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 20002 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 40965750 | Size: 285232 MB
User = LL1 ... OK
User = LL2 ... OK


 

Link to post
Share on other sites

oops posted farbar twice...here is farbar additional.txt

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:10-01-2015 01
Ran by Dave (2016-01-12 18:51:29)
Running from C:\Users\Dave\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2012-02-17 21:01:52)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1881341424-2202409537-1386783955-500 - Administrator - Disabled)
Dave (S-1-5-21-1881341424-2202409537-1386783955-1000 - Administrator - Enabled) => C:\Users\Dave
Guest (S-1-5-21-1881341424-2202409537-1386783955-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1881341424-2202409537-1386783955-1002 - Limited - Enabled)
UpdatusUser (S-1-5-21-1881341424-2202409537-1386783955-1004 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET NOD32 Antivirus 3.0 (Enabled - Out of date) {CB0F8167-5331-BA19-698E-64816B6801A5}
AS: ESET NOD32 Antivirus 3.0 (Enabled - Out of date) {706E6083-750B-B597-533E-5FF310EF4B18}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3TB+Unlock B11.0919.1 (HKLM-x32\...\{17630FD1-B14A-4CA5-A627-B6B5F7DD41CF}) (Version: 1.00.0001 - GIGABYTE)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.270 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)
Adobe Reader X (10.1.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)
AIO_CDB_ProductContext (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_CDB_Software (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_Scan (x32 Version: 130.0.421.000 - Hewlett-Packard) Hidden
Amazon 1Button App (HKLM-x32\...\{3E69CC95-C0F6-4C74-8F43-74F9046F20B2}) (Version: 1.0.10 - Amazon)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
Camtasia Studio 8 (HKLM-x32\...\{1B57499B-1BEB-426A-A406-D9D004A1D2CE}) (Version: 8.5.0.1954 - TechSmith Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 3.26 - Piriform)
Chinese Traditional Fonts Support For Adobe Reader X (HKLM-x32\...\{AC76BA86-7AD7-2448-0000-A00000000003}) (Version: 10.0.0 - Adobe Systems Incorporated)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden
CPUID CPU-Z 1.59 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.45.4.0315 - DT Soft Ltd)
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
DMIView Ver.1.5 B12.0314.1 (HKLM-x32\...\{3EE1008C-11A1-4F4F-8DB7-27573924DE78}) (Version: 1.5 - GIGABYTE)
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESET NOD32 Antivirus (HKLM\...\{AF3ABDF9-AA04-4054-B0CA-119994AADCF6}) (Version: 3.0.695.0 - ESET, spol s r. o.)
Etron USB3.0 Host Controller (HKLM-x32\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.115 - Etron Technology)
Etron USB3.0 Host Controller (x32 Version: 0.115 - Etron Technology) Hidden
Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden
FOSCAM Client (HKLM-x32\...\{9F9CDA0B-2291-4061-85C4-441A75BE6713}) (Version: 1.4.13 - FOSCAM)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
Google Earth (HKLM-x32\...\{7A25D130-4EC8-11E1-BEA4-B8AC6F97B88E}) (Version: 6.2.1.6014 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM-x32\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)
HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B (HKLM\...\{B61ED343-0B14-4241-999C-490CB1A20DA4}) (Version: 13.0 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.6.0 - LIGHTNING UK!)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.5.235 - Intel Corporation)
IPCWebComponents 3.0.0.1 (HKLM-x32\...\{4740E1B2-51CF-4083-8976-D6B3B5A5064F}_is1) (Version: 3.0.0.1 - )
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{14297226-E0A0-3781-8911-E9D529552663}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{CA8A885F-E95B-3FC6-BB91-F4D9377C7686}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
mIRC (HKLM-x32\...\mIRC) (Version: 6.2 - mIRC Co. Ltd.)
Mozilla Firefox 43.0.4 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.4 (x86 en-US)) (Version: 43.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.4.5848 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network64 (Version: 130.0.572.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
NHIICC (HKLM-x32\...\{809F5AFC-0428-4C1A-8142-6FD9D245713E}) (Version: 1.0.0 - Default Company Name)
NVIDIA 3D Vision Controller Driver 310.90 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 310.90 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 331.65 - NVIDIA Corporation)
NVIDIA Graphics Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Update 1.15.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.15.2 - NVIDIA Corporation)
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
Octoshape add-in for Adobe Flash Player (HKU\S-1-5-21-1881341424-2202409537-1386783955-1000\...\Octoshape add-in for Adobe Flash Player) (Version:  - )
ON_OFF Charge B11.1102.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.9 - )
Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
proXPN 2.7.2 (HKLM-x32\...\proXPN) (Version: 2.7.2 - )
PS3 Media Server (HKLM-x32\...\PS3 Media Server) (Version: 1.90.1 - PS3 Media Server)
QuickPar 0.9 (HKLM-x32\...\QuickPar) (Version: 0.9 - Peter B. Clements)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6449 - Realtek Semiconductor Corp.)
SABnzbd 0.7.20 (HKLM-x32\...\SABnzbd) (Version: 0.7.20 - The SABnzbd Team)
Sandboxie 3.74 (64-bit) (HKLM\...\Sandboxie) (Version: 3.74 - SANDBOXIE L.T.D)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Skype™ 7.9 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.9.103 - Skype Technologies S.A.)
Sniper Elite V2 (HKLM-x32\...\Sniper Elite V2_is1) (Version:  - )
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
The KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version:  - )
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
UltraMon (HKLM\...\{B49673F8-7AB6-4A14-8213-C8A7BE370010}) (Version: 3.0.10 - Realtime Soft Ltd)
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VoipBuster (HKLM-x32\...\VoipBuster_is1) (Version: 4.08 build 645 - Finarea S.A. Switzerland)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
WinRAR 4.10 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.10.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1881341424-2202409537-1386783955-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Dave\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay => No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0DF927C5-273B-43B6-B2B3-C69FEC9DE9D4} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
Task: {37E6BF26-8B49-4501-819B-48A68C5F81C2} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {4EF8655E-BE5A-41F9-A8C9-8782083AA169} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {5FE2D8F3-6982-4159-B185-28C36C261A81} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {72267DAD-CFF8-4E80-8F4D-4E5396F0DDF5} - System32\Tasks\proXPN => C:\Program Files (x86)\proXPN\bin\proxpn.exe [2014-07-08] (proXPN.com)
Task: {7BC90182-F61E-40F2-A6B7-113AD1A0ADB9} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe
Task: {921E9495-144C-433D-90BA-A12C022D0247} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {B36A75E5-8561-440C-AD6C-0AAEB1A5CD68} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-06] (Adobe Systems Incorporated)
Task: {C2C15A47-3869-46B6-ACED-CCA6206C5293} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc
Task: {FAF04342-F70A-4046-BC96-B06D05266A2B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-12-19] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2012-02-19 23:38 - 2013-10-23 00:20 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-02-28 03:31 - 2012-08-09 02:55 - 00078480 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2013-02-28 03:31 - 2012-08-09 02:55 - 00386192 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2012-02-03 11:28 - 2015-07-23 14:35 - 00104960 _____ () C:\Program Files (x86)\SABnzbd\SABnzbd.exe
2014-10-17 12:45 - 2014-10-17 12:45 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\79afd14904e9f121387acc268cde0c84\IsdiInterop.ni.dll
2013-02-28 03:16 - 2012-02-01 00:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2013-02-28 03:09 - 2012-06-24 18:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2010-01-31 07:11 - 2015-07-23 14:35 - 00053248 _____ () C:\Program Files (x86)\SABnzbd\lib\_socket.pyd
2010-01-31 07:11 - 2015-07-23 14:35 - 00671744 _____ () C:\Program Files (x86)\SABnzbd\lib\_ssl.pyd
2010-01-31 07:11 - 2015-07-23 14:35 - 00294912 _____ () C:\Program Files (x86)\SABnzbd\lib\_hashlib.pyd
2010-01-31 06:56 - 2015-07-23 14:35 - 00102400 _____ () C:\Program Files (x86)\SABnzbd\lib\win32api.pyd
2010-01-31 07:14 - 2015-07-23 14:35 - 00118784 _____ () C:\Program Files (x86)\SABnzbd\lib\pywintypes25.dll
2010-01-31 06:54 - 2015-07-23 14:35 - 00013824 _____ () C:\Program Files (x86)\SABnzbd\lib\win32event.pyd
2010-01-31 06:56 - 2015-07-23 14:35 - 00036864 _____ () C:\Program Files (x86)\SABnzbd\lib\win32service.pyd
2010-11-01 08:52 - 2015-07-23 14:35 - 00057344 _____ () C:\Program Files (x86)\SABnzbd\lib\OpenSSL.crypto.pyd
2010-11-01 08:52 - 2015-07-23 14:35 - 00007168 _____ () C:\Program Files (x86)\SABnzbd\lib\OpenSSL.rand.pyd
2010-11-01 08:52 - 2015-07-23 14:35 - 00037888 _____ () C:\Program Files (x86)\SABnzbd\lib\OpenSSL.SSL.pyd
2010-01-31 07:11 - 2015-07-23 14:35 - 00086016 _____ () C:\Program Files (x86)\SABnzbd\lib\_ctypes.pyd
2010-01-31 07:11 - 2015-07-23 14:35 - 00049152 _____ () C:\Program Files (x86)\SABnzbd\lib\_sqlite3.pyd
2010-10-07 18:37 - 2015-07-23 14:35 - 00546205 _____ () C:\Program Files (x86)\SABnzbd\lib\sqlite3.dll
2010-01-31 07:11 - 2015-07-23 14:35 - 00008192 _____ () C:\Program Files (x86)\SABnzbd\lib\select.pyd
2006-08-12 07:47 - 2015-07-23 14:35 - 00009728 _____ () C:\Program Files (x86)\SABnzbd\lib\_yenc.pyd
2009-03-03 09:21 - 2015-07-23 14:35 - 00012288 _____ () C:\Program Files (x86)\SABnzbd\lib\Cheetah._namemapper.pyd
2010-01-31 07:11 - 2015-07-23 14:35 - 00135168 _____ () C:\Program Files (x86)\SABnzbd\lib\pyexpat.pyd
2010-01-31 06:54 - 2015-07-23 14:35 - 00040960 _____ () C:\Program Files (x86)\SABnzbd\lib\win32process.pyd
2010-01-31 06:54 - 2015-07-23 14:35 - 00110592 _____ () C:\Program Files (x86)\SABnzbd\lib\win32file.pyd
2010-01-31 06:54 - 2015-07-23 14:35 - 00014848 _____ () C:\Program Files (x86)\SABnzbd\lib\win32evtlog.pyd
2010-01-31 06:56 - 2015-07-23 14:35 - 00024576 _____ () C:\Program Files (x86)\SABnzbd\lib\servicemanager.pyd
2010-01-31 06:54 - 2015-07-23 14:35 - 00019968 _____ () C:\Program Files (x86)\SABnzbd\lib\win32pipe.pyd
2013-04-15 16:48 - 2015-07-23 14:35 - 00155648 _____ () C:\Program Files (x86)\SABnzbd\lib\win32gui.pyd
2013-04-15 16:48 - 2015-07-23 14:35 - 00176128 _____ () C:\Program Files (x86)\SABnzbd\lib\winxpgui.pyd
2009-08-04 18:45 - 2009-08-04 18:45 - 00106312 _____ () C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLCTL.DLL
2015-12-29 05:45 - 2016-01-06 14:05 - 17882304 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll
2015-12-16 15:56 - 2015-12-10 19:54 - 01583432 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libglesv2.dll
2015-12-16 15:56 - 2015-12-10 19:54 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1881341424-2202409537-1386783955-1000\...\nhi.gov.tw -> hxxps://nhi.gov.tw

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 18:34 - 2015-06-04 17:24 - 00001059 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1    activation.cloud.techsmith.com
127.0.0.1    oscount.techsmith.com
127.0.0.1    updater.techsmith.com
127.0.0.1    camtasiatudi.techsmith.com
127.0.0.1    tsccloud.cloudapp.net
127.0.0.1    assets.cloud.techsmith.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1881341424-2202409537-1386783955-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^Dave^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^palmOne Registration.lnk => C:\Windows\pss\palmOne Registration.lnk.Startup
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: SandboxieControl => "C:\Program Files\Sandboxie\SbieCtrl.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{5A2E3CFD-E8AC-439F-9D45-485D9B95D6EE}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{B0112833-7C64-4373-BDEA-2A6BC4E85A81}C:\program files (x86)\mircnew\mirc.exe] => (Allow) C:\program files (x86)\mircnew\mirc.exe
FirewallRules: [uDP Query User{32759E79-F620-4A9A-A9C1-7CAE66FBF879}C:\program files (x86)\mircnew\mirc.exe] => (Allow) C:\program files (x86)\mircnew\mirc.exe
FirewallRules: [TCP Query User{DD023D5D-6992-4A48-8A25-58869BDFA70E}C:\program files (x86)\mircnew\mirc.exe] => (Block) C:\program files (x86)\mircnew\mirc.exe
FirewallRules: [uDP Query User{6E2A3F3F-38E3-4D8D-9E2D-1AF8AEA4100F}C:\program files (x86)\mircnew\mirc.exe] => (Block) C:\program files (x86)\mircnew\mirc.exe
FirewallRules: [TCP Query User{FC6CEAF4-43D3-4B1E-8F7C-F654A304C75E}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [uDP Query User{B79B5002-73F5-4954-96D1-E4F44FFD21F1}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{630C4EBE-8B74-40B2-B97D-D820BCE4F635}C:\program files (x86)\voipbuster.com\voipbuster\voipbuster.exe] => (Allow) C:\program files (x86)\voipbuster.com\voipbuster\voipbuster.exe
FirewallRules: [uDP Query User{C28573A8-5C87-4041-AEC7-39F4F19129D7}C:\program files (x86)\voipbuster.com\voipbuster\voipbuster.exe] => (Allow) C:\program files (x86)\voipbuster.com\voipbuster\voipbuster.exe
FirewallRules: [TCP Query User{E090CF7F-14C1-4E77-8C9F-0E27A0705F5F}C:\program files (x86)\voipbuster.com\voipbuster\voipbuster.exe] => (Block) C:\program files (x86)\voipbuster.com\voipbuster\voipbuster.exe
FirewallRules: [uDP Query User{CB962F96-B025-45D2-A0AC-69CC747C609F}C:\program files (x86)\voipbuster.com\voipbuster\voipbuster.exe] => (Block) C:\program files (x86)\voipbuster.com\voipbuster\voipbuster.exe
FirewallRules: [{0A80898A-B1B9-4D69-9AB8-152ED190C4C1}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{D9324DF2-C624-4163-8C1C-4984D664E185}] => (Allow) LPort=2869
FirewallRules: [{3FA279EA-1C91-49E5-A915-00A5383B043D}] => (Allow) LPort=1900
FirewallRules: [{A68CE192-BF88-4852-A4D5-531BAB0D11E2}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [TCP Query User{2281B00A-4AB5-4A91-AA1F-865B137F94DE}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [uDP Query User{D77FFDB1-05F9-449C-8D13-67319F972568}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{4995E6B6-15B7-4C1F-97B6-A5EB962AB35E}C:\windows\syswow64\java.exe] => (Allow) C:\windows\syswow64\java.exe
FirewallRules: [uDP Query User{1E3BFF14-687E-40AF-8603-805254F59451}C:\windows\syswow64\java.exe] => (Allow) C:\windows\syswow64\java.exe
FirewallRules: [{84ED16FE-2BA9-4094-9B22-9E54742A7F30}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{5B67A8B7-01CB-49C2-903C-8505F8499ECB}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{93CC7500-6CCC-4358-82F0-5BE2EA6D1970}C:\users\dave\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe] => (Allow) C:\users\dave\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe
FirewallRules: [uDP Query User{B088316B-607E-4F08-9C6C-163F8B87C818}C:\users\dave\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe] => (Allow) C:\users\dave\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe
FirewallRules: [{ED69DB3D-9B97-4888-9FCE-37BA10E662C9}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{A52524B4-451F-4A5D-ACB1-A6DBFF6106C1}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [TCP Query User{00D0CB61-8003-4FEA-BE17-B7D512C88A00}C:\program files (x86)\mirc2014\mirc.exe] => (Allow) C:\program files (x86)\mirc2014\mirc.exe
FirewallRules: [uDP Query User{7C13E177-E023-46D7-9216-F53B7E2B04D8}C:\program files (x86)\mirc2014\mirc.exe] => (Allow) C:\program files (x86)\mirc2014\mirc.exe
FirewallRules: [{56BAC15E-1AA4-42DE-8C91-4CF381530915}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\FaxApplications.exe
FirewallRules: [{2033DEDA-CA2E-4FB0-AEB4-66A696291417}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\DigitalWizards.exe
FirewallRules: [{F83EE9A3-C289-4568-9232-6EC5E292DC22}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\SendAFax.exe
FirewallRules: [{3299ED68-0FA1-45B8-BBBF-C4EB4D296717}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe
FirewallRules: [{BF386769-6D21-4B85-AD03-FEC31AA58FBF}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
FirewallRules: [{F42AB528-95E9-427F-8B5F-F7A3EFB4CFC6}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [TCP Query User{0D50B044-0D96-4C91-85BD-D365AF1A293A}C:\program files (x86)\mirc2014\mirc.exe] => (Allow) C:\program files (x86)\mirc2014\mirc.exe
FirewallRules: [uDP Query User{BB7C3CD2-98FE-4C7C-A63A-7AAABE3AABD1}C:\program files (x86)\mirc2014\mirc.exe] => (Allow) C:\program files (x86)\mirc2014\mirc.exe
FirewallRules: [TCP Query User{BFC71AD8-2F5B-4D60-AF50-674C98FB5008}C:\program files (x86)\ps3 media server\jre64\bin\javaw.exe] => (Allow) C:\program files (x86)\ps3 media server\jre64\bin\javaw.exe
FirewallRules: [uDP Query User{0305CEF5-9480-4366-9F09-4FBF9550E8E9}C:\program files (x86)\ps3 media server\jre64\bin\javaw.exe] => (Allow) C:\program files (x86)\ps3 media server\jre64\bin\javaw.exe
FirewallRules: [TCP Query User{3945A5F5-1615-4E31-B3C2-911768A1AD09}C:\program files (x86)\foscam\foscam client\fsipcam.exe] => (Allow) C:\program files (x86)\foscam\foscam client\fsipcam.exe
FirewallRules: [uDP Query User{EB283102-D3DE-44A1-B307-665E4ED503A0}C:\program files (x86)\foscam\foscam client\fsipcam.exe] => (Allow) C:\program files (x86)\foscam\foscam client\fsipcam.exe
FirewallRules: [TCP Query User{F3F9E581-0C56-45D0-B2DA-C36977FCF21E}C:\program files (x86)\foscam\foscam client\hi3507exe.exe] => (Allow) C:\program files (x86)\foscam\foscam client\hi3507exe.exe
FirewallRules: [uDP Query User{226314F4-A7E1-463B-B7E0-270ED5BF7B9E}C:\program files (x86)\foscam\foscam client\hi3507exe.exe] => (Allow) C:\program files (x86)\foscam\foscam client\hi3507exe.exe
FirewallRules: [TCP Query User{D598D842-71E3-45C4-9C55-6EC8C67C04C2}D:\03_ip camera search tool\for windows os\ipcamera.exe] => (Allow) D:\03_ip camera search tool\for windows os\ipcamera.exe
FirewallRules: [uDP Query User{82FC3952-54C4-4732-9FA3-DE0E3ED3A49D}D:\03_ip camera search tool\for windows os\ipcamera.exe] => (Allow) D:\03_ip camera search tool\for windows os\ipcamera.exe
FirewallRules: [TCP Query User{0946A7F1-4564-408B-8CCD-A95B897456BD}C:\windows\explorer.exe] => (Allow) C:\windows\explorer.exe
FirewallRules: [uDP Query User{81541580-715A-49CE-AF06-4A91A38E312E}C:\windows\explorer.exe] => (Allow) C:\windows\explorer.exe
FirewallRules: [{B891E8D7-9254-4DAA-A1A3-06E75E1813B6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9554DBC4-B057-490D-A5E1-90E086C77144}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{3910A809-D9F1-474B-9292-AC1F67D41596}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [uDP Query User{1453C4BC-E840-4DFF-B926-A5DB4E09A1A7}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{2E6AAA51-C244-447A-9A8C-9BDBBB4497E8}] => (Allow) LPort=8317
FirewallRules: [{8DAF56F4-A10B-449C-A559-706855935580}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{ED68B039-D19C-41CF-BB25-604897488CA3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{135BCD05-F931-4227-9D1D-FF88A4DDC53F}C:\program files (x86)\mirc2014-v62\uninstall.exe _=c\program files (x86)\mirc2014\mirc.exe] => (Block) C:\program files (x86)\mirc2014-v62\uninstall.exe _=c\program files (x86)\mirc2014\mirc.exe
FirewallRules: [uDP Query User{93931979-4970-4BBA-A40D-543831D4CE05}C:\program files (x86)\mirc2014-v62\uninstall.exe _=c\program files (x86)\mirc2014\mirc.exe] => (Block) C:\program files (x86)\mirc2014-v62\uninstall.exe _=c\program files (x86)\mirc2014\mirc.exe
FirewallRules: [{2F6C2C9D-3087-41BB-AFC4-1C0669ECF79D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

10-01-2016 12:13:42 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/12/2016 06:14:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: RTSUltraMonHook.dll_unloaded, version: 0.0.0.0, time stamp: 0x4b775b3b
Exception code: 0xc0000005
Fault offset: 0x00000000747789d8
Faulting process id: 0xbac
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (01/12/2016 04:29:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 43.0.4.5848, time stamp: 0x568c88bd
Faulting module name: mozglue.dll, version: 43.0.4.5848, time stamp: 0x568c7b16
Exception code: 0x80000003
Fault offset: 0x0000ed44
Faulting process id: 0x1910
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (01/11/2016 09:57:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 43.0.4.5848, time stamp: 0x568c88bd
Faulting module name: mozglue.dll, version: 43.0.4.5848, time stamp: 0x568c7b16
Exception code: 0x80000003
Fault offset: 0x0000ed44
Faulting process id: 0x20bc
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (01/10/2016 12:09:13 PM) (Source: MsiInstaller) (EventID: 11730) (User: Dave-PC)
Description: Product: Amazon 1Button App -- Error 1730. You must be an Administrator to remove this application. To remove this application, you can log on as an Administrator, or contact your technical support group for assistance.

Error: (01/10/2016 12:09:01 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: Dave-PC)
Description: Application or service 'Internet Explorer' could not be shut down.

Error: (01/10/2016 12:08:10 PM) (Source: MsiInstaller) (EventID: 11730) (User: Dave-PC)
Description: Product: Amazon 1Button App -- Error 1730. You must be an Administrator to remove this application. To remove this application, you can log on as an Administrator, or contact your technical support group for assistance.

Error: (01/10/2016 12:37:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 43.0.4.5848, time stamp: 0x568c88bd
Faulting module name: mozglue.dll, version: 43.0.4.5848, time stamp: 0x568c7b16
Exception code: 0x80000003
Fault offset: 0x0000ed44
Faulting process id: 0xff0
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (01/07/2016 10:07:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 43.0.4.5848, time stamp: 0x568c88bd
Faulting module name: mozglue.dll, version: 43.0.4.5848, time stamp: 0x568c7b16
Exception code: 0x80000003
Fault offset: 0x0000ed44
Faulting process id: 0x6c8
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (01/07/2016 06:55:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 43.0.3.5835, time stamp: 0x567b4c13
Faulting module name: mozglue.dll, version: 43.0.3.5835, time stamp: 0x567b3f6a
Exception code: 0x80000003
Fault offset: 0x0000ed56
Faulting process id: 0x2f24
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (01/05/2016 05:13:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 43.0.3.5835, time stamp: 0x567b4c13
Faulting module name: mozglue.dll, version: 43.0.3.5835, time stamp: 0x567b3f6a
Exception code: 0x80000003
Fault offset: 0x0000ed56
Faulting process id: 0x2868
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3


System errors:
=============
Error: (01/12/2016 06:15:19 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056

Error: (01/12/2016 06:14:49 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMScheduler service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/12/2016 06:14:49 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Management and Security Application User Notification Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/12/2016 06:14:49 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (01/12/2016 06:14:49 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Update Service Daemon service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/12/2016 06:14:49 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Rapid Storage Technology service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/12/2016 06:14:49 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Modules Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (01/12/2016 06:14:49 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (01/12/2016 06:14:49 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Live ID Sign-in Assistant service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (01/12/2016 06:14:49 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The VIA Karaoke digital mixer Service service terminated unexpectedly.  It has done this 1 time(s).


CodeIntegrity:
===================================
  Date: 2015-11-12 02:08:36.786
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\AV\ESET NOD32 Antivirus 3.0\upgrade.exe because the set of per-page image hashes could not be found on the system.

  Date: 2015-11-12 02:08:36.695
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\AV\ESET NOD32 Antivirus 3.0\upgrade.exe because the set of per-page image hashes could not be found on the system.

  Date: 2015-11-12 02:08:36.606
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\AV\ESET NOD32 Antivirus 3.0\upgrade.exe because the set of per-page image hashes could not be found on the system.

  Date: 2015-11-12 02:08:36.517
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\AV\ESET NOD32 Antivirus 3.0\upgrade.exe because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core i5-3570 CPU @ 3.40GHz
Percentage of memory in use: 45%
Total physical RAM: 8150.18 MB
Available physical RAM: 4429.41 MB
Total Virtual: 16298.56 MB
Available Virtual: 10996.49 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.69 GB) (Free:37.13 GB) NTFS
Drive g: () (Fixed) (Total:19.53 GB) (Free:0.28 GB) NTFS
Drive h: () (Fixed) (Total:278.55 GB) (Free:11.06 GB) NTFS
Drive l: () (Fixed) (Total:1862.89 GB) (Free:53.22 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: CC5B8167)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 226E226D)
Partition 1: (Active) - (Size=19.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=278.5 GB) - (Type=OF Extended)

==================== End of Addition.txt ============================

Link to post
Share on other sites

Thanks for those logs. Unfortunately there is evidence of a hack installed and active to byepass activation of software that is installed, that action is a direct breach of forum protocol reagrding Piracy. We cannot offer any further help. Your thread will be locked and closed by a moderator...

 

Thank you,

 

Kevin...

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.